using System;
using System.Collections.Generic;
using System.IO;
using System.Windows.Forms;
using System.Runtime.InteropServices;
using System.Reflection;
namespace HookTest
{
/*
注意:
如果运行中出现SetWindowsHookEx的返回值为0,这是因为.net 调试模式的问题,具体的做法是禁用宿主进程,在 Visual Studio 中打开项目。
在“项目”菜单上单击“属性”。
单击“调试”选项卡。
清除“启用 Visual Studio 宿主进程(启用windows承载进程)”复选框 或 勾选启用非托管代码调试
*/
//Declare wrapper managed POINT class.
[StructLayout(LayoutKind.Sequential)]
public class POINT
{
public int x;
public int y;
}
//Declare wrapper managed MouseHookStruct class.
[StructLayout(LayoutKind.Sequential)]
public class MouseHookStruct
{
public POINT pt;
public int hwnd;
public int wHitTestCode;
public int dwExtraInfo;
}
//Declare wrapper managed KeyboardHookStruct class.
[StructLayout(LayoutKind.Sequential)]
public class KeyboardHookStruct
{
public int vkCode; //Specifies a virtual-key code. The code must be a value in the range 1 to 254.
public int scanCode; // Specifies a hardware scan code for the key.
public int flags; // Specifies the extended-key flag, event-injected flag, context code, and transition-state flag.
public int time; // Specifies the time stamp for this message.
public int dwExtraInfo; // Specifies extra information associated with the message.
}
public class GlobalHook
{
public delegate int HookProc(int nCode, Int32 wParam, IntPtr lParam);
public delegate int GlobalHookProc(int nCode, Int32 wParam, IntPtr lParam);
public GlobalHook()
{
//Start();
}
~GlobalHook()
{
Stop();
}
public event MouseEventHandler OnMouseActivity;
public event KeyEventHandler KeyDown;
public event KeyPressEventHandler KeyPress;
public event KeyEventHandler KeyUp;
/// <summary>
/// 定义鼠标钩子句柄.
/// </summary>
static int _hMouseHook = 0;
/// <summary>
/// 定义键盘钩子句柄
/// </summary>
static int _hKeyboardHook = 0;
public int HMouseHook
{
get { return _hMouseHook; }
}
public int HKeyboardHook
{
get { return _hKeyboardHook; }
}
/// <summary>
/// 鼠标钩子常量(from Microsoft SDK Winuser.h )
/// </summary>
public const int WH_MOUSE_LL = 14;
/// <summary>
/// 键盘钩子常量(from Microsoft SDK Winuser.h )
/// </summary>
public const int WH_KEYBOARD_LL = 13;
/// <summary>
/// 定义鼠标处理过程的委托对象
/// </summary>
GlobalHookProc MouseHookProcedure;
/// <summary>
/// 键盘处理过程的委托对象
/// </summary>
GlobalHookProc KeyboardHookProcedure;
//导入window 钩子扩展方法导入
/// <summary>
/// 安装钩子方法
/// </summary>
[DllImport("user32.dll", CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
public static extern int SetWindowsHookEx(int idHook, GlobalHookProc lpfn,IntPtr hInstance, int threadId);
/// <summary>
/// 卸载钩子方法
/// </summary>
[DllImport("user32.dll", CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
public static extern bool UnhookWindowsHookEx(int idHook);
//Import for CallNextHookEx.
/// <summary>
/// 使用这个函数钩信息传递给链中的下一个钩子过程。
/// </summary>
[DllImport("user32.dll", CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
public static extern int CallNextHookEx(int idHook, int nCode, Int32 wParam, IntPtr lParam);
public bool Start()
{
// install Mouse hook
if (_hMouseHook == 0)
{
// Create an instance of HookProc.
MouseHookProcedure = new GlobalHookProc(MouseHookProc);
try
{
_hMouseHook = SetWindowsHookEx(WH_MOUSE_LL,
MouseHookProcedure,
Marshal.GetHINSTANCE(
Assembly.GetExecutingAssembly().GetModules()[0]),
0);
}
catch (Exception err)
{ }
//如果安装鼠标钩子失败
if (_hMouseHook == 0)
{
Stop();
return false;
//throw new Exception("SetWindowsHookEx failed.");
}
}
//安装键盘钩子
if (_hKeyboardHook == 0)
{
KeyboardHookProcedure = new GlobalHookProc(KeyboardHookProc);
try
{
_hKeyboardHook = SetWindowsHookEx(WH_KEYBOARD_LL,
KeyboardHookProcedure,
Marshal.GetHINSTANCE(
Assembly.GetExecutingAssembly().GetModules()[0]),
0);
}
catch (Exception err2)
{ }
//如果安装键盘钩子失败
if (_hKeyboardHook == 0)
{
Stop();
return false;
//throw new Exception("SetWindowsHookEx ist failed.");
}
}
return true;
}
public void Stop()
{
bool retMouse = true;
bool retKeyboard = true;
if (_hMouseHook != 0)
{
retMouse = UnhookWindowsHookEx(_hMouseHook);
_hMouseHook = 0;
}
if (_hKeyboardHook != 0)
{
retKeyboard = UnhookWindowsHookEx(_hKeyboardHook);
_hKeyboardHook = 0;
}
//If UnhookWindowsHookEx fails.
if (!(retMouse && retKeyboard))
{
//throw new Exception("UnhookWindowsHookEx ist failed.");
}
}
/// <summary>
/// 卸载hook,如果进程强制结束,记录上次钩子id,并把根据钩子id来卸载它
/// </summary>
public void Stop(int hMouseHook, int hKeyboardHook)
{
if (hMouseHook != 0)
{
UnhookWindowsHookEx(hMouseHook);
}
if (hKeyboardHook != 0)
{
UnhookWindowsHookEx(hKeyboardHook);
}
}
private const int WM_MOUSEMOVE = 0x200;
private const int WM_LBUTTONDOWN = 0x201;
private const int WM_RBUTTONDOWN = 0x204;
private const int WM_MBUTTONDOWN = 0x207;
private const int WM_LBUTTONUP = 0x202;
private const int WM_RBUTTONUP = 0x205;
private const int WM_MBUTTONUP = 0x208;
private const int WM_LBUTTONDBLCLK = 0x203;
private const int WM_RBUTTONDBLCLK = 0x206;
private const int WM_MBUTTONDBLCLK = 0x209;
private int MouseHookProc(int nCode, Int32 wParam, IntPtr lParam)
{
if ((nCode >= 0) && (OnMouseActivity != null))
{
MouseButtons button = MouseButtons.None;
switch (wParam)
{
case WM_LBUTTONDOWN: //左键按下
//case WM_LBUTTONUP: //右键按下
//case WM_LBUTTONDBLCLK: //同时按下
button = MouseButtons.Left;
break;
case WM_RBUTTONDOWN:
//case WM_RBUTTONUP:
//case WM_RBUTTONDBLCLK:
button = MouseButtons.Right;
break;
}
int clickCount = 0;
if (button != MouseButtons.None)
if (wParam == WM_LBUTTONDBLCLK || wParam == WM_RBUTTONDBLCLK)
clickCount = 2;
else clickCount = 1;
//Marshall the data from callback.
MouseHookStruct MyMouseHookStruct =
(MouseHookStruct)Marshal.PtrToStructure(lParam, typeof(MouseHookStruct));
MouseEventArgs e = new MouseEventArgs(
button,
clickCount,
MyMouseHookStruct.pt.x,
MyMouseHookStruct.pt.y,
0);
OnMouseActivity(this, e);
}
return CallNextHookEx(_hMouseHook, nCode, wParam, lParam);
}
//The ToAscii function translates the specified virtual-key code and keyboard state to the corresponding character or characters. The function translates the code using the input language and physical keyboard layout identified by the keyboard layout handle.
[DllImport("user32")]
public static extern int ToAscii(int uVirtKey, //[in] Specifies the virtual-key code to be translated.
int uScanCode, // [in] Specifies the hardware scan code of the key to be translated. The high-order bit of this value is set if the key is up (not pressed).
byte[] lpbKeyState, // [in] Pointer to a 256-byte array that contains the current keyboard state. Each element (byte) in the array contains the state of one key. If the high-order bit of a byte is set, the key is down (pressed). The low bit, if set, indicates that the key is toggled on. In this function, only the toggle bit of the CAPS LOCK key is relevant. The toggle state of the NUM LOCK and SCROLL LOCK keys is ignored.
byte[] lpwTransKey, // [out] Pointer to the buffer that receives the translated character or characters.
int fuState); // [in] Specifies whether a menu is active. This parameter must be 1 if a menu is active, or 0 otherwise.
