EnumHook

1. http://read.pudn.com/downloads92/sourcecode/windows/freedic/361926/Enum1.2/Enum.cpp__.htm
2. /***********************************************************************
3. filename:         EnumHook.cpp
4. author:            cbntrt
5. createdate:        2007.11.16 am
6. modification log:  2007.11.16 am
7. comment:           this file is converted from EnumHook.asm written by [email protected]
8. ************************************************************************/
9. #include <windows.h>
10. #include <commctrl.h>
11. #include <tlhelp32.h>
12. #include "resource.h"
13. #include <winioctl.h>
15. #pragma comment(lib,"comctl32.lib")
17. typedef struct _HOOK_INFO  
18. {  
19. HANDLE Handle;  
20. DWORD  FuncOffset;  
21. DWORD FuncBaseAddr;  
22. DWORD iHook;  
23. }HOOK_INFO,*LPHOOK_INFO;  
25. BOOL CALLBACK DlgProc(HWND,UINT,WPARAM,LPARAM);  
26. BOOL OpenDevice(void);  
27. void CloseDevice(void);  
28. void Init(HWND hDlg);  
29. void Refresh(void);  
30. void InsertHookInfo(HWND,LPHOOK_INFO,DWORD);  
31. void GetHookModuleName(DWORD,char*);  
32. ////////////////////////////////////////////////////////second part end
34. ////////////////////////////////////////////////////////third part 
35. //#define  WH_MSGFILTER       -1
36. //#define  WH_JOURNALRECORD   0
37. //#define  WH_JOURNALPLAYBACK 1
38. //#define  WH_KEYBOARD        2
39. //#define  WH_GETMESSAGE      3
40. //#define  WH_CALLWNDPROC     4
41. //#define  WH_CBT             5
42. //#define  WH_SYSMSGFILTER    6
43. //#define  WH_MOUSE           7
44. //#define  WH_HARDWARE        8
45. //#define  WH_DEBUG           9
46. //#define  WH_SHELL           10
47. //#define  WH_FOREGROUNDIDLE  11
50. #define IOCTL_GET_HOOKINFO  CTL_CODE(FILE_DEVICE_UNKNOWN, 0x800, METHOD_BUFFERED, FILE_READ_ACCESS|FILE_WRITE_ACCESS)
51. #define MAX_HOOKS       100
54. HINSTANCE hInst;  
55. HWND      hList;  
56. HANDLE    hDevice;  
58. char szHandle[]= "钩子句柄";  
59. char szFunc[]=   "钩子函数地址";  
60. char szType[]=   "钩子类型";  
61. char szModule[]= "钩子所在模块";  
62. char szFlags[13][19]={"WH_MSGFILTER      ",  
63. "WH_JOURNALRECORD  ",  
64. "WH_JOURNALPLAYBACK",  
65. "WH_KEYBORD        ",  
66. "WH_GETMESSAGE     ",  
67. "WH_CALLWNDPROC    ",  
68. "WH_CBT            ",  
69. "WH_SYSMSGFILTER   ",  
70. "WH_MOUSE          ",  
71. "WH_HARDWARE       ",  
72. "WH_DEBUGE         ",  
73. "WH_SHELL          ",  
74. "WH_FOREGROUNDIDLE "};  
77. int WINAPI WinMain(HINSTANCE hInstance,HINSTANCE hPrevInstance,LPSTR lpCmdLine,int nCmdShow)      
78. {  
79.     hInst=::GetModuleHandle(NULL);  
80. BOOL bRet=OpenDevice();  
81. if(bRet){  
82.         MessageBox(NULL,"Start Service Succeed","Success",MB_OK);  
83.     }  
84. else{  
85.         MessageBox(NULL,"Failed to Start the Service!","ERR",MB_OK);  
86.     }  
87. if(bRet){  
88.         ::DialogBoxParam(hInst,LPCTSTR(IDD_DIALOG_MAIN),NULL,DlgProc,NULL);  
89.         ::InitCommonControls();  
90.         CloseDevice();  
91.     }  
92.     ::ExitProcess(0);  
93. return 0;  
94. }  
98. BOOL CALLBACK DlgProc(HWND hDlg,UINT uMsg,WPARAM wParam,LPARAM lParam)  
99. {  
100. //  RECT rect;
101. switch(uMsg)  
102.     {  
103. case WM_INITDIALOG:  
104.         {  
105.             Init(hDlg);  
106.         }  
107. break;  
108. case WM_COMMAND:  
109. switch(LOWORD(wParam))  
110.         {  
111. case IDC_REFRESH:  
112.             {  
113.                 MessageBox(hDlg,"refresh","receive message",MB_OK);  
