`

VB 远线程注入技术实现键盘拦截的例子(无DLL)

    博客分类:
  • vb
阅读更多
Option Explicit

Private Sub cmdLock_Click()
If LockKeyboard(True) Then
cmdLock.Enabled = False
cmdUnLock.Enabled = True
End If
End Sub

Private Sub
cmdUnLock_Click()
If LockKeyboard(False) Then
cmdLock.Enabled = True
cmdUnLock.Enabled = False
End If
End Sub

Private Sub
Form_Load()
Dim bIsLock As Boolean
bIsLock = GetKeyboardState
cmdLock.Enabled =
Not bIsLock
cmdUnLock.Enabled = bIsLock
End Sub



模块部分代码:

Option Explicit
'是否包含处理其它键盘消息,True表示处理.
#Const INC_OTHER_KEY = True
'注意,以下所有双版本的API均声明成了 UNICODE 版。 并且许多地方与VB的API浏览器生成的代码有所不同。
Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Private Declare Function
ReadProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Long, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Private Declare Function
WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Long, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Private Declare Function
GlobalAddAtom Lib "kernel32" Alias "GlobalAddAtomW" (ByVal lpString As Long) As Integer
Private Declare Function
GlobalDeleteAtom Lib "kernel32" (ByVal nAtom As Integer) As Integer
Private Declare Function
GlobalFindAtom Lib "kernel32" Alias "GlobalFindAtomW" (ByVal lpString As Long) As Integer
Private Const
TH32CS_SNAPPROCESS = 2
Private Type PROCESSENTRY32W
dwSize
As Long
cntUsage As Long
h32ProcessID As Long ' // this process
th32DefaultHeapID As Long '
h32ModuleID As Long ' // associated exe
cntThreads As Long '
th32ParentProcessID As Long ' // this process's parent process
pcPriClassBase As Long ' // Base priority of process's threads
dwFlags As Long '
szExeFile(1 To 260) As Integer ' // Path
End Type
Private Declare Function CreateToolhelp32Snapshot Lib "kernel32" (ByVal dwFlags As Long, ByVal th32ProcessID As Long) As Long
Private Declare Function
Process32First Lib "kernel32" Alias "Process32FirstW" (ByVal hSnapshot As Long, lpPE As PROCESSENTRY32W) As Long
Private Declare Function
Process32Next Lib "kernel32" Alias "Process32NextW" (ByVal hSnapshot As Long, lpPE As PROCESSENTRY32W) As Long
Private Declare Function
lstrcmpi Lib "kernel32" Alias "lstrcmpiW" (lpString1 As Integer, ByVal lpString2 As Long) As Long
Private Declare Function
CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Private Declare Function
GetLastError Lib "kernel32" () As Long
Private
Type LUID
lowpart
As Long
highpart As Long
End
Type
Private Type LUID_AND_ATTRIBUTES
pLuid
As LUID
Attributes
As Long
End
Type
Private Type TOKEN_PRIVILEGES
PrivilegeCount
As Long
Privileges As LUID_AND_ATTRIBUTES
End Type
Private Const PROCESS_ALL_ACCESS As Long = &H1F0FFF
Private Const TOKEN_QUERY As Long = &H8&
Private Const TOKEN_ADJUST_PRIVILEGES As Long = &H20&
Private Const SE_PRIVILEGE_ENABLED As Long = &H2
Private Const SE_DEBUG_NAME As String = "SeDebugPrivilege"
Private Declare Function GetCurrentProcess Lib "kernel32" () As Long
Private Declare Function
OpenProcessToken Lib "advapi32.dll" (ByVal ProcessHandle As Long, ByVal DesiredAccess As Long, TokenHandle As Long) As Long
Private Declare Function
LookupPrivilegeValue Lib "advapi32.dll" Alias "LookupPrivilegeValueW" (ByVal lpSystemName As Long, ByVal lpName As Long, lpLuid As LUID) As Long
Private Declare Function
AdjustTokenPrivileges Lib "advapi32.dll" (ByVal TokenHandle As Long, ByVal DisableAllPrivileges As Long, NewState As TOKEN_PRIVILEGES, ByVal BufferLength As Long, ByVal PrevState As Long, ByVal N As Long) As Long
Private Declare Function
