Discussion:
SetWindowsHookEx Failure With Console Applications?
(too old to reply)
Bob Binns
2005-09-01 19:23:20 UTC
Permalink
I have a general Hook dll that loads into processes with Windows. Works
well with windows programs except on Console Applications like cmd.exe and
telnet.exe. I have tried a few variabtions of the hook.

I alsotried SetWinEventHook which works only sometimes. The Active
Accessibility event viewer works all the time.

With these calls, the call returns a success but my dll is never loaded into
the console process address space.

When I try to look at messages from the console window using Spy++, it tells
me the os has denied access.

Any Clues on how to hook these console processes?

Thanks,
Bob
Skywing
2005-09-01 20:28:56 UTC
Permalink
This is because CSRSS.exe owns those windows. You can't hook them without
special privileges.
Post by Bob Binns
I have a general Hook dll that loads into processes with Windows. Works
well with windows programs except on Console Applications like cmd.exe and
telnet.exe. I have tried a few variabtions of the hook.
I alsotried SetWinEventHook which works only sometimes. The Active
Accessibility event viewer works all the time.
With these calls, the call returns a success but my dll is never loaded
into the console process address space.
When I try to look at messages from the console window using Spy++, it
tells me the os has denied access.
Any Clues on how to hook these console processes?
Thanks,
Bob
Bob Binns
2005-09-01 20:45:45 UTC
Permalink
Good answer. But how do I do I set these privileges and what privileges are
they? Shall I use one on my incidents and call MS?

Thanks,
Bob
Post by Skywing
This is because CSRSS.exe owns those windows. You can't hook them without
special privileges.
Post by Bob Binns
I have a general Hook dll that loads into processes with Windows. Works
well with windows programs except on Console Applications like cmd.exe and
telnet.exe. I have tried a few variabtions of the hook.
I alsotried SetWinEventHook which works only sometimes. The Active
Accessibility event viewer works all the time.
With these calls, the call returns a success but my dll is never loaded
into the console process address space.
When I try to look at messages from the console window using Spy++, it
tells me the os has denied access.
Any Clues on how to hook these console processes?
Thanks,
Bob
Skywing
2005-09-01 20:53:43 UTC
Permalink
Well, first, what are you trying to accomplish by hooking the console
window?
Post by Bob Binns
Good answer. But how do I do I set these privileges and what privileges
are they? Shall I use one on my incidents and call MS?
Thanks,
Bob
Post by Skywing
This is because CSRSS.exe owns those windows. You can't hook them
without special privileges.
Post by Bob Binns
I have a general Hook dll that loads into processes with Windows. Works
well with windows programs except on Console Applications like cmd.exe
and telnet.exe. I have tried a few variabtions of the hook.
I alsotried SetWinEventHook which works only sometimes. The Active
Accessibility event viewer works all the time.
With these calls, the call returns a success but my dll is never loaded
into the console process address space.
When I try to look at messages from the console window using Spy++, it
tells me the os has denied access.
Any Clues on how to hook these console processes?
Thanks,
Bob
Bob Binns
2005-09-01 21:25:11 UTC
Permalink
Ah, the question arises? What indeed. If this is info not for public
consumption, then maybe private email would be better.

I am working for a security company (Sentillion) and we a locking down and
automating the login and patient selection for health care applications. I
have existing code base that works well with many terminal emulators; I'm
trying to adapt it to console apps.

Regards,
Bob
Post by Skywing
Well, first, what are you trying to accomplish by hooking the console
window?
Post by Bob Binns
Good answer. But how do I do I set these privileges and what privileges
are they? Shall I use one on my incidents and call MS?
Thanks,
Bob
Post by Skywing
This is because CSRSS.exe owns those windows. You can't hook them
without special privileges.
Post by Bob Binns
I have a general Hook dll that loads into processes with Windows. Works
well with windows programs except on Console Applications like cmd.exe
and telnet.exe. I have tried a few variabtions of the hook.
I alsotried SetWinEventHook which works only sometimes. The Active
Accessibility event viewer works all the time.
With these calls, the call returns a success but my dll is never loaded
into the console process address space.
When I try to look at messages from the console window using Spy++, it
tells me the os has denied access.
Any Clues on how to hook these console processes?
Thanks,
Bob
Skywing
2005-09-01 22:04:36 UTC
Permalink
I ask because there might be an easier way to do it.

