hook钩子类型
钩子类型1-2:WH_CALLWNDPROC and WH_CALLWNDPROCRET Hook(callwndproc callwndprocret)
The WH_CALLWNDPROC and WH_CALLWNDPROCRET hooks enable you to monitor messages sent to window procedures. The system calls a WH_CALLWNDPROC hook procedure before passing the message to the receiving window procedure, and calls the WH_CALLWNDPROCRET hook procedure after the window procedure has processed the message.
WH_CALLWNDPROC和WH_CALLWNDPROCRET钩子使你能够监视发送到window程序的消息。系统在将消息传递给正在接收的window程序之前,调用WH_CALLWNDPROC钩子子程;在window程序处理完消息之后,调用WH_CALLWNDPROCRET钩子子程。
The WH_CALLWNDPROCRET hook passes a pointer to a CWPRETSTRUCT structure to the hook procedure. The structure contains the return value from the window procedure that processed the message, as well as the message parameters associated with the message. Subclassing the window does not work for messages set between processes.
WH_CALLWNDPROCRET钩子将一个指向CWPRETSTRUCT结构的的指针传递给钩子子程。该结构包含有来自处理该消息的window程序的返回值,以及消息中的参数。子类窗体不能处理进程间的消息集
钩子类型3:WH_CBT Hook
The system calls a WH_CBT hook procedure before activating, creating, destroying, minimizing, maximizing, moving, or sizing a window; before completing a system command; before removing a mouse or keyboard event from the system message queue; before setting the input focus; or before synchronizing with the system message queue. The value the hook procedure returns determines whether the system allows or prevents one of these operations. The WH_CBT hook is intended primarily for computer-based training (CBT) applications.
在以下事件发生之前,系统会调用WH_CBT钩子子程:
1、窗台被激活、创建、销毁、最小化、最大化、移动或者改变大小;
2、执行完系统命令;
3、从系统消息队列中移除鼠标或者键盘事件;
4、设置输入焦点;
5、同步系统消息队列;
钩子子程的返回值决定了系统是允许了还是阻止了这些操作中的一个。WH_CBT钩子主要是用在基于计算机的练习(CBT)程序中。
钩子类型4:WH_DEBUG Hook
The system calls a WH_DEBUG hook procedure before calling hook procedures associated with any other hook in the system. You can use this hook to determine whether to allow the system to call hook procedures associated with other types of hooks.
在调用与系统中任何其他钩子关联的钩子子程之前,系统会调用WH_DEBUG钩子子程。使用该钩子来决定是否允许系统调用与其他类型的钩子相关联的钩子子程。
钩子类型5:WH_FOREGROUNDIDLE(foreground idle) Hook
The WH_FOREGROUNDIDLE hook enables you to perform low priority tasks during times when its foreground thread is idle. The system calls a WH_FOREGROUNDIDLE hook procedure when the application's foreground thread is about to become idle.
WH_FOREGROUNDIDLE钩子允许当前台线程空闲时,执行低权限的任务。系统在应用程序的前台线程即将空闲时,调用WH_FOREGROUNDIDLE钩子子程。
钩子类型6:WH_GETMESSAGE(get message) Hook
The WH_GETMESSAGE hook enables an application to monitor messages about to be returned by the GetMessage or PeekMessage function. You can use the WH_GETMESSAGE hook to monitor mouse and keyboard input and other messages posted to the message queue.
WH_GETMESSAGE程序允许应用程序监视即将由方法GetMessage或者PeekMessage返回的消息。可以使用WH_GETMESSAGE钩子监视鼠标和键盘输入,以及其他传递给消息队列的消息。
钩子类型7:WH_JOURNALPLAYBACK(journal playback) Hook
The WH_JOURNALPLAYBACK hook enables an application to insert messages into the system message queue. You can use this hook to play back a series of mouse and keyboard events recorded earlier by using the WH_JOURNALRECORD Hook. Regular mouse and keyboard input is disabled as long as a WH_JOURNALPLAYBACK hook is installed. A WH_JOURNALPLAYBACK hook is a global hook — it cannot be used as a thread-specific hook.
