FTP password and keyboard hooks

English support forum

Moderators: white, Hacker, petermad, Stefan2

Post Reply
User avatar
fenix_productions
Power Member
Power Member
Posts: 1979
Joined: 2005-08-07, 13:23 UTC
Location: Poland
Contact:
Contact fenix_productions

FTP password and keyboard hooks

Post by *fenix_productions »

Hi

According to help file TC allows to protect password input by using its own keyboard hook. It sounds great but... quick search through CodeProject reveals this nifty tool (with code):
http://www.codeproject.com/KB/system/globalsystemhook.aspx

1. start this up,
2. install mouse & keyboard hooks,
3. hit Ctrl+F for FTP connections and try to connect with any password protected host,
4. type your password in.

To my surprise all keys are registered and it doesn't matter which AllowHook value is used :(

Now I wonder how well this protection mechanism is working. Any tests, people?
"When we created the poke, we thought it would be cool to have a feature without any specific purpose." Facebook...

#128099
Top
User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 48074
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:
Contact ghisler(Author)

Post by *ghisler(Author) »

What hook is it using? TC used the following:
SetWindowsHookEx(WH_KEYBOARD_LL,LowLevelKeyboardProc,GetModuleHandle(nil),0);

If it's using the same hook, TC's hook should see the keyboard messages first, and prevent them from going to the next hook.
Author of Total Commander
https://www.ghisler.com
Top
User avatar
fenix_productions
Power Member
Power Member
Posts: 1979
Joined: 2005-08-07, 13:23 UTC
Location: Poland
Contact:
Contact fenix_productions

Post by *fenix_productions »

2ghisler(Author)
Maybe I did not look deep enough but:

Code: Select all

bool InitializeHook(UINT hookID, int threadID)
{
	if (g_appInstance == NULL)
	{
		return false;
	}

	if (hookID == WH_KEYBOARD_LL)
	{
		if (UserKeyboardHookCallback == NULL)
		{
			return false;
		}

		hookKeyboard = SetWindowsHookEx(hookID, (HOOKPROC)InternalKeyboardHookCallback, g_appInstance, threadID);
		return hookKeyboard != NULL;
	}
	else if (hookID == WH_MOUSE_LL)
	{
		if (UserMouseHookCallback == NULL)
		{
			return false;
		}

		hookMouse = SetWindowsHookEx(hookID, (HOOKPROC)InternalMouseHookCallback, g_appInstance, threadID);
		return hookMouse != NULL;
	}

	return false;
}
and

Code: Select all

static LRESULT CALLBACK InternalKeyboardHookCallback(int code, WPARAM wparam, LPARAM lparam)
{
	if (code < 0)
	{
		return CallNextHookEx(hookKeyboard, code, wparam, lparam);
	}

	if (UserKeyboardHookCallback != NULL && !keyboardFilter.IsFiltered((int)wparam))
	{
		UserKeyboardHookCallback(code, wparam, lparam);
	}

	return CallNextHookEx(hookKeyboard, code, wparam, lparam);
}
where:

Code: Select all

HookProc UserKeyboardHookCallback = NULL;
BTW The core library for this application is written in C++.
"When we created the poke, we thought it would be cool to have a feature without any specific purpose." Facebook...

#128099
Top
User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 48074
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:
Contact ghisler(Author)

Post by *ghisler(Author) »

Strange, it uses the same hook WH_KEYBOARD_LL. According to my docs, the hook which was added last should get the messages first. TC sets the hook only when the password dialog box is opened, so to hook should be set after your tool...
Author of Total Commander
https://www.ghisler.com
Top
Post Reply

Return to “Total Commander (English)”