GetModuleHandle Lib "kernel32" Alias "GetModuleHandleW" (ByVal lpwModuleName As Long) As Long
Private Declare Function
GetProcAddress Lib "kernel32" (ByVal hModule As Long, ByVal lpProcName As String) As Long
Private Const
MEM_COMMIT As Long = &H1000
Private Const MEM_DECOMMIT As Long = &H4000
Private Const PAGE_EXECUTE_READWRITE As Long = &H40
Private Declare Function VirtualAllocEx Lib "kernel32" (ByVal ProcessHandle As Long, ByVal lpAddress As Long, ByVal dwSize As Long, ByVal flAllocationType As Long, ByVal flProtect As Long) As Long
Private Declare Function
VirtualFreeEx Lib "kernel32" (ByVal ProcessHandle As Long, ByVal lpAddress As Long, ByVal dwSize As Long, ByVal dwFreeType As Long) As Long
Private Declare Function
CreateRemoteThread Lib "kernel32" (ByVal hProcess As Long, ByVal lpThreadAttributes As Long, ByVal dwStackSize As Long, ByVal lpStartAddress As Long, ByVal lpParameter As Long, ByVal dwCreationFlags As Long, lpThreadId As Long) As Long
Private Declare Function
WaitForSingleObject Lib "kernel32" (ByVal hHandle As Long, ByVal dwMilliseconds As Long) As Long
Private Declare Function
GetExitCodeThread Lib "kernel32" (ByVal hThread As Long, lpExitCode As Long) As Long
#If INC_OTHER_KEY Then
Private Declare Function SetWindowsHookEx Lib "user32" Alias "SetWindowsHookExW" (ByVal idHook As Long, ByVal lpfn As Long, ByVal hmod As Long, ByVal dwThreadId As Long) As Long
Private Declare Function
UnhookWindowsHookEx Lib "user32" (ByVal hHook As Long) As Long
Private Declare Function
CallNextHookEx Lib "user32" (ByVal hHook As Long, ByVal nCode As Long, ByVal wParam As Long, lParam As Any) As Long
#End If
Private Const ATOM_FLAG As String = "HookSysKey"
Private Const SHELL_FALG As String = "Winlogon"
Private Const SHELL_CODE_DWORDLEN = 317 '注入代码所占的双字数
Private Const SHELL_CODE_LENGTH = (SHELL_CODE_DWORDLEN * 4) '字节数
Private Const SHELL_FUNCOFFSET = &H8 '注入代码线程函数偏移量
Private mlShellCode(SHELL_CODE_DWORDLEN - 1) As Long
#If INC_OTHER_KEY Then
Private m_lHookID As Long '键盘钩子句柄
Private Type KBDLLHOOKSTRUCT
vkCode
As Long
scanCode As Long
flags As Long
time As Long
dwExtraInfo As Long
End
Type
Private Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (Destination As Any, Source As Any, ByVal Length As Long)
#End If
'============================================
' 锁定/解锁键盘
' 参数:布尔型,真表示锁定
' 返回:布尔型, 真表示成功
' 注意:非 Ctrl+Alt+Del 键使用普通钩子技术,因此
' 程序在退出时注意要卸载钩子。
'============================================
Public Function LockKeyboard(ByVal bLock As Boolean) As Boolean
Dim
lResult As Long
Dim
lStrPtr As Long
Dim
iAtom As Integer
lStrPtr = StrPtr(SHELL_FALG)
iAtom = GlobalFindAtom(lStrPtr)
If iAtom = 0 Then
lResult = InsertAsmCode
Debug.Assert lResult =
0
If lResult Then Exit Function
End If
lStrPtr = StrPtr(ATOM_FLAG)
iAtom = GlobalFindAtom(lStrPtr)
If bLock Then
#If INC_OTHER_KEY Then
'强烈建议:使用了SetWindowsHookEx的话,请编译后再运行!
m_lHookID = SetWindowsHookEx(13, AddressOf LowLevelKeyboardProc, App.hInstance, 0)
#End If
If iAtom = 0 Then iAtom = GlobalAddAtom(lStrPtr)
LockKeyboard = (iAtom <>
0)
Debug.Assert LockKeyboard
Else
#If INC_OTHER_KEY Then
If m_lHookID Then Call UnhookWindowsHookEx(m_lHookID)
#End If
If iAtom Then iAtom = GlobalDeleteAtom(iAtom)
LockKeyboard = iAtom =
0
End If
End Function
Public Function
GetKeyboardState() As Boolean
GetKeyboardState = GlobalFindAtom(StrPtr(ATOM_FLAG)) <> 0
End Function
#If INC_OTHER_KEY Then
Private Function LowLevelKeyboardProc(ByVal nCode As Long, ByVal wParam As Long, ByVal lParam As Long) As Long
Dim
KBEvent As KBDLLHOOKSTRUCT
