EasyHook实现
using System;
using System.Runtime.InteropServices;
using System.Windows.Forms;
using System.Collections.Generic;
using System.Diagnostics; namespace EasyHook
{
public enum HookType
{
WH_MSGFILTER = -,
WH_JOURNALRECORD = ,
WH_JOURNALPLAYBACK = ,
WH_KEYBOARD = ,
WH_GETMESSAGE = ,
WH_CALLWNDPROC = ,
WH_CBT = ,
WH_SYSMSGFILTER = ,
WH_MOUSE = ,
WH_DEBUG = ,
WH_SHELL = ,
WH_FOREGROUNDIDLE = ,
WH_CALLWNDPROCRET = ,
WH_KEYBOARD_LL = ,
WH_MOUSE_LL =
} public class CustomHookProc
{
private CustomHookProc(){}
public delegate void HookProcHandler(int nCode, IntPtr wParam, IntPtr lParam);
} public class HookManager
{
private HookManager(){} static readonly HookManager m_instance = new HookManager();
Dictionary<HookType, _HookProc> m_hooks = new Dictionary<HookType, _HookProc>(); public static HookManager Instance
{
get { return m_instance; }
} public void RegisterHook(HookType a_eHookType, CustomHookProc.HookProcHandler a_pHookProc)
{
if(!m_hooks.ContainsKey(a_eHookType))
{
m_hooks.Add(a_eHookType, new _HookProc(a_eHookType, a_pHookProc));
}
else
{
throw new Exception(string.Format("{0} already exist!", a_eHookType.ToString()));
}
}
public void Unregister(HookType a_eHookType)
{
m_hooks.Remove(a_eHookType);
}
} class _HookProc
{
#region "Declare API for Hook"
[DllImport("user32.dll", CharSet = CharSet.Auto,
CallingConvention = CallingConvention.StdCall)]
static extern int SetWindowsHookEx(int idHook, _HookProcHandler lpfn,
IntPtr hInstance, int threadId); [DllImport("user32.dll", CharSet = CharSet.Auto,
CallingConvention = CallingConvention.StdCall)]
static extern bool UnhookWindowsHookEx(int idHook); [DllImport("user32.dll", CharSet = CharSet.Auto,
CallingConvention = CallingConvention.StdCall)]
static extern int CallNextHookEx(int idHook, int nCode,
IntPtr wParam, IntPtr lParam); [DllImport("kernel32.dll")]
static extern int GetCurrentThreadId();
#endregion #region "Hook Proc"
int MyHookProc(int nCode, IntPtr wParam, IntPtr lParam)
{
if (m_CustomHookProc != null)
m_CustomHookProc(nCode, wParam, lParam);
return CallNextHookEx(m_HookHandle, nCode, wParam, lParam);
}
#endregion CustomHookProc.HookProcHandler m_CustomHookProc;
delegate int _HookProcHandler(int nCode, IntPtr wParam, IntPtr lParam);
_HookProcHandler m_KbdHookProc;
int m_HookHandle = ; public _HookProc(HookType a_eHookType, CustomHookProc.HookProcHandler a_pHookProc)
{
m_CustomHookProc = a_pHookProc;
m_KbdHookProc = new _HookProcHandler(MyHookProc);
m_HookHandle = SetWindowsHookEx((int)a_eHookType, m_KbdHookProc, IntPtr.Zero, GetCurrentThreadId());
if (m_HookHandle == )
{
throw new Exception(string.Format("Hook {0} to {1} Error:{2}", a_eHookType.ToString(), a_pHookProc.ToString(), Marshal.GetLastWin32Error()));
}
}
~_HookProc()
{
UnhookWindowsHookEx(m_HookHandle);
Debug.WriteLine(Marshal.GetLastWin32Error());
m_HookHandle = ;
}
}
}
EasyHook
using System;
using System.Runtime.InteropServices;
using System.Windows.Forms; namespace EasyHook
{
public class KeyboardInfo
{
private KeyboardInfo() { }
[DllImport("user32")]
private static extern short GetKeyState(int vKey);
public static KeyStateInfo GetKeyState(Keys key)
{
int vkey = (int)key;
if (key == Keys.Alt)
{
vkey = 0x12; // VK_ALT
}
short keyState = GetKeyState(vkey);
byte[] bits = BitConverter.GetBytes(keyState);
bool toggled = bits[] > , pressed = bits[] > ;
return new KeyStateInfo(key, pressed, toggled);
}
} public struct KeyStateInfo
{
Keys m_key;
bool m_isPressed,
m_isToggled;
public KeyStateInfo(Keys key,
bool ispressed,
bool istoggled)
{
m_key = key;
m_isPressed = ispressed;
m_isToggled = istoggled;
}
public static KeyStateInfo Default
{
get
{
return new KeyStateInfo(Keys.None, false, false);
}
}
public Keys Key
{
get { return m_key; }
}
public bool IsPressed
{
get { return m_isPressed; }
}
public bool IsToggled
{
get { return m_isToggled; }
}
}
}
KeyboardInfo
using System.Runtime.InteropServices; namespace EasyHook
{
[StructLayout(LayoutKind.Sequential)]
public class POINT
{
public int x;
public int y;
} [StructLayout(LayoutKind.Sequential)]
public class MouseHookStruct
{
public POINT pt;
public int hwnd;
public int wHitTestCode;
public int dwExtraInfo;
}
}
MouseHookStruct
Usage:
public partial class Form1 : Form
{
public Form1()
{
InitializeComponent();
} private void Form1_Load(object sender, EventArgs e)
{
HookManager.Instance.RegisterHook(HookType.WH_KEYBOARD, new CustomHookProc.HookProcHandler(KeyboardHookProc));
HookManager.Instance.RegisterHook(HookType.WH_MOUSE, new CustomHookProc.HookProcHandler(MouseHookProc));
}
void KeyboardHookProc(int nCode, IntPtr wParam, IntPtr lParam)
{
KeyStateInfo ctrlKey = KeyboardInfo.GetKeyState(Keys.ControlKey);
KeyStateInfo altKey = KeyboardInfo.GetKeyState(Keys.Alt);
KeyStateInfo shiftKey = KeyboardInfo.GetKeyState(Keys.ShiftKey);
KeyStateInfo f8Key = KeyboardInfo.GetKeyState(Keys.F8); if (ctrlKey.IsPressed)
{
Console.WriteLine("Ctrl Pressed!");
}
if (altKey.IsPressed)
{
Console.WriteLine("Alt Pressed!");
}
if (shiftKey.IsPressed)
{
Console.WriteLine("Shift Pressed!");
}
if (f8Key.IsPressed)
{
Console.WriteLine("F8 Pressed!");
}
} void MouseHookProc(int nCode, IntPtr wParam, IntPtr lParam)
{
MouseHookStruct MyMouseHookStruct = (MouseHookStruct)Marshal.PtrToStructure(lParam, typeof(MouseHookStruct)); if (nCode >= )
{
String strCaption = "x = " +
MyMouseHookStruct.pt.x.ToString("d") +
" y = " +
MyMouseHookStruct.pt.y.ToString("d");
Form tempForm = Form.ActiveForm; tempForm.Text = strCaption;
}
}
}
EasyHook实现的更多相关文章
- 转:EasyHook远程代码注入
EasyHook远程代码注入 最近一段时间由于使用MinHook的API挂钩不稳定,经常因为挂钩地址错误而导致宿主进程崩溃.听同事介绍了一款智能强大的挂钩引擎EasyHook.它比微软的detours ...
- EasyHook远注简单监控示例 z
http://www.csdn 123.com/html/itweb/20130827/83559_83558_83544.htm 免费开源库EasyHook(inline hook),下面是下载地址 ...
- easyHOOK socket send recv
代码比较简单,就不做注释了. 包含一个sockethookinject.DLL 和sockethook.exe 有一点不清楚, SetExclusiveACL可以添加当前线程的hook, 但是eas ...
