Error with "SetWindowsHookEx, WH_CALLWNDPROCRET" in windows 2008 server 64 Bits.
I have programed a hook, for intercept the message WM_PAINT. The code is:
Invoke SetWindowsHookEx, WH_CALLWNDPROCRET, Addr ControlGancho, hInstance, 0
Mov HwdGancho, Eax
...
ControlGancho Proc nCode:Word, wParam:WPARAM, lParam:LPARAM
Cmp nCode, 0
Jl @F ;
.If nCode == HC_ACTION
.If wParam == 0
Mov Edx, lParam
assume edx:Ptr CWPRETSTRUCT
.If [edx].message == WM_PAINT
invoke EscribirVisorSucesos, offset VisorPasa1
.EndIf
assume edx:Nothing
.EndIf
.EndIf
@@:
Invoke CallNextHookEx, HwdGancho, nCode, wParam, lParam
Ret
ControlGancho EndP
This code is ok, when it's run in Windows 7 or Windows XP, but in Windows 2008 server 64 bits, it isn't run. It isn't see the message WM_PAINT.
Anyone know why?
Thank you
Some more details might be helpful. Remarks that you can't hook across 32/64 bit boundary.
This code, write in the event viewer, when intercepting WM_PAINT.
This code is ok, when it's run in Windows 7 or Windows XP, but in Windows 2008 server 64 bits, it isn't run. It isn't see the message WM_PAINT.
If the target application is a 64 process, your application must also be 64 bit (and the DLL). See msdn (http://msdn.microsoft.com/en-us/library/windows/desktop/ms644990%28v=vs.85%29.aspx).
Hi qWord,
Ok, then my library, would have to compile in 64 Bits?
I've never compiled in 64 bits, would have to change to code?
As I can compile with Masm in 64 Bits?
Thank you
Quote from: AsmAlmeria12 on April 09, 2014, 08:40:23 AMI've never compiled in 64 bits, would have to change to code?
Yes, of course you need to change the code. Using jWasm (http://www.japheth.de/JWasm.html) + WinInc (http://www.japheth.de/WinInc.html) the changes would be minimal, at least for the source you supplied.
However, did you verified that the problem is the 32/64 boundary? Did you try it with higher rights ("run as Admin")?
If I run it as administrator and it does not work.
You might help with the move to 64 bits? Is only the example I sent.
Thank you
Quote from: AsmAlmeria12 on April 09, 2014, 09:12:45 AMYou might help with the move to 64 bits?
maybe - show us the code and lets see.
The source to the library is "Iniciohook.asm". The attachment.
There are some problems in the procedure EscribirVisorSucesos:
- EBX is destroyed
- "Tamano" does not respect the termination zero
- wrong byte count for RtlMoveMemory (TotalBytesEvent)
- the last parameter of ReportEvent does not point to the data
Also, it might be better to place De/RegisterEventSource in DllEntryPoint().
For the case that this is not the problem, I've upload a translation in the attachment (not tested). For linking polink.exe is used, which is also include in the MASM32 SDK. To get it run you need a 64 bit program that does load the DLL and set the hook - that is your part.
qWord
Hi qWord,
Thank you very much, by your answer. I'm testing.
The library set the hook for all system proccess.
Do I have to have two library? One for process in 32 bits and other for process in 64 bits?
Hi qWord,
Manual to learn assembly, in 64bits?
Thank you
Hi AsmAlmeria12,
Quote from: AsmAlmeria12 on April 10, 2014, 03:28:44 AM
Manual to learn assembly, in 64bits?
there's not so much. Try that link (http://masm32.com/board/index.php?topic=1892.0) as a starting point.
Gunther
Hi all
I'm doing a program for control pc remote. I have a library that run hook for control the changed the screen. I control the mouse and keyboard. I'm using two type of the hook:
"Invoke SetWindowsHookEx, WH_CALLWNDPROCRET, Addr ControlGancho, hInstance, 0"
"Invoke SetWindowsHookEx, WH_MOUSE, Addr ControlGanchoRaton, hInstance, 0"
The first hook "WH_CALLWNDPROCRET", controls the message "WM_PAINT". This message appears when you open windows, refresh...
This library sent a message to the application when detect a changed, the application captures the screen and sends for socket.
This works fine, but some object such as videos do not activate "WM_PAINT"
Anyone know another way to do this?
Thank you very much