2

我正在尝试通过在 WH_DEBUG 上安装全局挂钩来制作一个能够检测系统上的键盘记录器的程序。我的问题是,GetModuleHandle(以及 - 似乎 - 所有其他更晦涩的获取模块句柄的方法)返回 null。我希望这里的某个人能够对这种情况有所了解。

MainForm.cs:

using System;
using System.Collections.Generic;
using System.Drawing;
using System.Windows.Forms;
using System.Runtime;
using System.Diagnostics;
using System.Runtime.InteropServices;
using Microsoft.Win32;

namespace MouseTimer
{
    /// <summary>
    /// Description of MainForm.
    /// </summary>
    public partial class MainForm : Form
    {
        public MainForm()
        {
            InitializeComponent();
        }
        public static void log(String ltxt)
        {
            ((MainForm)Application.OpenForms[0]).richTextBox1.Text += ltxt+"\n";
            ((MainForm)Application.OpenForms[0]).richTextBox1.SelectionStart = ((MainForm)Application.OpenForms[0]).richTextBox1.Text.Length;
            ((MainForm)Application.OpenForms[0]).richTextBox1.ScrollToCaret();
        }
        public int DbgEvt(int code, IntPtr wParam, IntPtr lParam)
        {
            log("DBGEVT: "+wParam.ToString());
            return 0;
        }

        void MainFormLoad(object sender, EventArgs e)
        {
            WindowsHook wh = new WindowsHook(HookType.WH_DEBUG, DbgEvt);
            wh.Install();

        }
    }
}

WindowsHook.cs:

public class WindowsHook
{
    public delegate int HookProc(int code, IntPtr wParam, IntPtr lParam);
    protected IntPtr m_hhook = IntPtr.Zero;
    protected HookProc m_filterFunc = null;
    protected HookType m_hookType;
    public delegate void HookEventHandler(object sender, HookEventArgs e);
    public event HookEventHandler HookInvoked;
    protected void OnHookInvoked(HookEventArgs e)
    {
        if (HookInvoked != null)
            HookInvoked(this, e);
    }
    public WindowsHook(HookType hook)
    {
        m_hookType = hook;
        m_filterFunc = new HookProc(this.CoreHookProc); 
    }
    public WindowsHook(HookType hook, HookProc func)
    {
        m_hookType = hook;
        m_filterFunc = func; 
    }       
    protected int CoreHookProc(int code, IntPtr wParam, IntPtr lParam)
    {
        if (code < 0)
            return CallNextHookEx(m_hhook, code, wParam, lParam);

        HookEventArgs e = new HookEventArgs();
        e.HookCode = code;
        e.wParam = wParam;
        e.lParam = lParam;
        OnHookInvoked(e);
        return CallNextHookEx(m_hhook, code, wParam, lParam);
    }
    public void Install()
    {

        using (Process p = Process.GetCurrentProcess())
                using (ProcessModule m = p.MainModule)
        {
                m_hhook = SetWindowsHookEx(m_hookType, m_filterFunc,
               GetModuleHandle(m.ModuleName), 0);
        }

    }

    public void Uninstall()
    {
        UnhookWindowsHookEx(m_hhook); 
        m_hhook = IntPtr.Zero;
    }

    public bool IsInstalled
    {
        get{ return m_hhook != IntPtr.Zero; }
    }

    [DllImport("user32.dll", CharSet = CharSet.Auto, SetLastError = true)]
        protected static extern IntPtr SetWindowsHookEx(HookType code, 
            HookProc func,
            IntPtr hInstance,
            int threadID);

    [DllImport("user32.dll", CharSet = CharSet.Auto, SetLastError = true)]
        protected static extern int UnhookWindowsHookEx(IntPtr hhook); 

    [DllImport("user32.dll", CharSet = CharSet.Auto, SetLastError = true)]
        protected static extern int CallNextHookEx(IntPtr hhook, 
            int code, IntPtr wParam, IntPtr lParam);
    [DllImport("kernel32.dll", CharSet = CharSet.Auto, SetLastError = true)]
        private static extern IntPtr GetModuleHandle(string lpModuleName);

}

问题是,当我尝试(低级)鼠标钩子时,它在没有模块句柄的情况下就可以很好地钩子。所以我不确定问题是什么。任何人都可以帮忙吗?

提前致谢,

麦克风

4

1 回答 1

1

.Net 不支持全局挂钩。

见这里: http: //support.microsoft.com/kb/318804 ?wa=wsignin1.0

我从中引用:

除了 WH_KEYBOARD_LL 低级挂钩和 WH_MOUSE_LL 低级挂钩,您不能在 Microsoft .NET Framework 中实现全局挂钩。要安装全局挂钩,挂钩必须具有本机 DLL 导出,以将自身注入另一个需要有效、一致的函数才能调用的进程。此行为需要 DLL 导出。.NET Framework 不支持 DLL 导出。托管代码没有函数指针一致值的概念,因为这些函数指针是动态构建的代理。

于 2013-03-27T12:32:26.613 回答