A little understanding for the hook function

xiaoxiao2021-03-06  147

This function is part of the Windows message processing mechanism, by setting "hook", the application can filter all messages, events on the system level, access to messages that cannot be accessed under normal conditions. Of course, it is also necessary to pay a certain price. Since there is more ways, the system performance will be affected, so everyone uses "hook" when necessary, and deletes it in time.

Let us first take a look at how the hook function is installed, calls, and deletes. The application is usually called the setWindowsHooKex () function for installation, the prototype of its function is as follows:

Setwindowshookex (

Int IDHOOK;

HookProc LPFN;

Hinstance hmod;

DWORD DWTHREADID;

);

Parameter Description:

IDHOOK is the type of "hook", "hook" type has 13 types, as shown in the following table:

"Hook" Type Interpretation WH_CallWndProc system Sends the message to the "hook" WH_CallWndProcret message processed before the specified window has been processed in the window "hook" WH_Debug error "hook" WH_Debug error "hook" WH_ForeGroundIdle front desk idle window "hook" WH_GetMessage "Hook" WH_JournalPlayback playback previously passed through the input message of the WH_JournalRecord "hook" record "hook" WH_KEYBOARD keyboard message "hook" WH_KEYBOARD keyboard message "hook" WH_MOUSE Mouse message "hook" WH_MSGFilter dialog, message box, menu or scroll bar input Message "Hook" WH_SHELL Case "Hook" WH_SYSMSGFILTER system message "hook"

LPFN points to the pointer to the "hook" process.

The HMOD "Hook" process The handle of the module is located.

DWTHREADID The logo of the "hook" related thread.

Usually we all make the "hook" into dynamic link libraries, such a benefit is that each process within the system can be accessed. But can also be called directly in the system, my suggestion is still using a dynamic library. If you use a dynamic library, the third parameter in SetWindowsHooKex () is the handle of the dynamic link library module; for a "hook" that only access to a single process, you can put it "hook" process installed "hook" Within the same thread, the third parameter in SetWindowsHooKex () is the Hinstance of the thread. There are two ways to install "hook": 1. You can make him a dynamic connection library file, compile together with the program. 2. You can call anywhere in the program. The second method is too trouble, I don't recommend it, I will not introduce it here. Compared with the first simpler. Its "hook" process is completed in the dynamic link library. SetWindowsHooKex () function is a installation function, such as an event monitored by some type of "hook", the system calls the "hook" process at the corresponding type "hook" chain, each of the "hook" chain The "hook" process must consider whether the event is passed to the next "hook" process. If you want to pass, you want to call the callnesthooKex () function. The return value of the next "hook" process in the "hook" chain is successfully returned, and the type of return value depends on the type of "hook". The prototype of this function is as follows:

LResult CallNexthookex (

HHOOK HHK;

Int ncode;

WPARAM WPARAM;

LParam Lparam;

);

Where hHK is the current "hook" handle, the SETWINDOWSHOKEX () function is returned. Ncode is an event code that passes to the "hook" process. WPARAM and LPARAM are transmitted to the "hook" process, respectively, and the specific meaning is related to the "hook" type.

Release "hook"

Release "hook" is relatively simple, he has only one parameter. It should be released in time when it is not required to "hook". He is to call UNHOOKWINDOWSHOKEX () functions, and the function prototype is as follows:

UnHookWindowsHookex (

HHOOK HHK;

);

The function successfully returns true, otherwise returns false.

If I don't understand this, please see some of the typical "hook" code and instructions given below.

LResult WinAPI CallWndProc (int Ncode, WPARAM WPARAM, LPARAM LPARAM)

{

IF (ncode <0)

Return CallNexthookex (NULL, NCODE, WPARAM, LPARAM);

Switch (ncode)

{

Case HC_Action:

// "Hook" program to handle what code

Break;

DEFAULT:

Break;

}

Return CallNexthookex (NULL, NCODE, WPARAM, LPARAM);

}

This is the code of the WH_CallWndProc "hook", this "hook" allows program to monitor messages sent by the function sendMessage to the window process. The system calls the WH_CallWndProc "hook" process before sending the message to the destination window.

