码迷,mamicode.com
首页 > 其他好文 > 详细

HOOK钩子 - 钩子函数说明

时间:2015-12-11 18:20:28      阅读:258      评论:0      收藏:0      [点我收藏+]

标签:


翻译参考自MaybeHelios的blog: http://blog.csdn.net/maybehelios/   

    通过SetWindowsHookEx方法安装钩子,该函数指定处理拦截消息的钩子函数(回调函数),可在钩子函数中自定义消息的处理,可修改消息或屏蔽消息。钩子函数的格式是固定为:
LRESULT CALLBACK CallBackProc(      
          Int nCode,
          WPARAM wParam,
          LPARAM lParam);

    nCode参数说明:
    [in] Specifies whether the hook procedure must process the message. If nCode is HC_ACTION, the hook procedure must process the message. If nCode is less than zero, the hook procedure must pass the message to the CallNextHookEx function without further processing and must return the value returned by CallNextHookEx.

    指定钩子子程是否必须处理该消息。如果nCode是HC_ACTION,钩子子程就必须处理该消息。如果nCode小于0,钩子子程就必须将该消息传递给CallNextHookEx,自己不对消息进行进一步的处理,必须返回由CallNextHookEx 方法返回的返回值。

    对于不同类型的钩子,其传入的参数也不一样,以下为各类钩子的参数说明:


1、WH_CALLWNDPROC
参数说明:
    wParam :[in] Specifies whether the message was sent by the current thread. If the message was sent by the current thread, it is nonzero; otherwise, it is zero. 
    指定消息是否由当前线程发出。如果消息是由当前线程发出的,该值就是非0;否则,就是0。

    lParam :[in] Pointer to a CWPSTRUCT structure that contains details about the message.
    指向CWPSTRUCT结构的指针,该结构含有消息的细节信息。

返回值
    If nCode is less than zero, the hook procedure must return the value returned by CallNextHookEx.  If nCode is greater than or equal to zero, it is highly recommended that you call CallNextHookEx and return the value it returns; otherwise, other applications that have installed WH_CALLWNDPROC hooks will not receive hook notifications and may behave incorrectly as a result. If the hook procedure does not call CallNextHookEx, the return value should be zero. 
    如果nCode小于0,钩子子程必须返回由CallNextHookE方法返回的返回值。如果nCode大于等于0,强烈要求调用CallNextHookEx方法,并返回由它返回的返回值;否则,其他已经安装了WH_CALLWNDPROC钩子的应用程序将收不到钩子通知,可能导致行为的错误。如果钩子子程没有调用CallNextHookEx方法,返回值应该为 0。

备注
    The CallWndProc hook procedure can examine the message, but it cannot modify it. After the hook procedure returns control to the system, the message is passed to the window procedure. 
    CallWndProc钩子子程能够检查消息,但是不能修改消息。当钩子子程将控制权交还给系统之后,消息被传递给窗体程序。

2、WH_ CALLWNDPROCRET
    在SendMessage方法被调用之后,系统调用CallWndRetProc方法。钩子子程能够检查、但是不能修改消息。

参数说明
    wParam :[in] Specifies whether the message is sent by the current process. If the message is sent by the current process, it is nonzero; otherwise, it is NULL. 
    指定消息是否由当前进程发出。如果消息是由当前进程发出的,wParam为非0;否则,为空。

    lParam :[in] Pointer to a CWPRETSTRUCT structure that contains details about the message. 
    指向CWPSTRUCT结构的指针,该结构含有消息的细节信息。

返回值
    If nCode is less than zero, the hook procedure must return the value returned by CallNextHookEx.  If nCode is greater than or equal to zero, it is highly recommended that you call CallNextHookEx and return the value it returns; otherwise, other applications that have installed WH_CALLWNDPROCRET hooks will not receive hook notifications and may behave incorrectly as a result. If the hook procedure does not call CallNextHookEx, the return value should be zero. 
    如果nCode小于0,钩子子程必须返回由CallNextHookE返回的返回值。如果nCode大于等于0,强烈要求调用CallNextHookEx方法,并返回由它返回的返回值;否则,其他已经安装了WH_ CALLWNDPROCRET钩子的程序将收不到钩子通知,可能导致行为的错误。如果钩子子程没有调用CallNextHookEx方法,返回值应该为0。
    
   

3、WH_CBT
    系统在下列事件发生之前调用该方法:
    1.激活、创建、销毁、最小化、最大化、移动窗体、改变窗体大小;
    2.完成系统命令;
    3.从系统消息队列中移除鼠标或者键盘事件;
    4.设置键盘焦点;
    5.同步系统消息队列。
    
    CBT应用程序使用该钩子子程接收来自系统的有用的通知。

参数说明:
    nCode  :[in] Specifies a code that the hook procedure uses to determine how to process the message. If nCode is less than zero, the hook procedure must pass the message to the CallNextHookEx function without further processing and should return the value returned by CallNextHookEx. This parameter can be one of the following values. 
    指定一个码值,钩子子程使用该值来决定如何处理消息。如果nCode小于0,钩子子程就必须将该消息传递给CallNextHookEx方法,自己不对消息做进一步的处理,并且应该返回由CallNextHookEx方法返回的返回值。该参数可以是以下值中的一个:
    1.HCBT_ACTIVATE  :The system is about to activate a window. 
      系统即将创建一个窗体。
    2.HCBT_CLICKSKIPPED  :The system has removed a mouse message from the system message queue. Upon receiving this hook code, a CBT application must install a WH_JOURNALPLAYBACK hook procedure in response to the mouse message.
      系统已经将一个鼠标消息从系统消息队列中移除。一旦收到该钩子代码,CBT应用程序必须安装一个WH_JOURNALPLAYBAC钩子子程来响应鼠标消息。
    3.HCBT_CREATEWND : A window is about to be created. The system calls the hook procedure before sending the WM_CREATE or WM_NCCREATE message to the window. If the hook procedure returns a nonzero value, the system destroys the window; the CreateWindow function returns NULL, but the WM_DESTROY message is not sent to the window. If the hook procedure returns zero, the window is created normally. 
      窗体即将被创建。系统在向窗体发出WM_CREATE 或者 WM_NCCREATE消息之前,调用该钩子子程。如果钩子子程返回非0值,表示系统销毁了窗体;CreateWindow方法返回Null,但是WM_DESTROY消息并不发送给窗体。如果钩子子程返回0,表示窗体正常被创建。
      At the time of the HCBT_CREATEWND notification, the window has been created, but its final size and position may not have been determined and its parent window may not have been established. It is possible to send messages to the newly created window, although it has not yet received WM_NCCREATE or WM_CREATE messages. It is also possible to change the position in the z-order of the newly created window by modifying the hwndInsertAfter member of the CBT_CREATEWND structure. 
      在 HCBT_CREATEWND通知的时候,窗体已经被创建了,但是它的最终的大小和位置可能还没有被确定,它的父窗体也可能没有被创建起来。虽然一个新创建的窗体可能还没有接收到WM_NCCREATE或者WM_CREATE消息,但是向它发送消息是可能的。通过修改CBT_CREATEWND 结构体的hwndInsertAfter成员,改变新创建窗体的在Z轴次序的位置也是可能的。
    4.HCBT_DESTROYWND :A window is about to be destroyed. 
      窗体即将被销毁。
    5.HCBT_KEYSKIPPED :The system has removed a keyboard message from the system message queue. Upon receiving this hook code, a CBT application must install a WH_JOURNALPLAYBACK hook procedure in response to the keyboard message. 
      系统已经从系统的消息队列中移除了一个键盘消息。一旦接收到该钩子代码,CBT应用程序必须安装一个WH_JOURNALPLAYBAC钩子来响应键盘消息。
    6.HCBT_MINMAX :A window is about to be minimized or maximized. 
      窗体即将被最小化或者最大化。
    7.HCBT_MOVESIZE :A window is about to be moved or sized. 
      窗体即将被移动或者重置大小。
    8.HCBT_QS  :The system has retrieved a WM_QUEUESYNC message from the system message queue. 
      系统已经收到了一个来自系统消息队列的WM_QUEUESYNC消息。
    9.HCBT_SETFOCUS  :A window is about to receive the keyboard focus. 
      窗体即将接收键盘焦点。
    10.HCBT_SYSCOMMAND :A system command is about to be carried out. This allows a CBT application to prevent task switching by means of hot keys.
      系统命令即将被执行。这允许CBT程序阻止通过快捷键来进行任务切换。
      
