CodeGuru Home VC++ / MFC / C++ .NET / C# Visual Basic VB Forums Developer.com
Results 1 to 14 of 14
  1. #1
    Join Date
    Mar 2003
    Location
    Chongqing,China
    Posts
    71

    Angry How to start process without loading global hook?

    Hi, everyone,

    I had created a global hook by SetWindowsHookEx with WH_CALLWNDPROC. It is used to create a new toolbar button in specific window in the specific (3rd party) program (named HOOKEE.exe for example), and it works perfectly fine most of the time.
    Normally HOOKEE.exe is launched by double clicking the shortcut icon on desktop. But this program could be also launched in another way (provided by the provider of HOOKEE.exe), with this new way, HOOKEE.exe is by conhost.exe (on Windows 7), and then I could see (via ProcessMonitor) my hook is loaded by conhost.exe, but not the process HOOKEE.exe.
    In my understanding global hook would be loaded by whatever process, I have no idea on the exception, and what conhost.exe does to the HOOKEE.exe.

    Anyone has any idea?

    Thanks in advance
    Stone

  2. #2
    Join Date
    Nov 2000
    Location
    Voronezh, Russia
    Posts
    6,620

    Re: How to start process without loading global hook?

    Quote Originally Posted by stoneyrh View Post
    ...WH_CALLWNDPROC...

    In my understanding global hook would be loaded by whatever process
    Your understanding is correct, in case you talk about applications hosting message queue and creating windows.

    Anyone has any idea?
    About what?
    Best regards,
    Igor

  3. #3
    Join Date
    Mar 2003
    Location
    Chongqing,China
    Posts
    71

    Re: How to start process without loading global hook?

    Quote Originally Posted by Igor Vartanov View Post
    Your understanding is correct, in case you talk about applications hosting message queue and creating windows.

    About what?
    About why exactly the same HOOKEE.exe running in same box, but when launched by double clicking the shortcut icon, it loads the global hook, but when launched by some other (unknown to me) ways, it does not load the global hook.
    Stone

  4. #4
    Join Date
    Nov 2000
    Location
    Voronezh, Russia
    Posts
    6,620

    Re: How to start process without loading global hook?

    Global hook is set in scope of the same session, the same window station and the same desktop. Otherwise it is not loaded.
    Best regards,
    Igor

  5. #5
    Join Date
    Mar 2003
    Location
    Chongqing,China
    Posts
    71

    Re: How to start process without loading global hook?

    Quote Originally Posted by Igor Vartanov View Post
    Global hook is set in scope of the same session, the same window station and the same desktop. Otherwise it is not loaded.
    As I see in the Task Manager, the HOOKEE.exe is running with the same session ID as that the process installing the HOOK.
    For the station and desktop, how can I check them?
    Stone

  6. #6
    Join Date
    Nov 2003
    Location
    Portland, OR
    Posts
    894

    Re: How to start process without loading global hook?

    Security on hooks had really been "re-enforced" since Windows Vista, so most code examples you'd see online (since XP days) no longer work. It's hard to tell in your case (without seeing the code), but I'm assuming that you know the following:

    1. If you're setting the global WH_CALLWNDPROC hook, it must reside in its own DLL.

    2. The "bitness" of the DLL with your hook must match the "bitness" of the process being hooked. Or, in other words, if you're hooking 64-bit process, your DLL must be also compiled as 64-bit. (The same holds true for 32-bit processes.)

    3. I bet your Windows user account that you're double-clicking your hook.exe from is an administrator account that gives your hook a user token with administrative privileges by default, while running it from some other process (like, a console process, in the case of conhost.exe) gives your hook user token with less privileges. That might be your problem.

    Did you see what error you're getting if hooking fails?

  7. #7
    Join Date
    Mar 2003
    Location
    Chongqing,China
    Posts
    71

    Re: How to start process without loading global hook?

    Quote Originally Posted by dc_2000 View Post
    Security on hooks had really been "re-enforced" since Windows Vista, so most code examples you'd see online (since XP days) no longer work. It's hard to tell in your case (without seeing the code), but I'm assuming that you know the following:

    1. If you're setting the global WH_CALLWNDPROC hook, it must reside in its own DLL.

    2. The "bitness" of the DLL with your hook must match the "bitness" of the process being hooked. Or, in other words, if you're hooking 64-bit process, your DLL must be also compiled as 64-bit. (The same holds true for 32-bit processes.)

    3. I bet your Windows user account that you're double-clicking your hook.exe from is an administrator account that gives your hook a user token with administrative privileges by default, while running it from some other process (like, a console process, in the case of conhost.exe) gives your hook user token with less privileges. That might be your problem.