The WH_JOURNALPLAYBACK hook returns a time-out value. This value tells the system how many milliseconds to wait before processing the current message from the playback hook. This enables the hook to control the timing of the events it plays back.
WH_JOURNALPLAYBACK钩子允许应用程序将消息插入到系统消息队列中。使用该钩子回放先前使用WH_JOURNALRECORD钩子记录的一系列鼠标和键盘事件。在WH_JOURNALPLAYBACK被安装后,常规的鼠标和键盘输入被禁用。WH_JOURNALPLAYBACK钩子是全局钩子,不能被用作线程钩子。WH_JOURNALPLAYBACK钩子返回一个超时值。该值告诉系统在处理来自回放钩子的当前消息之前等待了多少毫秒。这允许该钩子控制回放事件的速度。
钩子类型8:WH_JOURNALRECORD(journal record) Hook
The WH_JOURNALRECORD hook enables you to monitor and record input events. Typically, you use this hook to record a sequence of mouse and keyboard events to play back later by using the WH_JOURNALPLAYBACK Hook. The WH_JOURNALRECORD hook is a global hook — it cannot be used as a thread-specific hook.
WH_JOURNALRECORD钩子允许监视并且记录输入事件。典型的,使用该钩子来记录顺序的的鼠标和键盘事件,以后可以使用WH_JOURNALPLAYBACK.钩子进行回放。该钩子是全局钩子,不能被用作进程钩子。
钩子类型9:WH_KEYBOARD_LL Hook
The WH_KEYBOARD_LL hook enables you to monitor keyboard input events about to be posted in a thread input queue.
WH_KEYBOARD_LL钩子监视在线程输入队列中,即将被传递的键盘输入事件。钩子类型10:WH_KEYBOARD Hook
The WH_KEYBOARD hook enables an application to monitor message traffic for WM_KEYDOWN and WM_KEYUP messages about to be returned by the GetMessage or PeekMessage function. You can use the WH_KEYBOARD hook to monitor keyboard input posted to a message queue.
WH_KEYBOARD钩子允许应用程序监视即将被GetMessage或者PeekMessage方法返回的WM_KEYDOWN或者WM_KEYUP消息。使用WH_KEYBOARD钩子可以监视传递到消息队列中的键盘输入。
钩子类型11:WH_MOUSE_LL Hook
The WH_MOUSE_LL hook enables you to monitor mouse input events about to be posted in a thread input queue.
WH_MOUSE_LL钩子监视在线程输入队列中,即将被传递的鼠标输入事件。
钩子类型12:WH_MOUSE Hook
The WH_MOUSE hook enables you to monitor mouse messages about to be returned by the GetMessage or PeekMessage function. You can use the WH_MOUSE hook to monitor mouse input posted to a message queue.
WH_MOUSE钩子允许监视即将被GetMessage或者PeekMessage方法返回的鼠标消息。使用该钩子监视传递到线程输入队列的鼠标输入。
钩子类型13、14:WH_MSGFILTER and WH_SYSMSGFILTER(msg filter sysmsg filter) Hooks
The WH_MSGFILTER and WH_SYSMSGFILTER hooks enable you to monitor messages about to be processed by a menu, scroll bar, message box, or dialog box, and to detect when a different window is about to be activated as a result of the user's pressing the ALT+TAB or ALT+ESC key combination. The WH_MSGFILTER hook can only monitor messages passed to a menu, scroll bar, message box, or dialog box created by the application that installed the hook procedure. The WH_SYSMSGFILTER hook monitors such messages for all applications.
WH_MSGFILTER和WH_SYSMSGFILTER钩子允许监视即将由菜单、滚动条、消息框、对话框处理的消息,并且在用户按下了ALT+TAB或者ALT+ESC组合键后,检测何时一个不同的窗口将被激活。WH_MSGFILTER钩子仅仅能监视传递到菜单、滚动条、消息框或者由安装了钩子子程的应用程序建立的对话框的消息。WH_SYSMSGFILTER钩子监视所有应用程序的这类消息。
The WH_MSGFILTER and WH_SYSMSGFILTER hooks enable you to perform message filtering during modal loops that is equivalent to the filtering done in the main message loop. For example, an application often examines a new message in the main loop between the time it retrieves the message from the queue and the time it dispatches the message, performing special processing as appropriate. However, during a modal loop, the system retrieves and dispatches messages without allowing an application the chance to filter the messages in its main message loop. If an application installs a WH_MSGFILTER or WH_SYSMSGFILTER hook procedure, the system calls the procedure during the modal loop.
