监视程序运行得钩子程序

类别:编程语言 点击:0 评论:0 推荐:

老是觉得钩子很深奥,最近研究了一下,这是我得代码,可以监视哪些程序被运行以及被销毁。

这是钩子得头文件

#ifndef EXEHOOKAPI
#define EXEHOOKAPI __declspec(dllimport)
#endif
#define USER_MSG  WM_USER+1
#define UC_APPSTART  0x80000001
#define UC_APPDESTROY 0x80000002

EXEHOOKAPI BOOL WINAPI SetHook(HWND hExe);

这是cpp文件

#include <windows.h>
#define EXEHOOKAPI __declspec(dllexport)
#include "ExeHook.h"

#pragma data_seg("shared")
HHOOK g_hProc =NULL;
HWND g_hForm = NULL;
#pragma data_seg()
#pragma comment(linker, "/section:shared,rws")
// DLL¾ä±ú
HINSTANCE g_hInstDLL = NULL;
//LRESULT CALLBACK HookedShellProc(int nCode, WPARAM wParam, LPARAM lParam);
LRESULT CALLBACK HookedShellProc(int nCode, WPARAM wParam, LPARAM lParam)

 switch(nCode)
 {
 case HSHELL_WINDOWCREATED:  
  PostMessage(g_hForm,USER_MSG,UC_APPSTART,LPARAM(wParam));
  break;
 case HSHELL_WINDOWDESTROYED:  
  PostMessage(g_hForm,USER_MSG,UC_APPDESTROY,LPARAM(wParam));
  break;
 }
 return CallNextHookEx(g_hProc, nCode, wParam, lParam);
}

BOOL WINAPI SetHook(HWND hwndExe)
{
 BOOL bRet;
 if(hwndExe)
 { 
  g_hForm=hwndExe;
  g_hProc=SetWindowsHookEx(WH_SHELL, (HOOKPROC) HookedShellProc, g_hInstDLL, 0);

  bRet = (g_hProc!=NULL);
 }
 else
 {
  bRet=UnhookWindowsHookEx(g_hProc);
  g_hProc=NULL;
  g_hForm=NULL;
 }
 return bRet;
}

BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
{
  if (fdwReason == DLL_PROCESS_ATTACH)
    g_hInstDLL = hinstDLL;
  return TRUE;
}

 

 

本文地址:http://com.8s8s.com/it/it27368.htm