AutoHotkey Homepage AutoHotkey Community
Let's help each other out
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

WinEventHook example...
Goto page Previous  1, 2, 3, 4, 5, 6
 
Post new topic   Reply to topic    AutoHotkey Community Forum Index -> Scripts & Functions
View previous topic :: View next topic  
Author Message
Sean



Joined: 12 Feb 2007
Posts: 1331
PostPosted: Sun Jul 06, 2008 4:54 am    Post subject: Reply with quote
Mustang wrote:
But I still don't understand how to use "code flag mask"
i.e. whats the need to bitshift and then or?
That tells which nCode's it'll monitor. In your case, only one, i.e., 0.

Quote:
Also for WH_CALLWNDPROC, LPARAM is a pointer to a CWPSTRUCT structure
Whats the best way to extract the data from this?
I would guess with NumGet?
No, you have to use ReadProcessMemory, that's what I meant by data marshaling.
Back to top
View user's profile Send private message
Mustang



Joined: 17 May 2007
Posts: 370
Location: England
PostPosted: Mon Jul 07, 2008 2:33 am    Post subject: Reply with quote
Sean wrote:
Mustang wrote:
Also for WH_CALLWNDPROC, LPARAM is a pointer to a CWPSTRUCT structure
Whats the best way to extract the data from this?
I would guess with NumGet?
No, you have to use ReadProcessMemory, that's what I meant by data marshaling.

Oh right, for ReadProcessMemory\hProcess would I use the script's own handle then?
Back to top
View user's profile Send private message
Joy2DWorld



Joined: 04 Dec 2006
Posts: 422
Location: Galil, Israel
PostPosted: Mon Jul 07, 2008 10:20 pm    Post subject: Reply with quote
still need to test/debug but thinking out loud concept wise,

ie. not even proof of concept, just some out loud ramblings

Code:
10003000 >/$ 55             PUSH EBP
10003001  |. 8BEC           MOV EBP,ESP
10003003  |. FF75 08        PUSH DWORD PTR SS:[EBP+8]
10003006  |. 8F05 00200010  POP DWORD PTR DS:[10002000]                                      ;  SetWindo.10000000
1000300C  |. 837D 0C 01     CMP DWORD PTR SS:[EBP+C],1
10003010  |. 0F85 05000000  JNZ SetWindo.1000301B
10003016  |. E9 28000000    JMP SetWindo.10003043
1000301B  |> 837D 0C 00     CMP DWORD PTR SS:[EBP+C],0
1000301F  |. 0F85 05000000  JNZ SetWindo.1000302A
10003025  |. E9 19000000    JMP SetWindo.10003043
1000302A  |> 837D 0C 02     CMP DWORD PTR SS:[EBP+C],2
1000302E  |. 0F85 05000000  JNZ SetWindo.10003039
10003034  |. E9 0A000000    JMP SetWindo.10003043
10003039  |> 837D 0C 03     CMP DWORD PTR SS:[EBP+C],3
1000303D  |. 0F85 00000000  JNZ SetWindo.10003043
10003043  |> B8 01000000    MOV EAX,1
10003048  |. 8BE5           MOV ESP,EBP
1000304A  |. 5D             POP EBP
1000304B  \. C2 0C00        RETN 0C
1000304E >/$ 55             PUSH EBP
1000304F  |. 8BEC           MOV EBP,ESP
10003051  |. FF75 10        PUSH DWORD PTR SS:[EBP+10]
10003054  |. FF75 0C        PUSH DWORD PTR SS:[EBP+C]
10003057  |. FF75 08        PUSH DWORD PTR SS:[EBP+8]
1000305A  |. FF35 04200010  PUSH DWORD PTR DS:[10002004]
10003060  |. E8 ABFDFFFF    CALL SetWindo.10002E10
10003065  |. 33C0           XOR EAX,EAX
10003067  |. 8BE5           MOV ESP,EBP
10003069  |. 5D             POP EBP
1000306A  \. C2 0C00        RETN 0C
1000306D >/$ 55             PUSH EBP
1000306E  |. 8BEC           MOV EBP,ESP
10003070  |. FF75 08        PUSH DWORD PTR SS:[EBP+8]
10003073  |. 8F05 08200010  POP DWORD PTR DS:[10002008]
10003079  |. 6A 00          PUSH 0                                                           ; /ThreadID = 0
1000307B  |. FF35 00200010  PUSH DWORD PTR DS:[10002000]                                     ; |hModule = 10000000 (SetWindo)
10003081  |. 68 4E300010    PUSH SetWindo.HandleProc                                         ; |Hookproc = SetWindo.HandleProc
10003086  |. 68 0C200010    PUSH SetWindo.1000200C                                           ; |HookType = 268443660.
1000308B  |. FF15 34100010  CALL DWORD PTR DS:[<&USER32.SetWindowsHookExA>]                  ; \SetWindowsHookExA
10003091  |. 50             PUSH EAX
10003092  |. 8F05 04200010  POP DWORD PTR DS:[10002004]
10003098  |. 8BE5           MOV ESP,EBP
1000309A  |. 5D             POP EBP
1000309B  \. C2 0C00        RETN 0C
1000309E >/$ 55             PUSH EBP
1000309F  |. 8BEC           MOV EBP,ESP
100030A1  |. FF35 04200010  PUSH DWORD PTR DS:[10002004]                                     ; /hHook = NULL
100030A7  |. FF15 38100010  CALL DWORD PTR DS:[<&USER32.UnhookWindowsHookEx>]                ; \UnhookWindowsHookEx
100030AD  |. 33C0           XOR EAX,EAX
100030AF  |. 8BE5           MOV ESP,EBP
100030B1  |. 5D             POP EBP
100030B2  \. C3             RETN



essentially, dllcall("ThisDll", UINT, hWnd , INT, HookType, , UINT, pCallBack)

so long as only one pCallBack for dll ..

where the pCallBack takes & MUST HANDLE, (including CallNextHookEx) the SetWindowsHookEx callback.
_________________
Joyce Jamce
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    AutoHotkey Community Forum Index -> Scripts & Functions All times are GMT
Goto page Previous  1, 2, 3, 4, 5, 6
Page 6 of 6

 
Jump to:  
You can post new topics in this forum
You can reply to topics in this forum


Powered by phpBB © 2001, 2005 phpBB Group