EasyHook实现
using System;
using System.Runtime.InteropServices;
using System.Windows.Forms;
using System.Collections.Generic;
using System.Diagnostics; namespace EasyHook
{
public enum HookType
{
WH_MSGFILTER = -,
WH_JOURNALRECORD = ,
WH_JOURNALPLAYBACK = ,
WH_KEYBOARD = ,
WH_GETMESSAGE = ,
WH_CALLWNDPROC = ,
WH_CBT = ,
WH_SYSMSGFILTER = ,
WH_MOUSE = ,
WH_DEBUG = ,
WH_SHELL = ,
WH_FOREGROUNDIDLE = ,
WH_CALLWNDPROCRET = ,
WH_KEYBOARD_LL = ,
WH_MOUSE_LL =
} public class CustomHookProc
{
private CustomHookProc(){}
public delegate void HookProcHandler(int nCode, IntPtr wParam, IntPtr lParam);
} public class HookManager
{
private HookManager(){} static readonly HookManager m_instance = new HookManager();
Dictionary<HookType, _HookProc> m_hooks = new Dictionary<HookType, _HookProc>(); public static HookManager Instance
{
get { return m_instance; }
} public void RegisterHook(HookType a_eHookType, CustomHookProc.HookProcHandler a_pHookProc)
{
if(!m_hooks.ContainsKey(a_eHookType))
{
m_hooks.Add(a_eHookType, new _HookProc(a_eHookType, a_pHookProc));
}
else
{
throw new Exception(string.Format("{0} already exist!", a_eHookType.ToString()));
}
}
public void Unregister(HookType a_eHookType)
{
m_hooks.Remove(a_eHookType);
}
} class _HookProc
{
#region "Declare API for Hook"
[DllImport("user32.dll", CharSet = CharSet.Auto,
CallingConvention = CallingConvention.StdCall)]
static extern int SetWindowsHookEx(int idHook, _HookProcHandler lpfn,
IntPtr hInstance, int threadId); [DllImport("user32.dll", CharSet = CharSet.Auto,
CallingConvention = CallingConvention.StdCall)]
static extern bool UnhookWindowsHookEx(int idHook); [DllImport("user32.dll", CharSet = CharSet.Auto,
CallingConvention = CallingConvention.StdCall)]
static extern int CallNextHookEx(int idHook, int nCode,
IntPtr wParam, IntPtr lParam); [DllImport("kernel32.dll")]
static extern int GetCurrentThreadId();
#endregion #region "Hook Proc"
int MyHookProc(int nCode, IntPtr wParam, IntPtr lParam)
{
if (m_CustomHookProc != null)
m_CustomHookProc(nCode, wParam, lParam);
return CallNextHookEx(m_HookHandle, nCode, wParam, lParam);
}
#endregion CustomHookProc.HookProcHandler m_CustomHookProc;
delegate int _HookProcHandler(int nCode, IntPtr wParam, IntPtr lParam);
_HookProcHandler m_KbdHookProc;
int m_HookHandle = ; public _HookProc(HookType a_eHookType, CustomHookProc.HookProcHandler a_pHookProc)
{
m_CustomHookProc = a_pHookProc;
m_KbdHookProc = new _HookProcHandler(MyHookProc);
m_HookHandle = SetWindowsHookEx((int)a_eHookType, m_KbdHookProc, IntPtr.Zero, GetCurrentThreadId());
if (m_HookHandle == )
{
throw new Exception(string.Format("Hook {0} to {1} Error:{2}", a_eHookType.ToString(), a_pHookProc.ToString(), Marshal.GetLastWin32Error()));
}
}
~_HookProc()
{
UnhookWindowsHookEx(m_HookHandle);
Debug.WriteLine(Marshal.GetLastWin32Error());
m_HookHandle = ;
}
}
}
EasyHook
using System;
using System.Runtime.InteropServices;
using System.Windows.Forms; namespace EasyHook
