Discussion:
Interception of the application activation _attempt_ at low-level
(too old to reply)
Владимир Киселев
2010-10-25 07:17:03 UTC
Permalink
Hello,

I have a need to get system-wide (or at least session- or desktop-
wide) notification about _attempt_ of activating background
application. Just after user click mouse button or Alt-Tab to
background application. I can't use system-wide message hooks because
it doesn't work for suspended threads - messages just don't arrive and
are buffered somewhere in the Windows internals.

So the question sounds like this: is there any method to get
notification just after user Alt-Tabs to the background app, or make
mouse-click in the App window or clicked on the Taskbar button and
before system consider any message to be sent to the App? It is
sufficient for me to know Process ID or HWND of the App window. Any
thoughts will be very appreciated. Even if it needs to write a driver
or service.

Thank you for your time spent reading my message.

Kind regards,
Volodymyr
Kerem Gümrükcü
2010-10-26 01:03:05 UTC
Permalink
Hi Volodymyr,

try usermode system level hooks:

[Hooks]
http://msdn.microsoft.com/en-us/library/ms632589%28VS.85%29.aspx

For kernel level check this:

[Process and Thread Manager Routines]
http://msdn.microsoft.com/en-us/library/ff559917%28VS.85%29.aspx

Everthing else give api hooking a chance (not really recommended!)

Good luck!

regards

K.
Владимир Киселев
2010-10-26 02:20:40 UTC
Permalink
On Oct 26, 4:03 am, Kerem Gümrükcü <***@hotmail.com> wrote:
Hi Kerem,

Thank you for pointing me out. I'll check resources you provided and
will write feedback here.
Have a lucky day!

Regards,
Volodymyr
Post by Kerem Gümrükcü
Hi Volodymyr,
[Hooks]http://msdn.microsoft.com/en-us/library/ms632589%28VS.85%29.aspx
[Process and Thread Manager Routines]http://msdn.microsoft.com/en-us/library/ff559917%28VS.85%29.aspx
Everthing else give api hooking a chance (not really recommended!)
Good luck!
regards
K.
Kerem Gümrükcü
2010-10-26 02:56:28 UTC
Permalink
You are welcome,...

K.

"???????? ???????" schrieb im Newsbeitrag news:fd488a05-590c-45dc-b0e1-***@n26g2000yqh.googlegroups.com...

On Oct 26, 4:03 am, Kerem Gümrükcü <***@hotmail.com> wrote:
Hi Kerem,

Thank you for pointing me out. I'll check resources you provided and
will write feedback here.
Have a lucky day!

Regards,
Volodymyr
Post by Kerem Gümrükcü
Hi Volodymyr,
[Hooks]http://msdn.microsoft.com/en-us/library/ms632589%28VS.85%29.aspx
[Process and Thread Manager
Routines]http://msdn.microsoft.com/en-us/library/ff559917%28VS.85%29.aspx
Everthing else give api hooking a chance (not really recommended!)
Good luck!
regards
K.
Volodymyr Kyselov
2010-11-11 15:19:07 UTC
Permalink
Hi guys,

Just want to clear things a bit after numerous experiments whith all
hook kinds Win32 API offers. I found that Win32 hooks doesn't work for
suspended threads. Period. Messages for such threads seems to be
collected somewhere in the system kernel and dispatched to the thread
immediatly upon its resume. So hooks called the same way.

I still want to know which kernel function does make decision to call
hook or to not based on the suspended/working status of the thread.
Any hint would be appreciated.

Kind regards,
Volodymyr
Post by Kerem Gümrükcü
You are welcome,...
K.
Hi Kerem,
Thank you for pointing me out. I'll check resources you provided and
will write feedback here.
Have a lucky day!
Regards,
Volodymyr
Post by Kerem Gümrükcü
Hi Volodymyr,
[Hooks]http://msdn.microsoft.com/en-us/library/ms632589%28VS.85%29.aspx
[Process and Thread Manager
Routines]http://msdn.microsoft.com/en-us/library/ff559917%28VS.85%29.aspx
Everthing else give api hooking a chance (not really recommended!)
Good luck!
regards
K.
Nobody
2010-11-12 16:18:58 UTC
Permalink
Post by Владимир Киселев
Hello,
I have a need to get system-wide (or at least session- or desktop-
wide) notification about _attempt_ of activating background
application. Just after user click mouse button or Alt-Tab to
background application. I can't use system-wide message hooks because
it doesn't work for suspended threads - messages just don't arrive and
are buffered somewhere in the Windows internals.
So the question sounds like this: is there any method to get
notification just after user Alt-Tabs to the background app, or make
mouse-click in the App window or clicked on the Taskbar button and
before system consider any message to be sent to the App? It is
sufficient for me to know Process ID or HWND of the App window. Any
thoughts will be very appreciated. Even if it needs to write a driver
or service.
Why do you need to do this? Perhaps if you explain the problem that you are
trying to solve, others might come up with alternative solutions.
Loading...