关于钩子

   Note：没有翻译完整

 

    钩子会降低系统的速度，因为它们会使操作系统必须为每个消息进行的处理数量增加。你应该在必要的时候才设置钩子，并且尽快地删除它。
    这部分讨论以下主题
    。Hook Chains
    。Hook Procedures
    。Hook Types
钩子链
    操作系统支持许多不同种类的钩子，每一种钩子类型提供访问操作系统不同方式的消息处理机制的方法。例如，一个应用程序能使用WH_MOUSE_Hook去监听鼠标消息的消息传递。
    操作系统为每种类型的钩子维护一个专门的钩子链。钩子链是特殊的指针链表，应用程序定义被称为钩子函数的回调函数。当一个与某种类型的钩子有关的消息产生，操作系统逐个把这个消息传递给钩子链中的每一个钩子函数的引用，钩子程序能作出什么行为取决于相关的钩子类型。一些钩子程序是为那些仅能监听消息的钩子类型而设的，另外一些则是为了那些可以修改消息或阻止消息被传到下一个钩子程序或目标窗口的钩子类型而设的。
钩子程序
    要想使用钩子程序，开发者需要提供一个钩子函数并使用SetWindowHookEx函数把它设置到相应的钩子链中。一个钩子程序必须具有下列语义：
    LRESULT CALLBACK HookProc(
  int nCode,
  WPARAM wParam,
  LPARAM lParam
);
    HookProc 是一个在应用程序中定义的名字的占位符。
    nCode参数是一个钩子程序用来描述它所执行的行为的钩子代码，钩子代码的值依赖于钩子的类型。每一种类型的钩子都拥有一个钩子代码集。wParam和lParam参数的值依赖于钩子代码，但他们通常包含关于一个发送或邮递的message的信息。
    SetWindowsHookEx函数总是设置一个钩子程序到钩子链的开头。当一个被特定的钩子类型监听的事情发生，操作系统从钩子相关的钩子链开头调用钩子程序。每一个钩子链中的钩子程序决定是否把这个时间传给下一个钩子程序。一个钩子程序通过调用CallNextHookEx函数把时间传递给下一个钩子函数。
    注意一些钩子类型的钩子程序只能监听消息，对于这类钩子，操作系统把消息传递给钩子链中的每一个钩子程序，不管是否有某个钩子程序调用了CallNextHookEx。
    全局钩子为所有与调用线程在同一个桌面上的线程监听消息，线程特定钩子仅仅为单个线程监听消息。全局钩子程序能在与调用线程在同一个桌面的任意一个应用程序的上下文中被调用，所以全局钩子程序必须是单独的动态连接库模块。线程特定钩子程序只在线程相关的上下文中被调用，如果一个应用程序为它的一个线程设置一个钩子程序，这个钩子程序能存在于这个线程的同一模块的其余代码或DLL中。如果应用程序要为另一个应用程序的一个线程设置钩子程序，这个钩子程序必须是动态链接库的形式。详细信息请看Dynamic Link Libraries。
    注意，你应该只为调试的目的使用全局钩子，否则，你应该消除它们。全局钩子消耗系统效率，并且导致与其它实现了相同类型的全局钩子的应用程序冲突。
钩子类型
    每一种钩子类型使一个应用程序能监听操作系统不同方式的消息处理机制。
    。WH_CALLWNDPROC and WH_CALLWNDPROCRET Hooks
    。WH_CBT Hook
    。WH_DEBUG Hook
    。WH_FOREGROUNDIDLE Hook
    。WH_GETMESSAGE Hook
    。WH_JOURNALPLAYBACK Hook
    。WH_JOURNALRECORD Hook
    。WH_KEYBOARD_LL Hook
    。WH_KEYBOARD Hook
    。WH_MOUSE_LL Hook
    。WH_MOUSE Hook
    。WH_MSGFILTER and WH_SYSMSGFILTER Hooks
    。WH_SHELL Hook
WH_CALLWNDPROC和WH_CALLWNDPROCRET钩子
    WH_CALLWNDPROC和WH_CALLWNDPROCRET钩子让你能监听发送给窗口消息处理函数的消息。系统在把消息传递给窗口函数之前调用WH_CALLWNDPROC钩子程序，并在把消息传递给窗口函数之后调用WH_CALLWNDPROCRET钩子程序。
    WH_CALLWNDPROCRET钩子传递一个指向CWPRETSTRUCT结构的指针给钩子程序，这个结构包含了处理消息的窗口函数的返回值，同样包含了关于这个消息的信息参数。
   

   
    原文

 

About Hooks

---

Hooks tend to slow down the system because they increase the amount of processing the system must perform for each message. You should install a hook only when necessary, and remove it as soon as possible.