    wParam :[in] Depends on the nCode parameter. 
      取决于参数 nCode

    lParam :[in] Depends on the nCode parameter. 
      取决于参数 nCode

返回值
    The value returned by the hook procedure determines whether the system allows or prevents one of these operations. For operations corresponding to the following CBT hook codes, the return value must be 0 to allow the operation, or 1 to prevent it: 
    钩子子程的返回值取决于系统允许还是阻止这种操作。对于下列这些操作的CBT钩子代码,如果允许则返回值必须是0,如果阻止返回值必须是1。
    HCBT_ACTIVATE ;HCBT_CREATEWND ;HCBT_DESTROYWND ;HCBT_MINMAX ;HCBT_MOVESIZE ;HCBT_SETFOCUS ;HCBT_SYSCOMMAND
    
    For operations corresponding to the following CBT hook codes, the return value is ignored: 
    对于下列这些操作的CBT钩子代码,返回值被忽略
        HCBT_CLICKSKIPPED ;HCBT_KEYSKIPPED ;HCBT_QS

4、WH_DEBUG
    The DebugProc hook procedure is an application-defined or library-defined callback function used with the SetWindowsHookEx function. The system calls this function before calling the hook procedures associated with any type of hook. The system passes information about the hook to be called to the DebugProc hook procedure, which examines the information and determines whether to allow the hook to be called. 
    DebugProc钩子子程是和SetWindowsHookEx方法一起使用的、程序定义的或者库定义的回调函数。系统在调用和任何类型钩子相关联的钩子子程之前调用该方法。系统将即将被调用的钩子的信息传递给DebugProc钩子子程,DebugProc钩子子程检查该信息,决定是否允许该钩子被调用。

参数说明:
    nCode :[in] Specifies whether the hook procedure must process the message. If nCode is HC_ACTION, the hook procedure must process the message. If nCode is less than zero, the hook procedure must pass the message to the CallNextHookEx function without further processing and should return the value returned by CallNextHookEx. 
    指定钩子子程是否必须处理该消息。如果nCode是HC_ACTION,钩子子程就必须处理该消息。如果nCode小于0,钩子子程就必须将该消息传递给CallNextHookEx方法,自己对消息不做进一步处理,并且应该返回由CallNextHookEx方法返回的返回值。
    
    wParam :[in] Specifies the type of hook about to be called. This parameter can be one of the following values. 
    指定即将被调用的钩子类型。参数可以是下列之一:
    1.WH_CALLWNDPROC :Installs a hook procedure that monitors messages sent to a window procedure. 
       安装一个钩子子程来监视发送给窗体程序的消息。
    2.WH_CALLWNDPROCRET :Installs a hook procedure that monitors messages that have just been processed by a window procedure. 
       安装一个钩子子程来监视刚刚被窗体程序处理完的消息。
    3.WH_CBT :Installs a hook procedure that receives notifications useful to a computer-based training (CBT) application. 
       安装一个钩子子程来接收对CBT应用程序有用的通知。
    4.WH_DEBUG :Installs a hook procedure useful for debugging other hook procedures. 
       安装一个有用的钩子子程来调试其他钩子子程。
    5.WH_GETMESSAGE :Installs a hook procedure that monitors messages posted to a message queue. 
       安装一个钩子子程来监视传递给消息队列的消息。
    6.WH_JOURNALPLAYBACK :Installs a hook procedure that posts messages previously recorded by a WH_JOURNALRECORD hook procedure. 
       安装一个钩子子程来传递先前使用WH_JOURNALRECORD钩子子程记录的消息。
    7.WH_JOURNALRECORD :Installs a hook procedure that records input messages posted to the system message queue. This hook is useful for recording macros. 
       安装一个钩子子程来记录传递给系统消息队列的输入消息。该钩子用来记录宏很有用。
    8.WH_KEYBOARD :Installs a hook procedure that monitors keystroke messages. 
       安装一个钩子子程来监视键盘敲击消息。
    9.WH_MOUSE Installs a hook procedure that monitors mouse messages. 
       安装一个钩子子程来监视鼠标消息。
    10.WH_MSGFILTER :Installs a hook procedure that monitors messages generated as a result of an input event in a dialog box, message box, menu, or scroll bar. The hook procedure monitors these messages only for the application that installed the hook procedure. 
       安装一个钩子子程来监视下列输入事件的结果而产生的消息:对话框、消息框、菜单、滚动条。该钩子子程仅仅为安装该钩子子程的应用程序监视这些消息。
    11.WH_SHELL :Installs a hook procedure that receives notifications useful to a Shell application. 
       安装一个钩子子程来接收对加壳类应用程序有用的通知。
    12.WH_SYSMSGFILTER :Installs a hook procedure that monitors messages generated as a result of an input event in a dialog box, message box, menu, or scroll bar. The hook procedure monitors these messages for all applications in the system. 
       安装一个钩子子程来监视下列输入事件的结果而产生的消息:对话框,消息框,菜单,滚动条。该钩子子程为系统中所有的应用程序监视这些消息。

    lParam  :[in] Pointer to a DEBUGHOOKINFO structure that contains the parameters to be passed to the destination hook procedure. 
    指向DEBUGHOOKINFO结构的指针,该结构中含有传递给目标钩子子程的参数。

返回值
    To prevent the system from calling the hook, the hook procedure must return a nonzero value. Otherwise, the hook procedure must call CallNextHookEx. 
    为了阻止系统调用该钩子,钩子子程必须返回一个非0值。否则,钩子子程必须调用CallNextHookEx方法。

5、WH_FOREGROUNDIDLE
    The ForegroundIdleProc hook procedure is an application-defined or library-defined callback function used with the SetWindowsHookEx function. The system calls this function whenever the foreground thread is about to become idle. 
    ForegroundIdleProc钩子子程是和SetWindowsHookEx方法一起使用的、程序定义的或者库定义的回调函数。当前台线程即将变成空闲时,系统将调用该方法。

Parameters 参数
    code :[in] Specifies whether the hook procedure must process the message. If code is HC_ACTION, the hook procedure must process the message. If code is less than zero, the hook procedure must pass the message to the CallNextHookEx function without further processing and should return the value returned by CallNextHookEx. 
    指定钩子子程是否必须处理消息。如果nCode是HC_ACTION,钩子子程就必须处理该消息。如果nCode小于0,钩子子程就必须将该消息传递给CallNextHookEx方法,自己对消息不做进一步处理,并且应该返回由CallNextHookEx方法返回的返回值。

    wParam :This parameter is not used. 未使用

    lParam  :This parameter is not used. 未使用

Return Value 返回值
    If code is less than zero, the hook procedure must return the value returned by CallNextHookEx. If code is greater than or equal to zero, it is highly recommended that you call CallNextHookEx and return the value it returns; otherwise, other applications that have installed WH_FOREGROUNDIDLE hooks will not receive hook notifications and may behave incorrectly as a result. If the hook procedure does not call CallNextHookEx, the return value should be zero. 
    如果nCode小于0,钩子子程必须返回由CallNextHookEx返回的返回值。如果nCode大于等于0,强烈要求调用CallNextHookEx方法,并返回由它返回的返回值;否则,其他已经安装了WH_ CALLWNDPROCRET钩子的程序将收不到钩子通知,可能导致行为的错误。如果钩子子程没有调用CallNextHookEx方法,返回值应该是0。

