Determing which thread a hook is comming from..

c++ / delphi package - dll injection and api hooking

Determing which thread a hook is comming from..

Postby Sirmabus » Thu Sep 02, 2004 10:23 pm

Hello Madshi and all,

"madCodeHook" rocks! It's very stable and makes process or system wide hooks easy to do.

I have this application I'm hooking some API calls from.
I'm doing this do make an add-on tool to the program.

The source application opens up four seperate windows in shared thread(s).

I'm trying to figure out from inside the hook which one of the four windows the hook belongs too (using documented or not API calls).
I thought I would do this simply by thread ID (using "GetCurrentThreadId()") or handle. But since they are all shared, they all come up as the same ID or handle.

I CAN do a GetActiveWindow() and get the threads(window) unique HWND, but only when it's in focus.

Is there some undocumented windows API call to get the REAL thread ID or handle, and or address, etc., that I can use to associate the window?

I'm not adverse to reading the selector or descritor tables, mapping the virtual to physical memeory, or making a WDM for it if I have too..

Thanks,
"SirMabus"
Sirmabus
 
Posts: 89
Joined: Fri May 28, 2004 6:20 pm

Postby madshi » Fri Sep 03, 2004 9:00 am

Well, a hook never belongs to a window, unless the API you've hooked is window specific. About which hooked APIs are we talking?
madshi
Site Admin
 
Posts: 9810
Joined: Sun Mar 21, 2004 5:25 pm

Postby Sirmabus » Fri Sep 03, 2004 9:13 am

Right now only DrawTextExA() and some general code hooks.

You see this application opens these four similar windows, the main program is sort of a launcher for up to four of the same type of windows.

The prototype for this function by the way is:

int DrawTextEx(
HDC hdc, // handle to DC
LPTSTR lpchText, // text to draw
int cchText, // length of text to draw
LPRECT lprc, // rectangle coordinates
UINT dwDTFormat, // formatting options
LPDRAWTEXTPARAMS lpDTParams // more formatting options
);

Also right now two other code hooks that do get called offten from the thread(s) that runs these windows.

Since these windows are running in thier own thread. Shouldn't there be something different about them thread wise?
It looks like they are all sharing the same thread handles and IDs.

My hooks all work fine with just one of these windows are open.
But now I want to support the other 3 windows/sessons so I need a way of knowing which of the 4 the calls are comming from..

Seems like it would be a fairly common problem where multiple instances
of a thread are running from a parent application.
I expected simply GetCurrentThreadID() to figure it out, but they all come up the same ID..

Thanks,
Sirmabus
 
Posts: 89
Joined: Fri May 28, 2004 6:20 pm

Postby madshi » Fri Sep 03, 2004 9:51 am

First of all: Each thread can have no, one or multiple windows. There's no limitation to this at all.

Next: GetCurrentThreadID tells just you that, namely the ID of the current thread. But each thread can paint to the DC of any window - even to the DC of windows that belong to other threads! Though, painting to the DC of windows that belong to another thread is probably more or less unusual.

You might have look calling WindowFromDC:

http://msdn.microsoft.com/library/defau ... w_7tr7.asp

But this will work only if the DrawTextEx call draws directly to a window DC. If the window is using double buffering, DrawTextEx will draw to a bitmap DC and WindowFromDC won't work in that case.
madshi
Site Admin
 
Posts: 9810
Joined: Sun Mar 21, 2004 5:25 pm

Postby Sirmabus » Fri Sep 03, 2004 11:42 am

Thanks so much.

--

Damn that won't work. It must be drawing this text to a buffer first.

I think it's going to be a tough thing to do..

Do you know of anything low level I could do prehaps?

I RE'ed a lot of the program already.
I might have to get down to it's drawing loops, paint handler, etc.,
and do more hooks inside the program it's self.

---
Sirmabus
 
Posts: 89
Joined: Fri May 28, 2004 6:20 pm


Return to madCodeHook

Who is online

Users browsing this forum: Exabot [Bot] and 5 guests