_ProcDlgMain PROC uses ebx edi esi hWnd,wMsg,wParam,lParam
mov eax,wMsg
.if eax == WM_CLOSE
invoke UnhookWindowsHookEx,hHook
invoke EndDialog,hWnd,NULL
.elseif eax == WM_INITDIALOG
push hWnd
pop hWinMain
invoke AddDebugPrivilege
invoke SetWindowsHookEx,WH_JOURNALRECORD,addr HookProc,hInstance,NULL
.if eax
mov hHook,eax
.else
invoke EndDialog,hWnd,NULL
.endif
.else
mov eax,FALSE
ret
.endif
mov eax,TRUE
ret
_ProcDlgMain ENDP
start:
invoke GetModuleHandle,NULL
mov hInstance,eax
invoke DialogBoxParam,eax,DLG_MAIN,NULL,offset _ProcDlgMain,NULL
invoke ExitProcess,NULL
end start
Does anybody know why the SetWindowsHookEx function returns 0?
Per the SetWindowsHookEx documentation:
If the function fails, the return value is NULL. To get extended error information, call GetLastError.
Which you are not doing.
However, it will likely report ERROR_ACCESS_DENIED, because on Vista+ with UAC enabled, Journal hooks require the app to have a UAC manifest that specifies "uiaccess=true" permission:
SetWindowsHookEx for WH_JOURNALRECORD fails under Vista/Windows 7
However, seeing "uiaccess=true" carries additional restrictions, which your app is likely not satisfying:
The executable must be digitally signed.
The executable must reside in one of the following "secure" system folders (this can be disabled on Windows 10+ via a policy setting):
\Program Files\, including subdirectories
\Windows\system32\
\Program Files (x86)\, including subdirectories for 64-bit versions of Windows