From: Bartjan Wattel [bartjan@ascit.com]
Sent: Friday, November 12, 1999 1:52 AM
To: ntdev@atria.com; 71774.362@compuserve.com; mpietrek@tiac.com
Cc: mike@ascit.com
Subject: [ntdev] Microsoft SPY / SetWindowsHookEx questions


At the moment we are programming an application that intercepts messages
from Windows applications, like the Spy-utility from Microsoft Visual C++
does. We analysed the sourcecode of this program and read the documentation
on Win32 Hooks (which can be found in the MSDN tool). As explained in this
documentation we put the functions that intercept the messages together in
one DLL. The function that calls the SetWindowsHookEx function is in an
application.

So, the program loads the DLL (with the functions that intercepts
messages). Next the program gets the addresses of all functions that are in
the DLL. The last step is installing 2 system-wide hooks (WH_GETMESSAGE and
WH_CALLWNDPROC) via the function SetWindowsHookEx.

Weve got some questions for you:

A. When we install a system-wide hook, the DLLmain function of my DLL is 
   called everytime when a application starts or ends. 

   1) Does Windows create instances of my DLL?
   2) Why is this?
   3) Can we avoid this?

B. Because the DLL is reloaded for each application that starts, we cannot
   use "global variables" in the DLL because the data segments for the DLL 
   are also reloaded and hence the variables are back in their "initialized"
   state

   1) If Windows create instances of my DLL, can we use shared memory 
      (memory mapped file), so that all the instances use the same variables?
   2) Any other hints or comments on this one ?

Thanks for your reply,


With kind regards, 

Bartjan Wattel <mailto:bartjan@ascit.com>
-----------                   --- Your security partner ---
ASCIT B.V. - ThunderStore HeadQuarters                   
  Ant. v.d. Heydenstraat 2, 5527 BV HAPERT, The Netherlands
  Tel: +31 (0)49 7383 505 / Fax: +31 (0)49 7388 440 
  Web: http://www.thunderstore.com
-----------

 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
[ To unsubscribe, send email to ntdev-request@atria.com with body
UNSUBSCRIBE (the subject is ignored). ]
