HOOK鉤子機制學習筆記(2) - 鉤子類型MSDN翻譯整理 收藏
作者:MaybeHelios???? blog: http://blog.csdn.net/maybehelios/???
???? 從現在開始�,介紹全部鉤子類型����,一共有15種��。由于本人現在使用C#,所以將原文中的Function都翻譯為了“方法”�,實際上翻譯為“函數”可能更準確����。原文中的”callback function”翻譯為“回調函數”�。
Each type of hook enables an application to monitor a different aspect of the system's message-handling mechanism.
每種類型的鉤子使應用程序能夠監視系統的消息處理機制的不同方面。
鉤子類型1-2:WH_CALLWNDPROC and WH_CALLWNDPROCRET Hooks
The WH_CALLWNDPROC and WH_CALLWNDPROCRET hooks enable you to monitor messages sent to window procedures. The system calls a WH_CALLWNDPROC hook procedure before passing the message to the receiving window procedure, and calls the WH_CALLWNDPROCRET hook procedure after the window procedure has processed the message.
WH_CALLWNDPROC 和 WH_CALLWNDPROCRET鉤子使你能夠監視發送到window程序的消息����。系統在將消息傳遞給正在接收的window程序之前��,調用WH_CALLWNDPROC鉤子子程;在window程序處理完消息之后��,調用WH_CALLWNDPROCRET鉤子子程�。
The WH_CALLWNDPROCRET hook passes a pointer to a CWPRETSTRUCT structure to the hook procedure. The structure contains the return value from the window procedure that processed the message, as well as the message parameters associated with the message. Subclassing the window does not work for messages set between processes.
WH_CALLWNDPROCRET鉤子將一個指向CWPRETSTRUCT結構的的指針傳遞給鉤子子程。該結構包含有來自處理該消息的window程序的返回值��,以及消息中的參數����。子類窗體不能處理進程間的消息集��。
鉤子類型3:WH_CBT Hook
The system calls a WH_CBT hook procedure before activating, creating, destroying, minimizing, maximizing, moving, or sizing a window; before completing a system command; before removing a mouse or keyboard event from the system message queue; before setting the input focus; or before synchronizing with the system message queue. The value the hook procedure returns determines whether the system allows or prevents one of these operations. The WH_CBT hook is intended primarily for computer-based training (CBT) applications.
在以下事件發生之前����,系統會調用WH_CBT 鉤子子程:
1��、窗臺被激活��、創建、銷毀��、最小化����、最大化、移動或者改變大?�?�;
2����、執行完系統命令��;
3��、從系統消息隊列中移除鼠標或者鍵盤事件�;
4��、設置輸入焦點����;
5��、同步系統消息隊列;
鉤子子程的返回值決定了系統是允許了還是阻止了這些操作中的一個����。WH_CBT鉤子主要是用在基于計算機的練習(CBT) 程序中。
鉤子類型4:WH_DEBUG Hook
The system calls a WH_DEBUG hook procedure before calling hook procedures associated with any other hook in the system. You can use this hook to determine whether to allow the system to call hook procedures associated with other types of hooks.
在調用與系統中任何其他鉤子關聯的鉤子子程之前��,系統會調用WH_DEBUG 鉤子子程�。使用該鉤子來決定是否允許系統調用與其他類型的鉤子相關聯的鉤子子程。
鉤子類型5:WH_FOREGROUNDIDLE Hook
The WH_FOREGROUNDIDLE hook enables you to perform low priority tasks during times when its foreground thread is idle. The system calls a WH_FOREGROUNDIDLE hook procedure when the application's foreground thread is about to become idle.
WH_FOREGROUNDIDLE 鉤子允許當前臺線程空閑時��,執行低權限的任務�。系統在應用程序的前臺線程即將空閑時�,調用WH_FOREGROUNDIDLE鉤子子程��。
鉤子類型6:WH_GETMESSAGE Hook
The WH_GETMESSAGE hook enables an application to monitor messages about to be returned by the GetMessage or PeekMessage function. You can use the WH_GETMESSAGE hook to monitor mouse and keyboard input and other messages posted to the message queue.
