1 / 18

Windows Hooks

Windows Hooks. By Gregory Mortensen CSIS 4330 Utah Valley State College. Windows Hooks. System Hooks, process all input of the appropriate type for the entire OS and must be in a DLL Thread Hooks, process all input of the appropriate type for that process or thread. Windows Hook Functions.

vilmos
Download Presentation

Windows Hooks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Windows Hooks By Gregory Mortensen CSIS 4330 Utah Valley State College

  2. Windows Hooks • System Hooks, process all input of the appropriate type for the entire OS and must be in a DLL • Thread Hooks, process all input of the appropriate type for that process or thread.

  3. Windows Hook Functions • SetWindowsHookEx – creates hook. • UnhookWindowsHookEx – releases hook. • CallNextHookEx – if not changing data it calls the next registered windows hook function, assuming another function exists. • Don’t use the non-Ex versions, as they are for windows 3.x.

  4. SetWindowsHookEx • HHOOK SetWindowHookEx (int hookType, CALLBACK *fP, HANDLE hInstance, THREADID threadId) • If fP is in a dll, you must export it. • If in a dll, hInstance, must be the instance of the DLL • For thread specific hooks, hInstance and threadID can be NULL • Use GetCurrentThreadId() to obtain threadId.

  5. WH_CALLWNDPROC WH_GETMESSAGE WH_JOURNALRECORD WH_JOURNALPLAYBACK WH_FOREGROUNDIDLE WH_MSGFILTER WH_SYSMSGFILTER WH_KEYBOARD WH_CBT WH_DEBUG WH_SHELL WH_MOUSE SetWindowsHookEx -- hookType

  6. Filter Functions • LRESULT CALLBACK FilterFunc (int nCode, WORD wParam, DWORD lParam) • See also: CallWndProc, CBTProc, DebugProc, GetMsgProc, JournalRecordProc, JournalPlaybackProc, ShellProc, KeyboardProc, MouseProc, MessageProc, and SysMsgProc

  7. WH_FOREGROUNDIDLE • For system hooks, it is called only when no user input to process for the current thread. • For thread specific hooks, windows only calls this function when that thread is the current thread and the thread has no current input

  8. WH_GETMESSAGE • Called just prior to a return of PeekMessage or GetMessage. • The lParam contains a pointer to a MSG structure which you can modify before calling CallNextHookEx

  9. WH_GETMESSAGE • Struct tagMSG { HWND hwnd //window receiving msg UINT message //message number WPARAM wParam LPARAM lParam DWORD time //time message sent POINT pt //cursor position of msg }

  10. WH_KEYBOARD • Invoked when Get/PeekMessage are about to return WM_CHAR, or WM_KEY type message. • HookCode= HC_ACTION when the event is being removed from the queue. • HookCode= HC_NOREMOVE when the application is using PeekMessage.

  11. WH_MOUSE • Invoked when the message about to be invoked is a mouse message. • Must always reside in a DLL

  12. WH_MSGFILTER • All in one for non-keyboard non-mouse messages. • Used for Dialog boxes, Message Boxes, Scroll bars, or Menus. • Also used when the User switches tasks.

  13. WH_SYSMSGFILTER • System wide WH_MSGFILTER hook

  14. So if Windows is so smart…How do you know when a windows hook is going to be called? ??????

  15. WH_DEBUG • Filters can’t modify the values, but you can discard them • wParam is the type of windows hook such as WH_SYSMSGFILTER • lParam is a pointer to a DEBUGHOOKINFO structure

  16. WH_DEBUG • Struct tagDEBUGHOOKINFO { DWORD threadID, LPARAM reserved, LPARAM lParam, WPARAM wParam, int code }

  17. CallNextHookEx • If you want to have windows continue processing the hook, your processing function should: • Return (CallNextHookEx (HHOOK createHookHandle, int nCode, WORD wParam, DWORD lParam)) • To discard, return 0;

  18. UnhookWindowsHookEx • UnhookWindowsHookEx(HHOOK createHookHandle) • Releases hook from hooking sequence.

More Related