EasyHook实现
using System;
using System.Runtime.InteropServices;
using System.Windows.Forms;
using System.Collections.Generic;
using System.Diagnostics; namespace EasyHook
{
public enum HookType
{
WH_MSGFILTER = -,
WH_JOURNALRECORD = ,
WH_JOURNALPLAYBACK = ,
WH_KEYBOARD = ,
WH_GETMESSAGE = ,
WH_CALLWNDPROC = ,
WH_CBT = ,
WH_SYSMSGFILTER = ,
WH_MOUSE = ,
WH_DEBUG = ,
WH_SHELL = ,
WH_FOREGROUNDIDLE = ,
WH_CALLWNDPROCRET = ,
WH_KEYBOARD_LL = ,
WH_MOUSE_LL =
} public class CustomHookProc
{
private CustomHookProc(){}
public delegate void HookProcHandler(int nCode, IntPtr wParam, IntPtr lParam);
} public class HookManager
{
private HookManager(){} static readonly HookManager m_instance = new HookManager();
Dictionary<HookType, _HookProc> m_hooks = new Dictionary<HookType, _HookProc>(); public static HookManager Instance
{
get { return m_instance; }
} public void RegisterHook(HookType a_eHookType, CustomHookProc.HookProcHandler a_pHookProc)
{
if(!m_hooks.ContainsKey(a_eHookType))
{
m_hooks.Add(a_eHookType, new _HookProc(a_eHookType, a_pHookProc));
}
else
{
throw new Exception(string.Format("{0} already exist!", a_eHookType.ToString()));
}
}
public void Unregister(HookType a_eHookType)
{
m_hooks.Remove(a_eHookType);
}
} class _HookProc
{
#region "Declare API for Hook"
[DllImport("user32.dll", CharSet = CharSet.Auto,
CallingConvention = CallingConvention.StdCall)]
static extern int SetWindowsHookEx(int idHook, _HookProcHandler lpfn,
IntPtr hInstance, int threadId); [DllImport("user32.dll", CharSet = CharSet.Auto,
CallingConvention = CallingConvention.StdCall)]
static extern bool UnhookWindowsHookEx(int idHook); [DllImport("user32.dll", CharSet = CharSet.Auto,
CallingConvention = CallingConvention.StdCall)]
static extern int CallNextHookEx(int idHook, int nCode,
IntPtr wParam, IntPtr lParam); [DllImport("kernel32.dll")]
static extern int GetCurrentThreadId();
#endregion #region "Hook Proc"
int MyHookProc(int nCode, IntPtr wParam, IntPtr lParam)
{
if (m_CustomHookProc != null)
m_CustomHookProc(nCode, wParam, lParam);
return CallNextHookEx(m_HookHandle, nCode, wParam, lParam);
}
#endregion CustomHookProc.HookProcHandler m_CustomHookProc;
delegate int _HookProcHandler(int nCode, IntPtr wParam, IntPtr lParam);
_HookProcHandler m_KbdHookProc;
int m_HookHandle = ; public _HookProc(HookType a_eHookType, CustomHookProc.HookProcHandler a_pHookProc)
{
m_CustomHookProc = a_pHookProc;
m_KbdHookProc = new _HookProcHandler(MyHookProc);
m_HookHandle = SetWindowsHookEx((int)a_eHookType, m_KbdHookProc, IntPtr.Zero, GetCurrentThreadId());
if (m_HookHandle == )
{
throw new Exception(string.Format("Hook {0} to {1} Error:{2}", a_eHookType.ToString(), a_pHookProc.ToString(), Marshal.GetLastWin32Error()));
}
}
~_HookProc()
{
UnhookWindowsHookEx(m_HookHandle);
Debug.WriteLine(Marshal.GetLastWin32Error());
m_HookHandle = ;
}
}
}
EasyHook
using System;
using System.Runtime.InteropServices;
using System.Windows.Forms; namespace EasyHook
