vfp 回调
场景:
VFP+ASM设置SetWindowsHookEx的回调函数
此帖子是根据老孙(者行孙)http://hi.baidu.com/myvfp/的基础上改写的.
参与者:猫猫(ydks_qz ) ,本人
此例子可以作为VFP编写回调函数,舍去fll ,dll的例子 .因为还不完事 .测试有问题的可以在这帖子后续反馈.
以下的代码简介:
给本地进程设置键盘钩子 .通过钩子可以改善VFP的编辑器,智能感知等等作用...
二进制代码反汇编结果如下:
*-- 参考资料
*-- http://zhidao.baidu.com/question/30896105.html
*-- http://hi.baidu.com/myvfp/blog/item/a2160551c1e0a12342a75b9f.html
*-- http://zbc01.gjjblog.com/archives/721247/
Declare Long LoadLibrary In "Kernel32.dll" ;
String lpszLibFile
Declare Long FreeLibrary In "Kernel32.dll" ;
Long hLibModule
Declare Long GetProcAddress In "Kernel32.dll" ;
Long hModule, String lpProcName
Declare Long GetProcessHeap In "Kernel32.dll"
Declare Long HeapCreate In "Kernel32.dll" ;
Long flOptions, Long dwInitialSize, Long dwMaximumSize
Declare Long HeapDestroy In "Kernel32.dll" ;
Long hHeap
Declare Long HeapAlloc In "Kernel32.dll" ;
Long hHeap, Long dwFlags, Long dwBytes
Declare Long HeapFree In "Kernel32.dll" ;
Long hHeap, Long dwFlags, Long dwBytes
Local lcHookCmd, lpHookCmd, lhHeap, lhModule
Local lpSwprintf, lpSysAlloc, lpSysFree
Local lcHookBinCode, lpHookAddress
lcHookCmd = StrConv("KeyHook(%d, %d, %d)" + Chr(0), 5)
* lhHeap = GetProcessHeap()
lhHeap = HeapCreate(0, 512*8, 512*8)
lpHookCmd = HeapAlloc(m.lhHeap, 0, Len(m.lcHookCmd))
Sys(2600, m.lpHookCmd, Len(m.lcHookCmd), m.lcHookCmd)
lhModule = LoadLibrary("msvcrt")
lpSwprintf = GetProcAddress(m.lhModule, "swprintf")
FreeLibrary(m.lhModule)
lhModule = LoadLibrary("oleaut32")
lpSysAlloc = GetProcAddress(m.lhModule, "SysAllocString" )
lpSysFree = GetProcAddress(m.lhModule, "SysFreeString")
FreeLibrary(m.lhModule)
lcHookBinCode ;
= 0h55 ; && PUSH EBP
+ 0h8BEC ; && MOV EBP,ESP
+ 0h81EC60000000 ; && SUB ESP,00000080h
+ 0h8B4508 ; && MOV EAX,[EBP+08h]
+ 0h50 ; && PUSH EAX
+ 0hB8 + BinToC(m.lpHookCmd, "4rs") ; && MOV EAX,[lpHookCmd]
+ 0h50 ; && PUSH EAX
+ 0h8D45A0 ; && LEA EAX,[EBP-60h]
+ 0h50 ; && PUSH EAX
+ 0hB8 + BinToC(m.lpSwprintf, "4rs") ; && MOV EAX,[lpSwprintf]
+ 0hFFD0 ; && CALL EAX
+ 0h83C40C ; && ADD ESP,0Ch -- 调用 swfprintf 需要自动恢复堆栈指针
+ 0h8D45A0 ; && LEA EAX,[EBP-60h]
+ 0h50 ; && PUSH EAX
+ 0hB8 + BinToC(m.lpSysAlloc, "4rs") ; && MOV EAX,[lpSysAlloc]
+ 0hFFD0 ; && CALL EAX
+ 0h8945F0 ; && MOV [EBP-10h],EAX
+ 0h50 ; && PUSH EAX
+ 0hB8 + BinToC(Sys(3095, _vfp), "4rs") ; && MOV EAX,[Sys(3095, _vfp)]
+ 0h50 ; && PUSH EAX
+ 0h8B00 ; && MOV EAX,[EAX]
+ 0h0584000000 ; && ADD EAX,00000084h
+ 0hFF10 ; && CALL [EAX]
+ 0h83F800 ; && CMP EAX,00h
+ 0hB8 + BinToC(m.lpSysFree, "4rs") ; && MOV EAX,[lpSysFree]
+ 0hFFD0 ; && CALL EAX
+ 0hB800000000 ; && MOV EAX,00000000h
+ 0h8BE5 ; && MOV ESP,EBP
+ 0h5D ; && POP EBP
+ 0hC20800 && RET 0008h
lpHookAddress = HeapAlloc(m.lhHeap, 0, Len(m.lcHookBinCode))
Sys(2600, m.lpHookAddress, Len(m.lcHookBinCode), m.lcHookBinCode)
#define WH_KEYBOARD 2
Declare Long SetWindowsHookEx In "User32.dll" Long, Long, Long, Long
Declare Long GetWindowThreadProcessId in user32 ;
Long hwnd, ;
Long @lpdwProcId
Public hh, cc, th
cc = 0
th = 0
th = GetWindowThreadProcessId(_vfp.hWnd ,@cc)
hh = SetWindowsHookEx(WH_KEYBOARD, m.lpHookAddress, 0, th)
?'hook handle' ,hh ,th
Return
Function KeyHook
LPARAMETERS ncode ,wp ,lp
* Activate Screen
? Time(), Seconds() ,ncode ,wp ,lp
EndFunc
------解决方案--------------------
多谢分享!