If nCode >= 0 Then
'在这里可以加入实际的过滤条件
CopyMemory KBEvent, ByVal lParam, 20& 'sizeof KBDLLHOOKSTRUCT=20
'wParam = 消息,如WM_KEYDOWN, WM_KEYUP等
Debug.Print Hex$(KBEvent.vkCode) 'VK_??? 定义的键码
LowLevelKeyboardProc = 1 '1屏蔽,否则应调用CallNextHookEx
Else
LowLevelKeyboardProc = CallNextHookEx(m_lHookID, nCode, wParam, lParam)
End If
End Function
#End If
'----------------------------------------------
' 远程线程插入函数
' 功能:向 Winlogon 进程插入远程线程代码,并执行
' 返回:0表示成功,非0表示标准的系统错误代号
'----------------------------------------------
Private Function InsertAsmCode() As Long
Const
WINLOGON As String = "Winlogon.exe"
Dim hProcess As Long '远端进程句柄
Dim hPId As Long '远端进程ID
Dim lResult As Long '一般返回变量
Dim pToken As TOKEN_PRIVILEGES
Dim hToken As Long
Dim
hRemoteThread As Long
Dim
hRemoteThreadID As Long
Dim
lDbResult(1) As Long
Dim
lRemoteAddr As Long
'------------------------------------
'取winlogon进程ID
'------------------------------------
hPId = GetProcessIdFromName(WINLOGON)
If hPId = 0 Then
InsertAsmCode = GetLastError
Debug.Assert
False
Exit Function
End If
'------------------------------------
'提升本进程权限,以取得对winlogon进程操作的许可
'------------------------------------
lResult = OpenProcessToken(GetCurrentProcess(), _
TOKEN_ADJUST_PRIVILEGES
Or TOKEN_QUERY, _
hToken)
Debug.Assert lResult
lResult = LookupPrivilegeValue(
0, StrPtr(SE_DEBUG_NAME), pToken.Privileges.pLuid)
Debug.Assert lResult
pToken.PrivilegeCount =
1
pToken.Privileges.Attributes = SE_PRIVILEGE_ENABLED
lResult = AdjustTokenPrivileges(hToken,
False, pToken, Len(pToken), 0, 0)
Debug.Assert lResult
'------------------------------------
'打开winlogon进程
'------------------------------------
hProcess = OpenProcess(PROCESS_ALL_ACCESS, 0, hPId)
Debug.Assert hProcess
If hProcess Then
'------------------------------------
'初始注入代码
'------------------------------------
Call InitShellCode
'------------------------------------
'远端进程分配内存
'------------------------------------
lRemoteAddr = VirtualAllocEx(hProcess, 0, SHELL_CODE_LENGTH, MEM_COMMIT, PAGE_EXECUTE_READWRITE)
Debug.Assert lRemoteAddr
'------------------------------------
'写入 shell 代码
'------------------------------------
If lRemoteAddr Then
InsertAsmCode = WriteProcessMemory(hProcess, lRemoteAddr, mlShellCode(0), SHELL_CODE_LENGTH, 0)
Else
InsertAsmCode = GetLastError
Exit Function
End If
'------------------------------------
'创建远程线程
'------------------------------------
hRemoteThread = CreateRemoteThread(hProcess, 0, 0, lRemoteAddr + SHELL_FUNCOFFSET, 0, 0, hRemoteThreadID)
If hRemoteThread = 0 Then
InsertAsmCode = GetLastError
Debug.Assert hRemoteThread
Exit Function
End If
'------------------------------------
'等待远程线程
'------------------------------------
Call WaitForSingleObject(hRemoteThread, -1)
Call GetExitCodeThread(hRemoteThread, InsertAsmCode)
Call CloseHandle(hRemoteThread)
'------------------------------------
'释放远端进程内存
'------------------------------------
Call VirtualFreeEx(hProcess, lRemoteAddr, SHELL_CODE_LENGTH, MEM_DECOMMIT)
Else
InsertAsmCode = GetLastError
End If
End Function
'============================================
' 初始线程代码
'============================================
Private Function InitShellCode() As Long
Const
kernel32 As String = "kernel32.dll"
Dim hDll As Long
'------------------------------------
'提取注入代码所需的API函数
'------------------------------------
hDll = GetModuleHandle(StrPtr(kernel32)): Debug.Assert hDll
mlShellCode(
0) = GetProcAddress(hDll, "GetModuleHandleW")
mlShellCode(
1) = GetProcAddress(hDll, "GetProcAddress")
'---------------------------