114.                 SendMessage(hList,LVM_DELETEALLITEMS,0,0);  
115.                 Refresh();  
116.             }  
117. break;  
118. case IDC_CLOSE:  
119.             {  
120.                 EndDialog(hDlg,0);  
121.             }  
122. break;  
123.         }  
124. break;  
125.     }  
126. return 0;  
127. }  
129. BOOL OpenDevice(void)  
130. {  
131. HANDLE hSCManager=NULL,hService=NULL;  
132. char   szDriverPath[MAX_PATH];  
134. //打开驱动链接
135.     hDevice=::CreateFile( ("\\\\.\\slEnumHook"),  
136.         GENERIC_READ|GENERIC_WRITE,  
137.         FILE_SHARE_READ|FILE_SHARE_WRITE,  
138.         NULL,  
139.         OPEN_EXISTING,  
140.         0,NULL);  
142. if(INVALID_HANDLE_VALUE!=hDevice){  
143. return TRUE;  
144.     }  
146. //如果上面的打开失败，则说明驱动没有安装或者没有启动
147.     hSCManager=::OpenSCManager(NULL,NULL,SC_MANAGER_CREATE_SERVICE);  
148. if(0!=hSCManager){  
149. //如果驱动已经安装了，则启动驱动程序
150.         hService=OpenService(hSCManager, ("EnumHook"),SERVICE_START|DELETE);  
151. if(0!=hService){  
152.             ::StartService(hService,0,NULL);  
153.             ::CloseServiceHandle(hService);  
154.         }//如果驱动程序没有安装，则先安装，再启动
155. else{  
156.             ::GetFullPathName( ("EnumHook.sys"),sizeof(szDriverPath),szDriverPath,NULL);  
157.             hService=::CreateService(hSCManager, ("EnumHook"),  
158.                  ("ZTS's Enumerate Global Windows Service"),  
159.                 SERVICE_START|DELETE,  
160.                 SERVICE_KERNEL_DRIVER,  
161.                 SERVICE_DEMAND_START,  
162.                 SERVICE_ERROR_IGNORE,  
163.                 szDriverPath,  
164.                 NULL,NULL,NULL,NULL,NULL);  
165. if(0!=hService){  
166.                 ::StartService(hService,0,NULL);  
167.                 ::CloseServiceHandle(hService);  
168.             }     
169.         }  
170.         ::CloseServiceHandle(hSCManager);  
171.     }  
173. //启动驱动程序后，再一次打开驱动链接，如果不出意外，这一次应该可以成功
174.     hDevice=::CreateFile( "\\\\.\\slEnumHook",  
175.         GENERIC_READ|GENERIC_WRITE,  
176.         FILE_SHARE_READ|FILE_SHARE_WRITE,  
177.         NULL,  
178.         OPEN_EXISTING,  
179.         0,NULL);  
180. if(INVALID_HANDLE_VALUE==hDevice){  
181. return FALSE;  
182.     }  
183. return TRUE;  
184. }  
187. void CloseDevice(void)  
188. {  
189. HANDLE hSCManager,hService;  
190.     SERVICE_STATUS sest;  
192. if(hDevice){  
193.         ::CloseHandle(hDevice);  
194.     }  
196.     hSCManager=::OpenSCManager(NULL,NULL,SC_MANAGER_CONNECT);  
197. if(NULL!=hSCManager){  
198.         hService=::OpenService(hSCManager, "EnumHook",SERVICE_STOP|DELETE);  
199. if(NULL!=hService){  
200.                 ::ControlService(hService,SERVICE_CONTROL_STOP,&sest);  
201.                 ::DeleteService(hService);  
202.                 ::CloseServiceHandle(hService);  
203.             }  
204.             ::CloseServiceHandle(hSCManager);  
205.     }  
206. }  
208. void Init(HWND hWnd)  
209. {  
210.     LV_COLUMN lvc;  
212.     hList=GetDlgItem(hWnd,IDC_LIST);  
213. //handle
214.     lvc.mask=LVCF_TEXT+LVCF_WIDTH;  
215.     lvc.pszText=szHandle;  
216.     lvc.cx=100;  
217.     SendMessage(hList,LVM_INSERTCOLUMN,0,(long)(&lvc));  
218. //func  
219.     lvc.pszText=szFunc;  
220.     lvc.cx=100;  
221.     SendMessage(hList,LVM_INSERTCOLUMN,1,(long)(&lvc));  
222. //type
223.     lvc.pszText=szType;  
