一、鍵盤鉤子
Declare Function SetWindowsHookEx Lib "user32" Alias _
"SetWindowsHookExA" (ByVal idHook As Long, ByVal lpfn As Long, _
ByVal hmod As Long, ByVal dwThreadId As Long) As Long
Declare Function UnhookWindowsHookEx Lib "user32" _
(ByVal hHook As Long) As Long
Declare Function CallNextHookEx Lib "user32" (ByVal hHook As Long, _
ByVal ncode As Long, ByVal wParam As Long, lParam As Any) As Long
Public hnexthookproc As Long
Public Const HC_ACTION = 0
Public Const WH_KEYBOARD = 2
Public Sub UnHookKBD()
If hnexthookproc <> 0 Then
UnhookWindowsHookEx hnexthookproc
hnexthookproc = 0
End If
End Sub
Public Function EnableKBDHook()
If hnexthookproc <> 0 Then
Exit Function
End If
hnexthookproc = SetWindowsHookEx(WH_KEYBOARD, AddressOf _
MyKBHFunc, App.hInstance, 0)
If hnexthookproc <> 0 Then
EnableKBDHook = hnexthookproc
End If
End Function
Public Function MyKBHFunc(ByVal iCode As Long, _
ByVal wParam As Long, ByVal lParam As Long) As Long
'這三個參數是固定的,不能動,而MyKBHFunc這個名稱只要和
'SetWindowsHookex()中 AddressOf後的名稱一樣便可,不一定叫什麼
'wParam 是傳入按了哪個key的virtual-key code
'如果您將以下的兩行unmark則所有鍵盤的輸入皆沒有作用
'MyKBHFunc = 1 '吃掉訊息
'Exit Function
MyKBHFunc = 0 '訊息要處理
If iCode < 0 Then
MyKBHFunc = CallNextHookEx(hnexthookproc, iCode, wParam, lParam)
Exit Function
End If
If wParam = vbKeySnapshot Then '偵測 有沒有按到PrintScreen鍵
MyKBHFunc = 1 '在這個Hook便吃掉這個訊息
Debug.Print "haha"
Else
Call CallNextHookEx(hnexthookproc, iCode, wParam, lParam)
End If
End Function
'以下在Form
Private Sub Form_Load()
Call EnableKBDHook
End Sub
Private Sub Form_Unload(Cancel As Integer)
Call UnHookKBD
End Sub
二、Hook簡介
來源:cww
Hook這個東西有時令人又愛又怕,Hook是用來攔截系統某些訊息之用,例如說,我們想讓系統不管在什麼地方只要按個Ctl-B便執行NotePad,或許您會使用Form的KeyPreview,設定為True,但在其他Process中按Ctl-B呢?那就沒有用,這是就得設一個Keyboard Hook來攔截所有Key in的鍵;再如:MouseMove的Event只在該Form或Control上有效,如果希望在Form的外面也能得知Mouse Move的訊息,那只好使用Mouse Hook來欄截Mouse的訊息。再如:您想記錄方才使用者的所有鍵盤動作或Mosue動作,以便錄巨集,那就使用JournalRecordHook,如果想停止所有Mosue鍵盤的動作,而放(執行)巨集,那就使用JournalPlayBack Hook;Hook呢,可以是整個系統為範圍(Remote Hook),即其他Process的動作您也可以攔截,也可以是LocalHook,它的攔截範圍只有Process本身。Remote Hook的Hook Function要在.Dll之中,Local Hook則在.Bas中。
在VB如何設定Hook呢?使用SetWindowsHookEx()
Declare Function SetWindowsHookEx Lib "user32" Alias "SetWindowsHookExA" _
(ByVal idHook As Long, _
ByVal lpfn As Long, _
ByVal hmod As Long, _
ByVal dwThreadId As Long) As Long
idHook代表是何種Hook,有以下幾種
Public Const WH_CALLWNDPROC = 4
Public Const WH_CALLWNDPROCRET = 12
Public Const WH_CBT = 5
Public Const WH_DEBUG = 9
Public Const WH_FOREGROUNDIDLE = 11
Public Const WH_GETMESSAGE = 3
Public Const WH_HARDWARE = 8
Public Const WH_JOURNALPLAYBACK = 1