' 以下代码由 MASM32 产生
mlShellCode(2) = &HE853&
mlShellCode(
3) = &H815B0000
mlShellCode(4) = &H40100EEB
mlShellCode(5) = &H238E800
mlShellCode(6) = &HC00B0000
mlShellCode(7) = &H838D5075
mlShellCode(8) = &H4010B0
mlShellCode(9) = &HD093FF50
mlShellCode(10) = &HF004013
mlShellCode(11) = &HC00BC0B7
mlShellCode(12) = &H683A75
mlShellCode(13) = &H6A020000
mlShellCode(14) = &H8D006A00
mlShellCode(15) = &H4010B083
mlShellCode(16) = &H93FF5000
mlShellCode(17) = &H401090
mlShellCode(18) = &H1874C00B
mlShellCode(19) = &H10C2938D
mlShellCode(20) = &H6A0040
mlShellCode(21) = &H93FF5052
mlShellCode(22) = &H401094
mlShellCode(23) = &H474C00B
mlShellCode(24) = &HAEB0AEB
mlShellCode(25) = &H108C93FF
mlShellCode(26) = &H2EB0040
mlShellCode(27) = &HC25BC033
mlShellCode(28) = &HFF8B0004
mlShellCode(38) = &H410053
mlShellCode(39) = &H200053
mlShellCode(40) = &H690077
mlShellCode(41) = &H64006E
mlShellCode(42) = &H77006F
mlShellCode(43) = &HFF8B0000
mlShellCode(44) = &H690057
mlShellCode(45) = &H6C006E
mlShellCode(46) = &H67006F
mlShellCode(47) = &H6E006F
mlShellCode(48) = &H8B550000
mlShellCode(49) = &HF0C481EC
mlShellCode(50) = &H53FFFFFD
mlShellCode(51) = &HE8&
mlShellCode(
52) = &HEB815B00
mlShellCode(53) = &H4010D1
mlShellCode(54) = &H10468
mlShellCode(55) = &HF8858D00
mlShellCode(56) = &H50FFFFFD
mlShellCode(57) = &HFF0875FF
mlShellCode(58) = &H40108093
mlShellCode(59) = &HF8858D00
mlShellCode(60) = &H50FFFFFD
mlShellCode(61) = &H1098838D
mlShellCode(62) = &HFF500040
mlShellCode(63) = &H40107C93
mlShellCode(64) = &H75C00B00
mlShellCode(65) = &H68406A69
mlShellCode(66) = &H1000&
mlShellCode(
67) = &H7668&
mlShellCode(
68) = &HFF006A00
mlShellCode(69) = &H40107493
mlShellCode(70) = &H74C00B00
mlShellCode(71) = &H85896054
mlShellCode(72) = &HFFFFFDF0
mlShellCode(73) = &H75FFFC6A
mlShellCode(74) = &H8493FF08
mlShellCode(75) = &H8D004010
mlShellCode(76) = &H4013C893
mlShellCode(77) = &HFC028900
mlShellCode(78) = &HFDF0BD8B
mlShellCode(79) = &H76B9FFFF
mlShellCode(80) = &H8D000000
mlShellCode(81) = &H401374B3
mlShellCode(82) = &H8DA4F300
mlShellCode(83) = &H4010B083
mlShellCode(84) = &H93FF5000
mlShellCode(85) = &H401078
mlShellCode(86) = &HFDF0B5FF
mlShellCode(87) = &HFC6AFFFF
mlShellCode(88) = &HFF0875FF
mlShellCode(89) = &H40108893
mlShellCode(90) = &HC0336100
mlShellCode(91) = &HC03303EB
mlShellCode(92) = &HC2C95B40
mlShellCode(93) = &H6B0008
mlShellCode(94) = &H720065
mlShellCode(95) = &H65006E
mlShellCode(96) = &H33006C
mlShellCode(97) = &H2E0032
mlShellCode(98) = &H6C0064
mlShellCode(99) = &H6C&
mlShellCode(
100) = &H730075
mlShellCode(101) = &H720065
mlShellCode(102) = &H320033
mlShellCode(103) = &H64002E
mlShellCode(104) = &H6C006C
mlShellCode(105) = &H69560000
mlShellCode(106) = &H61757472
mlShellCode(107) = &H6572466C
mlShellCode(108) = &H6C470065
mlShellCode(109) = &H6C61626F
mlShellCode(110) = &H646E6946
mlShellCode(111) = &H6D6F7441
mlShellCode(112) = &H6C470057
mlShellCode(113) = &H6C61626F
mlShellCode(114) = &H41646441
mlShellCode(115) = &H576D6F74
mlShellCode(116) = &H74736C00
mlShellCode(117) = &H706D6372
mlShellCode(118) = &H4F005769
mlShellCode(119) = &H446E6570
mlShellCode(120) = &H746B7365
mlShellCode(121) = &H57706F
mlShellCode(122) = &H6D756E45
mlShellCode(123) = &H6B736544
mlShellCode(124) = &H57706F74
mlShellCode(125) = &H6F646E69
mlShellCode(126) = &H47007377
mlShellCode(127) = &H69577465
mlShellCode(128) = &H776F646E
mlShellCode(129) = &H74786554
mlShellCode(130) = &H65470057
mlShellCode(131) = &H6E695774
color:
分享到:
评论

