In this article, we have analyzed the concept of hooks in Yi Language in detail and the difference between HOOK and APIHOOK.
Hook The original English name Hook, hook means intercept or intercept. The function is to intercept the interactive data in the program, first pass through our predetermined hook processing interface program, and then return it to the original processor, or simply block it, eat this data, so that the original processor can get nothing.
The hook was originally used by Windows operating systems to check whether some data communicated between the system and the program reached the target. It was not passed on. Later, with the research of some experts, these secret technologies were gradually discovered and published. At the same time, more people have mastered these technologies and used them in their own software development to achieve unexpected tricks and surpass other similar software functions to win the market. . There are many types of hook technology.
The HOOK API and HOOK technology are completely different. Even though they are all hooks. The HOOK hook is a message, which intercepts the message before the system passes it to the application, and then performs operations, or modifyes the message, or stops the message delivery;
The HOOK API intercepts the application's call to the system API. It intercepts this call action before the application's call to the system API, allowing it to call the function we defined (the content may be to perform some operations before calling the original system API).
Regarding HOOK technology, Microsoft provides us with ready-made APIs with fixed usage steps.
As for HOOK API technology, Microsoft did not provide us with similar APIs, and there were not so concise steps for our reference. Perhaps because Microsoft did not want us to use such means to program, it was relatively troublesome.
The hook function of WINDOWS can be considered as one of the main features of WINDOWS. Using them, you can capture events that occur in your own or other processes. With "hook", you can give WINDOWS a callback function that handles or filters events, also called the "hook function", which will be called by WINDOWS every time an event you are interested in. There are two types of hooks: local and remote.
Local hooks only hook events for your own process.
Remote hooks can also hook events that occur in other processes. There are two types of remote hooks:
Thread-based It will capture events from a specific thread in other processes. In short, it can be used to observe events that will occur in a specific thread in other processes.
System-wide will capture events that will occur to all processes in the system. When you create a hook, WINDOWS will first create a data structure in memory that contains the relevant information of the hook, and then add the structure to the existing hook link list. New hooks will be added to the old front. When an event occurs, if you install a local hook, the hook function in your process will be called. If it is a remote hook, the system must insert the hook function into the address space of other processes. To achieve this, the hook function must be in a dynamic link library. Therefore, if you want to use a remote hook, you must put the hook function in the dynamic link library. Of course there are two exceptions: the work log hook and the work log playback hook. The hook functions of these two hooks must be in the thread where the hook is installed. The reason is: these two hooks are used to monitor and compare the underlying hardware events. Since they are recording and playback, all events are of course in sequence. So if the callback function is placed in the DLL, the input events are recorded in several threads, so we cannot guarantee the correct order. Therefore, the solution is: put the hook function into a single thread, such as the thread that installs the hook.
There are 14 types of hooks, and the following is the time when they are called:
WH_CALLWNDPROC When SendMessage is called
WH_CALLWNDPROCRET When the call to SendMessage returns
WH_GETMESSAGE When calling GetMessage or PeekMessage
WH_KEYBOARD When calling GetMessage or PeekMessage to query WM_KEYUP or WM_KEYDOWN messages from the message queue
WH_MOUSE When calling GetMessage or PeekMessage to query mouse event messages from the message queue
WH_HARDWARE When calling GetMessage or PeekMessage to query non-mouse or keyboard messages from message queues
WH_MSGFILTER When a dialog box, menu, or scroll bar is about to process a message. The hook is local. It is designed for control objects that have their own message processing procedures.
WH_SYSMSGFILTER is just system-wide
WH_JOURNALRECORD When WINDOWS gets a message from a hardware queue
WH_JOURNALPLAYBACK When an event is requested from the system's hardware input queue
WH_SHELL When a WINDOWS shell event occurs, for example, the task bar needs to re-draw its button.
WH_CBT When a computer-based training (CBT) event occurs
WH_FOREGROUNDIDLE is used by WINDOWS itself, and is rarely used by general applications.
WH_DEBUG is used to debug the hook function