我需要什么功能挂钩(使用简单的钩子)以防止最小化第三方应用程序
本文关键字:应用程序 第三方 最小化 什么 功能 简单 | 更新日期: 2023-09-27 18:37:26
我正在尝试编写一个简单的东西,以防止第三方应用程序能够最小化。我将使用EasyHook,因为我认为这是最简单的方法。
我的代码将使用 C#。我一直在查看 EasyHook 存储库中的示例,我只是不确定我需要替换哪个窗口函数才能实现这一点。
或者,如果有另一种方法可以做到这一点,那也很好。
示例(不起作用):
程序.cs
using System;
using System.Text.RegularExpressions;
using EasyHook;
namespace AutoMaximize
{
internal class Program
{
private static void Main(string[] args)
{
WindowFinder wf = new WindowFinder();
PInvoke.HWND hwnd = new PInvoke.HWND();
wf.FindWindows(
new PInvoke.HWND(),
new Regex(@"Notepad'+'+"),
null,
null,
delegate(PInvoke.HWND wnd)
{
hwnd = wnd;
return true;
});
uint processId = 0;
PInvoke.GetWindowThreadProcessId(hwnd, out processId);
try
{
RemoteHooking.Inject((int) processId, InjectionOptions.Default, "AutoMaximizeInject_x86.dll", "AutoMaximizeInject_x64.dll");
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
}
}
}
自动最大化注入.cs
using System;
using EasyHook;
namespace AutoMaximize
{
public class AutoMaximizeInject : IEntryPoint
{
#region Delegates
public delegate int DShowWindow(IntPtr hWnd, int nCmdShow);
#endregion
public LocalHook ShowWindowHook = null;
public AutoMaximizeInject(RemoteHooking.IContext inContext, string inChannelName) { }
public void Run(RemoteHooking.IContext inContext, string inArg)
{
try
{
ShowWindowHook = LocalHook.Create(LocalHook.GetProcAddress("user32.dll", "ShowWindow"), new DShowWindow(ShowWindowHooked), this);
/*
* Don't forget that all hooks will start deaktivated...
* The following ensures that all threads are intercepted:
*/
ShowWindowHook.ThreadACL.SetExclusiveACL(new Int32[1]);
}
catch (Exception)
{
}
}
public static int ShowWindowHooked(IntPtr hWnd, int nCmdShow)
{
try
{
switch (nCmdShow)
{
case PInvoke.SW_FORCEMINIMIZE:
case PInvoke.SW_HIDE:
case PInvoke.SW_MAXIMIZE:
case PInvoke.SW_MINIMIZE:
case PInvoke.SW_NORMAL:
case PInvoke.SW_RESTORE:
case PInvoke.SW_SHOW:
case PInvoke.SW_SHOWDEFAULT:
case PInvoke.SW_SHOWMINIMIZED:
case PInvoke.SW_SHOWMINNOACTIVE:
case PInvoke.SW_SHOWNA:
case PInvoke.SW_SHOWNOACTIVATE:
case PInvoke.SW_SMOOTHSCROLL:
nCmdShow = PInvoke.SW_MAXIMIZE;
break;
}
}
catch (Exception)
{
}
return PInvoke.ShowWindow(hWnd, nCmdShow);
}
}
}
现在,我没有列出我知道的 PInvoke 东西可以在其他程序中使用它。当前的问题是EasyHook.WOW64Bypass.Install()函数崩溃,它尝试运行"EasyHook64Svc.exe"的进程崩溃了。
我不确定我是否做错了什么,或者这是否是 EasyHook 错误。如果有人能让知道是哪个,那会有很大帮助。
使用Deviare,我设法修改了PrintLogger示例以实现一个简单的钩子。
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Windows.Forms;
using Nektra.Deviare2;
namespace PrintLogger
{
public partial class PrintLogger : Form
{
private NktSpyMgr _spyMgr;
private NktProcess _process;
public PrintLogger()
{
InitializeComponent();
_spyMgr = new NktSpyMgr();
_spyMgr.Initialize();
_spyMgr.OnFunctionCalled += new DNktSpyMgrEvents_OnFunctionCalledEventHandler(OnFunctionCalled);
GetProcess("notepad++.exe");
if (_process == null)
{
MessageBox.Show("Please start '"notepad++.exe'" before!", "Error");
Environment.Exit(0);
}
}
private void PrintLogger_Load(object sender, EventArgs e)
{
NktHook hook = _spyMgr.CreateHook("user32.dll!ShowWindow", (int)(eNktHookFlags.flgOnlyPostCall));
hook.Hook(true);
hook.Attach(_process, true);
}
private bool GetProcess(string proccessName)
{
NktProcessesEnum enumProcess = _spyMgr.Processes();
NktProcess tempProcess = enumProcess.First();
while (tempProcess != null)
{
if (tempProcess.Name.Equals(proccessName, StringComparison.InvariantCultureIgnoreCase) && tempProcess.PlatformBits > 0 && tempProcess.PlatformBits <= IntPtr.Size * 8)
{
_process = tempProcess;
return true;
}
tempProcess = enumProcess.Next();
}
_process = null;
return false;
}
private void OnFunctionCalled(NktHook hook, NktProcess process, NktHookCallInfo hookCallInfo)
{
Output(hook.FunctionName + "( ");
bool first = true;
foreach (INktParam param in hookCallInfo.Params())
{
if (first)
first = false;
else
{
Output(", ");
}
Output(param.Name + " = " + param.Value.ToString());
}
Output(" )" + Environment.NewLine);
}
public delegate void OutputDelegate(string strOutput);
private void Output(string strOutput)
{
if (InvokeRequired)
BeginInvoke(new OutputDelegate(Output), strOutput);
else
textOutput.AppendText(strOutput);
}
}
}