WH_CALLWNDPROC鉤子在xp下可以正常截獲訊息,但在win7下只能截獲自己的訊息是怎么回事?
uj5u.com熱心網友回復:
uj5u.com熱心網友回復:
麻煩各位大神 告知問題出在哪里?win7需要做特殊處理嗎uj5u.com熱心網友回復:
1 Hook其它行程的 需要做成DLL2 如果64位系統 可能需要編譯成64位
3 檢查鉤子是否安裝成功
uj5u.com熱心網友回復:
WinAPIOverride http://jacquelin.potier.free.fr/winapioverride32/uj5u.com熱心網友回復:
謝謝趙4老師,好東西我回去慢慢看uj5u.com熱心網友回復:
鉤子的確是做成的dll,win764位32位都嘗試了還是只能獲取自己行程的訊息,從SetWindowsHookEx回傳值看是安裝成功了。
總之就是只能在自己行程中有效果,應該是沒注入其他行程空間中。但是在xp下一切正常。
uj5u.com熱心網友回復:
附上簡單demo偽代碼 ,幫忙看看有什么問題鉤子dll的頭檔案HookDll.h
#ifdef KEYHOOKLIB_EXPORTS
#define KEYHOOKLIB_API extern "C" __declspec(dllexport) //匯出宏
#else
#define KEYHOOKLIB_API extern "C" __declspec(dllimport) //匯入宏
#endif
#include <windows.h>
#include <string>
#include <vector>
using namespace std;
// 自定義與主程式通信的訊息
#define HM_MYHOOK WM_USER + 105 //自定義訊息
// 宣告要匯出的函式
KEYHOOKLIB_API BOOL SetHook(BOOL bInstall, DWORD dwThreadId = 0, HWND hWndCaller = NULL);
鉤子dll的cpp檔案HookDll.cpp:
#define KEYHOOKLIB_EXPORTS
#include "HookDll.h"
#pragma data_seg("MyShared")
HWND g_hWndCaller = NULL; // 保存傳入dll的exe中主視窗句柄
HHOOK g_hHook = NULL; // 保存生成的鉤子句柄
#pragma data_seg()
HINSTANCE g_hCwInst;
///////////////////////////////////////////////////////////////////////////////
int WriteLog1(const char * str)
{
FILE * log;
log = fopen("C:\\log_msghook.txt", "a+");
if (log == NULL)
return -1;
fprintf(log, "%s\n", str);
fclose(log);
return 0;
}
///////////////////////////////////////////////////////////////////////////////
LRESULT CALLBACK HookProc(int nCode, WPARAM wParam, LPARAM lParam)
{
char szTemp[MAX_PATH] = {0};
if (nCode < 0)
{
return CallNextHookEx(g_hHook, nCode, wParam, lParam);
}
PCWPSTRUCT msg;
msg = (PCWPSTRUCT)lParam;
//tagMSG* msg;
//msg = (tagMSG*)lParam;
DWORD idProcess;
DWORD Idthread = GetWindowThreadProcessId(msg->hwnd, &idProcess);
sprintf(szTemp, "訊息型別是:%d而nCode是:%d而視窗句柄是:%x而執行緒id是:%d而行程id是:%d", msg->message, nCode, msg->hwnd, Idthread, idProcess);
WriteLog1(szTemp);
if (nCode == HC_ACTION && (msg->message == WM_CLOSE) && msg->hwnd != g_hWndCaller)
{
sprintf(szTemp, "截獲訊息的視窗句柄%d而被截獲訊息的行程id是:%d", (int)g_hWndCaller, idProcess);
WriteLog1(szTemp);
::PostMessageW(g_hWndCaller, HM_MYHOOK, wParam, (LPARAM)msg->hwnd);
return CallNextHookEx(g_hHook, nCode, wParam, (LPARAM)msg);
}
return CallNextHookEx(g_hHook, nCode, wParam, lParam);
}
KEYHOOKLIB_API BOOL SetHook(BOOL bInstall, DWORD dwThreadId, HWND hWndCaller)
{
BOOL bOk;
g_hWndCaller = hWndCaller;
char szTemp[MAX_PATH] = { 0 };
sprintf(szTemp, "傳進來的視窗句柄%d", (int)hWndCaller);
WriteLog1(szTemp);
if (bInstall)
{
g_hHook = ::SetWindowsHookEx(WH_CALLWNDPROC, HookProc,
g_hCwInst, dwThreadId); //安裝鉤子
bOk = (g_hHook != NULL);
if (bOk)
{
WriteLog1("安裝鉤子成功");
}
}
else
{
bOk = ::UnhookWindowsHookEx(g_hHook);
g_hHook = NULL;
}
return bOk;
}
BOOL APIENTRY DllMain(HMODULE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
g_hCwInst = hModule;
break;
case DLL_THREAD_ATTACH:
break;
case DLL_THREAD_DETACH:
break;
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
鉤子dll的描述檔案Source.def:
LIBRARY HookDll
EXPORTS
SetHook
SECTIONS
MyShared Read Write Shared
