Thread: CBT_CREATEWND lpcs->lpszName has invalid name?

Hello all
i tried to create a system wide hook (CBT) so that i can monitor processes and system events. in the very beginning i am stuck!
I cant get the name of the process! i dont know why i am getting this!
I have also tried using:

Code:

if (IsWindowUnicode((HWND) wparam))  
      {

                CBTHOOKCREATEW = (CBT_CREATEWNDW*) lparam;
                CBTHOOKCREATESTRW = (CREATESTRUCTW*) lparam;
        }

which failed again !
Here is the actual code

Code:

LRESULT CALLBACK HookProcedure(int nCode, WPARAM wparam, LPARAM lparam)
{

    if (nCode < 0) return CallNextHookEx(hookID, nCode, wparam, lparam);

    std::ofstream outfile;
    CBT_CREATEWND   *CBTHOOKCREATE;
    RECT            *CBTRECTPTR;
    RECT            CBTRECT;
    wstring         Message;

    CBTHOOKCREATE = (CBT_CREATEWND*) lparam;
    outfile.open(("d:\\test.txt"), std::ios_base::app);

    if (nCode >= 0) {
        switch (nCode)
        {
        case HCBT_CREATEWND:
            outfile << CBTHOOKCREATE->lpcs->lpszName << " Created! " << endl;

            break;
        case HCBT_DESTROYWND:
            outfile << "Destroyed!" << endl;
            break;
        default:
            break;
        }
    }
    outfile.close();
    return 0;
}

What am i doing wrong or missing here?
Thanks in advance

Have you set a breakpoint and examined the contents of the structure in your debugger?

And shy away from all caps for variable names.

gg

Originally Posted by Codeplug

Have you set a breakpoint and examined the contents of the structure in your debugger?

And shy away from all caps for variable names.

gg

Thanks for the reply, but setting break points doesnt help! i tried setting couple of break points to check the values but it just doesnt get stopped! dont know why! maybe its because of being a system wide hook?!

Are you compiling with Unicode enabled (UNICODE/_UNICODE)?

gg

Originally Posted by Codeplug

Are you compiling with Unicode enabled (UNICODE/_UNICODE)?

gg

Yes.
by the way , it seems it doesnt give me the process names! only the windows titles right? how can i get the process names and get notified before they are executed so that if they are not in my list i terminate them? ( the sole reason for creating this system wide hook was for this very purpose!)
Thanks in advance

Then "CBTHOOKCREATE->lpcs->lpszName" will be a wchar_t string.

>> ... before they are executed ...
Don't know about "before". You could use WMI, or you could use process enumeration API's and poll ever few seconds.

Also found this: Hooking the native API and controlling process creation on a system-wide basis - CodeProject

gg