Learning notes for Windows Hook Mechanism

Source: Internet
Author: User

I learned hook some time ago, but I didn't take notes. I'll sort it out today.

Functions of one hook
Transfer the message body to the applicationProgramMessages are processed before the message queue. That is to say, if messages are blocked during the hook process, they will not enter the application message queue. (I have tested that we can't hook messages that use sendmessage and postmessage by ourselves. It means that the call to the hook process should be closer to the front of the message transmission process and may be triggered by an event, links after messages are formed)

Binary hook Classification
1. In-process HOOK: only messages from the process can be intercepted.
2. Global HOOK: intercepts messages from all processes.

Three Hook Functions

1. Set the hook function

Hhook winapi setwindowshookex ( Int Idhook, hookproc lpfn, hinstance hmod, DWORD dwthreadid );

Winapi does not need to be known as _ stdcall, which is a standard call Method for Windows APIs. the stack is automatically cleared by API functions.

Parameter 1: idhook, intercepted hook type, Prefix: Wh. You can enter "Wh _" in msdn to view intercepted messages of various types.
Parameter 2 lpfn is of the hookproc type, and hookproc is the alias of a function pointer defined by typedef:

Typedef lresult (callback * )( Int Ncode, wparam, lparam) hookproc;

Parameter 3 is null in the process hook, and the DLL in the hook process is specified in the system hook. It is of the hinstance type and can be obtained through getmodule.
Parameter 4 is getcurrentthreadid () during in-process hook, and set 0 when the system hook is used.

Return Value: the hook handle. You can detach the Hook based on the handle.


2. Call the function of the next hook.

Lresult winapi callnexthookex (hhook HHK, Int Ncode, wparam, lparam );

In hookproc, you can determine whether the message is to be processed by yourself. If yes, 1 is returned after processing, the hook set by others will not be called; otherwise, the next hook will be called.

3. Uninstall the hook.

Bool winapi unhookwindowshookex (hhook HHK );

Unmount a hook.

Iv. How to Set system hooks
The system hook settings need to put the hook process function into the dynamic link library. The reason is very simple. Because the dynamic link library is shared in the memory, the system can access this hook process function.
Add _ declspec (dllexport) to the original hook process, and then other processes import the hook process function. When setjavaswhookex is called, set the third parameter to the DLL module obtained by getmodule, set the fourth parameter to 0.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.