This section discusses the following:

• Hook Chains
• Hook Procedures
• Hook Types

Hook Chains

The system supports many different types of hooks; each type provides access to a different aspect of its message-handling mechanism. For example, an application can use the WH_MOUSE Hook to monitor the message traffic for mouse messages.

The system maintains a separate hook chain for each type of hook. A hook chain is a list of pointers to special, application-defined callback functions called hook procedures. When a message occurs that is associated with a particular type of hook, the system passes the message to each hook procedure referenced in the hook chain, one after the other. The action a hook procedure can take depends on the type of hook involved. The hook procedures for some types of hooks can only monitor messages; others can modify messages or stop their progress through the chain, preventing them from reaching the next hook procedure or the destination window.

Hook Procedures

To take advantage of a particular type of hook, the developer provides a hook procedure and uses the SetWindowsHookEx function to install it into the chain associated with the hook. A hook procedure must have the following syntax:

LRESULT CALLBACK HookProc(  int nCode,   WPARAM wParam,   LPARAM lParam);

HookProc is a placeholder for an application-defined name.

The nCode parameter is a hook code that the hook procedure uses to determine the action to perform. The value of the hook code depends on the type of the hook; each type has its own characteristic set of hook codes. The values of the wParam and lParam parameters depend on the hook code, but they typically contain information about a message that was sent or posted.

The SetWindowsHookEx function always installs a hook procedure at the beginning of a hook chain. When an event occurs that is monitored by a particular type of hook, the system calls the procedure at the beginning of the hook chain associated with the hook. Each hook procedure in the chain determines whether to pass the event to the next procedure. A hook procedure passes an event to the next procedure by calling the CallNextHookEx function.

Note that the hook procedures for some types of hooks can only monitor messages. the system passes messages to each hook procedure, regardless of whether a particular procedure calls CallNextHookEx.

A global hook monitors messages for all threads in the same desktop as the calling thread. A thread-specific hook monitors messages for only an individual thread. A global hook procedure can be called in the context of any application in the same desktop as the calling thread, so the procedure must be in a separate DLL module. A thread-specific hook procedure is called only in the context of the associated thread. If an application installs a hook procedure for one of its own threads, the hook procedure can be in either the same module as the rest of the application's code or in a DLL. If the application installs a hook procedure for a thread of a different application, the procedure must be in a DLL. For information, see Dynamic-Link Libraries.

Note   You should use global hooks only for debugging purposes; otherwise, you should avoid them. Global hooks hurt system performance and cause conflicts with other applications that implement the same type of global hook.

Hook Types

Each type of hook enables an application to monitor a different aspect of the system's message-handling mechanism. The following sections describe the available hooks.

• WH_CALLWNDPROC and WH_CALLWNDPROCRET Hooks
• WH_CBT Hook
• WH_DEBUG Hook
• WH_FOREGROUNDIDLE Hook
• WH_GETMESSAGE Hook
• WH_JOURNALPLAYBACK Hook
• WH_JOURNALRECORD Hook
• WH_KEYBOARD_LL Hook
• WH_KEYBOARD Hook
• WH_MOUSE_LL Hook
• WH_MOUSE Hook
• WH_MSGFILTER and WH_SYSMSGFILTER Hooks
• WH_SHELL Hook

WH_CALLWNDPROC and WH_CALLWNDPROCRET Hooks

The WH_CALLWNDPROC and WH_CALLWNDPROCRET hooks enable you to monitor messages sent to window procedures. The system calls a WH_CALLWNDPROC hook procedure before passing the message to the receiving window procedure, and calls the WH_CALLWNDPROCRET hook procedure after the window procedure has processed the message.

The WH_CALLWNDPROCRET hook passes a pointer to a CWPRETSTRUCT structure to the hook procedure. The structure contains the return value from the window procedure that processed the message, as well as the message parameters associated with the message. Subclassing the window does not work for messages set between processes.

For more information, see the CallWndProc and CallWndRetProc functions.

WH_CBT Hook

The system calls a WH_CBT hook procedure before activating, creating, destroying, minimizing, maximizing, moving, or sizing a window; before completing a system command; before removing a mouse or keyboard event from the system message queue; before setting the input focus; or before synchronizing with the system message queue. The value the hook procedure returns determines whether the system allows or prevents one of these operations. The WH_CBT hook is intended primarily for computer-based training (CBT) applications.

For more information, see the CBTProc function.

For information, see WinEvents.

WH_DEBUG Hook

The system calls a WH_DEBUG hook procedure before calling hook procedures associated with any other hook in the system. You can use this hook to determine whether to allow the system to call hook procedures associated with other types of hooks.

For more information, see the DebugProc function.

WH_FOREGROUNDIDLE Hook

The WH_FOREGROUNDIDLE hook enables you to perform low priority tasks during times when its foreground thread is idle. The system calls a WH_FOREGROUNDIDLE hook procedure when the application's foreground thread is about to become idle.

