unmanagedhook example

Aug 9, 2010 at 10:23 PM

I have made a managed hook that works fine, but I don't like that my app requires admin privs and there are some pitfalls of the gac which I consider to be major pitfalls.


1. If I create an unmanaged hook can I get around the admin privs?

2. I tried building and running the unmanagedhook example in vs2010 on win7 x64 and I get this output at FORCE(RhInstallSupportDriver());

"Installing support driver...  [Error(0xC00000E5)]: "Unable to start driver!" (code: 577 {0x00000241})"

The internals are in RhInstallDriver:

// start and connect service...

if(!StartServiceW(hService, 0, NULL) && (GetLastError() != ERROR_SERVICE_ALREADY_RUNNING)
&& (GetLastError() != ERROR_SERVICE_DISABLED))
THROW(STATUS_INTERNAL_ERROR, L"Unable to start driver!");

Aug 11, 2010 at 8:10 AM
Edited Aug 11, 2010 at 8:12 AM
The unmanaged API reference says, "With unmanaged injection you have several problems left. And this is why I recommend you to use managed injection whenever possible. For example, no system service is used and also no WOW64 bypass. This way it is not possible to hook into other terminal sessions or through WOW64 boundaries using the unmanaged API." p.24
So which type of injection is better?
Please share your experience.
Aug 11, 2010 at 7:50 PM

OK, how do you recommend I get around pitfals of the GAC and admin issues?

I will be hooking a 32bit process. The major GAC concern I'm worried about is this:

By default, applications will only run with the version of the .NET Framework used to compile it, which can cause the application to fail on machines with newer versions of the .NET Framework installed — even when the application would normally run properly with the newer version.

Finally, the reason the hook fails is because it hooks a system service the MessageBeep?  I still don't understand the source of the error?