6、WH_GETMESSAGE
    The GetMsgProc function is an application-defined or library-defined callback function used with the SetWindowsHookEx function. The system calls this function whenever the GetMessage or PeekMessage function has retrieved a message from an application message queue. Before returning the retrieved message to the caller, the system passes the message to the hook procedure. 
    GetMsgProc是和SetWindowsHookEx方法一起使用的、程序定义的或者库定义的回调函数。无论什么时候,当GetMessage 或者 PeekMessage方法接收到来自应用程序消息队列的消息时,系统都会调用该方法。在将收到的消息返回给调用者之前,系统将消息传递给钩子子程。

Parameters 参数
    code  : [in] Specifies whether the hook procedure must process the message. If code is HC_ACTION, the hook procedure must process the message. If code is less than zero, the hook procedure must pass the message to the CallNextHookEx function without further processing and should return the value returned by CallNextHookEx. 
    指定钩子子程是否必须处理消息。如果nCode是HC_ACTION,钩子子程就必须处理该消息。如果nCode小于0,钩子子程就必须将该消息传递给CallNextHookEx方法,自己对消息不做进一步处理,并且应该返回由CallNextHookEx方法返回的返回值。

    wParam  :[in] Specifies whether the message has been removed from the queue. This parameter can be one of the following values. 
    指定消息是否已经被从队列中移除了。该参数可以是下列值中的一个:
      1.PM_NOREMOVE :Specifies that the message has not been removed from the queue. (An application called the function, specifying the PM_NOREMOVE flag.) 
      指定消息尚未从队列中移出。(应用程序在调用该方法的同时指定PM_NOREMOVE标志)
      2.PM_REMOVE Specifies that the message has been removed from the queue. (An application called GetMessage, or it called the PeekMessage function, specifying the PM_REMOVE flag.) 
      指定消息已经被从队列中移除了。(程序调用GetMessage 或者PeekMessage方法的同时指定PM_REMOVE标志)

    lParam :[in] Pointer to an MSG structure that contains details about the message. 
    指向MSG结构的指针,结构中包含和消息相关的细节。

Return Value 返回值
    If code is less than zero, the hook procedure must return the value returned by CallNextHookEx. If code is greater than or equal to zero, it is highly recommended that you call CallNextHookEx and return the value it returns; otherwise, other applications that have installed WH_GETMESSAGE hooks will not receive hook notifications and may behave incorrectly as a result. If the hook procedure does not call CallNextHookEx, the return value should be zero. 
    如果参数code小于0,钩子子程必须返回由CallNextHookEx返回的返回值。如果参数code大于等于0,强烈要求调用CallNextHookEx方法,并返回由该方法返回的返回值;否则,其他已经安装了WH_GETMESSAGE钩子的程序将收不到钩子通知,可能导致行为的错误。如果钩子子程没有调用CallNextHookEx方法,返回值应该是0

Remarks 备注
    The GetMsgProc hook procedure can examine or modify the message. After the hook procedure returns control to the system, the GetMessage or PeekMessage function returns the message, along with any modifications, to the application that originally called it. 
    GetMsgProc钩子子程能够检查或者修改消息。在钩子子程将控制权交还给系统之后,GetMessage 或者PeekMessage方法将该消息以及任何修改都一起返回给最初调用它的应用程序。

7、WH_JOURNALPLAYBACK
    The JournalPlaybackProc hook procedure is an application-defined or library-defined callback function used with the SetWindowsHookEx function. Typically, an application uses this function to play back a series of mouse and keyboard messages recorded previously by the JournalRecordProc hook procedure. As long as a JournalPlaybackProc hook procedure is installed, regular mouse and keyboard input is disabled. 
    JournalPlaybackProc钩子子程是和SetWindowsHookEx方法一起使用的、程序定义的或者库定义的回调函数。典型的,应用程序使用该方法回放前期由JournalRecordProc钩子子程记录下来的一系列鼠标和键盘消息。只要JournalPlaybackProc钩子子程被安装,常规的鼠标和键盘输入将被禁用。

Parameters 参数
    code :[in] Specifies a code the hook procedure uses to determine how to process the message. If code is less than zero, the hook procedure must pass the message to the CallNextHookEx function without further processing and should return the value returned by CallNextHookEx. This parameter can be one of the following values. 
    指定钩子子程使用的代码,以决定如何处理该消息。如果参数code小于0,钩子子程不对其进行任何进一步的处理,必须将消息传递给CallNextHookEx方法,返回由CallNextHookEx方法返回的返回值。该参数可以是下列值之一:
    1.HC_GETNEXT :The hook procedure must copy the current mouse or keyboard message to the EVENTMSG structure pointed to by the lParam parameter. 
    钩子子程必须将当前鼠标或者键盘消息拷贝给由参数lParam指向的EVENTMSG结构。
    2.HC_NOREMOVE :An application has called the PeekMessage function with wRemoveMsg set to PM_NOREMOVE, indicating that the message is not removed from the message queue after PeekMessage processing.
    应用程序已经调用带有指向PM_NOREMOVE的 wRemoveMsg 集合的PeekMessage方法,指示该消息在PeekMessage处理完毕后,没有从消息队列中移除。
    3.HC_SKIP  :The hook procedure must prepare to copy the next mouse or keyboard message to the EVENTMSG structure pointed to by lParam. Upon receiving the HC_GETNEXT code, the hook procedure must copy the message to the structure. 
    钩子子程必须准备拷贝下一个鼠标或者键盘消息到由lParam 指向的 EVENTMSG结构。一旦接收到HC_GETNEXT代码,钩子子程必须将消息拷贝到结构体中。
    4.HC_SYSMODALOFF : A system-modal dialog box has been destroyed. The hook procedure must resume playing back the messages. 
    系统模式的对话框已经被销毁。钩子子程应该恢复回放消息。
    5.HC_SYSMODALON  : A system-modal dialog box is being displayed. Until the dialog box is destroyed, the hook procedure must stop playing back messages.
    系统模式的对话框正在被显示。钩子子程应该停止回放消息,直到对话框被销毁。

    wParam :This parameter is not used. 该参数未使用。

    lParam  :[in] Pointer to an EVENTMSG structure that represents a message being processed by the hook procedure. This parameter is valid only when the code parameter is HC_GETNEXT.  
    指向EVENTMSG结构的指针,该结构代表正在被钩子子程处理的消息。只有当参数code是HC_GETNEXT时该参数才有效。

Return Value返回值
    To have the system wait before processing the message, the return value must be the amount of time, in clock ticks, that the system should wait. (This value can be computed by calculating the difference between the time members in the current and previous input messages.) To process the message immediately, the return value should be zero. The return value is used only if the hook code is HC_GETNEXT; otherwise, it is ignored. 
    为了使系统在处理消息之前等待,该返回值应该是系统应该等待的时间数量,该值以时钟嘀嗒为单位(该值可以通过当前和前一个输入消息的time成员的差值来计算)。为了快速的处理该消息,返回值应该是0。只有当钩子代码是HC_GETNEXT时,返回值才有意义;否则,该参数被忽略。

Remarks 备注
    A JournalPlaybackProc hook procedure should copy an input message to the lParam parameter. The message must have been previously recorded by using a JournalRecordProc hook procedure, which should not modify the message. 
   JournalPlaybackProc钩子子程应该拷贝一个输入消息到lparm参数。消息必须在先前已经使用JournalRecordProc钩子子程被记录了下来,JournalRecordProc钩子子程不应修改消息。

