zoukankan      html  css  js  c++  java
  • 钩子教程

    原文地址:http://www.zdexe.com/program/201004/595.html

    方法16 :SetWindowsHookEx Function

    The SetWindowsHookEx function installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread.

      SetWindowsHookEx方法安装一个应用程序定义的钩子子程到钩子链表中。你可能安装钩子子程来监视系统的一些类型的事件。这些事件可以同下面的线程一起使用:指定的线程或者同一桌面下做为调用线程的所有线程。

    Syntax 语法

    HHOOK SetWindowsHookEx(      

        int idHook,
        HOOKPROC lpfn,
        HINSTANCE hMod,
        DWORD dwThreadId
    );

    Parameters参数

    idHook :[in] Specifies the type of hook procedure to be installed. This parameter can be one of the following values. 指定即将被安装的钩子子程的类型。该参数可以是下列值之一:

    1.WH_CALLWNDPROC :Installs a hook procedure that monitors messages before the system sends them to the destination window procedure. 安装一个钩子子程,用来在系统将消息发送给目的窗体程序之前监视消息。

    2. WH_CALLWNDPROCRET :Installs a hook procedure that monitors messages after they have been processed by the destination window procedure. 安装一个钩子子程,用来在消息被目标窗体程序处理之后来监视消息。

    3.WH_CBT :Installs a hook procedure that receives notifications useful to a computer-based training (CBT) application.安装一个钩子子程,用来接收对CBT程序有用的通知。

    4.WH_DEBUG :Installs a hook procedure useful for debugging other hook procedures.安装一个对调试其它钩子子程有用的钩子子程。

    5.WH_FOREGROUNDIDLE :Installs a hook procedure that will be called when the application's foreground thread is about to become idle. This hook is useful for performing low priority tasks during idle time.安装一个钩子子程,当应用程序的前台线程即将空闲时,该子程被调用。该钩子在空闲时间里来执行低权限任务时很有用。

    5.WH_GETMESSAGE :Installs a hook procedure that monitors messages posted to a message queue.安装一个钩子子程用来监视传递给消息队列的消息。

    6.WH_JOURNALPLAYBACK :Installs a hook procedure that posts messages previously recorded by a WH_JOURNALRECORD hook procedure.安装一个钩子子程用来传递前期由WH_JOURNALRECORD钩子子程记录的消息。

    7.WH_JOURNALRECORD :Installs a hook procedure that records input messages posted to the system message queue. This hook is useful for recording macros. 安装一个钩子子程来记录传递给系统消息队列的输入消息。该钩子对记录宏很有用。

    8.WH_KEYBOARD :Installs a hook procedure that monitors keystroke messages.安装一个钩子子程用来监视键盘消息。

    9.WH_KEYBOARD_LL  :Windows NT/2000/XP: Installs a hook procedure that monitors low-level keyboard input events.在Windows NT/2000/XP环境下:安装一个钩子子程用来监视低层键盘输入事件。

    10.WH_MOUSE :Installs a hook procedure that monitors mouse messages.安装一个钩子子程用来监视鼠标消息。

    11.WH_MOUSE_LL :: Installs a hook procedure that monitors low-level mouse input events. 在 Windows NT/2000/XP环境下,安装一个钩子子程用来监视低层鼠标输入事件。

    12.WH_MSGFILTER :Installs a hook procedure that monitors messages generated as a result of an input event in a dialog box, message box, menu, or scroll bar.安装一个钩子子程用来监视下列对象的输入事件产生的消息:对话框、消息框、菜单、滚动条。

    13.WH_SHELL :Installs a hook procedure that receives notifications useful to shell applications.安装一个钩子子程用来接收对加壳程序有用的通知。

    14.WH_SYSMSGFILTER :Installs a hook procedure that monitors messages generated as a result of an input event in a dialog box, message box, menu, or scroll bar. The hook procedure monitors these messages for all applications in the same desktop as the calling thread.安装一个钩子子程用来监视下列对象的输入事件产生的消息:对话框、消息框、菜单、滚动条。钩子子程为同一桌面下做为调用线程的所有线程监视这些消息。

    lpfn :[in] Pointer to the hook procedure. If the dwThreadIdparameter is zero or specifies the identifier of a thread created by a different process, the lpfn parameter must point to a hook procedure in a dynamic-link library (DLL). Otherwise, lpfn can point to a hook procedure in the code associated with the current process.

    钩子子程的指针。如果参数dwThreadId为0或者指定由不同进程创建的线程的标识符,lpfn参数必须指向动态链接库里的钩子子程。否则,lpfn可以指向与当前进程相关的代码中的钩子子程。

    hMod :[in] Handle to the DLL containing the hook procedure pointed to by the lpfn parameter. The hMod parameter must be set to NULL if the dwThreadId parameter specifies a thread created by the current process and if the hook procedure is within the code associated with the current process.

    lpfn参数指向的含有钩子子程的DLL的句柄。如果参数dwThreadId指定了由当前进程创建的线程,或者如果钩子子程处在与当前进程相关的代码中,hMod参数必须设置为Null。

    dwThreadId :[in] Specifies the identifier of the thread with which the hook procedure is to be associated. If this parameter is zero, the hook procedure is associated with all existing threads running in the same desktop as the calling thread. 指定钩子子程即将关联的线程的标识符。如果该参数是0,钩子子程与在同一桌面环境下运行的做为调用线程的所有存在的线程相关联。

    Return Value返回值

    If the function succeeds, the return value is the handle to the hook procedure. If the function fails, the return value is NULL.

