`

VB 不用DLL也 Hook WH_SHELL

    博客分类:
  • vb
阅读更多

egisterShellHookWindow Function

--------------------------------------------------------------------------------

Registers a specified Shell window to receive certain messages for events or notifications that are useful to Shell applications. The event messages received are only those sent to the Shell window associated with the specified window's desktop. Many of the messages are the same as those that can be received after calling the SetWindowsHookEx function and specifying WH_SHELL for the hook type. The difference with RegisterShellHookWindow is that the messages are received through the specified window's WindowProc and not through a call back procedure.

Syntax

BOOL RegisterShellHookWindow( HWND hWnd
);
Parameters

hWnd
[in] Handle to the window to register for Shell hook messages.
Return Value

TRUE if the function succeeds; FALSE if the function fails.




Remarks

As with normal window messages, the second parameter of the window procedure identifies the message as a "WM_SHELLHOOKMESSAGE". However, for these Shell hook messages, the message value is not a pre-defined constant like other message IDs such as WM_COMMAND. The value must be obtained dynamically using a call to RegisterWindowMessage(TEXT("SHELLHOOK"));. This precludes handling these messages using a traditional switch statement which requires ID values that are known at compile time. For handling Shell hook messages, the normal practice is to code an If statement in the default section of your switch statement and then handle the message if the value of the message ID is the same as the value obtained from the RegisterWindowMessage call.

The following table describes the wParam and lParam parameter values passed to the window procedure for the Shell hook messages.

wParam lParam
HSHELL_GETMINRECT A pointer to a SHELLHOOKINFO structure.
HSHELL_WINDOWACTIVATEED The HWND handle of the activated window.
HSHELL_RUDEAPPACTIVATEED The HWND handle of the activated window.
HSHELL_WINDOWREPLACING The HWND handle of the window replacing the top-level window.
HSHELL_WINDOWREPLACED The HWND handle of the window being replaced.
HSHELL_WINDOWCreateD The HWND handle of the window being created.
HSHELL_WINDOWDESTROYED The HWND handle of the top-level window being destroyed.
HSHELL_ACTIVATESHELLWINDOW Not used.
HSHELL_TASKMAN Can be ignored.
HSHELL_REDRAW The HWND handle of the window that needs to be redrawn.
HSHELL_FLASH The HWND handle of the window that needs to be flashed.
HSHELL_ENDTASK The HWND handle of the window that should be forced to exit.
HSHELL_APPCOMMAND The APPCOMMAND which has been unhandled by the application or other hooks. See WM_APPCOMMAND and use the GET_APPCOMMAND_LPARAM macro to retrieve this parameter.


Although you can access this function by using LoadLibrary and GetProcAddress combined in Microsoft Windows versions prior to Windows XP, the function is not accessible using the standard Include file and library linkage. The header files included in Windows XPÂ Service Pack 1 (SP1) and Windows Server 2003 document this function and make it accessible using the appropriate Include file and library linkage. However, this function is not intended for general use. It is recommended that you do not use it in new programs because it might be altered or unavailable in subsequent versions of Windows.

Function Information

Minimum DLL Version user32.dll
Header Declared in Winuser.h, include Windows.h
Import library User32.lib
Minimum operating systems Windows 2000
Unicode Implemented as ANSI and Unicode versions.

See Also

Windows Overview, DeregisterShellHookWindow, SetWindowsHookEx, WindowProc, ShellProc, WinEvents, Sending a Message

--------------------------------------------------------------------------------

Declare Function RegisterShellHook Lib "Shell32" Alias "#181" (ByVal hwnd As Long, ByVal nAction As Long) As Long
其中hwnd为窗口句柄,而nAction通常为下面的常数:
Const RSH_DEREGISTER = 0
Const RSH_REGISTER = 1
Const RSH_REGISTER_PROGMAN = 2
Const RSH_REGISTER_TASKMAN = 3

还有个RegisterShellHookWindow也可以,这个函数不需要nAction。

eg:

Option Explicit

Private Declare Function CallWindowProc _
Lib "user32" _
Alias "CallWindowProcA" (ByVal lpPrevWndFunc As Long, _
ByVal Hwnd As Long, _
ByVal msg As Long, _
ByVal wParam As Long, _
ByVal lParam As Long) As Long

Private Declare Function
RegisterWindowMessage _
Lib "user32" _
Alias "RegisterWindowMessageA" (ByVal lpString As String) As Long

Private Declare Function
SetWindowLong _
Lib "user32" _
Alias "SetWindowLongA" (ByVal Hwnd As Long, _
ByVal nIndex As Long, _
ByVal dwNewLong As Long) As Long

Private Declare Function
GetWindowLong _
Lib "user32" _
Alias "GetWindowLongA" (ByVal Hwnd As Long, _
ByVal nIndex As Long) As Long
Private Declare Function
RegisterShellHook _
Lib "Shell32" _
Alias "#181" (ByVal Hwnd As Long, _
ByVal nAction As Long) As Long

Private Declare Function
RegisterShellHookWindow _
Lib "user32" (ByVal Hwnd As Long) As Long

