Intercept message (2)

zhaozj2021-02-12  166

Intercept message (2)

By SSSA2000

2004/07/03

After a holiday, I suddenly remembered this thing yet, huh, it was late. Although I also knows that there is no one, I still have the final and write it.

Last time, I intercepted the message in my form, our purpose is to intercept the news of the developer, what should I do? It is easy, we think of the hook.

Hook can be a good winter winter, there is no fun, if there is no hacker programming, there is no fun.

We hooked the message we want to get with a GetMessage hook.

Let's take a look at the setwindowshookex function, maybe everyone is familiar with me, I am still ignite once:

Setwindowshookex (IDHOOK: Integer; // hook type

LPFN: TFNHOOKPROC; // Hook function pointer

HMOD: Hinst; // Delphi is generally set to Hinstance

DWTHREADID: DWORD / / associated thread

: HHOOK; STCALL;

I don't say it. I don't say it. The hook type has many mouse keys, messages, shells, etc. WH_GetMessage type today, the use is: The GetMessage function has been searched for a message from the application queue. .

Again the DWTHREADID parameters to develop the id of the thread. The hook function can monitor this parameter defined thread, or all threads of the system. Use it to filter and process specific messages before system or window processing. If set to 0, indicating that the hook can be called within all threads. It seems that this parameter is very important to us.

Look at a simple example:

Unit unit1;

Interface

Uses

Windows, Messages, Sysutils, Classes, Graphics, Controls, Forms, Dialogs,

STDCTRLS;

Const

WM_TESTMESSAGE = WM_USER 2000;

Type

TFORM1 = Class (TFORM)

Button1: tbutton;

Procedure formcreate (Sender: TOBJECT);

Procedure Button1Click (Sender: TOBJECT);

Private

{Private Declarations}

public

{Public declarations}

END;

VAR

FORM1: TFORM1;

IMPLEMentation

{$ R * .dfm}

VAR

HookHandle: hhook;

Function TesthookProc (Code: integer; msg: longint): longint; stdcall;

Begin

IF (code = hc_action) THEN

IF PMSG (MSG) ^. Message = WM_TESTMESSAGE THEN

Begin

ShowMessage ('has intercepted this message');

END;

Result: = CallNexthooKex (HookHandle, Code, WPARAM, Longint (@msg));

END;

Procedure TFORM1.FormCreate (Sender: TOBJECT);

Begin

HookHandle: = SETWINDOWSHOOKEX (Wh_getMessage, TesthookProc, 0, GetCurrentThreadID);

END;

Procedure TFORM1.BUTTON1CLICK (Sender: TOBJECT);

Begin

Postmessage (Self.Handle, WM_TestMessage, 0, 0); END;

End.

Everyone focuses on the following:

HookHandle: = SETWINDOWSHOOKEX (Wh_getMessage, TesthookProc, 0, GetCurrentThreadID);

Used is getCurrentthreadid This is to demonstrate everyone, we can set it to 0, so you can monitor all threads.

Since every process of Windows has a stand-alone process space, if you want to perform a process insertion of other processes, we often say that INJECTION !! Wow, saying that this word is very cool.

I don't say it. Of course, there is also a way to write the hook written in the DLL. It is also possible, but it is recommended to use the insertion method after all, the global hook is relatively large.

It's awkward, I'm saying.

Please indicate the place.

转载请注明原文地址:https://www.9cbs.com/read-6281.html

New Post(0)