Intercept message (2)
By SSSA2000
2004/07/03
After a holiday, I suddenly remembered this thing yet, huh, it was late. Although I also knows that there is no one, I still have the final and write it.
Last time, I intercepted the message in my form, our purpose is to intercept the news of the developer, what should I do? It is easy, we think of the hook.
Hook can be a good winter winter, there is no fun, if there is no hacker programming, there is no fun.
We hooked the message we want to get with a GetMessage hook.
Let's take a look at the setwindowshookex function, maybe everyone is familiar with me, I am still ignite once:
Setwindowshookex (IDHOOK: Integer; // hook type
LPFN: TFNHOOKPROC; // Hook function pointer
HMOD: Hinst; // Delphi is generally set to Hinstance
DWTHREADID: DWORD / / associated thread
: HHOOK; STCALL;
I don't say it. I don't say it. The hook type has many mouse keys, messages, shells, etc. WH_GetMessage type today, the use is: The GetMessage function has been searched for a message from the application queue. .
Again the DWTHREADID parameters to develop the id of the thread. The hook function can monitor this parameter defined thread, or all threads of the system. Use it to filter and process specific messages before system or window processing. If set to 0, indicating that the hook can be called within all threads. It seems that this parameter is very important to us.
Look at a simple example:
Unit unit1;
Interface
Uses
Windows, Messages, Sysutils, Classes, Graphics, Controls, Forms, Dialogs,
STDCTRLS;
Const
WM_TESTMESSAGE = WM_USER 2000;
Type
TFORM1 = Class (TFORM)
Button1: tbutton;
Procedure formcreate (Sender: TOBJECT);
Procedure Button1Click (Sender: TOBJECT);
Private
{Private Declarations}
public
{Public declarations}
END;
VAR
FORM1: TFORM1;
IMPLEMentation
{$ R * .dfm}
VAR
HookHandle: hhook;
Function TesthookProc (Code: integer; msg: longint): longint; stdcall;
Begin
IF (code = hc_action) THEN
IF PMSG (MSG) ^. Message = WM_TESTMESSAGE THEN
Begin
ShowMessage ('has intercepted this message');
END;
Result: = CallNexthooKex (HookHandle, Code, WPARAM, Longint (@msg));
END;
Procedure TFORM1.FormCreate (Sender: TOBJECT);
Begin
HookHandle: = SETWINDOWSHOOKEX (Wh_getMessage, TesthookProc, 0, GetCurrentThreadID);
END;
Procedure TFORM1.BUTTON1CLICK (Sender: TOBJECT);
Begin
Postmessage (Self.Handle, WM_TestMessage, 0, 0); END;
End.
Everyone focuses on the following:
HookHandle: = SETWINDOWSHOOKEX (Wh_getMessage, TesthookProc, 0, GetCurrentThreadID);
Used is getCurrentthreadid This is to demonstrate everyone, we can set it to 0, so you can monitor all threads.
Since every process of Windows has a stand-alone process space, if you want to perform a process insertion of other processes, we often say that INJECTION !! Wow, saying that this word is very cool.
I don't say it. Of course, there is also a way to write the hook written in the DLL. It is also possible, but it is recommended to use the insertion method after all, the global hook is relatively large.
It's awkward, I'm saying.
Please indicate the place.
