5,388
社区成员
发帖
与我相关
我的任务
分享想学win9x,nt,w2k下进程的深度隐藏吗?来这里吧.......................
利用windows的一个*.dll御截漏洞,可以实现在win9x,nt,w2k下进程的深度隐藏,按CTRL+ALT+DEL看不到,用终极防线也看不到,这是我的最新发现,想和大家一起讨论,
我已实现了这一功能,源程在http://njhhack.freehomepages.com/source/hideproc.zip
我的oicq:10772919
e-mail:njhhack@21cn.com
homepage:hotsky.363.net
我已实现了这一功能,源程在http://njhhack.freehomepages.com/source/hideproc.zip
我的oicq:10772919
e-mail:njhhack@21cn.com
homepage:hotsky.363.net
...全文
请发表友善的回复…
发表回复
njhhack 2001-11-04
- 打赏
- 举报
呵呵,这两个方法都不好,我最近想了个更好的方法,:))))
jk3278jk 2001-11-02
- 打赏
- 举报
http://njhhack.freehomepages.com/source/hideproc.zip
killhs 2001-11-02
- 打赏
- 举报
你要获得高端住留可用VXD...
你要HideProcess可挂住Process32Next...之流的涵数
你要HideProcess可挂住Process32Next...之流的涵数
njhhack 2001-10-29
- 打赏
- 举报
操作系统有了还做不是重复劳动吗?
8341 2001-10-24
- 打赏
- 举报
我靠,搞这么多HOOK什么的,钻牛角尖。还自以为有本事,这是中国人的通病。
我在95年以前也搞HOOK,不过是DOS下的HOOK,钩中断,让他先运行我的程序,很有成就
感。可是95一出来,DOS完蛋了,我的那些技术随风而去,TMD!所以我以后再也不钻牛
角尖了。
有本事搞一个操作系统出来,象LINUS先生那样,不要总去钻人家的漏洞啊什么的,印度
人可能没有一个会搞这些,但是人家的软件赚钱!
我在95年以前也搞HOOK,不过是DOS下的HOOK,钩中断,让他先运行我的程序,很有成就
感。可是95一出来,DOS完蛋了,我的那些技术随风而去,TMD!所以我以后再也不钻牛
角尖了。
有本事搞一个操作系统出来,象LINUS先生那样,不要总去钻人家的漏洞啊什么的,印度
人可能没有一个会搞这些,但是人家的软件赚钱!
chendaiyin 2001-10-13
- 打赏
- 举报
有本事就拿出来,不要老是贬别人,XXX很容易,怎么做啊?拿出来看看!
HowardOK 2001-09-16
- 打赏
- 举报
真利害!!!
石榴刺猬 2001-07-06
- 打赏
- 举报
剑影兄台,真是佩服。。。。。
hack2003 2001-07-06
- 打赏
- 举报
我发现bo2k的进程隐藏法太差了,比这种方法差多了
eggplant 2001-06-29
- 打赏
- 举报
BlueTrees(蜗牛),能不能请教一下,如何非常容易的要挂个DLL到IE里头去,而不用得着这么麻烦吗?谢谢了
hack2003 2001-06-28
- 打赏
- 举报
give me cent
sleeepboy 2001-06-27
- 打赏
- 举报
对共享自己心得的各位大侠表示十二分的敬意
考完试一定用心研究!
考完试一定用心研究!
demogorgon 2001-06-24
- 打赏
- 举报
现在像njhhack(剑影)兄这样的人物真是太少了,大家都抱着自己“辛苦”得来的一点点技术不放,看着别人焦头烂额搞不出来,还在边上窃笑,真TMD恶心。你会你就说啊,你不说我们怎么知道?靠!
剑影兄应该出去挣大钱啊,呆在小学校里可惜了.....
剑影兄应该出去挣大钱啊,呆在小学校里可惜了.....
flyingbugs 2001-06-24
- 打赏
- 举报
同意楼上的!!!
BlueTrees 2001-06-24
- 打赏
- 举报
我发现过怎么就没有想到用它做木马呀!可惜,太没有创意了,我说我自己,不过,要挂个DLL到IE里头去用得着这么麻烦吗?
njhhack 2001-06-20
- 打赏
- 举报
to x7913():
兄弟谢谢你对我的理解,看到有些人骂我弱,我真得感到很弱,因为我是菜鸟,但我想我懂的东西别人不一定懂,因此想把我懂的东西让大家共享,我没有别的意思,我没有大的能耐,看到有的兄弟说Delphi下的Hook不好做,所以在下把每个Hook都在Delphi做了一下,觉得没啥问题,而且处理的方法较新颖,拿来让兄弟们探讨,这回我说的是Hook,不是深度进程隐藏,还望各位高人不要骂我弱哟,我好害怕哪,不过上面好多高手说的进程隐藏好象只能在nt,w2k下用,win9x下没这种函数呀,在win9x中有个好办法就是用cih病毒的方法,直接进入ring0级啦,不过太难了呀,哪位高人知道win9x下隐藏的好方法,教我呀,我好想学呀,关于hook问题,有不懂的问我就行,不过有的Hook我只做了个框架,没有具体实用作用,要做的兄弟自已完善就行了,呵呵,代码在下面,自已看啦..........