{
public class KeyboardInfo
{
private KeyboardInfo() { }
[DllImport("user32")]
private static extern short GetKeyState(int vKey);
public static KeyStateInfo GetKeyState(Keys key)
{
int vkey = (int)key;
if (key == Keys.Alt)
{
vkey = 0x12; // VK_ALT
}
short keyState = GetKeyState(vkey);
byte[] bits = BitConverter.GetBytes(keyState);
bool toggled = bits[] > , pressed = bits[] > ;
return new KeyStateInfo(key, pressed, toggled);
}
} public struct KeyStateInfo
{
Keys m_key;
bool m_isPressed,
m_isToggled;
public KeyStateInfo(Keys key,
bool ispressed,
bool istoggled)
{
m_key = key;
m_isPressed = ispressed;
m_isToggled = istoggled;
}
public static KeyStateInfo Default
{
get
{
return new KeyStateInfo(Keys.None, false, false);
}
}
public Keys Key
{
get { return m_key; }
}
public bool IsPressed
{
get { return m_isPressed; }
}
public bool IsToggled
{
get { return m_isToggled; }
}
}
}
KeyboardInfo
using System.Runtime.InteropServices; namespace EasyHook
{
[StructLayout(LayoutKind.Sequential)]
public class POINT
{
public int x;
public int y;
} [StructLayout(LayoutKind.Sequential)]
public class MouseHookStruct
{
public POINT pt;
public int hwnd;
public int wHitTestCode;
public int dwExtraInfo;
}
}
MouseHookStruct
Usage:
public partial class Form1 : Form
{
public Form1()
{
InitializeComponent();
} private void Form1_Load(object sender, EventArgs e)
{
HookManager.Instance.RegisterHook(HookType.WH_KEYBOARD, new CustomHookProc.HookProcHandler(KeyboardHookProc));
HookManager.Instance.RegisterHook(HookType.WH_MOUSE, new CustomHookProc.HookProcHandler(MouseHookProc));
}
void KeyboardHookProc(int nCode, IntPtr wParam, IntPtr lParam)
{
KeyStateInfo ctrlKey = KeyboardInfo.GetKeyState(Keys.ControlKey);
KeyStateInfo altKey = KeyboardInfo.GetKeyState(Keys.Alt);
KeyStateInfo shiftKey = KeyboardInfo.GetKeyState(Keys.ShiftKey);
KeyStateInfo f8Key = KeyboardInfo.GetKeyState(Keys.F8); if (ctrlKey.IsPressed)
{
Console.WriteLine("Ctrl Pressed!");
}
if (altKey.IsPressed)
{
Console.WriteLine("Alt Pressed!");
}
if (shiftKey.IsPressed)
{
Console.WriteLine("Shift Pressed!");
}
if (f8Key.IsPressed)
{
Console.WriteLine("F8 Pressed!");
}
} void MouseHookProc(int nCode, IntPtr wParam, IntPtr lParam)
{
MouseHookStruct MyMouseHookStruct = (MouseHookStruct)Marshal.PtrToStructure(lParam, typeof(MouseHookStruct)); if (nCode >= )
{
String strCaption = "x = " +
MyMouseHookStruct.pt.x.ToString("d") +
" y = " +
MyMouseHookStruct.pt.y.ToString("d");
Form tempForm = Form.ActiveForm; tempForm.Text = strCaption;
}
}
}
EasyHook实现的更多相关文章
- 转:EasyHook远程代码注入
EasyHook远程代码注入 最近一段时间由于使用MinHook的API挂钩不稳定,经常因为挂钩地址错误而导致宿主进程崩溃.听同事介绍了一款智能强大的挂钩引擎EasyHook.它比微软的detours ...
- EasyHook远注简单监控示例 z
http://www.csdn 123.com/html/itweb/20130827/83559_83558_83544.htm 免费开源库EasyHook(inline hook),下面是下载地址 ...
- easyHOOK socket send recv
代码比较简单,就不做注释了. 包含一个sockethookinject.DLL 和sockethook.exe 有一点不清楚, SetExclusiveACL可以添加当前线程的hook, 但是eas ...