    To retrieve the same message over and over, the hook procedure can be called several times with the code parameter set to HC_GETNEXT without an intervening call with code set to HC_SKIP. 
    为了一遍又一遍的得到同样的消息,钩子子程在将code参数设置为HC_GETNEXT的情况下,可以被调用多次,而不涉及将code参数设置为HC_SKIP的调用。

    If code is HC_GETNEXT and the return value is greater than zero, the system sleeps for the number of milliseconds specified by the return value. When the system continues, it calls the hook procedure again with code set to HC_GETNEXT to retrieve the same message. The return value from this new call to JournalPlaybackProc should be zero; otherwise, the system will go back to sleep for the number of milliseconds specified by the return value, call JournalPlaybackProc again, and so on. The system will appear to be not responding. 
    如果参数code 是 HC_GETNEXT,而且返回值大于0,系统将休眠,休眠时间是返回值指定的毫秒数。当系统继续的时候,调用钩子子程,钩子子程通过将code设置为HC_GETNEXT来重新得到同一个的消息。从新的JournalPlaybackProc调用得到的返回值应该是0;否则,系统将回到休眠状态,休眠时间是返回值指定的毫秒数,休眠过后再次调用JournalPlaybackProc,以此类推。系统看起来像没有响应一样。

    Unlike most other global hook procedures, the JournalRecordProc and JournalPlaybackProc hook procedures are always called in the context of the thread that set the hook. 
    和其他全局的钩子子程不一样,JournalRecordProc 和JournalPlaybackProc钩子子程永远在设置该钩子的线程的上下文中被调用。

    After the hook procedure returns control to the system, the message continues to be processed. If code is HC_SKIP, the hook procedure must prepare to return the next recorded event message on its next call. 
    在钩子子程将控制权交还给系统之后,消息被继续处理。如果code参数是HC_SKIP ,钩子子程必须准备在下一次调用时返回下一条记录的事件消息。

    Install the JournalPlaybackProc hook procedure by specifying the WH_JOURNALPLAYBACK hook type and a pointer to the hook procedure in a call to the SetWindowsHookEx function. 
    通过指定WH_JOURNALPLAYBACK钩子类型,以及一个钩子子程的指针(该子程在SetWindowsHookEx方法中被调用)来安装JournalPlaybackProc钩子子程。

    If the user presses CTRL+ESC OR CTRL+ALT+DEL during journal playback, the system stops the playback, unhooks the journal playback procedure, and posts a WM_CANCELJOURNAL message to the journaling application.
    在回放过程中,如果用户按下了 CTRL+ESC 或者 CTRL+ALT+DEL组合键,系统将停止回放,卸载回放钩子子程,传递一个WM_CANCELJOURNAL消息给记录应用程序。

    If the hook procedure returns a message in the range WM_KEYFIRST to WM_KEYLAST, the following conditions apply: 
    如果钩子子程返回一个在WM_KEYFIRST到WM_KEYLAST范围内的消息,下列条件应用:

    The paramL member of the EVENTMSG structure specifies the virtual key code of the key that was pressed. 
    EVENTMSG结构的paramL成员指定被按下键的虚拟键码。

    The paramH member of the EVENTMSG structure specifies the scan code. 
    EVENTMSG结构的paramL成员指定扫描码。

    There‘s no way to specify a repeat count. The event is always taken to represent one key event. 
    没有办法指定重复的计数。事件总是趋于代表一个键事件。

8、WH_JOURNALRECORD
    The JournalRecordProc hook procedure is an application-defined or library-defined callback function used with the SetWindowsHookEx function. The function records messages the system removes from the system message queue. Later, an application can use a JournalPlaybackProc hook procedure to play back the messages. 
    JournalRecordProc钩子子程是与SetWindowsHookEx一起使用的、程序定义的或者库定义的回调函数。该方法记录系统从系统消息队列中移除的消息。过后,应用程序可以使用JournalPlaybackProc钩子子程回放这些消息。

Parameters 参数
    code  :[in] Specifies how to process the message. If code is less than zero, the hook procedure must pass the message to the CallNextHookEx function without further processing and should return the value returned by CallNextHookEx. This parameter can be one of the following values.
    指定如何处理消息。如果code小于0,钩子子程不对其进行任何进一步的处理,必须将消息传递给CallNextHookEx方法,并返回由CallNextHookEx方法返回的返回值。该参数可以是以下值之一:
    1.HC_ACTION  : The lParam parameter is a pointer to an EVENTMSG structure containing information about a message removed from the system queue. The hook procedure must record the contents of the structure by copying them to a buffer or file. 
    参数lParam 是一个指向EVENTMSG结构的指针,该结构包含从系统队列中移除的消息的信息。钩子子程应该通过将消息信息拷贝到缓冲区中或者文件中来记录内容。
    2.HC_SYSMODALOFF :A system-modal dialog box has been destroyed. The hook procedure must resume recording. 
    系统模式对话框已经被销毁。钩子子程必须恢复纪录。
    3.HC_SYSMODALON :A system-modal dialog box is being displayed. Until the dialog box is destroyed, the hook procedure must stop recording. 
    系统模式对话框正在被显示。钩子子程应该停止记录,直到对话框被销毁。

    wParam :This parameter is not used. 该参数未使用。

    lParam :[in] Pointer to an EVENTMSG structure that contains the message to be recorded. 
    指向EVENTMSG结构的指针,其中包含即将被记录的消息。

Return Value  返回值
    The return value is ignored. 被忽略。

Remarks 备注
    A JournalRecordProc hook procedure must copy but not modify the messages. After the hook procedure returns control to the system, the message continues to be processed. 
    JournalRecordProc钩子子程应该复制而不是不修改消息。在钩子子程将控制全交还给系统后,消息将被继续处理。

    A JournalRecordProc hook procedure does not need to live in a dynamic-link library. A JournalRecordProc hook procedure can live in the application itself. 
    JournalRecordProc钩子子程没必要生存在动态链接库中,可以在应用程序自身中生存。

    Unlike most other global hook procedures, the JournalRecordProc and JournalPlaybackProc hook procedures are always called in the context of the thread that set the hook. 
    和其它全局钩子子程不一样,JournalRecordProca和 JournalPlaybackProc钩子子程总是在设置钩子的线程的上下文中被调用。

    An application that has installed a JournalRecordProc hook procedure should watch for the VK_CANCEL virtual key code (which is implemented as the CTRL+BREAK key combination on most keyboards). This virtual key code should be interpreted by the application as a signal that the user wishes to stop journal recording. The application should respond by ending the recording sequence and removing the JournalRecordProc hook procedure. Removal is important. It prevents a journaling application from locking up the system by hanging inside a hook procedure. 
    安装有JournalRecordProc钩子子程的应用程序应该监视VK_CANCEL虚拟键码(在多数键盘上就是像CTRL+BREAK一样实现的组合键)。虚拟键值应该被应用程序解释为用户希望停止日志记录的信号。应用程序应该通过结束记录队列或者移除JournalRecordProc钩子子程来响应用户的信号。可移除性是重要的,可以防止日志应用程序由于钩子子程内部的挂起而引起的系统锁死。

    This role as a signal to stop journal recording means that a CTRL+BREAK key combination cannot itself be recorded. Since the CTRL+C key combination has no such role as a journaling signal, it can be recorded. There are two other key combinations that cannot be recorded: CTRL+ESC and CTRL+ALT+DEL. Those two key combinations cause the system to stop all journaling activities (record or playback), remove all journaling hooks, and post a WM_CANCELJOURNAL message to the journaling application. 
    CTRL+BREAK组合键扮演着停止日志记录的信号的角色,这意味着CTRL+BREAK组合键不能被自我记录。既然CTRL+C组合键没有扮演这样的角色,它就可以被记录。还有其它2种组合键不能被记录: CTRL+ESC 和 CTRL+ALT+DEL。.这2种组合键引起系统停止所有日志活动(记录或者回放),移除所有日志钩子,传递WM_CANCELJOURNAL消息给日志记录应用程序。