----------这是*.dll中的单元---------------
unit HookProc;
interface
uses windows,messages,sysutils;
const
HTName:array[1..13] of pchar=(
'CALLWNDPROC','CALLWNDPROCRET','CBT','DEBUG','GETMESSAGE','JOURNALPLAYBACK',
'JOURNALRECORD','KEYBOARD','MOUSE','MSGFILTER','SHELL','SYSMSGFILTER','FOREGROUNDIDLE'
);
function CallWndProc(nCode:integer;wParam:WPARAM;lParam:LPARAM):LRESULT;stdcall;
function CallWndRetProc(nCode:integer;wParam:WPARAM;lParam:LPARAM):LRESULT;stdcall;
function CBTProc(nCode:integer;wParam:WPARAM;lParam:LPARAM):LRESULT;stdcall;
function DebugProc(nCode:integer;wParam:WPARAM;lParam:LPARAM):LRESULT;stdcall;
function GetMsgProc(nCode:integer;wParam:WPARAM;lParam:LPARAM):LRESULT;stdcall;
function JournalPlaybackProc(nCode:integer;wParam:WPARAM;lParam:LPARAM):LRESULT;stdcall;
function JournalRecordProc(nCode:integer;wParam:WPARAM;lParam:LPARAM):LRESULT;stdcall;
function KeyboardProc(nCode:integer;wParam:WPARAM;lParam:LPARAM):LRESULT;stdcall;
function MouseProc(nCode:integer;wParam:WPARAM;lParam:LPARAM):LRESULT;stdcall;
function MessageProc(nCode:integer;wParam:WPARAM;lParam:LPARAM):LRESULT;stdcall;
function ShellProc(nCode:integer;wParam:WPARAM;lParam:LPARAM):LRESULT;stdcall;
function SysMsgProc(nCode:integer;wParam:WPARAM;lParam:LPARAM):LRESULT;stdcall;
function ForegroundIdleProc(nCode:integer;wParam:WPARAM;lParam:LPARAM):LRESULT;stdcall;
implementation
procedure SaveInfo(k:integer;str:string);stdcall;
var
f:textfile;
WorkPath:string;
begin
WorkPath:=ExtractFilePath(ParamStr(0));
assignfile(f,WorkPath+'Records.txt');
if fileexists(WorkPath+'Records.txt')=false then rewrite(f)
else append(f);
//if strcomp(pchar(str),pchar('#13#10'))=0 then writeln(f,'')
//else write(f,str);
writeln(f,HTName[k]+'----'+str);
closefile(f);
end;
function CallWndProc(nCode:integer;wParam:WPARAM;lParam:LPARAM):LRESULT;stdcall;
var
pcs:TCWPSTRUCT;
begin
pcs:=TCWPSTRUCT(PCWPSTRUCT(lParam)^);
if nCode>=0 then
begin
if pcs.message=wm_lbuttonup then
SaveInfo(1,format('hwnd=%x',[pcs.hwnd]));
end;
Result:=CallNextHookEx(0,nCode,wParam,lParam);
end;
//
function CallWndRetProc(nCode:integer;wParam:WPARAM;lParam:LPARAM):LRESULT;stdcall;
begin
Result:=CallNextHookEx(0,nCode,wParam,lParam);
end;
//
function CBTProc(nCode:integer;wParam:WPARAM;lParam:LPARAM):LRESULT;stdcall;
begin
Result:=CallNextHookEx(0,nCode,wParam,lParam);
end;
//
function DebugProc(nCode:integer;wParam:WPARAM;lParam:LPARAM):LRESULT;stdcall;
begin
Result:=CallNextHookEx(0,nCode,wParam,lParam);
end;
//
function GetMsgProc(nCode:integer;wParam:WPARAM;lParam:LPARAM):LRESULT;stdcall;
var
pcs:TMSG;
begin
pcs:=TMSG(PMSG(lParam)^);
if nCode>=0 then
begin
if pcs.message=wm_lbuttonup then
SaveInfo(5,format('hwnd=%x',[pcs.hwnd]));
end;
Result:=CallNextHookEx(0,nCode,wParam,lParam);
end;
//
function JournalPlaybackProc(nCode:integer;wParam:WPARAM;lParam:LPARAM):LRESULT;stdcall;
begin
Result:=CallNextHookEx(0,nCode,wParam,lParam);
end;
//
function JournalRecordProc(nCode:integer;wParam:WPARAM;lParam:LPARAM):LRESULT;stdcall;
begin
Result:=CallNextHookEx(0,nCode,wParam,lParam);
end;
//
function KeyboardProc(nCode:integer;wParam:WPARAM;lParam:LPARAM):LRESULT;stdcall;
begin
Result:=CallNextHookEx(0,nCode,wParam,lParam);
end;
//
function MouseProc(nCode:integer;wParam:WPARAM;lParam:LPARAM):LRESULT;stdcall;
begin
Result:=CallNextHookEx(0,nCode,wParam,lParam);
end;
//
function MessageProc(nCode:integer;wParam:WPARAM;lParam:LPARAM):LRESULT;stdcall;
begin
Result:=CallNextHookEx(0,nCode,wParam,lParam);
end;
//
function ShellProc(nCode:integer;wParam:WPARAM;lParam:LPARAM):LRESULT;stdcall;
begin
Result:=CallNextHookEx(0,nCode,wParam,lParam);
end;
//
function SysMsgProc(nCode:integer;wParam:WPARAM;lParam:LPARAM):LRESULT;stdcall;
begin
Result:=CallNextHookEx(0,nCode,wParam,lParam);
end;
//
function ForegroundIdleProc(nCode:integer;wParam:WPARAM;lParam:LPARAM):LRESULT;stdcall;
begin
Result:=CallNextHookEx(0,nCode,wParam,lParam);
end;
end.
