EasyHook实现
using System;
using System.Runtime.InteropServices;
using System.Windows.Forms;
using System.Collections.Generic;
using System.Diagnostics; namespace EasyHook
{
public enum HookType
{
WH_MSGFILTER = -,
WH_JOURNALRECORD = ,
WH_JOURNALPLAYBACK = ,
WH_KEYBOARD = ,
WH_GETMESSAGE = ,
WH_CALLWNDPROC = ,
WH_CBT = ,
WH_SYSMSGFILTER = ,
WH_MOUSE = ,
WH_DEBUG = ,
WH_SHELL = ,
WH_FOREGROUNDIDLE = ,
WH_CALLWNDPROCRET = ,
WH_KEYBOARD_LL = ,
WH_MOUSE_LL =
} public class CustomHookProc
{
private CustomHookProc(){}
public delegate void HookProcHandler(int nCode, IntPtr wParam, IntPtr lParam);
} public class HookManager
{
private HookManager(){} static readonly HookManager m_instance = new HookManager();
Dictionary<HookType, _HookProc> m_hooks = new Dictionary<HookType, _HookProc>(); public static HookManager Instance
{
get { return m_instance; }
} public void RegisterHook(HookType a_eHookType, CustomHookProc.HookProcHandler a_pHookProc)
{
if(!m_hooks.ContainsKey(a_eHookType))
{
m_hooks.Add(a_eHookType, new _HookProc(a_eHookType, a_pHookProc));
}
else
{
throw new Exception(string.Format("{0} already exist!", a_eHookType.ToString()));
}
}
public void Unregister(HookType a_eHookType)
{
m_hooks.Remove(a_eHookType);
}
} class _HookProc
{
#region "Declare API for Hook"
[DllImport("user32.dll", CharSet = CharSet.Auto,
CallingConvention = CallingConvention.StdCall)]
static extern int SetWindowsHookEx(int idHook, _HookProcHandler lpfn,
IntPtr hInstance, int threadId); [DllImport("user32.dll", CharSet = CharSet.Auto,
CallingConvention = CallingConvention.StdCall)]
static extern bool UnhookWindowsHookEx(int idHook); [DllImport("user32.dll", CharSet = CharSet.Auto,
CallingConvention = CallingConvention.StdCall)]
static extern int CallNextHookEx(int idHook, int nCode,
IntPtr wParam, IntPtr lParam); [DllImport("kernel32.dll")]
static extern int GetCurrentThreadId();
#endregion #region "Hook Proc"
int MyHookProc(int nCode, IntPtr wParam, IntPtr lParam)
{
if (m_CustomHookProc != null)
m_CustomHookProc(nCode, wParam, lParam);
return CallNextHookEx(m_HookHandle, nCode, wParam, lParam);
}
#endregion CustomHookProc.HookProcHandler m_CustomHookProc;
delegate int _HookProcHandler(int nCode, IntPtr wParam, IntPtr lParam);
_HookProcHandler m_KbdHookProc;
int m_HookHandle = ; public _HookProc(HookType a_eHookType, CustomHookProc.HookProcHandler a_pHookProc)
{
m_CustomHookProc = a_pHookProc;
m_KbdHookProc = new _HookProcHandler(MyHookProc);
m_HookHandle = SetWindowsHookEx((int)a_eHookType, m_KbdHookProc, IntPtr.Zero, GetCurrentThreadId());
if (m_HookHandle == )
{
throw new Exception(string.Format("Hook {0} to {1} Error:{2}", a_eHookType.ToString(), a_pHookProc.ToString(), Marshal.GetLastWin32Error()));
}
}
~_HookProc()
{
UnhookWindowsHookEx(m_HookHandle);
Debug.WriteLine(Marshal.GetLastWin32Error());
m_HookHandle = ;
}
}
}
EasyHook
using System;
using System.Runtime.InteropServices;
using System.Windows.Forms; namespace EasyHook
