以牛人的<WINDOWS核心编程>来说,22章那个22-LastMsgBoxInfoLib例子.
他基本是设置HOOK,然后给调用要监视API的模块注入DLL.但是很奇怪的是,他安装钩子代码如下
BOOL WINAPI LastMsgBoxInfo_HookAllApps(BOOL fInstall, DWORD dwThreadId) { BOOL fOk; if (fInstall) { chASSERT(g_hhook == NULL); // Illegal to install twice in a row // Install the Windows' hook
g_hhook = SetWindowsHookEx(WH_GETMESSAGE, GetMsgProc,
ModuleFromAddress(LastMsgBoxInfo_HookAllApps), dwThreadId); fOk = (g_hhook != NULL);
} else { chASSERT(g_hhook != NULL); // Can't uninstall if not installed
fOk = UnhookWindowsHookEx(g_hhook);
g_hhook = NULL;
} return(fOk);
}可以看到他安装的HOOK:g_hhook = SetWindowsHookEx(WH_GETMESSAGE, GetMsgProc,
ModuleFromAddress(LastMsgBoxInfo_HookAllApps), dwThreadId);
看是一个线程HOOK?它怎么得到系统其他进程的消息呢?谢谢.希望我表达清楚了
他基本是设置HOOK,然后给调用要监视API的模块注入DLL.但是很奇怪的是,他安装钩子代码如下
BOOL WINAPI LastMsgBoxInfo_HookAllApps(BOOL fInstall, DWORD dwThreadId) { BOOL fOk; if (fInstall) { chASSERT(g_hhook == NULL); // Illegal to install twice in a row // Install the Windows' hook
g_hhook = SetWindowsHookEx(WH_GETMESSAGE, GetMsgProc,
ModuleFromAddress(LastMsgBoxInfo_HookAllApps), dwThreadId); fOk = (g_hhook != NULL);
} else { chASSERT(g_hhook != NULL); // Can't uninstall if not installed
fOk = UnhookWindowsHookEx(g_hhook);
g_hhook = NULL;
} return(fOk);
}可以看到他安装的HOOK:g_hhook = SetWindowsHookEx(WH_GETMESSAGE, GetMsgProc,
ModuleFromAddress(LastMsgBoxInfo_HookAllApps), dwThreadId);
看是一个线程HOOK?它怎么得到系统其他进程的消息呢?谢谢.希望我表达清楚了
因此,我就不理解他为什么指定了线程/
的调用.