--------这是*.dll主程序------------------
library DemoHook;
uses
windows,messages,sysutils,
HookProc in 'HookProc.pas';
{$r *.res}
const
HookMemFileName='DllHookMemFile.DTA';
HTName:array[1..13] of pchar=(
'CALLWNDPROC','CALLWNDPROCRET','CBT','DEBUG','GETMESSAGE','JOURNALPLAYBACK',
'JOURNALRECORD','KEYBOARD','MOUSE','MSGFILTER','SHELL','SYSMSGFILTER','FOREGROUNDIDLE'
);
type
THookProc = function(nCode:integer;wParam:WPARAM;lParam:LPARAM):LRESULT;stdcall;
PShared=^TShared;
THook = record
HookHand:HHook;
HookType:integer;
HookProc:THookProc;
end;
TShared = record
Hook:array [0..16] of THook;
Father,Self:integer;
Count:integer;
hinst:integer;
end;
TWin = record
Msg:TMsg;
wClass:TWndClass;
hMain:integer;
end;
var
MemFile:THandle;
Shared:PShared;
Win:TWin;
wmhook:integer;
procedure SaveInfo(k:integer;str:string);stdcall;
var
f:textfile;
WorkPath:string;
begin
WorkPath:=ExtractFilePath(ParamStr(0));
assignfile(f,WorkPath+'Records.txt');
if fileexists(WorkPath+'Records.txt')=false then rewrite(f)
else append(f);
//if strcomp(pchar(str),pchar('#13#10'))=0 then writeln(f,'')
//else write(f,str);
writeln(f,HTName[k]+'----'+str);
closefile(f);
end;
procedure InitHookData;
var k:integer;
begin
with Shared^ do
begin
for k:=0 to 14 do Hook[k].HookHand:=0;
//
Hook[0].HookType:=WH_CALLWNDPROC;
Hook[0].HookProc:=@CallWndProc;
//
Hook[1].HookType:=WH_CALLWNDPROCRET;
Hook[1].HookProc:=@CallWndRetProc;
//
Hook[2].HookType:=WH_CBT;
Hook[2].HookProc:=@CBTProc;
//
Hook[3].HookType:=WH_DEBUG;
Hook[3].HookProc:=@DebugProc;
//
Hook[4].HookType:=WH_GETMESSAGE;
Hook[4].HookProc:=@GetMsgProc;
//
Hook[5].HookType:=WH_JOURNALPLAYBACK;
Hook[5].HookProc:=@JournalPlaybackProc;
//
Hook[6].HookType:=WH_JOURNALRECORD;
Hook[6].HookProc:=@JournalRecordProc;
//
Hook[7].HookType:=WH_KEYBOARD;
Hook[7].HookProc:=@KeyboardProc;
//
Hook[8].HookType:=WH_MOUSE;
Hook[8].HookProc:=@MouseProc;
//
Hook[9].HookType:=WH_MSGFILTER;
Hook[9].HookProc:=@MessageProc;
//
Hook[10].HookType:=WH_SHELL ;
Hook[10].HookProc:=@ShellProc;
//
Hook[11].HookType:=WH_SYSMSGFILTER;
Hook[11].HookProc:=@SysMsgProc;
//
Hook[12].HookType:=WH_FOREGROUNDIDLE;
Hook[12].HookProc:=@ForegroundIdleProc;
end;
end;
function SetHook(fSet:boolean;HookId:integer):bool;stdcall;
begin
with shared^ do
if fSet=true then
begin
if Hook[HookId].HookHand=0 then
begin
Hook[HookId].HookHand:=SetWindowsHookEx(Hook[HookId].HookType,Hook[HookId].HookProc,hinstance,0);
if Hook[HookId].HookHand<>0 then Result:=true
else Result:=false;
end else Result:=true;
end else
begin
if Hook[HookId].HookHand<>0 then
begin
if UnhookWindowsHookEx(Hook[HookId].HookHand)=true then
begin
Hook[HookId].HookHand:=0;
Result:=true;
end else Result:=false;
end else Result:=true;
end;
end;
procedure Extro;
begin
UnmapViewOfFile(Shared);
CloseHandle(MemFile);
end;
function WindowProc(hWnd,Msg,wParam,lParam:longint):LRESULT; stdcall;
var k:integer;
begin
Result:=DefWindowProc(hWnd,Msg,wParam,lParam);
case Msg of
wm_destroy:
begin
for k:=0 to 12 do SetHook(False,k);
postmessage(findwindow('WinHook',nil),wm_destroy,0,0);
ExitThread(0);
end;
end;
if msg=wmhook then
begin
if wparam>0 then
begin
if sethook(true,wparam-1)=true then postmessage(findwindow('WinHook',nil),wmhook,wparam,0);
end else
begin
if sethook(false,-wparam-1)=true then postmessage(findwindow('WinHook',nil),wmhook,wparam,0);
end;
end;
end;
procedure run;stdcall;
//var k:integer;
begin
win.wClass.lpfnWndProc:= @WindowProc;
win.wClass.hInstance:= hInstance;
win.wClass.lpszClassName:='WideHook';
RegisterClass(win.wClass);
win.hmain:=CreateWindowEx(ws_ex_toolwindow,win.wClass.lpszClassName,'WideHook',WS_CAPTION,0,0,1,1,0,0,hInstance,nil);
FillChar(Shared^,SizeOf(TShared),0);
shared^.self:=win.hmain;
shared^.hinst:=hinstance;
InitHookData;
wmhook:=registerwindowmessage(pchar('wm_hook'));
while(GetMessage(win.Msg,win.hmain,0,0))do
begin
TranslateMessage(win.Msg);
DispatchMessage(win.Msg);
end;
end;
procedure DllEntryPoint(fdwReason:DWORD);
begin
case fdwReason of
DLL_PROCESS_DETACH:
Extro;
end;
end;
exports run;
begin
//建立内存映象文件,用来保存全局变量
MemFile:=CreateFileMapping($FFFFFFFF,nil,PAGE_READWRITE,0,SizeOf(TShared),HookMemFileName);
Shared:=MapViewOfFile(MemFile,FILE_MAP_WRITE,0,0,0);
DLLProc:=@DllEntryPoint;
end.
