I am working on a project which captures all User Interactions. MSDN tells (this)
SetWindowsHookEx can be used to inject a DLL into another process. A 32-bit DLL cannot be injected into a 64-bit process, and a 64-bit DLL cannot be injected into a 32-bit process. If an application requires the use of hooks in other processes, it is required that a 32-bit application call SetWindowsHookEx to inject a 32-bit DLL into 32-bit processes, and a 64-bit application call SetWindowsHookEx to inject a 64-bit DLL into 64-bit processes.
My Question is, what happens if an application was built against Any CPU
. Do I need to call SetWindowsHookEx
from a DLL built against Any CPU
.
I have written HookLogger_32.exe loading HookFunctions_32.dll (both x86) and HookLogger_64.exe loading HookFunctions_64.dll (both x64) setting WH_CBT
and WH_MOUSE
globally (not a specific thread).
The HookLogger_32.exe, HookLogger_64.exe, HookFunctions_32.dll and HookFunctions_64.dll are written in C++.
When I click on a .NET application built against Any CPU
, these DLLs get injected (through SetWindowHookEx
). The Windows OS hangs & I have to forcefully restart my machine.
When the same .NET application is built against x86 or x64, and when I click on the application after the HookLoggers (both 32 & 64 bit) are started everything is working fine.
Any reasons for this undefined behavior.
The platform on which I am working is a 64-bit machine.
You need to inject from a DLL with a corresponding bitnse - i.e. "any CPU" becomes either 32 or 64 bit at runtime... and your DLL must match the runtime bitness !
Something useful in your situation is known as "side-by-side assembly" (two versions of the same assembly, one 32 and the other 64 bit)... I think you will find these helpful:
Here you can find a nice walkthrough which contains lots of helpful information pieces - it describes .NET DLL wrapping C++/CLI DLL referencing a native DLL
UPDATE:
To make hooking really easy and robust see this well-tested and free library - among other things it works with AnyCPU !