SetWindowsHookEx without DLL?

Published on 2023-07-27 in Software, Windows

Previously we discussed why it isn’t required to inject the DLL containing the callback to every application you need to set a hook on. In this post, we are going to see if it’s possible to create a hook or a global Hook with SetWindowsHookEx function without using any sort of DLL.
There is this cool trick in which you can use some known Dll to grab their handle and use that to legitimately install the hook with this function. Here is the code for doing that

HMODULE dll_handle = GetModuleHandle(L"user32.dll");
windows_exhook = SetWindowsHookExA(WH_GETMESSAGE, CallWndProcHook,
							dll_handle, tid); //0: System wide event
DWORD error = GetLastError();
if( windows_exhook==NULL )
{
	qDebug() << "Failed to set the hook. Error code: "
			 << error;
}
qDebug() << "hook was successfully installed="
         << windows_exhook << dll_handle
         << error << tid;

Although this code runs successfully and installs the hook if you install this globally by setting the thread id to 0, it will Instantly crash your whole explorer processor.
If you try that on a single application it also crashes the application.

I tried and spend some time to figure this out and it turns out that the callback will never get executed. I tried to simplify the callback do some sanity tests and it looks like the hook is installed without any problems and sometimes the callback called and most of the time it won’t but at the end in all test cases the targeted application were always crashes. Here is the simplified callback function that I used:

LRESULT CALLBACK CallWndProcHook(int nCode, WPARAM wParam,
                                 LPARAM lParam)
{
    // Call the next hook in the chain
    // The first argument is ignored so any value will work
    return CallNextHookEx(windows_exhook, nCode,
                          wParam, lParam);
}

I searched a bit about this and there were two comments around this issue

The first was that this is because you are skipping the phase which is putting your callback inside a Dll [link]
The second one is it’s because of some sort of aggressive security application that detects that this is not a legitimate behavior so it will instantly kill the effected affected application in order to prevent any data hijacking [link]

Conclusion

Although at the beginning it seems that you can get away using SetWindowsHookEx function without a Dll currently at least up to what I know there is no possible way to use SetWindowsHookEx function without having the callback inside another Dll

SetWindowsHookEx with WH_GETMESSAGE

Published on 2023-07-05 in Windows

There was this special application that I wanted to intercept all Windows messages for a specific remote processor. For that, I came to SetWindowsHookEx function but in order to install this hook on an external application you cannot do that simply by calling this function inside your code because it will fail with the following error

ERROR_HOOK_NEEDS_HMOD
1428 (0x594)
Cannot set nonlocal hook without a module handle.

In order to fix that at first I thought I need to create a DLL which contains the hook function and then inject that into every application that I need to intercept its messages. What I later found out was that this is not required
To shed some light in there there are two subjects around this, first, there is this DLL injection topic which you can use this function to inject some DLL into other programs and the second one is my application which intercepts events from other applications. For the first one you need to inject the dll which contains the codes you want to inject into the application you want, obviously.
But for the second application that I mentioned you just need to write your codes inside some dll and then just load that codes inside your application and because you wrote down the SetWindowsHookEx function and the hook callback inside the DLL main function your code will successfully execute and actually you don’t need to inject it into any other application so it is pretty straightforward.
Because at first, it seems to be so complicated I decided to write this down so I wouldn’t forget it later.
That it, enjoy and if it was helpful please send some feedback.

P.S.: SetWinEventHook Is a completely different Hook. What exactly it does is it reports the events regarding the window manager. To be more specific it reports events related to window creation and destruction, window resizing and losing, or getting Focus around different windows. But it would never give any response regarding the window internal messages.

Mark Jansen: WindowsHookEx GitHub Project

Stmxcsr: Reinventing the wheel, DLL Injection via SetWindowsHookExA

Batch Size vs Mini Batch Size

Published on 2023-06-03 in Speech Recognition

Batch Size: There is no such a thing as batch size, there’s only mini batch size which is number of the samples you train your model on before updating the weight and biases but sometimes programmers just drop the mini in the term, and use batch sizes instead so basically batch size is exactly the same as the minibatch size. If we want to be absolutely correct though then the batch size is the number of samples we have in our data set and it’s not a number that you can specify in your program
MSE: Mean square root error will work best if you want to calculate the error for predicting a function regression, like predicting stock price, or a product lifetime failure function.
Cross Entropy: Cross Entropy will work best if you want to do a classification like binary classification or even a multi-class classification. It helps by penalizing wrong class detection. The calculation of the cross-entropy function is fairly easy it is -log(p_target_class). So basically it only depends on the class that the input data is belonged to. In this case order classes error don’t have any impact on the network loss.
ArgMax: ArgMax is a function that is used at the final output layer of the neural network. It simply changes the class with the maximum number to one and all other cases to zero

