Code: Select all
HWND WINAPI HookCreateWindowExW( IN DWORD dwExStyle,
IN LPCWSTR lpClassName,
IN LPCWSTR lpWindowName,
IN DWORD dwStyle,
IN int X,
IN int Y,
IN int nWidth,
IN int nHeight,
IN HWND hWndParent,
IN HMENU hMenu,
IN HINSTANCE hInstance,
IN LPVOID lpParam)
{
// Call next hook
HWND hwnd = NextCreateWindowExW(
dwExStyle, lpClassName, lpWindowName,
dwStyle, X, Y, nWidth, nHeight, hWndParent,
hMenu, hInstance, lpParam);
// Log this function call:
// The following line, which accesses an LPCWSTR,
// causes the hooked app (Internet Explorer) to hang.
// If this line is commented out, Internet Explorer works fine.
OutputDebugStringW(lpClassName);
// And return the result
return hwnd;
}
Furthermore, I have also intercepted the ANSI version, CreateWindowExA, and following the same logic, OutputDebugStringA works fine. To test, I run the code in WinME (which uses the Ansi version of CreateWindowEx).
It seems the problem is inherent in the UNICODE version, when run on Win2K and XP. Whenever I touch the UNICODE string, Internet Explorer hangs.
Let me detail what I mean by "hang": I have broken into the above code using a debugger and stepped through each line; this is rapid response. No hangs at this point. So there is nothing inherently wrong with any of the code in the hook. But after my hook gets called, Internet Explorer freezes. When I break into the debugger during the freeze, the callstack is filled with NTDLL.DLL, GDI32.DLL, etc. as if the system is out to lunch. How could simply calling a function with a Unicode string parameter be causing this? Could I be messing up the callstack?
Does anyone have any ideas?
Thanks,
David