I m learning hooks, and I m looking for an example of hooks!

I'm sorry, API hooks are not the same as message hooks, although they are both called hooks, but there is an essential difference, so there is no such thing as global and local. Message hooks are a normal application provided by Windows to applications, while APIs are used to "utilize" Windows features.

To hook an API of the target process, there are only two ways: use the structure of the PE file to modify the import table part of each executable module of the target process (including exe and dll), and change the address of the target API to the function you wrote. This approach is most classic in the way that the API is hooked up introduced in Chapter 22 of Windows Core Programming.

One of the big drawbacks of the previous method is that if the target process has already run before your program runs, and has already used getprocaddress to get the address of the target API, this method is useless, because it is very likely that the target process will not import the table to get the address of the API in the future. Some time ago I made a hook for IE's socket and used another method:

The predecessor of this method is to modify the first 5 bytes of the target API into a JMP jump instruction, jump directly into your API, then you write those 5 bytes back, and then call the target API again with the same parameters, and then return the target API and then go back to those 5 bytes (a bit like the missing page interrupt process). This way you will be able to intercept all calls to the target API. However, the biggest drawback of this approach is that it doesn't work well for multithreading.

So I introduced another method: when the call to the target API caused the jump to my **, do not write back the 5 bytes, but in your API, use the assembly to implement the original function of the 5 bytes, and then jump directly to the 6th byte of the target API to run, so that your API will never be missed, and as long as you pay attention to the storage and recovery of registers, as well as the balance of the stack, this method will be very stable. Of course, this method will be limited to the API version, and the first 5 bytes may be different for different versions, so you have to treat them separately.

Having said so much nonsense, the core of one of them is that the easiest way to inject your own ** into the target process is to use dll. Of course, there are also ways to use DLLs, such as Luo Yunbin's "32-bit Assembly Language Programming in Windows Environment", which is written in a sink - more troublesome than DLLs.

You can look up some information about hook ssdt, but it is more troublesome to write drivers.

Generally, the spy first looks at the class name to see the handle, and then extracts the content through this information.

Just use the shell and you'll be fine.

vb has such a function.

This parameter should be the module instance handle of the dll you call setwindowshookex, which can be obtained from the first argument of the dllmain entry.

hhook setwindowshookex( int idhook,hookproc lpfn,hinstance hmod,dword dwthreadid);As for the fourth parameter of setwindowshookex, dwthreadid, which is the window thread id you need to get through the window handle, you can get it through the following **:

dword dwthreadid = getwindowthreadprocessid(hwnd, null);Select the appropriate message hooks, such as wh callwndproc (to monitor the window process), wh getmessage (to monitor messages in the message queue), wh keyboard (keyboard messages), wh mouse (mouse messages), and so on.

Want to engage in number theft? Programs with a little security awareness will take this into account, and it is useless to do hooks at the application layer, window process replacement, etc. I advise you not to think about it.,Programs that require security have intercepted keyboard input and encrypted in the driver layer.,Even if it's intercepted at the application layer, I don't know what it is.,If you're interested in understanding filtering and anti-filtering,"Cold River Solo Fishing" is a good introductory book.,The premise is to understand the driver model.,But since these have been written in the book,It's not a secret.,The practical value won't be too much.,Just as an idea to get started.。

If you're using it for something else, why do you have to use a console? Without a window, inter-process communication is much more troublesome when messages are intercepted.