When you create a hook, the Windows system creates a data structure that contains the information you created, and the mounting hook is inserted into the system hook list, pay attention: new inserted to the old Front. When the specified hook event is triggered, the local hook only needs to call the hook function in the process to preprocess the event. The global hook needs to insert the process into other address space. To do this, you need to have a dynamic connection library. Put the hook function in the library. But there are two exceptions, just log hooks and logs play back hooks, it is a special hook, which can be mounted to any process within the system, and do not need to write a DLL to map to other processes. Memory space (About log hook, have a chance to introduce again). I. Classification of hooks: Installing different hooks, can intercept different messages types, have a targeted message to filter and process the required messages, and the hooks are mainly divided into the following categories:
WH_CallWndProc Send message to the window. The message sent to the window by SendMallWndProcret to send the WH_CallWndProcret. The message that triggers wh_getMessage is sent to the window when the sendMessage processing is returned. GetMessage or PeekMessage triggers the wh_keybroad keyboard hook, the keyboard triggered the message. WM_KEYUP or WM_KEYDOWN message WH_KEYBROAD_LL formation keyboard hooks WH_Mouse mouse hook, query mouse event message wh_mouse_ll low-level keyboard hook wh_hardware Non-mouse, keyboard message When the WH_MSGFilter dialog, menu or scroll bar to process a message. This hook is partial. WH_SYSMSGFILTER is the same as WH_MSGFilter, the system ranges. WH_DEBUG debugging hooks, hook function is used to monitor and record the debug WH_JOURNALRECORD input events WH_JOURNALPLAYBACK playback recorded events with WH_JOURNALRECORD WH_SHELL shell hook, when an event occurs with respect to the housing when WINDOWS triggered when WH_CBT when the computer-based training (CBT) event WH_FOREGROUNDIDLE front desk The application thread is turned to be idle, and the hook is activated.
Second, the type of hook: Global hook: Global hook can hook an event of other processes, there are two types: thread-based, which will capture an event in other processes. Briefly, events that can be used to observe a particular thread in other processes will occur. 2, the system range, the event message will occur in all processes in the capture system. Local hook: Only hook the event of your own process.
Third, install the hook: setwindowshookex function protest: hhook setWindowshookex (int IDHOK, // hook type, see [1] hookproc? Lpfn, // hook function address instance hmod, // The case of the instance of the hook, DWORD ???? DWTHREADID / / Hook Monoping Thread Thread Number HMOD: For the line program hook, parameter biol; for the system hook: Parameter is the handle of the hook DLL DWTHREADID: For global hook, this parameter is NULL. Return: Success: Returns SETWINDOWSHOKEX to return the installed hook handle; fail: null; 4, uninstall the hook: UnHookWindowsHookex function protest: BOOL UnHookWindowsHookex (hHOOK HHK / / Hook handle.)
Five, hook functions: The MyHookProc hook function is a callback function. When the installed hook is hooked to the specified event message, the system automatically calls the hook function. Define the following: LRESULT WINAPI MYHOKPROC (int ncode, / / Specify if you need to handle the message wparam wparam, // contains additional messages containing the message) LParam lparam // Contains additional message containing the message) Sixth, call the next hook CallNexthookex Since Windows The hook structure is stored in a linked list, which is obvious that the message will be passed by one by one, and finally reaches the target window, so we have handled the message to the next hook by the responsibility. Of course, you may not, but I still recommend that you continue to pass. The function is defined as follows: LResult callNexthookex (HHOOK HHK, // is your own hook function handle. Use this handle to traverse the hook chain int ncode, // simply pass the incoming parameters to CallNexthookex WPARM WPARAM, // The incoming parameters are simply transmitted to CallNexthookex, and the incoming parameters can be simply transmitted to CallNexthookex.
