One. Written in the forehead
The content of this article only wants to explain the use of hooks with the most popular language, and the details of the hook can be referred to the following URL:
http://www.microsoft.com/china/community/program/originalarticles/techdoc/hook.mspx
two. Learn about hooks
Understand from the literal, the hook is to hook something, and you can use the hook to process some Windows messages in advance.
Example: There is a form, there is a TextBox, we want users to entertain in TextBox, no matter which key of the keyboard, the textBox is always "A", then we can use the hook to listen to the keyboard message. First, join a hook list of Windows to the hook list, as long as one pressing the keyboard will generate a keyboard message, our hook will intercept it before this message is transmitted to TextBox, let TextBox display a "A ", After the end of this message, so that TextBox is always" a ".
Message interception sequence: Since it is intercepted message, it is always necessary, the hook is to determine the order in order to add to the hook list. That is to say, the hook to the linked list is first obtained first get the message.
Intercept range: The hook is divided into thread hooks and global hooks, and thread hooks can only intercept the threads, and the global hook can intercept the entire system message. I think it should try to use a thread hook, and the global hook may affect other programs if used improperly.
three. Start a popular
Here, make a thread hook mentioned in the simple example mentioned in the above.
Step 1: Disclaimer API function
With hooks, you need to use the WindowsAPI function, so you have to declare these API functions.
/ / Install the hook
[DLLIMPORT ("User32.dll", Charset = Charset.auto, CallingConvention = CALLINGCONVENTION.STDCALL)]
Public Static Extern Int Setwindowshookex (int IDHOKEX (Int IDHOK, HOOKPROC LPFN, INTPTR HINSTANCE, INT THREADID);
// Uninstall the hook
[DLLIMPORT ("User32.dll", Charset = Charset.auto, CallingConvention = CALLINGCONVENTION.STDCALL)]
Public Static Extern Bool UnHookWindowsHookex (Int IDHOOK);
/ / Continue the next hook
[DLLIMPORT ("User32.dll", Charset = Charset.auto, CallingConvention = CALLINGCONVENTION.STDCALL)]
Public Static Extern Int CallNexthookex (int IDHOK, INT NCODE, INT32 WPARAM, INTPTR LPARAM);
/ / Get the current thread number
[DLLIMPORT ("kernel32.dll")]]]]
Static Extern Int getCurrentThreadId ();
Declare an API function, you can call directly.
Step 2: Declaration, definition.
Public Delegate Int HookProc (int Ncode, Int32 WPARAM, INTPTR LPARAM);
Static int hKeyboardHook = 0;
HookProc KeyboardHookProcedure;
First explain the delegation, the hook must use the standard hook subscrotor, the hook subscro is a method, which is to process the TEXTBOX to display "A" in the above example. The hook subsidiard must be defined according to HookProc (int Ncode, INT32 WPARAM, INTPTR LPARAM), and three parameters get data about the message.
When using the setWindowsHooKex function to install the hook, return the handle of the hook subrout, the HKEYBOARDHOK variable records the returned handle, if the HKEYBOARDHOOK is not 0, the hook is installed successfully.
Step 3: Writing the hook
The hook subsidiary is what hooks to do.
Private Int KeyboardHookProc (int Ncode, Int32 WParam, INTPTR LPARAM)
{
IF (ncode> = 0)
{
TextBox1.text = "a";
Return 1;
}
Return CallNexthookex (HKEYBOARDHOK, NCODE, WPARAM, LPARAM);
}
We write a method to return an int value, including three parameters. As shown above, complying with the standard of hook subsidiaries.
The ncode parameter is hook code, and the hook subscro uses this parameter to determine the task, the value of this parameter depends on the hook type.
The WPARAM and LPARAM parameters contain message information, we can extract the information you need.
The content of the method can be written as needed, we need TextBox to display "A", then we will write here. When the hook intercepted the message, the hook substru will be called, and the program is taken down. Intercepted message How to deal with the return value of the subtext, if you return 1, then end the message, this message is not available, no longer passed. If you return 0 or call the callNextHooKex function, the message has been transferred to the message, which is transmitted to the message real recipient.
Step 4: Install the hook, uninstall the hook
Preparation is completed, the rest is to put the hook into the hook list.
