delphi HooK 指定程序窗體和控件的 WndProc作者:admin 來源: 日期:2011/8/16 9:35:18 人氣:555 標(biāo)簽: | | 
搞點(diǎn)界面XX
只是做不好的話會(huì)引起explorer和其他程序崩潰
首先我們的思路肯定這樣的啦!
1 下鉤
2 當(dāng)一個(gè)程序運(yùn)行后鉤子被注入����,入口肯定是要先判斷 是否是我們要HOOK的程序的進(jìn)程
3判斷是了就保存原來的WndProc的地址然后 SetWindowLong 把窗體的 WndProc 或 控件的 WndProc 轉(zhuǎn)向我們新的 WndProc
然后呢,發(fā)現(xiàn)什么問題,鉤子入口函數(shù)執(zhí)行啦,但是 SetWindowLong 就是不成功�����。���。。(SetWindowLong 頭參是窗體或控件句柄)
調(diào)了下,發(fā)現(xiàn)原來 SetWindowLong 函數(shù)沒有被執(zhí)行���,納悶中 ��,以為入口函數(shù)沒有被執(zhí)行 �,后來放個(gè)消息發(fā)現(xiàn) 入口函數(shù)被執(zhí)行,但是
SetWindowLong 沒有被執(zhí)行........
原來當(dāng)鉤子入口函數(shù)執(zhí)行的時(shí)候 鉤子所在進(jìn)程是有啦 ����,但是進(jìn)程的窗體還沒出來,獲取不到窗體句柄和控件句柄.
后來把 SetWindowLong 嘗試放在其他位置 , 發(fā)現(xiàn)掛鉤總是過濾不到消息不然就是引起其他程序崩潰..........
下樓完吃飯 , 找到突破口 , 嘗試了下 , 好啦.
----------------------------------------------------------------------------------------------------------------------------------------------------------------------
鉤任務(wù)管理器的 WndProc 為例子...............
HOOK控件WndProc的話,需要先枚舉出你要搞的那個(gè)的句柄,然后就不用說了吧,枚舉自己來,我這里不搞了.
ibrary zhusjm;
uses
Windows, Messages, SysUtils, Dialogs, psapi;
var
OldHook: HHOOK;
OldProc:FARPROC;
CriticalSection: TRTLCriticalSection;
Function WndProc(Hwnd,Msg,wParam,lParam:longint):LRESULT; stdcall;
begin
case Msg of
//WM_PAINT: 這東西好啊 = = ,搞點(diǎn)什么好事都不錯(cuò)丫,嘻嘻嘻
WM_MOUSEMOVE:
begin
showmessage('s');
end;
end;
Result:=CallWindowProc(OldProc,Hwnd,Msg,wParam,lParam);
end;
procedure HookProc(nCode, wParam, lParam: LongWORD);stdcall;
var
Winh:HWND;
begin
CallNextHookEx(OldHook, nCode, wParam, lParam);
end;
function SetHook:Boolean;stdcall;
begin
OldHook:=SetWindowsHookEx(WH_GETMESSAGE,@HookProc, Hinstance,0);
if (OldHook=0) then
begin
exit
end
else
Result:=True;
end;
procedure UnHook; stdcall;
begin
UnhookWindowsHookEx(OldHook);
end;
function IdToExeDir(dwProcessId : DWORD): String;
var
cbNeeded : DWORD;
hProcess : THandle;
hModules : HMODULE;
lpFilename : array [0..1024-1] of Char;
begin
result:='';
hProcess:=OpenProcess(PROCESS_QUERY_INFORMATION or PROCESS_VM_READ,false,dwProcessId);
if hProcess=0 then exit;
EnumProcessModules(hProcess,@hModules,sizeof(hModule),cbNeeded);
GetModuleFileNameEx(hProcess,hModules,lpFilename,1024);
result:=lpFilename;
CloseHandle(hProcess);
end;
procedure SetWndProc;
var
WinStr:HWND;
begin
EnterCriticalSection(CriticalSection);
Sleep(2000); //等兩秒,嘿嘿 這回窗口出來了吧~
WinStr:=FindWindow(nil,'Windows 任務(wù)管理器');
OldProc:=FARPROC(GetWindowLong(WinStr,GWL_WNDPROC));
if WinStr<>0 then
begin
SetWindowLong(WinStr,GWL_WNDPROC,Longint(@WndProc));
end;
LeaveCriticalSection(CriticalSection);
ExitThread(4);
end;
procedure FindWindows;
var
WinStr:HWND;
ThreadId1:DWORD;
begin
if pos('taskmgr',IdToExeDir(GetCurrentProcessID))>0 then
begin
if CriticalSection.RecursionCount<>0 then
DeleteCriticalSection(CriticalSection);
InitializeCriticalSection(CriticalSection);
CreateThread(nil,0,@SetWndProc,nil,0,ThreadId1); //雖然這時(shí)候窗口沒出來find不到句柄,那我們不懂來個(gè)線程啊,嘻嘻嘻嘻
end;
end;
procedure DllMain(Reason: Integer);
begin
case Reason of
DLL_PROCESS_ATTACH:
begin
FindWindows;
end;
DLL_PROCESS_DETACH:
begin
end;
end;
end;
exports
SetHook,
UnHook;
begin
DLLProc:=@DllMain;
DllMain(DLL_PROCESS_ATTACH);
end.
|
|
