Home>

The last question "I want to do a global hook using DLL (C ++) from C #"
https://www.tutorialfor.com/go.php?id=142061
To hook global hooks from each 32/64Bit EXE to the corresponding 32/64Bit process
I was able to do it.

The HP found during the above investigation process
mono's development blog
How to make an application using a 64-bit hook
https://blog.mono0x.net/blog/2009/09/13/64bit-hook/

It was written in the comment field of


"32-bit processes can hook 64-bit processes.
In my case, I set a lower level keyboard hook with a 32-bit program,
The key operation of 64-bit version of cmd.exe is restricted.
Of course, the hook procedure is in the instance of your process.
I made a 64-bit version, but I can hook it in the same way.
A device is a message loop. Hook with the main thread, If i start a message loop in the same thread, the hook will work."

Even if searching on the web, how to match the number of bits of EXE and hook destination of the caller?
Compile the original EXE to AnyCPU, and match the bit number of the OS or hook destination application
There are two main types of hook control DLLs that load dynamically and do hooks
I couldn't find any specific code for the case of using message loops.

With a message loop, you don't have to create two types of EXEs and DLLs.
It seems that you can directly control a 64Bit application from a 32Bit process.
Does anyone know anyone?

Thank you.

Additional information
A global keyboard hook, but an article that does the same thing
I found the URL, etc.
https://stackoverflow.com/questions/15542783/global-keyhook-on-64-bit-windows

I just modified the code based on the above article, but it still doesn't work.
32BitExe hooks to 32BitDLL =>32Bit process, but release does not work.
The hook situation does not work from 32BitExe to 32BitDLL =>64Bit process.
I would like to continue to investigate.

Additional remarks
Some code was changed.
Due to the change, "UnCloseHook32_MsgLoop" can be called by calling "CloseHook32_MsgLoop".
Cannot be released because "UnhookWindowsHookEx (hHwnd)" returns an error.

// Shared area (The data in the shared area cannot be secured well unless it is initialized)
#pragma data_seg ("share")
HHOOK hHookWnd = NULL;
HINSTANCE hdll = NULL;
HWND hTarget = NULL;
volatile static bool runHooked = false;
#pragma data_seg ()
// Incorporate hook
int CALLBACK CloseHook32_MsgLoop (HWND HandleofTarget)
{
    if (hdll == NULL) return 99;
    hTarget = HandleofTarget;
    HHOOK hHwnd = SetWindowsHookEx (WH_CBT, (HOOKPROC) CallWndProc, hdll, 0);
    if (hHwnd == NULL)
    {
        return 100;
    }
    MSG msg;
    runHooked = true;
    // Loop
    while (runHooked)
    {
        if (PeekMessage (&msg, nullptr, 0, 0, PM_NOREMOVE))
        {
            if (GetMessage (&msg, NULL, 0, 0)>0)
            {// Get the message confirmed by PeekMessage with GetMessage.
                TranslateMessage (&msg);
                DispatchMessage (&msg);
                Sleep (10);
            }
            else
            {
                break;
            }
        }
    }
   int ans = UnhookWindowsHookEx (hHwnd);
    hHwnd = NULL;
    if (ans == 0)
    {
        return ans;
    }
    else
    {
        return ans;
    }
}

void CALLBACK UnCloseHook32_MsgLoop (void)
{
    runHooked = false;
}
  • Answer # 1

    I'm sorry for the detailed explanation of hmmm's answer.

    Some global hooks require a DLL and some do not. And any global hook that doesn't require a DLL must have a message loop. One of them is SetWinEventHook presented by hmmm. The following quote in the original comment

      

    A device is a message loop. Hook with main thread,
      If you start a message loop in the same thread, the hook will work.

    is clearly described in the Microsoft document, and if it is said that it is a contrivance that it is described in the document, it makes you feel subtle.

    At present, there are only two global hooks other than SetWinEventHook that do not require a DLL: a low-level keyboard hook (WH_KEYBOARD_LL) and a low-level mouse hook (WH_MOUSE_LL). All other global hooks, including CBT hooks used in the presented code, require a DLL. Therefore, it is necessary to create 32 bits and 64 bits separately.

    Furthermore, DLL injection is required to subclass the windows of other processes that were posted in the previous post, so global hooks using DLLs are the correct means.

  • Answer # 2

    If the implementation method of SetWindowsHookEx hook is to load the DLL to the target process, it is impossible.

    SetWinEventHook can be used as an alternative to some functions of SetWindowsHookEx.
    When used with WINEVENT_OUTOFCONTEXT, 64-bit events can be monitored even from 32-bit processes.
    See below for details.
    WinEvent

  • Answer # 3


    I also remembered the blog post, but I think the conclusion is that .NET can only do low level hooks due to process constraints.
    If you want to set a global hook from C ++ code like the other day's question
    That is not the case.

Related articles