For more information, see the ForegroundIdleProc function.

WH_GETMESSAGE Hook

The WH_GETMESSAGE hook enables an application to monitor messages about to be returned by the GetMessage or PeekMessage function. You can use the WH_GETMESSAGE hook to monitor mouse and keyboard input and other messages posted to the message queue.

For more information, see the GetMsgProc function.

WH_JOURNALPLAYBACK Hook

The WH_JOURNALPLAYBACK hook enables an application to insert messages into the system message queue. You can use this hook to play back a series of mouse and keyboard events recorded earlier by using the WH_JOURNALRECORD Hook. Regular mouse and keyboard input is disabled as long as a WH_JOURNALPLAYBACK hook is installed. A WH_JOURNALPLAYBACK hook is a global hook — it cannot be used as a thread-specific hook.

The WH_JOURNALPLAYBACK hook returns a time-out value. This value tells the system how many milliseconds to wait before processing the current message from the playback hook. This enables the hook to control the timing of the events it plays back.

For more information, see the JournalPlaybackProc function.

WH_JOURNALRECORD Hook

The WH_JOURNALRECORD hook enables you to monitor and record input events. Typically, you use this hook to record a sequence of mouse and keyboard events to play back later by using the WH_JOURNALPLAYBACK Hook. The WH_JOURNALRECORD hook is a global hook — it cannot be used as a thread-specific hook.

For more information, see the JournalRecordProc function.

WH_KEYBOARD_LL Hook

The WH_KEYBOARD_LL hook enables you to monitor keyboard input events about to be posted in a thread input queue.

For more information, see the LowLevelKeyboardProc function.

WH_KEYBOARD Hook

The WH_KEYBOARD hook enables an application to monitor message traffic for WM_KEYDOWN and WM_KEYUP messages about to be returned by the GetMessage or PeekMessage function. You can use the WH_KEYBOARD hook to monitor keyboard input posted to a message queue.

For more information, see the KeyboardProc function.

WH_MOUSE_LL Hook

The WH_MOUSE_LL hook enables you to monitor mouse input events about to be posted in a thread input queue.

For more information, see the LowLevelMouseProc function.

WH_MOUSE Hook

The WH_MOUSE hook enables you to monitor mouse messages about to be returned by the GetMessage or PeekMessage function. You can use the WH_MOUSE hook to monitor mouse input posted to a message queue.

For more information, see the MouseProc function.

WH_MSGFILTER and WH_SYSMSGFILTER Hooks

The WH_MSGFILTER and WH_SYSMSGFILTER hooks enable you to monitor messages about to be processed by a menu, scroll bar, message box, or dialog box, and to detect when a different window is about to be activated as a result of the user's pressing the ALT+TAB or ALT+ESC key combination. The WH_MSGFILTER hook can only monitor messages passed to a menu, scroll bar, message box, or dialog box created by the application that installed the hook procedure. The WH_SYSMSGFILTER hook monitors such messages for all applications.

The WH_MSGFILTER and WH_SYSMSGFILTER hooks enable you to perform message filtering during modal loops that is equivalent to the filtering done in the main message loop. For example, an application often examines a new message in the main loop between the time it retrieves the message from the queue and the time it dispatches the message, performing special processing as appropriate. However, during a modal loop, the system retrieves and dispatches messages without allowing an application the chance to filter the messages in its main message loop. If an application installs a WH_MSGFILTER or WH_SYSMSGFILTER hook procedure, the system calls the procedure during the modal loop.

An application can call the WH_MSGFILTER hook directly by calling the CallMsgFilter function. By using this function, the application can use the same code to filter messages during modal loops as it uses in the main message loop. To do so, encapsulate the filtering operations in a WH_MSGFILTER hook procedure and call CallMsgFilter between the calls to the GetMessage and DispatchMessage functions.

while (GetMessage(&msg, (HWND) NULL, 0, 0)) {     if (!CallMsgFilter(&qmsg, 0))         DispatchMessage(&qmsg); } 

The last argument of CallMsgFilter is simply passed to the hook procedure; you can enter any value. The hook procedure, by defining a constant such as MSGF_MAINLOOP, can use this value to determine where the procedure was called from.

For more information, see the MessageProc and SysMsgProc functions.

WH_SHELL Hook

A shell application can use the WH_SHELL hook to receive important notifications. The system calls a WH_SHELL hook procedure when the shell application is about to be activated and when a top-level window is created or destroyed.

Note that custom shell applications do not receive WH_SHELL messages. Therefore, any application that registers itself as the default shell must call the SystemParametersInfo function before it (or any other application) can receive WH_SHELL messages. This function must be called with SPI_SETMINIMIZEDMETRICS and a MINIMIZEDMETRICS structure. Set the iArrange member of this structure to ARW_HIDE.

For more information, see the ShellProc function.