📄 tut24.html
字号:
<li>
<font face="Arial,Helvetica"><font size=-1><font color="#FFFF00">wParam</font>
and lParam contain additional information about the event</font></font></li>
</ul>
</ul>
<font face="Arial,Helvetica"><font size=-1>HookProc is actually a placeholder
for the function name. You can name it anything you like so long as it
has the above prototype. The interpretation of nCode, wParam and lParam
is dependent on the type of hook you install. So as the return value from
the hook procedure. For example:</font></font>
<blockquote><b><font face="Arial,Helvetica"><font color="#999900"><font size=-1>WH_CALLWNDPROC</font></font></font></b>
<ul>
<li>
<font face="Arial,Helvetica"><font size=-1><font color="#FFFF00">nCode</font>
can be only HC_ACTION which means there is a message sent to a window</font></font></li>
<li>
<font face="Arial,Helvetica"><font size=-1><font color="#FFFF00">wParam</font>
contains the message being sent, if it's not zero</font></font></li>
<li>
<font face="Arial,Helvetica"><font size=-1><font color="#FFFF00">lParam</font>
points to a CWPSTRUCT structure</font></font></li>
<li>
<font face="Arial,Helvetica"><font size=-1><font color="#FFFF00">return
value</font>: not used, return zero</font></font></li>
</ul>
<b><font face="Arial,Helvetica"><font color="#999900"><font size=-1>WH_MOUSE</font></font></font></b>
<ul>
<li>
<font face="Arial,Helvetica"><font size=-1><font color="#FFFF00">nCode</font>
can be HC_ACTION or HC_NOREMOVE</font></font></li>
<li>
<font face="Arial,Helvetica"><font size=-1><font color="#FFFF00">wParam</font>
contains the mouse message</font></font></li>
<li>
<font face="Arial,Helvetica"><font size=-1><font color="#FFFF00">lParam
</font>points
to a MOUSEHOOKSTRUCT structure</font></font></li>
<li>
<font face="Arial,Helvetica"><font size=-1><font color="#FFFF00">return
value</font>: zero if the message should be processed. 1 if the message
should be discarded.</font></font></li>
</ul>
</blockquote>
<font face="Arial,Helvetica"><font size=-1>The bottom line is: you must
consult your win32 api reference for details about the meanings of the
parameters and return value of the hook you want to install.</font></font>
<br><font face="Arial,Helvetica"><font size=-1>Now there is a little catch
about the hook procedure. Remember that the hooks are chained in a linked
list with the most recently installed hook at the head of the list. When
an event occurs, Windows will call only the first hook in the chain. It's
your hook procedure's responsibility to call the next hook in the chain.
You can choose not to call the next hook but you'd better know what you're
doing. Most of the time, it's a good practice to call the next procedure
so other hooks can have a shot at the event. You can call the next hook
by calling <b><font color="#009900">CallNextHookEx</font></b> which has
the following prototype:</font></font>
<blockquote><b><font face="Arial,Helvetica"><font color="#009900"><font size=-1>CallNextHookEx
proto hHook:DWORD, nCode:DWORD, wParam:DWORD, lParam:DWORD</font></font></font></b>
<ul>
<li>
<font face="Arial,Helvetica"><font size=-1><font color="#FFFF00">hHook</font>
is your own hook handle. The function uses this handle to traverse the
linked list and search for the hook procedure it should call next.</font></font></li>
<li>
<font face="Arial,Helvetica"><font size=-1><font color="#FFFF00">nCode</font>,
<font color="#FFFF00">wParam</font>
and <font color="#FFFF00">lParam</font> you can just pass those three
values you receive from Windows to CallNextHookEx.</font></font></li>
</ul>
</blockquote>
<font face="Arial,Helvetica"><font size=-1>An important note about remote
hooks: the hook procedure must reside in a DLL which will be mapped into
