不用DLL同样可以实现shell hook.

任务:观察桌面程序的运行情况,当有特定程序打开时,进行相应的操作。可以用shell钩子实现,因为要实现全局的hook,所以要把setwindowhookex放在一个DLL里,并且指定共享变量。

sdk中有一个函数RegisterShellHookWindow()指定一个窗口 可以接收shell程序的通知,和用WH_SHELL 设定的钩子作用相同。这样在窗口的windowproc中就可以捕捉到shell通知。和其它的windows消息一样,在windowproc中可以处理类似于WM_SHELLHOOKMESSAGE这样的shell通知,但是,在这里,不能对消息的值进行硬编码,而且是要在程序中用"SHELLHOOK"注册消息。这样注册的消息就可以用在windowproc捕捉shell通知了.

更详细的介绍请看MSDN

Registers a specified Shell window to receive certain messages for events or notifications that are useful to Shell applications. The event messages received are only those sent to the Shell window associated with the specified window's desktop. Many of the messages are the same as those that can be received after calling the SetWindowsHookEx function and specifying WH_SHELL for the hook type. The difference with RegisterShellHookWindow is that the messages are received through the specified window's WindowProc and not through a call back procedure.

Syntax

BOOL RegisterShellHookWindow(      

    HWND hWnd );

Parameters

hWnd
[in] Handle to the window to register for Shell hook messages.

Return Value

TRUE if the function succeeds; FALSE if the function fails.



Remarks

As with normal window messages, the second parameter of the window procedure identifies the message as a "WM_SHELLHOOKMESSAGE". However, for these Shell hook messages, the message value is not a pre-defined constant like other message identifiers (IDs) such as WM_COMMAND. The value must be obtained dynamically using a call to RegisterWindowMessage(TEXT("SHELLHOOK"));. This precludes handling these messages using a traditional switch statement which requires ID values that are known at compile time. For handling Shell hook messages, the normal practice is to code an If statement in the default section of your switch statement and then handle the message if the value of the message ID is the same as the value obtained from the RegisterWindowMessage call.

The following table describes the wParam and lParam parameter values passed to the window procedure for the Shell hook messages.

wParamlParam
HSHELL_GETMINRECTA pointer to a SHELLHOOKINFO structure.
HSHELL_WINDOWACTIVATEEDThe HWND handle of the activated window.
HSHELL_RUDEAPPACTIVATEEDThe HWND handle of the activated window.
HSHELL_WINDOWREPLACINGThe HWND handle of the window replacing the top-level window.
HSHELL_WINDOWREPLACEDThe HWND handle of the window being replaced.
HSHELL_WINDOWCREATEDThe HWND handle of the window being created.
HSHELL_WINDOWDESTROYEDThe HWND handle of the top-level window being destroyed.
HSHELL_ACTIVATESHELLWINDOWNot used.
HSHELL_TASKMANCan be ignored.
HSHELL_REDRAWThe HWND handle of the window that needs to be redrawn.
HSHELL_FLASHThe HWND handle of the window that needs to be flashed.
HSHELL_ENDTASKThe HWND handle of the window that should be forced to exit.
HSHELL_APPCOMMANDThe APPCOMMAND which has been unhandled by the application or other hooks. See WM_APPCOMMAND and use the message cracker GET_APPCOMMAND_LPARAM(lParam) to crack this parameter.

Although you can access this function by using LoadLibrary and GetProcAddress combined in Microsoft® Windows® versions prior to Windows XP, the function is not accessible using the standard Include file and library linkage. The header files included in Windows XP Service Pack 1 (SP1) and Windows Server 2003 document this function and make it accessible using the appropriate Include file and library linkage. However, this function is not intended for general use. It is recommended that you do not use it in new programs because it might be altered or unavailable in subsequent versions of Windows.

  • 0
    点赞
  • 3
    评论
  • 0
    收藏
  • 打赏
    打赏
  • 扫一扫,分享海报

评论 3 您还未登录,请先 登录 后发表或查看评论
©️2022 CSDN 皮肤主题:大白 设计师:CSDN官方博客 返回首页

打赏作者

kimoli

你的鼓励将是我创作的最大动力

¥2 ¥4 ¥6 ¥10 ¥20
输入1-500的整数
余额支付 (余额:-- )
扫码支付
扫码支付:¥2
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、C币套餐、付费专栏及课程。

余额充值