老是觉得钩子很深奥,最近研究了一下,这是我得代码,可以监视哪些程序被运行以及被销毁。
这是钩子得头文件
#ifndef EXEHOOKAPI
#define EXEHOOKAPI __declspec(dllimport)
#endif
#define USER_MSG??WM_USER+1
#define UC_APPSTART??0x80000001
#define UC_APPDESTROY?0x80000002
EXEHOOKAPI BOOL WINAPI SetHook(HWND hExe);
这是cpp文件
#include
#define EXEHOOKAPI __declspec(dllexport)
#include "ExeHook.h"
#pragma data_seg("shared")
HHOOK?g_hProc =NULL;
HWND?g_hForm = NULL;
#pragma data_seg()
#pragma comment(linker, "/section:shared,rws")
// DLL¾ä±ú
HINSTANCE g_hInstDLL = NULL;
//LRESULT CALLBACK HookedShellProc(int nCode, WPARAM wParam, LPARAM lParam);
LRESULT CALLBACK HookedShellProc(int nCode, WPARAM wParam, LPARAM lParam)
{?
?switch(nCode)
?{
?case HSHELL_WINDOWCREATED:??
??PostMessage(g_hForm,USER_MSG,UC_APPSTART,LPARAM(wParam));
??break;
?case HSHELL_WINDOWDESTROYED:??
??PostMessage(g_hForm,USER_MSG,UC_APPDESTROY,LPARAM(wParam));
??break;
?}
?return CallNextHookEx(g_hProc, nCode, wParam, lParam);
}
BOOL WINAPI SetHook(HWND hwndExe)
{
?BOOL bRet;
?if(hwndExe)
?{?
??g_hForm=hwndExe;
??g_hProc=SetWindowsHookEx(WH_SHELL, (HOOKPROC) HookedShellProc, g_hInstDLL, 0);
??bRet = (g_hProc!=NULL);
?}
?else
?{
??bRet=UnhookWindowsHookEx(g_hProc);
??g_hProc=NULL;
??g_hForm=NULL;
?}
?return bRet;
}
BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
{
? if (fdwReason == DLL_PROCESS_ATTACH)
??? g_hInstDLL = hinstDLL;
? return TRUE;
}
?
?