相关函数介绍

钩子(Hook)，是Windows消息处理机制的一个平台，应用程序可以在上面设置子程以监视指定窗口的某种消息，而且所监视的窗口可以是其他进程所创建的。当消息到达后，在目标窗口处理函数之前处理它。钩子机制允许应用程序截获处理window消息或特定事件。

钩子实际上是一个处理消息的程序段，通过系统调用，把它挂入系统。每当特定的消息发出，在没有到达目的窗口前，钩子程序就先捕获该消息，亦即钩子函数先得到控制权。这时钩子函数即可以加工处理（改变）该消息，也可以不作处理而继续传递该消息，还可以强制结束消息的传递。

我们通常使用通常使用SetWindowsHookEx来安装消息钩子，函数原型如下：

1	//SetWindowsHookEx
2	HHOOK SetWindowsHookExA(
3	int idHook,//设置钩子的类型.意思就是我要设置的钩子是什么钩子. 可以是监视窗口过程.可以是监视消息队列.
4	HOOKPROC lpfn, //根据钩子类型.设置不同的回调函数.
5	HINSTANCE hmod, //钩子设置的Dll实例句柄,就是DLL的句柄
6	DWORD dwThreadId //设置钩子的线程ID. 如果为0 则设置为全局钩子.
7	); // HHOOK 返回值. 是一个钩子过程句柄.

idHook钩子类型如下

Value	Meaning
WH_CALLWNDPROC 4	Installs a hook procedure that monitors messages before the system sends them to the destination window procedure. For more information, see the CallWndProc hook procedure.
WH_CALLWNDPROCRET 12	Installs a hook procedure that monitors messages after they have been processed by the destination window procedure. For more information, see the CallWndRetProc hook procedure.
WH_CBT 5	Installs a hook procedure that receives notifications useful to a CBT application. For more information, see the CBTProc hook procedure.
WH_DEBUG 9	Installs a hook procedure useful for debugging other hook procedures. For more information, see the DebugProc hook procedure.
WH_FOREGROUNDIDLE 11	Installs a hook procedure that will be called when the application’s foreground thread is about to become idle. This hook is useful for performing low priority tasks during idle time. For more information, see the ForegroundIdleProc hook procedure.
WH_GETMESSAGE 3	Installs a hook procedure that monitors messages posted to a message queue. For more information, see the GetMsgProc hook procedure.
WH_JOURNALPLAYBACK 1	Installs a hook procedure that posts messages previously recorded by a WH_JOURNALRECORD hook procedure. For more information, see the JournalPlaybackProc hook procedure.
WH_JOURNALRECORD 0	Installs a hook procedure that records input messages posted to the system message queue. This hook is useful for recording macros. For more information, see the JournalRecordProc hook procedure.
WH_KEYBOARD 2	Installs a hook procedure that monitors keystroke messages. For more information, see the KeyboardProc hook procedure.
WH_KEYBOARD_LL 13	Installs a hook procedure that monitors low-level keyboard input events. For more information, see the LowLevelKeyboardProc hook procedure.
WH_MOUSE 7	Installs a hook procedure that monitors mouse messages. For more information, see the MouseProc hook procedure.
WH_MOUSE_LL 14	Installs a hook procedure that monitors low-level mouse input events. For more information, see the LowLevelMouseProc hook procedure.
WH_MSGFILTER -1	Installs a hook procedure that monitors messages generated as a result of an input event in a dialog box, message box, menu, or scroll bar. For more information, see the MessageProc hook procedure.
WH_SHELL 10	Installs a hook procedure that receives notifications useful to shell applications. For more information, see the ShellProc hook procedure.
WH_SYSMSGFILTER 6	Installs a hook procedure that monitors messages generated as a result of an input event in a dialog box, message box, menu, or scroll bar. The hook procedure monitors these messages for all applications in the same desktop as the calling thread. For more information, see the SysMsgProc hook procedure.

BOOL InjectDllBySetWindowsHook(ULONG32 ulTargetProcessID)
{
	HANDLE  TargetProcessHandle = NULL;
	TargetProcessHandle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, ulTargetProcessID);

	if (NULL == TargetProcessHandle)
	{
		return FALSE;
	}
	HMODULE DllModule;
#ifdef _WIN64
	DllModule = LoadLibrary(L"E:\\Dll644.dll");
#else
	DllModule = LoadLibrary(L"E:\\Dll.dll");
#endif


	if (DllModule == NULL)
	{
		printf("Can Not Find Dll");
		return FALSE;
	}

	HOOKPROC   Func_Address = NULL;
	Func_Address = (HOOKPROC)GetProcAddress(DllModule, "OurFunction");
	if (Func_Address == NULL)
	{
		printf("function do not Exist!");
		return FALSE;
	}

	DWORD ThreadID = getThreadID(ulTargetProcessID);

	HHOOK Handle = SetWindowsHookEx(WH_KEYBOARD,
		Func_Address, DllModule, ThreadID);

	if (Handle == NULL)
	{
		printf("Hook Failed!");
		return FALSE;
	}
	printf("Hook Success");
	getchar();
	UnhookWindowsHookEx(Handle);
	FreeLibrary(DllModule);
	return true;
}

1	BOOL InjectDllBySetWindowsHook(ULONG32 ulTargetProcessID)
2	{
3	HANDLE TargetProcessHandle = NULL;
4	TargetProcessHandle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, ulTargetProcessID);
5
6	if (NULL == TargetProcessHandle)
7	{
8	return FALSE;
9	}
10	HMODULE DllModule;
11	#ifdef _WIN64
12	DllModule = LoadLibrary(L"E:\\Dll644.dll");
13	#else
14	DllModule = LoadLibrary(L"E:\\Dll.dll");
15	#endif
16
17
18	if (DllModule == NULL)
19	{
20	printf("Can Not Find Dll");
21	return FALSE;
22	}
23
24	HOOKPROC Func_Address = NULL;
25	Func_Address = (HOOKPROC)GetProcAddress(DllModule, "OurFunction");
26	if (Func_Address == NULL)
27	{
28	printf("function do not Exist!");
29	return FALSE;
30	}
31
32	DWORD ThreadID = getThreadID(ulTargetProcessID);
33
34	HHOOK Handle = SetWindowsHookEx(WH_KEYBOARD,
35	Func_Address, DllModule, ThreadID);
36
37	if (Handle == NULL)
38	{
39	printf("Hook Failed!");
40	return FALSE;
41	}
42	printf("Hook Success");
43	getchar();
44	UnhookWindowsHookEx(Handle);
45	FreeLibrary(DllModule);
46	return true;
47	}