写一个用消息钩子 监视进程文件读写操作的代码 用c语言

#include <stdio.h> #include <windows.h>

HHOOK hMsgHook;

LRESULT CALLBACK MsgHookProc(int nCode, WPARAM wParam, LPARAM lParam) { if (nCode == HC_ACTION) { PMSG pMsg = (PMSG)lParam; if (pMsg->message == WM_COPYDATA) { PCOPYDATASTRUCT pCopyData = (PCOPYDATASTRUCT)pMsg->lParam; if (pCopyData->dwData == 1) // 进程文件读操作 { printf("进程 %d 正在读取文件 %s\n", (int)pMsg->hwnd, (char*)pCopyData->lpData); } else if (pCopyData->dwData == 2) // 进程文件写操作 { printf("进程 %d 正在写入文件 %s\n", (int)pMsg->hwnd, (char*)pCopyData->lpData); } } } return CallNextHookEx(hMsgHook, nCode, wParam, lParam); }

int main() { hMsgHook = SetWindowsHookEx(WH_GETMESSAGE, MsgHookProc, NULL, GetCurrentThreadId()); if (hMsgHook != NULL) { printf("消息钩子已经安装，按回车键退出...\n"); getchar(); UnhookWindowsHookEx(hMsgHook); } else { printf("消息钩子安装失败！\n"); } return 0; }