Easiest way to know if your target app was closed?

c++ / delphi package - dll injection and api hooking
Post Reply
Claes
Posts: 52
Joined: Thu Apr 22, 2004 10:52 pm
Location: Denmark

Easiest way to know if your target app was closed?

Post by Claes »

Hi!

I succesfully injected a DLL into a targetapp. Now, if this app. is closed, I would like to know that this happended in my own app. What's the easiest way to do this? Would it be to hook TerminateProcess?

- Claes
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

No, just call WaitForSingleObject(processHandle, ...). If you want to be notified (instead of waiting for that event) you can do that in a little secondary thread.
nildo
Posts: 249
Joined: Mon Mar 22, 2004 11:32 am
Contact:

Post by nildo »

madshi wrote:No, just call WaitForSingleObject(processHandle, ...). If you want to be notified (instead of waiting for that event) you can do that in a little secondary thread.
Does this WaitForSingleObject consumes CPU usage? Or the code just get stopped into tat point until processHandle = 0 ?
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

It doesn't consume CPU usage. It just waits...
nildo
Posts: 249
Joined: Mon Mar 22, 2004 11:32 am
Contact:

Post by nildo »

Madshi, I was trying to do it.... But even in another thread my program stays frozen. Look at this:

Here is the thread source:

Code: Select all

TAguardaProcThread = class( TThread )
protected
   procedure Execute; override;
   procedure AguardaProc; virtual;
public
   constructor Create;
end;

(...)

constructor TAguardaProcThread.Create;
begin
   inherited Create( True );

   FreeOnTerminate := True;
   Priority        := tpNormal;
end;

procedure TAguardaProcThread.Execute;
begin
   Synchronize( AguardaProc );
end;

procedure TAguardaProcThread.AguardaProc;
begin
   WaitForSingleObject( Processo.Handle, INFINITE );
   Processo.Ativo := False;
end;
Here I create the Thread

Code: Select all

   fAguardaProc := TAguardaProcThread.Create;
   fAguardaProc.Resume;
Do you know whats happening?
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

"TThread.Synchronize" does nothing but move execution of the synchronized method to the main thread!
nildo
Posts: 249
Joined: Mon Mar 22, 2004 11:32 am
Contact:

Post by nildo »

madshi wrote:"TThread.Synchronize" does nothing but move execution of the synchronized method to the main thread!
:-x

hehe, sorry!
Claes
Posts: 52
Joined: Thu Apr 22, 2004 10:52 pm
Location: Denmark

Post by Claes »

I tried this. But I'm not sure where to put the call to WaitForSingleObject. Only once during Create - or in the Execute method? And how do I catch the signal?

Code: Select all

unit ThreadUnit;

interface

uses
  Windows, Classes;

type
  TWait4ProcessThread = class(TThread)
  private
    { Private declarations }
  protected
    procedure Execute; override;
  public
    constructor Create(ProcId: THandle);
  end;

implementation

{ TWait4ProcessThread }

constructor TWait4ProcessThread.Create(ProcId: THandle);
begin
  inherited Create(True);
  FreeOnTerminate := True;
  Priority := tpTimeCritical;
  WaitForSingleObject(ProcId, INFINITE);
  Resume;
end;

procedure TWait4ProcessThread.Execute;
begin
  if not Terminated then
  begin
???
  end;
end;

end.
Create the thread:

Code: Select all

uses
...
  ThreadUnit;

var
  Wait4ProcessThread: TWait4ProcessThread;
...
  Wait4ProcessThread := TWait4ProcessThread.Create(ProcessHandle);
Thanks in advance... ;)

- Claes :greenBalloon:
nildo
Posts: 249
Joined: Mon Mar 22, 2004 11:32 am
Contact:

Post by nildo »

Put on EXECUTE
Claes
Posts: 52
Joined: Thu Apr 22, 2004 10:52 pm
Location: Denmark

Post by Claes »

Thanks! It works now. ;)
Post Reply