News:

Masm32 SDK description, downloads and other helpful links
Message to All Guests

Main Menu

Hook with SetWindowsHookEx

Started by Fraile, April 09, 2014, 06:53:31 AM

Previous topic - Next topic

Fraile

Error with "SetWindowsHookEx, WH_CALLWNDPROCRET" in windows 2008 server 64 Bits.

I have programed a hook, for intercept the message WM_PAINT. The code is:

Invoke SetWindowsHookEx, WH_CALLWNDPROCRET, Addr ControlGancho, hInstance, 0

Mov HwdGancho, Eax

...

ControlGancho Proc nCode:Word, wParam:WPARAM, lParam:LPARAM

    Cmp nCode, 0
    Jl @F              ;

    .If nCode == HC_ACTION

        .If wParam == 0


                Mov Edx, lParam
               
                assume edx:Ptr CWPRETSTRUCT

                .If [edx].message  == WM_PAINT
                   invoke EscribirVisorSucesos, offset VisorPasa1
                   
                                  
                .EndIf
               
                assume edx:Nothing
               


        .EndIf

    .EndIf


    @@:


    Invoke CallNextHookEx, HwdGancho, nCode, wParam, lParam

   Ret
ControlGancho EndP

This code is ok, when it's run in Windows 7 or Windows XP, but in Windows 2008 server 64 bits, it isn't run. It isn't see the  message  WM_PAINT.

Anyone know why?

Thank you

qWord

Some more details might be helpful. Remarks that you can't hook across 32/64 bit boundary.
MREAL macros - when you need floating point arithmetic while assembling!

Fraile

This code, write in the event viewer, when intercepting WM_PAINT.

This code is ok, when it's run in Windows 7 or Windows XP, but in Windows 2008 server 64 bits, it isn't run. It isn't see the  message  WM_PAINT.




qWord

If the target application is a 64 process, your application must also be 64 bit (and the DLL). See msdn.
MREAL macros - when you need floating point arithmetic while assembling!

Fraile

Hi qWord,

Ok, then my library, would have to compile in 64 Bits?

I've never compiled in 64 bits, would have to change to code?
As I can compile with Masm in 64 Bits?

Thank you

qWord

Quote from: AsmAlmeria12 on April 09, 2014, 08:40:23 AMI've never compiled in 64 bits, would have to change to code?
Yes, of course you need to change the code. Using jWasm + WinInc the changes would be minimal, at least for the source you supplied.

However, did you verified that the problem is the 32/64 boundary? Did you try it with higher rights ("run as Admin")?
MREAL macros - when you need floating point arithmetic while assembling!

Fraile

If I  run it as administrator and it does not work.

You might help with the move to 64 bits? Is only the example I sent.

Thank you

qWord

Quote from: AsmAlmeria12 on April 09, 2014, 09:12:45 AMYou might help with the move to 64 bits?
maybe - show us the code and lets see.
MREAL macros - when you need floating point arithmetic while assembling!

Fraile

The source to the library is "Iniciohook.asm". The attachment.

qWord

There are some problems in the procedure EscribirVisorSucesos:
- EBX is destroyed
- "Tamano" does not respect the termination zero
- wrong byte count for RtlMoveMemory (TotalBytesEvent)
- the last parameter of ReportEvent does not point to the data
Also, it might be better to place De/RegisterEventSource in DllEntryPoint().

For the case that this is not the problem, I've upload a translation in the attachment (not tested). For linking polink.exe is used, which is also include in the MASM32 SDK. To get it run you need a 64 bit program that does load the DLL and set the hook - that is your part.

qWord
MREAL macros - when you need floating point arithmetic while assembling!

Fraile

Hi qWord,

Thank you very much, by your answer. I'm testing.

The library set the hook for all system proccess.
Do I have to have two library? One for process in 32 bits and other for process in 64 bits?

Fraile

Hi qWord,

Manual to learn assembly, in 64bits?

Thank you


Gunther

Hi AsmAlmeria12,

Quote from: AsmAlmeria12 on April 10, 2014, 03:28:44 AM
Manual to learn assembly, in 64bits?

there's not so much. Try that link as a starting point.

Gunther
You have to know the facts before you can distort them.

Fraile

Hi all

I'm doing a program for control pc remote. I have a library that run hook for control the changed the screen. I control the mouse and keyboard. I'm using two type of the hook:

"Invoke SetWindowsHookEx, WH_CALLWNDPROCRET, Addr ControlGancho, hInstance, 0"

"Invoke SetWindowsHookEx, WH_MOUSE, Addr ControlGanchoRaton, hInstance, 0"

The first hook "WH_CALLWNDPROCRET", controls the message "WM_PAINT". This message appears when you open windows, refresh...

This library sent a message to the application when detect a changed, the application captures the screen and sends for socket.

This works fine, but some object such as videos do not activate "WM_PAINT"

Anyone know another way to do this?

Thank you very much