Trying to learn about hooking

Question

I'm hooking the function CreateWindowExW using the lib EasyHook.

When it returns at the line return CreateWindowExW(dwExStyle, lpClassName, lpWindowName, dwStyle, X, Y, nWidth, nHeight, hWndParent, hMenu, hInstance, lpParam);, it is:

• Returning the original 'intercepted' function with the parameters modified by me X, Y, nWidth, nHeight?

or

• It's calling the original function plus a new CreateWindowExW function with the same parameters?

If in the case of 2, how do I return the original function call with modified values?

My doubt is if I need to define CreateWindowExW somewhere, and how to 'call' it with the current 'intercepted' hook function?

This is the whole code, i dont have CreateWindowExW defined anywhere else:

c++
HWND __stdcall CreateWindowExW_Hook(
    DWORD     dwExStyle,
    LPCWSTR   lpClassName,
    LPCWSTR   lpWindowName,
    DWORD     dwStyle,
    int       X,
    int       Y,
    int       nWidth,
    int       nHeight,
    HWND      hWndParent,
    HMENU     hMenu,
    HINSTANCE hInstance,
    LPVOID    lpParam
)
{
    X = 50; Y = 50; nWidth = 400; nHeight = 300;
    return CreateWindowExW(dwExStyle, lpClassName, lpWindowName, dwStyle, X, Y, nWidth, nHeight, hWndParent, hMenu, hInstance, lpParam);
}



extern "C" void __declspec(dllexport) __stdcall NativeInjectionEntryPoint(REMOTE_ENTRY_INFO* inRemoteInfo);

void __stdcall NativeInjectionEntryPoint(REMOTE_ENTRY_INFO* inRemoteInfo)
{
    HOOK_TRACE_INFO hHook = { NULL };
    NTSTATUS result = LhInstallHook(
    GetProcAddress(GetModuleHandle(TEXT("User32")), "CreateWindowExW"),
    CreateWindowExW_Hook,
    NULL,
    &hHook);

    ULONG ACLEntries[1] = { 0 };
    LhSetExclusiveACL(ACLEntries, 1, &hHook);
}

Answer 1

I see your question Is the 'original' function being returned? · Issue #389 · EasyHook/EasyHook. That is the best place to ask this question.