9、WH_KEYBOARD_LL
    The LowLevelKeyboardProc hook procedure is an application-defined or library-defined callback function used with the SetWindowsHookEx function. The system calls this function every time a new keyboard input event is about to be posted into a thread input queue. The keyboard input can come from the local keyboard driver or from calls to the keybd_event function. If the input comes from a call to keybd_event, the input was "injected". However, the WH_KEYBOARD_LL hook is not injected into another process. Instead, the context switches back to the process that installed the hook and it is called in its original context. Then the context switches back to the application that generated the event.
    LowLevelKeyboardProc钩子子程是同SetWindowsHookEx方法一起使用的、应用程序定义的或者库定义的回调函数。当每次有新的键盘输入事件即将被传递给一个线程输入队列时,系统会调用该方法。键盘输入可以来自本地键盘驱动,也可以来自对keybd_event事件的调用。如果输入来自对keybd_event事件的调用,那么输入是被“注入”的。然而,WH_KEYBOARD_LL钩子不被注入到其它进程中。因为上下文会切换回安装钩子的进程,该钩子就会在原始的上下文中被调用。然后,上下文切换回生成该事件的应用程序中。

Parameters参数
    nCode :[in] Specifies a code the hook procedure uses to determine how to process the message. If nCode is less than zero, the hook procedure must pass the message to the CallNextHookEx function without further processing and should return the value returned by CallNextHookEx. This parameter can be one of the following values. 
    指定钩子子程使用的代码,钩子子程使用该值决定如何处理消息。如果nCode小于0,钩子子程必须将消息传递给CallNextHookEx方法,自己不做进一步的处理,并且要返回由方法CallNextHookEx返回的的返回值。该参数可以是下列值之一。
    1.HC_ACTION :The wParam and lParam parameters contain information about a keyboard message.
    参数wParam和lParam包含有和键盘消息相关的信息。

    wParam :[in] Specifies the identifier of the keyboard message. This parameter can be one of the following messages: WM_KEYDOWN, WM_KEYUP, WM_SYSKEYDOWN, or WM_SYSKEYUP.
    指定键盘消息的标识符。该参数可以是以下参数之一: WM_KEYDOWN, WM_KEYUP, WM_SYSKEYDOWN, or WM_SYSKEYUP.

    lParam  : [in] Pointer to a KBDLLHOOKSTRUCT structure. 
    指向KBDLLHOOKSTRUCT结构的指针。

Return Value返回值
    If nCode is less than zero, the hook procedure must return the value returned by CallNextHookEx. If nCode is greater than or equal to zero, and the hook procedure did not process the message, it is highly recommended that you call CallNextHookEx and return the value it returns; otherwise, other applications that have installed WH_KEYBOARD_LL hooks will not receive hook notifications and may behave incorrectly as a result. If the hook procedure processed the message, it may return a nonzero value to prevent the system from passing the message to the rest of the hook chain or the target window procedure. 
    如果nCode小于0,钩子子程必须返回由方法CallNextHookEx返回的返回值。如果nCode大于等于0,并且钩子子程还没有处理消息,强烈建议调用CallNextHookEx方法,返回有它返回的返回值;否则,其它已经安装了WH_KEYBOARD_LL 钩子的应用程序将接收不到钩子通知,可能导致行为的错误。如果钩子子程已经处理了该消息,将返回一个非0值来阻止系统将消息传递给钩子链表中的其他钩子,或者目的窗体程序。

Remarks备注
    This hook is called in the context of the thread that installed it. The call is made by sending a message to the thread that installed the hook. Therefore, the thread that installed the hook must have a message loop. 
    钩子在安装它的线程的上下文中被调用。通过发送消息给安装该钩子的线程来实现调用。因此,安装有该钩子的线程必须有消息循环。

    The hook procedure should process a message in less time than the data entry specified in the LowLevelHooksTimeout value in the following registry key: 
    HKEY_CURRENT_USER\Control Panel\Desktop
    The value is in milliseconds. If the hook procedure does not return during this interval, the system will pass the message to the next hook.
    Note that debug hooks cannot track this type of hook.
    钩子子程应该用比下面时间少的时间来处理消息: 在注册表的HKEY_CURRENT_USER\Control Panel\Desktop键的 LowLevelHooksTimeout值指定的时间,该值是以毫秒为单位的。如果钩子子程在这个间隔内没有返回,系统将把消息传递给下一个钩子。
    注意:调试钩子不能跟踪该类型的钩子。

10、WH_KEYBOARD
    The KeyboardProc hook procedure is an application-defined or library-defined callback function used with the SetWindowsHookEx function. The system calls this function whenever an application calls the GetMessage or PeekMessage function and there is a keyboard message (WM_KEYUP or WM_KEYDOWN) to be processed. 
    KeyboardProc钩子子程是同SetWindowsHookEx方法一起使用的、用户定义的或者库定义的回调函数。无论什么时候,当应用程序调用GetMessage 或者 PeekMessage方法时,系统都调用该方法,将有一个键盘消息(WM_KEYUP或者 WM_KEYDOWN)被处理。
    
Parameters参数
    code  : [in] Specifies a code the hook procedure uses to determine how to process the message. If code is less than zero, the hook procedure must pass the message to the CallNextHookEx function without further processing and should return the value returned by CallNextHookEx. This parameter can be one of the following values. 
    指定钩子子程使用的代码,来决定如何处理该消息。如果code小于0,钩子子程必须将该消息传递给CallNextHookEx方法,自己不进行任何进一步的处理,并且返回由CallNextHookEx方法返回的返回值。该参数可以是以下值之一:
    1.HC_ACTION :The wParam and lParam parameters contain information about a keystroke message. 
    参数 wParam 和 lParam 包含有键盘敲击消息的信息。
    2.HC_NOREMOVE :The wParam and lParam parameters contain information about a keystroke message, and the keystroke message has not been removed from the message queue. (An application called the PeekMessage function, specifying the PM_NOREMOVE flag.)
    参数wParam和lParam包含有键盘敲击消息的信息,键盘敲击消息还没有被从消息队列中移除。(应用程序调用PeekMessage方法,同时指定PM_NOREMOVE标志。)

    wParam :[in] Specifies the virtual-key code of the key that generated the keystroke message. 
    指定生成键盘敲击消息的键的虚拟键码值。

    lParam :[in] Specifies the repeat count, scan code, extended-key flag, context code, previous key-state flag, and transition-state flag. This parameter can be one or more of the following values. 
    指定重复次数,扫描代码,扩展键标志,上下文代码,前期的键状态标志,转换状态标志。该参数可下列的一个或者多个值。
    0-15  : Specifies the repeat count. The value is the number of times the keystroke is repeated as a result of the user‘s holding down the key. 
    指定重复的次数。该值是,当用户持续按住一个键时,键盘敲击被重复的次数。
    16-23  :Specifies the scan code. The value depends on the OEM. 
    指定扫描代码。该值依赖于OEM。
    24  :Specifies whether the key is an extended key, such as a function key or a key on the numeric keypad. The value is 1 if the key is an extended key; otherwise, it is 0. 
    指定该值是否是一个扩展键,例如功能键或者数字键盘上的键。如果是扩展键,该值为1,否则为0。
    25-28 : Reserved.保留 
    29  :Specifies the context code. The value is 1 if the ALT key is down; otherwise, it is 0. 
    指定上下文代码。如果ALT键被按下,该值为1,否则为0。
    30  : Specifies the previous key state. The value is 1 if the key is down before the message is sent; it is 0 if the key is up. 
    指定前面的键状态。如果在消息发出之前该键被按下,值为1;如果键弹起,值为0。
    31  : Specifies the transition state. The value is 0 if the key is being pressed and 1 if it is being released. 
    指定转换状态。如果键正在被按下,该值为0,如果正在被释放,则为1。

