exe文件也有导出表，也可以象dll那样导出函数，那么全局hook是不是可以不用dll就能实现了？

                            UPUPUP
                          UPUPUPUP
                        UPUPUPUP
                      UPUPUPUP
                    UPUPUPUP
                    UPUPUP
                  UPUPUP    UPUPUPUPUPUPUP
                UPUPUPUPUPUPUP    UPUPUPUPUP
              UPUPUPUPUPUPUP        UPUPUP
            UPUPUPUPUPUPUPUPUPUPUP  UPUPUP
          UPUP    UPUPUPUPUPUPUPUP  UPUPUP
                  UPUPUPUPUP        UPUPUP
                  UPUPUPUP          UPUPUP
                  UPUPUPUPUPUPUP    UPUPUP
                  UPUPUPUPUPUP      UPUPUP
                  UPUPUPUP          UPUPUP
                  UPUPUP            UPUPUP
                  UPUPUPUPUPUPUPUP  UPUPUP
                  UPUPUPUPUPUPUP    UPUPUP
                    UPUPUPUPUPUPUPUPUPUPUP
                                UPUPUPUPUP
                                  UPUPUPUP
                                      UPUP










                    UPUPUPUPUPUPUPUPUP
              UPUPUPUPUP      UPUPUPUPUP
                UPUPUP        UPUPUPUP
                              UPUPUPUP
                            UPUPUPUP
                      UPUPUPUPUPUP
                UPUPUPUPUPUPUPUPUP
              UPUPUPUPUPUP
              UPUPUP
              UPUPUP
              UPUP                          UPUP
              UPUP                          UPUP
              UPUP                          UPUPUP
              UPUP                          UPUPUP
              UPUPUP                        UPUPUP
                UPUP                        UPUPUP
                UPUPUPUPUP                UPUPUPUP
                  UPUPUPUPUPUPUPUPUPUPUPUPUPUPUPUP
                      UPUPUPUPUPUPUPUPUPUPUPUPUPUP









                  UPUPUP              UPUPUP
                  UPUPUP      UPUPUPUPUPUPUPUP
                  UPUPUP    UPUPUPUP  UPUPUP
                  UPUPUP    UPUPUP    UPUPUP
                  UPUPUP    UPUPUPUPUPUPUPUP
                  UPUPUP    UPUPUPUPUPUPUPUP
                  UPUP      UPUPUP    UPUPUP
                  UPUPUPUP    UPUPUPUPUPUPUP
          UPUPUPUPUPUPUPUP    UPUP  UPUPUPUP
        UPUPUPUPUPUPUP                UPUPUPUPUPUP
          UPUPUP  UPUP        UPUPUPUPUPUPUPUPUPUP
                  UPUPUPUPUPUPUPUPUPUPUPUP
                UPUPUPUPUPUPUPUPUPUPUPUP
              UPUPUPUP      UPUP  UPUPUPUPUPUP
          UPUPUPUPUPUP    UPUPUP  UPUPUPUPUPUP
        UPUPUPUPUPUPUP    UPUPUP  UPUPUPUP
    UPUPUPUPUPUPUPUPUP  UPUPUPUPUPUPUPUP
      UPUPUP      UPUP  UPUP    UPUPUPUP
                UPUPUPUPUP          UPUPUP
            UPUPUPUPUP                  UPUPUP
              UPUPUPUP                    UPUPUPUPUP
                                          UPUPUPUPUPUPUPUP
                                                  UPUPUP

//我自己试验了一下，算是成功了一半，但是还有个致命问题，请看代码：
///////////
unit Unit1;interfaceuses
  Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
  Dialogs, StdCtrls;type
  TForm1 = class(TForm)
    Button1: TButton;
    procedure Button1Click(Sender: TObject);
    procedure FormCreate(Sender: TObject);
    procedure FormClose(Sender: TObject; var Action: TCloseAction);
  private
    { Private declarations }
  public
    { Public declarations }
  end;var
  Form1: TForm1;implementation
var
hhk:hhook;
{$R *.dfm}
function hookproc(ncode:smallint;wparam,lparam:integer):integer;stdcall;
begin
  result:=0;
  application.messagebox(inttostr(wparam),'',mb_ok);
  if ncode<0 then
    result:=callnexthookex(hhk,ncode,wparam,lparam);
end;
procedure test;stdcall;
begin
  showmessage('In Test');
end;
exports
hookproc,
test;
procedure TForm1.Button1Click(Sender: TObject);
var
proc:tprocedure;
begin
  proc:=getprocaddress(hinstance,'test');//hinstance和loadlibrary的返回值相同。
  proc;

