madshi.net

[ohowson]

I've set up a number of hooks on the registry API calls. My program basically looks like this...

program blah blah;
uses blah blah;

var somefunc_next: function (stuff):longint; stdcall;

function somfunc_callback(stuff):longint; stdcall;
begin
dostuff;
restult:=somefunc_next(stuff);
end;

HookAPI('dll to hook','somefunc',@somefunc_callback,@somefun_next);
WinExec('program to hook to',SW_SHOWNORMAL);
UnhookAPI(@somfunc_next);

end.

So what I need to know is...
1. How do I make my application continue hooking until the exec'd program closes? As is it starts hooking, runs the program, then stops.
2. Will this continue hooking other processes (ie dll's etc) started by the exec'd program?

tia

[madshi]

Hello,

and sorry for the extremely late reply!

About your questions: You may want to read the documentation carefully to understand the difference between process wide and system wide API hooking. Do you want to hook registry API calls inside of a specific running process, only? Or do you want to hook all currently running processes? And all newly created process, too? Or maybe one specific executable file (e.g. iexplore.exe) or something like that?

Generally in the NT family calling HookAPI only ever affects the current process. So if you want to hook another process or maybe even multiple processes, you need to put your hooking code into a little dll and then inject your dll into the wanted process(es).

[dcsoft]

If you use ShellExecuteEx() to launch the app, you can do so on a separate thread. Use the SEE_MASK_NOCLOSEPROCESS flag so that the hProcess of the launched app is returned to you. Then do a

WaitForSingleObject(hProcess);

This call will return only when the launched app is terminated.

Don't forget to

CloseHandle(hProcess);

when you're done.


-- David