other processes. When Windows maps the DLL into other processes, it will
not map the data section(s) into the other processes. In short, all processes
share a single copy of code but they will have their own private copy of
the DLL's data section! This can be a big surprise to the unwary. You may
think that when you store a value into a variable in the data section of
a DLL, that value will be shared among all processes that load the DLL
into their process address space. It's simply not true. In normal situation,
this behavior is desirable since it provides the illusion that each process
has its own copy of the DLL. But not when Windows hook is concerned. We
want the DLL to be identical in all processes, including the data. The
solution: you must mark the data section as shared. You can do this by
specifying the section(s) attribute in the linker switch. For MASM, you
need to use this switch:</font></font>
<blockquote><b><font face="Arial,Helvetica"><font color="#999900"><font size=-1>/SECTION:<section
name>, S</font></font></font></b></blockquote>
<font face="Arial,Helvetica"><font size=-1>The name of the initialized
data section is .data and the uninitialized data is .bss. For example if
you want to assemble a DLL which contains a hook procedure and you want
the uninitialized data section to be shared amoung processes, you must
use the following line:</font></font>
<blockquote><b><font face="Arial,Helvetica"><font color="#999900"><font size=-1>link
/section:.bss,S /DLL /SUBSYSTEM:WINDOWS ..........</font></font></font></b></blockquote>
<font face="Arial,Helvetica"><font size=-1>S attribute marks the section
as shared.</font></font>
<h3>
<font face="Arial,Helvetica"><font color="#3366FF"><font size=+0>Example:</font></font></font></h3>
<font face="Arial,Helvetica"><font size=-1>There are two modules: one is
the main program which will do the GUI part and the other is the DLL that
will install/uninstall the hook.</font></font>
<p><font face="Arial,Helvetica"><font size=-1>;---------------------------------------------
This is the source code of the main program --------------------------------------</font></font>
<br><b><font face="Arial,Helvetica"><font size=-1>.386</font></font></b>
<br><b><font face="Arial,Helvetica"><font size=-1>.model flat,stdcall</font></font></b>
<br><b><font face="Arial,Helvetica"><font size=-1>option casemap:none</font></font></b>
<br><b><font face="Arial,Helvetica"><font size=-1>include \masm32\include\windows.inc</font></font></b>
<br><b><font face="Arial,Helvetica"><font size=-1>include \masm32\include\user32.inc</font></font></b>
<br><b><font face="Arial,Helvetica"><font size=-1>include \masm32\include\kernel32.inc</font></font></b>
<br><b><font face="Arial,Helvetica"><font color="#999900"><font size=-1>include
mousehook.inc</font></font></font></b>
<br><b><font face="Arial,Helvetica"><font color="#999900"><font size=-1>includelib
mousehook.lib</font></font></font></b>
<br><b><font face="Arial,Helvetica"><font size=-1>includelib \masm32\lib\user32.lib</font></font></b>
<br><b><font face="Arial,Helvetica"><font size=-1>includelib \masm32\lib\kernel32.lib</font></font></b><b><font face="Arial,Helvetica"><font size=-1></font></font></b>
<p><b><font face="Arial,Helvetica"><font size=-1>wsprintfA proto C :DWORD,:DWORD,:VARARG</font></font></b>
<br><b><font face="Arial,Helvetica"><font size=-1>wsprintf TEXTEQU <wsprintfA></font></font></b><b><font face="Arial,Helvetica"><font size=-1></font></font></b>
<p><b><font face="Arial,Helvetica"><font size=-1>.const</font></font></b>
<br><b><font face="Arial,Helvetica"><font size=-1>IDD_MAINDLG
equ 101</font></font></b>
<br><b><font face="Arial,Helvetica"><font size=-1>IDC_CLASSNAME
equ 1000</font></font></b>
<br><b><font face="Arial,Helvetica"><font size=-1>IDC_HANDLE
