question

Joshua-2005 avatar image
0 Votes"
Joshua-2005 asked SimpleSamples answered

Trying to learn about hooking

I'm hooking the function CreateWindowExW using the lib EasyHook.

When it returns at the line return CreateWindowExW(dwExStyle, lpClassName, lpWindowName, dwStyle, X, Y, nWidth, nHeight, hWndParent, hMenu, hInstance, lpParam);, it is:

  • Returning the original 'intercepted' function with the parameters modified by me X, Y, nWidth, nHeight?

or

  • It's calling the original function plus a new CreateWindowExW function with the same parameters?

If in the case of 2, how do I return the original function call with modified values?

My doubt is if I need to define CreateWindowExW somewhere, and how to 'call' it with the current 'intercepted' hook function?

This is the whole code, i dont have CreateWindowExW defined anywhere else:

c++
HWND __stdcall CreateWindowExW_Hook(
    DWORD     dwExStyle,
    LPCWSTR   lpClassName,
    LPCWSTR   lpWindowName,
    DWORD     dwStyle,
    int       X,
    int       Y,
    int       nWidth,
    int       nHeight,
    HWND      hWndParent,
    HMENU     hMenu,
    HINSTANCE hInstance,
    LPVOID    lpParam
)
{
    X = 50; Y = 50; nWidth = 400; nHeight = 300;
    return CreateWindowExW(dwExStyle, lpClassName, lpWindowName, dwStyle, X, Y, nWidth, nHeight, hWndParent, hMenu, hInstance, lpParam);
}



extern "C" void __declspec(dllexport) __stdcall NativeInjectionEntryPoint(REMOTE_ENTRY_INFO* inRemoteInfo);

void __stdcall NativeInjectionEntryPoint(REMOTE_ENTRY_INFO* inRemoteInfo)
{
    HOOK_TRACE_INFO hHook = { NULL };
    NTSTATUS result = LhInstallHook(
    GetProcAddress(GetModuleHandle(TEXT("User32")), "CreateWindowExW"),
    CreateWindowExW_Hook,
    NULL,
    &hHook);

    ULONG ACLEntries[1] = { 0 };
    LhSetExclusiveACL(ACLEntries, 1, &hHook);
}



c++windows-api-general
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

SimpleSamples avatar image
0 Votes"
SimpleSamples answered

I see your question Is the 'original' function being returned? · Issue #389 · EasyHook/EasyHook. That is the best place to ask this question.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.