钩子函数解析

打开VB新建一个项目，然后创建一个窗体和一个模块，此程序已调试过，但是要注意的是在写钩子函数的过程，请在每次RUN之前进行保存，这些API程序超越了VB的编译环境，因为VB环境和这些API函数同属系统级，因此它无法管理这些API，一旦出现问题，整个VB环境会在毫无预知的情况下造成全线崩溃的局面。

窗体中的代码：窗体中的程序：
Option Explicit
Private Const WH_KEYBOARD_LL = 13&
 
Private Sub cmdExit_Click()
End
End Sub
Public Sub HookKeyboard()
KeyboardHandle = SetWindowsHookEx(WH_KEYBOARD_LL, AddressOf KeyboardCallback, _
App.hInstance, 0&)
'WH_KEYBOARD_LL：拦截类型
'AddressOf KeyboardCallback:挂接函数链的首地址
'App.hInstance：程序本身的句柄
'0，表示全局拦截，意思就是拦截所有窗口下的键盘输入
End Sub

Private Sub Form_KeyPress(KeyAscii As Integer)
If KeyAscii = 9 Then
 MsgBox "你按下了TAB键！", vbOKOnly + vbInformation, "提示"
End If
If KeyAscii = 13 Then
 MsgBox "你按下了ENTER键！", vbOKOnly + vbInformation, "提示"
End If
If KeyAscii = 97 Then
 MsgBox "你按下了a键！", vbOKOnly + vbInformation, "提示"
End If
If KeyAscii = 65 Then
 MsgBox "你按下了A键！", vbOKOnly + vbInformation, "提示"
End If
End Sub
Private Sub Form_Load()
Call HookKeyboard
End Sub
Private Sub Form_Unload(Cancel As Integer)
Call UnhookKeyboard
End Sub

模块中的代码：
Option Explicit
'通知Windows进行钩子操作并定义钩子函数
Public Declare Function SetWindowsHookEx Lib "user32" Alias "SetWindowsHookExA" _
(ByVal idHook As Long, ByVal lpfn As Long, _
ByVal hmod As Long, ByVal dwThreadId As Long) As Long
'idHook:拦截类型     lpfn:挂接函数链的首地址指针
'hmod:创建钩子函数实体的句柄，即程序本身的句柄
'dwThreadId:为监控代码，0表示全局监控,dwThreadId用于线程钩子VB中可以设置为App.ThreadID。

Public Declare Function UnhookWindowsHookEx Lib "user32" (ByVal hHook As Long) As Long
'释放钩子
Public Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (pDest As Any, _
pSource As Any, ByVal cb As Long)
'将内存里的某一块数据pSource拷贝到另一个地址pDest,cb表示拷贝内容的字节大小

Private Declare Function CallNextHookEx Lib "user32" (ByVal hHook As Long, _
ByVal nCode As Long, ByVal wParam As Long, _
ByVal lParam As Long) As Long
'挂钩函数拦截了某条消息后，由CallNextHookEx决定是否将这些消息送还给Windows系统

Private Type KBDLLHOOKSTRUCT  '键盘钩子的结构体
vkCode As Long    '虚拟键码
scanCode As Long   '扫描码
flags As Long       '功能键状态
time As Long
dwExtraInfo As Long
End Type

Public KeyboardHandle As Long   '键盘钩子函数句柄
Private Const HC_ACTION = 0
Private Const LLKHF_EXTENDED = &H1
Private Const LLKHF_INJECTED = &H10
Private Const LLKHF_ALTDOWN = &H20
Private Const LLKHF_UP = &H80
Public Const VK_A = &H41
Public Const VK_ENTER = &HD
Public Const VK_TAB = &H9
Public Const VK_CONTROL = &H11
Public Const VK_ESCAPE = &H1B
Public Const VK_DELETE = &H2E

'钩子函数的核心
Public Function KeyboardCallback(ByVal Code As Long, _
ByVal wParam As Long, ByVal lParam As Long) As Long
'Code 表示拦截层次，之前我们已经说过，如果Code为0，则拦截所有窗口的键盘输入
'wParam 表示是何种Windows消息
'lParam表示某条Windows消息的具体内容的指针，它实际指向存储那个内容的内存地址

Static Hookstruct As KBDLLHOOKSTRUCT  '定义一个局部静态结构体实例
If (Code = HC_ACTION) Then   '鉴别Windows的消息来源
Call CopyMemory(Hookstruct, ByVal lParam, Len(Hookstruct))
If (IsHooked(Hookstruct)) Then   '过滤消息
KeyboardCallback = 1
Exit Function
End If
End If
KeyboardCallback = CallNextHookEx(KeyboardHandle, Code, wParam, lParam)
'将消息释放，用CallNextHookEx交还给系统
End Function
Public Function IsHooked(ByRef Hookstruct As KBDLLHOOKSTRUCT) As Boolean
'If (KeyboardHook Is Nothing) Then
If KeyboardHandle = 0 Then
IsHooked = False
Exit Function
End If
'有时候CopyMemory也会发生意想不到的事情，所以，当KeyboardHook = Nothing (无值)的情况下，退出，略过该函数，以防不可预知的错误。
If (Hookstruct.vkCode = VK_TAB) And _
CBool(Hookstruct.flags And _
LLKHF_ALTDOWN) Then      '屏蔽ALT+TAB键组合
IsHooked = True
Exit Function
End If
'以上拦截了Alt+Tab的键盘组合，并将IsHooked返回True(就是1)，表示本次按键确实符合了过滤原则，应该吞吃掉。
If (Hookstruct.vkCode = VK_ENTER) Then   '屏蔽ENTER键
IsHooked = True
Exit Function
End If
If (Hookstruct.vkCode = VK_A) Then   '屏蔽A和a键
IsHooked = True
Exit Function
End If
End Function

Public Sub UnhookKeyboard()   '释放钩子函数
'If (Hooked) Then
Call UnhookWindowsHookEx(KeyboardHandle)
'End If
End Sub