I wrote a programm, which loads a dll and installs a hook. But when the programm is terminated, the dll is unloaded -> the hook ist also terminated. Is it really neccessary to let the programm run all the time, or is it possible, that the dll stays in memory, but the exe not?
Run an EXE that keeps the DLL in memory. Note that some hooks are defeated with Ctrl+Alt+Del so it is not a successful way to log keystrokes secretly.
You can also look at the dll structure associated with the handle and change the use count.
I have done this in the past to force dll's to be unloaded because of cyclic references.
Like Hutch says, Note that some hooks are defeated with Ctrl+Alt+Del so it is not a successful way to log keystrokes secretly.
So how would you write a keyboard hook?
I took:
invoke SetWindowsHookEx, WH_GETMESSAGE, addr hook, hInst, 0
In my hook function I checked, wheater a WM_CHAR message was sent.
@ striker
How do I get this dll structure?
The hinst returned by LoadLibrary is the structure.
At least the last time I did this it was.
n-w,
All you have to do is write a DLL that is loaded by the system and then it will always load when windows loads. You must not load it from an exe not owned by 'system' which is the level above admin which may or may not be above you. You cannot become system but it is relatively easy to coaxe it to load your dll (it all hangs on where you place it).
Paul
Try using a journal hook.