    如果方法执行成功,返回钩子子程的句柄。如果失败,返回空。

    Remarks备注

    SetWindowsHookEx can be used to inject a DLL into another process. A 32-bit DLL cannot be injected into a 64-bit process, and a 64-bit DLL cannot be injected into a 32-bit process. If an application requires the use of hooks in other processes, it is required that a 32-bit application call SetWindowsHookEx to inject a 32-bit DLL into 32-bit processes, and a 64-bit application call SetWindowsHookEx to inject a 64-bit DLL into 64-bit processes. The 32-bit and 64-bit DLLs must have different names.

    SetWindowsHookEx可以被注入到DLL中,进而被映射到另外进程中。32位的DLL不能被注入到64位的进程中,同样,64位的DLL也不能被注入到32位的进程中。如果应用程序请求在其它的进程中使用钩子,要求,32位的应用程序调用SetWindowsHookEx将32位的DLL注入到32位的进程中,64位的应用程序调用SetWindowsHookEx将64位的DLL注入到64位的进程中。32位的DLL和64位的DLL必须具有不同的名称。

    An error may occur if the hMod parameter is NULL and the dwThreadId parameter is zero or specifies the identifier of a thread created by another process. 如果参数hMod为空,参数dwThreadId为0,或者指定了由另外进程创建的线程的标识符,会产生错误。

    Calling the CallNextHookEx function to chain to the next hook procedure is optional, but it is highly recommended; otherwise, other applications that have installed hooks will not receive hook notifications and may behave incorrectly as a result. You should call CallNextHookEx unless you absolutely need to prevent the notification from being seen by other applications. 虽然调用CallNextHookEx方法链接到下一个钩子子程是可选的,但是强烈建议使用;否则,其它已经安装了钩子的应用程序将不接收钩子通知,可能导致行为错误。除非绝对需要阻止通知被其它应用程序看见,其他时候都应该调用CallNextHookEx方法。

    Before terminating, an application must call the UnhookWindowsHookEx function to free system resources associated with the hook. 在结束前,应用程序必须调用UnhookWindowsHookEx方法来释放与该钩子相关的系统资源。

    The scope of a hook depends on the hook type. Some hooks can be set only with global scope; others can also be set for only a specific thread, as shown in the following table. 钩子的作用域取决于钩子的类型。一些钩子只能在全局范围使用,其它一些仅仅能在指定的线程中使用。如下表所示:

    Hook

    Scope

    WH_CALLWNDPROC

    Thread or global线程/全局

    WH_CALLWNDPROCRET

    Thread or global线程/全局

    WH_CBT

    Thread or global线程/全局

    WH_DEBUG

    Thread or global线程/全局

    WH_FOREGROUNDIDLE

    Thread or global线程/全局

    WH_GETMESSAGE

    Thread or global线程/全局

    WH_JOURNALPLAYBACK

    Global only全局

    WH_JOURNALRECORD

    Global only全局

    WH_KEYBOARD

    Thread or global线程/全局

    WH_KEYBOARD_LL

    Global only全局

    WH_MOUSE

    Thread or global线程/全局

    WH_MOUSE_LL

    Global only全局

    WH_MSGFILTER

    Thread or global线程/全局

    WH_SHELL

    Thread or global线程/全局

    WH_SYSMSGFILTER

    Global only全局

    For a specified hook type, thread hooks are called first, then global hooks.

    对于指定的钩子类型,线程钩子先被调用,然后是全局钩子。

    The global hooks are a shared resource, and installing one affects all applications in the same desktop as the calling thread. All global hook functions must be in libraries. Global hooks should be restricted to special-purpose applications or to use as a development aid during application debugging. Libraries that no longer need a hook should remove its hook procedure.

     全局钩子是共享资源,安装一个钩子会影响同一桌面环境下做为调用线程的所有应用程序。所有的全局钩子函数都应该在库中。全局钩子应该被分发到特定目的的应用程序中,或者在程序调试中间,来辅助开发。不再需要钩子的库应该移除钩子子程。

  • 相关阅读:
    shell 字符串替换
    shell 拆分字符串成数组 放入数组
    shell 换行输出变量 换行
    Linux shell修改xml文件
    Spark 实现共同好友
    Hive 开启 service2 服务
    hive 求相互是好友.
    Linux 查看外网ip
    Termux下开启kex远程桌面
    Termux开启ssh服务
  • 原文地址:https://www.cnblogs.com/DuanLaoYe/p/5501654.html
Copyright © 2011-2022 走看看