0

I wanted to catch CBT notifications of a specific process main thread that I've just created with:

STARTUPINFO startupInformation;
PROCESS_INFORMATION processInformation;
CreateProcess(strWantedEXEPath,
    NULL,
    NULL,
    NULL,
    FALSE,
    0,
    NULL,
    NULL,
    &startupInformation,
    &processInformation);

And then if the creation was successful I tried to register with:

SetWindowsHookEx(WH_CBT, CBTProc, GetCurrentModule(), processInformation.dwThreadId);

Which fails with error code ERROR_INVALID_PARAMETER.

Nevertheless, if I tried to register for all threads with:

SetWindowsHookEx(WH_CBT, CBTProc, GetCurrentModule(), 0);

It will work and catch the notifications from the created process main thread, but I don't want to use this because it will also catch notifications from other processes (and inject the dll I think). So any tips on this problem?

Marco Martins
  • 116
  • 3
  • 8
  • 1
    Do your program and the program started with `CreateProcess()` have the same bit-ness (32-bit vs 64-bit)? – Andy Sep 29 '17 at 13:29
  • GetCurrentModule() probably, whatever it does. You need to pass the module handle of a DLL that can be injected into the target process. And it needs to be compatible with the target process, a 64-bit process requires a DLL containing 64-bit code. These kind of hooks are difficult. – Hans Passant Sep 29 '17 at 13:38
  • I didn't think about that, nevertheless, they are of same bitness and the dll is injected with success when I register the hook for all threads on system since I can catch notifications from the specific thread I wanted. GetCurrentModule() I used an implementation described in here http://www.codeguru.com/cpp/w-p/dll/tips/article.php/c3635/Tip-Detecting-a-HMODULEHINSTANCE-Handle-Within-the-Module-Youre-Running-In.htm – Marco Martins Sep 29 '17 at 15:05
  • Possible duplicate of [SetWindowsHookEx functioning returning NULL](https://stackoverflow.com/questions/49407028/setwindowshookex-functioning-returning-null) – Raymond Chen Mar 21 '18 at 14:44

0 Answers0