Public Const WH_JOURNALRECORD = 0
Public Const WH_KEYBOARD = 2
Public Const WH_MOUSE = 7
Public Const WH_MSGFILTER = (-1)
Public Const WH_SHELL = 10
Public Const WH_SYSMSGFILTER = 6
lpfn代表Hook Function所在的Address,這是一個CallBack Fucnction,當掛上某個
Hook時,我們便得定義一個Function來當作某個訊息產生時,來處理它的Function,這個Hook Function有一定的參數格式
Private Function HookFunc(ByVal nCode As Long, _
ByVal wParam As Long, _
ByVal lParam As Long ) As Long
nCode 代表是什麼請況之下所產生的Hook,隨Hook的不同而有不同組的可能值 wParam lParam 傳回值則隨Hook的種類和nCode的值之不同而不同。 因這個參數是一個 Function的Address所以我們固定將Hook Function放在.Bas中, 並以AddressOf HookFunc傳入。至於Hook Function的名稱我們可以任意給定,不一定叫 HookFunc
hmod 代表.DLL的hInstance,如果是Local Hook,該值可以是Null(VB中可傳0進去), 而如果是Remote Hook,則可以使用GetModuleHandle(".dll名稱")來傳入。
dwThreadId 代表執行這個Hook的ThreadId,如果不設定是那個Thread來做,則傳0(所以一般來說,Remote Hook傳0進去),而VB的Local Hook一般可傳App.ThreadId進去
值回值 如果SetWindowsHookEx()成功,它會傳回一個值,代表目前的Hook的Handle, 這個值要記錄下來。
因為A程式可以有一個System Hook(Remote Hook),如KeyBoard Hook,而B程式也來設一個Remote的KeyBoard Hook,那麼到底KeyBoard的訊息誰所攔截?答案是,最後的那一個所攔截,也就是說A先做keyboard Hook,而後B才做,那訊息被B攔截,那A呢?就看B的Hook Function如何做。如果B想讓A的Hook Function也得這個訊息,那B就得呼叫CallNextHookEx()將這訊息Pass給A,於是產生Hook的一個連線。如果B中不想Pass這訊息給A,那就不要呼叫CallNextHookEx()。
Declare Function CallNextHookEx Lib "user32" Alias "CallNextHookEx" _
(ByVal hHook As Long, _
ByVal ncode As Long, _
ByVal wParam As Long, _
lParam As Any) As Long
hHook值是SetWindowsHookEx()的傳回值,nCode, wParam, lParam則是Hook Procedure 中的三個參數。
最後是將這Hook去除掉,請呼叫UnHookWindowHookEx()
Declare Function UnhookWindowsHookEx Lib "user32" Alias "UnhookWindowsHookEx" _
(ByVal hHook As Long) As Long
hHook便是SetWindowsHookEx()的傳回值。此時,以上例來說,B程式結束Hook,則換A可以直接攔截訊息。
KeyBoard Hook的範例
Hook Function的三個參數
nCode wParam lParam 傳回值
=========== ========================== ============== ================
HC_ACTION 表按鍵Virtual Key 與WM_KEYDOWN同 若訊息要被處理傳0
或 反之傳1
HC_NOREMOVE
Public hHook as Long
Public Sub UnHookKBD()
If hnexthookproc <> 0 Then
UnhookWindowsHookEx hHook
hHook = 0
End If
End Sub
Public Function EnableKBDHook()
If hHook <> 0 Then
Exit Function
End If
hhook = SetWindowsHookEx(WH_KEYBOARD, AddressOf _
MyKBHFunc, App.hInstance, App.ThreadId)
End Function
Public Function MyKBHFunc(ByVal iCode As Long, _
ByVal wParam As Long, ByVal lParam As Long) As Long
MyKBHfunc = 0 '表示要處理這個訊息
If wParam = vbKeySnapshot Then '偵測 有沒有按到PrintScreen鍵
MyKBHFunc = 1 '在這個Hook便吃掉這個訊息
End If
Call CallNextHookEx(hHook, iCode, wParam, lParam) '傳給下一個Hook
End Function
至於其他的 Hook的詳細資料與nCode,wParam, lParam的意義,請查Win32 Help
或Windows 95: A Developer's Guide (Jeffrey Richter著)(中譯本:
基峰 李書良譯 侯俊傑總監 Windows95程式設計指南)
Declare Function SetWindowsHookEx Lib "user32" Alias _
"SetWindowsHookExA" (ByVal idHook As Long, ByVal lpfn As Long, _
ByVal hmod As Long, ByVal dwThreadId As Long) As Long
Declare Function UnhookWindowsHookEx Lib "user32" _
(ByVal hHook As Long) As Long
Declare Function CallNextHookEx Lib "user32" (ByVal hHook As Long, _
ByVal ncode As Long, ByVal wParam As Long, lParam As Any) As Long
Public hnexthookproc As Long
Public Const HC_ACTION = 0
Public Const WH_KEYBOARD = 2
Public Sub UnHookKBD()
If hnexthookproc <> 0 Then
UnhookWindowsHookEx hnexthookproc
hnexthookproc = 0
End If
End Sub
Public Function EnableKBDHook()
If hnexthookproc <> 0 Then
Exit Function
End If
hnexthookproc = SetWindowsHookEx(WH_KEYBOARD, AddressOf _
MyKBHFunc, App.hInstance, 0)
If hnexthookproc <> 0 Then
EnableKBDHook = hnexthookproc
End If
End Function
Public Function MyKBHFunc(ByVal iCode As Long, _
ByVal wParam As Long, ByVal lParam As Long) As Long
'這三個參數是固定的,不能動,而MyKBHFunc這個名稱只要和
'SetWindowsHookex()中 AddressOf後的名稱一樣便可,不一定叫什麼
'wParam 是傳入按了哪個key的virtual-key code
'如果您將以下的兩行unmark則所有鍵盤的輸入皆沒有作用
'MyKBHFunc = 1 '吃掉訊息
'Exit Function
MyKBHFunc = 0 '訊息要處理
If iCode < 0 Then
MyKBHFunc = CallNextHookEx(hnexthookproc, iCode, wParam, lParam)
Exit Function
End If
If wParam = vbKeySnapshot Then '偵測 有沒有按到PrintScreen鍵
MyKBHFunc = 1 '在這個Hook便吃掉這個訊息
Debug.Print "haha"
Else
Call CallNextHookEx(hnexthookproc, iCode, wParam, lParam)
End If
End Function
'以下在Form
Private Sub Form_Load()
Call EnableKBDHook
End Sub
Private Sub Form_Unload(Cancel As Integer)
Call UnHookKBD
End Sub
二、Hook簡介
來源:cww
Hook這個東西有時令人又愛又怕,Hook是用來攔截系統某些訊息之用,例如說,我們想讓系統不管在什麼地方只要按個Ctl-B便執行NotePad,或許您會使用Form的KeyPreview,設定為True,但在其他Process中按Ctl-B呢?那就沒有用,這是就得設一個Keyboard Hook來攔截所有Key in的鍵;再如:MouseMove的Event只在該Form或Control上有效,如果希望在Form的外面也能得知Mouse Move的訊息,那只好使用Mouse Hook來欄截Mouse的訊息。再如:您想記錄方才使用者的所有鍵盤動作或Mosue動作,以便錄巨集,那就使用JournalRecordHook,如果想停止所有Mosue鍵盤的動作,而放(執行)巨集,那就使用JournalPlayBack Hook;Hook呢,可以是整個系統為範圍(Remote Hook),即其他Process的動作您也可以攔截,也可以是LocalHook,它的攔截範圍只有Process本身。Remote Hook的Hook Function要在.Dll之中,Local Hook則在.Bas中。
在VB如何設定Hook呢?使用SetWindowsHookEx()
Declare Function SetWindowsHookEx Lib "user32" Alias "SetWindowsHookExA" _
(ByVal idHook As Long, _
ByVal lpfn As Long, _
ByVal hmod As Long, _
ByVal dwThreadId As Long) As Long
idHook代表是何種Hook,有以下幾種
Public Const WH_CALLWNDPROC = 4
Public Const WH_CALLWNDPROCRET = 12
Public Const WH_CBT = 5
Public Const WH_DEBUG = 9
Public Const WH_FOREGROUNDIDLE = 11
Public Const WH_GETMESSAGE = 3
Public Const WH_HARDWARE = 8
Public Const WH_JOURNALPLAYBACK = 1
Public Const WH_JOURNALRECORD = 0
