prevent hooking by SetWindowsHookEx

[c3]

Hi, all
I want to write a program that the un-wanted dlls could not inject
into my process.
The global-hooking dlls by SetWindowsHookEx api can inject into the
processes using the user32.dll.
How can I prevent it?

[Remy Lebeau]

"c3" <C30...@gmail.com> wrote in message
news:d4b2e183-a9fc-4fa2...@m23g2000hsc.googlegroups.com...

> I want to write a program that the un-wanted dlls could
> not inject into my process.

Sorry, but you can't prevent injection from occuring.

> The global-hooking dlls by SetWindowsHookEx api
> can inject into the processes using the user32.dll.

There are other ways for DLLs to be injected into processes without using
SetWindowsHookEx(). One way is to use CreateRemoteThread() to call
LoadLibrary(), for example.

Gambit

[Kerem Gümrükcü]

Hi Remi,

>Sorry, but you can't prevent injection from occuring.

true, that you cant protect a application or your
system 100% against hooking, but there are also
good ways and good applications for detecting new
applications on your system and their behaviour.
Let me give you an example. Did yiu ever heard
from Comodo Firewall? If yes, then you should
know the "Defense+" Engine, which is a great piece
of Software. If no, you should have a look at it. Or
even the "Winpooch" projects (where its kernel
driver was a little buggy when i used it over a year
ago, i dont know whether they fixed it or not.) core
is able to detect whats going on your system,...

http://winpooch.free.fr/page/home.php?lang=en&page=home
http://www.comodo.com/

Have a look at them,...but at least, you cant protect a system
against hooking. There is always a way to do this,...

Regards

K.

--
-----------------------
Beste Grüsse / Best regards / Votre bien devoue
Kerem Gümrükcü
Microsoft Live Space: http://kerem-g.spaces.live.com/
Latest Open-Source Projects: http://entwicklung.junetz.de
-----------------------
"This reply is provided as is, without warranty express or implied."