钩子教程 - 原理(二十一) : SetWindowsHookEx

原文地址:http://www.zdexe.com/program/201004/595.html

方法16 :SetWindowsHookEx Function

The SetWindowsHookEx function installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread.

　　SetWindowsHookEx方法安装一个应用程序定义的钩子子程到钩子链表中。你可能安装钩子子程来监视系统的一些类型的事件。这些事件能够同下面的线程一块儿使用：指定的线程或者同一桌面下作为调用线程的全部线程。

Syntax 语法

HHOOK SetWindowsHookEx(      

    int idHook,

    HOOKPROC lpfn,

    HINSTANCE hMod,

    DWORD dwThreadId

);

Parameters参数

idHook ：[in] Specifies the type of hook procedure to be installed. This parameter can be one of the following values. 指定即将被安装的钩子子程的类型。该参数能够是下列值之一：

1．WH_CALLWNDPROC ：Installs a hook procedure that monitors messages before the system sends them to the destination window procedure. 安装一个钩子子程，用来在系统将消息发送给目的窗体程序以前监视消息。

2． WH_CALLWNDPROCRET ：Installs a hook procedure that monitors messages after they have been processed by the destination window procedure. 安装一个钩子子程，用来在消息被目标窗体程序处理以后来监视消息。

3．WH_CBT ：Installs a hook procedure that receives notifications useful to a computer-based training (CBT) application.安装一个钩子子程，用来接收对CBT程序有用的通知。

4．WH_DEBUG ：Installs a hook procedure useful for debugging other hook procedures.安装一个对调试其它钩子子程有用的钩子子程。

5．WH_FOREGROUNDIDLE ：Installs a hook procedure that will be called when the application's foreground thread is about to become idle. This hook is useful for performing low priority tasks during idle time.安装一个钩子子程，当应用程序的前台线程即将空闲时，该子程被调用。该钩子在空闲时间里来执行低权限任务时颇有用。

5．WH_GETMESSAGE ：Installs a hook procedure that monitors messages posted to a message queue.安装一个钩子子程用来监视传递给消息队列的消息。

6．WH_JOURNALPLAYBACK ：Installs a hook procedure that posts messages previously recorded by a WH_JOURNALRECORD hook procedure.安装一个钩子子程用来传递前期由WH_JOURNALRECORD钩子子程记录的消息。

7．WH_JOURNALRECORD ：Installs a hook procedure that records input messages posted to the system message queue. This hook is useful for recording macros. 安装一个钩子子程来记录传递给系统消息队列的输入消息。该钩子对记录宏颇有用。

8．WH_KEYBOARD ：Installs a hook procedure that monitors keystroke messages.安装一个钩子子程用来监视键盘消息。

9．WH_KEYBOARD_LL  ：Windows NT/2000/XP: Installs a hook procedure that monitors low-level keyboard input events.在Windows NT/2000/XP环境下:安装一个钩子子程用来监视低层键盘输入事件。

10．WH_MOUSE ：Installs a hook procedure that monitors mouse messages.安装一个钩子子程用来监视鼠标消息。

11．WH_MOUSE_LL ：: Installs a hook procedure that monitors low-level mouse input events. 在 Windows NT/2000/XP环境下，安装一个钩子子程用来监视低层鼠标输入事件。

12．WH_MSGFILTER ：Installs a hook procedure that monitors messages generated as a result of an input event in a dialog box, message box, menu, or scroll bar.安装一个钩子子程用来监视下列对象的输入事件产生的消息：对话框、消息框、菜单、滚动条。

13．WH_SHELL ：Installs a hook procedure that receives notifications useful to shell applications.安装一个钩子子程用来接收对加壳程序有用的通知。

14．WH_SYSMSGFILTER ：Installs a hook procedure that monitors messages generated as a result of an input event in a dialog box, message box, menu, or scroll bar. The hook procedure monitors these messages for all applications in the same desktop as the calling thread.安装一个钩子子程用来监视下列对象的输入事件产生的消息：对话框、消息框、菜单、滚动条。钩子子程为同一桌面下作为调用线程的全部线程监视这些消息。

lpfn ：[in] Pointer to the hook procedure. If the dwThreadIdparameter is zero or specifies the identifier of a thread created by a different process, the lpfn parameter must point to a hook procedure in a dynamic-link library (DLL). Otherwise, lpfn can point to a hook procedure in the code associated with the current process.

钩子子程的指针。若是参数dwThreadId为0或者指定由不一样进程建立的线程的标识符，lpfn参数必须指向动态连接库里的钩子子程。不然，lpfn能够指向与当前进程相关的代码中的钩子子程。

hMod ：[in] Handle to the DLL containing the hook procedure pointed to by the lpfn parameter. The hMod parameter must be set to NULL if the dwThreadId parameter specifies a thread created by the current process and if the hook procedure is within the code associated with the current process.

