Hooks manual
Hook is a messaging mechanism provided by Windows, which allows programmers to use sub-processes to monitor system messages and get processed before the message reaches the target.
The Winndows Hooks will be described below and explain how to use it in a Windows program.
========================= About hooks ======================================================================================================================================
Using hook will reduce system efficiency because it adds the workload of the system's condition message. It is recommended to use hook if necessary, and remove the hook immediately after the message processing is complete.
HOOK chain
Windows offers several different types of hooks; different hooks can handle different messages. For example, WH_Mouse hook is used to monitor mouse messages.
Windows maintains their respective HOOK chains for these Hooks. The hook chain is a callback function queue defined by the application. When a type of message occurs, Windows sends this message to the first function of this type HOOK chain, and after the first function is processed, after the message is processed. The function passes the message to the next function in the list, and then down. If a function in the chain does not transfer the message down, then the function later in the list will not receive this message. (For some types of hook, regardless of whether the function in the hook chain is delivered down, all hook functions that are connected to this type of hook will receive the message sent by the system)
=========================== h 过程 ============================================================================================================================================= ===
To intercept specific messages, you can install your own hook function using the SetWindowsHookex function in this type's HOOK chain. The function syntax is as follows:
Public Function Myhook (Ncode, WPARAM, iParam) as long
'Join the code
END FUNCTION
Among them, MyHook can be named casually, others cannot change. This function must be placed in the module segment. Ncode Specifies the hook type. WPARAM, the value of iParam is different with ncode, which represents a certain type of Hook for a certain type of HOOK.
Setwindowshookex always places your hook function at the top of the HOOK chain. You can pass the system messages to the next function in the hook chain using the CallNextHookex function.
[Note] For some types of HOOK, the system will send a message to all HOOK functions of the class. At this time, the CallNextHooKex statement in the hook function will be ignored.
The global hook function can intercept a particular message in all threads in the system (at this point, the Hook function must be placed in the DLL), the local hook function can block a particular message of the specified thread (at this time the hook function can be placed in the DLL The module segment of the application can also be placed).
[Note] It is recommended to use the global HOOK function only when debugging. The global HOOK function will reduce system efficiency and will have conflicts with other applications that use this class hook. ======================== ===================================================================================================================================================================================== =========
Wh_callwndproc and wh_callwndprocret hook
Wh_callwndproc and WH_CallWndProcret Hook You can monitor the message sent by SendMessage. The system will call WH_CallWndProc before sending a message to the form, and the system will call the WH_CallWndProcret after the message process is handled.
The WH_CallWndProcret Hook will send an address of a CWPRETSTRUCT structure to the Hook process. This structure contains some information after the form process processing system message.
WH_CBT HOOK
The system is activated, created, destroyed, minimized, maximized, moved, change the form; before completing a system command; before the mouse or keyboard event is removed from the system message queue; before setting the input focus, or WH_CBT HOOK will be called before the synchronous system message queue. You can intercept this class hook in your hook process and return a value, tell the system, continue to perform the above operation.
WH_Debug hook
Before calling the Hook process with some hook type, WH_Debug will call the WH_Debug, the application can use this hook to determine if the system performs some type of HOOK.
Wh_ForegroundIdle Hook
The system calls the hook when idle, performs a lower priority application in the background.
WH_GetMessage Hook
The WH_GetMessage hook enables the application to block the message of getMessage or PeekMessage. The application uses the WH_GetMessage Hook monitor mouse, keyboard input, and other messages sent to the queue.
WH_JournalRecord Hook
WH_JournalRecord hook enables applications to monitor input events. Typically, the application uses the HOOK to record mouse and keyboard input events for later playback. This hook is a global HOOK and cannot be used in the specified thread.
WH_Journalplayback Hook
`WH_JournalPlayback Hook enables the application to insert messages into the system message queue. The hook can play back the mouse recorded by WH_JournalRecord Hook, keyboard input events. When the WH_Journalplayback Hook is installed, the mouse, the keyboard input event will be masked. This hook is also a global hook that cannot be used in the specified thread.
WH_Journalplayback Hook returns a time pause value, which tells the system that the system waits for a few seconds when handling the current playback message. This allows this hook to control the time event in playback.
WH_Keyboard Hook
The Wh_Keyboard Hook enables the application to monitor the WM_KeyDown and WM_KEYUP messages returned by getMessage and PeekMessage. The application uses the Hook monitor to send the keyboard input to the message queue.
WH_Mouse Hook
The WH_Mouse Hook enables the application to monitor the message returned by getMessage and PeekMessage. The application uses this Hook monitor to send the mouse input in the message queue. Wh_msgfilter and wh_sysmsgfilter hooks
WH_MSGFILTER and WH_SYSMSGFILTER hooks Make the application to monitor menus, scroll bars, message boxes, dialogs, which can intercept messages when users use ALT TAB or ALT ESC to switch forms. Wh_msgfilter only monitors menu, scroll bars, messages, dialogs in the application, while WH_SYSMSGFILTER can monitor these events in all applications.
WH_SHELL HOOK
A shell program can use the WH_Shell Hook to receive important information. When a shell program is activated or the current form is created, the system will call the WH_SHELL HOOK process.
======================= use hook ============================= ===
Installation, destroy the HOOK process
Monitoring system events
Installation, destroy the HOOK process
Use the SetWindowsHookex function, specify a hook type, your own hook process is a global or partial hook, and give your Hook procedure easily to install your own hook procedure.
To install a global hook process, you must establish a DLL outside the application and package the hook function to it. The application must first get the handle of the DLL module when installing the global HOOK process. Pass the DLL name to the LoadLibrary function, you get the handle of the DLL module; after you get the handle, use the getProcAddress function to get the address of the hook process. Finally, use SETWINDOWSHOKEX to embed the opening of the Hook process in the corresponding hook chain, setWindowsHookex passes a module handle, which is the entry point of the HOOK process, and the thread identifier is 0, indicating that the hook process is associated with all threads in the system. .
The following is a routine written, and you can easily convert to a VB program.
HookProc HKPRCSYSMSG;
Static Hinstance Hinstdll;
Static hHOOK HHOOKSYSMSG;
.
.
.
Hinstdll = loadingLibrary ((lpctstr) "c: //windows//sysmsg.dll");
HKPRCSYSMSG = (HookProc) GetProcaddress (Hinstdll, "SysMessageProc);
hhookysmsg = setWindowshookex (wh_sysmsgfilter,
HKPRCSYSMSG, Hinstdll, 0);