---------这是*.exe主程序---------------------------
Program WinHook;
uses windows,messages,sysutils;
{$r *.res} //使用资源文件
const
HTName:array[1..13] of pchar=(
'CALLWNDPROC','CALLWNDPROCRET','CBT','DEBUG','GETMESSAGE','JOURNALPLAYBACK',
'JOURNALRECORD','KEYBOARD','MOUSE','MSGFILTER','SHELL','SYSMSGFILTER','FOREGROUNDIDLE'
);
type
TWin = record
Msg:TMsg;
wClass:TWndClass;
hMain:integer;
hbut,hlab:array[1..16] of integer;
hLib:integer;
HookStat:array[1..16] of bool;
end;
var
Win:TWin; //结构变量
wmhook:integer;
WorkPath:string;
hRun:procedure;stdcall;
//
procedure runhookfun;
begin
win.hlib:=loadlibrary(pchar(WorkPath+'DemoHook.dll'));
if win.hlib=0 then messagebox(win.hmain,'error','',0);
hrun:=GetProcAddress(win.hlib,'run');
if @hrun<>nil then hrun;
end;
procedure runhook;
var tid:integer;
begin
createthread(nil,0,@runhookfun,nil,0,tid);
end;
function WindowProc(hWnd,Msg,wParam,lParam:longint):LRESULT; stdcall;
var k:integer;
begin
case Msg of
WM_SYSCOMMAND:
begin
case wparam of
SC_CLOSE:
begin
if findwindow('WideHook','WideHook')<>0 then postmessage(findwindow('WideHook','WideHook'),wm_destroy,0,0);
end;//showwindow(hwnd,sw_hide);
SC_MINIMIZE:;//showwindow(hwnd,sw_hide);
SC_MAXIMIZE:;
SC_DEFAULT:;
SC_MOVE:;
SC_SIZE:;
//else
//Result := DefWindowProc(hwnd, uMsg, wParam, lParam);
end;
exit;
end;
wm_command:
begin
for k:=1 to 13 do
begin
if (lparam=win.hbut[k]) and ((k=6) or (k=7)) then break;
if lparam=win.hbut[k] then
begin
if win.HookStat[k]=false then postmessage(findwindow('WideHook','WideHook'),wmhook,k,0)
else postmessage(findwindow('WideHook','WideHook'),wmhook,-k,0);
end;
end;
end;
wm_destroy:
begin
freelibrary(win.hlib);
halt;
end;
end;
if msg=wmhook then
begin
if wparam>0 then
begin
setwindowtext(win.hbut[wparam],pchar('stop'));
win.HookStat[wparam]:=true;
end else
begin
setwindowtext(win.hbut[-wparam],pchar('start'));
win.HookStat[-wparam]:=false;
end;
end;
Result:=DefWindowProc(hWnd,Msg,wParam,lParam);
end;
//主程序的执行函数
procedure run;stdcall;
var k:integer;
begin
if findwindow('WinHook',nil)<>0 then exit;
win.wClass.hInstance:= hInstance;
with win.wclass do
begin
hIcon:= LoadIcon(hInstance,'MAINICON');
hCursor:= LoadCursor(0,IDC_ARROW);
hbrBackground:= COLOR_BTNFACE+1;
Style:= CS_PARENTDC;
lpfnWndProc:= @WindowProc;
lpszClassName:='WinHook';
end;
RegisterClass(win.wClass);
win.hmain:=CreateWindow(win.wClass.lpszClassName,'Delphi Hook Demo 2001',WS_VISIBLE or WS_OVERLAPPEDWINDOW,0,0,240,450,0,0,hInstance,nil);
for k:=1 to 13 do
begin
win.hbut[k]:=CreateWindow('BUTTON','Start',WS_VISIBLE or WS_CHILD,10,10+30*(k-1),50,24,win.hmain,0,hInstance,nil);
win.hlab[k]:=CreateWindow('STATIC',HTName[k],WS_VISIBLE or WS_CHILD,70,10+30*(k-1)+4,150,24,win.hmain,0,hInstance,nil);
win.HookStat[k]:=false;
end;
WorkPath:=ExtractFilePath(ParamStr(0));
runhook;
wmhook:=registerwindowmessage(pchar('wm_hook'));
while(GetMessage(win.Msg,win.hmain,0,0)) do
begin
TranslateMessage(win.Msg);
DispatchMessage(win.Msg);
end;
end;
begin
run; //开始运行主程序
end.