{
public class KeyboardInfo
{
private KeyboardInfo() { }
[DllImport("user32")]
private static extern short GetKeyState(int vKey);
public static KeyStateInfo GetKeyState(Keys key)
{
int vkey = (int)key;
if (key == Keys.Alt)
{
vkey = 0x12; // VK_ALT
}
short keyState = GetKeyState(vkey);
byte[] bits = BitConverter.GetBytes(keyState);
bool toggled = bits[] > , pressed = bits[] > ;
return new KeyStateInfo(key, pressed, toggled);
}
} public struct KeyStateInfo
{
Keys m_key;
bool m_isPressed,
m_isToggled;
public KeyStateInfo(Keys key,
bool ispressed,
bool istoggled)
{
m_key = key;
m_isPressed = ispressed;
m_isToggled = istoggled;
}
public static KeyStateInfo Default
{
get
{
return new KeyStateInfo(Keys.None, false, false);
}
}
public Keys Key
{
get { return m_key; }
}
public bool IsPressed
{
get { return m_isPressed; }
}
public bool IsToggled
{
get { return m_isToggled; }
}
}
}
KeyboardInfo
using System.Runtime.InteropServices; namespace EasyHook
{
[StructLayout(LayoutKind.Sequential)]
public class POINT
{
public int x;
public int y;
} [StructLayout(LayoutKind.Sequential)]
public class MouseHookStruct
{
public POINT pt;
public int hwnd;
public int wHitTestCode;
public int dwExtraInfo;
}
}
MouseHookStruct
Usage:
public partial class Form1 : Form
{
public Form1()
{
InitializeComponent();
} private void Form1_Load(object sender, EventArgs e)
{
HookManager.Instance.RegisterHook(HookType.WH_KEYBOARD, new CustomHookProc.HookProcHandler(KeyboardHookProc));
HookManager.Instance.RegisterHook(HookType.WH_MOUSE, new CustomHookProc.HookProcHandler(MouseHookProc));
}
void KeyboardHookProc(int nCode, IntPtr wParam, IntPtr lParam)
{
KeyStateInfo ctrlKey = KeyboardInfo.GetKeyState(Keys.ControlKey);
KeyStateInfo altKey = KeyboardInfo.GetKeyState(Keys.Alt);
KeyStateInfo shiftKey = KeyboardInfo.GetKeyState(Keys.ShiftKey);
KeyStateInfo f8Key = KeyboardInfo.GetKeyState(Keys.F8); if (ctrlKey.IsPressed)
{
Console.WriteLine("Ctrl Pressed!");
}
if (altKey.IsPressed)
{
Console.WriteLine("Alt Pressed!");
}
if (shiftKey.IsPressed)
{
Console.WriteLine("Shift Pressed!");
}
if (f8Key.IsPressed)
{
Console.WriteLine("F8 Pressed!");
}
} void MouseHookProc(int nCode, IntPtr wParam, IntPtr lParam)
{
MouseHookStruct MyMouseHookStruct = (MouseHookStruct)Marshal.PtrToStructure(lParam, typeof(MouseHookStruct)); if (nCode >= )
{
String strCaption = "x = " +
MyMouseHookStruct.pt.x.ToString("d") +
" y = " +
MyMouseHookStruct.pt.y.ToString("d");
Form tempForm = Form.ActiveForm; tempForm.Text = strCaption;
}
}
}
EasyHook实现的更多相关文章
- 转:EasyHook远程代码注入
EasyHook远程代码注入 最近一段时间由于使用MinHook的API挂钩不稳定,经常因为挂钩地址错误而导致宿主进程崩溃.听同事介绍了一款智能强大的挂钩引擎EasyHook.它比微软的detours ...
- EasyHook远注简单监控示例 z
http://www.csdn 123.com/html/itweb/20130827/83559_83558_83544.htm 免费开源库EasyHook(inline hook),下面是下载地址 ...
- easyHOOK socket send recv
代码比较简单,就不做注释了. 包含一个sockethookinject.DLL 和sockethook.exe 有一点不清楚, SetExclusiveACL可以添加当前线程的hook, 但是eas ...