end;procedure TForm1.FormCreate(Sender: TObject);
begin
  hhk:=setwindowshookex(wh_keyboard,@hookproc,hinstance,0);
end;procedure TForm1.FormClose(Sender: TObject; var Action: TCloseAction);
begin
unhookwindowshookex(hhk);
end;end.
/////////////////////////////////////
这个能钩住进程内热键没问题，但是其它进程不是不能钩主，而是会出现其它进程的异常，有时候在别的进程里面按下键盘，桌面下的speedbar没了又出来，好像是explorer.exe退出了又启动了，整个屏幕上的所有窗口好像都被重新刷新了一遍，hookproc里面的messagebox要是响应了进程内的键盘消息，会出现两个对话框（keyup,keydown各一次），如果响应了其他进程的按键消息，只出现一个，并且回接着出现上面的奇怪情况。测试环境：delphi6+win2000/////////////////
哪位能帮我解释一下呢？

button1click的时候没有任何问题，说明exe导出函数是可行的。关键就是为什么作为hookproc不行呢？
hookproc这所谓的“callback”是被谁call的呢？操作系统？还是所有响应了键盘输入的进程？

前一个问题我认为是这样的吧，每个可执行文件都必须有自己的进程空间，而各个程序之间的进程空间是无法互相访问的，所以你用exe文件是无法代替dll的hook的。第二个问题。。不知道，可能是应为可执行文件即使导出了函数也是没法使用的吧。

tonylk，那么为什么dll就可以呢？就因为能导出函数？那么exe也可以啊！
可执行文件导出了函数test，并且成功调用，请看上面的例子。

刚才试了一下你的程序，要死阿，我的win2000pro+sp2，运行你的程序后，在什么程序上一按键盘，该程序就立刻招呼也不打的就退出了太可怕了。。我想还是进程的关系吧，所谓钩子我的理解好像就是在要hook住的那个函数的开始部分加入几条跳转指令，让它跳到你的函数代码处，这样的函数就可以得到那个函数被传进来的参数了。
对于这个exe程序本身，因为钩子函数和被钩的函数都在统一进程空间内，所以可以正常工作。
但是对于其它程序，因为你的钩子不是在dll内，无法被加载到那个程序的进程空间内，所以它的跳转指令其实跳到了错误的位置，所以不可能起作用。这些也只是我的猜想，我再去查查msdn吧，也希望有高手来回答这个问题。。

应该不行吧。
比如DLL的入口函数有DLL_PROCESS_ATTACH，DLL_THREAD_ATTACH，
DLL_THREAD_DETACH，DLL_PROCESS_DETACH。这样，当进程产生线程和
放弃线程时，都可以运行到DLLMain的入口函数。当目标进程产生线程时，你的Exe入口函数调用什么程序？
而且，运行LoadLibrary又调用什么。好像都调用了你的WinMain吧。
一个程序中多次调用WinMain不知道有些什么结果。

i cann't ,but i can up!

在msdn中找到了如下结果：
Win32 HooksFilter functions in DLLsSystemwide filter functions must reside in a DLL. In Win16 it was possible (although not recommended) to install a systemwide hook to a filter function in an application. This does not work in Win32. Do not install systemwide filter functions that are not in DLLs, even if it does seem to work on a particular system. The journal hooks, WH_JOURNALRECORD and WH_JOURNALPLAYBACK, are exceptions to this rule. Because of the way Windows calls these hooks, their filter functions do not have to be in a DLL.

调试易

exe文件也有导出表，也可以象dll那样导出函数，那么全局hook是不是可以不用dll就能实现了？

解决方案 »