Return Value 返回值
    If code is less than zero, the hook procedure must return the value returned by CallNextHookEx. If code is greater than or equal to zero, and the hook procedure did not process the message, it is highly recommended that you call CallNextHookEx and return the value it returns; otherwise, other applications that have installed WH_KEYBOARD hooks will not receive hook notifications and may behave incorrectly as a result. If the hook procedure processed the message, it may return a nonzero value to prevent the system from passing the message to the rest of the hook chain or the target window procedure.
    如果code小于0,钩子子程必须返回由CallNextHookEx返回的返回值。如果code大于等于0,表示钩子子程没有处理该消息,强烈要求调用CallNextHookEx方法,并返回由它返回的返回值;否则,其它已经安装有WH_KEYBOARD钩子的应用程序将收不到钩子通知,可能导致行为的错误。如果钩子子程处理了该消息,可能返回一个非0值,用来阻止系统将该消息传递给钩子链表中的其它钩子或者目的窗体程序。

11、WH_MOUSE_LL
    The LowLevelMouseProc hook procedure is an application-defined or library-defined callback function used with the SetWindowsHookEx function. The system call this function every time a new mouse input event is about to be posted into a thread input queue. The mouse input can come from the local mouse driver or from calls to the mouse_event function. If the input comes from a call to mouse_event, the input was "injected". However, the WH_MOUSE_LL hook is not injected into another process. Instead, the context switches back to the process that installed the hook and it is called in its original context. Then the context switches back to the application that generated the event. 
    LowLevelMouseProc钩子子程是同SetWindowsHookEx方法一起使用的、应用程序定义的或者库定义的回调函数。系统在每次有新的鼠标输入事件即将被传递给线程输入队列时,调用该方法。鼠标输入可以来自本地鼠标驱动或者对mouse_event方法的调用。如果输入来自对mouse_event的调用,该输入就是被“注入”。 然而,WH_MOUSE_LL钩子不能被注入到其他进程。因为上下文会切换回安装该钩子的进程,该钩子会在原始的上下文中被调用。然后,上下文切换回生成该事件的应用程序中。

Parameters 参数
    nCode :[in] Specifies a code the hook procedure uses to determine how to process the message. If nCode is less than zero, the hook procedure must pass the message to the CallNextHookEx function without further processing and should return the value returned by CallNextHookEx. This parameter can be one of the following values. 
    指定钩子子程使用的代码,用来决定如何处理消息。如果nCode小于0,钩子子程必须将消息传递给CallNextHookEx方法,自己不进行进一步的处理,并且应该返回由方法CallNextHookEx返回的返回值。参数可以是下列值之一:
    1.HC_ACTION :The wParam and lParam parameters contain information about a mouse message.
    wParam 和 lParam 参数包含有鼠标消息的信息。

    wParam :[in] Specifies the identifier of the mouse message. This parameter can be one of the following messages: WM_LBUTTONDOWN, WM_LBUTTONUP, WM_MOUSEMOVE, WM_MOUSEWHEEL, WM_RBUTTONDOWN, or WM_RBUTTONUP. 
    指定鼠标消息的标识符。参数可以是以下消息之一: WM_LBUTTONDOWN, WM_LBUTTONUP, WM_MOUSEMOVE, WM_MOUSEWHEEL, WM_RBUTTONDOWN, WM_RBUTTONUP.

    lParam :[in] Pointer to an MSLLHOOKSTRUCT structure. 
    指向MSLLHOOKSTRUCT结构的指针。

Return Value 返回值
    If nCode is less than zero, the hook procedure must return the value returned by CallNextHookEx. 
    如果nCode小于0,钩子子程必须返回由方法CallNextHookEx返回的返回值。

    If nCode is greater than or equal to zero, and the hook procedure did not process the message, it is highly recommended that you call CallNextHookEx and return the value it returns; otherwise, other applications that have installed WH_MOUSE_LL hooks will not receive hook notifications and may behave incorrectly as a result. If the hook procedure processed the message, it may return a nonzero value to prevent the system from passing the message to the rest of the hook chain or the target window procedure. 
    如果nCode大于等于0,而且钩子子程没有处理该消息,那么强烈要求调用方法CallNextHookEx并返回由它返回的返回值;否则,其它已经安装了WH_MOUSE_LL钩子的应用程序将收不到钩子通知,可能导致行为的错误。如果钩子子程已经处理了该消息,将返回一个非0值,用来阻止系统将消息传递给钩子链表中的其它钩子或者目标窗体程序。

Remarks 备注
    An application installs the hook procedure by specifying the WH_MOUSE_LL hook type and a pointer to the hook procedure in a call to the SetWindowsHookEx function. 
    应用程序通过下面的方法安装该钩子子程:指定WH_MOUSE_LL钩子类型;指定在调用SetWindowsHookEx的方法中的指向钩子子程的指针。

    This hook is called in the context of the thread that installed it. The call is made by sending a message to the thread that installed the hook. Therefore, the thread that installed the hook must have a message loop. 
    该钩子在安装它的线程的上下文中被调用。通过发送消息给安装钩子的线程来实现调用。因此,安装钩子的线程必须有消息循环。

    The hook procedure should process a message in less time than the data entry specified in the LowLevelHooksTimeout value in the following registry key: 
    HKEY_CURRENT_USER\Control Panel\Desktop
    The value is in milliseconds. If the hook procedure does not return during this interval, the system will pass the message to the next hook.
    Note that debug hooks cannot track this type of hook.
    钩子子程应该用比下面时间少的时间来处理消息: 在注册表的HKEY_CURRENT_USER\Control Panel\Desktop键的 LowLevelHooksTimeout值指定的时间。该值是以毫秒为单位的。如果钩子子程在这个间隔没有返回,系统将把消息传递给下一个钩子。注意:调试钩子不能追踪该类型的钩子。

12、WH_MOUSE
    The MouseProc hook procedure is an application-defined or library-defined callback function used with the SetWindowsHookEx function. The system calls this function whenever an application calls the GetMessage or PeekMessage function and there is a mouse message to be processed. 
    MouseProc钩子子程是同SetWindowsHookEx方法一起使用的、应用程序定义的或者库定义的回调函数。无论什么时候,当应用程序一调用GetMessage 或者 PeekMessage方法,有鼠标消息即将被处理时,系统调用该方法。

Parameters 参数
    nCode :[in] Specifies a code the hook procedure uses to determine how to process the message. If nCode is less than zero, the hook procedure must pass the message to the CallNextHookEx function without further processing and should return the value returned by CallNextHookEx. This parameter can be one of the following values. 
    指定钩子子程使用的用来决定如何处理消息的码值。如果nCode小于0,钩子子程必须将消息传递给CallNextHookEx方法,自己不进行进一步的处理,并且要返回由CallNextHookEx方法返回的返回值。该参数可以是下列值之一: 
    1.HC_ACTION :The wParam and lParam parameters contain information about a mouse message. 
    参数wParam 和 lParam包含和鼠标消息相关的信息。
    2.HC_NOREMOVE :The wParam and lParam parameters contain information about a mouse message, and the mouse message has not been removed from the message queue. (An application called the PeekMessage function, specifying the PM_NOREMOVE flag.)
    参数wParam 和 lParam包含和鼠标消息相关的信息,鼠标消息还没有从消息队列中移除。

    wParam :[in] Specifies the identifier of the mouse message. 
    指定鼠标消息的标识符。
    
    lParam:[in] Pointer to a MOUSEHOOKSTRUCT structure. 
    指向MOUSEHOOKSTRUCT结构的指针。

Return Value 返回值
    If nCode is less than zero, the hook procedure must return the value returned by CallNextHookEx. If nCode is greater than or equal to zero, and the hook procedure did not process the message, it is highly recommended that you call CallNextHookEx and return the value it returns; otherwise, other applications that have installed WH_MOUSE hooks will not receive hook notifications and may behave incorrectly as a result. If the hook procedure processed the message, it may return a nonzero value to prevent the system from passing the message to the target window procedure. 
    如果code小于0,钩子子程必须返回由CallNextHookEx方法返回的返回值。如果code大于等于0,钩子子程还没有处理该消息,强烈要求调用CallNextHookEx方法并返回由它返回的返回值;否则,其它已经安装了WH_MOUSE钩子的应用程序将收不到钩子通知,可能导致行为的错误。如果钩子子程已经处理了该消息,应该返回非0值,以阻止系统将消息传递给钩子链表中剩余的钩子或者目标窗体程序。

