Hook WH_CALLWNDPROC

>> Sunday, October 18, 2009


The WH_CALLWNDPROC and WH_CALLWNDPROCRET hooks enable you to monitor messages sent to window procedures.

The system calls a WH_CALLWNDPROC hook procedure before passing the message to the receiving window procedure, and calls the WH_CALLWNDPROCRET hook procedure after the window procedure has processed the message.

The WH_CALLWNDPROCRET hook passes a pointer to a CWPRETSTRUCT structure to the hook procedure. The structure contains the return value from the window procedure that processed the message, as well as the message parameters associated with the message. Subclassing the window does not work for messages set between processes.


typedef struct {
LRESULT lResult;
LPARAM lParam;
WPARAM wParam;
UINT message;
HWND hwnd;
} CWPRETSTRUCT, *PCWPRETSTRUCT;

It's enough now for a demonstration program.
// compile with : cl /EHsc main.cpp /link /SUBSYSTEM:WINDOWS /RELEASE
#include "windows.h"
#include "stdio.h"
#pragma comment(lib,"user32")
#pragma comment(lib,"gdi32")
HINSTANCE hInst;
HHOOK hHook;
HANDLE hFile;
LRESULT CALLBACK HookWndProc(HWND, UINT, UINT, LONG);
LRESULT CALLBACK CallWndProc(int, WPARAM, LPARAM);
int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE, LPSTR, int nCmdShow)
{
  HWND hwnd;
  WNDCLASS wndclass;
  MSG msg;
  hInst = hInstance;
  wndclass.style = CS_HREDRAW | CS_VREDRAW;
  wndclass.lpfnWndProc = (WNDPROC)HookWndProc;
  wndclass.cbClsExtra = 0;
  wndclass.cbWndExtra = 0;
  wndclass.hInstance = hInstance;
  wndclass.hIcon = LoadIcon(NULL, IDI_APPLICATION);
  wndclass.hCursor = LoadCursor(NULL, IDC_ARROW);
  wndclass.hbrBackground = (HBRUSH)GetStockObject(WHITE_BRUSH);
  wndclass.lpszMenuName = NULL;
  wndclass.lpszClassName = "WH_CALLWNDPROCExample";
  RegisterClass(&wndclass);
  hwnd = CreateWindow("WH_CALLWNDPROCExample", "Hook example",
    WS_OVERLAPPEDWINDOW, CW_USEDEFAULT, CW_USEDEFAULT, CW_USEDEFAULT,
    CW_USEDEFAULT, NULL, NULL, hInstance, NULL);
  ShowWindow(hwnd, nCmdShow);
  UpdateWindow(hwnd);
  while (GetMessage(&msg, NULL, 0, 0))
  {
    TranslateMessage(&msg);
    DispatchMessage(&msg);
  }
  return msg.wParam;
}

LRESULT CALLBACK HookWndProc(HWND hwnd, UINT msg, UINT wParam, LONG lParam)
{
  switch (msg)
  {
    case WM_CREATE:
      hFile = CreateFile("testdemo.demo", GENERIC_WRITE, 0, NULL, CREATE_ALWAYS,
        FILE_ATTRIBUTE_NORMAL, 0);
      hHook = SetWindowsHookEx(WH_CALLWNDPROC, (HOOKPROC)CallWndProc, NULL,
        GetCurrentThreadId());
      return 0;
    case WM_DESTROY:
      UnhookWindowsHookEx(hHook);
      CloseHandle(hFile);
      PostQuitMessage(0);
      return 0;
    default:
      return DefWindowProc(hwnd, msg, wParam, lParam);
  }
}

LRESULT CALLBACK CallWndProc(int nCode, WPARAM w, LPARAM l)
{
  char cBuffer[0x80];
  DWORD bytesWritten;
  Beep(440, 0.2);
  if (nCode < 0)
    return CallNextHookEx(hHook, nCode, w, l);
  else
  {
    if (nCode == HC_ACTION)
    {
      sprintf(cBuffer, "nCode - %08x", nCode);
      WriteFile(hFile, cBuffer, 17, &bytesWritten, NULL);
      sprintf(cBuffer, "wParam - %08x \n", w);
      WriteFile(hFile, cBuffer, 19, &bytesWritten, NULL);
      sprintf(cBuffer, "PCWPSTRUCT->lParam - %08x \n", ((PCWPSTRUCT)l)->lParam);
      WriteFile(hFile, cBuffer, 31, &bytesWritten, NULL);
      sprintf(cBuffer, "PCWPSTRUCT->wParam - %08x \n", ((PCWPSTRUCT)l)->wParam);
      WriteFile(hFile, cBuffer, 31, &bytesWritten, NULL);
      sprintf(cBuffer, "PCWPSTRUCT->message - %08x \n", ((PCWPSTRUCT)l)
        ->message);
      WriteFile(hFile, cBuffer, 32, &bytesWritten, NULL);
      sprintf(cBuffer, "PCWPSTRUCT->hwnd - %08x \n", ((PCWPSTRUCT)l)->hwnd);
      WriteFile(hFile, cBuffer, 29, &bytesWritten, NULL);
      return CallNextHookEx(hHook, nCode, w, l);
    }
  }
}


Here's the result:


nCode - 00000000 wParam - 00000000
PCWPSTRUCT->lParam - 00000000
PCWPSTRUCT->wParam - 00000001
PCWPSTRUCT->message - 00000018
PCWPSTRUCT->hwnd - 004b0cf2
nCode - 00000000 wParam - 00000000
PCWPSTRUCT->lParam - 0012fe80
PCWPSTRUCT->wParam - 00000000
PCWPSTRUCT->message - 00000046
PCWPSTRUCT->hwnd - 00060ce6
nCode - 00000000 wParam - 00000000
PCWPSTRUCT->lParam - 0012fe80
PCWPSTRUCT->wParam - 00000000
PCWPSTRUCT->message - 00000046
PCWPSTRUCT->hwnd - 004b0cf2
nCode - 00000000 wParam - 00000000
PCWPSTRUCT->lParam - 0012fe80
PCWPSTRUCT->wParam - 00000000
PCWPSTRUCT->message - 00000046
PCWPSTRUCT->hwnd - 00060ce6
nCode - 00000000 wParam - 00000000
PCWPSTRUCT->lParam - 0012fe80
PCWPSTRUCT->wParam - 00000000
PCWPSTRUCT->message - 00000046
PCWPSTRUCT->hwnd - 004b0cf2

Labels:

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)