Can anyone explain how does one program hook into and modify behavior of other programs in Windows?
How is it even possible? Don't windows programs protect themselves from other programs going into their memory, etc? (I don't know the internals how it works so I just said "into their memory" -- I bet it's more complex than that.)
Also does modern Windows like Windows 7 still allow it?
Thanks, Boda Cydo
Imagine an application that saves data to file X.txt you can grab the x.txt contents, and attempt to find a difference in the saved x.txt against the current x.txt, once it changes you can have an event fire knowing that program X modified its x.txt file.
You can do this on a lower level but the concept remains the same, (monitor something for change).
There are several different ways to hook into and modify the behavior of other programs.
For example, you can directly write to another program's memory (WriteProcessMemory) or you can inject a thread into another program's memory (CreateRemoteThread). This presumes you have some rights to control that other program.
You can also inject a window hook via SetWindowsHookEx. This presumes you are running in the user's session at the same or higher integrity level of the program you are injecting into.
This is still allowed for several reasons. Without a way to modify behavior of other programs you would not be able to implement a debugger. Windows hooks are used by testing programs, accessibility programs, programs that change the look and feel of Windows, etc.