Source: csdn Author: xstring I don't know what you started to understand hook, I have read Jeffrey Richter's "Windows Advanced Programming Guide" (the new Chinese version is translated as "Windows core programming"). In this book, the author introduces three methods to inject code into other processes, one of which is the global message hook. I first learned about global hooks from this book. We should all know that the global message hook depends on a DLL to work properly. As a result, I think that global hooks depend on a DLL to work normally. I think most people must think the same way as me. But this is not the case. Some global hooks can work normally without any DLL. These hooks include wh_journalplayback, wh_journalrecord, wh_keyboard_ll, and wh_mouse_ll. Why can these hooks work properly without relying on the DLL? We can get the answer from msdn, which describes the four hooks as "this Hook is called in the context of the thread that installed it. the hook function is called in the context of the thread where the hook is installed, the hook function is executed in which thread. Therefore, the use of these four hooks does not achieve the effect of code injection, of course, it can be independent of any DLL. In msdn, only some hooks are pointed out that dll must still be used. The following is an example of the code for the underlying keyboard hook. Of course, DLL is not required. /* Kbhook. cpp */ # DEFINE _ win32_winnt 0400 # Define strict # Define win32_lean_and_mean # Include <stdio. h> # Include <stdlib. h> # Include <windows. h> DWORD g_main_tid = 0; Hhook g_kb_hook = 0; Bool callback con_handler (DWORD) { Postthreadmessage (g_main_tid, wm_quit, 0, 0 ); Return true; }; Lresult callback kb_proc (INT code, wparam W, lparam L) { Pkbdllhookstruct P = (pkbdllhookstruct) L; Const char * info = NULL; If (W = wm_keydown) Info = "Key DN "; Else if (W = wm_keyup) Info = "key up "; Else if (W = wm_syskeydown) Info = "sys key DN "; Else if (W = wm_syskeyup) Info = "sys key up "; Printf ("% s-vkcode [% 04x], scancode [% 04x] \ n ", Info, p-> vkcode, p-> scancode ); // Always call next hook Return callnexthookex (g_kb_hook, code, W, L ); }; Int main (void) { G_main_tid = getcurrentthreadid (); Setconsolectrlhandler (& con_handler, true ); G_kb_hook = setwindowshookex ( Wh_keyboard_ll, & Kb_proc, Getmodulehandle (null), // cannot be null, otherwise it fails 0 ); If (g_kb_hook = NULL) { Fprintf (stderr, "Setwindowshookex failed with error % d \ n ", : Getlasterror ()); Return 0; }; // Message loop is required. You can check msdn for the reason. MSG; While (getmessage (& MSG, null, 0, 0 )) { Translatemessage (& MSG ); Dispatchmessage (& MSG ); }; Unhookwindowshookex (g_kb_hook ); Return 0; }; The following article introduces how to put hook processing functions in DLL to implement global hooks. ----------------------------------- For beginners of DLL-a simple implementation of full keyboard hook Author: Unknown Source: collected from the Internet and reproduced on: 0:49:30 With the development of middleware technology, DLL is becoming more and more popular for programmers. Because Using DLL has a series of advantages, program designers may use this technology in their own software. Next I will analyze a simple full-process keyboard hook. Hook [hereinafter referred to as Hook] is a mechanism set up by an application in Microsoft Windows to monitor a message stream and process a type of message that has not reached the destination window in the system. If the hook process is implemented in the application, the hook does not work if the application is not the current window. If the hook is implemented in the DLL, the program dynamically calls it during running, it can monitor the system in real time. As needed, we adopt the method of implementing hook in DLL [For more details about Hook, please refer to the information]. Create a Win32 dynamic-Link Library Project in VC named kblock. Appwizard will generate related files and compile the generated kblock. cpp: # Include "stdafx. H" # Include "kblock. H" Hhook hhkhook = NULL; // define the hook handle Hinstance = NULL; // program instance // The following dllmain is equivalent to the winmain function in the Win32 program and is the entry point. Bool apientry dllmain (handle hmodule, DWORD ul_reason_for_call, Lpvoid lpreserved ) { Switch (ul_reason_for_call) { Case dll_process_attach: Case dll_thread_attach: Case dll_thread_detach: Case dll_process_detach: Break; } Hinstance = (hinstance) hmodule; // obtain the DLL instance Return true; } // This is the main function for processing keyboard messages, in which operations are prohibited Lresult callback hookproc (INT ncode, wparam, lparam) { If (ncode <0) { Return callnexthookex (hhkhook, ncode, wparam, lparam ); } If (ncode! = Hc_action) { Return callnexthookex (hhkhook, ncode, wparam, lparam ); } // A prompt is