WH_MSGFILTER和WH_SYSMSGFILTER钩子允许在模式循环期间执行消息过滤,这和在主消息循环中执行过滤是等效的。例如,应用程序在它从队列中收到消息到分派消息期间,经常在主循环中检查新的消息,执行适当的处理。然而,在模式循环期间,系统会收到、分派消息,但是并不给应用程序机会去过滤主消息循环中的消息。如果应用程序安装了WH_MSGFILTER或者WH_SYSMSGFILTER钩子子程,系统会在模式循环期间调用钩子子程。
An application can call the WH_MSGFILTER hook directly by calling the CallMsgFilter function. By using this function, the application can use the same code to filter messages during modal loops as it uses in the main message loop. To do so, encapsulate the filtering operations in a WH_MSGFILTER hook procedure and call CallMsgFilter between the calls to the GetMessage and DispatchMessage functions.
应用程序可以通过调用CallMsgFilter方法直接调用WH_MSGFILTER钩子。通过使用该方法,应用程序可以像在主消息循环中一样,使用同样的代码来过滤消息。这样做呢,可以在WH_MSGFILTER钩子子程中封装过滤的操作,在调用GetMessage和DispatchMessage方法期间调用CallMsgFilter。
while (GetMessage(&msg, (HWND) NULL, 0, 0))
{
if (!CallMsgFilter(&qmsg, 0))
DispatchMessage(&qmsg);
}
The last argument of CallMsgFilter is simply passed to the hook procedure; you can enter any value. The hook procedure, by defining a constant such as MSGF_MAINLOOP, can use this value to determine where the procedure was called from.
CallMsgFilter的最后一个参数简单的传递给钩子子程;可以输入任何值。钩子子程,通过定义像MSGF_MAINLOOP一样的常量,可以使用该值来决定钩子子程是被哪里调用的。
钩子类型15:WH_SHELL Hook
A shell application can use the WH_SHELL hook to receive important notifications. The system calls a WH_SHELL hook procedure when the shell application is about to be activated and when a top-level window is created or destroyed.
加壳程序可以使用WH_SHELL钩子来接收重要的通知。当加壳程序即将被激活时、当处在最顶层的窗口被创建或者销毁时,系统会调用WH_SHELL钩子子程。
Note that custom shell applications do not receive WH_SHELL messages. Therefore, any application that registers itself as the default shell must call the SystemParametersInfo function with SPI_SETMINIMIZEDMETRICS before it (or any other application) can receive WH_SHELL messages.
注意:常规加壳程序并不接收WH_SHELL消息。因此,任何将自己注册为默认外壳的应用程序必须在它(或者任何其它应用程序)能够接收WH_SHELL消息之前调用带有SPI_SETMINIMIZEDMETRICS的SystemParametersInfo方法。
WH_JOURNALPLAYBACK,WH_JOURNALRECORD,WH_KEYBOARD_LL,WH_MOUSE_LL、WH_SYSMSGFILTER这5种钩子本身的作用域就是全局的,不管钩子是直接写在应用程序的代码里还是放在DLL中,他们都能够钩住系统的消息。剩下的10种钩子,他们的作用域既可以是线程的又可以是全局的,当将相应的钩子直接写在应用程序的代码中时,他们只能捕获当前线程上下文的消息。那么他们如何实现捕获全局消息的功能呢?当把钩子写入到一个单独的DLL中再引用后,系统自动将该DLL映射到受钩子函数影响的所有进程的地址空间中,即将这个DLL注入了那些进程,从而达到捕获全局消息的目的。相对来说,前面5种钩子本身就是全局的,是不需要注入的。
因此,对于前面问题的答案就是:要实现捕获全局消息功能的钩子,是否要写在单独的DLL里面,取决于钩子的类型以及相应的作用域。
如果对于同一事件既安装了线程勾子又安装了全局勾子,那么系统会自动先调用线程勾子,然后调用全局勾子。