37648721轉載請註明出處並保持文章的完整性。）

Hooks Overview

A hook is a mechanism by which an application can intercept events, such as messages, mouse actions, and keystrokes. A function that intercepts a particular type of event is known as ahook procedure. A hook procedure can act on each event it receives, and then modify or discard the event.

（鉤子是一種應用程序攔截事件的機制，例如：消息、鼠標活動、鍵盤按鍵。攔截特定類型事件的函數被稱爲鉤子函數。一個鉤子函數可以作用於每一個它接受到的事件，並且改變或者拋棄事件。）

The following some example uses for hooks:（下面是鉤子的一些用法）

Monitor messages for debugging purposes（爲了調試而監控消息）
Provide support for recording and playback of macros（爲記錄和宏重放提供支持）（不知道是什麼東西）
Provide support for a help key (F1)（爲功能鍵F1提供支持）
Simulate mouse and keyboard input（模擬鼠標和鍵盤輸入）
Implement a computer-based training (CBT) application（實現CBT應用）

Note Hooks tend to slow down the system because they increase the amount of processing the system must perform for each message. You should install a hook only when necessary, and remove it as soon as possible.（鉤子會降低系統的速度，因爲系統必須處理的消息增多了。你應當在需要的時候才使用它，不用時請立即取消。）（PS：想想中病毒時電腦會卡就明白了，一個意思。）

This section discusses the following:（本章節討論下面的內容）

Hook Chains（鉤子鏈）

The system supports many different types of hooks; each type provides access to a different aspect of its message-handling mechanism. For example, an application can use theWH_MOUSE hook to monitor the message traffic for mouse messages.（系統提供多種不同類型的鉤子；每種鉤子提供了消息處理機制的不同訪問方面。例如，程序可以使用WH_MOUSE鉤子來監視鼠標消息的傳遞。）

The system maintains a separate hook chain for each type of hook. A hook chain is a list of pointers to special, application-defined callback functions calledhook procedures. When a message occurs that is associated with a particular type of hook, the system passes the message to each hook procedure referenced in the hook chain, one after the other. The action a hook procedure can take depends on the type of hook involved. The hook procedures for some types of hooks can only monitor messages; others can modify messages or stop their progress through the chain, preventing them from reaching the next hook procedure or the destination window.（系統爲不同類型的鉤子維護單獨的鉤子鏈。）

Hook Procedures（鉤子函數）

To take advantage of a particular type of hook, the developer provides a hook procedure and uses theSetWindowsHookEx function to install it into the chain associated with the hook. A hook procedure must have the following syntax:（爲了使用某種類型的鉤子，開發人員要提供一個鉤子函數，然後使用SetWindowsHookEx函數把它安裝到該鉤子類型的鉤子鏈中。鉤子函數必須符合如下的語法：）

LRESULT CALLBACK HookProc(
  int nCode, //鉤子類型
  WPARAM wParam, 
  LPARAM lParam
)
{
   // process event
   ...

   return CallNextHookEx(NULL, nCode, wParam, lParam);//注意最後調用了CallNextHookEx
}

HookProc is a placeholder for an application-defined name.（把函數名放在HookProc的位置。）

The nCode parameter is a hook code that the hook procedure uses to determine the action to perform. The value of the hook code depends on the type of the hook; each type has its own characteristic set of hook codes. The values of the wParam and lParam parameters depend on the hook code, but they typically contain information about a message that was sent or posted.（nCode參數是鉤子函數用來決定執行行爲的代碼。nCode的值取決於鉤子的類型；不同的鉤子類型有它自己的特有的鉤子代碼。wParam和lParam參數的值取決於nCode.但是他們通常包含的內容是發送或郵遞的消息。）

The SetWindowsHookEx function always installs a hook procedure at the beginning of a hook chain. When an event occurs that is monitored by a particular type of hook, the system calls the procedure at the beginning of the hook chain associated with the hook. Each hook procedure in the chain determines whether to pass the event to the next procedure. A hook procedure passes an event to the next procedure by calling theCallNextHookEx function.（SetWindowsHookEx函數總是在鉤子鏈的開始處安裝鉤子函數。當某種類型的鉤子監測到了事件發生，系統會調用這種鉤子鏈上開始位置的鉤子函數。鉤子鏈上的每個鉤子函數決定了是否將事件傳遞給下一個鉤子函數。鉤子函數通過調用CallNextHookex函數將事件傳遞到下一個鉤子函數。）

Note that the hook procedures for some types of hooks can only monitor messages. the system passes messages to each hook procedure, regardless of whether a particular procedure callsCallNextHookEx.（要注意的是：某些類型鉤子的鉤子函數只能監測消息。不論鉤子函數是否調用CallNextHookEx函數，系統都會將消息傳遞到下一個鉤子函數。）

A global hook monitors messages for all threads in the same desktop as the calling thread. A thread-specific hook monitors messages for only an individual thread. A global hook procedure can be called in the context of any application in the same desktop as the calling thread, so the procedure must be in a separate DLL module. A thread-specific hook procedure is called only in the context of the associated thread. If an application installs a hook procedure for one of its own threads, the hook procedure can be in either the same module as the rest of the application's code or in a DLL. If the application installs a hook procedure for a thread of a different application, the procedure must be in a DLL. For information, seeDynamic-Link Libraries.（全局鉤子作爲調用線程監控同一個桌面的所有線程的消息。特定線程的鉤子只監控特定現成的消息。全局鉤子函數可以在同一桌面的任何程序的環境中作爲調用線程來調用，所以函數必須在一個單獨的dll模塊中。特定線程的鉤子函數只能在其線程的環境中調用。如果程序向爲它自己的一個線程安裝鉤子，那麼這個鉤子可以與程序其他代碼的處於同一個模塊中，也可以自己單獨在一個dll中。如果程序爲其他程序的線程安裝鉤子函數，那麼鉤子函數必須在dll中。更多信息參見Dynamic-Link Libraries。）

Note You should use global hooks only for debugging purposes; otherwise, you should avoid them. Global hooks hurt system performance and cause conflicts with other applications that implement the same type of global hook.（你應當只在調試時使用全局鉤子；不然別用了。全局鉤子強烈影響系統性能，並且會和其他使用相同類型鉤子的程序發生衝突。）

Hook Types（鉤子類型）

Each type of hook enables an application to monitor a different aspect of the system's message-handling mechanism. The following sections describe the available hooks.（不同類型的鉤子能夠使程序監控系統消息處理機制的不同方面。下面的小節描述了可用的鉤子類型。）

下面的不全翻譯，只寫出部分，或者意譯。

WH_CALLWNDPROC and WH_CALLWNDPROCRET

The WH_CALLWNDPROC and WH_CALLWNDPROCRET hooks enable you to monitor messages sent to window procedures. The system calls aWH_CALLWNDPROC hook procedure before passing the message to the receiving window procedure, and calls theWH_CALLWNDPROCRET hook procedure after the window procedure has processed the message.（允許監控發送到窗口過程的消息。WH_CALLWNDPROC：在傳送給窗口過程之前調用。WH_CALLWNDPROCRET：在窗口過程處理完後調用。）

The WH_CALLWNDPROCRET hook passes a pointer to a CWPRETSTRUCT structure to the hook procedure. The structure contains the return value from the window procedure that processed the message, as well as the message parameters associated with the message. Subclassing the window does not work for messages set between processes.

For more information, see the CallWndProc and CallWndRetProc callback functions.

WH_CBT

The system calls a WH_CBT hook procedure before activating, creating, destroying, minimizing, maximizing, moving, or sizing a window; before completing a system command; before removing a mouse or keyboard event from the system message queue; before setting the input focus; or before synchronizing with the system message queue. The value the hook procedure returns determines whether the system allows or prevents one of these operations. TheWH_CBT hook is intended primarily for computer-based training (CBT) applications.（通常只建議計算機輔助訓練程序使用這種消息。）（比方說考Excel操作的軟件。）

For more information, see the CBTProc callback function.

For information, see WinEvents.

WH_DEBUG

The system calls a WH_DEBUG hook procedure before calling hook procedures associated with any other hook in the system. You can use this hook to determine whether to allow the system to call hook procedures associated with other types of hooks.（在調用系統的其他鉤子的鉤子函數之前調用。你可以調用這種鉤子來決定是否允許系統調用其他類型鉤子的鉤子函數。）

For more information, see the DebugProc callback function.

WH_FOREGROUNDIDLE

The WH_FOREGROUNDIDLE hook enables you to perform low priority tasks during times when its foreground thread is idle. The system calls aWH_FOREGROUNDIDLE hook procedure when the application's foreground thread is about to become idle.（可以在前臺線程空閒/將要空閒的時候，將其設爲低優先級。）

For more information, see the ForegroundIdleProc callback function.

WH_GETMESSAGE

The WH_GETMESSAGE hook enables an application to monitor messages about to be returned by theGetMessage or PeekMessage function. You can use the WH_GETMESSAGE hook to monitor mouse and keyboard input and other messages posted to the message queue.（允許程序監控GetMessage和 PeekMessage函數返回的消息。可以監控鍵盤、鼠標的輸入，以及其他投遞到消息隊列的其他消息。）

For more information, see the GetMsgProc callback function.

WH_JOURNALPLAYBACK

The WH_JOURNALPLAYBACK hook enables an application to insert messages into the system message queue. You can use this hook to play back a series of mouse and keyboard events recorded earlier by usingWH_JOURNALRECORD. Regular mouse and keyboard input is disabled as long as a WH_JOURNALPLAYBACK hook is installed. AWH_JOURNALPLAYBACK hook is a global hook—it cannot be used as a thread-specific hook.（再現之前的鼠標或者鍵盤事件。當安裝後，常規鍵盤鼠標輸入將不可使用。這是一個全局鉤子。）

The WH_JOURNALPLAYBACK hook returns a time-out value. This value tells the system how many milliseconds to wait before processing the current message from the playback hook. This enables the hook to control the timing of the events it plays back.

For more information, see the JournalPlaybackProc callback function.

WH_JOURNALRECORD

The WH_JOURNALRECORD hook enables you to monitor and record input events. Typically, you use this hook to record a sequence of mouse and keyboard events to play back later by usingWH_JOURNALPLAYBACK. The WH_JOURNALRECORD hook is a global hook—it cannot be used as a thread-specific hook.（記錄鍵盤鼠標輸入事件）

For more information, see the JournalRecordProc callback function.

WH_KEYBOARD_LL

The WH_KEYBOARD_LL hook enables you to monitor keyboard input events about to be posted in a thread input queue.（即將投遞到線程輸入隊列的鍵盤輸入事件。）（PS：這個是底層的）

For more information, see the LowLevelKeyboardProc callback function.

WH_KEYBOARD

The WH_KEYBOARD hook enables an application to monitor message traffic forWM_KEYDOWN andWM_KEYUP messages about to be returned by the GetMessage or PeekMessage function. You can use the WH_KEYBOARD hook to monitor keyboard input posted to a message queue.（監控 GetMessage 或 PeekMessage函數即將返回的WM_KEYDOWN和WM_KEYUP消息。可用於監控投遞到消息隊列的鍵盤輸入。）
）

For more information, see the KeyboardProc callback function.

WH_MOUSE_LL

The WH_MOUSE_LL hook enables you to monitor mouse input events about to be posted in a thread input queue.（即將投遞到線程輸入隊列的鼠標輸入事件。）（PS：這個是底層的）

For more information, see the LowLevelMouseProc callback function.

WH_MOUSE

The WH_MOUSE hook enables you to monitor mouse messages about to be returned by theGetMessage or PeekMessage function. You can use the WH_MOUSE hook to monitor mouse input posted to a message queue.（監控 GetMessage 或 PeekMessage函數即將返回的鼠標消息。可用於監控投遞到消息隊列的鼠標輸入。）
）

For more information, see the MouseProc callback function.

（下面的這兩個沒有翻譯，我目前沒用到，不看了。）

WH_MSGFILTER and WH_SYSMSGFILTER

The WH_MSGFILTER and WH_SYSMSGFILTER hooks enable you to monitor messages about to be processed by a menu, scroll bar, message box, or dialog box, and to detect when a different window is about to be activated as a result of the user's pressing the ALT+TAB or ALT+ESC key combination. The WH_MSGFILTER hook can only monitor messages passed to a menu, scroll bar, message box, or dialog box created by the application that installed the hook procedure. TheWH_SYSMSGFILTER hook monitors such messages for all applications.（WH_MSGFILTER僅監控當前已安裝鉤子函數的應用程序的菜單、滾動條、消息框、對話框的消息。WH_SYSMSGFILTER則監控所有的程序。）

The WH_MSGFILTER and WH_SYSMSGFILTER hooks enable you to perform message filtering during modal loops that is equivalent to the filtering done in the main message loop. For example, an application often examines a new message in the main loop between the time it retrieves the message from the queue and the time it dispatches the message, performing special processing as appropriate. However, during a modal loop, the system retrieves and dispatches messages without allowing an application the chance to filter the messages in its main message loop. If an application installs aWH_MSGFILTER orWH_SYSMSGFILTER hook procedure, the system calls the procedure during the modal loop.

An application can call the WH_MSGFILTER hook directly by calling theCallMsgFilter function. By using this function, the application can use the same code to filter messages during modal loops as it uses in the main message loop. To do so, encapsulate the filtering operations in aWH_MSGFILTER hook procedure and callCallMsgFilter between the calls to theGetMessage andDispatchMessage functions.

while (GetMessage(&msg, (HWND) NULL, 0, 0)) 
{ 
    if (!CallMsgFilter(&qmsg, 0)) 
        DispatchMessage(&qmsg); 
} 

The last argument of CallMsgFilter is simply passed to the hook procedure; you can enter any value. The hook procedure, by defining a constant such asMSGF_MAINLOOP, can use this value to determine where the procedure was called from.

For more information, see the MessageProc and SysMsgProc callback functions.

WH_SHELL

A shell application can use the WH_SHELL hook to receive important notifications. The system calls aWH_SHELL hook procedure when the shell application is about to be activated and when a top-level window is created or destroyed.

Note that custom shell applications do not receive WH_SHELL messages. Therefore, any application that registers itself as the default shell must call theSystemParametersInfo function before it (or any other application) can receiveWH_SHELL messages. This function must be called withSPI_SETMINIMIZEDMETRICS and aMINIMIZEDMETRICS structure. Set theiArrange member of this structure toARW_HIDE.

For more information, see the ShellProc callback function.

Hooks——鉤子概覽