如何使用 SetWindowsHookEx 和 WH_KEYBOARD 挂钩外部进程
我试图挂钩例如记事本但没有成功。 制作一个全局钩子似乎效果很好。
在 XP SP2 上测试。
编辑:修改后的代码现在可以使用。
MyDLL 代码
#include <windows.h>
#include <iostream>
#include <stdio.h>
HINSTANCE hinst;
#pragma data_seg(".shared")
HHOOK hhk;
#pragma data_seg()
//#pragma comment(linker, "/SECTION:.shared,RWS") compiler error in VC++ 2008 express
LRESULT CALLBACK wireKeyboardProc(int code, WPARAM wParam,LPARAM lParam) {
if (code < 0) {
return CallNextHookEx(0, code, wParam, lParam);
}
Beep(1000, 20);
return CallNextHookEx(hhk, code, wParam, lParam);
}
extern "C" __declspec(dllexport) void install(unsigned long threadID) {
hhk = SetWindowsHookEx(WH_KEYBOARD, wireKeyboardProc, hinst, threadID);
}
extern "C" __declspec(dllexport) void uninstall() {
UnhookWindowsHookEx(hhk);
}
BOOL WINAPI DllMain(__in HINSTANCE hinstDLL, __in DWORD fdwReason, __in LPVOID lpvReserved) {
hinst = hinstDLL;
return TRUE;
}
我的程序
#include <Windows.h>
unsigned long GetTargetThreadIdFromWindow(char *className, char *windowName)
{
HWND targetWnd;
HANDLE hProcess;
unsigned long processID = 0;
targetWnd = FindWindow(className, windowName);
return GetWindowThreadProcessId(targetWnd, &processID);
}
int _tmain(int argc, _TCHAR* argv[]) {
unsigned long threadID = GetTargetProcessIdFromWindow("Notepad", "Untitled - Notepad");
printf("TID: %i", threadID);
HINSTANCE hinst = LoadLibrary(_T("MyDLL.dll"));
if (hinst) {
typedef void (*Install)(unsigned long);
typedef void (*Uninstall)();
Install install = (Install) GetProcAddress(hinst, "install");
Uninstall uninstall = (Uninstall) GetProcAddress(hinst, "uninstall");
install(threadID);
Sleep(20000);
uninstall();
}
return 0;
}
I am trying to hook for example Notepad without sucess. Making a global hook seems to work fine.
Testing on XP SP2.
Edit: Amended code works now.
MyDLL code
#include <windows.h>
#include <iostream>
#include <stdio.h>
HINSTANCE hinst;
#pragma data_seg(".shared")
HHOOK hhk;
#pragma data_seg()
//#pragma comment(linker, "/SECTION:.shared,RWS") compiler error in VC++ 2008 express
LRESULT CALLBACK wireKeyboardProc(int code, WPARAM wParam,LPARAM lParam) {
if (code < 0) {
return CallNextHookEx(0, code, wParam, lParam);
}
Beep(1000, 20);
return CallNextHookEx(hhk, code, wParam, lParam);
}
extern "C" __declspec(dllexport) void install(unsigned long threadID) {
hhk = SetWindowsHookEx(WH_KEYBOARD, wireKeyboardProc, hinst, threadID);
}
extern "C" __declspec(dllexport) void uninstall() {
UnhookWindowsHookEx(hhk);
}
BOOL WINAPI DllMain(__in HINSTANCE hinstDLL, __in DWORD fdwReason, __in LPVOID lpvReserved) {
hinst = hinstDLL;
return TRUE;
}
My program
#include <Windows.h>
unsigned long GetTargetThreadIdFromWindow(char *className, char *windowName)
{
HWND targetWnd;
HANDLE hProcess;
unsigned long processID = 0;
targetWnd = FindWindow(className, windowName);
return GetWindowThreadProcessId(targetWnd, &processID);
}
int _tmain(int argc, _TCHAR* argv[]) {
unsigned long threadID = GetTargetProcessIdFromWindow("Notepad", "Untitled - Notepad");
printf("TID: %i", threadID);
HINSTANCE hinst = LoadLibrary(_T("MyDLL.dll"));
if (hinst) {
typedef void (*Install)(unsigned long);
typedef void (*Uninstall)();
Install install = (Install) GetProcAddress(hinst, "install");
Uninstall uninstall = (Uninstall) GetProcAddress(hinst, "uninstall");
install(threadID);
Sleep(20000);
uninstall();
}
return 0;
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
三个问题:
当您应该使用线程 ID 时却使用了进程 ID。
您的 HHOOK 需要进入共享内存:
您需要将
HHOOK传递给CallNextHookEx:Three problems:
You're using the process ID when you should be using the thread ID.
Your HHOOK needs to go into shared memory:
You need to pass your
HHOOKtoCallNextHookEx: