Identifying Calling Program on an Interrupt Handler
Hypothetical question (at present).
How can an interrupt handler identify the name of the executable which is calling it? For example I have seen keyboard loggers which tell you which application is receiving the typed input. Presumably they are intercepting the keyboard strokes via an interrupt but how can they possibly know whether you were typing to Excel, Word or whatever?
Thanks.
[408 byte] By [
pete515] at [2007-11-19 10:14:34]
# 1 Re: Identifying Calling Program on an Interrupt Handler
haha, because they use hooks and enumerate the window title of the active application, and they aren't intercepting IRQs they are intercepting messages from the system queue.. gdlk
# 2 Re: Identifying Calling Program on an Interrupt Handler
Thanks for the answer. The reason I ask is that I want to write a program which (at the system level) performs action A for Program X and does the default system handling for Program Y etc. For example (and a not very good one) if Program X calls the MFC function CFile::Open(...) I might want it to open a default file of my choosing (not the one specified in the Open) whereas for Program Y I want the function to work as normal (via the usual INT 21 handler code).
It seems from what you are saying that it isn't really an interrupt handler I need but a hook into the system queue (or maybe both)? Only by doing this can I spot whether the system request is for Program X or Y.
Thanks again for your help.
# 3 Re: Identifying Calling Program on an Interrupt Handler
well all you need is to code a DLL and attach hooks to the active app based on it's handle. Then as it pumps out messages to the system queue you could intercept them before they get to the system queue and on the way back you can intercept them before they get to the originating app. The same is with LSPs on servers. I haven't worked in that much detail with sendmessage and postmessage to tell you if what you want to do will work.. you would most likely need to get the handle of the open dialog box, the edit box in the dialog box and button handle before you could force the application to open whatever you want.. gdlk
# 4 Re: Identifying Calling Program on an Interrupt Handler
Thanks very much. You have prevented me from going off at a tangent and saved me hours of work and reading!
Cheers.
