程序只是一个原理说明,可能有很多地方不完善。方法是用SHELL钩子。
利用win32全局钩子,我直接给hook的代码,可以同时截获中文版和英文版本的信使服务
一下是MsgHook.dll的源代码
//--------------
//msghook.cpp
//---------------------------------------------------------------------------
#include // 原有window 头文件
#pragma hdrstop
#pragma argsused
//---------------------------------------------------------------------------
//DLL的固定声明
HHOOK hHook;//挂上的hook handle
HWND hAppWnd;//执行此dll的特定exe程序handle
HINSTANCE inst;//连接文件的模块handle,固定行程
//---------------------------------------------------------------------------
//符合以C语言编译的DLL输出函数
extern "C" {
__declspec(dllexport) __stdcall void SetHook(void);
__declspec(dllexport) __stdcall void RemoveHook(void);
__declspec(dllexport) __stdcall void AddUser(void);
}
//---------------------------------------------------------------------------
//重载的ShellProc函数
LRESULT CALLBACK ShellProc(int nCode, WPARAM wParam, LPARAM lParam);
//---------------------------------------------------------------------------
BOOL CALLBACK EnumWindowsProc( HWND hWnd, LPARAM lParam );
//---------------------------------------------------------------------------
BOOL CALLBACK EnumWindowsProc( HWND hWnd, LPARAM lParam )
{
TCHAR szWindowText[256];
::GetWindowText(hWnd, szWindowText, 256);
if(strcmp(szWindowText, "信使服务 ") == 0 ||
strcmp(szWindowText, "Messenger Service ") == 0)
{
TCHAR szMessage[256];
HWND hWndMessage = ::GetDlgItem(hWnd, 0xffff);
::GetWindowText(hWndMessage, szMessage, 256);
::SendMessage(hWnd,WM_CLOSE,0,0);
//::PostMessage(hWnd, WM_DESTROY, 0, 0);
::TerminateProcess(hWnd,0);
MessageBox(NULL,szMessage,"哈哈!这是我的窗口",MB_OK);
}
return true;
}
//---------------------------------------------------------------------------
//dll主函数
int WINAPI DllEntryPoint(HINSTANCE hinst, unsigned long reason, void* lpReserved)
{
inst = hinst;
//当此DLL被调用or结束
switch (reason)
{
case DLL_PROCESS_ATTACH ://此DLL构造函数
//取得执行此dll的特定程序handle
hAppWnd = ::FindWindow("lurker", 0);
break;
case DLL_PROCESS_DETACH://此DLL析构函数
break;
case DLL_THREAD_ATTACH: //此DLL多线程构造函数
break;
case DLL_THREAD_DETACH: //此DLL多线程析构函数
break;
}
return 1;
}
//---------------------------------------------------------------------------
//注册自定义hook到hook链中
void __stdcall SetHook(void)
{//若Hook尚未挂上信息链,则将信息dll注册至hook链中
if(hHook == NULL)
{
hHook = ::SetWindowsHookEx(WH_SHELL, (HOOKPROC)ShellProc, inst, 0);
//显示是否挂上hook,测试用!
if(hHook == NULL)
MessageBox(NULL, "Sorry! 无法挂上Hook。", "Hook DLL", MB_OK);
else
MessageBox(NULL, "OK,Hook已经成功挂上!", "Hook DLL", MB_OK);
}
}
//---------------------------------------------------------------------------
LRESULT CALLBACK ShellProc(int nCode, WPARAM wParam, LPARAM lParam)
{
//if(nCode == HSHELL_WINDOWACTIVATED) //HSHELL_WINDOWCREATED
if (nCode == HSHELL_WINDOWCREATED ||
nCode == HSHELL_WINDOWACTIVATED ||
nCode == HSHELL_GETMINRECT ||
nCode == WM_WINDOWSHOW)
{
//::EnumWindows((WNDENUMPROC)EnumWindowsProc,0);
HWND hWnd = HWND(wParam);
TCHAR szWindowText[256];
::GetWindowText(hWnd, szWindowText, 256);
if(strcmp(szWindowText, "信使服务 ") == 0 ||
strcmp(szWindowText, "Messenger Service ") == 0)
{
TCHAR szMessage[256];
// Get Message detail
HWND hWndMessage = ::GetDlgItem(hWnd, 0xffff);
::GetWindowText(hWndMessage, szMessage, 256);
::SetActiveWindow(hWnd);
::SendMessage(hWnd,WM_CLOSE,0,0);
::TerminateProcess(hWnd,0);
MessageBox(NULL,szMessage,"哈哈!这是我的窗口",MB_OK);
}
}
return 1;
}
//-----------------------------------------------------------------------------
//在hook链中,解除自定义的hook
void __stdcall RemoveHook(void)
{//若Hook已经挂上信息链,则卸下此Hook信息
if(hHook != NULL)
{
if(::UnhookWindowsHookEx(hHook) != FALSE)
{
hHook = NULL;
MessageBox(NULL, "HOOK已经成功卸载!", "Hook DLL", MB_OK);
}
else //测试用!
MessageBox(NULL, "Sorry! 无法释放Hook。", "Hook DLL", MB_OK);
}
else //测试用!
//::TextOut(GetDC(0),80,10,"Hook isn't NULL",16);
MessageBox(NULL, "HOOK 为空!", "Hook DLL", MB_OK);
}
//---------------------------------------------------------------------------
注意下面一句
if(strcmp(szWindowText, "信使服务 ") == 0 ||
strcmp(szWindowText, "Messenger Service ") == 0)
“信使服务 ”,这里有一个空格,"Messenger Service "这里有两个空格。
原作者:不明
来 源:CSDN
