Previously we discussed why it isn’t required to inject the DLL containing the callback to every application you need to set a hook on. In this post, we are going to see if it’s possible to create a hook or a global Hook with
SetWindowsHookEx function without using any sort of DLL.
There is this cool trick in which you can use some known Dll to grab their handle and use that to legitimately install the hook with this function. Here is the code for doing that
HMODULE dll_handle = GetModuleHandle(L"user32.dll");
windows_exhook = SetWindowsHookExA(WH_GETMESSAGE, CallWndProcHook,
dll_handle, tid); //0: System wide event
DWORD error = GetLastError();
if( windows_exhook==NULL )
qDebug() << "Failed to set the hook. Error code: "
qDebug() << "hook was successfully installed="
<< windows_exhook << dll_handle
<< error << tid;
Although this code runs successfully and installs the hook if you install this globally by setting the thread id to 0, it will Instantly crash your whole
If you try that on a single application it also crashes the application.
I tried and spend some time to figure this out and it turns out that the callback will never get executed. I tried to simplify the callback do some sanity tests and it looks like the hook is installed without any problems and sometimes the callback called and most of the time it won’t but at the end in all test cases the targeted application were always crashes. Here is the simplified callback function that I used:
LRESULT CALLBACK CallWndProcHook(int nCode, WPARAM wParam,
// Call the next hook in the chain
// The first argument is ignored so any value will work
return CallNextHookEx(windows_exhook, nCode,
I searched a bit about this and there were two comments around this issue
Although at the beginning it seems that you can get away using
SetWindowsHookEx function without a Dll currently at least up to what I know there is no possible way to use
SetWindowsHookEx function without having the callback inside another Dll