Veracode error with SetWindowsHookEx win API call

Aswin mc 0

I am getting an Embedded Malicious Code (CWE ID 506) error while using the SetWindowsHookEx win API call and running a Veracode security scan. The error message states that this technique is typically used by rootkits or other malicious code. Can anyone help me resolve this error?

Viorel 118K Reputation points

2024-06-10T07:32:33.5133333+00:00

Maybe it is possible to avoid the SetWindowsHookEx function.
Jeanine Zhang-MSFT 9,771 Reputation points Microsoft Vendor

2024-06-13T06:25:33.42+00:00

Have you got any updates about this issue? Could you please check my answer?
RLWA32 45,691 Reputation points

2024-06-13T08:15:45.3033333+00:00

@Aswin mc, If we knew which hook you were using and what you were trying to accomplish with it we might be able to suggest an alternative approach.
Jeanine Zhang-MSFT 9,771 Reputation points Microsoft Vendor

2024-06-19T07:16:38.1133333+00:00

Have you got any updates about this issue?
Aswin mc 0 Reputation points

2024-06-20T05:03:26.1466667+00:00

@RLWA32 we are using SetWindowsHookEx for keyboard hook for getting a key down and key up event in our application is there any alternative that we can use ?
RLWA32 45,691 Reputation points

2024-06-20T06:35:55.5866667+00:00

we are using SetWindowsHookEx for keyboard hook

OK, you are using a keyboard hook. Is it correct that you install this hook in processes other than your own? Is it a global or thread hook? If global is it a low-level hook?

for getting a key down and key up event in our application

That's a pretty vague description. What do you really want to accomplish by hooking key-up/key-down events?
Aswin mc 0 Reputation points

2024-06-20T08:54:50.6833333+00:00

@RLWA32 installed keyboard hook in my application its self , its a global hook , what u mean by low level hook?
RLWA32 45,691 Reputation points

2024-06-20T09:21:11.8666667+00:00

its a global hook

Well, a properly implemented global hook will inject the DLL containing the hook procedure into almost all processes other than your own. This is probably causing the issue.

Refer to KeyboardProc callback function and LowLevelKeyboardProc function to see how they differ.

You still have not explained what you want to accomplish by globally hooking key-up/key-down. How can anyone offer an alternative if we don't know what you want to accomplish?

1 answer

Jeanine Zhang-MSFT 9,771 Reputation points Microsoft Vendor

2024-06-11T01:44:29.66+00:00

Hello,

Welcome to Microsoft Q&A!

Use the Win32 API (SetWindowsHookExA function) to place a hook, which may indicate malicious behavior. DLL injection can be used for legitimate purposes; However, it is also a common technique used by rootkits to execute malicious code.

If your application is designed to inject a DLL into another process, you don't need to take any action. Otherwise, this code should be double-checked, as it is indicative of a rootkit or other malicious code.

Thank you.

Jeanine

If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Please sign in to rate this answer.
Aswin mc 0 Reputation points

2024-06-20T05:02:18.6933333+00:00

We tried with SetWindowsHookExA function but issue still exist same veracode error.

we are using SetWindowsHookEx for keyboard hook for getting a key down and key up event in our application is there any alternative that we can use ?
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

Share via

Veracode error with SetWindowsHookEx win API call

1 answer

Your answer