224.     lvc.cx=120;  
225.     SendMessage(hList,LVM_INSERTCOLUMN,2,(long)(&lvc));  
226. //module name
227.     lvc.pszText=szModule;  
228.     lvc.cx=400;  
229.     SendMessage(hList,LVM_INSERTCOLUMN,3,(long)(&lvc));  
230. //设置扩展风格
231.     SendMessage(hList,LVM_SETEXTENDEDLISTVIEWSTYLE,LVS_EX_FULLROWSELECT,  
232.         LVS_EX_FULLROWSELECT);  
233. }  
235. void Refresh(void)  
236. {  
237.     HOOK_INFO* lpHookInfo;  
238. DWORD dwByteReturned;  
239. DWORD dwHookNum;  
241. DWORD dwMaxHook=sizeof(HOOK_INFO)*MAX_HOOKS;  
242.     lpHookInfo=(HOOK_INFO*)GlobalAlloc(GMEM_FIXED|GMEM_ZEROINIT,dwMaxHook);  
244.     dwByteReturned=0;  
245. if(INVALID_HANDLE_VALUE==hDevice ){  
246.         MessageBox(NULL,"hDevice is not valid!","ERR",MB_OK);  
247.     }  
248. BOOL bRet=::DeviceIoControl(hDevice,IOCTL_GET_HOOKINFO,0,0,lpHookInfo,  
249.         dwMaxHook,&dwByteReturned,NULL);  
250. if(bRet){  
251.         MessageBox(NULL,"DeviceIoControl succeed!","Success",MB_OK);  
252.     }  
253. else{  
254.         MessageBox(NULL,"DeviceIoControl call failed!","ERROR",MB_OK);  
255.     }  
256. if(0!=dwByteReturned){  
257.         dwHookNum=dwByteReturned/(sizeof(HOOK_INFO));  
258. DWORD i=0;  
259. while(i<dwhooknum){ inserthookinfo(hlist,lphookinfo,i);="" lphookinfo="(HOOK_INFO*)((DWORD)lpHookInfo+(sizeof(HOOK_INFO)));" i++;="" }="" else{="" messagebox(null,"receive="" no="" hookinfo","error",mb_ok);="" return;="" void="" inserthookinfo(hwnd="" hwnd,hook_info*="" lphookinfo,dword="" dwnum)="" {="" lv_item="" lvi;="" char="" buf[max_path];="" hook_info*="" phookinfo="lpHookInfo;" assume="" esi:ptr="" hook_info="" edi:ptr="" buf="" handle="" wsprintf(buf,="" ("%08x"),phookinfo-="">Handle);  
260.     lvi.mask=LVIF_TEXT;  
261.     lvi.iItem=dwNum;  
262.     lvi.iSubItem=0;  
263.     lvi.pszText=Buf;  
264.     SendMessage(hWnd,LVM_INSERTITEM,0,(long)(&lvi));  
265. //func
266. DWORD dwFuncAddr=pHookInfo-&gt;FuncOffset+pHookInfo-&gt;FuncBaseAddr;  
267.     wsprintf(Buf, ("%08X"),dwFuncAddr);  
268.     lvi.iSubItem=1;  
269.     lvi.pszText=Buf;  
270.     SendMessage(hWnd,LVM_SETITEM,0,(long)(&lvi));  
271. //type
272. DWORD dwOffset=(pHookInfo-&gt;iHook+1)*19;  
273. char* pszFlags=(char*)(szFlags)+dwOffset;  
274.     lvi.iSubItem=2;  
275.     lvi.pszText=pszFlags;  
276.     SendMessage(hWnd,LVM_SETITEM,0,(long)(&lvi));  
277. //module name
278. if(0!=pHookInfo-&gt;FuncBaseAddr){  
279.         memset(Buf,0,sizeof(Buf));  
280.         GetHookModuleName(pHookInfo-&gt;FuncBaseAddr,Buf);  
281.         lvi.iSubItem=3;  
282.         lvi.pszText=Buf;  
283.         SendMessage(hWnd,LVM_SETITEM,0,(long)(&lvi));  
284.     }  
285. return;  
286. }  
288. void GetHookModuleName(DWORD dwBaseAddress,char* lpModuleName)  
289. {  
290.     MODULEENTRY32 stModule;  
291. HANDLE hSnapshot;  
293.     RtlZeroMemory(&stModule,sizeof(MODULEENTRY32));  
294.     stModule.dwSize=sizeof(MODULEENTRY32);  
295.     hSnapshot=CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,0);  
297. BOOL bRet=Module32First(hSnapshot,&stModule);  
298. while(bRet){  
299. if((DWORD)stModule.modBaseAddr==dwBaseAddress){  
300.             lstrcpyn(lpModuleName,stModule.szExePath,MAX_PATH);  
301. break;  
302.         }  
303.         bRet=Module32Next(hSnapshot,&stModule);  
304.     }  
305.     CloseHandle(hSnapshot);  
306. }</dwhooknum){></winioctl.h></tlhelp32.h></commctrl.h></windows.h>