Total Hook

[Kwai chang caine]

Hello at all

Excuse me for this beginner question , but is it possible to create a hook for all windows activity ???

I have searched in the forum and find several thread on this subject, but not really hook ALL action of Windows, just keyboard, mouse, another exe, etc...

Thanks and good day

[Henrik]

Hi kcc
You would probably need somthing like EasyHook EasyHook - http://easyhook.codeplex.com it uses a " Driver ", to ensure that it workes
But the project seems abandoned, but some have made it work in Vs2010
it is primarily at C# project "I dont like C#, but that is my problem"

Also to inject up to Xp you should use kernel32 's function CreateThread, you can finde examples on this forum
But from Vista and up you need "NtCreateThreadEx" of the ntdll.dll
NtCreateThreadEx - http://securityxploded.com/ntcreatethreadex.php

I dont really play with this stuff anymore ,just happend to stumbled over EasyHook some time ago.

You have something to check out now, i never had any luck in compiling EasyHook so i cant help you there, and i'm not realy in interested in this so good luck.

Best. Henrik

[Kwai chang caine]

Thanks a lot HENRIK

In fact i search to catch the OLE commands passing between two apps.
Like i don't know how do that, i say to me perhaps, if it's possible to see all the actions of windows, surely the OLE is into her, but i'm not sure

So thanks a lot for your links, perhaps a beginning of way for do my idea

[GeBonet]

Hello, I think it would be very difficult. Should be able to do before Windows user requests the first time ...
In addition it would be very dangerous and not very useful, except write another OS based on Windows itself!
But hey that's just my opinion!

[Thorium]

It's actualy called a global hook. And you should only use something like that if there is no other way. If not proper done it can cause the whole system to slow down, cause system instability and even security risks.

A practical use for it is a virus scanner that oversees system activities like HDD accesses to detect suspicious behavior of software or simply scan files befor they are executed or written to disk.

If you want to intercept communication between 2 applications a lokal or user mode hook should be just fine.
I dont know anything about OLE, so i dont know what to hook, but if you know OLE you should know what to hook.

[IdeasVacuum]

Microsoft have just launched a competition ($200,000 prize) for novel ways to prevent global hooks..........

[idle]

Microsoft have just launched a competition ($200,000 prize) for novel ways to prevent global hooks..........

Delete windows!

[IdeasVacuum]

... I think you should enter that idea Idle

http://www.microsoft.com/security/blueh ... rules.aspx

[idle]

I'm sure they'll get a lot of those

Interesting, it's kind of like Microsoft is admitting "we've tried and tried but we simply don't know how to do it"

[IdeasVacuum]

.....or admitting that their own technology is getting beyond their reach.

In fairness to them though, someone 'on the outside' may have a break-through idea because they are not encumbered with the day-to-day development of the OS. Still, I think the prize is pretty mean, what they should offer is a royalty % of Windows sales..........

[idle]

I quite expect there are hackers out there who have a better handle on the internals of the OS
than MS engineers, since they generally develop specific parts of windows in total isolation from each other.

[Yogi Yang]

There are a few commercial and binary only solutions.

I prefer to use DWSpy component it comes as a static DLL as well as an ActiveX wrapper. It comes with source code option also. They have implemented all kinds of hooks in a very elegant way. The subclasses is so stable that I have never seen any of my software that use this hook ever crash in any way.

Check out

Code: Select all

www.desaware.com

There is an ActiveX only solution also from Marby software. I can't recall its exact url though. The name of the hook is MsgHook and it is freeware.

HTH

[Kwai chang caine]

If you want to intercept communication between 2 applications a lokal or user mode hook should be just fine.
I dont know anything about OLE, so i dont know what to hook, but if you know OLE you should know what to hook.

Me too
I just know how using the OLE, with VB6, OFFICE and also the Splendid COMATE and PureDisHelper.
But i don't know what is the way for hooking it

But it's a good news what you say, because if i don't forced to hooking all the windows, it's surelly more sample to found the OLE command inside the thousands command of a local hook

@Yogi Yang
Thanks a lot for your precious links
I take a look, perhaps i found my happiness inside

@All
Thanks for your answers

[Thorium]

Microsoft have just launched a competition ($200,000 prize) for novel ways to prevent global hooks..........

As i understand it it's not about global hooks at all. It's about prevention of exploitation of memory vulnerabilitys.

You dont need to exploit any vulnerabilitys for a global hook, as long as you get admin rights. You should not be able to install a global hook without admin rights.