我需要挂钩什么功能(使用简易挂钩)以防止最小化第三方应用程序?
What function would I need to hook (using easy hook) to prevent minimize of a third party application?
我正在尝试编写一个简单的东西来防止第三方应用程序能够最小化。我将使用 EasyHook,因为我认为这是最简单的方法。
我的代码将使用 C#。我一直在查看 EasyHook 存储库中的示例,我只是不确定我需要替换哪个 windows 函数才能实现此目的。
或者如果有另一种方法也可以。
示例(无效):
Program.cs
using System;
using System.Text.RegularExpressions;
using EasyHook;
namespace AutoMaximize
{
internal class Program
{
private static void Main(string[] args)
{
WindowFinder wf = new WindowFinder();
PInvoke.HWND hwnd = new PInvoke.HWND();
wf.FindWindows(
new PInvoke.HWND(),
new Regex(@"Notepad\+\+"),
null,
null,
delegate(PInvoke.HWND wnd)
{
hwnd = wnd;
return true;
});
uint processId = 0;
PInvoke.GetWindowThreadProcessId(hwnd, out processId);
try
{
RemoteHooking.Inject((int) processId, InjectionOptions.Default, "AutoMaximizeInject_x86.dll", "AutoMaximizeInject_x64.dll");
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
}
}
}
AutoMaximizeInject.cs
using System;
using EasyHook;
namespace AutoMaximize
{
public class AutoMaximizeInject : IEntryPoint
{
#region Delegates
public delegate int DShowWindow(IntPtr hWnd, int nCmdShow);
#endregion
public LocalHook ShowWindowHook = null;
public AutoMaximizeInject(RemoteHooking.IContext inContext, string inChannelName) { }
public void Run(RemoteHooking.IContext inContext, string inArg)
{
try
{
ShowWindowHook = LocalHook.Create(LocalHook.GetProcAddress("user32.dll", "ShowWindow"), new DShowWindow(ShowWindowHooked), this);
/*
* Don't forget that all hooks will start deaktivated...
* The following ensures that all threads are intercepted:
*/
ShowWindowHook.ThreadACL.SetExclusiveACL(new Int32[1]);
}
catch (Exception)
{
}
}
public static int ShowWindowHooked(IntPtr hWnd, int nCmdShow)
{
try
{
switch (nCmdShow)
{
case PInvoke.SW_FORCEMINIMIZE:
case PInvoke.SW_HIDE:
case PInvoke.SW_MAXIMIZE:
case PInvoke.SW_MINIMIZE:
case PInvoke.SW_NORMAL:
case PInvoke.SW_RESTORE:
case PInvoke.SW_SHOW:
case PInvoke.SW_SHOWDEFAULT:
case PInvoke.SW_SHOWMINIMIZED:
case PInvoke.SW_SHOWMINNOACTIVE:
case PInvoke.SW_SHOWNA:
case PInvoke.SW_SHOWNOACTIVATE:
case PInvoke.SW_SMOOTHSCROLL:
nCmdShow = PInvoke.SW_MAXIMIZE;
break;
}
}
catch (Exception)
{
}
return PInvoke.ShowWindow(hWnd, nCmdShow);
}
}
}
现在我没有列出的 PInvoke 东西我知道我在其他程序中使用它。当前的问题是 EasyHook 崩溃。WOW64Bypass.Install() 函数它尝试 运行 "EasyHook64Svc.exe" 的过程正在崩溃。
我不确定是我做错了什么还是 EasyHook 错误。如果有人能告诉我是哪一个,那会很有帮助。
我使用 Deviare 修改了 PrintLogger 示例以实现简单的挂钩。
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Windows.Forms;
using Nektra.Deviare2;
namespace PrintLogger
{
public partial class PrintLogger : Form
{
private NktSpyMgr _spyMgr;
private NktProcess _process;
public PrintLogger()
{
InitializeComponent();
_spyMgr = new NktSpyMgr();
_spyMgr.Initialize();
_spyMgr.OnFunctionCalled += new DNktSpyMgrEvents_OnFunctionCalledEventHandler(OnFunctionCalled);
GetProcess("notepad++.exe");
if (_process == null)
{
MessageBox.Show("Please start \"notepad++.exe\" before!", "Error");
Environment.Exit(0);
}
}
private void PrintLogger_Load(object sender, EventArgs e)
{
NktHook hook = _spyMgr.CreateHook("user32.dll!ShowWindow", (int)(eNktHookFlags.flgOnlyPostCall));
hook.Hook(true);
hook.Attach(_process, true);
}
private bool GetProcess(string proccessName)
{
NktProcessesEnum enumProcess = _spyMgr.Processes();
NktProcess tempProcess = enumProcess.First();
while (tempProcess != null)
{
if (tempProcess.Name.Equals(proccessName, StringComparison.InvariantCultureIgnoreCase) && tempProcess.PlatformBits > 0 && tempProcess.PlatformBits <= IntPtr.Size * 8)
{
_process = tempProcess;
return true;
}
tempProcess = enumProcess.Next();
}
_process = null;
return false;
}
private void OnFunctionCalled(NktHook hook, NktProcess process, NktHookCallInfo hookCallInfo)
{
Output(hook.FunctionName + "( ");
bool first = true;
foreach (INktParam param in hookCallInfo.Params())
{
if (first)
first = false;
else
{
Output(", ");
}
Output(param.Name + " = " + param.Value.ToString());
}
Output(" )" + Environment.NewLine);
}
public delegate void OutputDelegate(string strOutput);
private void Output(string strOutput)
{
if (InvokeRequired)
BeginInvoke(new OutputDelegate(Output), strOutput);
