How to hook all threads - unmanaged

Oct 13, 2010 at 11:55 AM
Edited Oct 13, 2010 at 11:56 AM



I would like to hook on all threads and from documentation I read:

"2.6 Using Thread ACLs

[...] To enable a hook for all threads just set its local ACL to an empty exclusive one.[...]"


How can I do it??


ULONG ACLEntries[1] = {0};

Interface->LhSetExclusiveACL(ACLEntries, 1, &hook);  // will exclude current thread, which I would like to include


ULONG ACLEntriesEmpty[1];

Interface->LhSetExclusiveACL(ACLEntriesEmpty, 0, &hookE);  // doesn't work.


so how can I "set its local ACL to an empty exclusive one"?

Oct 13, 2010 at 2:00 PM

Perhaps either

ULONG ACLEntriesEmpty[];


ULONG ACLEntriesEmpty[1] = {};

Oct 13, 2010 at 2:11 PM

thanks but it doesn't compile:

ULONG ACLEntriesEmpty[];  // C2133: ACLEntriesEmpty : unknown size

ULONG ACLEntriesEmpty[1] = {}; // C2059: syntax error : '}'

Oct 19, 2010 at 2:41 PM

The solution is simple and that is what I use. Simply give the function a single thread ID that you know is invalid. I use -1 myself. So just call:


ULONG ACLEntries[1] = { (ULONG)-1 };
Interface->LhSetExclusiveACL(ACLEntries, 1, &hook);


Oct 19, 2010 at 7:50 PM

Thanks pierrebaj, I will try that tomorrow morning and let you know how it worked