相关推荐

    vb.net的键盘鼠标全局,线程钩子

    综上所述,VB.NET的键盘鼠标全局线程钩子是通过调用Windows API,利用P/Invoke技术实现的。它能让你的应用程序捕获系统范围内的键盘和鼠标事件,但同时也需要注意性能和线程安全的问题。通过提供的源码和测试程序,...

    VB中利用日志记录钩子实现键盘监控_孙建华

    在VB(Visual Basic)编程中,利用日志记录钩子实现键盘监控是一种常见的系统监控技术。日志记录钩子(WH_JOURNALRECORD)是Windows操作系统提供的一种钩子类型,它可以记录并处理发送到系统消息队列的所有消息,包括...

    VB键盘钩子 源码 含有3种方法实现

    在VB(Visual Basic)编程中,键盘钩子是一种技术,允许程序员截取并处理系统中的键盘事件,即使这些事件发生在其他应用程序中。本资源提供的源码包含三种不同的方法来实现VB键盘钩子,这对于开发者来说是非常有价值...

    VBHOOK实现键盘监控

    本主题聚焦于“VBHOOK实现键盘监控”,这涉及到Windows操作系统中的钩子(Hook)技术,这是一种允许程序拦截和处理特定事件(如键盘输入)的技术。 首先,我们需要了解什么是钩子。在Windows API中,钩子是一种机制...

    VB Hook 钩子 键盘钩子

    在VB中实现键盘钩子,你需要创建一个DLL(动态链接库)来存放钩子处理程序,因为VB不支持直接设置系统级钩子。然后在VB主程序中调用DLL中的函数来安装和卸载钩子。 以下是一个简单的VB Hook键盘钩子的实现步骤概览...

    VB.NET实现全局键盘鼠标钩子_屏幕取词.rar

    标题中的“VB.NET实现全局键盘鼠标钩子_屏幕取词.rar”表明这是一个使用VB.NET编程语言编写的项目,该项目着重于实现全局键盘和鼠标事件的捕获,以及屏幕上的单词选取功能。屏幕取词通常指的是在屏幕上选择文本并...

    [VB6+C-DLL]全局钩子

    通过VB6和C语言的结合,开发者可以创建自己的全局钩子DLL,实现诸如键盘、鼠标监控,窗口消息捕获等多种功能。不过,这项技术需要对Windows API和底层编程有较深入的理解,同时也需要遵循最佳实践,以避免潜在的问题...

    c# winform 鼠标、键盘消息拦截

    在C# WinForm应用开发中,有时我们需要对用户的键盘和鼠标事件进行特殊的处理,比如拦截、过滤或修改这些消息。本文将深入探讨如何在VS2013环境下使用C# WinForm来实现这一功能。 首先,`PreFilterMessage`方法是...

