Andrew Kolwok
Reputation:
system wide api hook
What is the best way to do system wide user mode (NOT KERNEL MODE) api hook on Windows NT?
Upvotes: 2
Views: 2242
Answers (3)
Serg Kryvonos
Reputation: 4667
- Use SetWindowsHookEx to inject your dll into all processes.
- Use DLL_PROCESS_ATTACH handler to iterate process modules and fill import tables of modules in another process with your handler addresses of your injected dll.
- Use shared sections to share your data.
Upvotes: 0
Reed Copsey
Reputation: 564323
Normally, you'd do this using SetWindowsHookEx. This allows you to hook into all applications on the current desktop.
There are other options, though. This CodeProject article has a lot of details on hooking mechanisms.
Upvotes: 3
Related Questions
- Hooking API Calls in Current Process?
- Hooking Windows API function crashes application
- Hook api call in a parent process
- Windows Global Hook C++
- Windows API Hook C++
- System Wide ApI Hooking
- C++ Patching Calls In Exe
- API Hooking without Detours
- API Hooking which takes effect across entire process - both EXE and DLLs
- Hooking windows API functions to intercept dll loading (Windows only)