Public Const WH_KEYBOARD = 2
Public Const WH_MOUSE = 7
Public Const WH_MSGFILTER = (-1)
Public Const WH_SHELL = 10
Public Const WH_SYSMSGFILTER = 6
lpfn代表Hook Function所在的Address,這是一個CallBack Fucnction,當掛上某個
Hook時,我們便得定義一個Function來當作某個訊息產生時,來處理它的Function,這個Hook Function有一定的參數格式
Private Function HookFunc(ByVal nCode As Long, _
ByVal wParam As Long, _
ByVal lParam As Long ) As Long
nCode 代表是什麼請況之下所產生的Hook,隨Hook的不同而有不同組的可能值 wParam lParam 傳回值則隨Hook的種類和nCode的值之不同而不同。 因這個參數是一個 Function的Address所以我們固定將Hook Function放在.Bas中, 並以AddressOf HookFunc傳入。至於Hook Function的名稱我們可以任意給定,不一定叫 HookFunc
hmod 代表.DLL的hInstance,如果是Local Hook,該值可以是Null(VB中可傳0進去), 而如果是Remote Hook,則可以使用GetModuleHandle(".dll名稱")來傳入。
dwThreadId 代表執行這個Hook的ThreadId,如果不設定是那個Thread來做,則傳0(所以一般來說,Remote Hook傳0進去),而VB的Local Hook一般可傳App.ThreadId進去
值回值 如果SetWindowsHookEx()成功,它會傳回一個值,代表目前的Hook的Handle, 這個值要記錄下來。
因為A程式可以有一個System Hook(Remote Hook),如KeyBoard Hook,而B程式也來設一個Remote的KeyBoard Hook,那麼到底KeyBoard的訊息誰所攔截?答案是,最後的那一個所攔截,也就是說A先做keyboard Hook,而後B才做,那訊息被B攔截,那A呢?就看B的Hook Function如何做。如果B想讓A的Hook Function也得這個訊息,那B就得呼叫CallNextHookEx()將這訊息Pass給A,於是產生Hook的一個連線。如果B中不想Pass這訊息給A,那就不要呼叫CallNextHookEx()。
Declare Function CallNextHookEx Lib "user32" Alias "CallNextHookEx" _
(ByVal hHook As Long, _
ByVal ncode As Long, _
ByVal wParam As Long, _
lParam As Any) As Long
hHook值是SetWindowsHookEx()的傳回值,nCode, wParam, lParam則是Hook Procedure 中的三個參數。
最後是將這Hook去除掉,請呼叫UnHookWindowHookEx()
Declare Function UnhookWindowsHookEx Lib "user32" Alias "UnhookWindowsHookEx" _
(ByVal hHook As Long) As Long
hHook便是SetWindowsHookEx()的傳回值。此時,以上例來說,B程式結束Hook,則換A可以直接攔截訊息。
KeyBoard Hook的範例
Hook Function的三個參數
nCode wParam lParam 傳回值
=========== ========================== ============== ================
HC_ACTION 表按鍵Virtual Key 與WM_KEYDOWN同 若訊息要被處理傳0
或 反之傳1
HC_NOREMOVE
Public hHook as Long
Public Sub UnHookKBD()
If hnexthookproc <> 0 Then
UnhookWindowsHookEx hHook
hHook = 0
End If
End Sub
Public Function EnableKBDHook()
If hHook <> 0 Then
Exit Function
End If
hhook = SetWindowsHookEx(WH_KEYBOARD, AddressOf _
MyKBHFunc, App.hInstance, App.ThreadId)
End Function
Public Function MyKBHFunc(ByVal iCode As Long, _
ByVal wParam As Long, ByVal lParam As Long) As Long
MyKBHfunc = 0 '表示要處理這個訊息
If wParam = vbKeySnapshot Then '偵測 有沒有按到PrintScreen鍵
MyKBHFunc = 1 '在這個Hook便吃掉這個訊息
End If
Call CallNextHookEx(hHook, iCode, wParam, lParam) '傳給下一個Hook
End Function
至於其他的 Hook的詳細資料與nCode,wParam, lParam的意義,請查Win32 Help
或Windows 95: A Developer's Guide (Jeffrey Richter著)(中譯本:
基峰 李書良譯 侯俊傑總監 Windows95程式設計指南)
浙公网安备 33010602011771号