WINDOWS keyboard event monitoring principle and application

zhaozj2021-02-11  240

WINDOWS keyboard event monitoring principle and application

Zhao Guihua · Yi Xianshi

The WINDOW message processing mechanism provides a function of monitoring various reverse modulation functions (hook) in order to monitor the various event messages of the system in the application. This hook function (hook) is similar to the interrupt driver, and there is a plurality of reverse modulation functions on the hook to form a hook function chain. The various messages generated by the system are first sent to various mount functions, and the mount functions are monitored, modified, and controlled according to their respective functions, and then return control or transfer the message to the next hiking function. Window function. Although this anti-modulation function on the Window system will be slightly affected by the system's operating efficiency, it is very useful in many occasions. It can achieve a good effect by reasonably utilizing the hook function monitoring mechanism that utilizes the keyboard event. . First, the filter function on the WINDOWS keyboard event is monitored, the filter function can be mounted under WH_CallWndProc window function filter function wh_CBT computer training filter function wh_debug debugging filter function wh_getMessage Get Message filter Filtering function wh_hardware hardware message filtering function message replay function WH_JOURNALPLAYBACK filter function WH_JOURNALRECORD message recording function filter function filtered WH_MSGFILTER WH_MOUSE mouse message system message filter function WH_SYSMSGFILTER WH_KEYBOARD filter function keyboard function keyboard filter wherein the filter function is the most common and useful type of filter function, regardless of which type of Filter functions, the basic methods of their hill are the same. When the Window calls the mounted rebound, the function of the hook-chain first is always called, so the keyboard hook function must be used to use the function setWindowsHooKex () to list it in the function chain. As for whether the message passes to the function chain is determined by each specific function function, if the message needs to be traditionally given to the next function, you can call the CallNextHooKex () of the API function, if not transferred, returned. The mount function can be a global function used to monitor all thread messages, or a partial function of a single thread can also be monitored separately. If the mount function is a partial function, you can put it in a .dll dynamic link library, or in a partial module; if the mount function is globally, then you must put it in one .dll dynamic link library in. The mount function must be declared in the following formats, with the keyboard hook function as an example: int FAR Pascal KeyboardProc (int Ncode, Word WPARAM, DWORD LPARAM) where KeyboardProc is the name of the function name, which must be in the module definition file. Use the exports command to explain; NCODE determines whether the mount function is processed; WPARAM and LPARAM are specific message content. Second, the installation and download of the keyboard event mount function can use the function setWindowshookex () to mount the filter function, and must indicate the type of the mount function, the entrance address of the function of the function, the entrance address of the function of the function. Schedule rumored 啃 模   雍   咛宓 饔 袷 袷 袷 缦 缦?? (((((((((,))))))))))))))))))))) Mount function addresses, Hinst is a plug-in function link library instance handle, iCode represents a global function for monitoring code -0. If the hosted function needs to pass messages to the next filter function, you need to call a callNextHooKex () function before the mount function returns. When you need to download the mount function, you can only call a UNHOOKWINDOKEXEX (iProc) function. .

If the function is global, it must be placed in a .dll dynamic link library, then the function call method can be the same as those of other ordinary .dll functions: 1. Direct function name or serial number in the DEF definition file Description: Exports WEP @ 1 ResidentName INITHOOKSDLL @ 2 InstallFilter @ 3 KeyboardProc @ 4 Document Description Format is: Link Book Name. Function Name (in this example is Keydll.KeyboardProc). 2. Use the function to use the function directly: First use LoadLibrary in the application (LPSTR "Link Link Name" to load the dynamic link library, and obtain the load library module handle Hinst, then use GetProcadDress (Hinstance Hinst, LPSTR) "Function Process Name" Gets the function address, then call the address directly, before the program ends the function freeibrary () release the loaded dynamic link library. 3. Using the input library .LIB method uses the Implib.exe program to establish a corresponding input library while establishing a dynamic link library .Lib, then adding the input library directly in the project file. Third, the implementation of the Windows Hook Monitoring Function Steps Windows Hook Functions are only placed in the dynamic link library DLL to implement all event monitoring functions. The basic method of forming a hook monitoring function in .dll is as follows: 1, first declare the variables and processes in the DLL;

2, then prepare the DLL main module libmain (), establish a module instance;

3. Establish a system exit DLL mechanism WEP () function;

4. Complete the DLL initialization function INITHOOKSDLL (), pass the main window program handle;

5, prepare hook installation and download functions installfilter ();

6, prepare the hook function keyboardProc (), set the monitoring function, and determine whether to continue to adjust a hook function or return to the Windows application.

