逆向 | dll注入挂键盘钩子

逆向 | dll注入挂键盘钩子

有的对线程有要求的调用可以挂键盘钩子,之前没存档，这次重写一遍：

// injecteddll.cpp : Defines the entry point for the DLL application.
//

#include "stdafx.h"
#include <stdio.h>
#include <windows.h>
extern "C" __declspec(dllexport) void __stdcall hi()   // 导出一个函数，并没有实际作用
{
	printf("hi from dll \n ");
}

typedef struct tagKBDLLHOOKSTRUCT {
  DWORD     vkCode;
  DWORD     scanCode;
  DWORD     flags;
  DWORD     time;
  VOID* dwExtraInfo;
} KBDLLHOOKSTRUCT, *LPKBDLLHOOKSTRUCT, *PKBDLLHOOKSTRUCT;

#define WH_KEYBOARD_LL 13

HANDLE g_hModule = NULL;
HHOOK g_LowKeyBoardHook=NULL;

LRESULT CALLBACK LowLevelKeyboardProc(int nCode,WPARAM wParam,LPARAM lParam){
	if(nCode==HC_ACTION){
		if(((KBDLLHOOKSTRUCT*)lParam)->vkCode==VK_HOME && wParam==WM_KEYDOWN){
			// TODO
			// ...
			return TRUE;
		}
	}
	return CallNextHookEx(g_LowKeyBoardHook, nCode, wParam,lParam);
}



BOOL APIENTRY DllMain( HANDLE hModule, 
                       DWORD  ul_reason_for_call, 
                       LPVOID lpReserved
					 )
{
	CHAR buf[256] = {0};
	if (ul_reason_for_call == DLL_PROCESS_ATTACH){    // dll被加载时调用
		//hi();
		g_hModule = hModule;
		g_LowKeyBoardHook = SetWindowsHookEx(WH_KEYBOARD_LL,(HOOKPROC)LowLevelKeyboardProc, (HMODULE)g_hModule,0);
	}
    return TRUE;
}