Learning notes for Windows Hook Mechanism

I learned hook some time ago, but I didn't take notes. I'll sort it out today.

Functions of one hook
Transfer the message body to the applicationProgramMessages are processed before the message queue. That is to say, if messages are blocked during the hook process, they will not enter the application message queue. (I have tested that we can't hook messages that use sendmessage and postmessage by ourselves. It means that the call to the hook process should be closer to the front of the message transmission process and may be triggered by an event, links after messages are formed)

Binary hook Classification
1. In-process HOOK: only messages from the process can be intercepted.
2. Global HOOK: intercepts messages from all processes.

Three Hook Functions

1. Set the hook function

Hhook winapi setwindowshookex ( Int Idhook, hookproc lpfn, hinstance hmod, DWORD dwthreadid );

Winapi does not need to be known as _ stdcall, which is a standard call Method for Windows APIs. the stack is automatically cleared by API functions.

Parameter 1: idhook, intercepted hook type, Prefix: Wh. You can enter "Wh _" in msdn to view intercepted messages of various types.
Parameter 2 lpfn is of the hookproc type, and hookproc is the alias of a function pointer defined by typedef:

Typedef lresult (callback * )( Int Ncode, wparam, lparam) hookproc;

Parameter 3 is null in the process hook, and the DLL in the hook process is specified in the system hook. It is of the hinstance type and can be obtained through getmodule.
Parameter 4 is getcurrentthreadid () during in-process hook, and set 0 when the system hook is used.

Return Value: the hook handle. You can detach the Hook based on the handle.

2. Call the function of the next hook.

Lresult winapi callnexthookex (hhook HHK, Int Ncode, wparam, lparam );

In hookproc, you can determine whether the message is to be processed by yourself. If yes, 1 is returned after processing, the hook set by others will not be called; otherwise, the next hook will be called.

3. Uninstall the hook.

Bool winapi unhookwindowshookex (hhook HHK );

Unmount a hook.

Iv. How to Set system hooks
The system hook settings need to put the hook process function into the dynamic link library. The reason is very simple. Because the dynamic link library is shared in the memory, the system can access this hook process function.
Add _ declspec (dllexport) to the original hook process, and then other processes import the hook process function. When setjavaswhookex is called, set the third parameter to the DLL module obtained by getmodule, set the fourth parameter to 0.