The Windows operating system is based on the event drive mechanism, and communication between the parties of the system is also implemented by the mutual transfer of messages. However, in general, the application can only handle messages from the internal part of the process or send it from other processes. If you need to intercept the message to be delivered, you must take a Hook (hook) Technology. The hook is a very important system interface in the Windows operating system that can easily intercept and process messages passing between other applications, and thus can complete special features that are difficult to implement in common applications. Based on the powerful function of the hook in the message interception processing, this article is discussed in the basic concept of the hook in the programming background of VC 6.0 and its implementation process. To make it easy, in the article, a simple application example of the mouse hook is also given.
Basic principle of hook
The essence of the hook is a program used to handle system messages, and hang it into the system through system call. There are many types of hooks, and each hook is responsible for intercepting and handling corresponding messages. The hook mechanism allows the application to intercept and process messages or specific events sent to the specified window, which can be created in this process can be created in this process. In a specific message, the hook program first cuts this message and obtains the control of it before arriving at the window. At this point, various modifications can be performed on the intercepted message, even forcibly termination of the continued delivery of the message.
Any hook is maintained by the system, which is a pointer list (hook table), which corrects the respective processing functions of the hook. Recently installed hooks are placed in the beginning of the chain, the earliest mounted hook is placed in the final, when the message monitored by the hooks, the first hook handler of the operating system calls the list is handled, that is, the last joined hook Get control. The hook processing function mentioned here must be a callback function (Callback function) and cannot be defined as a class member function, and must be defined as a normal C function. When using the hook, it can be divided into two categories only depending on its monitoring range, where the thread hook can only monitor a thread, and the global hook can monitor all threads running under the current system. . Obviously, the thread hook can be seen as a subset of the global hook, although the global hook is powerful but also is more cumbersome: The implementation of its hook function must be packaged in the dynamic link library.
Hook installation and uninstall
Since the global hook has a considerable broad range and is functionally covered with thread hooks, the installation and use of global hooks are mainly discussed below. As mentioned earlier, the operating system performs message interception by calling the first hook processing function at the beginning of the hook list. Therefore, in order to set the hook, simply placing the callback function is placed in the chain, the operating system will be called first. The function setWindowsHooKex () is responsible for placing the callback function in the start position of the hook table. SetWindowsHooKex () function prototype declaration is as follows:
HHOOK SETWINDOWSHOKEX (Int IDHOK; HookProc LPFN; Hinstance Hmod; DWORD DWTHREADID);
Where: Parameter IDHOOK specifies the type of hook, there are a total of the "hook" WH_CallWndProcret message processed by the WH_CallWndProc system before the message is sent to the "hook" WH_CBT-based "hook" WH_CBT based on computer training "hook" WH_Debug error "hook" WH_FOREGROUNDIDLE front idle window "hook" the WH_GETMESSAGE received message delivery "hook" WH_JOURNALPLAYBACK playback previously entered message by WH_JOURNALRECORD "hook" recorded WH_JOURNALRECORD incoming message record "hook" the WH_KEYBOARD keyboard message "hook" WH_MOUSE mouse messages "hook" WH_MSGFILTER Dialog box, message box, menu, or scroll bar input message "Hook" WHELL housing "hook" WH_SYSMSGFILTER system message "hook" parameter LPFN is a pointer to the hook handler, the first address of the callback function; the parameter hmod identifies hook processing The handle of the module where the function is located; the fourth parameter dwthreadID specifies the monitored thread, and if it is clearly specified that the ID of a thread is only monitored, the hook is thread hook; if the parameter is set to 0, Then, this hook is a global hook for monitoring all threads. This function will return a hook handle after execution. Although the thread hook does not require a global hook, it must be placed in a dynamic link library, but it is recommended to implement it in a dynamic link library. Because such processing can not only make the hook can be accessed for multiple processes within the system, or it can be called directly in the system, but also for a hook that only the order process is accessible, it can also place its hook processing process in the mounting hook. Within the same thread, the third parameter of the setWindowsHooKex () function is also an instance handle of the thread.
After the setWindowsHooKex () function completes the installation of the hook, if the monitored event occurs, the system immediately calls the hook processing function at the beginning of the corresponding hook chain table, each hook processing function is considered when the corresponding processing is performed. Do you need to pass an event to the next hook handler. If you want to pass, you can solve it through the function callnesthookex (). Despite this, in actual use, it is highly recommended whether or not an event transfer is required at the final call of the CallNexThooKex () function, otherwise some unpredictable system behavior or system locking. This function will return the address of the next hook processing in the hook table, as for the specific return value type, depending on the set hook type. The prototype declaration of this function is as follows:
LResult CallnexthooKex (HHOOK HHK; INT NCODE; WPARAM WPARAM; LPARAM LPARAM);
Where the parameter hHK is the current hook handle returned by the setWindowsHookex () function; the parameter ncode is the event code for the hook process; the parameters WPARAM and LPARAM are the parameter value of the hook processing function, and the specific meaning of the specifically the same hook type related.
