flat assembler
Message board for the users of flat assembler.
Index
> Windows > WH_KEYBOARD_LL doesnt work |
Author |
|
LocoDelAssembly 15 Dec 2007, 00:39
I have seen you did this several times so I must warn you: procs/funcs that adhere to stdcall, fastcall, pascal, and cdecl mandates that only EAX, ECX and EDX registers can be modified, others must be preserved at return (with the exception of ESP that depending of the convention it must be adjusted to release the stack space occupied by the parameters).
Also, better install the hook outside main, perhaps DLL_PROCESS_ATTACH occurs every time the DLL is attached to a new program so you would install many times the same hook. You also forgot to pass the call to the next hook with CallNextHook (or function with similar name). PS: And yes, the dll entry point is stdcall so you are doing wrong at destroying EBX. |
|||
15 Dec 2007, 00:39 |
|
zxcv 15 Dec 2007, 00:55
okay...
so i can use only eax, ecx, edx. how about 'normal' programs? I read many times namual about hooks and CallNextHook, but i cant understand why i must pass it, and when/how. Quote: perhaps DLL_PROCESS_ATTACH occurs every time the DLL is attached to a new program so you would install many times the same hook. This library will be loaded only once, im sure about it. |
|||
15 Dec 2007, 00:55 |
|
LocoDelAssembly 15 Dec 2007, 02:00
Quote: This library will be loaded only once, im sure about it. But are you sure that Windows doesn't send a DLL_PROCESS_ATTACH on processes created AFTER hook installation? Remember that conceptually LoadLibrary("your_library") is called on every process on your system when the hook is installed globally (i.e. no thread id is specified to SetWindowsHookEx). About registers you can use ALL of them, but before returning you must restore their original values of the ones that are not volatile (EBX, ESI, EDI, EBP, ESP). I'm unsure about FPU/MMX registers and SSE registers on 32-bit land, perhaps you are allowed to destroy some of them too (but probably not all). About CallNextHook, you can call it before or after your processing, you must check the documentation for the keyboard hook scenario. The variable where you hold the hook id (returned in EAX register by SetWindowsHookEx) must reside inside the DLL to make it available on all the hooked processes. |
|||
15 Dec 2007, 02:00 |
|
coconut 15 Dec 2007, 03:16
i have here a couple of examples:
http://board.flatassembler.net/topic.php?t=2130 http://board.flatassembler.net/topic.php?t=1670 |
|||
15 Dec 2007, 03:16 |
|
revolution 15 Dec 2007, 04:00
LocoDelAssembly wrote: About registers you can use ALL of them, but before returning you must restore their original values of the ones that are not volatile (EBX, ESI, EDI, EBP, ESP) LocoDelAssembly wrote: I'm unsure about FPU/MMX registers and SSE registers on 32-bit land, perhaps you are allowed to destroy some of them too Anyone care to comment on 64bit Windows ... LINUX ... other OS call standards ... C .. PASCAL ... VB ... other language call standards ... |
|||
15 Dec 2007, 04:00 |
|
LocoDelAssembly 15 Dec 2007, 04:23
Remember to change "return" to "ret" and remove "enter" since in the current win32 headers are not required anymore and will fail to compile.
coconut, I saw that you marked shareable not only the section where you store the global variables but also other ones. Do you know what happens if by some reason the DLL can't be loaded at the same base address on all processes? AFAIK the DLL could not be loaded to the process at the very same moment it is created and before any other modules are loaded, so it would be possible that when Windows will load the DLL will need to relocate again. So, how this situation is solved? Windows takes the shareable attribute as a hint and discards it when is no longer possible to sustain or what? |
|||
15 Dec 2007, 04:23 |
|
zxcv 15 Dec 2007, 04:27
coconut wrote: i have here a couple of examples: thanks, it helped a lot. But its hard to understand this high-level code :/ |
|||
15 Dec 2007, 04:27 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.