Comrades. Recently it was required to solve the problem with finding the ID of the process that put the hook on a specific function. For several days I have been racking my brains, searching on the Internet has given nothing. Perhaps, here someone has already solved a similar problem. I do not ask for a complete code, at least the direction where to go.
- What type of hook? - Zergatul
- @Zergatul global, in this case, I consider the hook at the keystrokes. - Oleg Lylok
- Perhaps ... calling CallMsgFilter will clarify the situation ... Just used recursion would not. If true is returned, then this message has definitely suffered a hook. - nick_n_a
- You can ... dig a disassembler ... for sure the chain is stored somewhere. - nick_n_a
|
1 answer
Possible variant. Write a dll, which intercepts the call to SetWindowsHookEx , inject it into each process (the easiest way is through AppInit_DLLs ). As soon as the process tries to create a hook, you will see it in your code. You will see its PID , and you can do a lot more (for example, block the creation of a hook).
Zergatul Zergatul
9,136 1 golden mark 13 silver marks 26 bronze marks
- I will accept the answer, since it is a really sound idea, but, unfortunately, I decided to abandon the hooks in the project, too much will have to be intercepted (the hook on the keyboard is one of the few) - Oleg Lylok
|