WH_GETMESSAGE程序允許應用程序監視即將由方法GetMessage 或者PeekMessage返回的消息����??梢允褂肳H_GETMESSAGE鉤子監視鼠標和鍵盤輸入�,以及其他傳遞給消息隊列的消息��。
鉤子類型7:WH_JOURNALPLAYBACK Hook
The WH_JOURNALPLAYBACK hook enables an application to insert messages into the system message queue. You can use this hook to play back a series of mouse and keyboard events recorded earlier by using the WH_JOURNALRECORD Hook. Regular mouse and keyboard input is disabled as long as a WH_JOURNALPLAYBACK hook is installed. A WH_JOURNALPLAYBACK hook is a global hook — it cannot be used as a thread-specific hook.
The WH_JOURNALPLAYBACK hook returns a time-out value. This value tells the system how many milliseconds to wait before processing the current message from the playback hook. This enables the hook to control the timing of the events it plays back.
WH_JOURNALPLAYBACK鉤子允許應用程序將消息插入到系統消息隊列中��。使用該鉤子回放先前使用WH_JOURNALRECORD 鉤子記錄的一系列鼠標和鍵盤事件��。在WH_JOURNALPLAYBACK被安裝后����,常規的鼠標和鍵盤輸入被禁用�。WH_JOURNALPLAYBACK鉤子是全局鉤子,不能被用作線程鉤子��。WH_JOURNALPLAYBACK鉤子返回一個超時值。該值告訴系統在處理來自回放鉤子的當前消息之前等待了多少毫秒����。這允許該鉤子控制回放事件的速度。
鉤子類型8:WH_JOURNALRECORD Hook
The WH_JOURNALRECORD hook enables you to monitor and record input events. Typically, you use this hook to record a sequence of mouse and keyboard events to play back later by using the WH_JOURNALPLAYBACK Hook. The WH_JOURNALRECORD hook is a global hook — it cannot be used as a thread-specific hook.
WH_JOURNALRECORD鉤子允許監視并且記錄輸入事件�。典型的��,使用該鉤子來記錄順序的的鼠標和鍵盤事件�,以后可以使用WH_JOURNALPLAYBACK.鉤子進行回放。 該鉤子是全局鉤子,不能被用作進程鉤子��。
鉤子類型9:WH_KEYBOARD_LL Hook
The WH_KEYBOARD_LL hook enables you to monitor keyboard input events about to be posted in a thread input queue.
WH_KEYBOARD_LL鉤子監視在線程輸入隊列中����,即將被傳遞的鍵盤輸入事件。
鉤子類型10:WH_KEYBOARD Hook
The WH_KEYBOARD hook enables an application to monitor message traffic for WM_KEYDOWN and WM_KEYUP messages about to be returned by the GetMessage or PeekMessage function. You can use the WH_KEYBOARD hook to monitor keyboard input posted to a message queue.
WH_KEYBOARD鉤子允許應用程序監視即將被GetMessage 或者 PeekMessage方法返回的WM_KEYDOWN 或者 WM_KEYUP消息����。使用WH_KEYBOARD鉤子可以監視傳遞到消息隊列中的鍵盤輸入�。
鉤子類型11:WH_MOUSE_LL Hook
The WH_MOUSE_LL hook enables you to monitor mouse input events about to be posted in a thread input queue.
WH_MOUSE_LL鉤子監視在線程輸入隊列中����,即將被傳遞的鼠標輸入事件��。
鉤子類型12:WH_MOUSE Hook
The WH_MOUSE hook enables you to monitor mouse messages about to be returned by the GetMessage or PeekMessage function. You can use the WH_MOUSE hook to monitor mouse input posted to a message queue.
WH_MOUSE鉤子允許監視即將被GetMessage或者 PeekMessage方法返回的鼠標消息����。使用該鉤子監視傳遞到線程輸入隊列的鼠標輸入��。
本文來自CSDN博客�,轉載請標明出處:http://blog.csdn.net/jiangxinyu/archive/2010/02/03/5284086.aspx