Veracode error with SetWindowsHookEx win API call

Aswin mc 0 Reputation points
2024-06-10T06:50:57.29+00:00

I am getting an Embedded Malicious Code (CWE ID 506) error while using the SetWindowsHookEx win API call and running a Veracode security scan. The error message states that this technique is typically used by rootkits or other malicious code. Can anyone help me resolve this error?

Windows API - Win32
Windows API - Win32
A core set of Windows application programming interfaces (APIs) for desktop and server applications. Previously known as Win32 API.
2,471 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Jeanine Zhang-MSFT 9,346 Reputation points Microsoft Vendor
    2024-06-11T01:44:29.66+00:00

    Hello,

    Welcome to Microsoft Q&A!

    Use the Win32 API (SetWindowsHookExA function) to place a hook, which may indicate malicious behavior. DLL injection can be used for legitimate purposes; However, it is also a common technique used by rootkits to execute malicious code.

    If your application is designed to inject a DLL into another process, you don't need to take any action. Otherwise, this code should be double-checked, as it is indicative of a rootkit or other malicious code.

    Thank you.

    Jeanine


    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments