Using SetWindowsHookEx() to perform Remote Process Injection

HHOOK SetWindowsHookExA(
  int       idHook,
  HOOKPROC  lpfn,
  DWORD     dwThreadId
  • Using a process ID get a thread ID which we want to hook into

    • GetThreadID()

  • Load the DLL library, and get the address of the exported function you are going to call

    • LoadLibrary()

    • LoadLibraryEx()

    • GetProcAddress()

  • Find a Window associated with the process name

    • FindWindow()

  • Get the Window Thread ID

    • GetWindowThreadProcessId()

  • Set a Hook into this thread ID so that when the event triggers, our DLL exported function gets called

    • SetWindowsHookEx()

  • Optionally Unhook

    • UnhookWindowsHookEx()

Last updated