Lresult WinAPI CallWndProc (int Ncode, WPARAM, WPARAM, LPARAM LPARAM)

{

IF (Ncode <0) Return CallnexthooKex (Null, Ncode, WPARAM, LPARAM);

Switch (ncode)

{

Case HC_Action:

Switch (WPARAM)

{

Case PM_Remove:

// An application calls the GetMessage function or the // peekmessage function with the PM_Remove parameter, removes a message from the message queue.

Break;

Case PM_NOREMOVE:

// An application calls the peekMessage function as a parameter in PM_NOREMOVE

Break;

DEFAULT:

Break;

}

Break;

DEFAULT:

Break;

}

Return CallNexthookex (NULL, NCODE, WPARAM, LPARAM);

}

This is a function that calls the wh_getMessage, which allows the application to monitor the message returned by the function getMessage and PeekMessage. The application can use hooks wh_getMessage to monitor the input of the mouse and keyboard and other systems sent to the message queue.

LResult Callback CBTProc (Int Ncode, WPARAM WPARAM, LPARAM LPARAM)

{

IF (Ncode <0) Return CallnexthooKex (Null, Ncode, WPARAM, LPARAM);

Switch (ncode)

{

Case hcbt_activate:

// The system will activate a window

Break;

Case HCBT_CLICKSKIPPED:

/ / The system removes a mouse message from the system message queue

Break;

Case HCBT_CREATEWND:

// The system will create a window

Break;

Case HCBT_DESTROYWND:

// The system will close a window

Break;

Case HCBT_KEYSKIPPED:

/ / The system removes a keyboard message from the system message queue

Break;

Case HCBT_MINMAX:

/ / The system will maximize or minimize one window

Break;

Case HCBT_MOVESIZE:

// The system will move a window or change the size of a window.

Break;

Case HCBT_QS:

/ / The system retrieves WM_QUEESYNC messages in the system message queue

Break;

Case HCBT_SETFOCUS:

/ / The system sets the keyboard input window Break;

Case HCBT_SYSCOMMAND:

// will execute a system command

Break;

DEFAULT:

/ / Can add additional code

Break;

}

Return CallNexthookex (NULL, NCODE, WPARAM, LPARAM);

}

Each "hook" type has its corresponding function, the parameters of these functions are the same, interested friends can find them in MSDN.

Below I give a complete "hook" installation and delete process code.

#include "stdafx.h"

#include "hook.h"

Hinstance hinstance;

Hhook hhkkeyboard;

Bool Apientry Dllmain (Handle Hmodule, DWORD UL_REASON_FOR_CALL, LPVOID LPRESERVED)

{

Switch (ul_reason_for_call)

{

Case DLL_Process_attach:

Case DLL_THREAD_ATTACH:

Case DLL_THREAD_DETACH:

Case DLL_PROCESS_DETACH:

Break;

}

Hinstance = (hinstance) hmodule;

Return True;

}

LResult KeyboardProc (int Ncode, WPARAM WPARAM, LPARAM LPARAM)

{

MessageBeep (-1);

Return CallNexthookex (NULL, NCODE, WPARAM, LPARAM);

}

Hook_api bool enableKeyboardCapture ()

{

IF (! (hh_keyboard = setwindowshookex (wh_keyboard, (hookproc) KeyboardProc, hinstance, 0))))

Return False;

Return True;

}

Hook_api bool disableKeyboardCapture ()

{

Return UnhookWindowsHookex (HHKKEYBOARD);

}

Note: This is a dynamic link library file.

When you want to call "hook" in the program, there is an enableKeyboardCapture () function, but you will send a sound when you press the button.

转载请注明原文地址:https://www.9cbs.com/read-127405.html

New Post(0)