Keyword hook hook application technology original author name Zhang enhancement
Introducing the hook technology, which is widely used in system monitoring and message management with its powerful features. He can intercept messages before the message reaches the target window, and any processing system messages, and reaches the function that the general application cannot achieve. This paper mainly introduces the application and role of hook technology from the type, role, application of hooks. And add an example and process of a shell hook.
Reader Rating 3 Rating Times 1
Text When you create a hook, the Windows system creates a data structure that contains the information you created, and the mounting hook is inserted into the system hook list, pay attention: new insertion is placed Old front. When the specified hook event is triggered, the local hook only needs to call the hook function in the process to preprocess the event. The global hook needs to insert the process into other address space. To do this, you need to have a dynamic connection library. Put the hook function in the library. But there are two exceptions, just log hooks and logs play back hooks, it is a special hook, which can be mounted to any process within the system, and do not need to write a DLL to map to other processes. Memory space (About log hook, have a chance to introduce again). I. Classification of hooks: Installing different hooks, intercepting different message types, with targeted messages to the required messages, the hooks are mainly divided into the following categories: WH_CallWndProc Send messages to the window. The message sent to the window by SendMallWndProcret to send the WH_CallWndProcret. The message that triggers wh_getMessage is sent to the window when the sendMessage processing is returned. GetMessage or PeekMessage triggers the wh_keybroad keyboard hook, the keyboard triggered the message. WM_KEYUP or WM_KEYDOWN message WH_KEYBROAD_LL formation keyboard hooks WH_Mouse mouse hook, query mouse event message wh_mouse_ll low-level keyboard hook wh_hardware Non-mouse, keyboard message When the WH_MSGFilter dialog, menu or scroll bar to process a message. This hook is partial. WH_SYSMSGFILTER is the same as WH_MSGFilter, the system ranges. WH_DEBUG debugging hooks, hook function is used to monitor and record the debug WH_JOURNALRECORD input events WH_JOURNALPLAYBACK playback recorded events with WH_JOURNALRECORD WH_SHELL shell hook, when an event occurs with respect to the housing when WINDOWS triggered when WH_CBT when the computer-based training (CBT) event WH_FOREGROUNDIDLE front desk The application thread is turned to be idle, and the hook is activated. Second, the type of hook: Global hook: Global hook can hook an event of other processes, there are two types: thread-based, which will capture an event in other processes. Briefly, events that can be used to observe a particular thread in other processes will occur. 2, the system range, the event message will occur in all processes in the capture system. Local hook: Only hook the event of your own process.
Third, install the hook: setWindowshookex function protest: hhook setWindowshookex (int IDHOK, // hook type, see [1] hookproc lpfn, // hook function address instance hmod, // The case of the instance of the hook, DWORD DWTHREADID / / Hook Monitor thread thread number) hmod: For the line program hook, parameter biver; for the system hook: Parameter is the handle of the hook DLL DWTHREADID: For global hook, this parameter is NULL. Returns: Success: Returns SetWindowsHookEx returns the hook handle installed; failure: NULL; Fourth, unloading hook: (. HHOOK hhk // To uninstall the hook handle): UnhookWindowsHookEx function prototype BOOL UnhookWindowsHookEx V. hook function: MyHookProc hook function is a callback function. When the installed hook is hooked to the specified event message, the system automatically calls the hook function. Define the following: LRESULT WINAPI MYHOKPROC (int ncode, / / Specify if you need to handle the message wparam wparam, // contains additional messages containing the message) LParam lparam // Contains additional message containing the message) Sixth, call the next hook CallNexthookex Since Windows The hook structure is stored in a linked list, which is obvious that the message will be passed by one by one, and finally reaches the target window, so we have handled the message to the next hook by the responsibility. Of course, you may not, but I still recommend that you continue to pass. The function is defined as follows: LRESULT CALLNEXTHOKEX (HHOOK HHK, / / is your own hook function handle.
Use this handle to traverse the hook chain int ncode, // simply pass the incoming parameters to CallNexthookex can wparam wparam, // simply pass the incoming parameters to CallNexthookex can be lparam lparam // Simple passing the incoming parameters Give CallNexthookex); Sixth, the use case This example is installed a shell hook to achieve monitoring and management of system operations. The main functions are: 1. Monitor the operation of the application in the system, record the name, program open time and Turn off time. 2. Prohibit the operation of some programs, such as calculators, games, etc., no matter how users do, the program will not be opened. Main file: manage.dll // Hook dynamic library file management.exe // Executive file itself manage.txt // Operation log files Manage.ini // Prohibited window Name management MANAGE.TXT file operation is as follows: Program introduction: 1. Establish a .dll file, this is a global hook dynamic link library, Here is a hook for Sheel's Window Create. : Bool StartHook (HWND HWND) and Bool Stophook (). 3. Establish a global shared data segment. As follows: #pragma data_seg ("managershare") hHOOK G_HKSHELL = NULL; // shell hook handle Hinstance g_hinstance = null; // DLL instance Handle HWND G_HWNDMAI n = NULL; // EXE message processing window #pragma data_seg () 4. StartHook StopHook and processing as follows: BOOL CManagerHook :: StopHook () {return UnhookWindowsHookEx (g_hkShell);} BOOL CManagerHook :: StartHook (HWND hWnd) {if (hwnd) {g_hkshell = setWindowshookex (wh_shell, shellhookProc, g_hinstance, 0); g_hwndmain = hwnd;} Return G_HKSHELL? TRUE: FALSE