    Did you see what error you're getting if hooking fails?
    Sure, I understand both items 1 and 2, both my hook(DLL) and HOOKEE.exe are 32bit
    The problem happens in the same logon session, which means, I launch the HOOKEE.exe by double clicking the shortcut icon, it works, and exit the HOOKEE.exe. Then (without log off) I launch HOOKEE.exe with the other way(just clicking the other icon, and via conhost.exe, I don't know the detail...), HOOKEE.exe does NOT load the DLL, but as I could see in process monitor, conhost.exe DO load it.

    The privilege might be a problem, but I have no idea on how to start a program via conhost.exe, could not get any help on it.
    Stone

  8. #8
    Join Date
    Nov 2003
    Location
    Portland, OR
    Posts
    894

    Re: How to start process without loading global hook?

    So log the error codes that you get from the APIs that fail. That will clue you in to the cause of the issue.
    Last edited by dc_2000; April 22nd, 2014 at 01:50 AM.

  9. #9
    Join Date
    Mar 2003
    Location
    Chongqing,China
    Posts
    71

    Re: How to start process without loading global hook?

    Quote Originally Posted by dc_2000 View Post
    So log the errors codes that you get from the APIs that fail. That will clue you in to the cause of the issue.
    The problem is my hook (DLL) does NOT get loaded at all for that process, but I am sure calling to SetWindowsHookEx success, because the HOOKLOADER.exe is always running there, and if I launch the program just by double clicking the shortcut icon on desktop, everything works fine.
    Just in this way, I don't know why HOOKEE.exe doesn't load the hook, but conhost.exe (parent process of HOOKEE.exe) DOES so.
    Stone

  10. #10
    Join Date
    Nov 2000
    Location
    Voronezh, Russia
    Posts
    6,620

    Re: How to start process without loading global hook?

    Okay, let's start from the beginning. You say the hook is WH_CALLWNDPROC, which implies a Win32 GUI application only is going to be hooked with the type, according to MSDN:

    Quote Originally Posted by MSDN
    The system calls this function before calling the window procedure to process a message sent to the thread.
    Then you say your application appears to be hosted by conhost.exe, with what information I understand your app is a console app, and therefore it has no window procedure.

    Don't you see any contradiction here?
    Best regards,
    Igor

  11. #11
    Join Date
    Apr 2000
    Location
    Belgium (Europe)
    Posts
    4,626

    Re: How to start process without loading global hook?

    this behaviour is normal. conhost is the surrogation process used to load dll's in the context for explorer without affecting explorer (dll isolation).

    Since vista, you typically want to exclude conhost and explorer exe from your hook dll.
    if you really need your hook to be active in explorer, then you should create a shell extention instead for that purpose.

  12. #12
    Join Date
    Mar 2003
    Location
    Chongqing,China
    Posts
    71

    Re: How to start process without loading global hook?

    Quote Originally Posted by Igor Vartanov View Post
    Okay, let's start from the beginning. You say the hook is WH_CALLWNDPROC, which implies a Win32 GUI application only is going to be hooked with the type, according to MSDN:



    Then you say your application appears to be hosted by conhost.exe, with what information I understand your app is a console app, and therefore it has no window procedure.

    Don't you see any contradiction here?
    Oh, I am sorry, my bad.
    The HOOKEE.exe is actually a GUI application, normally it is running only by double clicking on the icon on the desktop, with this way, no conhost.exe is involved during the starting process.

    But in other way, provided by the provider of HOOKEE.exe, the use could launch it by clicking the item named "Change User" in Start Menu, with this way, a logon window will be displayed for accepting username and password (this is NOT in HOOKEE.exe). Then when the user click OK, the logon window disappears, and you can see the conhost.exe flash and disappear, and the reall HOOKEE.exe is launched.
    Via this way, the user can use the software (HOOKEE.exe) in a different Windows user withoug needing to log off and login again.
    Stone

  13. #13
    Join Date
    Nov 2000
    Location
    Voronezh, Russia
    Posts
    6,620

    Re: How to start process without loading global hook?

    Quote Originally Posted by stoneyrh View Post
    the use could launch it by clicking the item named "Change User" in Start Menu
    Change User creates a new logon session, isn't it?
    Best regards,
    Igor

  14. #14
    Join Date
    Mar 2003
    Location
    Chongqing,China
    Posts
    71

    Re: How to start process without loading global hook?

    Quote Originally Posted by Igor Vartanov View Post
    Change User creates a new logon session, isn't it?
    I thought it would create a new session, but as I checked in Task Manager, the newly created HOOKEE.exe process has the same session ID as that installing the HOOK. Can it say they are in same session?
    Stone

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  





Click Here to Expand Forum to Full Width

Featured