Application hooking :: x64 system

Question

Is there some kind of secret to hooking both 64bit & 32bit process on a 64bit system?

In an application that I'm currently writing I need to be able to hook 64bit processes. Hooking 32bit processes works just fine on 64 & 32bit systems but, no messages are received when trying to hook 64bit applications.

Before anyone tells me that I shouldn't be doing something like this let me explain that this is a very necessary thing for me to do.. Without setting global system hooks my application would be useless/pointless.

This application is written in C#/WPF but, using a C++ dll to do the actual hooking. I've tried compiling the dll for 64bit systems although it still isn't doing what it's supposed to do. When compiled for and running on 32bit systems it works exactly as it should.

*Edit:: I am talking about hooking window messages - WH_CBT & WH_SHELL messages

Answer 1

In order to hook both 32-bit and 64-bit processes you need to make sure that:

1. You have 32-bit DLL to hook 32-bit processes and 64-bit DLL to hook 64-bit processes
2. SetWindowsHookEx() is invoked from 32-bit code to hook 32-bit processes and from 64-bit code to hook 64-bit processes.

The latter basically means that you have to create both 32-bit and 64-bit executable that both call SetWindowsHookEx(), providing 32-bit and 64-bit DLL respectively as an hMod parameter.

If you application is 32-bit, you will have to spawn 64-bit process that will call SetWindowsHookEx() and probably do nothing else until you unhook. Note that Windows will automatically unset hook when/if this process exits/terminates, so it has to remain alive all the time you need the hooks, probably, the whole lifetime you your application - in this case you can make your 64-bit process WaitForSingleObject() until your main application process exits/terminates and unhook and exit after WaitForSingleObject() completes.