I don't know how much help this will be but this is a complete live DLL with a hook in it...
It sends you a windows message when an application starts or stops and allows you to retrieve the window handle and filename of a newly launched application.
Helper.c
Code:
#include "Helper.h"
/////////////////////////////////////////////////////////////////
// Shared data segment
#pragma data_seg("Hook")
HINSTANCE hdll = NULL; // dll handle
HWND HWind = NULL; // handle of RMServer window
HHOOK RMHook = NULL; // message hook handle
LAUNCHINFO LInfo = {0}; // info about program launch
#pragma data_seg()
#pragma comment(linker,"/SECTION:Hook,S")
/////////////////////////////////////////////////////////////////////////////////////////
// Export
//
// return launch info to server
MMAPI VOID HelperGetInfo(pLAUNCHINFO Info)
{ memcpy(Info,&LInfo,sizeof(LInfo)); }
/////////////////////////////////////////////////////////////////////////////////////////
// gather information
//
// get information about launched program
VOID HookGetInfo(HWND wParm)
{ TCHAR cmdl[MAX_PATH] = {0}; // command line
TCHAR pgm[MAX_PATH] = {0}; // program name
PTCHAR args; // arguments
// purge old data
memset(&LInfo,0,sizeof(LAUNCHINFO));
// set program window handle
LInfo.Handle = wParm;
// get program info
GetModuleFileName(NULL,pgm,MAX_PATH);
_wsplitpath(pgm,NULL,NULL,LInfo.Name,LInfo.Ext);
// get launched file info
wcsncpy(cmdl,GetCommandLine(),MAX_PATH);
args = PathGetArgs(cmdl);
if(wcslen(args) < 1)
return;
args = wcsrchr(args,L'.');
if (args)
{ wcscpy(LInfo.Type,args);
// fix trailing quote
args = wcsrchr(LInfo.Type,L'\"');
if (args)
*args = 0; } }
/////////////////////////////////////////////////////////////////////////////////////////
// Handle Shell Hook
//
// hook tosser
MMAPI LRESULT CALLBACK AppCatcher(INT Code, WPARAM wParm, LPARAM lParm)
{ switch (Code)
{ case HSHELL_WINDOWCREATED : // new window
// gather launch info
HookGetInfo((HWND) wParm);
// send message to RMServer, wparam = Handle
PostMessage(HWind,UM_HELPERRUN,wParm,0);
break;
case HSHELL_WINDOWDESTROYED : // window closing
// send messate to RMServer
PostMessage(HWind,UM_HELPEREXIT,wParm,0);
break; }
return CallNextHookEx(RMHook,Code,wParm,lParm); }
/////////////////////////////////////////////////////////////////
// Set the shell hook
// Returns hook status 1 = active, 0 = not
//
// apply the hook to launched programs
MMAPI BOOL WINAPI SetHook(HWND hWind)
{ HWind = hWind; // handle of window to receive message
RMHook = SetWindowsHookEx(WH_SHELL,&AppCatcher,hdll,0);
return (RMHook != NULL); }
// remove the hook from launched programs
MMAPI BOOL WINAPI FreeHook(void)
{ return UnhookWindowsHookEx(RMHook); }
/////////////////////////////////////////////////////////////////
// DLL entry point
//
BOOL APIENTRY DllMain(HINSTANCE hinst, DWORD reason, LPVOID reserved)
{ if (reason == DLL_PROCESS_ATTACH) // save instance handle
hdll = hinst;
return 1; }
the helper.h file...
Code:
#ifndef HELPER_H
#define HELPER_H
// for the compiler
#define UNICODE
#define _UNICODE
#define WIN32_LEAN_AND_MEAN
#define _WIN32_WINNT 0x0502
#define _X86_
// project global headers
#include <shlwapi.h>
#include <wchar.h>
#pragma lib "Helper.lib"
#define MMAPI __declspec(dllexport)
// messages sent by helper dll
#define UM_HELPERRUN WM_APP + 444
#define UM_HELPEREXIT WM_APP + 445
// launch information
#pragma pack(1)
typedef struct tLAUNCHINFO
{ TCHAR Name[MAX_PROGRAMNAME]; // short program name
TCHAR Ext[MAX_TYPENAME]; // program type
TCHAR Type[MAX_TYPENAME]; // file type
HWND Handle; } // program window handle
LAUNCHINFO, *pLAUNCHINFO;
#pragma pack()
// retrieve the command line
MMAPI VOID HelperGetInfo(pLAUNCHINFO Info);
// set the hook
MMAPI BOOL WINAPI SetHook(HWND hWind);
// release the hook
MMAPI BOOL WINAPI FreeHook(void);
#endif // HELPER_H