对目标进程注入HOOK用的DLL后,发送SendMessage/PostMessage(被注入进程hwnd , 1111 , 2222 , 3333),目标进程没有任何反映function GetMsgProc(code: integer; wParam:WPARAM;lParam:LPARAM):LRESULT;stdcall; //<--HOOK内的处理函数 var MyMSG:TMSG; begin MyMSG:=TMSG(PMSG(lParam)^); ; if (MyMSG.message=1111) then showmessage('MSG='+inttostr(MyMSG.message)+'-'+inttostr(MyMSG.wParam)+'-'+inttostr(MyMSG.lParam)); end;
根据消息的内容判断不知是否可行? 用消息类型 + 消息的Handle看可不可以? if PMsg(Msg)^.Message = WM_LBUTTONUP then if (PMsg(Msg)^.hwnd) =
你可以参考下面的代码,直接用Hook没有注入var Form1: TForm1; HookHandle:HHook;implementation{$R *.dfm}const WM_TestMessage = WM_USER + 2000;function TestHookProc(Code:Integer;WParam:Longint;Msg:Longint):Longint;stdcall; begin if (code = HC_Action) then if PMsg(Msg)^.Message = WM_TestMessage then begin Showmessage('Has hooked TestMessage'); Form1.Edit1.Text := IntToStr(PMsg(Msg)^.hwnd); end; Result:=CallNextHookEx(HookHandle,Code,WParam,Longint(@msg)); end;procedure TForm1.FormCreate(Sender: TObject); begin HookHandle:=SetWindowsHookEx(WH_GETMESSAGE,TestHookProc,0,GetCurrentThreadID); end;procedure TForm1.Button1Click(Sender: TObject); begin PostMessage(self.Handle,WM_TestMessage,0,0); end;procedure TForm1.FormDestroy(Sender: TObject); begin UnHookWindowsHookEx(HookHandle); end;
function GetMsgProc(code: integer; wParam:WPARAM;lParam:LPARAM):LRESULT;stdcall; //<--这还是HOOK的DLL内的处理部分 begin if PMsg(lParam)^.Message = 11111 then begin Showmessage('Has hooked TestMessage'); end; end;//-----向被HOOK进程发送消息,为了不和系统定义的消息冲突第二个参数改成11111。为了确保目标进程收到消息,除了直接用hwnd再用HWND_BROADCAST发广播 PostMessage(hwd,11111,2222,3333); SendMessage(hwd,11111,2222,3333); PostMessage(HWND_BROADCAST,11111,2222,3333); SendMessage(HWND_BROADCAST,11111,2222,3333);这样做目标进程还是没有任何message跳出来
SendMessage/PostMessage/PeekMessage..
那么就用最简单的PostMessage(hwnd , 1111 , 2222 , 3333);这样的消息来做例子吧
被Hook的程序接受到这个PostMessage之后如何在将各参数内容取出呢?
function PostMessage(
hWnd: HWND; {目标句柄}
Msg: UINT; {要发送的消息(编号)}
wParam: WPARAM; {消息参数}//这个是消息的附加信息,一般情况下是发送一个指针过来,你再把该指针转为相应的数据结构,从而把该数据结构体内的数据取出,例如PDataStruct(Message.wParam).Data1
lParam: LPARAM {消息参数}
): BOOL; stdcall;
var
MyMSG:TMSG;
begin
MyMSG:=TMSG(PMSG(lParam)^); ;
if (MyMSG.message=1111) then showmessage('MSG='+inttostr(MyMSG.message)+'-'+inttostr(MyMSG.wParam)+'-'+inttostr(MyMSG.lParam));
end;
用消息类型 + 消息的Handle看可不可以?
if PMsg(Msg)^.Message = WM_LBUTTONUP then
if (PMsg(Msg)^.hwnd) =
Form1: TForm1;
HookHandle:HHook;implementation{$R *.dfm}const
WM_TestMessage = WM_USER + 2000;function TestHookProc(Code:Integer;WParam:Longint;Msg:Longint):Longint;stdcall;
begin
if (code = HC_Action) then
if PMsg(Msg)^.Message = WM_TestMessage then
begin
Showmessage('Has hooked TestMessage');
Form1.Edit1.Text := IntToStr(PMsg(Msg)^.hwnd);
end;
Result:=CallNextHookEx(HookHandle,Code,WParam,Longint(@msg));
end;procedure TForm1.FormCreate(Sender: TObject);
begin
HookHandle:=SetWindowsHookEx(WH_GETMESSAGE,TestHookProc,0,GetCurrentThreadID);
end;procedure TForm1.Button1Click(Sender: TObject);
begin
PostMessage(self.Handle,WM_TestMessage,0,0);
end;procedure TForm1.FormDestroy(Sender: TObject);
begin
UnHookWindowsHookEx(HookHandle);
end;
function GetMsgProc(code: integer; wParam:WPARAM;lParam:LPARAM):LRESULT;stdcall; //<--这还是HOOK的DLL内的处理部分
begin
if PMsg(lParam)^.Message = 11111 then
begin
Showmessage('Has hooked TestMessage');
end;
end;//-----向被HOOK进程发送消息,为了不和系统定义的消息冲突第二个参数改成11111。为了确保目标进程收到消息,除了直接用hwnd再用HWND_BROADCAST发广播
PostMessage(hwd,11111,2222,3333);
SendMessage(hwd,11111,2222,3333);
PostMessage(HWND_BROADCAST,11111,2222,3333);
SendMessage(HWND_BROADCAST,11111,2222,3333);这样做目标进程还是没有任何message跳出来