hooking DoDragDrop() function from Ole32.dll library using EasyHook

Question

"Ole32","DoDragDrop" function Hooking to the explorer is successful but whenever i drag a file in explorer my DoDragDropHook function is not calling, am new to the hooking concepts and i trying for this from last 3 months but till now no proper result. please help me where am going wrong

namespace DragDrop_DLL
{
    public class Main : EasyHook.IEntryPoint
    {

        DragDrop_Console.RemoteMon Interface;

        public LocalHook dragDropHook;

        public Main(RemoteHooking.IContext InContext, String InChannelName)
        {
            try
            {
                Interface = RemoteHooking.IpcConnectClient<DragDrop_Console.RemoteMon>(InChannelName);

                File.AppendAllText(@"F:\DragDropLog.txt", "Main : Channel Name passed" + Environment.NewLine);
            }
            catch (Exception ex)
            {
                Interface.ErrorHandle(ex);

                File.AppendAllText(@"F:\DragDropLog.txt", "Main Exception :" + ex.ToString() + Environment.NewLine);
            }
        }

        public void Run(RemoteHooking.IContext InContext, String InChannelName)
        {
            try
            {
                dragDropHook = LocalHook.Create(LocalHook.GetProcAddress("Ole32.dll", "DoDragDrop"), new DragDropDelegate(DoDragDropHook), null);

                dragDropHook.ThreadACL.SetInclusiveACL(new Int32[] { 0 });
                //Also tried with setExclusiveACL  
                //dragDropHook.ThreadACL.SetExclusiveACL(new Int32[] { 0 }); 

                File.AppendAllText(@"F:\DragDropLog.txt", "Run : LocalHook Created" + Environment.NewLine);
            }
            catch (Exception ex)
            {
                Interface.ErrorHandle(ex);

                File.AppendAllText(@"F:\DragDropLog.txt", "Run Exception :" + ex.ToString() + Environment.NewLine);

                return;
            }

            Interface.IsInstalled(RemoteHooking.GetCurrentProcessId());

            RemoteHooking.WakeUpProcess();

            while (true)
            {
                Thread.Sleep(1000);
            }
        }

        [DllImport("Ole32.dll", CharSet = CharSet.Unicode, SetLastError = true, CallingConvention = CallingConvention.StdCall)]
        static extern int DoDragDrop(
            IDataObject pDataObj,
            IDropSource pDropSource,
            UInt32 dwOKEffects,
            UInt32[] pdwEffect);

        [UnmanagedFunctionPointer(CallingConvention.StdCall, CharSet = CharSet.Ansi, SetLastError = true)]
        [return: MarshalAs(UnmanagedType.I4)]
        delegate int DragDropDelegate(
            IDataObject pDataObj,
            IDropSource pDropSource,
            UInt32 dwOKEffects,
            UInt32[] pdwEffect);

        static int DoDragDropHook(
            IDataObject pDataObj,
            IDropSource pDropSource,
            UInt32 dwOKEffects,
            UInt32[] pdwEffect)
        {
            try
            {
                ((Main)HookRuntimeInfo.Callback).Interface.GotDragFileObject(pDataObj);

                File.AppendAllText(@"F:\DragDropLog.txt", "DoDragDrop Hit :" + pDataObj.ToString() + Environment.NewLine);
            }
            catch (Exception ex)
            {
                File.AppendAllText(@"F:\DragDropLog.txt", "DoDragDropHook Exception :" + ex.ToString() + Environment.NewLine);
            }

            return DoDragDrop(pDataObj, pDropSource, dwOKEffects, pdwEffect);
        }
    }

    internal interface IDropSource
    {
    }
}

One issue is that you are using a "SetInclusiveACL" with 0, which means only the current thread Id will be intercepted. Try SetExclusiveACL with 0 instead (means all threads except current thread will be intercepted). I see that you tried that, but you do need to keep it on the SetExclusiveACL. — Justin Stenning, Jul 20 '17 at 03:44
@JustinStenning I tried with SetExclusiveACL with 0 you can see my comments below the line, not hitting DoDragDropHook function when i drag a file in explorer. — Dilip, Jul 20 '17 at 06:21
if u have example with easyhook for dodragdrop please share. — Dilip, Jul 20 '17 at 06:23
@JustinStenning .. If i keep SetExclusiveACL with 0 my explorer is getting restarted. — Dilip, Jul 20 '17 at 06:53
that is probably progress, now change your hook handler to be super simple, just return call to original — Justin Stenning, Jul 20 '17 at 06:54
@JustinStenning .. can u please elaborate what you want me to do or explain with the code please. — Dilip, Jul 20 '17 at 07:02
if explorer is now crashing, then most likely your hook handler is now being called but you still have some other problem in that handler. Make your handler simple so that you can rule out issues there. Also you can try debugging the explorer process and add break point in you hook handler. — Justin Stenning, Jul 20 '17 at 07:04
@JustinStenning after defining IDropSource interface now DoDragDropHook is calling but throwing an error : DoDragDropHook Exception :System.NullReferenceException: Object reference not set to an instance of an object. at DragDrop_DLL.Main.DoDragDropHook(IDataObject pDataObj, IDropSource pDropSource, UInt32 dwOKEffects, UInt32[] pdwEffect) ..have any idea Justin — Dilip, Jul 20 '17 at 09:56
you need to be sure you have the correct calling convention, and parameters etc. I am not familiar enough with that API to guess at much more than that. Hmm pdwEffect you may want to pass as IntPtr instead of array. — Justin Stenning, Jul 20 '17 at 09:59

hooking DoDragDrop() function from Ole32.dll library using EasyHook

0 Answers0