Re: How to spy global mouse & keyboard event?

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Actually, the #pragma is only a fraction of the problem.

You must declare the shared variables following the #pragma data_seg, e.g.,

HWND wnd = NULL;

and they must be initialized. Then you have to do a

#pragma data_seg()

to revert to the default data segment.

Finally, you have to cause the data segment to be shared

#pragma comment(linker, "/Segment:.sdata,rws")

then, and only then, do you get data shared among all the instances.

What can you share? HHOOK and HWND values are typical; I store a Process ID (DWORD) so I
know if I should disconnect the hook if the DLL is being unloaded. You can't share
handles to mutexes, semaphores, files, events, or anything else that is designated a
HANDLE type. Only HWND and HHOOK values can be shared. You can share any integer value,
but have to provide locking if it can be modified (InterlockedIncrement and
InterlockedDecrement in place of value++ and value--, for example). You cannot share a
CRITICAL_SECTION, so if you can't do it with an Interlocked... call, you must use a mutex,
preferrably a named mutex. You cannot share pointers, even pointers that point within the
shared data segment, because the segment may be at different addresses in different
executables. You can pretty much assume that you cannot share any C++ objects, and
definitely cannot share any MFC objects (the ones you can share have to follow an
incredible number of restrictions to be viable). Ideally, you use no MFC at all in the
shared DLL, as this can cause injection of the entire MFC DLL into each process, so MFC
usage in a hook DLL is a Really Bad Idea. When you PostMessage, you cannot use a pointer
in the WPARAM or LPARAM fields because it is a cross-process PostMessage and the pointer
loses meaning (I pass strings sequentially no more than sizeof(WPARAM)/sizeof(TCHAR)
characters at a time).

Low-level mouse and keyboard hooks might solve the problem of malware injection issues
(note that hook DLLs in Vista cannot hook higher-privilege processes!), but I've not used
these.
joe
On Thu, 25 Jan 2007 09:23:01 -0700, "Jonathan Wood" <jwood@xxxxxxxxxxxxxxxx> wrote:

There is no other way--it is somewhat difficult task.

Some code I've seen might do something like this:

// Data variables shared among all DLL instances
#pragma data_seg(".sdata")

By having global data like this, you are better able to coordinate
potentially multiple instances of your DLL.

Other than that, it can be tricky.
Joseph M. Newcomer [MVP]
email: newcomer@xxxxxxxxxxxx
Web: http://www.flounder.com
MVP Tips: http://www.flounder.com/mvp_tips.htm
.

Relevant Pages

  • Re: SetWindowsHookEx and WH_MOUSE
    ... I have created a DLL that sets a hook, ... you will find that no global variables are actually set. ... If delcared in a #pragma, INITIALIZED, and #pragma ...
    (microsoft.public.vc.language)
  • Re: A dll made in c++ HOOKs
    ... How did you create your shared memory? ... this code in your dll and tell me what's the result? ... #pragma data_seg ... application hook .. ...
    (microsoft.public.win32.programmer.ole)
  • Re: SetWindowsHookEx and WH_MOUSE
    ... Alright, Igor, my friend, one more question if I may. ... #pragma data_seg ... LRESULT CALLBACK MouseProc(int nCode, WPARAM wParam, LPARAM lParam) ... just want a message box to indicate that the DLL has noted a WM_LBUTTONUP. ...
    (microsoft.public.vc.language)
  • Re: Sharing data between apps via DLL
    ... App2: Metatrader 4. ... I can send data to the DLL, do some math, and send back to the same ... pragma data_seg is ignored. ... Not sure why you need a .def file; ...
    (microsoft.public.vc.mfc)
  • Re: 3rd party evc++ dll help
    ... // The following ifdef block is the standard way of creating macros ... All files within this DLL are compiled with the ... #pragma message ... * Launch target app with normal launch flag ...
    (microsoft.public.dotnet.framework.compactframework)