PDA

Click to See Complete Forum and Search --> : DLL Injection and hooks

teleplayr
January 16th, 2003, 04:53 PM
Hello all. I have a dll which gets injected into a process and subclasses it's window procedure. Great! Now, I'm trying to make the same thing work for any windows with a caption in the system.

g_hHook = SetWindowsHookEx(WH_GETMESSAGE, GetMsgProc, g_hInst, 0);

In DLL Main, I'm doing a beep to make sure that the dll gets attached to new processes:

case DLL_PROCESS_ATTACH:
MessageBeep(0);
break;

For most windows, this works fine. I can open up a dozen Notepads, Calculators, otehr programs I wrote, and they all ding.

For some programs, Explorer, MS Developer Studio, IE, Help windows, there's no ding.

Any suggestions on why the dll gets attached to some processes and not others?

Thanks,

-Joe
teleplayr
January 17th, 2003, 12:20 PM
An interesting aside to this one.

I managed to get most windows to be subclassed by my injection dll. It's neat, the DLL finds the top level window associated with the PID it's been attached to.

On certain windows, like an Exporer window, or IE, when the window gets subclassed, it's caption bar text gets filled with garbage. Even when my window proc looks like this:

LRESULT APIENTRY NewWndProc(HWND hWnd, UINT uMsg, WPARAM wParam, LPARAM lParam)
{
return CallWindowProc(g_OriginalWndProc, hWnd, uMsg, wParam, lParam);
}

If I subclass the window to this procedure, it hoses the caption bar's text completely with random garbage characters. If I comment out the SetWindowLong line that subclasses the window, it causes no problems.

Any theories?

-Joe
galathaea
January 19th, 2003, 05:28 PM
It's dinging now? Maybe its a Unicode / ANSI mismatch that's doing the garbling of the text. That's pretty common for subclassing different apps windows and replacing text. I would suggest check each window to see if they are Unicode or ANSI and calling one of two separate routines to subclass from. If that doesn't work, I think we will need to have more information about the particular subclassing routines that fill the text.
teleplayr
January 20th, 2003, 07:24 AM
Yes, I am definately capturing the window, *ding*, but I'm not doing anything with the text in the title bar.

In fact, I'm not doing anything at all. If you look back a reply, you'll see that my entire subclass window procedure consists of a return of CallWindowProc();

LRESULT APIENTRY NewWndProc(HWND hWnd, UINT uMsg, WPARAM wParam, LPARAM lParam)
{
return CallWindowProc(g_OriginalWndProc, hWnd, uMsg, wParam, lParam);
}


So why is the act of subclassing garbling the window caption? All other functions of the window remain normal. I have checked to make sure SetWIndowLong succeeded and that g_OriginalWndProc is not NULL.

-Joe