📄 hook.c
字号:
case WH_KEYBOARD_LL:
case WH_MOUSE_LL:
Elem = GlobalHooks->Hooks[HOOKID_TO_INDEX(HookId)].Flink;
while (Elem != &GlobalHooks->Hooks[HOOKID_TO_INDEX(HookId)])
{
HookObj = CONTAINING_RECORD(Elem, HOOK, Chain);
Elem = Elem->Flink;
if (HookObj->Thread == Thread)
{
IntRemoveHook(HookObj, WinStaObj, TRUE);
}
}
break;
}
}
ObDereferenceObject(WinStaObj);
}
}
LRESULT
STDCALL
NtUserCallNextHookEx(
HHOOK Hook,
int Code,
WPARAM wParam,
LPARAM lParam)
{
PHOOK HookObj, NextObj;
PWINSTATION_OBJECT WinStaObj;
NTSTATUS Status;
DECLARE_RETURN(LRESULT);
DPRINT("Enter NtUserCallNextHookEx\n");
UserEnterExclusive();
Status = IntValidateWindowStationHandle(PsGetCurrentProcess()->Win32WindowStation,
KernelMode,
0,
&WinStaObj);
if (! NT_SUCCESS(Status))
{
SetLastNtError(Status);
RETURN( FALSE);
}
//Status = ObmReferenceObjectByHandle(gHandleTable, Hook,
// otHookProc, (PVOID *) &HookObj);
ObDereferenceObject(WinStaObj);
// if (! NT_SUCCESS(Status))
// {
// DPRINT1("Invalid handle passed to NtUserCallNextHookEx\n");
// SetLastNtError(Status);
// RETURN( 0);
// }
if (!(HookObj = IntGetHookObject(Hook)))
{
RETURN(0);
}
ASSERT(Hook == HookObj->Self);
if (NULL != HookObj->Thread && (HookObj->Thread != PsGetCurrentThread()))
{
DPRINT1("Thread mismatch\n");
ObmDereferenceObject(HookObj);
SetLastWin32Error(ERROR_INVALID_HANDLE);
RETURN( 0);
}
NextObj = IntGetNextHook(HookObj);
ObmDereferenceObject(HookObj);
if (NULL != NextObj)
{
DPRINT1("Calling next hook not implemented\n");
UNIMPLEMENTED
SetLastWin32Error(ERROR_NOT_SUPPORTED);
RETURN( 0);
}
RETURN( 0);
CLEANUP:
DPRINT("Leave NtUserCallNextHookEx, ret=%i\n",_ret_);
UserLeave();
END_CLEANUP;
}
DWORD
STDCALL
NtUserSetWindowsHookAW(
DWORD Unknown0,
DWORD Unknown1,
DWORD Unknown2)
{
UNIMPLEMENTED
return 0;
}
HHOOK
STDCALL
NtUserSetWindowsHookEx(
HINSTANCE Mod,
PUNICODE_STRING UnsafeModuleName,
DWORD ThreadId,
int HookId,
HOOKPROC HookProc,
BOOL Ansi)
{
PWINSTATION_OBJECT WinStaObj;
BOOLEAN Global;
PETHREAD Thread;
PHOOK Hook;
UNICODE_STRING ModuleName;
NTSTATUS Status;
HHOOK Handle;
DECLARE_RETURN(HHOOK);
DPRINT("Enter NtUserSetWindowsHookEx\n");
UserEnterExclusive();
if (HookId < WH_MINHOOK || WH_MAXHOOK < HookId || NULL == HookProc)
{
SetLastWin32Error(ERROR_INVALID_PARAMETER);
RETURN( NULL);
}
if (ThreadId) /* thread-local hook */
{
if (HookId == WH_JOURNALRECORD ||
HookId == WH_JOURNALPLAYBACK ||
HookId == WH_KEYBOARD_LL ||
HookId == WH_MOUSE_LL ||
HookId == WH_SYSMSGFILTER)
{
/* these can only be global */
SetLastWin32Error(ERROR_INVALID_PARAMETER);
RETURN( NULL);
}
Mod = NULL;
Global = FALSE;
if (! NT_SUCCESS(PsLookupThreadByThreadId((HANDLE) ThreadId, &Thread)))
{
DPRINT1("Invalid thread id 0x%x\n", ThreadId);
SetLastWin32Error(ERROR_INVALID_PARAMETER);
RETURN( NULL);
}
if (Thread->ThreadsProcess != PsGetCurrentProcess())
{
ObDereferenceObject(Thread);
DPRINT1("Can't specify thread belonging to another process\n");
SetLastWin32Error(ERROR_INVALID_PARAMETER);
RETURN( NULL);
}
}
else /* system-global hook */
{
if (HookId == WH_KEYBOARD_LL || HookId == WH_MOUSE_LL)
{
Mod = NULL;
Thread = PsGetCurrentThread();
Status = ObReferenceObjectByPointer(Thread,
THREAD_ALL_ACCESS,
PsThreadType,
KernelMode);
if (! NT_SUCCESS(Status))
{
SetLastNtError(Status);
RETURN( (HANDLE) NULL);
}
}
else if (NULL == Mod)
{
SetLastWin32Error(ERROR_INVALID_PARAMETER);
RETURN( NULL);
}
else
{
Thread = NULL;
}
Global = TRUE;
}
/* We only (partially) support local WH_CBT hooks and
* WH_KEYBOARD_LL/WH_MOUSE_LL hooks for now */