- C# Hook原理及EasyHook简易教程
前言 在说C# Hook之前,我们先来说说什么是Hook技术.相信大家都接触过外挂,不管是修改游戏客户端的也好,盗取密码的也罢,它们都是如何实现的呢? 实际上,Windows平台是基于事件驱动机制的, ...
- C# EasyHook MessageBox 示例(极简而全)
完整代码,原创无藏私,绝对实用.Windows10 X64 下调试通过,对 w3wp.exe, sqlserver.exe,notepad.exe,iexporer.exe 注入后,长时间运行稳定,未 ...
- EasyHook远程进程注入并hook api的实现
EasyHook远程进程注入并hook api的实现 http://blog.csdn.net/v6543210/article/details/44276155
- 丢弃昂贵的Detours Professional 3.0,使用免费强大的EasyHook
我们要先看看微软官方的著名HOOK库: Detours Professional 3.0 售价:US$9,999.95 功能列表: Detours 3.0 includes the following ...
- EasyHook实用指南
所谓实用指南就是全是干货,没那么多虚头巴脑的东西,真正要用的人会发现对自己有用的东西,浅尝辄止的人看起来会不知所云. FileMon自己实做的过程中遇到的问题: 1. exe和dll文件必须强命名,对 ...
- EasyHook库系列使用教程之四钩子的启动与停止
此文的产生花费了大量时间对EasyHook进行深入了解同一时候參考了大量文档 先来简单比較一下EasyHook与Detour钩取后程序流程 Detours:钩取API函数后.产生两个地址,一个地址相应 ...
随机推荐
- DevExpress控件安装和初次使用图解
安装: 解压后包含这么多东东.执行选中的那个: watermark/2/text/aHR0cDovL2Jsb2cuY3Nkbi5uZXQv/font/5a6L5L2T/fontsize/400/fil ...
- shell将字符串分隔成数组
#!/bin/bash a="hello,world,nice,to,meet,you" #要将$a分割开,先存储旧的分隔符 OLD_IFS="$IFS" #设 ...
- 多选下拉框带搜索(aps.net)
自己写了一个带搜索功能的多选下拉框,为了要获取值,就没有封装插件,实现思路 1.一个文本框 做搜索 2.一个文本框显示选中文本,一个隐藏控件存值 3.一个div里面绑定CheckBoxList控件(这 ...
- os.walk函数
import os# g = os.walk("D:\aaa") for i in os.walk(R"D:\aaa"): print(i)#执行结果如下('D ...
- 逐行分析jQuery源码
注意:本次源码分析选择2.0.3(因为不支持IE6.7.8,就少了很多兼容的hack的写法,对了解jQuery的实现原理有很大的帮助) 1.jQuery有不同的版本,从2.x版本便不再支持IE6.7. ...
- CodeWarrior WarningC12056
C12056:SP debug info incorrect because of optimization or inline assemble 该warning是代码最优化时(common cod ...
- 微信小程序——wxParse使用方法
wxParse是一个微信小程序富文本解析组件.现在小程序里面自带了一个<rich-text>组件也能解析富文本,但是表现不尽人意.所以我还是采用的wxParse来解析富文本的. wxPar ...
- Java设计模式(12)迭代模式(Iterator模式)
上了这么多年学,我发现一个问题,好象老师都很喜欢点名,甚至点名都成了某些老师的嗜好,一日不点名,就饭吃不香,觉睡不好似的,我就觉得很奇怪,你的课要是讲的好,同学又怎么会不来听课呢,殊不知:“误人子弟, ...
- 【转】【Mac】invalid active developer path (/Library/Developer/CommandLineTools), missing xcrun at: /Library
异常原因 我在昨天升级了 macOX Sierra,悲剧的是,今天我发现git命令无法执行,homebrew也无法使用,这种情景我在升级OS X El Capitan也遇到过一次,完整异常提示如下: ...
- JSP之应用Servlet过滤器进行身份验证
1.Servlet过滤器的作用描述(1)在HttpServletRequest到达Servlet 之前,拦截客户的HttpServletRequest. 根据需要检查HttpServletReques ...