兄弟谢谢你对我的理解,看到有些人骂我弱,我真得感到很弱,因为我是菜鸟,但我想我懂的东西别人不一定懂,因此想把我懂的东西让大家共享,我没有别的意思,我没有大的能耐,看到有的兄弟说Delphi下的Hook不好做,所以在下把每个Hook都在Delphi做了一下,觉得没啥问题,而且处理的方法较新颖,拿来让兄弟们探讨,这回我说的是Hook,不是深度进程隐藏,还望各位高人不要骂我弱哟,我好害怕哪,不过上面好多高手说的进程隐藏好象只能在nt,w2k下用,win9x下没这种函数呀,在win9x中有个好办法就是用cih病毒的方法,直接进入ring0级啦,不过太难了呀,哪位高人知道win9x下隐藏的好方法,教我呀,我好想学呀,关于hook问题,有不懂的问我就行,不过有的Hook我只做了个框架,没有具体实用作用,要做的兄弟自已完善就行了,呵呵,代码在下面,自已看啦..........
----------这是*.dll中的单元---------------
unit HookProc;
interface
uses windows,messages,sysutils;
const
HTName:array[1..13] of pchar=(
'CALLWNDPROC','CALLWNDPROCRET','CBT','DEBUG','GETMESSAGE','JOURNALPLAYBACK',
'JOURNALRECORD','KEYBOARD','MOUSE','MSGFILTER','SHELL','SYSMSGFILTER','FOREGROUNDIDLE'
);
function CallWndProc(nCode:integer;wParam:WPARAM;lParam:LPARAM):LRESULT;stdcall;
function CallWndRetProc(nCode:integer;wParam:WPARAM;lParam:LPARAM):LRESULT;stdcall;
function CBTProc(nCode:integer;wParam:WPARAM;lParam:LPARAM):LRESULT;stdcall;
function DebugProc(nCode:integer;wParam:WPARAM;lParam:LPARAM):LRESULT;stdcall;
function GetMsgProc(nCode:integer;wParam:WPARAM;lParam:LPARAM):LRESULT;stdcall;
function JournalPlaybackProc(nCode:integer;wParam:WPARAM;lParam:LPARAM):LRESULT;stdcall;
function JournalRecordProc(nCode:integer;wParam:WPARAM;lParam:LPARAM):LRESULT;stdcall;
function KeyboardProc(nCode:integer;wParam:WPARAM;lParam:LPARAM):LRESULT;stdcall;
function MouseProc(nCode:integer;wParam:WPARAM;lParam:LPARAM):LRESULT;stdcall;
function MessageProc(nCode:integer;wParam:WPARAM;lParam:LPARAM):LRESULT;stdcall;
function ShellProc(nCode:integer;wParam:WPARAM;lParam:LPARAM):LRESULT;stdcall;
function SysMsgProc(nCode:integer;wParam:WPARAM;lParam:LPARAM):LRESULT;stdcall;
function ForegroundIdleProc(nCode:integer;wParam:WPARAM;lParam:LPARAM):LRESULT;stdcall;
implementation
procedure SaveInfo(k:integer;str:string);stdcall;
var
f:textfile;
WorkPath:string;
begin
WorkPath:=ExtractFilePath(ParamStr(0));
assignfile(f,WorkPath+'Records.txt');
if fileexists(WorkPath+'Records.txt')=false then rewrite(f)
else append(f);
//if strcomp(pchar(str),pchar('#13#10'))=0 then writeln(f,'')
//else write(f,str);
writeln(f,HTName[k]+'----'+str);
closefile(f);
end;
function CallWndProc(nCode:integer;wParam:WPARAM;lParam:LPARAM):LRESULT;stdcall;
var
pcs:TCWPSTRUCT;
begin
pcs:=TCWPSTRUCT(PCWPSTRUCT(lParam)^);
if nCode>=0 then
begin
if pcs.message=wm_lbuttonup then
SaveInfo(1,format('hwnd=%x',[pcs.hwnd]));
end;
Result:=CallNextHookEx(0,nCode,wParam,lParam);
end;
//
function CallWndRetProc(nCode:integer;wParam:WPARAM;lParam:LPARAM):LRESULT;stdcall;
begin
Result:=CallNextHookEx(0,nCode,wParam,lParam);
end;
//
function CBTProc(nCode:integer;wParam:WPARAM;lParam:LPARAM):LRESULT;stdcall;
begin
Result:=CallNextHookEx(0,nCode,wParam,lParam);
end;
//
function DebugProc(nCode:integer;wParam:WPARAM;lParam:LPARAM):LRESULT;stdcall;
begin
Result:=CallNextHookEx(0,nCode,wParam,lParam);
end;
//
function GetMsgProc(nCode:integer;wParam:WPARAM;lParam:LPARAM):LRESULT;stdcall;
var
pcs:TMSG;
begin
pcs:=TMSG(PMSG(lParam)^);
if nCode>=0 then
begin
if pcs.message=wm_lbuttonup then
SaveInfo(5,format('hwnd=%x',[pcs.hwnd]));
end;
Result:=CallNextHookEx(0,nCode,wParam,lParam);
end;
//
function JournalPlaybackProc(nCode:integer;wParam:WPARAM;lParam:LPARAM):LRESULT;stdcall;