    利用输入法注入DLL

    注入DLL是做全局钩子或者拦截类软件都有可能用到的技术,如果做外挂的话我们也有 可能需要注入一个DLL到游戏进程中去干点什么“坏事”。 但我们知道现在要注入DLL是越 来越难了。场景1:制作火星文输入法外挂,...

    vb 键盘钩子

    这种技术通常用于监控键盘输入、拦截特定键击或者实现自定义的快捷键功能。下面我们将深入探讨VB键盘钩子的相关知识点。 **一、键盘钩子的概念** 键盘钩子是Windows操作系统提供的一种机制,它允许程序注册一个回调...

    用VB2008引用Hook控制键盘鼠标或记录键盘鼠标的动作

    标题中的“用VB2008引用Hook控制键盘鼠标或记录键盘鼠标的动作”涉及到的是在Visual Basic 2008(简称VB2008)环境下,利用API钩子技术来实现对用户输入设备——键盘和鼠标的监控与控制。这种技术常用于开发系统监控...

    vb.net键盘钩子

    标题中的“vb.net键盘钩子”指的是在VB.NET编程环境中实现的一种技术,它允许程序员捕获和处理系统级的键盘事件,即使这些事件不在当前应用程序的焦点窗口内。这种技术通常涉及使用Windows API(应用程序接口)函数...

    vb键盘鼠标钩子模块

    在VB(Visual Basic)编程中,键盘鼠标钩子模块是一种技术,允许开发者捕获和处理系统级别的键盘和鼠标事件。这种技术通常用于监控用户输入、实现特定的输入控制或者创建自定义的输入处理机制。下面将详细介绍这个...

    vb.net (c#)中鼠标,键盘钩子Hook

    在VB.NET和C#编程中,鼠标和键盘钩子(Hook)是一种强大的技术,它允许开发者监听和拦截用户的输入事件,无论是鼠标点击还是按键动作。钩子是Windows操作系统提供的一种机制,通过它,一个进程可以获取到另一个进程...

    Dll.rar_VB HookOpenProce_hook_openprocess_ring3 hook_vb HookOpen

    标题"Dll.rar_VB HookOpenProce_hook_openprocess_ring3 hook_vb HookOpen"涉及到的是在Windows操作系统中,使用Visual Basic(VB)实现Ring3级别的OpenProcess函数Hook技术。Ring3是用户模式,即应用程序通常运行的...

    vb中使用HOOK技术

    本文将详细介绍如何在Visual Basic 6.0 (以下简称VB)环境中使用HOOK技术,并通过具体示例来展示其实现过程。 #### 什么是HOOK技术? HOOK(挂钩)是一种在Windows操作系统中拦截特定类型事件或消息的方法。通过...

    一个VB HOOK钩子.rar

    总结起来,"一个VB HOOK钩子.rar"提供的资源是关于如何在VB中利用HOOK技术实现键盘监控的实例,对于学习系统级编程、理解HOOK机制以及开发相关应用的开发者来说具有很高的参考价值。通过学习和理解这个源码,你可以...

    用VB.NET编写的键盘钩子程序

    键盘钩子是一种技术,允许应用程序在其他进程的上下文中拦截键盘输入,这在某些情况下非常有用,比如开发系统监控工具、输入验证软件或者游戏外挂等。 【描述】提到的"通过API调用来实现"是指开发者使用Windows API...

    VB变态HOOK_API也疯狂.doc

    在本文档"VB变态HOOK_API也疯狂.doc"中,作者探讨了如何使用Visual Basic (VB)实现API钩子(HOOK API)功能,这是一个在编程中用于拦截和修改特定API调用的技术。尽管通常认为VB在这方面的实现不如其他语言如Delphi或...

    VB拦截windows删除文件(API HOOK)

    VB拦截Windows Explorer删除进程,内含API HOOK,源代码:倒霉蛋儿,程序有时候也会窗口勾挂失败!  勾住了SHFileOperation等函数,DLL用Delphi写的C会的太少,查了半天才知道原来explorer是用SHFileOperation删除...

Global site tag (gtag.js) - Google Analytics