SetWindowsHookEx - Dll Injection misses out on the first few calls

Question

Hi,

I am trying to use SetWindowsHookEx to capture calls to a API in java.dll.

So I created another dll, and injected into all other processes using setwindowsHookEx

g_hHook = SetWindowsHookEx(WH_CALLWNDPROC, JLoadSetFunc, g_hHookDll, 0)

The problem is following:

While trying to capture calls from a process, I notice that my dll get attached to that process after a couple of calls to the hooked function has already been executed.

So the problem is my hooking mechanism misses the first few calls of the hooked API.

Please suggest or comment on this problem to guide me. I am stuck terribly with this one.

Answer 1

There's an awfully dirty hack to load DLLs into every process using a registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs

Answer 2

I suggest the following:

1. Register your hook using SetWindowsHookEx()
2. SendMessage() to the remote process with a special message that only your hook understands
3. Repeat this until your hook replies
4. Call the code you want your hook to interact with

In short, wait for the hook to finish installing before you try using it.

Answer 3

@MSalters

A little correction: not into every process - it is loaded only to processes that import/use user32.dll, and not all processes use it (however I agree that most processes do use it).

See Working with the AppInit_DLLs registry value for more details.