呼叫程式的源檔案MainWnd.cpp:
#include "HookDll.h" //鉤子dll的頭檔案
#include <stdio.h>
#include <tchar.h>
#pragma comment(lib,"HookDll.lib")//鉤子dll專案生成的引入庫檔案
#define MAX_LOADSTRING 100
// 全域變數:
HINSTANCE hInst; // 當前實體
TCHAR szTitle[MAX_LOADSTRING] = {_T("hookmsg")}; // 標題欄文本
TCHAR szWindowClass[MAX_LOADSTRING] = { _T("hookmsg") };; // 主視窗類名
// 此代碼模塊中包含的函式的前向宣告:
ATOM MyRegisterClass(HINSTANCE hInstance);
BOOL InitInstance(HINSTANCE, int);
LRESULT CALLBACK WndProc(HWND, UINT, WPARAM, LPARAM);
HWND g_wnd;
int WINAPI WinMain(_In_ HINSTANCE hInstance,
_In_opt_ HINSTANCE hPrevInstance,
_In_ LPSTR lpCmdLine,
_In_ int nCmdShow)
{
UNREFERENCED_PARAMETER(hPrevInstance);
UNREFERENCED_PARAMETER(lpCmdLine);
// TODO: 在此放置代碼。
MSG msg;
MyRegisterClass(hInstance);
// 執行應用程式初始化:
if (!InitInstance(hInstance, nCmdShow))
{
return FALSE;
}
// 主訊息回圈:
while (GetMessage(&msg, NULL, 0, 0))
{
TranslateMessage(&msg);
DispatchMessage(&msg);
}
::SetHook(FALSE);//取消安裝鉤子
return (int)msg.wParam;
}
//
// 函式: MyRegisterClass()
//
// 目的: 注冊視窗類。
//
ATOM MyRegisterClass(HINSTANCE hInstance)
{
WNDCLASSEX wcex;
wcex.cbSize = sizeof(WNDCLASSEX);
wcex.style = CS_HREDRAW | CS_VREDRAW;
wcex.lpfnWndProc = WndProc;
wcex.cbClsExtra = 0;
wcex.cbWndExtra = 0;
wcex.hInstance = hInstance;
wcex.hIcon = LoadIcon(hInstance, NULL);
wcex.hCursor = LoadCursor(NULL, IDC_ARROW);
wcex.hbrBackground = (HBRUSH)(COLOR_WINDOW + 1);
wcex.lpszMenuName = NULL;
wcex.lpszClassName = szWindowClass;
wcex.hIconSm = LoadIcon(wcex.hInstance, MAKEINTRESOURCE(IDC_ARROW));
return RegisterClassEx(&wcex);
}
//
// 函式: InitInstance(HINSTANCE, int)
//
// 目的: 保存實體句柄并創建主視窗
//
// 注釋:
//
// 在此函式中,我們在全域變數中保存實體句柄并
// 創建和顯示主程式視窗。
//
BOOL InitInstance(HINSTANCE hInstance, int nCmdShow)
{
HWND hWnd;
hInst = hInstance; // 將實體句柄存盤在全域變數中
hWnd = CreateWindow(szWindowClass, szTitle, WS_OVERLAPPEDWINDOW,
CW_USEDEFAULT, 0, CW_USEDEFAULT, 0, NULL, NULL, hInstance, NULL);
g_wnd = hWnd;
if (!hWnd)
{
return FALSE;
}
ShowWindow(hWnd, nCmdShow);
UpdateWindow(hWnd);
return TRUE;
}
//
// 函式: WndProc(HWND, UINT, WPARAM, LPARAM)
//
// 目的: 處理主視窗的訊息。
//
// WM_COMMAND - 處理應用程式選單
// WM_PAINT - 繪制主視窗
// WM_DESTROY - 發送退出訊息并回傳
//
LRESULT CALLBACK WndProc(HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam)
{
PAINTSTRUCT ps;
HDC hdc;
switch (message)
{
case WM_PAINT:
hdc = BeginPaint(hWnd, &ps);
// TODO: 在此添加任意繪圖代碼...
EndPaint(hWnd, &ps);
break;
case WM_DESTROY:
PostQuitMessage(0);
break;
case WM_CREATE:
{
if (!hWnd)
{
MessageBoxA(NULL, "121212", "", 0);
}
if (!SetHook(TRUE, 0, hWnd))
MessageBox(NULL, L"安裝鉤子失敗!", L"", 0);
}
break;
case HM_MYHOOK:
{
char szTemp[MAX_PATH] = { 0 };
HWND msg;
msg = (HWND)lParam;
DWORD idprocess;
DWORD Idthread = GetWindowThreadProcessId(msg, &idprocess);
sprintf(szTemp, "id為%d的行程要關閉視窗,執行緒id為%d", idprocess, Idthread);
MessageBoxA(NULL, szTemp, "截獲到訊息:", 0);
}
break;
default:
return DefWindowProc(hWnd, message, wParam, lParam);
}
return 0;
}
uj5u.com熱心網友回復:
SPY++ 試試看 是否有WM_CLOSE訊息?uj5u.com熱心網友回復:
WinAPIOverride是開源的。轉載請註明出處,本文鏈接:https://www.uj5u.com/gongcheng/95379.html
標籤:基礎類