转个问答:
|
what is the difference between the working of two ? For |
Meh, don't focus too much on the term, it doesn't clarify anything. There's a huge difference between the two. WH_KEYBOARD_LL installs a hook that requires the callback to be implemented in your own program. And you must pump a message loop so that Windows can make the callback whenever it is about to dispatch a keyboard message. Which makes it really easy to get going.
WH_KEYBOARD works very differently, it requires a DLL that can be safely injected into hooked processes. Which makes it notoriously difficult to get going, injecting DLLs without affecting a process isn't easy. Particularly on a 64-bit operating system. Nor is taking care of the inter-process communication you might need if some other process needs to know about the keystroke. Like a key logger.
The advantage of WH_KEYBOARD is that it has access to the keyboard state. Which is a per-process property in Windows. State like the active keyboard layout and the state of the modifier and dead keys matter a great deal when you want to use the hook to translate virtual keys to typing keys yourself. You can't reliably call ToUnicodeEx() from an external process.
You can't swing a cat without running into example code, google will give you plenty. So be sure to use something known-to-work if you have never written such a hook before, it will avoid a lot of grief.
WH_KEYBOARD 一般还是在系统处理后处理,注入式键盘挂钩(注入dll到目标进程估计没人会喜欢),所以像Ctrl+alt+del 系统会先处理掉,WH_KEYBOARD没法截获
WH_KEYBOARD_LL是在系统处理前处理的,所以很容易引起挂起之类的问题,不过操作系统通过LowLevelHooksTimeout控制超时,如果这个时间后HOOK函数还没返回,就直接被忽略了
所以要监视键盘,还是用WH_KEYBOARD_LL吧