Hook Technology-Meet our program's perspective

Source: Internet
Author: User
In Windows, the virtual memory technology enables Code It is not easy to access the code in another process. Of course, this is not easy to bring strong robustness. Because even if this process is caused by a memory rewrite error Program Crash, but the other process is still quite secure.

Today we are talking about breaking the boundaries of processes and letting our code go to the home of other processes.

To use the Hook Technology, you need to write the DLL and map the DLL to the address space of another process. In DLL, We need to hook the process to hook messages, mouse events, and Keyboard Events.

First, let's look at a function for Hook mounting:

Hhook setwindowshookex ( Int Idhook;
Hookproc lpfn;
Hinstance hmod;
DWORD dwthreadid );

Among them, ihook specifies the hook type, with 13 statistics:
The "Hook" before wh_callwndproc sends messages to a specified window"
The "Hook" that the wh_callwndprocret message has been processed in the window"
Wh_cbt "Hook" Based on Computer Training"
Wh_debug error "Hook"
Wh_foregroundidle frontend idle window "Hook"
Wh_getmessage: "Hook" for receiving message delivery"
Wh_journalplayback plays back the input messages previously recorded by wh_journalrecord "Hook"
Wh_journalrecord: input message record "Hook"
Wh_keyboard Keyboard Message "Hook"
Wh_mouse mouse message "Hook"
Enter the message "Hook" in the wh_msgfilter dialog box, message box, menu, or scroll bar"
Wh_shell shell "Hook"
Wh_sysmsgfilter system message "Hook"

The lpfn parameter points to the pointer of the hook processing function. Hmod identifies the handle of the module where the hook processing function is located. Dwthreadid specifies the ID of the thread to be monitored. It can be obtained using the getcurrentthreadid () function. If this parameter is set to 0, it indicates the hook of all threads in the monitoring system.

After the hook is installed, if the monitored behavior occurs, the system calls the hook processing function at the hook linked list for processing. When processing each hook handler, consider whether to pass the event to the next hook handler. If it is to be passed, it will be solved through the callnesthookex () function. However, in actual use, we strongly recommend that you call the callnexthookex () function at the end of the process, regardless of whether event transmission is required, otherwise, unexpected system behaviors or system locks may occur.

After using the hook, remember to release the hook. The function for releasing the hook is as follows:
Bool unhookwindowshookex (hhook HHK );

Program instance to be continued.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.