Finally, since the mounting hook has a certain impact on the performance of the system, it should be unloaded in time to release the resources in time after the hook is used. The function of the release hook is unHookWindowsHooKex (), which is more simple to have a parameter for specifying the hook handle returned by the setWindowsHooKex () function. The prototype declaration is as follows:
Bool UnHookWindowshookex (HHOOK HHK); Simple example of mouse hook
Finally, in order to see the application of Hook technology in VC programming, a simple example of the use of mouse hooks is given. The global hook is used when the hook is set. The implementation of the mouse hook installation, use, and unloading is described below:
Since this routine needs to use global hooks, first construct a carrier-dynamic link library of global hooks. Considering the difference in Win32 DLL and Win16 DLL, you must share data between multiple processes in a Win32 environment, you must take some steps to extract the data to be shared to a separate data segment and set its property through the DEF file. Sharing for reading and writing:
#pragma data_seg ( "TestData") HWND glhPrevTarWnd = NULL; // window handle HWND glhHook = NULL; // mouse hook handle HINSTANCE glhInstance = NULL; // DLL instance handle #pragma data_seg () ...... SECTIONS // def file Set the data section TestData to read and write TestData Read Write Shared
When installing the global mouse hook, use the function setWindowsHooKex (), and set the process function of the mouse hook to mouseproc (), and the hook handle returned by the installation function is saved in the variable Glhhook:
Void StartHook (HWND HWND) {... GLHHOOK = (HWND) SETWINDOWSHOOKEX (Wh_Mouse, MouseProc, Glhinstance, 0);}
After the mouse hook is installed, the mouse message will be issued when moving, click the mouse, which is processed by the message processing function mouseproc (). Here, whenever any mouse message issued by each thread is sent to the system, the window handle under the location of the current mouse is first obtained, and further obtains the window title by getWindowText () function. After the processing function is completed, the event passed the event to the next hook processing function in the hook list by callnexthookex () function:
LRESULT WINAPI MouseProc (int nCode, WPARAM wParam, LPARAM lParam) {LPMOUSEHOOKSTRUCT pMouseHook = (MOUSEHOOKSTRUCT FAR *) lParam; if (nCode> = 0) {HWND glhTargetWnd = pMouseHook-> hwnd; // get the target window handle HWND ParentWnd = glhTargetWnd ; while (ParentWnd = NULL!) {glhTargetWnd = ParentWnd; // get the main application window handle ParentWnd = GetParent (glhTargetWnd);} if (! glhTargetWnd = glhPrevTarWnd) {char szCaption [100]; // take the title of the window GetWindowText (GLHTARGETWND, SZCAPTION, 100); ...}} // Continue to transfer Message Return CallNexthookex ((hHOOK) GLHHHOK, NCODE, WPARAM, LPARAM;
Finally, call the unHookWindowsHooKex () function to complete the uninstallation of the hook:
Void stophook () {... unhookwindowshookex ((hHOOK) GLHHOOK;
Now, the dynamic link library of the mouse hook is now compiled. Requires the application to be invoked by the application to implement interception processing of the mouse messages of each thread under the current system. This part does not have any difference with the usual dynamic link library. After loading it to the process, first call the status of the StartHook () function to install the hook, at this time, the mouse message under the system can be intercepted, The dynamic link library is unloaded to stop the mouse hook through the StopHook () function in the dynamic link library when the mouse hook is terminated. After the above programming, when the mouse hook is installed, the mouse is moved to the current window when moving to any window of the system, will be obtained by the interception processing of the mouse message. Experiments prove that the installation, use and unloading process of this mouse hook is correct.
summary
Hooks, especially system hooks have considerable functions, and through this technique can intercept almost all Windows system messages and events. This technique is widely used in various automatic monitoring systems to monitor process external messages. This article only provides a brief explore to some of the basic principles and general use methods of the hook, and the readers of interest can be used to achieve other types of hooks such as keyboard hooks, hook hooks, such as keyboard hooks, hooks. Installation and use. The code described herein is compiled by Microsoft Visual C 6.0 under Windows 98.