equ 1001</font></font></b>
<br><b><font face="Arial,Helvetica"><font size=-1>IDC_WNDPROC
equ 1002</font></font></b>
<br><b><font face="Arial,Helvetica"><font size=-1>IDC_HOOK
equ 1004</font></font></b>
<br><b><font face="Arial,Helvetica"><font size=-1>IDC_EXIT
equ 1005</font></font></b>
<br><b><font face="Arial,Helvetica"><font size=-1>WM_MOUSEHOOK
equ WM_USER+6</font></font></b>
<p><b><font face="Arial,Helvetica"><font size=-1>DlgFunc PROTO :DWORD,:DWORD,:DWORD,:DWORD</font></font></b>
<p><b><font face="Arial,Helvetica"><font size=-1>.data</font></font></b>
<br><b><font face="Arial,Helvetica"><font size=-1>HookFlag dd FALSE</font></font></b>
<br><b><font face="Arial,Helvetica"><font size=-1>HookText db "&Hook",0</font></font></b>
<br><b><font face="Arial,Helvetica"><font size=-1>UnhookText db "&Unhook",0</font></font></b>
<br><b><font face="Arial,Helvetica"><font size=-1>template db "%lx",0</font></font></b>
<p><b><font face="Arial,Helvetica"><font size=-1>.data?</font></font></b>
<br><b><font face="Arial,Helvetica"><font size=-1>hInstance dd ?</font></font></b>
<br><b><font face="Arial,Helvetica"><font size=-1>hHook dd ?</font></font></b>
<br><b><font face="Arial,Helvetica"><font size=-1>.code</font></font></b>
<br><b><font face="Arial,Helvetica"><font size=-1>start:</font></font></b>
<br><b><font face="Arial,Helvetica"><font size=-1> invoke
GetModuleHandle,NULL</font></font></b>
<br><b><font face="Arial,Helvetica"><font size=-1> mov
hInstance,eax</font></font></b>
<br><b><font face="Arial,Helvetica"><font size=-1> invoke
DialogBoxParam,hInstance,IDD_MAINDLG,NULL,addr DlgFunc,NULL</font></font></b>
<br><b><font face="Arial,Helvetica"><font size=-1> invoke
ExitProcess,NULL</font></font></b>
<p><b><font face="Arial,Helvetica"><font size=-1>DlgFunc proc hDlg:DWORD,uMsg:DWORD,wParam:DWORD,lParam:DWORD</font></font></b>
<br><b><font face="Arial,Helvetica"><font size=-1> LOCAL
hLib:DWORD</font></font></b>
<br><b><font face="Arial,Helvetica"><font size=-1> LOCAL
buffer[128]:byte</font></font></b>
<br><b><font face="Arial,Helvetica"><font size=-1> LOCAL
buffer1[128]:byte</font></font></b>
<br><b><font face="Arial,Helvetica"><font size=-1> LOCAL
rect:RECT</font></font></b>
<br><b><font face="Arial,Helvetica"><font size=-1> .if
uMsg==WM_CLOSE</font></font></b>
<br><b><font face="Arial,Helvetica"><font size=-1>
.if HookFlag==TRUE</font></font></b>
<br><b><font face="Arial,Helvetica"><font size=-1>
invoke UninstallHook</font></font></b>
<br><b><font face="Arial,Helvetica"><font size=-1>
.endif</font></font></b>
<br><b><font face="Arial,Helvetica"><font size=-1>
invoke EndDialog,hDlg,NULL</font></font></b>
<br><b><font face="Arial,Helvetica"><font size=-1> .elseif
uMsg==WM_INITDIALOG</font></font></b>
<br><b><font face="Arial,Helvetica"><font size=-1>
invoke GetWindowRect,hDlg,addr rect</font></font></b>
<br><b><font face="Arial,Helvetica"><font size=-1>
invoke SetWindowPos, hDlg, HWND_TOPMOST, rect.left, rect.top, rect.right,
rect.bottom, SWP_SHOWWINDOW</font></font></b>
<br><b><font face="Arial,Helvetica"><font size=-1> .elseif
uMsg==WM_MOUSEHOOK</font></font></b>
<br><b><font face="Arial,Helvetica"><font size=-1>
invoke GetDlgItemText,hDlg,IDC_HANDLE,addr buffer1,128</font></font></b>
<br><b><font face="Arial,Helvetica"><font size=-1>
invoke wsprintf,addr buffer,addr template,wParam</font></font></b>
<br><b><font face="Arial,Helvetica"><font size=-1>
invoke lstrcmpi,addr buffer,addr buffer1</font></font></b>
<br><b><font face="Arial,Helvetica"><font size=-1>
.if eax!=0</font></font></b>
<br><b><font face="Arial,Helvetica"><font size=-1>
invoke SetDlgItemText,hDlg,IDC_HANDLE,addr buffer</font></font></b>
<br><b><font face="Arial,Helvetica"><font size=-1>
.endif</font></font></b>
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -