Windows 钩子 API 示例:监控文件打开和保存操作
#include <windows.h>
#include <iostream>
#include <fstream>
// 函数声明
LRESULT CALLBACK CBTProc(int nCode, WPARAM wParam, LPARAM lParam);
LRESULT CALLBACK CallWndProc(int nCode, WPARAM wParam, LPARAM lParam);
LRESULT CALLBACK WriteFileHookProc(int nCode, WPARAM wParam, LPARAM lParam);
// 全局变量
HHOOK hHook = NULL;
HANDLE hFile = NULL;
// 文件操作封装函数
bool OpenFile(const wchar_t* fileName, HANDLE& hFile) {
hFile = CreateFile(fileName, GENERIC_READ, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
if (hFile == INVALID_HANDLE_VALUE) {
// 输出错误日志
return false;
}
return true;
}
bool CreateFile(const wchar_t* fileName, HANDLE& hFile) {
hFile = CreateFile(fileName, GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
if (hFile == INVALID_HANDLE_VALUE) {
// 输出错误日志
return false;
}
return true;
}
// 钩子函数
LRESULT CALLBACK CBTProc(int nCode, WPARAM wParam, LPARAM lParam) {
if (nCode == HCBT_CREATEWND || nCode == HCBT_ACTIVATE || nCode == HCBT_DESTROYWND) {
return CallNextHookEx(hHook, nCode, wParam, lParam);
}
LPCREATESTRUCT lpcs = ((CBT_CREATEWND*)lParam)->lpcs;
LPCWSTR className = lpcs->lpszClass;
if (wcscmp(className, L'OpenFileDialog') == 0) {
LPCWSTR fileName = ((OPENFILENAME*)lpcs->lpvParam)->lpstrFile;
// 输出日志
if (!OpenFile(fileName, hFile)) {
// 输出错误日志
}
}
return CallNextHookEx(hHook, nCode, wParam, lParam);
}
LRESULT CALLBACK CallWndProc(int nCode, WPARAM wParam, LPARAM lParam) {
if (nCode < 0) {
return CallNextHookEx(hHook, nCode, wParam, lParam);
}
CWPSTRUCT* cwp = (CWPSTRUCT*)lParam;
if (cwp->message == WM_COMMAND && cwp->wParam == ID_FILE_SAVEAS) {
// 输出日志
LPCWSTR fileName = ((OPENFILENAME*)cwp->lParam)->lpstrFile;
// 输出日志
if (!CreateFile(fileName, hFile)) {
// 输出错误日志
} else {
// 安装文件写入操作钩子
HMODULE hModule = GetModuleHandle(NULL);
HOOKPROC lpfnHookProc = (HOOKPROC)GetProcAddress(hModule, 'WriteFileHookProc');
hHook = SetWindowsHookEx(WH_CALLWNDPROC, lpfnHookProc, hModule, GetCurrentThreadId());
if (hHook == NULL) {
// 输出错误日志
}
}
}
return CallNextHookEx(hHook, nCode, wParam, lParam);
}
LRESULT CALLBACK WriteFileHookProc(int nCode, WPARAM wParam, LPARAM lParam) {
if (nCode < 0) {
return CallNextHookEx(hHook, nCode, wParam, lParam);
}
CWPSTRUCT* cwp = (CWPSTRUCT*)lParam;
if (cwp->message == WM_ACTIVATEAPP && cwp->wParam == TRUE) {
// 输出日志
DWORD dwBytesRead = 0;
BYTE buffer[1024];
while (ReadFile(hFile, buffer, sizeof(buffer), &dwBytesRead, NULL) && dwBytesRead > 0) {
// 处理文件数据
// ...
}
// 输出日志
// 卸载文件写入操作钩子
UnhookWindowsHookEx(hHook);
hHook = NULL;
}
return CallNextHookEx(hHook, nCode, wParam, lParam);
}
int main() {
// 安装 CBT 钩子
HMODULE hModule = GetModuleHandle(NULL);
HOOKPROC lpfnHookProc = (HOOKPROC)GetProcAddress(hModule, 'CBTHookProc');
HHOOK hCBTHook = SetWindowsHookEx(WH_CBT, lpfnHookProc, hModule, 0);
if (hCBTHook == NULL) {
// 输出错误日志
return 1;
}
// 安装 CallWndProc 钩子
lpfnHookProc = (HOOKPROC)GetProcAddress(hModule, 'CallWndProcHookProc');
HHOOK hCallWndProcHook = SetWindowsHookEx(WH_CALLWNDPROC, lpfnHookProc, hModule, GetCurrentThreadId());
if (hCallWndProcHook == NULL) {
// 输出错误日志
UnhookWindowsHookEx(hCBTHook);
return 1;
}
// 消息循环
MSG msg;
while (GetMessage(&msg, NULL, 0, 0)) {
TranslateMessage(&msg);
DispatchMessage(&msg);
}
// 卸载钩子
UnhookWindowsHookEx(hCBTHook);
UnhookWindowsHookEx(hCallWndProcHook);
return 0;
}
原文地址: https://www.cveoy.top/t/topic/l0Ry 著作权归作者所有。请勿转载和采集!