AppLog.docx
《AppLog.docx》由会员分享,可在线阅读,更多相关《AppLog.docx(8页珍藏版)》请在冰豆网上搜索。
AppLog
AppLog.c
/****************************************************************
Modulename:
AppLog.c
Writtenby:
JonathanLocke
Notices:
Copyright(c)1995JeffreyRichter
Purpose:
Shellhooksdemonstrationapplication
****************************************************************/
#include"Win95ADG.h"/*SeeAppendixAfordetails*/
#include
#include
#pragmawarning(disable:
4001)/*Singlelinecomment*/
#include
#include"ShellHk.h"
#include"Resource.h"
/////////////////////////////////////////////////////////////////
//ForcealinkwiththeimportlibraryforShellHk.dll
#pragmacomment(lib,adgLIBBUILDTYPEadgLIBCPUTYPE"\\""ShellHk")
/////////////////////////////////////////////////////////////////
BOOLAppLog_OnInitDialog(HWNDhwnd,HWNDhwndFocus,LPARAMlParam){
adgSETDLGICONS(hwnd,IDI_APPLOG,IDI_APPLOG);
if(!
ShellHook_Start(GetDlgItem(hwnd,IDC_APPLOG))){
adgMB(__TEXT("Unabletostartshellhook"));
EndDialog(hwnd,IDCANCEL);
}
return(TRUE);//Acceptdefaultfocuswindow.
}
/////////////////////////////////////////////////////////////////
voidAppLog_OnSize(HWNDhwnd,UINTstate,intcx,intcy){
//Whentheuserresizesthemainwindow,wemustresizethelistbox
SetWindowPos(GetDlgItem(hwnd,IDC_APPLOG),NULL,0,0,cx,cy,SWP_NOZORDER);
}
////////////////////////////////////////////////////////////////
voidAppLog_OnCommand(HWNDhwnd,intid,HWNDhwndCtl,UINTcodeNotify){
switch(id){
caseIDCANCEL:
//Allowsdialogboxtoclose
//Unhookshellhookbeforeexiting.
if(!
ShellHook_Stop())
adgMB(__TEXT("Unabletostopshellhook"));
EndDialog(hwnd,id);
break;
}
}
/////////////////////////////////////////////////////////////////
BOOLWINAPIAppLog_DlgProc(HWNDhwnd,UINTuMsg,WPARAMwParam,LPARAMlParam){
switch(uMsg){
//StandardWindowsmessages
adgHANDLE_DLGMSG(hwnd,WM_INITDIALOG,AppLog_OnInitDialog);
adgHANDLE_DLGMSG(hwnd,WM_COMMAND,AppLog_OnCommand);
adgHANDLE_DLGMSG(hwnd,WM_SIZE,AppLog_OnSize);
}
return(FALSE);//Wedidn'tprocessthemessage.
}
/////////////////////////////////////////////////////////////////
intWINAPIWinMain(HINSTANCEhinstExe,HINSTANCEhinstPrev,LPSTRlpszCmdLine,intnCmdShow){
adgWARNIFUNICODEUNDERWIN95();
adgVERIFY(-1!
=DialogBox(hinstExe,MAKEINTRESOURCE(IDD_APPLOG),
NULL,AppLog_DlgProc));
return(0);
}
ShellHk.c
/****************************************************************
Modulename:
ShellHk.c
Writtenby:
JonathanLocke
Notices:
Copyright(c)1995JeffreyRichter
Purpose:
Dllwhichsetsasystemshellhook.
****************************************************************/
#include"Win95ADG.h"/*SeeAppendixAfordetails*/
#include
#include
#pragmawarning(disable:
4001)/*Singlelinecomment*/
#include
#pragmawarning(disable:
4001)/*Singlelinecomment*/
//WemustdefineSHELLHKLIBAPIas'dllexport'beforeincludingShellHk.h.
//ShellHk.hwillseethatwehavealreadydefinedSHELLHKLIBAPIand
//willnot(re)defineitas'dllimport'.
