鉤子教程 - 原理(二十一) : SetWindowsHookEx

原文地址:http://www.zdexe.com/program/201004/595.html

方法16 :SetWindowsHookEx Function

The SetWindowsHookEx function installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread.

　　SetWindowsHookEx方法安裝一個應用程序定義的鉤子子程到鉤子鏈表中。你可能安裝鉤子子程來監視系統的一些類型的事件。這些事件能夠同下面的線程一塊兒使用：指定的線程或者同一桌面下作爲調用線程的全部線程。

Syntax 語法

HHOOK SetWindowsHookEx(      

    int idHook,

    HOOKPROC lpfn,

    HINSTANCE hMod,

    DWORD dwThreadId

);

Parameters參數

idHook ：[in] Specifies the type of hook procedure to be installed. This parameter can be one of the following values. 指定即將被安裝的鉤子子程的類型。該參數能夠是下列值之一：

1．WH_CALLWNDPROC ：Installs a hook procedure that monitors messages before the system sends them to the destination window procedure. 安裝一個鉤子子程，用來在系統將消息發送給目的窗體程序以前監視消息。

2． WH_CALLWNDPROCRET ：Installs a hook procedure that monitors messages after they have been processed by the destination window procedure. 安裝一個鉤子子程，用來在消息被目標窗體程序處理以後來監視消息。

3．WH_CBT ：Installs a hook procedure that receives notifications useful to a computer-based training (CBT) application.安裝一個鉤子子程，用來接收對CBT程序有用的通知。

4．WH_DEBUG ：Installs a hook procedure useful for debugging other hook procedures.安裝一個對調試其它鉤子子程有用的鉤子子程。

5．WH_FOREGROUNDIDLE ：Installs a hook procedure that will be called when the application's foreground thread is about to become idle. This hook is useful for performing low priority tasks during idle time.安裝一個鉤子子程，當應用程序的前臺線程即將空閒時，該子程被調用。該鉤子在空閒時間裏來執行低權限任務時頗有用。

5．WH_GETMESSAGE ：Installs a hook procedure that monitors messages posted to a message queue.安裝一個鉤子子程用來監視傳遞給消息隊列的消息。

6．WH_JOURNALPLAYBACK ：Installs a hook procedure that posts messages previously recorded by a WH_JOURNALRECORD hook procedure.安裝一個鉤子子程用來傳遞前期由WH_JOURNALRECORD鉤子子程記錄的消息。

7．WH_JOURNALRECORD ：Installs a hook procedure that records input messages posted to the system message queue. This hook is useful for recording macros. 安裝一個鉤子子程來記錄傳遞給系統消息隊列的輸入消息。該鉤子對記錄宏頗有用。

8．WH_KEYBOARD ：Installs a hook procedure that monitors keystroke messages.安裝一個鉤子子程用來監視鍵盤消息。

9．WH_KEYBOARD_LL  ：Windows NT/2000/XP: Installs a hook procedure that monitors low-level keyboard input events.在Windows NT/2000/XP環境下:安裝一個鉤子子程用來監視低層鍵盤輸入事件。

10．WH_MOUSE ：Installs a hook procedure that monitors mouse messages.安裝一個鉤子子程用來監視鼠標消息。

11．WH_MOUSE_LL ：: Installs a hook procedure that monitors low-level mouse input events. 在 Windows NT/2000/XP環境下，安裝一個鉤子子程用來監視低層鼠標輸入事件。

12．WH_MSGFILTER ：Installs a hook procedure that monitors messages generated as a result of an input event in a dialog box, message box, menu, or scroll bar.安裝一個鉤子子程用來監視下列對象的輸入事件產生的消息：對話框、消息框、菜單、滾動條。

13．WH_SHELL ：Installs a hook procedure that receives notifications useful to shell applications.安裝一個鉤子子程用來接收對加殼程序有用的通知。

14．WH_SYSMSGFILTER ：Installs a hook procedure that monitors messages generated as a result of an input event in a dialog box, message box, menu, or scroll bar. The hook procedure monitors these messages for all applications in the same desktop as the calling thread.安裝一個鉤子子程用來監視下列對象的輸入事件產生的消息：對話框、消息框、菜單、滾動條。鉤子子程爲同一桌面下作爲調用線程的全部線程監視這些消息。

lpfn ：[in] Pointer to the hook procedure. If the dwThreadIdparameter is zero or specifies the identifier of a thread created by a different process, the lpfn parameter must point to a hook procedure in a dynamic-link library (DLL). Otherwise, lpfn can point to a hook procedure in the code associated with the current process.

鉤子子程的指針。若是參數dwThreadId爲0或者指定由不一樣進程建立的線程的標識符，lpfn參數必須指向動態連接庫裏的鉤子子程。不然，lpfn能夠指向與當前進程相關的代碼中的鉤子子程。

hMod ：[in] Handle to the DLL containing the hook procedure pointed to by the lpfn parameter. The hMod parameter must be set to NULL if the dwThreadId parameter specifies a thread created by the current process and if the hook procedure is within the code associated with the current process.

