madshi.net

If RegisterDragDrop() is called, then the notification of end drag is sent to the registered IDropTarget, not to the tree or parent window. I would hook RegisterDragDrop() and see if it is called when the drag/drop is started.

-- David

Kaarigar, You've already done the hard part: getting your DLL injected into the target process and subclassing the windows. I think now you need to learn how drag and drop works. Otherwise you won't know which stuff you have to hook. So I would start a temporary project with a tree control in it, an...

Another thing is to make sure you test all the parameters in your callback function before using them. For example, what if lpFilename is NULL? Does the string get constructed successfully? The injected app might have an exception handler that throws away the thrown exception when your hook does som...

I'm not sure why Detours works and MCH does not, but the issue I see is: in the CreateFileACallback() you are calling file.open(), which probably does a CreateFile() call and thus makes this recursive. If i intercept file hooks, I use SendMessage(WM_COPYDATA, ...) to a logger application which avoid...

What is confusing is that the functions in kernel32.dll are really "user mode" functions, so you can hook all of those using MadCodeHook. The functions like NtCreateProcessEx() are not in kernel32.dll, they are in NtDll.dll. These also are user mode functions, so you can hook all of these ...

That's what I meant, sorry I did not understand you were already using it!

Why don't you guys just use MCH instead of re-inventing the wheel?

The terms are for whether the MCH code is statically linked into your hook dll or if you must distribute the MCH DLL.

This usage is the same as discussing whther to use the static or dynamic version of MFC, for example, It's quite a standard thing.

-- David

Hook GetClipboardData()?

-- David

Couldn't you hook NtWriteFile and set a flag that says the file was written to, and back it up when NtClose was called? Too late. In the moment when you let NtWriteFile pass, the original file data is already destroyed. I thought the idea was to back up the file *after* it has been changed. -- David

The driver is used when you hook more than a specific process, so yes.

-- David

Couldn't you hook NtWriteFile and set a flag that says the file was written to, and back it up when NtClose was called?

Perhaps instead of closing the app when the timeout happened, you could start nagging them (like expired shareware) to close it themselves. In general, make it impossible to do much more useful work but still make it possible to click File | Save or whatever.

-- David

Regarding the timer, I've never used CreateWaitableTimer() either, but it seems maybe this is what you really need. For simplicity, you could just open a handle on the current process and then do a WaitForSingleObject() with a timeout value of the desired timeout. When the thread is woken up, check ...

Sweet! Thanks for the clarification.

-- David