displayed, indicating that the keyboard has been locked. You need to check whether a prompt window exists. Otherwise, a prompt will be displayed. If (! : Findwindow (0, "keyboard locked ")) { : MessageBox (0, "the keyboard is locked !!! "," Keyboard locked ", mb_ OK ); } Return 1; // if no return callnexthookex (hhkhook, ncode, wparam, lparam) is returned, the message is not transmitted. Therefore, our Keyboard does not work. } // This is an example of an exported variable // Export function: Start keyboard lock Bool enablekeyboardcapture () { If (! (Hhkhook = setwindowshookex (wh_keyboard, (hookproc) hookproc, hinstance, 0 ))) Return false; Return true; } // Export function: Unlock the keyboard Bool disablekeyboardcapture () { Return unhookwindowshookex (hhkhook ); } The above is the most important code in the DLL. To make the DLL work normally, you must edit the kblock. h file: _ Declspec (dllexport) bool enablekeyboardcapture (); // load the hook _ Declspec (dllexport) bool disablekeyboardcapture (); // uninstall the hook Edit kblock. Def. ; Kblock. Def: Declares the module parameters for the DLL. Library "kblock" Description 'kblock Windows dynamic link library' Exports ; Explicit exports can go here Enablekeyboardcapture @ 1 Disablekeyboardcapture @ 2 When we use depends.exe to view the DLL, we will find the two export functions. DLL has been completed, so that we can call it in the program. Although the DLL is developed by VC, the foreground program that calls it can be implemented in any other languages that support DLL calling, such as VB, Vc, Delphi, and win32asm. The following uses VC as an example, to call the DLL. Create a project based on dialog and add two buttons: "LOCK keyboard" and "unlock" Add a member function to the cexedlg class: /* Sign = true lock Sign = false unlock */ Bool cexedlg: kblock (bool sign) { Hdll =: loadlibrary (_ T ("kblock. dll"); // load DLL If (hdll! = NULL) {Loadhook = (loadhook): getprocaddress (hdll, "enablekeyboardcapture "); Unloadhook = (unloadhook): getprocaddress (hdll, "disablekeyboardcapture "); If (loadhook = NULL | unloadhook = NULL) {: MessageBox (0, "Sorry, this function cannot be used !!! "," Somthing wrong ", mb_ OK ); Return 0; } If (sign) Loadhook (); Else { Unloadhook (); : Freelibrary (hdll ); } Return 1; } : MessageBox (0, "failed to load dynamic library !!! "," Somthing wrong ", mb_ OK ); Return 0; } The predefined global variables are used: Typedef bool (callback * loadhook )(); Typedef bool (callback * unloadhook )(); Hinstance hdll = NULL; Loadhook; Unloadhook; In this way, we can add kblock (true); and kblock (false); to the two buttons respectively. Of course, you need to put the DLL file in the corresponding directory ..------ Must DLL be used for global hooks?
Kugou123 (cool dog) (tough life, no need to explain www.xiaozhou.net) reply to 23:17:04 score 0 Hooks are classified into global hooks and local hooks. If you only hook messages in this process, you can write the message callback function together with the function that calls the hook, that is, you only need to write an EXE. To hook a global message, you need a global hook. In this way, you need to inject your hook code into every process of the system. The best way to achieve this is to use DLL. The system automatically injects the DLL into all process spaces. Therefore, it is not necessary to write a DLL for Hook. It depends on the scope you are using !!! -- Codewarrior (thinking grass) on the 26th floor replied to 16:01:12 score 0 This should start from the beginning. Under 98, the memory is divided into 2G and 2g, so I don't need to be so arrogant about the two parts. Basically it is similar to 2 K. However, there is a difference. For DLL, 9x may install it in a high 2 GB for efficiency consideration, so that code can be shared among multiple processes, so the three well-known DLL files are in high 2 GB, and all processes use the same copy. This makes the global API hook more convenient. You only need to load the DLL to a 2 GB high, and use a simple JMP to jump to our hook DLL at the API entry, after processing, jump back. The reason for creating a DLL is that the DLL can be easily loaded into a 2G address space. Now you understand? As long as a module can be loaded into a space of 2 GB, it does not have to be a DLL. But in the same case, 2 k is no longer true, and the DLL is loaded in 2G. Even a system DLL such as user32.dll has a copy for each process, therefore, even if you modify the DLL of this process, it cannot affect other processes. To complete the global Hook, you must automatically load our hook DLL to every process in the system, for processes running in the future, automatic loading is also required. The Registry has a table entry that specifies that a DLL must be automatically loaded when each process starts, this is a little more convenient for completing the API hook :) |