Windows 10 x64 & HOOK Global with DDetours

[Pafcouti 0]

Hi,

Is it possible with DDETOURS for Delphi to make a Global system Hook? (CallWndProc for example) which hooks to all x64 programs?
thanks

[Remy Lebeau 1393]

You can't detour code in an external process.  You would have to inject your detouring code into every running process.  Why not just use SetWindowsHookEx() instead to set a global WH_CALLWNDPROC hook?

Edited November 21, 2023 by Remy Lebeau

[Pafcouti 0]

That's what I did.
The x32 and x64 hook works very well.
But when I quit Windows the x64 Hook generates an error.
As I don't understand why, I look at the other bookstores available.

 

 

what I don't see
this is how to adapt

[Delphi]
GlobalData^.SysHook := SetWindowsHookEx(idHook, lpfn, hMod, 0);

in
[DDETOURS ???]
TrampolineMessageBox := InterceptCreate(@MessageBox, @InterceptMessageBox, Self);

 

[Remy Lebeau 1393]

19 hours ago, Pafcouti said:

The x32 and x64 hook works very well.
But when I quit Windows the x64 Hook generates an error.

Did you remove the hook before quitting Windows?  Is your hook DLL accessing outside resources that may no longer be accessible during Windows shutdown?

19 hours ago, Pafcouti said:

what I don't see

this is how to adapt

[Delphi]
GlobalData^.SysHook := SetWindowsHookEx(idHook, lpfn, hMod, 0);

in
[DDETOURS ???]
TrampolineMessageBox := InterceptCreate(@MessageBox, @InterceptMessageBox, Self);

Again, why are you dealing with Detours at all?  In any case, where exactly are you setting your hook/detour, and are you backing it out later when you don't need it aymore?

[Pafcouti 0]

I'm looking for documentation in English or French that explains the architecture of Hooks under Windows x64.
(Because it is different from W32)

Because under Windows x32 I don't have any errors when I close Windows

Where can I find this documentation?

[Kas Ob. 121]

@Pafcouti I don't understand the question too.

 

Delphi Detours is powerful tool, but can't perform system wide hook, if that what are you asking form, to hook all applications running on the system.

To have global hook aka system wide, then either the OS with an API SetWindowsHookEx will do it, or you need an OS driver, yes there is many of these and even User Mode driver might work to some point, such driver is used and its behavior is allowed by Windows DDK to build many things like Antivirus softwares, or SysInternals ProcMon ....

 

Anyway DDetours will not help in system wide hook if that is the question, and i don't recall, any library will do that, and if there is one which was in the past but with many red flags as it is was shady and closed source, and highly not recommended.

 

SetWindowsHookEx is OS API and provide many hooks, there is many demos/examples on the internet with Delphi.

 

If that is not answering your question, then please refine the question and help us understand, if your code is raising exception then post here the smallest demo you can do with the exception, so someone here might help with it.

[Remy Lebeau 1393]

21 hours ago, Pafcouti said:

I'm looking for documentation in English or French that explains the architecture of Hooks under Windows x64.

(Because it is different from W32)

I'm not aware of any documentation that explains how detours work under x64.

21 hours ago, Pafcouti said:

Because under Windows x32 I don't have any errors when I close Windows

Please show your actual code that is creating the global hook and the detour.  WHERE are you installing AND UNINSTALLING the hook and detour?  What do your hook and detour actually look like?

[Pafcouti 0]

Good morning,
While preparing a simple example of my Hook program to post, I found my error.
Now everything works fine.
THANK YOU for spending time with me.
I'll be back soon for a problem with a ShellHook which works well but not the way I want!

Excuse my English, I use Google Translate.