2

Im trying to hook the keyboard with a dll injection in C. When i try GetProcAddress on the KeyboardProc function the GetProcAddress return NULL and GetLastError returns error 131. after that I get a DLL_PROCESS_DETACH. In windows website it says:

ERROR_NEGATIVE_SEEK 131 (0x83) An attempt was made to move the file pointer before the beginning of the file.

I dont understand what is the problem in my code.

The injector I am using:

#include <Windows.h> #include <stdio.h> int main(int argc, char *argv[]) { HMODULE dll = LoadLibrary((LPCSTR) "dll.dll"); if (dll == NULL) { printf("The DLL could not be found.\n"); FreeLibrary(dll); return -1; } printf("The DLL was found.\n"); HOOKPROC addr = (HOOKPROC)GetProcAddress(dll, "KeyboardProc"); if (addr == NULL) { printf("The function was not found.\n"); FreeLibrary(dll); return -1; } printf("The function was found.\n"); HHOOK handle = SetWindowsHookEx(WH_KEYBOARD, addr, dll, 0); if (handle == NULL) { printf("The KEYBOARD could not be hooked.\n"); FreeLibrary(dll); } printf("Program successfully hooked.\nPress enter to unhook the function and stop the program.\n"); getchar(); UnhookWindowsHookEx(handle); FreeLibrary(dll); return 0; }

The dll Im using:

#include <windows.h> #include <stdio.h> INT APIENTRY DllMain(HMODULE hDLL, DWORD Reason, LPVOID Reserved) { switch (Reason) { case DLL_PROCESS_ATTACH: MessageBox(0, (LPCSTR) "DLL attach function called.", (LPCSTR) "Dll injection", MB_OK); break; case DLL_PROCESS_DETACH: MessageBox(0, (LPCSTR) "DLL detach function called.", (LPCSTR) "Dll injection", MB_OK); break; case DLL_THREAD_ATTACH: MessageBox(0, (LPCSTR) "DLL thread attach function called.", (LPCSTR) "Dll injection", MB_OK); break; case DLL_THREAD_DETACH: MessageBox(0, (LPCSTR) "DLL thread detach function called..", (LPCSTR) "Dll injection", MB_OK); break; } return TRUE; } extern __declspec(dllexport) LRESULT CALLBACK KeyboardProc(int code, WPARAM wParam, LPARAM lParam) { if (code < 0) { return CallNextHookEx(NULL, code, wParam, lParam); } FILE *LOG; LOG = fopen("LOG.txt", "a+"); if (wParam == WM_KEYDOWN) { fputs((char *)lParam, LOG); fclose(LOG); } return CallNextHookEx(NULL, code, wParam, lParam); }

Im using win10 and mingw. Both injector and dll are compiled as C.

Improve this question
2
  • Is your DLL compiled as C or C++? It makes a difference. Commented Jul 17, 2020 at 12:15
  • Missing extern "C". Without it name mangling kicks in. Commented Jul 17, 2020 at 12:30

1 Answer 1

Reset to default
2

Problem is simple:

extern __declspec(dllexport) LRESULT CALLBACK KeyboardProc(int code, WPARAM wParam, LPARAM lParam)

Most probably is defined in cpp file and as a result it is C++ function. C++ to allow function overloading is using name mangling, so your function is visible under a name which is result of mangling.

You have to force it to be a C function so name mangling is disabled.

So add extern "C" or make source to have C specific extension (compile it as C code). Your code is pure C.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

My code is written in c and compiled as a c program, so it will not fix my error.
then try add underscore in front stackoverflow.com/q/2627511/1387438
do you mean _KeyboardProc? And where do i need to change the name(dll or injector)?
In the injector.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.