1

这是我第一次尝试hooks.

我正在寻找一些很好的资源来实现CallWndProc hook. MSDN 的东西有点压倒性。

我发现使用这种类型的钩子需要注入一个外部 dll。这主要是我卡住的地方。

不确定 dll 中需要什么以及.NET应用程序中需要什么。

任何dll示例?

4

3 回答 3

4

您不能用WH_CALLWNDPROCC# 等托管语言编写挂钩。因此,您需要的不仅仅是一个外部 DLL,还需要一个外部 DLL,该外部 DLL 用一种可以编译为本机代码的语言编写,例如 C 或 C++。

MSDN 文档实际上相当不错,尤其是概述Using Hooks页面上甚至还有一个示例。

我并不是要听起来令人沮丧,但是如果您发现这势不可挡,那么要使其正常工作就会遇到一些麻烦。Hooks 是 Windows 编程中非常先进的技术。在进行这样的项目之前,您需要了解窗口过程、消息循环和 Windows 应用程序的其他基础知识。它显然也有助于很好地了解 C 或 C++ 语言,因为这就是您将要使用的!

无论如何,我只是碰巧有一个我用 C 语言编写的钩子 DLL,所以我将尝试提取一些相关代码。它实际上安装了一个WH_CALLWNDRETPROC钩子,但两者非常相似。这个钩子过程在窗口过程处理完消息后被调用;您正在谈论的那个在窗口过程处理消息之前被调用。

/* The handle to the hook is stored as a shared global variable and is the
 * same for all hooked processes. We achieve that by placing it in the
 * shared data segment of the DLL.
 *
 * Note that shared global variables must be explicitly initialized.
 *
 * And also note that this is really not the ideal way of doing this; it's just
 * an easy way to get going. The better solution is to use a memory-mapped file.
 * See Also: http://msdn.microsoft.com/en-us/library/h90dkhs0.aspx
 */
#pragma comment(linker, "/section:.SHARED,rws")
#pragma data_seg(".SHARED") /* begin the shared data segment */
   HHOOK g_hhkCallWndProcRet = NULL;
#pragma data_seg()          /* end the shared data segment and default back to normal behavior */


LRESULT CALLBACK CallWndRetProc(int nCode, WPARAM wParam, LPARAM lParam)
{
   /* If nCode is greater than or equal to HC_ACTION,
    * we should process the message. */
   if (nCode >= HC_ACTION)
   {
      /* Retrieve a pointer to the structure that contains details about
       * the message, and see if it is one that we want to handle. */
      const LPCWPRETSTRUCT lpcwprs = (LPCWPRETSTRUCT)lParam;
      switch (lpcwprs->message)
      {
         /* ...SNIP: process the messages we're interested in ... */
      }
   }

   /* At this point, we are either not processing the message
    * (because nCode is less than HC_ACTION),
    * or we've already finished processing it.
    * Either way, pass the message on. */
   return CallNextHookEx(g_hhkCallWndProcRet, nCode, wParam, lParam);
}


BOOL __stdcall InstallHook(void)
{
   /* Try to install the WH_CALLWNDPROCRET hook,
    * if it is not already installed. */
   if (!g_hhkCallWndProcRet)
   {
      g_hhkCallWndProcRet = SetWindowsHookEx(WH_CALLWNDPROCRET,
                                             CallWndRetProc,
                                             g_hinstDLL,
                                             0);
      if (!g_hhkCallWndProcRet)
      {
         /* ...SNIP: handle failure condition ... */
         return FALSE;
      }
   }

   return TRUE;  /* return success */
}

BOOL __stdcall RemoveHook(void)
{
   /* Try to remove the WH_CALLWNDPROCRET hook, if it is installed. */
   if (g_hhkCallWndProcRet)
   {
      if (!UnhookWindowsHookEx(g_hhkCallWndProcRet))
      {
         /* ...SNIP: handle failure condition ... */
         return FALSE;
      }
      g_hhkCallWndProcRet = NULL;
   }

   return TRUE;  /* return success */
}
于 2013-07-19T13:42:12.880 回答
0

我写了一个关于 Windows Hook 类型的 WH_CALLWNDPROC 的代码。我想和你分享。

LRESULT Widget::HookMessageProc(int nCode, WPARAM wParam, LPARAM lParam)
{
    
    if (nCode >= HC_ACTION)
    {
        tagCWPSTRUCT* tagCwp = (tagCWPSTRUCT*)lParam;
        QString str = QString("handle =%1,message=%2,lp=%3,lw=%4").arg(QString::number((int)tagCwp->hwnd)).arg(QString::number(tagCwp->message)).arg(QString::number(tagCwp->lParam)).arg(QString::number(tagCwp->wParam));

        QFile file("d:\\text.txt");
        file.open(QIODevice::WriteOnly | QIODevice::Text|QIODevice::Append);
        file.write(str.toUtf8()+"\n");
        file.close();
        return 0;
    }
    return CallNextHookEx(g_wndHook, nCode, wParam, lParam);
}
HMODULE hApp1 = GetModuleHandle(0); //Get Self Handler .
SetWindowsHookEx(WH_CALLWNDPROC, HookProc, hApp1 , GetCurrentThreadId());
于 2021-12-03T03:35:22.277 回答
0 
    **after i run it , it shows \n:
    handle =2426644,message=36,lp=368934118416,lw=0
    handle =2426644,message=129,lp=368934118336,lw=0
    handle =2426644,message=70,lp=368934114496,lw=0
    handle =2426644,message=131,lp=368934114448,lw=1 
    handle =2426644,message=71,lp=368934114496,lw=0
    handle =2426644,message=3,lp=29950894,lw=0
    handle =2426644,message=5,lp=32506532,lw=0
    handle =2426644,message=127,lp=0,lw=2
    handle =2426644,message=127,lp=0,lw=0
    handle =2426644,message=127,lp=0,lw=1
    handle =199294,message=129,lp=368934118336,lw=0
    handle =199294,message=131,lp=368934118448,lw=0
    handle =199294,message=1,lp=368934118336,lw=0
    handle =199294,message=5,lp=0,lw=0
    So i am very confused now ,what does these data mean , how to PARSE the 
    parameters of lParam,and wParam .**
于 2021-12-03T05:24:39.857 回答