WH_KEYBOARD_LL
Windows NT/2000/XP: Installs a hook procedure that monitors low-level keyboard input events. For more information, see the LowLevelKeyboardProc hook procedure.
WH_MOUSE
Installs a hook procedure that monitors mouse messages. For more information, see the MouseProc hook procedure.
WH_MOUSE_LL
Windows NT/2000/XP: Installs a hook procedure that monitors low-level mouse input events. For more information, see the LowLevelMouseProc hook procedure.
WH_MSGFILTER
Installs a hook procedure that monitors messages generated as a result of an input event in a dialog box, message box, menu, or scroll bar. For more information, see the MessageProc hook procedure.
WH_SHELL
Installs a hook procedure that receives notifications useful to shell applications. For more information, see the ShellProc hook procedure.
WH_SYSMSGFILTER
Installs a hook procedure that monitors messages generated as a result of an input event in a dialog box, message box, menu, or scroll bar. The hook procedure monitors these messages for all applications in the same desktop as the calling thread. For more information, see the SysMsgProc hook procedure.
lpfn
[in] Pointer to the hook procedure. If the dwThreadId parameter is zero or specifies the identifier of a thread created by a different process, the lpfn parameter must point to a hook procedure in a DLL. Otherwise, lpfn can point to a hook procedure in the code associated with the current process.
hMod
[in] Handle to the DLL containing the hook procedure pointed to by the lpfn parameter. The hMod parameter must be set to NULL if the dwThreadId parameter specifies a thread created by the current process and if the hook procedure is within the code associated with the current process.
dwThreadId
[in] Specifies the identifier of the thread with which the hook procedure is to be associated. If this parameter is zero, the hook procedure is associated with all existing threads running in the same desktop as the calling thread.
Return Value
If the function succeeds, the return value is the handle to the hook procedure.
If the function fails, the return value is NULL. To get extended error information, call GetLastError.
这里我来简单的解释一下:
函数的功能描述是:SetWindowsHookEx函数安装一个程序自定义的钩子过程到钩子链。你可以安装一个钩子过程来监视系统的特定消息。可以监视某一个特定的线程的消息,或者是与这个消息相关的当前运行的所有线程。
函数一共有四个参数
参数1:idHook
定义了钩子过程的类型,也就是这个钩子将要监视哪种消息
参数2:lpfn
它是一个钩子过程的指针。如果dwThreadId也就是第四个参数的值是0或者是由其它进程创建的线程的ID,那么这个参数必须是指向一个位于DLL中的钩子过程的指针,否则这个指针可以是当前进程代码空间中定义的一个钩子过程的地址。
参数3:hMod
是一个包含了lpfn所指向的钩子过程的DLL的句柄。如果第四个参数线程ID的值是由当前进程创建的线程的ID值并且钩子过程是在当前进程中定义的,那么这个参数必须设置成NULL。
参数4:dwThreadId
指明钩子过程要监视的线程ID。如果是0那么钩子过程将监视所有桌面运行的线程。
返回值:
成功返回钩子过程的句柄。
失败返回NULL,获得额外信息,调用GetLastError
lpfn指向钩子回调函数的函数地址,这个函数用来对钩子检测到的消息进行处理。MSDN中函数的原型如下,这里以键盘检测函数的原型为例:
The KeyboardProc hook procedure is an application-defined or library-defined callback function used with theSetWindowsHookEx function. The system calls this function whenever an application calls the GetMessage orPeekMessage function and there is a keyboard message (WM_KEYUP or WM_KEYDOWN) to be processed.
The HOOKPROC type defines a pointer to this callback function. KeyboardProc is a placeholder for the application-defined or library-defined function name.
Syntax
LRESULT CALLBACK KeyboardProc(
int code,
WPARAM wParam,
LPARAM lParam
);Parameters
code
[in] Specifies a code t