slavv – 37 reasons why your neural network-is-not-working

Intel – TBB

Golden SSH Commands

Published on 2023-05-19 in Linux

Are you tired of entering your password for sshing into a remote server?
Are you tired of verifying host fingerprint changes every time?

Use this golden ssh command and save your valuable time

ssh -o "StrictHostKeyChecking no" -i ~/Documents/identify root@ip
echo "y\n" | HOSTNAME=`hostname` ssh-keygen -t rsa -C "$HOSTNAME" -f "$HOME/.ssh/id_rsa" -P ""
# copy key to remote
ssh-copy-id userid@hostname
sshpass -p pass ssh root@ip

CronTab @Reboot

Published on 2023-05-19 in Linux

You can use the @reboot keyword in crontab to start a shell script at system startup but here is why this isn’t a very good solution to do that.

The problem is that if you don’t shut down the system cleanly on the next startup this message will pop up and cron will simply skip over running your command.

"Skipping @reboot jobs -- not system startup"

The solution is easy, just use a systemd service.

/etc/systemd/system/service_name.service
------------------------------------------
[Unit]
Description=some description
After=network.target
StartLimitIntervalSec=0

[Service]
Type=simple
User=root
ExecStart=/home/user/script.sh

[Install]
WantedBy=multi-user.target

UnixDaemon – How Does Cron Reboot Work

Useful Firefox/Windows Hacks

Published on 2023-02-24 in Windows

Disable Firefox Update Prompt

run in cmd

reg ADD HKLM\SOFTWARE\Policies\Mozilla\Firefox /v DisableAppUpdate /t REG_DWORD /d 1 /f

or run ff_update_dis.reg

Disable Windows Keys

reg ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoWinKeys /t REG_DWORD /d 1 /f

or run win_key_dis.reg

Disable Shutdown Prompt Ending Application

reg ADD HKCU\Control Panel\Desktop /v AutoEndTasks /t REG_SZ /s "1" /f

or run win_end_task.reg

Disable Share Screen Prompt/Overlay

privacy.webrtc.hideGlobalIndicator

media.navigator.permission.disabled

Auto YouTube Play

media.block-autoplay-until-in-foreground

AddOn Restriction URL

extensions.webextensions.restrictedDomains -> set to null

privacy.resistFingerprinting.block_mozAddonManager -> true

Mozilla – Firefox Marionete

RegEx: My Greatest Fear

Published on 2023-01-30 in Linux

Regex, Sed, and AWK are freaks in programming but they are pretty simple, well not at the beginning though.

Here I summarize some of the most amazing ones for RegEx

To Be or Not To Be, is possible with: LookAround
Stop Worrying! Regex101 is all you need to know

Qt MSVC vs MinGW

Published on 2022-12-31 in Software, Windows

So exciting that even after 13 years of introducing to Qt by my great teacher, Mani Monajjemi there’s still a lot to learn.

I was trying to use WinRT with Qt today and now after so long time sticking to MinGW, I’m switching to MSVC. Here are the 4 reasons

MinGW is opensource but deep down if you are in Win32, their compiler always offers better API compatibility
WinRT is available only on MSVC
If you ever get around to some dll that simply doesn’t work with your project, it’s because MinGW and MSVC ABI are not the same. and probably that DLL was compiled by MSVC not MinGW. Same OS and still a different ABI, sounds too Windowsy to me
Because you are on Windows, show some support to the closed-source community!

COM Object and C++

Published on 2022-07-31 in Software, Windows

• CoInitialize:

Initializes the COM library for use by the calling thread, sets the thread’s concurrency model, and creates a new apartment

• CoInitializeEx: More advanced version CoInitialize that specify the thread’s concurrency model

• CoUninitialize:

Should be called on deconstructor

And Bash Is Awesome!!!

Published on 2022-07-08 in Linux

Here I list cool bash tricks I learned:

– Bash Heredoc

‹ previous posts next posts ›