Application Security Testing: An Integral Part of DevOps
Click this link for a Screen Shot.
Environment: MSVC++6.0 SP3, Win98/2000/NT4(SP5)
This article features a HowTo to write, set and make use of system wide hooks.
To set system wide hooks, you need to reference a DLL in the SetWindowsHookEx()-command. The demonstrational workspace constists of two separate projects. One builds the DLL with its exported member functions SetHook() and RemoveHook().
Note, that we make use of a memory mapped file to save the instance-, hook- and window-handles which is wrapped in the struct SCGLOBALDATA.
The HookProc()-callback function is called from the system, when keycodes are recieved. We then pass the values in lParam, wParam (virtual keycode and keystroke-message information) via a WM_COPYDATA-message to a controlling (separate) executable that determines by its return value if the hook is to be forwarded through CallNextHookEx().
For additional information, the controlling procedure displays various information on the keystroke it has currently processed. Due to the system wide character of the hook, it even logs keys that are pressed in other applications or a DOS-Prompt.
The DLL exports BOOL SetHook(HWND hWnd) and BOOL RemoveHook() which are pretty self-explaining. You need to pass a valid HWND to SetHook which limits the functionality to window-applications. To bypass this, you can create a dialogbox-based application with an initially hidden window.
Download the precompiled executable to get an idea of what hooks are all about. The complete VC++6.0 workspace contains all necessary sourcecode to build the demo application for you to play around with.
I hope, you find the supplied code useful and instructive.
Please feel free to send comments to VolkerBartheld@reetcom.de
HookDemoExe.zip is a compiled executable of the demo application.
HookDemo.zip is a MSVC++ V6 workspace of the demo application.