Win32编程之全局钩子(十七)

一、动态链接库

库头文件:

?
1
2
3
4
5
6
7
8
#pragma once
 
#include <Windows.h>
 
extern "C" {
    __declspec(dllexport) void __stdcall SetHookVal(HHOOK hookVal);
    __declspec(dllexport) LRESULT CALLBACK MouseProc(int code, WPARAM wParam, LPARAM lParam);
}

库源文件: 

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
#include "HookMsg.h"
#include <Windows.h>
 
/* 共享数据段 */
#pragma data_seg("shared")
HHOOK g_hHook = 0;
#pragma data_seg()
 
#pragma comment(linker, "/section:shared,rws")
 
BOOL APIENTRY DllMain(HMODULE hModule,
    DWORD  ul_reason_for_call,
    LPVOID lpReserved
)
{
    switch (ul_reason_for_call) {
    case DLL_PROCESS_ATTACH:
        OutputDebugString(TEXT("HookMsg DLL_PROCESS_ATTACH"));
        break;
    case DLL_THREAD_ATTACH:
        OutputDebugString(TEXT("HookMsg DLL_THREAD_ATTACH"));
        break;
    case DLL_THREAD_DETACH:
        OutputDebugString(TEXT("HookMsg DLL_THREAD_DETACH"));
        break;
    case DLL_PROCESS_DETACH:
        OutputDebugString(TEXT("HookMsg DLL_PROCESS_DETACH"));
        break;
    }
    return TRUE;
}
 
void __stdcall SetHookVal(HHOOK hookVal)
{
    g_hHook = hookVal;
}
 
LRESULT CALLBACK MouseProc(int code, WPARAM wParam, LPARAM lParam)
{
    if (code < 0) {
        return CallNextHookEx(g_hHook, code, wParam, lParam);
    }
     
    switch (wParam) {
    case WM_LBUTTONDOWN: {
        OutputDebugString(TEXT("HookMsg MouseProc WM_LBUTTONDOWN"));
        PMOUSEHOOKSTRUCT pInfo = (PMOUSEHOOKSTRUCT)lParam;
        WCHAR buff[30] = { 0 };
        wsprintf(buff, TEXT("HookMsg (%d, %d)"), pInfo->pt.x, pInfo->pt.y);
        OutputDebugString(buff);
    }
    default:
        break;
    }
 
    return CallNextHookEx(g_hHook, code, wParam, lParam);
}

二、全局钩子调用  

?
1
2
3
4
5
6
7
8
9
10
11
12
13
typedef LRESULT (CALLBACK *MOUSE_PROC) (int code, WPARAM wParam, LPARAM lParam);
typedef void (WINAPI *HOOK_VAL) (HHOOK hookVal);
 
void SetWinHook() {
    OutputDebugString(TEXT("hookApp Load Library"));
    g_hModule = LoadLibrary(TEXT("HookMsg.dll"));
    if (g_hModule != NULL) {
        MOUSE_PROC pMouse = (MOUSE_PROC)GetProcAddress(g_hModule, "MouseProc");
        HOOK_VAL pSetHook = (HOOK_VAL)GetProcAddress(g_hModule, "SetHookVal");
        HHOOK hHook = SetWindowsHookEx(WH_MOUSE, pMouse, (HINSTANCE)g_hModule, 0);
        pSetHook(hHook);
    }
}

 三、挂钩指定线程 

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
HHOOK g_hHook = 0;
HMODULE g_hModule = NULL;
 
typedef LRESULT(CALLBACK* MOUSE_PROC) (int code, WPARAM wParam, LPARAM lParam);
typedef void (WINAPI* HOOK_VAL) (HHOOK hookVal);
 
DWORD GetMainThreadIdFormName(const WCHAR* szName) {
    DWORD idThread = 0; //主线程ID
    DWORD idProcess = 0; //进程ID
 
    PROCESSENTRY32 pe; //进程信息
    pe.dwSize = sizeof(PROCESSENTRY32);
    HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); //获取系统进程列表快照
    if (Process32First(hSnapshot, &pe)) {
        //返回系统中第一个进程的信息
        do {
            if (_wcsicmp(pe.szExeFile, szName) == 0) {
                idProcess = pe.th32ProcessID;
                break;
            }
        } while (Process32Next(hSnapshot, &pe)); //下一个进程
    }
    CloseHandle(hSnapshot); //删除快照
 
    if (idProcess == 0) {
        return 0;
    }
 
    //获取进程的主线程ID
    THREADENTRY32 te;
    te.dwSize = sizeof(THREADENTRY32);
    hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0); //系统所有线程快照
    if (Thread32First(hSnapshot, &te)) {
        //第一个线程
        do {
            if (idProcess == te.th32OwnerProcessID) {
                idThread = te.th32ThreadID;
                break;
            }
        } while (Thread32Next(hSnapshot, &te)); //下一个线程  
    }
 
    CloseHandle(hSnapshot); //删除快照
    return idThread;
}
 
LRESULT CALLBACK WndProc(HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam)
{
    switch (message)
    {
    case WM_CREATE: {
        OutputDebugString(TEXT("hookApp Load Library"));
        //获取指定进程的主线程ID
        DWORD ulThreadId = GetMainThreadIdFormName(TEXT("notepad.exe"));
        g_hModule = LoadLibrary(TEXT("HookMsg.dll"));
        if (g_hModule != NULL) {
            MOUSE_PROC pMouse = (MOUSE_PROC)GetProcAddress(g_hModule, "MouseProc");
            HOOK_VAL pSetHook = (HOOK_VAL)GetProcAddress(g_hModule, "SetHookVal");
            HHOOK hHook = SetWindowsHookEx(WH_MOUSE, pMouse, (HINSTANCE)g_hModule, ulThreadId);
            pSetHook(hHook);
        }
 
        break;
    }
    case WM_DESTROY: {
        if (g_hHook != 0) {
            UnhookWindowsHookEx(g_hHook);
            FreeLibrary(g_hModule);
        }
        PostQuitMessage(0);
        break;
    }              
    default:
        return DefWindowProc(hWnd, message, wParam, lParam);
    }
    return 0;
}

 

posted @   TechNomad  阅读(66)  评论(0编辑  收藏  举报
相关博文:
· Win32编程之通过SetWindowsHookEx注入DLL(十六)
· Win32编程之资源文件(三)
· 进程注入之全局钩子注入
· 钩子相关1
· Windows黑客编程之全局钩子
阅读排行:
· DeepSeek 开源周回顾「GitHub 热点速览」
· 物流快递公司核心技术能力-地址解析分单基础技术分享
· .NET 10首个预览版发布:重大改进与新特性概览!
· AI与.NET技术实操系列(二):开始使用ML.NET
· 单线程的Redis速度为什么快?
点击右上角即可分享
微信分享提示
AI FOR CODE 大赛