Hook Guide Author: Li Jin Published: 2001/02/27
Thesis:
Hook, is a platform for a Windows message processing mechanism that can be set up in the above, and some messages of the specified window are set, and the monitored window can be created by other processes. When the message arrives, handle it before the target window handles the function. This article will briefly introduce the principle of hooks and how to use hooks.
text:
The concept hook mechanism for hooks Use the guide hook allows applications to intercept Window messages or specific events. There are similar situations with the DOS interrupt interception process. Hook, is a platform for a Windows message processing mechanism that can be set up in the above, and some messages of the specified window are set, and the monitored window can be created by other processes. When the message arrives, handle it before the target window handles the function. Every hook has a pointer list associated with it, called a hook chain, pointed to each process of this hook. A hook handles a type of message. When the message monitored by the hook appears, Windows calls the first hook subsequence in the linked list. Some types of hooks can only set up a process in the system range, and the remaining type hooks can also be set in a specific thread (settings with SETWINDOWSHOKEX). For a particular type of hook (it handles a type of message), the thread hook subsidiary is called first, followed by the system hook. The hook subsidy is an application-defined callback function (Callback function), cannot be defined as a member function of a class, can only be defined as a normal C function. For example: Lresult Callback HookProc (int Ncode, WPARAM WPARAM, LPARAM LPARAM) hook settings can use the API function setWindowsHookex () to install a hook subscription that an application-defined hook table. The mounted hook subsidiary is used to monitor the system or a particular type of event, which can be associated with a particular thread or an event in the system. HHOOK SETWINDOWSHOKEX (Type of Int IDHOK, // Hook, that is, the message type hookproC lpfn, // hook substructure. If the DWTHREADID parameter is 0 or a thread created by another process, LPFN must Point to the hook subroutine in the DLL. In addition, the LPFN can point to a hook subscip code of the current process. Hinstance HMOD, // Application instance handle. Identify the DLL of the subaudes referred to in LPFN. If the DWTHREADID identifies the current A thread created by the process, and the subsector code is in the current process, and the hmod must be NULL. DWORD DWTHREADID / / The identifier of the thread associated with the installed hook subroutine, if 0, the hook substructure associated with all threads. ); The function is successful, returns the handle of the hook substructure, and the failure returns NULL. The above-mentioned hook subsequence is associated with thread refers to a message sent to the thread in a hook list simultaneously transmits the hook subsequence, and is processed by the hook subspening. Although this is not forced, it is generally recommended to call the callNexthooKex () function in the hook child to perform the next hook subscriber referred to in the hook linker. Otherwise, the application that is not installed will not receive the hook notification, resulting in an error result. CallNextHooKex () should be called unless you do need to prohibit the notification of other applications. Before the program terminates, you must call the unHookWindowsHooKex () function to release the system resources associated with the hook.