CallWndProc示例

时间:2013-07-19 13:28:45

标签: c# .net hook

这是我第一次尝试hooks

我正在寻找一些用于实施CallWndProc hook的好资源。 MSDN的东西有点压倒性的。

我发现使用这种类型的钩子需要注入外部dll。这主要是我被困住的地方。

不确定dll中需要包含哪些内容以及.NET应用中需要包含的内容。

任何dll示例?

1 个答案:

答案 0 :(得分:4)

您无法在C#等托管语言中编写WH_CALLWNDPROC挂钩。因此,您需要的不仅仅是外部DLL,而是需要使用可编译为本机代码的语言编写的外部DLL,如C或C ++。

The MSDN documentation实际上相当不错,尤其是overviewUsing Hooks页面上甚至有一个例子。

我并不是说听起来令人沮丧,但如果你发现压倒性的话,那么你就会遇到一些麻烦。钩子是Windows编程中非常先进的技术。在进行像这样的项目之前,您需要了解窗口过程,消息循环和Windows应用程序的其他基础知识。显然有助于熟悉C或C ++语言,因为这就是你将要使用的东西!

无论如何,我碰巧有一个我用C编写的钩子DLL,所以我会尝试提取一些相关的代码。它实际上安装了一个WH_CALLWNDRETPROC钩子,但两者非常相似。 窗口过程处理完消息后,该过程的钩子过程称为; 窗口过程处理完消息后,您正在谈论的那个被称为

/* The handle to the hook is stored as a shared global variable and is the
 * same for all hooked processes. We achieve that by placing it in the
 * shared data segment of the DLL.
 *
 * Note that shared global variables must be explicitly initialized.
 *
 * And also note that this is really not the ideal way of doing this; it's just
 * an easy way to get going. The better solution is to use a memory-mapped file.
 * See Also: http://msdn.microsoft.com/en-us/library/h90dkhs0.aspx
 */
#pragma comment(linker, "/section:.SHARED,rws")
#pragma data_seg(".SHARED") /* begin the shared data segment */
   HHOOK g_hhkCallWndProcRet = NULL;
#pragma data_seg()          /* end the shared data segment and default back to normal behavior */


LRESULT CALLBACK CallWndRetProc(int nCode, WPARAM wParam, LPARAM lParam)
{
   /* If nCode is greater than or equal to HC_ACTION,
    * we should process the message. */
   if (nCode >= HC_ACTION)
   {
      /* Retrieve a pointer to the structure that contains details about
       * the message, and see if it is one that we want to handle. */
      const LPCWPRETSTRUCT lpcwprs = (LPCWPRETSTRUCT)lParam;
      switch (lpcwprs->message)
      {
         /* ...SNIP: process the messages we're interested in ... */
      }
   }

   /* At this point, we are either not processing the message
    * (because nCode is less than HC_ACTION),
    * or we've already finished processing it.
    * Either way, pass the message on. */
   return CallNextHookEx(g_hhkCallWndProcRet, nCode, wParam, lParam);
}


BOOL __stdcall InstallHook(void)
{
   /* Try to install the WH_CALLWNDPROCRET hook,
    * if it is not already installed. */
   if (!g_hhkCallWndProcRet)
   {
      g_hhkCallWndProcRet = SetWindowsHookEx(WH_CALLWNDPROCRET,
                                             CallWndRetProc,
                                             g_hinstDLL,
                                             0);
      if (!g_hhkCallWndProcRet)
      {
         /* ...SNIP: handle failure condition ... */
         return FALSE;
      }
   }

   return TRUE;  /* return success */
}

BOOL __stdcall RemoveHook(void)
{
   /* Try to remove the WH_CALLWNDPROCRET hook, if it is installed. */
   if (g_hhkCallWndProcRet)
   {
      if (!UnhookWindowsHookEx(g_hhkCallWndProcRet))
      {
         /* ...SNIP: handle failure condition ... */
         return FALSE;
      }
      g_hhkCallWndProcRet = NULL;
   }

   return TRUE;  /* return success */
}
相关问题
最新问题