{
public class KeyboardInfo
{
private KeyboardInfo() { }
[DllImport("user32")]
private static extern short GetKeyState(int vKey);
public static KeyStateInfo GetKeyState(Keys key)
{
int vkey = (int)key;
if (key == Keys.Alt)
{
vkey = 0x12; // VK_ALT
}
short keyState = GetKeyState(vkey);
byte[] bits = BitConverter.GetBytes(keyState);
bool toggled = bits[] > , pressed = bits[] > ;
return new KeyStateInfo(key, pressed, toggled);
}
} public struct KeyStateInfo
{
Keys m_key;
bool m_isPressed,
m_isToggled;
public KeyStateInfo(Keys key,
bool ispressed,
bool istoggled)
{
m_key = key;
m_isPressed = ispressed;
m_isToggled = istoggled;
}
public static KeyStateInfo Default
{
get
{
return new KeyStateInfo(Keys.None, false, false);
}
}
public Keys Key
{
get { return m_key; }
}
public bool IsPressed
{
get { return m_isPressed; }
}
public bool IsToggled
{
get { return m_isToggled; }
}
}
}
KeyboardInfo
using System.Runtime.InteropServices; namespace EasyHook
{
[StructLayout(LayoutKind.Sequential)]
public class POINT
{
public int x;
public int y;
} [StructLayout(LayoutKind.Sequential)]
public class MouseHookStruct
{
public POINT pt;
public int hwnd;
public int wHitTestCode;
public int dwExtraInfo;
}
}
MouseHookStruct
Usage:
public partial class Form1 : Form
{
public Form1()
{
InitializeComponent();
} private void Form1_Load(object sender, EventArgs e)
{
HookManager.Instance.RegisterHook(HookType.WH_KEYBOARD, new CustomHookProc.HookProcHandler(KeyboardHookProc));
HookManager.Instance.RegisterHook(HookType.WH_MOUSE, new CustomHookProc.HookProcHandler(MouseHookProc));
}
void KeyboardHookProc(int nCode, IntPtr wParam, IntPtr lParam)
{
KeyStateInfo ctrlKey = KeyboardInfo.GetKeyState(Keys.ControlKey);
KeyStateInfo altKey = KeyboardInfo.GetKeyState(Keys.Alt);
KeyStateInfo shiftKey = KeyboardInfo.GetKeyState(Keys.ShiftKey);
KeyStateInfo f8Key = KeyboardInfo.GetKeyState(Keys.F8); if (ctrlKey.IsPressed)
{
Console.WriteLine("Ctrl Pressed!");
}
if (altKey.IsPressed)
{
Console.WriteLine("Alt Pressed!");
}
if (shiftKey.IsPressed)
{
Console.WriteLine("Shift Pressed!");
}
if (f8Key.IsPressed)
{
Console.WriteLine("F8 Pressed!");
}
} void MouseHookProc(int nCode, IntPtr wParam, IntPtr lParam)
{
MouseHookStruct MyMouseHookStruct = (MouseHookStruct)Marshal.PtrToStructure(lParam, typeof(MouseHookStruct)); if (nCode >= )
{
String strCaption = "x = " +
MyMouseHookStruct.pt.x.ToString("d") +
" y = " +
MyMouseHookStruct.pt.y.ToString("d");
Form tempForm = Form.ActiveForm; tempForm.Text = strCaption;
}
}
}
EasyHook实现的更多相关文章
- 转:EasyHook远程代码注入
EasyHook远程代码注入 最近一段时间由于使用MinHook的API挂钩不稳定,经常因为挂钩地址错误而导致宿主进程崩溃.听同事介绍了一款智能强大的挂钩引擎EasyHook.它比微软的detours ...
- EasyHook远注简单监控示例 z
http://www.csdn 123.com/html/itweb/20130827/83559_83558_83544.htm 免费开源库EasyHook(inline hook),下面是下载地址 ...
- easyHOOK socket send recv
代码比较简单,就不做注释了. 包含一个sockethookinject.DLL 和sockethook.exe 有一点不清楚, SetExclusiveACL可以添加当前线程的hook, 但是eas ...
