①、我们设计一个DLL,里面添加三个函数和一个全局变量,如下:
HHOOK g_hHook = NULL;
static LRESULT WINAPI GetMsgProc(int code, WPARAM wParam, LPARAM lParam)
{
return CallNextHookEx(g_hHook, code, wParam, lParam);
}
static HMODULE ModuleFromAddress(PVOID pv)
{
MEMORY_BASIC_INFORMATION mbi;
return (VirtualQuery(pv, &mbi, sizeof(mbi)) != 0) ? (HMODULE)mbi.AllocationBase : NULL;
}
void inject(DWORD threadId)
{
g_hHook = SetWindowsHookEx(WH_GETMESSAGE, GetMsgProc, ModuleFromAddress(inject), threadId);
}
②、设计一个EXE程序,加载这个DLL,并使用其中的inject函数,如下所示:
inject(0);