How to hook all threads - unmanaged

Oct 13, 2010 at 10:55 AM
Edited Oct 13, 2010 at 10:56 AM

Hi,

 

I would like to hook on all threads and from documentation I read:

"2.6 Using Thread ACLs

[...] To enable a hook for all threads just set its local ACL to an empty exclusive one.[...]"

 

How can I do it??

example1:

ULONG ACLEntries[1] = {0};

Interface->LhSetExclusiveACL(ACLEntries, 1, &hook);  // will exclude current thread, which I would like to include

example2:

ULONG ACLEntriesEmpty[1];

Interface->LhSetExclusiveACL(ACLEntriesEmpty, 0, &hookE);  // doesn't work.

 

so how can I "set its local ACL to an empty exclusive one"?

Oct 13, 2010 at 1:00 PM

Perhaps either

ULONG ACLEntriesEmpty[];

or

ULONG ACLEntriesEmpty[1] = {};

Oct 13, 2010 at 1:11 PM

thanks but it doesn't compile:

ULONG ACLEntriesEmpty[];  // C2133: ACLEntriesEmpty : unknown size

ULONG ACLEntriesEmpty[1] = {}; // C2059: syntax error : '}'

Oct 19, 2010 at 1:41 PM

The solution is simple and that is what I use. Simply give the function a single thread ID that you know is invalid. I use -1 myself. So just call:

 

ULONG ACLEntries[1] = { (ULONG)-1 };
Interface->LhSetExclusiveACL(ACLEntries, 1, &hook);

 

Oct 19, 2010 at 6:50 PM

Thanks pierrebaj, I will try that tomorrow morning and let you know how it worked