Hook高手看过来,我的这个思路可行吗?请指点(50分)

zzy9903 · 2003-09-25

[

][

] 我想作个木马,监视记录程序的运行,我的想法是这样的: 作一个全局Hook,监视窗口建立消息(如WM_CREATE),如果有窗口建立,则检测窗口,如果符合条件就进行一系列操作,不知到我的这个想法是否可行. 我按照上面的想法作了个dl,可是没有我要的效果,不知到是怎么回事,请大虾们给予指点,谢谢了

ego · 2003-09-25

用WH_SHELL钩子可以得到窗体建立的消息HSHELL_WINDOWCREATED，窗体destroy的消息是HSHELL_WINDOWDESTROYED

zzy9903 · 2003-09-25

哦,原来是这样阿,回去试试

zzy9903 · 2003-09-25

呜呜～～还是不好用阿，高手帮我看看我的代码对不对好吗？？ unit winhook; interface uses Windows,Messages,Dialogs; var hNextHookProc : HHook; //ocSaveExit : Pointer; function WindowCreate(iCode : Integer;wParam : WPARAM;lParam : LPARAM) : LRESULT; stdcall ; export; function EnableWinHook():BOOL;export; function DisableWinHook():BOOL;export; implementation function WindowCreate(iCode : Integer;wParam : WPARAM;lParam : LPARAM) : LRESULT; stdcall ; export; begin   Result :=0;   if iCode <0 then   begin     Result :=CallNextHookEx(hNextHookProc,iCode,wParam,lParam);     Exit;   end;   if wParam = HSHELL_WINDOWCREATED then   begin     showmessage('A Window Has Been Created');     messagebeep(0);   end;   if wParam = HSHELL_WINDOWDESTROYED then   begin     showmessage('A Window Has Been Destroyed');     messagebeep(0);   end; end; function EnableWinHook():BOOL;export; begin   Result:=False;   if hNextHookProc <> 0 then exit;   hNextHookProc:=SetWindowsHookEx(WH_SHELL,WindowCreate,Hinstance,0);   showmessage('Program Is Runing');   Result:=hNextHookProc <> 0 ; end; function DisableWinHook():BOOL;export; begin   if hNextHookPRoc <> 0 then   begin     UnhookWindowshookEx(hNextHookProc);     hNextHookProc:=0;     Messagebeep(0);   end;   Result:=hNextHookPRoc=0; end; end.

ego · 2003-09-26

怎么不好用？下面的DLL是我以前写的测试，可以钩到那两个消息，你参考一下吧。 MsgHook.dpr -------------------------------------------------------- library MsgHook; uses windows, Messages; var   hNextHookProc: HHook;   procSaveExit: Pointer;   iReceiver, iFormCreateMsg, iFormDestroyMsg:integer;   pAppHandle: pInteger;   HMapFile:THandle; function MousePosHookHandler(iCode: Integer; wParam: WPARAM; lParam: LPARAM): LRESULT; stdcall; begin   if iCode < 0 then     Result := CallNextHookEx(hNextHookProc, iCode, wParam, lParam)   else   begin     if iCode = HSHELL_WINDOWCREATED then //窗体Create消息       SendMessage(pAppHandle^, iFormCreateMsg, wParam, 0)     else if iCode = HSHELL_WINDOWDESTROYED then //窗体destroy消息       SendMessage(pAppHandle^, iFormDestroyMsg, wParam, 0);     Result := 0;   end; end; function EnableMouseHook(hld:hwnd): BOOL; export; //激活钩子 begin   Result := False;   pAppHandle^ := hld;   if hNextHookProc <> 0 then Exit;   hNextHookProc := SetWindowsHookEx(WH_SHELL, MousePosHookHandler,Hinstance, 0);   Result :=hNextHookProc <> 0 ; end; function DisableMouseHook: BOOL; export; //禁止钩子 begin   if hNextHookProc <> 0 then   begin     UnhookWindowshookEx(hNextHookProc);     hNextHookProc := 0;   end;   Result := hNextHookProc = 0; end; procedure MouseHookExit; begin   if hNextHookProc <> 0 then DisableMouseHook;   ExitProc := procSaveExit; end; procedure MapCommonData; //共享内存，用来与调用它的App交换数据 var FirstCall: Boolean; begin   HMapFile:=OpenFileMapping(FILE_MAP_WRITE, False, 'CommonData');   FirstCall:=(HMapFile = 0);   if FirstCall then     HMapFile:=CreateFileMapping($FFFFFFFF, nil, PAGE_READWRITE, 0, SizeOf(pInteger), 'CommonData');   new(pAppHandle);   pAppHandle := MapViewOfFile(hMapFile, file_map_write, 0, 0, 0);   if FirstCall then FillChar(pAppHandle^, SizeOf(pInteger), 0); end; procedure IntoDll; stdcall; begin   iFormCreateMsg := RegisterWindowMessage('FormCreateMsg');   iFormDestroyMsg := RegisterWindowMessage('FormDestroyMsg');   iReceiver:=0; end; exports   EnableMouseHook,  DisableMouseHook; begin   InToDll;   MapCommonData;   hNextHookProc := 0;   procSaveExit := ExitProc;   ExitProc := @MouseHookExit; end.

zzy9903 · 2003-10-07

接受答案了.

Hook高手看过来,我的这个思路可行吗?请指点(50分)

zzy9903

Unregistered / Unconfirmed

ego

Unregistered / Unconfirmed

zzy9903

Unregistered / Unconfirmed

zzy9903

Unregistered / Unconfirmed

ego

Unregistered / Unconfirmed

zzy9903

Unregistered / Unconfirmed

Similar threads