小默

[zz]HOOK

钩子函数

钩子函数可以截获并处理其他应用程序的消息。每当特定的消息发出,在没有到达目的窗口前,钩子程序就先捕获该消息,亦即钩子函数先得到控制权。这时钩子函数即可以加工处理(改变)该消息,也可以不作处理而继续传递该消息,还可以强制结束消息的传递。
钩子的种类很多,每种钩子可以截获并处理相应的消息,如键盘钩子可以截获键盘消息,外壳钩子可以截取、启动和关闭应用程序的消息等
关于HOOK
Hooks
A hook is a point in the system message-handling mechanism where an application can install a subroutine to monitor the message traffic in the system and process certain types of messages before they reach the target window procedure.

安装一个HOOK,SetWindowsHookEx
对每种类型的钩子由系统来维护一个钩子链,最近安装的钩子放在链的开始,而最先安装的钩子放在最后,也就是后加入的先获得控制权
The SetWindowsHookEx function installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread.
HHOOK SetWindowsHookEx(
int idHook,        // hook type.请查看MSDN获得详细信息
HOOKPROC lpfn,     // hook procedure
HINSTANCE hMod,    // handle to application instance
DWORD dwThreadId   // thread identifier
);

得到控制权的钩子函数在完成对消息的处理后,如果想要该消息继续传递,那么它必须调用另外一个SDK中的API函数CallNextHookEx来传递它。
(对一个事件处理的hook可能有多个,它们成链状,使用CallNextHookEx一级一级地调用。简单解释过来就是“调用下一个HOOK” )
CallNextHookEx
The CallNextHookEx function passes the hook information to the next hook procedure in the current hook chain. A hook procedure can call this function either before or after processing the hook information.
LRESULT CallNextHookEx(
HHOOK hhk,      // handle to current hook
int nCode,      // hook code passed to hook procedure
WPARAM wParam, // value passed to hook procedure
LPARAM lParam   // value passed to hook procedure
);

hook处理函数
LRESULT CALLBACK HookProc(
int nCode,
WPARAM wParam,
LPARAM lParam
);

取消HOOK
UnhookWindowsHookEx
The UnhookWindowsHookEx function removes a hook procedure installed in a hook chain by the SetWindowsHookEx function.
BOOL UnhookWindowsHookEx(
HHOOK hhk   // handle to hook procedure
);

 

示例:
[code]
// 监视鼠标消息
// hook处理函数声明
LRESULT CALLBACK MyMouseProc(int nCode, WPARAM wParam, LPARAM lParam);
static BOOL StartWatchingMouse(); // 开始监视
static void StopWatchingMouse();    // 结束
static HHOOK hHook = NULL;    //hook指针
/*======================================================
*Function:StartWatchingMouse()
*Author:wuhuiran 05-7-23
*Desc:开始监视鼠标
*Record:
--------------------------------------------------------
========================================================*/
BOOL StartWatchingMouse()
{
hHook = SetWindowHookEx(WM_MOUSE, (HOOKPROC) MyMouseProc,
   (HINSTANCE) NULL, GetCurrentThreadId());
  
if(!hHook)
{
   return FALSE;
}

return TRUE;

}

/*======================================================
*Function:StartWatchingMouse()
*Author:wuhuiran 05-7-23
*Desc:取消监视鼠标
*Record:
--------------------------------------------------------
========================================================*/
void StopWatchingMouse()
{
if(hHook)
{
   UnHookWindowHookEx(hHook);
   hHook = NULL;
}
}

/*======================================================
*Function:StartWatchingMouse()
*Author:wuhuiran 05-7-23
*Desc:HOOK处理函数
*Record:
--------------------------------------------------------
========================================================*/
LRESULT CALLBACK MyMouseProc(int nCode, WPARAM wParam, LPARAM lParam)
{
if(nCode < 0)
{
   return CallNextHookEx(hHook, nCode, wParam, lParam);
  
}

MOUSEHOOKSTRUCT *pMouseHookStruct;   //鼠标HOOK结构体
pMouseHookStruct = (MOUSEHOOKSTRUCT *)lParam;

POINT pt = pMouseHookStruct->pt;
//动一下鼠标就会显示鼠标位置
CString strMsg;
strMsg.Format("x:\t%d\ny:\t%d", pt.x, pt.y);
AfxMessageBox(strMsg);

return CallNextHookEx(myHook, nCode, wParam, lParam);
}
[/code]

注意:
hook会使系统变慢,除非必要,不要频繁使用。在不使用的时候尽快删除
全局钩子必须放在DLL中

只是简单介绍了一下钩子函数的使用方法,具体的函数介绍请参阅MSDN和其他文章。

posted on 2009-10-22 21:15 小默 阅读(295) 评论(0)  编辑 收藏 引用 所属分类: Security


只有注册用户登录后才能发表评论。
网站导航: 博客园   IT新闻   BlogJava   博问   Chat2DB   管理


导航

统计

留言簿(13)

随笔分类(287)

随笔档案(289)

漏洞

搜索

积分与排名

最新评论

阅读排行榜