Low-level keyboard hook masked WIN key, ALT TAB key response
If you are using a Windows operating system to do system integration, you may want your final product exclusive system resources. You want to regulate user behavior, such as you don't want users to terminate a process by pressing Ctrl Alt Del, or pressing the WIN key pop-up menu, or pressing the Alt Tab Combination key to switch to other applications. The author has a related article "Win2K / NT shielded Ctrl Alt DEL response" describes how to shield Ctrl Alt Del through the GINA programming interface. As a continuation, this article will continue to introduce a method of masking the WIN key and the Alt Tab key combination. Since these buttons respond to the system level, we cannot simply control them through a program. Therefore, we need another programming interface-hook (hook) provided by Microsoft. Everyone may have already known the hook (there are many articles that introduce hook technology and applications on the Internet). Simply put, the hook is a standard interface to intercept the specific event (message) by replacing the system, and ultimately reaching a technique for changing or enhancing the purpose of the system default behavior. Our current task is to press the WIN button or Alt Tab key button, but the system has not responded to intercept them before, and then change the default behavior of the system. Obviously, we have to do a global hook (the hook function is implemented in a separate DLL), and is a low level keyboard hook. The first step, the implementation of the hook DLL. Let's first define a global data area (remember this is a global hook), as follows (on the cpp file): #pragma data_seg ("mydata") hHOOK GLHHOOK = NULL; // Installed Mouse hook handle Hinstance Glhinstance = NULL; // DLL instance handle #pragma data_seg () then declares this data area in the .def file, as follows: Sections MyData Read Write Shared When this DLL is loaded by a process, the program enters from WinMain, at this time You need to save the module handle, as follows: GLHINSTANCE = (Hinstance) hmodule; Next, we will define two export functions, and the handle of the hook. We focus on this hook handler (the other two export functions are relatively simple, just to implement the installation / unload hook function by calling SETWINDOWSHOKEX and UNHOOKWINDOWSHOKEX; only pay attention to the first parameter of SETWINDOWSHOKEX is wh_Keyboard_LL, the fourth parameter is 0). ____________________________________________________________________
DELPHI routine: the system function and Alt Esc key unit Unit1; interfaceuses Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms, Dialogs, StdCtrls; type TForm1 = class (TForm) Button1: TButton; Button2: TButton; label1: TLabel; procedure Button1Click (Sender: TObject); procedure Button2Click (Sender: TObject); private {Private declarations} public {public declarations} end; {key message structure, Delphi also not themselves define it. This is why I said that there is one of the programs like Cere. It must also be noted that this structure can only be used in Windows NT 4 SP3 or more} tagkbdllhookstruct = Packed Record vkcode: dword; // Virtual key value scancode: dword; // scan code value (no use, I don't understand ^ _ ^) {Some expansion signs, this value is more troublesome, I don't quite understand this on MSDN, but according to this program, the sixth digit (binary) of this flag value is 1, the Alt button is 0} Flags : DWORD; time: DWORD; // message timestamp dwExtraInfo: DWORD; // extended information related to the message end; KBDLLHOOKSTRUCT = tagKBDLLHOOKSTRUCT; PKBDLLHOOKSTRUCT = ^ KBDLLHOOKSTRUCT; // this is the index value lower keyboard hook, Delphi not, You must define const wh_keyboard_ll = 13; // Define a constant and the Flags comparison in the above structure and derive whether the ALT button is pressed whether constlevant llkhf_altdown = $ 20; VAR FORM1: TFORM1; hhklowlevelkybd: hhook; importation {Function: Low-level keyboard Hook callback function, filter message parameters inside: ncode is the hook flag WPARAM indicates that the type of message is a pointer to the structure of the structure KBDLHOOKSTRUCT that we defined above. Return value: If not 0, Windows throws this message, The program will not receive this message.