begin
Result:=CallNextHookEx(0,nCode,wParam,lParam);
end;
//
function JournalRecordProc(nCode:integer;wParam:WPARAM;lParam:LPARAM):LRESULT;stdcall;
begin
Result:=CallNextHookEx(0,nCode,wParam,lParam);
end;
//
function KeyboardProc(nCode:integer;wParam:WPARAM;lParam:LPARAM):LRESULT;stdcall;
begin
Result:=CallNextHookEx(0,nCode,wParam,lParam);
end;
//
function MouseProc(nCode:integer;wParam:WPARAM;lParam:LPARAM):LRESULT;stdcall;
begin
Result:=CallNextHookEx(0,nCode,wParam,lParam);
end;
//
function MessageProc(nCode:integer;wParam:WPARAM;lParam:LPARAM):LRESULT;stdcall;
begin
Result:=CallNextHookEx(0,nCode,wParam,lParam);
end;
//
function ShellProc(nCode:integer;wParam:WPARAM;lParam:LPARAM):LRESULT;stdcall;
begin
Result:=CallNextHookEx(0,nCode,wParam,lParam);
end;
//
function SysMsgProc(nCode:integer;wParam:WPARAM;lParam:LPARAM):LRESULT;stdcall;
begin
Result:=CallNextHookEx(0,nCode,wParam,lParam);
end;
//
function ForegroundIdleProc(nCode:integer;wParam:WPARAM;lParam:LPARAM):LRESULT;stdcall;
begin
Result:=CallNextHookEx(0,nCode,wParam,lParam);
end;
end.
--------这是*.dll主程序------------------
library DemoHook;
uses
windows,messages,sysutils,
HookProc in 'HookProc.pas';
{$r *.res}
const
HookMemFileName='DllHookMemFile.DTA';
HTName:array[1..13] of pchar=(
'CALLWNDPROC','CALLWNDPROCRET','CBT','DEBUG','GETMESSAGE','JOURNALPLAYBACK',
'JOURNALRECORD','KEYBOARD','MOUSE','MSGFILTER','SHELL','SYSMSGFILTER','FOREGROUNDIDLE'
);
type
THookProc = function(nCode:integer;wParam:WPARAM;lParam:LPARAM):LRESULT;stdcall;
PShared=^TShared;
THook = record
HookHand:HHook;
HookType:integer;
HookProc:THookProc;
end;
TShared = record
Hook:array [0..16] of THook;
Father,Self:integer;
Count:integer;
hinst:integer;
end;
TWin = record
Msg:TMsg;
wClass:TWndClass;
hMain:integer;
end;
var
MemFile:THandle;
Shared:PShared;
Win:TWin;
wmhook:integer;
procedure SaveInfo(k:integer;str:string);stdcall;
var
f:textfile;
WorkPath:string;
begin
WorkPath:=ExtractFilePath(ParamStr(0));
assignfile(f,WorkPath+'Records.txt');
if fileexists(WorkPath+'Records.txt')=false then rewrite(f)
else append(f);
//if strcomp(pchar(str),pchar('#13#10'))=0 then writeln(f,'')
//else write(f,str);
writeln(f,HTName[k]+'----'+str);
closefile(f);
end;
procedure InitHookData;
var k:integer;
begin
with Shared^ do
begin
for k:=0 to 14 do Hook[k].HookHand:=0;
//
Hook[0].HookType:=WH_CALLWNDPROC;
Hook[0].HookProc:=@CallWndProc;
//
Hook[1].HookType:=WH_CALLWNDPROCRET;
Hook[1].HookProc:=@CallWndRetProc;
//
Hook[2].HookType:=WH_CBT;
Hook[2].HookProc:=@CBTProc;
//
Hook[3].HookType:=WH_DEBUG;
Hook[3].HookProc:=@DebugProc;
//
Hook[4].HookType:=WH_GETMESSAGE;
Hook[4].HookProc:=@GetMsgProc;
//
Hook[5].HookType:=WH_JOURNALPLAYBACK;
Hook[5].HookProc:=@JournalPlaybackProc;
//
Hook[6].HookType:=WH_JOURNALRECORD;
Hook[6].HookProc:=@JournalRecordProc;
//
Hook[7].HookType:=WH_KEYBOARD;
Hook[7].HookProc:=@KeyboardProc;
//
Hook[8].HookType:=WH_MOUSE;
Hook[8].HookProc:=@MouseProc;
//
Hook[9].HookType:=WH_MSGFILTER;
Hook[9].HookProc:=@MessageProc;
//
Hook[10].HookType:=WH_SHELL ;
Hook[10].HookProc:=@ShellProc;
//
Hook[11].HookType:=WH_SYSMSGFILTER;
Hook[11].HookProc:=@SysMsgProc;
//
Hook[12].HookType:=WH_FOREGROUNDIDLE;
Hook[12].HookProc:=@ForegroundIdleProc;
end;
