Hook Technology-Meet our program's perspective

In Windows, the virtual memory technology enables Code It is not easy to access the code in another process. Of course, this is not easy to bring strong robustness. Because even if this process is caused by a memory rewrite error Program Crash, but the other process is still quite secure.

Today we are talking about breaking the boundaries of processes and letting our code go to the home of other processes.

To use the Hook Technology, you need to write the DLL and map the DLL to the address space of another process. In DLL, We need to hook the process to hook messages, mouse events, and Keyboard Events.

First, let's look at a function for Hook mounting:

Hhook setwindowshookex ( Int Idhook;
Hookproc lpfn;
Hinstance hmod;
DWORD dwthreadid );

Among them, ihook specifies the hook type, with 13 statistics:
The "Hook" before wh_callwndproc sends messages to a specified window"
The "Hook" that the wh_callwndprocret message has been processed in the window"
Wh_cbt "Hook" Based on Computer Training"
Wh_debug error "Hook"
Wh_foregroundidle frontend idle window "Hook"
Wh_getmessage: "Hook" for receiving message delivery"
Wh_journalplayback plays back the input messages previously recorded by wh_journalrecord "Hook"
Wh_journalrecord: input message record "Hook"
Wh_keyboard Keyboard Message "Hook"
Wh_mouse mouse message "Hook"
Enter the message "Hook" in the wh_msgfilter dialog box, message box, menu, or scroll bar"
Wh_shell shell "Hook"
Wh_sysmsgfilter system message "Hook"

The lpfn parameter points to the pointer of the hook processing function. Hmod identifies the handle of the module where the hook processing function is located. Dwthreadid specifies the ID of the thread to be monitored. It can be obtained using the getcurrentthreadid () function. If this parameter is set to 0, it indicates the hook of all threads in the monitoring system.

After the hook is installed, if the monitored behavior occurs, the system calls the hook processing function at the hook linked list for processing. When processing each hook handler, consider whether to pass the event to the next hook handler. If it is to be passed, it will be solved through the callnesthookex () function. However, in actual use, we strongly recommend that you call the callnexthookex () function at the end of the process, regardless of whether event transmission is required, otherwise, unexpected system behaviors or system locks may occur.

After using the hook, remember to release the hook. The function for releasing the hook is as follows:
Bool unhookwindowshookex (hhook HHK );

Program instance to be continued.