Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Win32 Hooks DLL injection into Applications Built against "Any CPU"

Tags:

hook

dll-injection

setwindowshookex

I am working on a project which captures all User Interactions. MSDN tells (this)

SetWindowsHookEx can be used to inject a DLL into another process. A 32-bit DLL cannot be injected into a 64-bit process, and a 64-bit DLL cannot be injected into a 32-bit process. If an application requires the use of hooks in other processes, it is required that a 32-bit application call SetWindowsHookEx to inject a 32-bit DLL into 32-bit processes, and a 64-bit application call SetWindowsHookEx to inject a 64-bit DLL into 64-bit processes.

My Question is, what happens if an application was built against Any CPU. Do I need to call SetWindowsHookEx from a DLL built against Any CPU.

I have written HookLogger_32.exe loading HookFunctions_32.dll (both x86) and HookLogger_64.exe loading HookFunctions_64.dll (both x64) setting WH_CBT and WH_MOUSE globally (not a specific thread).

The HookLogger_32.exe, HookLogger_64.exe, HookFunctions_32.dll and HookFunctions_64.dll are written in C++.

When I click on a .NET application built against Any CPU, these DLLs get injected (through SetWindowHookEx). The Windows OS hangs & I have to forcefully restart my machine.

When the same .NET application is built against x86 or x64, and when I click on the application after the HookLoggers (both 32 & 64 bit) are started everything is working fine.

Any reasons for this undefined behavior.

The platform on which I am working is a 64-bit machine.

like image 875
sri Avatar asked Jan 27 '12 09:01

sri

1 Answers

You need to inject from a DLL with a corresponding bitnse - i.e. "any CPU" becomes either 32 or 64 bit at runtime... and your DLL must match the runtime bitness !

Something useful in your situation is known as "side-by-side assembly" (two versions of the same assembly, one 32 and the other 64 bit)... I think you will find these helpful:

  • Using Side-by-Side assemblies to load the x64 or x32 version of a DLL
  • http://blogs.msdn.com/b/gauravseth/archive/2006/03/07/545104.aspx
  • http://www.thescarms.com/dotnet/Assembly.aspx

Here you can find a nice walkthrough which contains lots of helpful information pieces - it describes .NET DLL wrapping C++/CLI DLL referencing a native DLL

UPDATE:

To make hooking really easy and robust see this well-tested and free library - among other things it works with AnyCPU !

like image 51
Yahia Avatar answered Oct 14 '22 20:10

Yahia
Sign in to Comment

Related questions

What are all the differences between WH_MOUSE and WH_MOUSE_LL hooks?
How to get pusher's Information in post-receive hooks?
Wordpress: displaying an error message - hook admin_notices fails on wp_insert_post_data or publish_post
Symfony 2: how to fire code before EVERY controller-action?
Is there a way to listen to an event in the phantom context from page context?
Git Hook: Take action when a branch is advanced
Woocommerce Product publish, update and delete hooks
Limiting syscall access for a Linux application
Pytest setup/teardown hooks for session
Hooking thread creation/termination
What is the point of VirtualProtect when any process, including malware, can use it?
Hooking into Windows File Copy
Login hook on Google Appengine
documentation for ejabberd hooks?
Finding a 3rd party QWidget with injected code & QWidget::find(hwnd)
Is there a way to inject an OS X system framework system-wide?
Overlay Icons in Delphi IDE

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!