Click here to Skip to main content
12,826,806 members (32,734 online)
Rate this:
Please Sign up or sign in to vote.
See more: C++ Win32 hooking
How can a parental control monitor both sides of chats? That should be done not by using keyboard hooks (which will monitor only one side of the conversation), but instead, by identifying the window and the control (listbox, editbox, etc.) used for communication, and capturing it textually. Is there a generic way for doing so?
Posted 9-Oct-12 9:20am
Updated 20-Feb-13 7:20am
enhzflep 9-Oct-12 15:18pm
What about hooking send and recv? They seem to me to be the only things that will be constant across different chat programs. Of course, the format of the data will be different. But if it's captured it can be processed later. WireShark does it with the help of the WinPcap library.
You can find it here: WinPcap

I realize you ask about capturing data from the controls themselves, but if they're custom controls then this can(will?) fall flat sooner or later. If it gets into the pc via a network connection, WinPcap should be able to intercept it, hence my suggestion of it.
pasztorpisti 9-Oct-12 16:11pm
The window might consist of totally custom controls, the net channel might be encrypted on application layer. When hijacking input you want to capture input events and their target. For a simpler solution I would go with hooking into the message loop of the main/gui thread of the application, maybe into all threads of the application. This is a per-process approach. You can then capture any keyboard/mouse messages inside the process, gui focus changes and so on. Even if the program has only a main window with exclusively custom controls you can still get all input messages and reconstruct the text messages. For a more serious solution I would do this hooking on system level, this ways you could capture outgoing input globally and for each input event you should find out the target process/thread/gui control. This way you can log the whole interaction between the user and the machine.
enhzflep 9-Oct-12 16:17pm
"the net channel might be encrypted on application layer." :face-palm:
Of course! How did I manage to overlook that simple counter-measure.

As is the norm from you pasztorpisti, a comprehensive post, full of valuable insights. :thumbs-up:
Michael Haephrati 9-Oct-12 16:19pm
How will I capture the other party?
pasztorpisti 9-Oct-12 16:30pm
Thank you! The WinPcap solution is also a nice one if there is no encryption. Lot of chat programs are silly enough not to use good encryption. :-) My solution doesn't cover the capturing of the other party, WinPcap can handle that too (however that also requires net protocol reverse engineering that is often not too difficult).
pasztorpisti 9-Oct-12 16:32pm
Capturing the other side requires application specific handling. If the net channel isn't encrypted then you can use the WinPcap solution of enhzflep with well known or reverse engineered protocols. The message queue hooking can also be usable in some cases when the message log control is known and filled up with content using window messages.
Michael Haephrati 9-Oct-12 16:33pm
Take Skype for example
pasztorpisti 9-Oct-12 16:39pm
If you target a specific application then you can do a lot of things by hooking.
pasztorpisti 9-Oct-12 16:48pm
Anyway, WinPcap is not only a nice solution, its probably the easiest and first way to consider if there is no strong encryption! :thumbsup:
eugene.shikhov 10-Oct-12 4:40am
As far as I know, Skype implements quite strong encryption. So, WinPcap-based solution is useless here.
Rate this: bad
Please Sign up or sign in to vote.

Solution 2

Skype for example encrypts it. Also, I am interested in discussing the question: is it possible to identify the UI element used by common chat application and capture the text inside it.
Rate this: bad
Please Sign up or sign in to vote.

Solution 1

Why dont you try packet sniffing. Protocol used by most of the chat clients are known, you can decode it to get the message. There are readymade softwares are available, e.g. ArcMentor (I was working on this at my previous organization ;) )
Rate this: bad
Please Sign up or sign in to vote.

Solution 3


I would recomend using a sniffer. If you want to use existing application you can use Ethercap or Wireshark or TCPDUMP.

If you, though, want to implement your own sniffer, you shall study LIBPCAP libreary.

Best Regards
J. K.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

    Print Answers RSS
Top Experts
Last 24hrsThis month

Advertise | Privacy | Mobile
Web02 | 2.8.170326.1 | Last Updated 21 Feb 2013
Copyright © CodeProject, 1999-2017
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100