If you're working on XP or later, have you tried using AttachConsole() and
then the regular console I/O functions?
Post by Bob Binns
Ah, the question arises? What indeed. If this is info not for public
consumption, then maybe private email would be better.
I am working for a security company (Sentillion) and we a locking down
and automating the login and patient selection for health care
applications. I have existing code base that works well with many
terminal emulators; I'm trying to adapt it to console apps.
Regards,
Bob
Post by Skywing
Well, first, what are you trying to accomplish by hooking the console
window?
Post by Bob Binns
Good answer. But how do I do I set these privileges and what privileges
are they? Shall I use one on my incidents and call MS?
Thanks,
Bob
Post by Skywing
This is because CSRSS.exe owns those windows. You can't hook them
without special privileges.
Post by Bob Binns
I have a general Hook dll that loads into processes with Windows.
Works well with windows programs except on Console Applications like
cmd.exe and telnet.exe. I have tried a few variabtions of the hook.
I alsotried SetWinEventHook which works only sometimes. The Active
Accessibility event viewer works all the time.
With these calls, the call returns a success but my dll is never
loaded into the console process address space.
When I try to look at messages from the console window using Spy++, it
tells me the os has denied access.
Any Clues on how to hook these console processes?
Thanks,
Bob
Sam Hobbs
2005-09-02 04:28:51 UTC
Permalink
You don't need to be so secretive. You can at least tell us what type of
hook you are trying to use; I think you have not even specified that. There
is probably more you can tell us. The type of hook might be very relevant;
for example, many hooks depend on a message loop and most console
applications do not have a message loop.

In the past, I have been told that hooks are a UI thing and are off-topic
for this newsgroup. You have cross-posted to many newsgroups that a hook are
not on-topic for.

As for "public consumption", I think you are saying too much by telling us
your company name and such. There is no need to divulge that, unless you
feel a need to convince us that your requirements are valid.

If, you truly are trying to make an application more secure, then there are
probably some more secure solutions. Of course, I could be wrong, especially
since there is such a minimal description of your requirements.

If I try to use Spy++ to analyze a console windoe, it says "The specified
window cannot be spied upon. Windows will not allow access to the message
stream for this window.". So there is something special about console
windows.
Post by Bob Binns
Ah, the question arises? What indeed. If this is info not for public
consumption, then maybe private email would be better.
I am working for a security company (Sentillion) and we a locking down
and automating the login and patient selection for health care
applications. I have existing code base that works well with many
terminal emulators; I'm trying to adapt it to console apps.
Regards,
Bob
Post by Skywing
Well, first, what are you trying to accomplish by hooking the console
window?
Post by Bob Binns
Good answer. But how do I do I set these privileges and what privileges
are they? Shall I use one on my incidents and call MS?
Thanks,
Bob
Post by Skywing
This is because CSRSS.exe owns those windows. You can't hook them
without special privileges.
Post by Bob Binns
I have a general Hook dll that loads into processes with Windows.
Works well with windows programs except on Console Applications like
cmd.exe and telnet.exe. I have tried a few variabtions of the hook.
I alsotried SetWinEventHook which works only sometimes. The Active
Accessibility event viewer works all the time.
With these calls, the call returns a success but my dll is never
loaded into the console process address space.
When I try to look at messages from the console window using Spy++, it
tells me the os has denied access.
Any Clues on how to hook these console processes?
Thanks,
Bob
Bob Binns
2005-09-03 16:09:33 UTC
Permalink
Thanks Sam, I just don't want anyone to think i'm I'm up to no good. I have
a legitamate business need.
Post by Sam Hobbs
You don't need to be so secretive. You can at least tell us what type of
hook you are trying to use; I think you have not even specified that.
There is probably more you can tell us. The type of hook might be very
relevant; for example, many hooks depend on a message loop and most
console applications do not have a message loop.
In the past, I have been told that hooks are a UI thing and are off-topic
for this newsgroup. You have cross-posted to many newsgroups that a hook
are not on-topic for.
As for "public consumption", I think you are saying too much by telling us
your company name and such. There is no need to divulge that, unless you
feel a need to convince us that your requirements are valid.
If, you truly are trying to make an application more secure, then there
are probably some more secure solutions. Of course, I could be wrong,
especially since there is such a minimal description of your requirements.
If I try to use Spy++ to analyze a console windoe, it says "The specified
window cannot be spied upon. Windows will not allow access to the message
stream for this window.". So there is something special about console
windows.
Post by Bob Binns
Ah, the question arises? What indeed. If this is info not for public
consumption, then maybe private email would be better.
I am working for a security company (Sentillion) and we a locking down
and automating the login and patient selection for health care
applications. I have existing code base that works well with many
terminal emulators; I'm trying to adapt it to console apps.
Regards,
Bob
Post by Skywing
Well, first, what are you trying to accomplish by hooking the console
window?
Post by Bob Binns
Good answer. But how do I do I set these privileges and what privileges
are they? Shall I use one on my incidents and call MS?
Thanks,
Bob
Post by Skywing
This is because CSRSS.exe owns those windows. You can't hook them
without special privileges.
Post by Bob Binns
I have a general Hook dll that loads into processes with Windows.
Works well with windows programs except on Console Applications like
cmd.exe and telnet.exe. I have tried a few variabtions of the hook.
I alsotried SetWinEventHook which works only sometimes. The Active
Accessibility event viewer works all the time.
With these calls, the call returns a success but my dll is never
loaded into the console process address space.
When I try to look at messages from the console window using Spy++,
it tells me the os has denied access.
Any Clues on how to hook these console processes?
Thanks,
Bob
Gary Chanson
2005-09-02 04:26:13 UTC
Permalink
Post by Bob Binns
I have a general Hook dll that loads into processes with Windows. Works
well with windows programs except on Console Applications like cmd.exe and
telnet.exe. I have tried a few variabtions of the hook.
I alsotried SetWinEventHook which works only sometimes. The Active
Accessibility event viewer works all the time.
With these calls, the call returns a success but my dll is never loaded into
the console process address space.
When I try to look at messages from the console window using Spy++, it tells
me the os has denied access.
Any Clues on how to hook these console processes?
Hooks don't work on console processes. The process which runs consoles
(csrss) is considered to be too important to the system so it is designed
this way.

--

- Gary Chanson (Windows SDK MVP)
- Abolish Public Schools
Scherbina Vladimir
2005-09-02 07:33:28 UTC
Permalink
Under Administrator you may inject your dll into cmd.exe (or simular
processes) using debug privileges.
I guess, you're familiar with dll injection method, simply obtain debug
privileges for the process that is injecting dll and do actually dll
injecting.
Your hook will be loaded into needed process.

hope this will help you,
best regards,
--
Scherbina Vladimir
--
/*
Scherbina Vladimir Nikolaevich (aka Sad)
*/
Post by Bob Binns
I have a general Hook dll that loads into processes with Windows. Works
well with windows programs except on Console Applications like cmd.exe and
telnet.exe. I have tried a few variabtions of the hook.
I alsotried SetWinEventHook which works only sometimes. The Active
Accessibility event viewer works all the time.
With these calls, the call returns a success but my dll is never loaded
into the console process address space.
When I try to look at messages from the console window using Spy++, it
tells me the os has denied access.
Any Clues on how to hook these console processes?
Thanks,
Bob
Loading...