We can write two methods to call in the program. code show as below:
/ / Install the hook
Public void hookstart ()
{
IF (hmousehook == 0)
{
// Create a HookProc instance
MousehookProcedure = New HookProc (MousehookProc);
// Set thread hook
HMousehook = setWindowshookex (2, KeyboardHookProcedure, INTPTR.ZERO,
GetCurrentThreadID ());
// If you set a hook failure
IF (hmousehook == 0)
{
Hookstop ();
Throw New Exception ("SETWINDOWSHOKEX FAILED.");
}
}
}
// Uninstall the hook
Public void hookstop ()
{
Bool retkeyboard = true;
IF (HKEYBOARDHOK! = 0)
{
Retkeyboard = unhookwindowshookex (HKEYBOARDHOK);
HKEYBOARDHOK = 0;
}
IF (! (! "throw new exception (" UnHookWindowsHookex
Failed. ");
}
The key to installing the hook and unloading hooks is the SetWindowsHookex and UNHOOKWINDOWSHOKEX methods.
SetWindowsHookex (int IDHOK, INTTREADID) function Adds the hook to the hook list, indicating that the four parameters: IDHOOK hook type, that is, determine the hook monitors, set to 2 in the above code, ie Listening to the keyboard message and is a thread hook. If it is a global hook monitor keyboard message, the thread hook monitors the mouse message set to 7, the global hook monitor mouse message is set to 14.
The address pointer of the LPFN hook subsite If the DWTHREADID parameter is 0 or a thread of a thread created by another process, the LPFN must point to the hook subrout in the DLL. In addition, the LPFN can point to a hook subscip code of the current process. The entrance address of the hook function calls this function when the hook hook is hooked to any message.
Hinstance application instance handle. Identify the DLL of the subarand that contains LPFN. If the ThreadID identifies a thread created by the current process, and the subsystem is located in the current process, and the Hinstance must be NULL. It can make it easy to set an instance handle for this application.
Threaded is associated with the identifier of the thread associated with the mounted hook subsidiary. If 0, the hook subscro is associated with all threads, which is a global hook.
The SETWINDOWSHOKEX method in the above code is installed with a thread hook, with the getCurrentThreadID () function to get the current thread ID, the hook only monitors the keyboard message of the current thread.
The UnHookWindowsHooKex (int IDHOOK) function is used to uninstall the hook, unloading the hook is independent of the order of the joining the hook list, is not the first out.
four. External branch
Install global hook
The above use is a thread hook, and if the global hook is to be used slightly in the mounting of the hook. as follows:
Setwindowshookex (13, KeyboardHookProcedure,
Marshal.Gethinstance (Assembly.GetexecutingAssembly (). GetModules () [0]), 0)
This statement is defined in the global hook.
Submine message processing
The hook subsidiary can get two parameters of message information WPRAMA, LPARAM. How to transfer these two parameters to what we are more likely to understand.
For mouse messages, we can define the following structure:
Public struct MSG
{
Public Point P;
Public INTPTR HWND;
Public uint whittecode;
Public int dwextrainfo;
}
For keyboard messages, we can define this structure below:
Public struct keymsg
{
Public int vkcode;
Public int scancode;
Public int flag;
Public int Time;
Public int dwextrainfo;
}
Then we can convert LPARAM data to MSG or KeyMSG structural data in the subcroks.
MSG M = (MSG) Marshal.PTRTOStructure (LPARAM, TYPEOF (MSG));
Keymsg M = (Keymsg) Marshal.PTRTOStructure (LPARAM, TYPEOF (KEYMSG));
This makes it more convenient to obtain the relevant information of the mouse message or keyboard message, for example, the handle of the mouse coordinates, HWnd is a control of the control, and vkcode is the button code.
Note: This statement can be used for thread hooks and global hooks that monitor mouse messages, but the thread hooks for listening to keyboard messages will be wrong, currently looking for reasons.
If it is a thread hook that listens to the keyboard message, we can determine whether the button is pressed or lifted according to the positive and negative of the lParam value, and determine which button is pressed according to the wparam value. // Press the key
Keys keydata = (keys) wparam;
IF (lparam.toint32 ()> 0)
{
/ / Keyboard press
}
IF (lparam.toint32 () <0)
{
/ / Keyboard lift
}
If it is the global hook of the keyboard message, the button is pressed or raised to determine according to the wparam value.
WPARAM = = 0x100 / / keyboard Press
WPARAM = = 0x101 // keyboard lift
Fives. Written in the last
The basic usage of the hook is introduced. Summary, the hook hooked from the normal message job, and entered the hook subsite as some operations, then put it back to normal jobs or end the message.