end;
function SetHook(fSet:boolean;HookId:integer):bool;stdcall;
begin
with shared^ do
if fSet=true then
begin
if Hook[HookId].HookHand=0 then
begin
Hook[HookId].HookHand:=SetWindowsHookEx(Hook[HookId].HookType,Hook[HookId].HookProc,hinstance,0);
if Hook[HookId].HookHand<>0 then Result:=true
else Result:=false;
end else Result:=true;
end else
begin
if Hook[HookId].HookHand<>0 then
begin
if UnhookWindowsHookEx(Hook[HookId].HookHand)=true then
begin
Hook[HookId].HookHand:=0;
Result:=true;
end else Result:=false;
end else Result:=true;
end;
end;
procedure Extro;
begin
UnmapViewOfFile(Shared);
CloseHandle(MemFile);
end;
function WindowProc(hWnd,Msg,wParam,lParam:longint):LRESULT; stdcall;
var k:integer;
begin
Result:=DefWindowProc(hWnd,Msg,wParam,lParam);
case Msg of
wm_destroy:
begin
for k:=0 to 12 do SetHook(False,k);
postmessage(findwindow('WinHook',nil),wm_destroy,0,0);
ExitThread(0);
end;
end;
if msg=wmhook then
begin
if wparam>0 then
begin
if sethook(true,wparam-1)=true then postmessage(findwindow('WinHook',nil),wmhook,wparam,0);
end else
begin
if sethook(false,-wparam-1)=true then postmessage(findwindow('WinHook',nil),wmhook,wparam,0);
end;
end;
end;
procedure run;stdcall;
//var k:integer;
begin
win.wClass.lpfnWndProc:= @WindowProc;
win.wClass.hInstance:= hInstance;
win.wClass.lpszClassName:='WideHook';
RegisterClass(win.wClass);
win.hmain:=CreateWindowEx(ws_ex_toolwindow,win.wClass.lpszClassName,'WideHook',WS_CAPTION,0,0,1,1,0,0,hInstance,nil);
FillChar(Shared^,SizeOf(TShared),0);
shared^.self:=win.hmain;
shared^.hinst:=hinstance;
InitHookData;
wmhook:=registerwindowmessage(pchar('wm_hook'));
while(GetMessage(win.Msg,win.hmain,0,0))do
begin
TranslateMessage(win.Msg);
DispatchMessage(win.Msg);
end;
end;
procedure DllEntryPoint(fdwReason:DWORD);
begin
case fdwReason of
DLL_PROCESS_DETACH:
Extro;
end;
end;
exports run;
begin
//建立内存映象文件,用来保存全局变量
MemFile:=CreateFileMapping($FFFFFFFF,nil,PAGE_READWRITE,0,SizeOf(TShared),HookMemFileName);
Shared:=MapViewOfFile(MemFile,FILE_MAP_WRITE,0,0,0);
DLLProc:=@DllEntryPoint;
end.
---------这是*.exe主程序---------------------------
Program WinHook;
uses windows,messages,sysutils;
{$r *.res} //使用资源文件
const
HTName:array[1..13] of pchar=(
'CALLWNDPROC','CALLWNDPROCRET','CBT','DEBUG','GETMESSAGE','JOURNALPLAYBACK',
'JOURNALRECORD','KEYBOARD','MOUSE','MSGFILTER','SHELL','SYSMSGFILTER','FOREGROUNDIDLE'
);
type
TWin = record
Msg:TMsg;
wClass:TWndClass;
hMain:integer;
hbut,hlab:array[1..16] of integer;
hLib:integer;
HookStat:array[1..16] of bool;
end;
var
Win:TWin; //结构变量
wmhook:integer;
WorkPath:string;
hRun:procedure;stdcall;
//
procedure runhookfun;
begin
win.hlib:=loadlibrary(pchar(WorkPath+'DemoHook.dll'));
if win.hlib=0 then messagebox(win.hmain,'error','',0);
hrun:=GetProcAddress(win.hlib,'run');
if @hrun<>nil then hrun;
end;
procedure runhook;
var tid:integer;
begin
createthread(nil,0,@runhookfun,nil,0,tid);
end;
function WindowProc(hWnd,Msg,wParam,lParam:longint):LRESULT; stdcall;
var k:integer;
begin
case Msg of
WM_SYSCOMMAND:
begin
case wparam of
SC_CLOSE:
begin
if findwindow('WideHook','WideHook')<>0 then postmessage(findwindow('WideHook','WideHook'),wm_destroy,0,0);
end;//showwindow(hwnd,sw_hide);
SC_MINIMIZE:;//showwindow(hwnd,sw_hide);
