Hi,
I am writing a code that suppose to Inject a dll to a process, in the dll there's a call to SetWindowsHookEx in DllMain.

The Hook doesn't work. I checked the value of HHOOK Hook and it's non-null, and GetLastError() retrieve 0.
I know that the dll Injected successfully cause I have a MessageBox in DllMain which is appear when dll Injected.

Only SetWindowsHookEx doesn't work.

I also found this:
http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=2803958&SiteID=1

looks like I am not the first one who get into this situation.
I tried to make a new thread that gets the HINSTENCE from DllMain and call SetWindowsHookEx from the new thread, but it still doesn't work.

by the way, if I call LoadLibrary(DLL) from the EXE it load the dll successfully and SetWindowsHookEx works fine.

the problem appear only when I Inject the dll to other process with CreateRemoteThread.

Please help asap!

Thanks in advance.

Um... I think SetWindowsHookEx is used to inject Dlls not to be called in an injected Dll.

I think I found the problem, but I don't know how to solve it.

I think it because the second parameter of CreateRemoteThread is NULL, which is supposed to be pointer to SECURITY_ATTRIBUTE.

In MSDN there's a note that the default Security Attribute in WinXp is changed or something like that.

Anyone can help me with that?

Thanks in advance!

No, you didn't find it.

Please at least hear what other people say...

That parameter is only about who can open the thread you create and do certain types of operations.

I's wierd that you call an API that can inject code itself in the code you injected...

It's likely that you use the GetCurrentThreadId to get the thread id. That thread is which you created with CreateRemoteThread, getting no message, teminates after LoadLibrary returns...

I must do it that way, make dll that Injected and Call SetWindowsHookEx.

And I also believe it's a problem of Access. Because, as I said, when I load the DLL with LoadLibrary from main() of the Injector, It works fine, the problem appear only when I Inject the DLL with CreateRemoteThread.

Now, I tried to make ThreadProc in the Injector file that contain LoadLibrary(DLLNAME) that worked properly from main(), I called that thread with CreateThread from main() and it doesn't work. I didn't use Inject, I only made a thread that call the DLL wihtout Injection.

What common with these two examples is that I call the DLL from a thread.

any idea how to solve this?

Thanks in advance!

FURY \>口</

Did you read what I said?

Hmm.. Yes I Did.
You might be right, maybe it's not the second parameter of CreateRemoteThread.

But it definitely something with the Thread Access.
There's a way to change Thread default Access?

Thanks in advance!

It's likely that you use the GetCurrentThreadId to get the thread id. That thread is which you created with CreateRemoteThread, getting no message, teminates after LoadLibrary returns...

I mean this...

Hmm.. yeah, it does.

So what is the solution? It's impossible to call API function from threads?

If I were you, I get the window I want to hook in my process, get the thread id of that window in my process, set the hook in my process, and let SetWindowsHookEx do the inject thing.

[SOLVED]

Problem was, as you said, Thread is end up after calling SetWindowsHookEx.
I called a loop to keep thread alive.
now it works perfect!

Thanks!