Easiest way to know if your target app was closed?

c++ / delphi package - dll injection and api hooking

Easiest way to know if your target app was closed?

Postby Claes » Tue Jun 15, 2004 5:02 pm

Hi!

I succesfully injected a DLL into a targetapp. Now, if this app. is closed, I would like to know that this happended in my own app. What's the easiest way to do this? Would it be to hook TerminateProcess?

- Claes
Claes
 
Posts: 52
Joined: Thu Apr 22, 2004 10:52 pm
Location: Denmark

Postby madshi » Wed Jun 16, 2004 10:04 am

No, just call WaitForSingleObject(processHandle, ...). If you want to be notified (instead of waiting for that event) you can do that in a little secondary thread.
madshi
Site Admin
 
Posts: 9880
Joined: Sun Mar 21, 2004 5:25 pm

Postby nildo » Thu Jun 17, 2004 11:51 am

madshi wrote:No, just call WaitForSingleObject(processHandle, ...). If you want to be notified (instead of waiting for that event) you can do that in a little secondary thread.


Does this WaitForSingleObject consumes CPU usage? Or the code just get stopped into tat point until processHandle = 0 ?
nildo
 
Posts: 249
Joined: Mon Mar 22, 2004 11:32 am

Postby madshi » Thu Jun 17, 2004 12:37 pm

It doesn't consume CPU usage. It just waits...
madshi
Site Admin
 
Posts: 9880
Joined: Sun Mar 21, 2004 5:25 pm

Postby nildo » Fri Jun 18, 2004 3:01 pm

Madshi, I was trying to do it.... But even in another thread my program stays frozen. Look at this:

Here is the thread source:
Code: Select all
TAguardaProcThread = class( TThread )
protected
   procedure Execute; override;
   procedure AguardaProc; virtual;
public
   constructor Create;
end;

(...)

constructor TAguardaProcThread.Create;
begin
   inherited Create( True );

   FreeOnTerminate := True;
   Priority        := tpNormal;
end;

procedure TAguardaProcThread.Execute;
begin
   Synchronize( AguardaProc );
end;

procedure TAguardaProcThread.AguardaProc;
begin
   WaitForSingleObject( Processo.Handle, INFINITE );
   Processo.Ativo := False;
end;


Here I create the Thread
Code: Select all
   fAguardaProc := TAguardaProcThread.Create;
   fAguardaProc.Resume;


Do you know whats happening?
nildo
 
Posts: 249
Joined: Mon Mar 22, 2004 11:32 am

Postby madshi » Fri Jun 18, 2004 4:18 pm

"TThread.Synchronize" does nothing but move execution of the synchronized method to the main thread!
madshi
Site Admin
 
Posts: 9880
Joined: Sun Mar 21, 2004 5:25 pm

Postby nildo » Fri Jun 18, 2004 6:04 pm

madshi wrote:"TThread.Synchronize" does nothing but move execution of the synchronized method to the main thread!


:-x

hehe, sorry!
nildo
 
Posts: 249
Joined: Mon Mar 22, 2004 11:32 am

Postby Claes » Thu Jun 24, 2004 12:06 pm

I tried this. But I'm not sure where to put the call to WaitForSingleObject. Only once during Create - or in the Execute method? And how do I catch the signal?
Code: Select all
unit ThreadUnit;

interface

uses
  Windows, Classes;

type
  TWait4ProcessThread = class(TThread)
  private
    { Private declarations }
  protected
    procedure Execute; override;
  public
    constructor Create(ProcId: THandle);
  end;

implementation

{ TWait4ProcessThread }

constructor TWait4ProcessThread.Create(ProcId: THandle);
begin
  inherited Create(True);
  FreeOnTerminate := True;
  Priority := tpTimeCritical;
  WaitForSingleObject(ProcId, INFINITE);
  Resume;
end;

procedure TWait4ProcessThread.Execute;
begin
  if not Terminated then
  begin
???
  end;
end;

end.


Create the thread:
Code: Select all
uses
...
  ThreadUnit;

var
  Wait4ProcessThread: TWait4ProcessThread;
...
  Wait4ProcessThread := TWait4ProcessThread.Create(ProcessHandle);


Thanks in advance... ;)

- Claes :greenBalloon:
Claes
 
Posts: 52
Joined: Thu Apr 22, 2004 10:52 pm
Location: Denmark

Postby nildo » Thu Jun 24, 2004 12:16 pm

Put on EXECUTE
nildo
 
Posts: 249
Joined: Mon Mar 22, 2004 11:32 am

Postby Claes » Thu Jun 24, 2004 12:29 pm

Thanks! It works now. ;)
Claes
 
Posts: 52
Joined: Thu Apr 22, 2004 10:52 pm
Location: Denmark


Return to madCodeHook

Who is online

Users browsing this forum: No registered users and 10 guests