由lpfn參數指向的含有鉤子子程的DLL的句柄。若是參數dwThreadId指定了由當前進程建立的線程，或者若是鉤子子程處在與當前進程相關的代碼中，hMod參數必須設置爲Null。

dwThreadId ：[in] Specifies the identifier of the thread with which the hook procedure is to be associated. If this parameter is zero, the hook procedure is associated with all existing threads running in the same desktop as the calling thread. 指定鉤子子程即將關聯的線程的標識符。若是該參數是0，鉤子子程與在同一桌面環境下運行的作爲調用線程的全部存在的線程相關聯。

Return Value返回值

If the function succeeds, the return value is the handle to the hook procedure. If the function fails, the return value is NULL.

若是方法執行成功，返回鉤子子程的句柄。若是失敗，返回空。

Remarks備註

SetWindowsHookEx can be used to inject a DLL into another process. A 32-bit DLL cannot be injected into a 64-bit process, and a 64-bit DLL cannot be injected into a 32-bit process. If an application requires the use of hooks in other processes, it is required that a 32-bit application call SetWindowsHookEx to inject a 32-bit DLL into 32-bit processes, and a 64-bit application call SetWindowsHookEx to inject a 64-bit DLL into 64-bit processes. The 32-bit and 64-bit DLLs must have different names.

SetWindowsHookEx能夠被注入到DLL中，進而被映射到另外進程中。32位的DLL不能被注入到64位的進程中，一樣，64位的DLL也不能被注入到32位的進程中。若是應用程序請求在其它的進程中使用鉤子，要求，32位的應用程序調用SetWindowsHookEx將32位的DLL注入到32位的進程中，64位的應用程序調用SetWindowsHookEx將64位的DLL注入到64位的進程中。32位的DLL和64位的DLL必須具備不一樣的名稱。

An error may occur if the hMod parameter is NULL and the dwThreadId parameter is zero or specifies the identifier of a thread created by another process. 若是參數hMod爲空，參數dwThreadId爲0，或者指定了由另外進程建立的線程的標識符，會產生錯誤。

Calling the CallNextHookEx function to chain to the next hook procedure is optional, but it is highly recommended; otherwise, other applications that have installed hooks will not receive hook notifications and may behave incorrectly as a result. You should call CallNextHookEx unless you absolutely need to prevent the notification from being seen by other applications. 雖然調用CallNextHookEx方法連接到下一個鉤子子程是可選的，可是強烈建議使用；不然，其它已經安裝了鉤子的應用程序將不接收鉤子通知，可能致使行爲錯誤。除非絕對須要阻止通知被其它應用程序看見，其餘時候都應該調用CallNextHookEx方法。

Before terminating, an application must call the UnhookWindowsHookEx function to free system resources associated with the hook. 在結束前，應用程序必須調用UnhookWindowsHookEx方法來釋放與該鉤子相關的系統資源。

The scope of a hook depends on the hook type. Some hooks can be set only with global scope; others can also be set for only a specific thread, as shown in the following table. 鉤子的做用域取決於鉤子的類型。一些鉤子只能在全局範圍使用，其它一些僅僅能在指定的線程中使用。以下表所示：

Hook	Scope
WH_CALLWNDPROC	Thread or global線程/全局
WH_CALLWNDPROCRET	Thread or global線程/全局
WH_CBT	Thread or global線程/全局
WH_DEBUG	Thread or global線程/全局
WH_FOREGROUNDIDLE	Thread or global線程/全局
WH_GETMESSAGE	Thread or global線程/全局
WH_JOURNALPLAYBACK	Global only全局
WH_JOURNALRECORD	Global only全局
WH_KEYBOARD	Thread or global線程/全局
WH_KEYBOARD_LL	Global only全局
WH_MOUSE	Thread or global線程/全局
WH_MOUSE_LL	Global only全局
WH_MSGFILTER	Thread or global線程/全局
WH_SHELL	Thread or global線程/全局
WH_SYSMSGFILTER	Global only全局

For a specified hook type, thread hooks are called first, then global hooks.

對於指定的鉤子類型，線程鉤子先被調用，而後是全局鉤子。

The global hooks are a shared resource, and installing one affects all applications in the same desktop as the calling thread. All global hook functions must be in libraries. Global hooks should be restricted to special-purpose applications or to use as a development aid during application debugging. Libraries that no longer need a hook should remove its hook procedure.

 全局鉤子是共享資源，安裝一個鉤子會影響同一桌面環境下作爲調用線程的全部應用程序。全部的全局鉤子函數都應該在庫中。全局鉤子應該被分發到特定目的的應用程序中，或者在程序調試中間，來輔助開發。再也不須要鉤子的庫應該移除鉤子子程。