Remarks备注
    An application installs the hook procedure by specifying the WH_MOUSE hook type and a pointer to the hook procedure in a call to the SetWindowsHookEx function. The hook procedure must not install a WH_JOURNALPLAYBACK Hook callback function.
    应用程序通过下面方法来安装钩子:指定WH_MOUSE钩子类型;指定在调用SetWindowsHookEx的方法中指向钩子子程的指针。该钩子子程不应安装WH_JOURNALPLAYBACK钩子的回调函数。

 
 
13、WH_SHELL 
    The ShellProc hook procedure is an application-defined or library-defined callback function used with the SetWindowsHookEx function. The function receives notifications of Shell events from the system. 
    The HOOKPROC type defines a pointer to this callback function. ShellProc is a placeholder for the application-defined or library-defined function name.
    ShellProc钩子子程是同SetWindowsHookEx一起使用的、应用程序定义的或者库定义的回调函数。该方法接收来自系统的加壳事件通知。HOOKPROC类型定义了指向该方法的指针。ShellProc是应用程序定义的或者库定义的方法的名字。

Parameters参数
    nCode :[in] Specifies the hook code. If nCode is less than zero, the hook procedure must pass the message to the CallNextHookEx function without further processing and should return the value returned by CallNextHookEx. This parameter can be one of the following values. 
    指定钩子代码。如果nCode小于0,钩子子程必须将消息传递给CallNextHookEx方法,自己不进行进一步的处理,并且应该返回由CallNextHookEx方法返回的返回值。该参数可以是下列值:
    1.HSHELL_ACCESSIBILITYSTATE 
    Windows 2000/XP: The accessibility state has changed. 可访问性已经改
    
    2.HSHELL_ACTIVATESHELLWINDOW 
    The shell should activate its main window. 外壳应该激活它的主窗口。
    
    3.HSHELL_APPCOMMAND 
    Windows 2000/XP: The user completed an input event (for example, pressed an application command button on the mouse or an application command key on the keyboard), and the application did not handle the WM_APPCOMMAND message generated by that input. 
    用户完成一个输入事件(例如,按下应用程序鼠标上的命令按钮或者键盘上的命令键),应用程序没有处理由该输入产生的WM_APPCOMMAND 消息。
    If the Shell procedure handles the WM_COMMAND message, it should not call CallNextHookEx. See the Return Value section for more information.
    如果Shell子程获得了WM_COMMAND消息的句柄,不应该调用CallNextHookEx 。
    
    4.HSHELL_GETMINRECT 
    A window is being minimized or maximized. The system needs the coordinates of the minimized rectangle for the window. 
    窗口正在被最小化或者最大化。系统需要窗体的最小矩形框的坐标。

    5.HSHELL_LANGUAGE 
    Keyboard language was changed or a new keyboard layout was loaded.
    键盘语言被改变了或者新的键盘布局被加载了。

    6.HSHELL_REDRAW 
    The title of a window in the task bar has been redrawn. 
    任务栏中的窗口标题被重绘了。

    7.HSHELL_TASKMAN 
    The user has selected the task list. A shell application that provides a task list should return TRUE to prevent Microsoft Windows from starting its task list. 
    用户选择了任务列表。提供了任务列表的加壳应用程序应该返回TRUE,来阻止windows启动任务列表。

    8.HSHELL_WINDOWACTIVATED 
    The activation has changed to a different top-level, unowned window. 
    激活动作变成了不同的top-level,unowned 的窗口。(即,激活了不同的不明窗口,使其处于最上层。)

    9.HSHELL_WINDOWCREATED 
    A top-level, unowned window has been created. The window exists when the system calls this hook. 
    顶层的、不受控制的窗体已经被创建。当系统调用该钩子时,窗口存在。

    10.HSHELL_WINDOWDESTROYED 
    A top-level, unowned window is about to be destroyed. The window still exists when the system calls this hook. 
    顶层的、不受控制的窗体即将被销毁。当系统调用该钩子的时候该窗体依然存在。

    11.HSHELL_WINDOWREPLACED 
    Windows XP: A top-level window is being replaced. The window exists when the system calls this hook. 
    在Windows XP环境下,顶层的窗体正在被替换掉。当系统调用该钩子时,窗口存在。

    wParam [in] The value depends on the value of the nCode parameter, as shown in the following table.
    该值取决于参数 nCode ,如下表所示。
 
---------------------------------------------------------------------------------------
| nCode                         |wParam                                                                                                          |
---------------------------------------------------------------------------------------
| HSHELL_ACCESSIBILITYSTATE     |Windows 2000/XP: Indicates which accessibility       |
|                                                                  |feature has changed state. This value is one             |
|                                                                     |of the following: ACCESS_FILTERKEYS,                 |
|                               |ACCESS_MOUSEKEYS, or ACCESS_STICKYKEYS.              |
|                               |                                                     |
|                               |在Windows XP 环境下:指示哪种访问特征已经被改变      |
|                               |了状态。值可以是下列之一:ACCESS_FILTERKEYS,         |
|                               |ACCESS_MOUSEKEYS, ACCESS_STICKYKEYS.                 |
---------------------------------------------------------------------------------------
|HSHELL_APPCOMMAND              |Windows 2000/XP: Where the WM_APPCOMMAND             |
|                               |message was originally sent; for example, the        |
|                               |handle to a window.                                  |
|                               |                                                     |
|                               |是WM_APPCOMMAND消息最初发出的位置,例如,窗口的      |
|                               |句柄。                                               |
---------------------------------------------------------------------------------------
|HSHELL_GETMINRECT              |Handle to the minimized or maximized window.         |
|                               |最小化或者最大化的窗体的句柄。                       |
---------------------------------------------------------------------------------------
|HSHELL_LANGUAGE                |Handle to the window.窗口句柄。                      |
---------------------------------------------------------------------------------------
|HSHELL_REDRAW                  |Handle to the redrawn window.重化窗口句柄。          |
---------------------------------------------------------------------------------------
|HSHELL_WINDOWACTIVATED         |Handle to the activated window.活动窗口句柄。        |
---------------------------------------------------------------------------------------
|HSHELL_WINDOWCREATED           |Handle to the created window.被创建的窗口的句柄。    |
---------------------------------------------------------------------------------------                                                                               |
|HSHELL_WINDOWDESTROYED         |Handle to the destroyed window.被销毁的窗口的句柄。  |
---------------------------------------------------------------------------------------
|HSHELL_WINDOWREPLACED          |Windows XP: Handle to the window being replaced.     |
|                               |即将被替换的窗体的句柄。                             |
---------------------------------------------------------------------------------------

    lParam  [in] The value depends on the value of the nCode parameter, as shown in the following table. 
    该值取决于参数nCode。如下表所示。