if ((WH_CBT != HookId || Global)
&& WH_KEYBOARD_LL != HookId && WH_MOUSE_LL != HookId)
{
#if 0 /* Removed to get winEmbed working again */
UNIMPLEMENTED
#else
DPRINT1("Not implemented: HookId %d Global %s\n", HookId, Global ? "TRUE" : "FALSE");
#endif
if (NULL != Thread)
{
ObDereferenceObject(Thread);
}
SetLastWin32Error(ERROR_NOT_SUPPORTED);
RETURN( NULL);
}
Status = IntValidateWindowStationHandle(PsGetCurrentProcess()->Win32WindowStation,
KernelMode,
0,
&WinStaObj);
if (! NT_SUCCESS(Status))
{
if (NULL != Thread)
{
ObDereferenceObject(Thread);
}
SetLastNtError(Status);
RETURN( (HANDLE) NULL);
}
Hook = IntAddHook(Thread, HookId, Global, WinStaObj);
if (NULL == Hook)
{
if (NULL != Thread)
{
ObDereferenceObject(Thread);
}
ObDereferenceObject(WinStaObj);
RETURN( NULL);
}
if (NULL != Thread)
{
Hook->Flags |= HOOK_THREAD_REFERENCED;
}
if (NULL != Mod)
{
Status = MmCopyFromCaller(&ModuleName, UnsafeModuleName, sizeof(UNICODE_STRING));
if (! NT_SUCCESS(Status))
{
ObmDereferenceObject(Hook);
IntRemoveHook(Hook, WinStaObj, FALSE);
if (NULL != Thread)
{
ObDereferenceObject(Thread);
}
ObDereferenceObject(WinStaObj);
SetLastNtError(Status);
RETURN( NULL);
}
Hook->ModuleName.Buffer = ExAllocatePoolWithTag(PagedPool,
ModuleName.MaximumLength,
TAG_HOOK);
if (NULL == Hook->ModuleName.Buffer)
{
ObmDereferenceObject(Hook);
IntRemoveHook(Hook, WinStaObj, FALSE);
if (NULL != Thread)
{
ObDereferenceObject(Thread);
}
ObDereferenceObject(WinStaObj);
SetLastWin32Error(ERROR_NOT_ENOUGH_MEMORY);
RETURN( NULL);
}
Hook->ModuleName.MaximumLength = ModuleName.MaximumLength;
Status = MmCopyFromCaller(Hook->ModuleName.Buffer,
ModuleName.Buffer,
ModuleName.MaximumLength);
if (! NT_SUCCESS(Status))
{
ExFreePool(Hook->ModuleName.Buffer);
ObmDereferenceObject(Hook);
IntRemoveHook(Hook, WinStaObj, FALSE);
if (NULL != Thread)
{
ObDereferenceObject(Thread);
}
ObDereferenceObject(WinStaObj);
SetLastNtError(Status);
RETURN( NULL);
}
Hook->ModuleName.Length = ModuleName.Length;
}
Hook->Proc = HookProc;
Hook->Ansi = Ansi;
Handle = Hook->Self;
ObmDereferenceObject(Hook);
ObDereferenceObject(WinStaObj);
RETURN( Handle);
CLEANUP:
DPRINT("Leave NtUserSetWindowsHookEx, ret=%i\n",_ret_);
UserLeave();
END_CLEANUP;
}
DWORD
STDCALL
NtUserSetWinEventHook(
DWORD Unknown0,
DWORD Unknown1,
DWORD Unknown2,
DWORD Unknown3,
DWORD Unknown4,
DWORD Unknown5,
DWORD Unknown6,
DWORD Unknown7)
{
UNIMPLEMENTED
return 0;
}
BOOL
STDCALL
NtUserUnhookWindowsHookEx(
HHOOK Hook)
{
PWINSTATION_OBJECT WinStaObj;
PHOOK HookObj;
NTSTATUS Status;
DECLARE_RETURN(BOOL);
DPRINT("Enter NtUserUnhookWindowsHookEx\n");
UserEnterExclusive();
Status = IntValidateWindowStationHandle(PsGetCurrentProcess()->Win32WindowStation,
KernelMode,
0,
&WinStaObj);
if (! NT_SUCCESS(Status))
{
SetLastNtError(Status);
RETURN( FALSE);
}
// Status = ObmReferenceObjectByHandle(gHandleTable, Hook,
// otHookProc, (PVOID *) &HookObj);
if (!(HookObj = IntGetHookObject(Hook)))
{
DPRINT1("Invalid handle passed to NtUserUnhookWindowsHookEx\n");
ObDereferenceObject(WinStaObj);
// SetLastNtError(Status);
RETURN( FALSE);
}
ASSERT(Hook == HookObj->Self);
IntRemoveHook(HookObj, WinStaObj, FALSE);
ObmDereferenceObject(HookObj);
ObDereferenceObject(WinStaObj);
RETURN( TRUE);
CLEANUP:
DPRINT("Leave NtUserUnhookWindowsHookEx, ret=%i\n",_ret_);
UserLeave();
END_CLEANUP;
}
DWORD
STDCALL
NtUserUnhookWinEvent(
DWORD Unknown0)
{
UNIMPLEMENTED
return 0;
}
/* EOF */
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -