Jun 26, 2014 at 8:24 PM
Edited Jun 26, 2014 at 8:26 PM
I'm wondering if I can hook a function from outside of DLL main. For an example, let's say I've hooked PeekMessage and replaced it with myPeekMessage. From my master hooking application I send a message to the injected slave application and myPeekMessage
picks it up and calls LhInstallHook on MessageBox to replace it with myMessageBox.
The issue that I run into is that the fourth parameter of LhInstallHook, the TRACED_HOOK_HANDLE, is now an invalid parameter and LhInstallHook returns C00000F2. The TRACED_HOOK_HANDLE is a global variable which I've created like so:
TRACED_HOOK_HANDLE THH = new HOOK_TRACE_INFO();
That part is standard and works for PeekMessage and it also works for MessageBox when it's hooked from DLLMain or any function called from DLLMain. What I tried to do after finding that it doesn't work was make THH a local variable and initialize it in the
function. In this case LhInstallHook does not fail anymore but MessageBox is not hooked.
I'm trying to do it this way so I can hook on demand by passing a message and inject only one dll into my remote process. Is this it better to inject multiple times with different dlls? Is my technique flawed? Is there a way to make it work?
I welcome any input on this.