--------------------------------------------------------------------------------------------------------------    
|nCode                          | lParam                                                                     |
|                               |                                                                            |
|HSHELL_APPCOMMAND              | Windows 2000/XP:GET_APPCOMMAND_LPARAM(lParam) is the application           |
|                               | command corresponding to the input event.                                  |
|                               | GET_APPCOMMAND_LPARAM是对输入事件做出响应的应用程序命令。                  |
|                               |                                                                            |
|                               | GET_DEVICE_LPARAM(lParam) indicates what generated the input               |
|                               | event; for example, the mouse or keyboard.                                 |
|                               | GET_DEVICE_LPARAM指示是什么生成了输入事件。例如,鼠标或者键盘。            |
|                               |                                                                            |
|                               | GET_FLAGS_LPARAM(lParam) depends on the value of cmd in                    |
|                               | WM_APPCOMMAND. For example, it might indicate which virtual keys           |
|                               | were held down when the WM_APPCOMMAND message was originally sent.         |
|                               | GET_FLAGS_LPARAM(lParam)依赖于 WM_APPCOMMAND中CMD的值。例如,可以          |
|                               | 指示当WM_APPCOMMAND消息被发出的时候,哪个虚拟键被按下。                    |
--------------------------------------------------------------------------------------------------------------
|HSHELL_GETMINRECT              | Pointer to a RECT structure.    RECT结构的指针                             |
--------------------------------------------------------------------------------------------------------------
|HSHELL_LANGUAGE                | Handle to a keyboard layout.   键盘布局的句柄。                            |
--------------------------------------------------------------------------------------------------------------
|HSHELL_REDRAW                  | The value is TRUE if the window is flashing, or FALSE otherwise.           |
|                               | 如果窗口正在闪烁(重绘过程中),该值为true,其他为false                    |
--------------------------------------------------------------------------------------------------------------
|HSHELL_WINDOWACTIVATED         | The value is TRUE if the window is in full-screen mode, or FALSE otherwise.| 
|                               | 如果窗体处于全屏模式,该值是true,否则为false。                            |
--------------------------------------------------------------------------------------------------------------
|HSHELL_WINDOWREPLACED          | Windows XP: Handle to the new window.新窗体的句柄。                        |
--------------------------------------------------------------------------------------------------------------

Return Value返回值
    The return value should be zero unless the value of nCode is HSHELL_APPCOMMAND and the shell procedure handles the WM_COMMAND message. In this case, the return should be nonzero.
    如果nCode的值是HSHELL_APPCOMMAND,shell子程句柄指向WM_COMMAND 消息,在这种情况下,返回值是非0。其他情况下,返回值是0。

Remarks备注
    Install this hook procedure by specifying the WH_SHELL hook type and a pointer to the hook procedure in a call to the SetWindowsHookEx function. 
    通过指定WH_SHELL 钩子类型以及在SetWindowsHookEx的方法中的指向钩子子程的指针来安装该钩子子程。
   


14、WH_SYSMSGFILTER
    The SysMsgProc hook procedure is a library-defined callback function used with the SetWindowsHookEx function. The system calls this function after an input event occurs in a dialog box, message box, menu, or scroll bar, but before the message generated by the input event is processed. The function can monitor messages for any dialog box, message box, menu, or scroll bar in the system.
    SysMsgProc钩子子程是同SetWindowsHookEx一起使用的在库中定义的回调函数。在对话框、消息框、菜单、滚动条中所属的输入事件发生后,在这些消息被系统处理之前,系统调用该方法。该方法能够为系统中任何对话框、消息框、菜单、滚动条监视消息。

Parameters参数
    nCode [in] Specifies the type of input event that generated the message. If nCode is less than zero, the hook procedure must pass the message to the CallNextHookEx function without further processing and should return the value returned by CallNextHookEx. This parameter can be one of the following values. 
    指定生成该消息的输入事件的类型。如果nCode小于0,钩子子程必须将消息传递给CallNextHookEx方法,自己不进行进一步的处理,并且应该返回由CallNextHookEx方法返回的返回值。。该参数可以是以下值之一:
    1.MSGF_DIALOGBOX :The input event occurred in a message box or dialog box.  
    输入事件在消息框或者对话框中发生。
    2.MSGF_MENU :The input event occurred in a menu.
    输入事件在菜单中发生。 
    3.MSGF_SCROLLBAR :The input event occurred in a scroll bar.
    输入事件在滚动条中发生。

    wParam :This parameter is not used. 该参数未使用。

    lParam :[in] Pointer to an MSG message structure.指向MSG消息结构的指针。

Return Value 返回值
    If nCode is less than zero, the hook procedure must return the value returned by CallNextHookEx. 
    If nCode is greater than or equal to zero, and the hook procedure did not process the message, it is highly recommended that you call CallNextHookEx and return the value it returns; otherwise, other applications that have installed WH_SYSMSGFILTER hooks will not receive hook notifications and may behave incorrectly as a result. If the hook procedure processed the message, it may return a nonzero value to prevent the system from passing the message to the target window procedure. 
    如果nCode小于0,钩子子程必须返回由CallNextHookEx方法返回的返回值。如果nCode大于等于0,并且钩子子程还没有处理该消息,强烈要求调用CallNextHookEx方法并返回由它返回的返回值。否则,其他已经安装了WH_SYSMSGFILTER钩子的应用程序将接收不到钩子通知,可能导致行为错误。如果钩子子程已经处理了该消息,应该返回非0 值,来阻止系统将消息传递给目标窗体程序。

Remarks备注
    An application installs the hook procedure by specifying the WH_SYSMSGFILTER hook type and a pointer to the hook procedure in a call to the SetWindowsHookEx function. 
    应用程序安装该钩子通过:指定WH_SYSMSGFILTER钩子类型;指定在调用SetWindowsHookEx方法的指向钩子子程的指针。

15、WH_MSGFILTER 
    The MessageProc hook procedure is an application-defined or library-defined callback function used with the SetWindowsHookEx function. The system calls this function after an input event occurs in a dialog box, message box, menu, or scroll bar, but before the message generated by the input event is processed. The hook procedure can monitor messages for a dialog box, message box, menu, or scroll bar created by a particular application or all applications.

    The HOOKPROC type defines a pointer to this callback function. MessageProc is a placeholder for the application-defined or library-defined function name.


Syntax

LRESULT CALLBACK MessageProc(          int code,
    WPARAM wParam,
    LPARAM lParam
);
Parameters
    code
      [in] Specifies the type of input event that generated the message. If code is less than zero, the hook procedure must pass the message to the CallNextHookEx function without further processing and return the value returned by CallNextHookEx. This parameter can be one of the following values. 
        MSGF_DDEMGR
            The input event occurred while the Dynamic Data Exchange Management Library (DDEML) was waiting for a synchronous transaction to finish. For more information about DDEML, see Dynamic Data Exchange Management Library.
        MSGF_DIALOGBOX
            The input event occurred in a message box or dialog box.
        MSGF_MENU
            The input event occurred in a menu.
        MSGF_SCROLLBAR
            The input event occurred in a scroll bar.
    wParam
        This parameter is not used. 
    lParam
        [in] Pointer to an MSG structure. 
Return Value
    If code is less than zero, the hook procedure must return the value returned by CallNextHookEx.

    If code is greater than or equal to zero, and the hook procedure did not process the message, it is highly recommended that you call CallNextHookEx and return the value it returns; otherwise, other applications that have installed WH_MSGFILTER hooks will not receive hook notifications and may behave incorrectly as a result. If the hook procedure processed the message, it may return a nonzero value to prevent the system from passing the message to the rest of the hook chain or the target window procedure.

Remarks
    An application installs the hook procedure by specifying the WH_MSGFILTER hook type and a pointer to the hook procedure in a call to the SetWindowsHookEx function.

    If an application that uses the DDEML and performs synchronous transactions must process messages before they are dispatched, it must use the WH_MSGFILTER hook.

 

本文来自CSDN博客,转载请标明出处:http://blog.csdn.net/jiangxinyu/archive/2010/02/03/5284067.aspx

HOOK钩子 - 钩子函数说明

标签:

原文地址:http://www.cnblogs.com/icqw/p/5039512.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!