Private Declare Function
DeregisterShellHookWindow _
Lib "user32" (ByVal Hwnd As Long) As Long

Private Const
HSHELL_WINDOWCreateD = 1
Private Const HSHELL_WINDOWDESTROYED = 2
Private Const HSHELL_ACTIVATESHELLWINDOW = 3
Private Const HSHELL_WINDOWACTIVATED = 4
Private Const HSHELL_GETMINRECT = 5
Private Const HSHELL_REDRAW = 6
Private Const HSHELL_TASKMAN = 7
Private Const HSHELL_LANGUAGE = 8

Private Const WM_NCDESTROY = &H82

Private Const GWL_WNDPROC = -4

Private lpPrevWndProc As Long
Private
msgShellHook As Long

Public Sub
Unhook(Hwnd As Long)
SetWindowLong Hwnd, GWL_WNDPROC, lpPrevWndProc
Call DeregisterShellHookWindow(Hwnd)
End Sub

Public Sub
StartHook(Hwnd As Long)
msgShellHook = RegisterWindowMessage(
"SHELLHOOK")
Dim hLibShell As Long

RegisterShellHookWindow Hwnd
lpPrevWndProc = SetWindowLong(Hwnd, GWL_WNDPROC,
AddressOf WindowProc)
End Sub

Private Function
WindowProc(ByVal Hwnd As Long, _
ByVal uMsg As Long, _
ByVal wParam As Long, _
ByVal lParam As Long) As Long

Select Case
uMsg

Case WM_NCDESTROY
Unhook Hwnd

Case msgShellHook

Select Case wParam

Case HSHELL_WINDOWCreateD

Call AddLog(lParam, "HSHELL_WINDOWCreateD")

Case HSHELL_WINDOWDESTROYED

Call AddLog(lParam, "HSHELL_WINDOWDESTROYED")

Case HSHELL_REDRAW

Call AddLog(lParam, "HSHELL_REDRAW")

Case HSHELL_WINDOWACTIVATED

Call AddLog(lParam, "HSHELL_WINDOWACTIVATED")

Case HSHELL_GETMINRECT

Call AddLog(lParam, "HSHELL_GETMINRECT")

Case HSHELL_REDRAW

Call AddLog(lParam, "HSHELL_REDRAW")

Case HSHELL_TASKMAN

Call AddLog(lParam, "HSHELL_TASKMAN")

Case HSHELL_LANGUAGE

Call AddLog(lParam, "HSHELL_LANGUAGE")
End Select
End Select

WindowProc = CallWindowProc(lpPrevWndProc, Hwnd, uMsg, wParam, lParam)
End Function

 

分享到:
评论

相关推荐

    VB 无DLL hook 指定函数_dll_VBhook_

    `VB 无DLL hook 指定函数_dll_VBhook_`的主题涉及到的是在VB中,不依赖额外DLL的情况下,实现对其他进程中的特定函数进行Hook的技术。 Hook是一种系统级的技术,它允许开发者在函数调用前或调用后插入自定义代码,...

    Dll.rar_VB HookOpenProce_hook_openprocess_ring3 hook_vb HookOpen

    标题"Dll.rar_VB HookOpenProce_hook_openprocess_ring3 hook_vb HookOpen"涉及到的是在Windows操作系统中,使用Visual Basic(VB)实现Ring3级别的OpenProcess函数Hook技术。Ring3是用户模式,即应用程序通常运行的...

    ApiHook.rar_APIHOOK.rar_DLL HOOK_api_hook.dll_dll_hook dll

    在标题"ApiHook.rar_APIHOOK.rar_DLL HOOK_api_hook.dll_dll_hook dll"中,我们可以看到"ApiHook"、"DLL HOOK"以及"api_hook.dll"等关键词,这些都是与API Hook密切相关的元素。描述中提到的"API Hook示例代码"是...

    Hook API mingw DLL WH_MOUSE

    这里也顺便给出常用的WinGW GCC编译器的DLL开发注意事项,及共享段定义的使用方法,这样就可以在CodeBloacks这类使用GCC编译器的IDE正确编译程序。提示一下,MinGW中的文件后缀a表示是一个链接库文件,如MinGW\lib\...

    WH_KEYBOARD_LL.rar_WH_KEYBOARD VB_WH_KEYBOARD_LL_vb WH_KEYBOARD

    标签中的“wh_keyboard_vb”、“wh_keyboard_ll”、“vb__wh_keyboard_ll”和“屏蔽_热键”都与VB(Visual Basic)语言和`WH_KEYBOARD_LL`钩子的使用有关,表明这是一个使用VB来实现的键盘事件处理示例。 在压缩包...

    Hook_DLL.rar_api hook_hook dll_hook/dll_keyboard dll

    标题中的"Hook_DLL.rar_api hook_hook dll_hook/dll_keyboard dll"揭示了我们即将探讨的主题——API钩子(Hook)技术,特别是与DLL(动态链接库)相关的键盘输入挂钩。在这个场景下,描述指出我们将关注“Hook ...