- C# Hook原理及EasyHook简易教程
前言 在说C# Hook之前,我们先来说说什么是Hook技术.相信大家都接触过外挂,不管是修改游戏客户端的也好,盗取密码的也罢,它们都是如何实现的呢? 实际上,Windows平台是基于事件驱动机制的, ...
- C# EasyHook MessageBox 示例(极简而全)
完整代码,原创无藏私,绝对实用.Windows10 X64 下调试通过,对 w3wp.exe, sqlserver.exe,notepad.exe,iexporer.exe 注入后,长时间运行稳定,未 ...
- EasyHook远程进程注入并hook api的实现
EasyHook远程进程注入并hook api的实现 http://blog.csdn.net/v6543210/article/details/44276155
- 丢弃昂贵的Detours Professional 3.0,使用免费强大的EasyHook
我们要先看看微软官方的著名HOOK库: Detours Professional 3.0 售价:US$9,999.95 功能列表: Detours 3.0 includes the following ...
- EasyHook实用指南
所谓实用指南就是全是干货,没那么多虚头巴脑的东西,真正要用的人会发现对自己有用的东西,浅尝辄止的人看起来会不知所云. FileMon自己实做的过程中遇到的问题: 1. exe和dll文件必须强命名,对 ...
- EasyHook库系列使用教程之四钩子的启动与停止
此文的产生花费了大量时间对EasyHook进行深入了解同一时候參考了大量文档 先来简单比較一下EasyHook与Detour钩取后程序流程 Detours:钩取API函数后.产生两个地址,一个地址相应 ...
随机推荐
- js在IE与firefox的差别。。。
1.firefox不能对innerText支持.firefox支持innerHTML但却不支持innerText,它支持textContent来实现innerText,不过默认把多余的空格也保留了.如 ...
- Python __str__函数
class Cat: def __init__(self,_name): self.name = _name def __str__(self): return "i am %s" ...
- 2、QT分析之QPushButton的初始化
原文地址:http://blog.163.com/net_worm/blog/static/127702419201001003326522/ 在简单的QT程序的第二行,声明了一个QPushButto ...
- 通过用户名、密码提交的方式搭建私有git服务端
1. 系统环境 centos git yum -y install git 2).创建属于自己的git库 mkdir /myGit git init --bare xiangyun.git 3). 添 ...
- 详解SQLServer如何链接远程MySQL数据库
最近遇到“SQL如何链接远程MySQL”这个问题,现在问题终于解决,特把方法贴出来:(我所用的操作系统是Win7,数据库是SQL2005.) 1.在SQL SERVER服务器上安装MYSQL ODBC ...
- CI框架 -- 自动加载资源
CodeIgniter 的"自动加载"特性可以允许系统每次运行时自动初始化类库.辅助函数和模型. 如果你需要在整个应用程序中全局使用某些资源,为方便起见可以考虑自动加载它们. 支持 ...
- POI导出Word插入复选框
POI功能比较强大,但是有些不常用功能比如插入特殊符号,不知道API怎么调用 Word里要插入复选框,首先想到的是POI有没有提供现成的API,搜了一番,貌似都说不直接支持 http://stacko ...
- Lombok简化Java代码的好工具
lombok 的官方网址:http://projectlombok.org/ 关于lombok 的介绍,有几篇帖子,写得都很好 比如 http://www.blogjava.net/fancydeep ...
- 每天一个linux命令:mkdir命令
linux mkdir 命令用来创建指定的名称的目录,要求创建目录的用户在当前目录中具有写权限,并且指定的目录名不能是当前目录中已有的目录. 1.命令格式: mkdir [选项] 目录... 2.命令 ...
- SharePoint 2013 地址栏_layouts/15/start.aspx#
大家在使用SharePoint2013的时候是否发现,地址栏中显示的URL不再变得友好,多出这么一段“_layouts/15/start.aspx#”,怎么看怎么别扭. 如果要取消这段路径的显示,需要 ...