else
textOutput.AppendText(strOutput);
}
}
}
我正在尝试编写一个简单的东西来防止第三方应用程序能够最小化。我将使用 EasyHook,因为我认为这是最简单的方法。
我的代码将使用 C#。我一直在查看 EasyHook 存储库中的示例,我只是不确定我需要替换哪个 windows 函数才能实现此目的。
或者如果有另一种方法也可以。
示例(无效):
Program.cs
using System;
using System.Text.RegularExpressions;
using EasyHook;
namespace AutoMaximize
{
internal class Program
{
private static void Main(string[] args)
{
WindowFinder wf = new WindowFinder();
PInvoke.HWND hwnd = new PInvoke.HWND();
wf.FindWindows(
new PInvoke.HWND(),
new Regex(@"Notepad\+\+"),
null,
null,
delegate(PInvoke.HWND wnd)
{
hwnd = wnd;
return true;
});
uint processId = 0;
PInvoke.GetWindowThreadProcessId(hwnd, out processId);
try
{
RemoteHooking.Inject((int) processId, InjectionOptions.Default, "AutoMaximizeInject_x86.dll", "AutoMaximizeInject_x64.dll");
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
}
}
}
AutoMaximizeInject.cs
using System;
using EasyHook;
namespace AutoMaximize
{
public class AutoMaximizeInject : IEntryPoint
{
#region Delegates
public delegate int DShowWindow(IntPtr hWnd, int nCmdShow);
#endregion
public LocalHook ShowWindowHook = null;
public AutoMaximizeInject(RemoteHooking.IContext inContext, string inChannelName) { }
public void Run(RemoteHooking.IContext inContext, string inArg)
{
try
{
ShowWindowHook = LocalHook.Create(LocalHook.GetProcAddress("user32.dll", "ShowWindow"), new DShowWindow(ShowWindowHooked), this);
/*
* Don't forget that all hooks will start deaktivated...
* The following ensures that all threads are intercepted:
*/
ShowWindowHook.ThreadACL.SetExclusiveACL(new Int32[1]);
}
catch (Exception)
{
}
}
public static int ShowWindowHooked(IntPtr hWnd, int nCmdShow)
{
try
{
switch (nCmdShow)
{
case PInvoke.SW_FORCEMINIMIZE:
case PInvoke.SW_HIDE:
case PInvoke.SW_MAXIMIZE:
case PInvoke.SW_MINIMIZE:
case PInvoke.SW_NORMAL:
case PInvoke.SW_RESTORE:
case PInvoke.SW_SHOW:
case PInvoke.SW_SHOWDEFAULT:
case PInvoke.SW_SHOWMINIMIZED:
case PInvoke.SW_SHOWMINNOACTIVE:
case PInvoke.SW_SHOWNA:
case PInvoke.SW_SHOWNOACTIVATE:
case PInvoke.SW_SMOOTHSCROLL:
nCmdShow = PInvoke.SW_MAXIMIZE;
break;
}
}
catch (Exception)
{
}
return PInvoke.ShowWindow(hWnd, nCmdShow);
}
}
}
现在我没有列出的 PInvoke 东西我知道我在其他程序中使用它。当前的问题是 EasyHook 崩溃。WOW64Bypass.Install() 函数它尝试 运行 "EasyHook64Svc.exe" 的过程正在崩溃。
我不确定是我做错了什么还是 EasyHook 错误。如果有人能告诉我是哪一个,那会很有帮助。
我使用 Deviare 修改了 PrintLogger 示例以实现简单的挂钩。
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Windows.Forms;
using Nektra.Deviare2;
namespace PrintLogger
{
public partial class PrintLogger : Form
{
private NktSpyMgr _spyMgr;
private NktProcess _process;
public PrintLogger()
{
InitializeComponent();
_spyMgr = new NktSpyMgr();
_spyMgr.Initialize();
_spyMgr.OnFunctionCalled += new DNktSpyMgrEvents_OnFunctionCalledEventHandler(OnFunctionCalled);
GetProcess("notepad++.exe");
if (_process == null)
{
MessageBox.Show("Please start \"notepad++.exe\" before!", "Error");
Environment.Exit(0);
}
}
private void PrintLogger_Load(object sender, EventArgs e)
{
NktHook hook = _spyMgr.CreateHook("user32.dll!ShowWindow", (int)(eNktHookFlags.flgOnlyPostCall));
hook.Hook(true);
hook.Attach(_process, true);
}
private bool GetProcess(string proccessName)
{
NktProcessesEnum enumProcess = _spyMgr.Processes();
NktProcess tempProcess = enumProcess.First();
while (tempProcess != null)
{
if (tempProcess.Name.Equals(proccessName, StringComparison.InvariantCultureIgnoreCase) && tempProcess.PlatformBits > 0 && tempProcess.PlatformBits <= IntPtr.Size * 8)
{
_process = tempProcess;
return true;
}
tempProcess = enumProcess.Next();
}
_process = null;
return false;
}
private void OnFunctionCalled(NktHook hook, NktProcess process, NktHookCallInfo hookCallInfo)
{
Output(hook.FunctionName + "( ");
bool first = true;
foreach (INktParam param in hookCallInfo.Params())
{
if (first)
first = false;
else
{
Output(", ");
}
Output(param.Name + " = " + param.Value.ToString());
}
Output(" )" + Environment.NewLine);
}
public delegate void OutputDelegate(string strOutput);
private void Output(string strOutput)
{
if (InvokeRequired)
BeginInvoke(new OutputDelegate(Output), strOutput);
else
textOutput.AppendText(strOutput);
}
}
}