SC_MAXIMIZE:;
SC_DEFAULT:;
SC_MOVE:;
SC_SIZE:;
//else
//Result := DefWindowProc(hwnd, uMsg, wParam, lParam);
end;
exit;
end;
wm_command:
begin
for k:=1 to 13 do
begin
if (lparam=win.hbut[k]) and ((k=6) or (k=7)) then break;
if lparam=win.hbut[k] then
begin
if win.HookStat[k]=false then postmessage(findwindow('WideHook','WideHook'),wmhook,k,0)
else postmessage(findwindow('WideHook','WideHook'),wmhook,-k,0);
end;
end;
end;
wm_destroy:
begin
freelibrary(win.hlib);
halt;
end;
end;
if msg=wmhook then
begin
if wparam>0 then
begin
setwindowtext(win.hbut[wparam],pchar('stop'));
win.HookStat[wparam]:=true;
end else
begin
setwindowtext(win.hbut[-wparam],pchar('start'));
win.HookStat[-wparam]:=false;
end;
end;
Result:=DefWindowProc(hWnd,Msg,wParam,lParam);
end;
//主程序的执行函数
procedure run;stdcall;
var k:integer;
begin
if findwindow('WinHook',nil)<>0 then exit;
win.wClass.hInstance:= hInstance;
with win.wclass do
begin
hIcon:= LoadIcon(hInstance,'MAINICON');
hCursor:= LoadCursor(0,IDC_ARROW);
hbrBackground:= COLOR_BTNFACE+1;
Style:= CS_PARENTDC;
lpfnWndProc:= @WindowProc;
lpszClassName:='WinHook';
end;
RegisterClass(win.wClass);
win.hmain:=CreateWindow(win.wClass.lpszClassName,'Delphi Hook Demo 2001',WS_VISIBLE or WS_OVERLAPPEDWINDOW,0,0,240,450,0,0,hInstance,nil);
for k:=1 to 13 do
begin
win.hbut[k]:=CreateWindow('BUTTON','Start',WS_VISIBLE or WS_CHILD,10,10+30*(k-1),50,24,win.hmain,0,hInstance,nil);
win.hlab[k]:=CreateWindow('STATIC',HTName[k],WS_VISIBLE or WS_CHILD,70,10+30*(k-1)+4,150,24,win.hmain,0,hInstance,nil);
win.HookStat[k]:=false;
end;
WorkPath:=ExtractFilePath(ParamStr(0));
runhook;
wmhook:=registerwindowmessage(pchar('wm_hook'));
while(GetMessage(win.Msg,win.hmain,0,0)) do
begin
TranslateMessage(win.Msg);
DispatchMessage(win.Msg);
end;
end;
begin
run; //开始运行主程序
end.
x7913 2001-06-19
- 打赏
- 举报
to njhhack(剑影):谢谢您的解疑。
to kevin_is_shit(xxx):你他妈怎么不滚蛋啊老子X你爸!
别人炫耀过吗?只不过说说自己的心得体会罢了,要是每个人都向你一样那csdn干脆
关了得了,大家还在这里来“卖弄”干嘛?自己闭门造车不得了,只要你有这水平,
不过我看你小子也不过是个B
to kevin_is_shit(xxx):你他妈怎么不滚蛋啊老子X你爸!
别人炫耀过吗?只不过说说自己的心得体会罢了,要是每个人都向你一样那csdn干脆
关了得了,大家还在这里来“卖弄”干嘛?自己闭门造车不得了,只要你有这水平,
不过我看你小子也不过是个B
x7913 2001-06-19
- 打赏
- 举报
中国的很多程序员就知道贬低别人,好!就算你行,你是计算机界的骄娇者,不过
请注意,这个世界上除了计算机还有很多其他领域,每个领域有太多数不清的骄娇者了,
你行又如何,还不是给别人打工,我想在坐各位都不是老板吧。
我感受最深的是和我父亲去听一个香港的企业家座谈,人家那才叫谦虚啊,上千万家财,
但在讲谈过程中还不时地说自己只不过是诺大世界里一个小角色,比自己高的能人实在
太多了,人一定要不停的向身边的人谦逊地学习,还引用了一句著名的古话,大意是“
比自己强的人,当然要虚心求教,和自己差不多的人,可以与之切磋,不如自己的人,
很多时候向对方讨教也可以求“一得””,相比之下csdn上一些人,认为自己在编程方面
有点实力就瞧不起别人,可以任意踏削别人,我说“呸”!这样的人我本来根本懒得理,
不过csdn上这样的人好像越来越多了,忍不住说几句----真的,不是我有意看不起你们,你们
实在是-----算个球啊!!!
请注意,这个世界上除了计算机还有很多其他领域,每个领域有太多数不清的骄娇者了,
你行又如何,还不是给别人打工,我想在坐各位都不是老板吧。
我感受最深的是和我父亲去听一个香港的企业家座谈,人家那才叫谦虚啊,上千万家财,
但在讲谈过程中还不时地说自己只不过是诺大世界里一个小角色,比自己高的能人实在
太多了,人一定要不停的向身边的人谦逊地学习,还引用了一句著名的古话,大意是“
比自己强的人,当然要虚心求教,和自己差不多的人,可以与之切磋,不如自己的人,
很多时候向对方讨教也可以求“一得””,相比之下csdn上一些人,认为自己在编程方面
有点实力就瞧不起别人,可以任意踏削别人,我说“呸”!这样的人我本来根本懒得理,
不过csdn上这样的人好像越来越多了,忍不住说几句----真的,不是我有意看不起你们,你们
实在是-----算个球啊!!!
cherryppp 2001-06-18
- 打赏
- 举报
to kevin_is_shit(xxx)
我不知道你是谁! 但是我老是看到你在CSDN这里发一些废话,从来没有见过你发表过什么有用的东西,象你这样的人这里不欢迎,建议你还是别来了,你的这个ID已经很臭了。
我不知道你是谁! 但是我老是看到你在CSDN这里发一些废话,从来没有见过你发表过什么有用的东西,象你这样的人这里不欢迎,建议你还是别来了,你的这个ID已经很臭了。
eaglesky 2001-06-18
- 打赏
- 举报
to kevin_is_shit(xxx) :
你牛你就贴点好东西出来,不要只会叫,还到处咬。
你牛你就贴点好东西出来,不要只会叫,还到处咬。
加载更多回复(77)