7. In the Windows main program, you need to initialize the DLL and install the corresponding hook function, and the hook function is responsible for communicating with the main program;

8. Remove the mount function by the download function when no monitoring is required.

Fourth, the application technology of keyboard hook monitoring functions under Windows

At present, there are two special buttons on the standard 104 keyboard, which use the Window program logo and mouse drop-down list identifier, which is called micro left mock and micro right, and the former is used to simulate the left mouse button to activate the start menu. The latter is used to simulate the right mouse button to activate the attribute menu. These two special buttons only raise the Click procedure immediately after pressing, and does not use the other button to combine. Since the button is divided into a button in the Windows system, it is difficult to flexibly define its own dedicated shortcuts, such as developing .IME and other applications, it is difficult to find a function button that is not conflict with other application other applications such as Word 8.0. . If the two special buttons in the standard 104 keyboard are dedicated buttons such as the analog Ctrl and Alt, they can freely set the dedicated function keys in their own applications to implement various functions for the application. Shortcuts provide flexibility. Under normal circumstances, the Windows Keyboard Event Driver does not explain the messages of the two buttons, which must be used to use the hook monitoring function of the keyboard event to implement its specific function. The method is as follows: 1. First, prepare the next simple dynamic link library program and compile into a DLL file.

#include "windows.h" int FAR PASCAL LibMain (HANDLE hModule, UINT wDataSeg, UINT cbHeapSize, LPSTR lpszCmdLine); int WINAPI WEP (int bSystemExit); int WINAPI InitHooksDll (HWND hwndMainWindow); int WINAPI InstallFilter (BOOL nCode); LRESULT CALLBACK KeyHook (int nCode, WORD wParam, DWORD lParam); static hANDLE hInstance; // global handle static HWND hWndMain; // main window handle static int InitCalled = 0; // initialization flag static HHOOK hKeyHook; FARPROC lpfnKeyHook = (FARPROC) KeyHook; BOOL HookStates = FALSE; int FAR PASCAL LibMain (HANDLE hModule, UINT wDataSeg, UINT cbHeapSize, LPSTR lpszCmdLine) {if (cbHeapSize = 0!) UnlockData (0); hInstance = hModule; return 1;} int WINAPI WEP (int bSystemExit) {return 1;} int WINAPI InitHooksDll (HWND hwndMainWindow) {hWndMain = hwndMainWindow; InitCalled = 1; return (0);} int WINAPI InstallFilter (BOOL nCode) {if (InitCalled == 0) return (-1); IF (ncode == true) {hkeyhook = setwindowshookex (wh_keyboard, (hookproc) lpfnkeyhook, hinstance, 0); hookstates = true;} else {UNHOOKWINDOWSHOKEX (HKEYHOOK) Hookstates = false;} return (0);} LRESULT CALLBACK Keyhook (int Ncode, Word Word WPARAM, DWORD LPARAM) {static bool msflag = false; if (ncode $ # @ 62; = 0) {ix (hookstates == True) {IF ((wPARAM == 0xFF) || File: //win3.x Under button value (WPARAM == 0x5b) || (wPARAM == 0x5c)) {// Win95 button value IF ((i = = 0x15b) || (i == 0x15c)) {file: // button Press to process msflag = true; PostMessage (hwndmain, 0x7fff, 0x1, 0x3L);} else IF ((i == 0xc15b) || (i == 0xC15C)) {// button Lift Process MSFLAG = FALSE; PostMessage (HWndmain, 0x7FFF, 0x2, 0X3L);}}}} Return ((int) CallNexthookex (HKEYHOK, NCODE, WPARAM, LPARAM);} The main function of the program is to monitor the keyboard button message, convert the two special buttons to the message into a custom type message, and send custom messages to the application main window function.

2. After establishing a window in the application main function, call the IIXOKSDLL () function to initialize the dynamic link library and pass the application main window handle to the link library, and then call the installfilter () function Mount the keyboard event monitor the callback function. INITHOOKSDLL (HIMEWND); File: // Initialization DLL InstallFilter (TRUE); File: / / Install the keyboard callback function 3, when the application main window function processes a custom message, save the state of the Micro button, judge when the combined button processing use. Switch (iMessage) {

Case 0x7fff: file: // Custom Message Type

IF (lparam == 0x3L) {// Set the state of the micro button

IF (wparam == 0x1) microflag = true;

Else IF (wparam == 0x2) microflag = false;

}

Break;

4. When the button combination is performed, it is first determined whether the Micro button is pressed, and then the judgment processing of other buttons is performed.

Case WM_KeyDown: // Press to press

IF (microflag == true) {// micro button press

IF ((Byte) Hibyte (WPARAM) == 0x5b) {

// micro "[" combination key

... // Button function processing

} else IF ((byte) Hibyte (wparam) == 0x5d) {

// micro "]" combination key

... // Button function processing

}

}

Break;

5. When the application exits, you should pay attention to the download keyboard monitor function, that is, call the InstallFilter (false) function. 6. Use the methods provided herein to set your own application function buttons, while ensuring that the program function button does not conflict with other systems, the existing resources in the system are effectively utilized, and the application function is flexible while implementing the application function. Various functional calls provided in the system.

转载请注明原文地址:https://www.9cbs.com/read-4502.html

New Post(0)