    HOOKDLL_lungsxlb_hookdll钩子_vc++_hook_源码

    标题“HOOKDLL_lungsxlb_hookdll钩子_vc++_hook_源码”指的是一个使用VC++编程语言实现的钩子(Hook)技术示例,主要用于监控和截取键盘输入的Keydown和Keyup事件。在Windows操作系统中,钩子是一种机制,允许应用...

    Ex_HOOK.rar_API HOOK IE_dll ie_dll 注入 api_hook ie_hook注入

    标题中的“Ex_HOOK.rar_API HOOK IE_dll ie_dll 注入 api_hook ie_hook注入”提到了几个关键概念:API Hook、DLL注入以及它们在IE浏览器中的应用。这些是Windows编程和系统监控领域的核心技术。 API Hook(API钩子...

    Class_Hook.rar_VB hook_hook_hook vb_子类化_钩子 vb

    在VB中,由于其内置的API调用能力有限,实现钩子往往需要借助内嵌汇编或者外部DLL。 VB内嵌汇编是VB6及其以前版本的一个特性,允许开发者在VB代码中直接插入汇编语言,以实现一些VB自身无法直接支持的功能,如低级...

    HOOK_api.rar_Hook_api_detourapi_dll hook api_dll注入_注入 api hook

    "Hook_api_detourapi_dll"暗示了其中可能使用了Detour库,这是一个由Microsoft Research开发的用于API钩子的工具,它允许开发者拦截和修改函数调用。 描述中提到“dll注入后拦截API”,这是指动态链接库(DLL)注入...

    VB.rar_hook vb_注入

    在VB(Visual Basic)编程中,"VB.rar_hook vb_注入"这个主题涉及到的是程序的动态代码注入(Code Injection)和钩子(Hook)技术。动态代码注入是一种技术,允许程序在其他进程的上下文中执行代码,而钩子则允许...

    HOOK_DLL.rar_DLL HOOK_hook 游戏 delphi_注入_游戏 注入_窗体 hook

    标题中的"HOOK_DLL.rar"指的是一个包含DLL注入技术的压缩包文件,主要涉及的是动态链接库(DLL)的HOOK技术,以及如何利用这种技术在游戏中实现特定功能。DLL Hook是一种编程技术,通过它,我们可以拦截并修改其他...

    win7系统使用钩子WH_JOURNALRECORD和WH_JOURNALPLAYBACK

    在Windows操作系统中,钩子(Hook)是一种强大的技术,它允许开发者监视和处理特定类型的系统事件,例如键盘、鼠标输入或者其他窗口消息。本主题将详细探讨在Win7系统下使用钩子WH_JOURNALRECORD和WH_...

    WH_KEYBOARD_LL HOOK Demo

    【标题】"WH_KEYBOARD_LL HOOK Demo"是一个关于低级键盘钩子(Low-Level Keyboard Hook)的示例项目,主要用于演示如何在Windows操作系统中实现全局键盘监控。 【描述】该项目是使用Visual Studio 2013开发的,包含...

    api.rar_VB api C_hook vb_mouse_vb Volume_vbapi c

    vb api 手册,chm版的. 取得Disk Volume Information 显示、隐藏win95任务栏 限制Form Resize的最大值 如何使Mouse的右键无效(Mouse Hook)

    VC-hook.rar_ vc hook click_Vc Hook_hook_hook vc_vc hook

    "VC-hook.rar_ vc hook click_Vc Hook_hook_hook vc_vc hook" 提到的资源是一个使用Visual C++(VC)编写的钩子程序,专门用于捕获鼠标经过的窗口的标题。下面我们将详细讨论相关的知识点。 1. **钩子机制**:钩子...

    HooKIAT_dll

    "HooKIAT_dll"这个项目涉及到了一种常见的技术,即钩子(Hook)和IAT(Import Address Table)的修改,这是Windows应用程序核心编程的重要部分。本文将详细讲解这两个概念以及它们在实际应用中的工作原理。 首先,...

    hook-api.zip_VC hook api_hook api_hook vc_钩子 api

    在【标签】中,"vc_hook_api"表明这是与Visual C++相关的钩子API,"hook_api"和"hook_vc"则进一步强调了主题,而"钩子_api"是中文的翻译,再次确认了内容的核心是关于钩子的API实现。 在【压缩包子文件的文件名称...

    dll.rar_VB网络抓包_vb dll_vb 抓包_vb 网络数据_数据包

    2. "vb_dll":可能是指使用VB创建或调用的DLL文件,DLLs是可由多个程序同时使用的代码库。 3. "vb_抓包":再次强调这是VB实现的抓包功能。 4. "vb_网络数据":涉及VB处理网络数据的部分。 5. "数据包":网络通信的...

    Hook-CreateProcessInternalW.rar_VB hook_hook_vb拦截进程_拦截_拦截进程

    这个过程可能涉及到C/C++的DLL编写,因为VB自身并不支持创建系统级Hook。通过这种方式,开发者可以对进程创建行为进行监控,对于开发安全软件、调试工具或者进行系统级别的功能扩展具有重要意义。

Global site tag (gtag.js) - Google Analytics