1.hook是系统消息处理流程中的一个点,位于消息从系统到处理该系统的窗口过程之间。hook会降低系统效率。
2.hook chains,很多这样的点构成的一个链,链中每个点是否按安装hook的先后顺序排列(是个问题,sdk中没有描述)。
3.hook可分为global hook和thread hook,global hook对与当前线程同桌面的所有thread有效,thread hook只对当前线程有效。
4.hook根据消息类型不同可分为
4.1 WH_CALLWNDPROC 和 WN_CALLWNDPROCRET
显然是hook wndproc, 后面那个是在wndproc之后
4.2 WH_CBT_HOOK
Computer-based training hook
before activating, creating, destroying, minimizing, maximizing, moving, or sizing a window;
before completing a system command;
before removing a mouse or keyboard event from the system message queue;
before setting the input focus;
before synchronizing with the system message queue.
4.3 WH_DEBUG
before calling hook procedures associated with any other hook in the system,在任何hook之前
4.4 WH_FOREGROUNDIDLE
foreground thread idle
4.5 WH_GETMESSAGE
顾名思义
4.6 WH_JOURNALPLAYBACK , WH_JOURNALRECORD
journal play back, insert message into the system message queue.
4.7 WM_KEYBOARD_LL , WM_KEYBOARD
4.8 WM_MOUSE_LL, WM_MOUSE
5.How to use the jornal play back hook?