Destroy Window...

c++ / delphi package - dll injection and api hooking
Post Reply
Jeff_Lawton
Posts: 7
Joined: Tue Jul 20, 2004 8:20 pm
Location: Sacramento, CA
Contact:

Destroy Window...

Post by Jeff_Lawton »

I was looking at the Terminate DLL code, and I noticed it doesn't work on Windows 9x series.

Is there a way to hook the Destroy of a process via a DLL other than implementing a SETWINDOWSHOOKEX?

Thanks

Jeff Lawton.
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

What do you mean with "Terminate DLL code"? What do you mean with "the Destroy of a process"? Could you please clarify
Jeff_Lawton
Posts: 7
Joined: Tue Jul 20, 2004 8:20 pm
Location: Sacramento, CA
Contact:

Windows messages...

Post by Jeff_Lawton »

I have coded a DLL that overrides SetWindowsHookEX...


I wanted to capture the following windows messages :

Code: Select all

HSHELL_WINDOWACTIVATED
HSHELL_WINDOWDESTROYED
HSHELL_WINDOWCREATED  

using SetWindowsHookEx(WH_SHELL, @GetShellHook, hInstance, 0); 
Well everything works fine... I get all the messages etc.. but.. The problem occurs after my program closes. Everything closes fine, but EXPLORER.EXE will also crash when you go to run something, and then restart. This is a known Delphi bug, if you do a search on google for "setwindowshookex explorer crash delphi" you will find that it is VERY common if someone is on a network.

So I used your create process code and modified it so I can capture all creates, and it works perfectly. I saw you also had a demo for terminate process, but in there you state the following :
// the XP task manager's "end process" calls TerminateProcess but "end task"
// calls NtTerminateProcess, so we hook the lower level API in the NT family
// the 9x task manager doesn't use any official API, so we can't hook it :-(
Now the thing I wanted to know was there another way under 9x to capture a Destroy and an Activate without using the sethooks in one version, and a different way in another version. I would prefer to maintain one piece of code to do it all.

Thanks for any help you can provide.

Regards,

Jeff Lawton
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

Please check QC#6450. Perhaps that stabilizes your SetWindowsHookEx dll?

If not, what close/destroy do you want to hook? SetWindowsHookEx hooks window destroying. madCodeHook's HookProcessTermination demo hooks forced process terminations (via task manager and similar tools). That are two *totally* different things. What is your aim? What do you really need to know?
Post Reply