#defineSHELLHKLIBAPI__declspec(dllexport)
#include"ShellHk.h"
/////////////////////////////////////////////////////////////////
HINSTANCEg_hinstDll=NULL;//ShellHk.dll'sinstancehandle
/////////////////////////////////////////////////////////////////
//CallingSetWindowsHookExwithathreadidofzerowillcausethisDLLtobe
//injectedintootherprocesses.Therefore,wemustdeclareashareddata
//sectionsothatallmappingsofourDLL(inallprocesses)sharethesame
//setofglobalvariables.
//#pragmacomment(lib,"kernel32")
#pragmadata_seg("Shared")
HHOOKg_hhook=NULL;//Hookhandleforsystemwideshellhook
HWNDg_hwndListBox=NULL;//Listboxinwhichtoinsertlogstrings
#pragmadata_seg()
//#pragmacomment(linker,"-section:
Shared,rws")
/////////////////////////////////////////////////////////////////
staticLRESULTWINAPIShellHook_HookProc(intnCode,WPARAMwParam,LPARAMlParam){
TCHARsz[128],szPath[128];
DWORDdwProcessID;
HWNDhwnd=(HWND)wParam;
DWORDdwThreadID=GetWindowThreadProcessId(hwnd,&dwProcessID);
LRESULTlResult=CallNextHookEx(g_hhook,nCode,wParam,lParam);
switch(nCode){
caseHSHELL_WINDOWCREATED:
caseHSHELL_WINDOWDESTROYED:
//GetModuleFileNameisbeingcalledinthecontextoftheprocessin
//whichthisDllhasbeeninjected.
if(!
GetModuleFileName(NULL,szPath,adgARRAY_SIZE(szPath)))
_tcscpy(szPath,__TEXT(""));
wsprintf(sz,__TEXT("%cpid=0x%08x,tid=0x%08x,path=%s"),
(nCode==HSHELL_WINDOWCREATED?
__TEXT('>'):
__TEXT('<')),
dwProcessID,dwThreadID,szPath);
ListBox_AddString(g_hwndListBox,sz);
break;
}
return(lResult);
}
/////////////////////////////////////////////////////////////////
BOOLWINAPIShellHook_Start(HWNDhwndListBox){
HHOOKhhook=NULL;
//ReturnFALSEifhookhasalreadybeeninstalled.
if(g_hhook!
=NULL)
return(FALSE);
adgASSERT(IsWindow(hwndListBox));
g_hwndListBox=hwndListBox;
//Giveuptheremainderofourthread'stimeslice.
//Thisgivesusabetterchanceofgettingallthewaythroughthecall
//toSetWindowsHookExandthevariableassignmenttog_hhookinoneshot.
//Ifwearepreemptedafterthehookisset,butbeforethevariableis
//updated,itispossibleforanotherthreadtoenterourhookfilter
//functionbeforethehookhandleisvalid.UnderWindowsNTthisisnot
//aproblem.UnderWindows95,nothavingavalidhookhandlewillcause
//CallNextHookExtofail.Ifthereissomereasonthatitiscritical
//thatyourapplicationsucceedincallingthenextfilterfunctionin
//thechain,theonlyrobustwaytowritethiscodeistousesomething
//liketheSWMRG(single-writer,multiple-readerguard)objectdeveloped
//inAdvancedWindows(MicrosoftPress).
Sleep(0);
//Setourkeyboardhook.
hhook=SetWindowsHookEx(WH_SHELL,ShellHook_HookProc,g_hinstDll,0);
//Ensurethatg_hhookisalwaysvalid(evenifwearepreemptedwhilst
//inthemiddleofwritingtoit)byupdatingthevariableatomically.
InterlockedExchange((PLONG)&g_hhook,(LONG)hhook);
return(g_hhook!
=NULL);
}
/////////////////////////////////////////////////////////////////
BOOLWINAPIShellHook_Stop(){
BOOLfOK=TRUE;
//Onlyuninstallthehookifitwassuccessfullyinstalled.
if(g_hhook!
=NULL){
fOK=UnhookWindowsHookEx(g_hhook);
g_hhook=NULL;
}
return(fOK);
}
/////////////////////////////////////////////////////////////////
BOOLWINAPIDllMain(HINSTANCEhinstDll,DWORDfdwReason,LPVOIDlpvReserved){
switch(fdwReason){
caseDLL_PROCESS_ATTACH:
g_hinstDll=hinstDll;
break;
}
return(TRUE);
}
升级会员 