由lpfn参数指向的含有钩子子程的DLL的句柄。若是参数dwThreadId指定了由当前进程建立的线程，或者若是钩子子程处在与当前进程相关的代码中，hMod参数必须设置为Null。

dwThreadId ：[in] Specifies the identifier of the thread with which the hook procedure is to be associated. If this parameter is zero, the hook procedure is associated with all existing threads running in the same desktop as the calling thread. 指定钩子子程即将关联的线程的标识符。若是该参数是0，钩子子程与在同一桌面环境下运行的作为调用线程的全部存在的线程相关联。

Return Value返回值

If the function succeeds, the return value is the handle to the hook procedure. If the function fails, the return value is NULL.

若是方法执行成功，返回钩子子程的句柄。若是失败，返回空。

Remarks备注

SetWindowsHookEx can be used to inject a DLL into another process. A 32-bit DLL cannot be injected into a 64-bit process, and a 64-bit DLL cannot be injected into a 32-bit process. If an application requires the use of hooks in other processes, it is required that a 32-bit application call SetWindowsHookEx to inject a 32-bit DLL into 32-bit processes, and a 64-bit application call SetWindowsHookEx to inject a 64-bit DLL into 64-bit processes. The 32-bit and 64-bit DLLs must have different names.

SetWindowsHookEx能够被注入到DLL中，进而被映射到另外进程中。32位的DLL不能被注入到64位的进程中，一样，64位的DLL也不能被注入到32位的进程中。若是应用程序请求在其它的进程中使用钩子，要求，32位的应用程序调用SetWindowsHookEx将32位的DLL注入到32位的进程中，64位的应用程序调用SetWindowsHookEx将64位的DLL注入到64位的进程中。32位的DLL和64位的DLL必须具备不一样的名称。

An error may occur if the hMod parameter is NULL and the dwThreadId parameter is zero or specifies the identifier of a thread created by another process. 若是参数hMod为空，参数dwThreadId为0，或者指定了由另外进程建立的线程的标识符，会产生错误。

Calling the CallNextHookEx function to chain to the next hook procedure is optional, but it is highly recommended; otherwise, other applications that have installed hooks will not receive hook notifications and may behave incorrectly as a result. You should call CallNextHookEx unless you absolutely need to prevent the notification from being seen by other applications. 虽然调用CallNextHookEx方法连接到下一个钩子子程是可选的，可是强烈建议使用；不然，其它已经安装了钩子的应用程序将不接收钩子通知，可能致使行为错误。除非绝对须要阻止通知被其它应用程序看见，其余时候都应该调用CallNextHookEx方法。

Before terminating, an application must call the UnhookWindowsHookEx function to free system resources associated with the hook. 在结束前，应用程序必须调用UnhookWindowsHookEx方法来释放与该钩子相关的系统资源。

The scope of a hook depends on the hook type. Some hooks can be set only with global scope; others can also be set for only a specific thread, as shown in the following table. 钩子的做用域取决于钩子的类型。一些钩子只能在全局范围使用，其它一些仅仅能在指定的线程中使用。以下表所示：

Hook	Scope
WH_CALLWNDPROC	Thread or global线程/全局
WH_CALLWNDPROCRET	Thread or global线程/全局
WH_CBT	Thread or global线程/全局
WH_DEBUG	Thread or global线程/全局
WH_FOREGROUNDIDLE	Thread or global线程/全局
WH_GETMESSAGE	Thread or global线程/全局
WH_JOURNALPLAYBACK	Global only全局
WH_JOURNALRECORD	Global only全局
WH_KEYBOARD	Thread or global线程/全局
WH_KEYBOARD_LL	Global only全局
WH_MOUSE	Thread or global线程/全局
WH_MOUSE_LL	Global only全局
WH_MSGFILTER	Thread or global线程/全局
WH_SHELL	Thread or global线程/全局
WH_SYSMSGFILTER	Global only全局

For a specified hook type, thread hooks are called first, then global hooks.

对于指定的钩子类型，线程钩子先被调用，而后是全局钩子。

The global hooks are a shared resource, and installing one affects all applications in the same desktop as the calling thread. All global hook functions must be in libraries. Global hooks should be restricted to special-purpose applications or to use as a development aid during application debugging. Libraries that no longer need a hook should remove its hook procedure.

 全局钩子是共享资源，安装一个钩子会影响同一桌面环境下作为调用线程的全部应用程序。全部的全局钩子函数都应该在库中。全局钩子应该被分发到特定目的的应用程序中，或者在程序调试中间，来辅助开发。再也不须要钩子的库应该移除钩子子程。