- C# Hook原理及EasyHook简易教程
前言 在说C# Hook之前,我们先来说说什么是Hook技术.相信大家都接触过外挂,不管是修改游戏客户端的也好,盗取密码的也罢,它们都是如何实现的呢? 实际上,Windows平台是基于事件驱动机制的, ...
- C# EasyHook MessageBox 示例(极简而全)
完整代码,原创无藏私,绝对实用.Windows10 X64 下调试通过,对 w3wp.exe, sqlserver.exe,notepad.exe,iexporer.exe 注入后,长时间运行稳定,未 ...
- EasyHook远程进程注入并hook api的实现
EasyHook远程进程注入并hook api的实现 http://blog.csdn.net/v6543210/article/details/44276155
- 丢弃昂贵的Detours Professional 3.0,使用免费强大的EasyHook
我们要先看看微软官方的著名HOOK库: Detours Professional 3.0 售价:US$9,999.95 功能列表: Detours 3.0 includes the following ...
- EasyHook实用指南
所谓实用指南就是全是干货,没那么多虚头巴脑的东西,真正要用的人会发现对自己有用的东西,浅尝辄止的人看起来会不知所云. FileMon自己实做的过程中遇到的问题: 1. exe和dll文件必须强命名,对 ...
- EasyHook库系列使用教程之四钩子的启动与停止
此文的产生花费了大量时间对EasyHook进行深入了解同一时候參考了大量文档 先来简单比較一下EasyHook与Detour钩取后程序流程 Detours:钩取API函数后.产生两个地址,一个地址相应 ...
随机推荐
- vs自己主动生成的WebService配置文件在部署到IIs6后,服务调用失败的解决方法
近日.在项目中须要引用java公布的WebService,加入服务引用后,调用一切正常. 配置例如以下: <system.serviceModel> <bindings> &l ...
- hibernate整合进spring后的事务处理
单独使用hibernate处理事务 本来只用hibernate开发,从而可以省了DAO层实现数据库访问和跨数据库,也可以对代码进行更好的封装,当我们web中单独使用hibernate时,我们需要单独的 ...
- e739. 创建一个标签组件
// The text is left-justified and vertically centered JLabel label = new JLabel("Text Label&quo ...
- CI框架 -- 核心文件 之 Input.php(输入数据处理文件)
class CI_Input { //用户ip地址 protected $ip_address = FALSE; //用户浏览器地址 protected $user_agent = FALSE; // ...
- Kubeadm 安装
version 1.7.0 已解决: echo "1" > /proc/sys/net/bridge/bridge-nf-call-iptables error: faile ...
- 安装drools workbench
从drools官网下载tomcat7版本的Drools Tomcat 7+ WAR, Workbench,实际就是一个war包,需要严格按照里面的readme的要求,配置好tomcat才可以运行起来 ...
- 【WP8】Uri关联启动第三方App
在WP8中支持启动第三方应用程序,比如在App1中可以打开App2,你可以在你的应用程序中直接打开QQ,也可以让其他开发者调用你的APP,例如:软件盒子 下面演示被调用方和调用方的使用方法,新建两个项 ...
- KSImageNamed项目图片智能提示
下载地址:https://github.com/ksuther/KSImageNamed-Xcode PS:如果在插件未更新到支持Xcode 6.3.2的情况下,要在Xcode 6.3.2中使用,需要 ...
- 【CTR】各公司方法
LR + 海量高纬离散特征 GBDT + 少量低纬连续特征 (Yahoo & Bing) GBDT + LR (FaceBook) FM + DNN (百度凤巢) MLR (阿里妈妈) FTR ...
- 最新Java面试题及答案整理
基础篇 一.基本功 面向对象特征 封装,继承,多态和抽象 1. 封装 封装给对象提供了隐藏内部特性和行为的能力.对象提供一些能被其他对象访问的方法来改变它内部的数据.在 Java 当中,有 3 种修饰 ...