- C# Hook原理及EasyHook简易教程
前言 在说C# Hook之前,我们先来说说什么是Hook技术.相信大家都接触过外挂,不管是修改游戏客户端的也好,盗取密码的也罢,它们都是如何实现的呢? 实际上,Windows平台是基于事件驱动机制的, ...
- C# EasyHook MessageBox 示例(极简而全)
完整代码,原创无藏私,绝对实用.Windows10 X64 下调试通过,对 w3wp.exe, sqlserver.exe,notepad.exe,iexporer.exe 注入后,长时间运行稳定,未 ...
- EasyHook远程进程注入并hook api的实现
EasyHook远程进程注入并hook api的实现 http://blog.csdn.net/v6543210/article/details/44276155
- 丢弃昂贵的Detours Professional 3.0,使用免费强大的EasyHook
我们要先看看微软官方的著名HOOK库: Detours Professional 3.0 售价:US$9,999.95 功能列表: Detours 3.0 includes the following ...
- EasyHook实用指南
所谓实用指南就是全是干货,没那么多虚头巴脑的东西,真正要用的人会发现对自己有用的东西,浅尝辄止的人看起来会不知所云. FileMon自己实做的过程中遇到的问题: 1. exe和dll文件必须强命名,对 ...
- EasyHook库系列使用教程之四钩子的启动与停止
此文的产生花费了大量时间对EasyHook进行深入了解同一时候參考了大量文档 先来简单比較一下EasyHook与Detour钩取后程序流程 Detours:钩取API函数后.产生两个地址,一个地址相应 ...
随机推荐
- ubuntu14.04 64位JDK安装
1 官网下载jdk http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html jdk-8u ...
- JSON常见操作
1.JSON---> 字符串:JSON.stringify(json) 看如下代码: let json={"orderId":"E2018081400181122& ...
- SparkR(R on Spark)编程指南 含 dataframe操作
SparkR(R on Spark)编程指南 Spark 2015-06-09 28155 1评论 下载为PDF 为什么不允许复制 关注iteblog_hadoop公众号,并在这里评论区留言 ...
- javascript完美实现图片拖动改变顺序
在web页面中,需要改变多个元素的位置,可以通过元素拖动来实现.HTML5中加入了一个全局属性draggable,通过设置true/false来控制元素是否可拖动. 下面以图片拖动为例,用jQuery ...
- What is "found.000" ? How to deal with it?
最近在ubuntu系统中发现双系统的win盘中有一些文件夹,名字是“found.000”,甚是疑惑,遂查而记之. found.000文件夹里面的一些后缀名为CHK的文件是你在使用“磁盘碎片整理程序”整 ...
- python __getattr__
1.__getattr__ 方法的作用:当调用不存在的属性,就会调用__getattr__()方法: 当一般位置找不到attribute的时候,会调用getattr,返回一个值或AttributeEr ...
- (笔记)Mysql命令use:使用数据库
use命令可以让我们来使用数据库. use命令格式: use <数据库名>; 例如,如果xhkdb数据库存在,尝试存取它: mysql> use xhkdb;屏幕提示:Datab ...
- linux下locale中的各环境变量的含义
本文来自:http://blog.sina.com.cn/s/blog_406127500101dk26.html Locale是软件在运行时的语言环境, 它包括语言(Language), 地域 (T ...
- 第三百五十七节,Python分布式爬虫打造搜索引擎Scrapy精讲—利用开源的scrapy-redis编写分布式爬虫代码
第三百五十七节,Python分布式爬虫打造搜索引擎Scrapy精讲—利用开源的scrapy-redis编写分布式爬虫代码 scrapy-redis是一个可以scrapy结合redis搭建分布式爬虫的开 ...
- MyBatis环境配置及入门
Mybatis 开发环境搭建,选择: MyEclipse8.5 版本,mysql 5.5, jdk 1.8, mybatis3.2.3.jar 包.这些软件工具均可以到各自的官方网站上下载. 整个过程 ...