[资料收集]在VB如何设定Hook
Declare SetWindowsHookEx Lib "user32" Alias "SetWindowsHookExA" _
(ByVal idHook As Long, _
ByVal lpfn As Long, _
ByVal hmod As Long, _
ByVal dwThreadId As Long) As Long
idHook代表是何种Hook,有以下几种
Public Const WH_CALLWNDPROC = 4
Public Const WH_CALLWNDPROCRET = 12
Public Const WH_CBT = 5
Public Const WH_DEBUG = 9
Public Const WH_FOREGROUNDIDLE = 11
Public Const WH_GETMESSAGE = 3
Public Const WH_HARDWARE = 8
Public Const WH_JOURNALPLAYBACK = 1
Public Const WH_JOURNALRECORD = 0
Public Const WH_KEYBOARD = 2
Public Const WH_MOUSE = 7
Public Const WH_MSGFILTER = (-1)
Public Const WH_SHELL = 10
Public Const WH_SYSMSGFILTER = 6
lpfn代表Hook 所在的Address,这是一个CallBack Fucnction,当挂上某个Hook时,我们便得定义一个来当作某个讯息产生时,来处理它的,这个Hook 有一定的叁数格式
Private HookFunc(ByVal nCode As Long, _
ByVal wParam As Long, _
ByVal lParam As Long ) As Long
nCode 代表是什麽请况之下所产生的Hook,随Hook的不同而有不同组的可能值。
wParam lParam 传回值则随Hook的种类和nCode的值之不同而不同。
因这个叁数是一个 的Address所以我们固定将Hook 放在.Bas中,并以AddressOf HookFunc传入。至於Hook 的名称我们可以任意给定,不一定叫 HookFunc
hmod 代表.DLL的hInstance,如果是Local Hook,该值可以是Null(VB中可传0进去),而如果是Remote Hook,则可以使用GetModuleHandle(".dll名称")来传入。
dwThreadId 代表执行这个Hook的ThreadId,如果不设定是那个Thread来做,则传0(所以一般来说,Remote Hook传0进去),而VB的Local Hook一般可传App.ThreadId进去。
值回值 如果SetWindowsHookEx()成功,它会传回一个值,代表目前的Hook的Handle,这个值要记录下来。
因为A程式可以有一个System Hook(Remote Hook),如KeyBoard Hook,而B程式也来设一个Remote的KeyBoard Hook,那麽到底KeyBoard的讯息谁所拦截?答案是,最後的那一个所拦截,也就是说A先做keyboard Hook,而後B才做,那讯息被B拦截,那A呢?就看B的Hook 如何做。如果B想让A的Hook 也得这个讯息,那B就得呼叫CallNextHookEx()将这讯息Pass给A,於是产生Hook的一个连线。如果B中不想Pass这讯息给A,那就不要呼叫CallNextHookEx()。
Declare CallNextHookEx Lib "user32" Alias "CallNextHookEx" _
(ByVal hHook As Long, _
ByVal ncode As Long, _
ByVal wParam As Long, _
lParam As Any) As Long
hHook值是SetWindowsHookEx()的传回值,nCode, wParam, lParam则是Hook Procedure中的三个叁数。
最後是将这Hook去除掉,请呼叫UnHookWindowHookEx()
Declare UnhookWindowsHookEx Lib "user32" Alias "UnhookWindowsHookEx" _
(ByVal hHook As Long) As Long
hHook便是SetWindowsHookEx()的传回值。此时,以上例来说,B程式结束Hook,则换A可以直接拦截讯息。
KeyBoard Hook的范例
Hook 的三个叁数
nCode wParam &n