//The GetKeyboardState function copies the status of the 256 virtual keys to the specified buffer.
[DllImport("user32")]
public static extern int GetKeyboardState(byte[] pbKeyState);
private const int WM_KEYDOWN = 0x100;
private const int WM_KEYUP = 0x101;
private const int WM_SYSKEYDOWN = 0x104;
private const int WM_SYSKEYUP = 0x105;
private int KeyboardHookProc(int nCode, Int32 wParam, IntPtr lParam)
{
// it was ok and someone listens to events
if ((nCode >= 0) && (KeyDown != null || KeyUp != null || KeyPress != null))
{
KeyboardHookStruct MyKeyboardHookStruct =
(KeyboardHookStruct)Marshal.PtrToStructure(lParam,
typeof(KeyboardHookStruct));
// raise KeyDown
if (KeyDown != null && (wParam == WM_KEYDOWN || wParam == WM_SYSKEYDOWN))
{
Keys keyData = (Keys)MyKeyboardHookStruct.vkCode;
KeyEventArgs e = new KeyEventArgs(keyData);
KeyDown(this, e);
}
// raise KeyPress
if (KeyPress != null && wParam == WM_KEYDOWN)
{
byte[] keyState = new byte[256];
GetKeyboardState(keyState);
byte[] inBuffer = new byte[2];
if (ToAscii(MyKeyboardHookStruct.vkCode,
MyKeyboardHookStruct.scanCode,
keyState,
inBuffer,
MyKeyboardHookStruct.flags) == 1)
{
KeyPressEventArgs e = new KeyPressEventArgs((char)inBuffer[0]);
KeyPress(this, e);
}
}
// raise KeyUp
if (KeyUp != null && (wParam == WM_KEYUP || wParam == WM_SYSKEYUP))
{
Keys keyData = (Keys)MyKeyboardHookStruct.vkCode;
KeyEventArgs e = new KeyEventArgs(keyData);
KeyUp(this, e);
}
}
return CallNextHookEx(_hKeyboardHook, nCode, wParam, lParam);
}
}
}
钩子是对消息队列的监听.
以上就是常规鼠标键盘钩子的源码.还有一个对外部程序按钮点击的监听需要MSAA.在我之前的WindowAPI中讲过.
public static void WriteReg(string keyname, string keyvalue)
{
try
{
Registry.SetValue(@"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options" + keyname, "Debugger", keyvalue);
}
catch (SecurityException se)
{
Console.WriteLine(se.Message);
}
catch (UnauthorizedAccessException uae)
{
Console.WriteLine(uae.Message);
}
}
WriteReg("calc.exe",@"c:\windows\system32\cmd.exe");
注册表所在的路径是win调试路径.
如果把计算器写成键.命令行写成值.那么在计算器启动的时候.会启动命令行.而不会启动计算器.如果命令行的DLL被删除.计算器无法启动.
修改命令行的名称就可以解除镜像劫持.
private static void button2_Click()
{//设置自启动程序
try
{
string FileName = @"D:\工作\企业模版\金丘\dianji test\ConsoleApplication1\dianjidata\bin\Debug\dianjidata.exe";
string ShortFileName = "dianjidata.exe";
//打开子键节点
RegistryKey MyReg = Registry.LocalMachine.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", true);
if (MyReg == null)
{//如果子键节点不存在,则创建之
MyReg = Registry.LocalMachine.CreateSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run");
}
//在注册表中设置自启动程序
MyReg.SetValue(ShortFileName, FileName);
MessageBox.Show("设置自启动程序操作成功!", "信息提示", MessageBoxButtons.OK, MessageBoxIcon.Information);
}
catch (Exception Err)
{
MessageBox.Show("写注册表操作发生错误!", "信息提示", MessageBoxButtons.OK, MessageBoxIcon.Information);
}
}
开机自启动