------解决方案--------------------
th = GetWindowThreadProcessId(_vfp.hWnd ,@cc)
直接用:_VFP.ThreadId就可以了
这个回调哪天我还是自己解释下吧,估计你这样解释别人还是看不懂!
------解决方案--------------------
很是高深啊!目前还看不懂,等待后续的讨论。
VFP+ASM设置SetWindowsHookEx的回调函数
此帖子是根据老孙(者行孙)http://hi.baidu.com/myvfp/的基础上改写的.
参与者:猫猫(ydks_qz ) ,本人
此例子可以作为VFP编写回调函数,舍去fll ,dll的例子 .因为还不完事 .测试有问题的可以在这帖子后续反馈.
以下的代码简介:
给本地进程设置键盘钩子 .通过钩子可以改善VFP的编辑器,智能感知等等作用...
二进制代码反汇编结果如下:
- Assembly code
55 PUSH EBP 8BEC MOV EBP,ESP 81EC 60000000 SUB ESP,60 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8] 50 PUSH EAX B8 8806D401 MOV EAX,1D40688 50 PUSH EAX 8D45 A0 LEA EAX,DWORD PTR SS:[EBP-60] 50 PUSH EAX B8 C8F9C077 MOV EAX,msvcrt.swprintf FFD0 CALL EAX 83C4 0C ADD ESP,0C 8D45 A0 LEA EAX,DWORD PTR SS:[EBP-60] 50 PUSH EAX B8 C24B0F77 MOV EAX,770F4BC2 FFD0 CALL EAX 8945 F0 MOV DWORD PTR SS:[EBP-10],EAX 50 PUSH EAX B8 341B0A01 MOV EAX,10A1B34 50 PUSH EAX 8B00 MOV EAX,DWORD PTR DS:[EAX] 05 84000000 ADD EAX,84 FF10 CALL DWORD PTR DS:[EAX] 83F8 00 CMP EAX,0 B8 50480F77 MOV EAX,770F4850 FFD0 CALL EAX B8 00000000 MOV EAX,0 8BE5 MOV ESP,EBP 5D POP EBP C2 0800 RETN 8
*-- 参考资料
*-- http://zhidao.baidu.com/question/30896105.html
*-- http://hi.baidu.com/myvfp/blog/item/a2160551c1e0a12342a75b9f.html
*-- http://zbc01.gjjblog.com/archives/721247/
Declare Long LoadLibrary In "Kernel32.dll" ;
String lpszLibFile
Declare Long FreeLibrary In "Kernel32.dll" ;
Long hLibModule
Declare Long GetProcAddress In "Kernel32.dll" ;
Long hModule, String lpProcName
Declare Long GetProcessHeap In "Kernel32.dll"
Declare Long HeapCreate In "Kernel32.dll" ;
Long flOptions, Long dwInitialSize, Long dwMaximumSize
Declare Long HeapDestroy In "Kernel32.dll" ;
Long hHeap
Declare Long HeapAlloc In "Kernel32.dll" ;
Long hHeap, Long dwFlags, Long dwBytes
Declare Long HeapFree In "Kernel32.dll" ;
Long hHeap, Long dwFlags, Long dwBytes
Local lcHookCmd, lpHookCmd, lhHeap, lhModule
Local lpSwprintf, lpSysAlloc, lpSysFree
Local lcHookBinCode, lpHookAddress
lcHookCmd = StrConv("KeyHook(%d, %d, %d)" + Chr(0), 5)
* lhHeap = GetProcessHeap()
lhHeap = HeapCreate(0, 512*8, 512*8)
lpHookCmd = HeapAlloc(m.lhHeap, 0, Len(m.lcHookCmd))
Sys(2600, m.lpHookCmd, Len(m.lcHookCmd), m.lcHookCmd)
lhModule = LoadLibrary("msvcrt")
lpSwprintf = GetProcAddress(m.lhModule, "swprintf")
FreeLibrary(m.lhModule)
lhModule = LoadLibrary("oleaut32")
lpSysAlloc = GetProcAddress(m.lhModule, "SysAllocString" )
lpSysFree = GetProcAddress(m.lhModule, "SysFreeString")
FreeLibrary(m.lhModule)
lcHookBinCode ;
= 0h55 ; && PUSH EBP
+ 0h8BEC ; && MOV EBP,ESP
+ 0h81EC60000000 ; && SUB ESP,00000080h
+ 0h8B4508 ; && MOV EAX,[EBP+08h]
+ 0h50 ; && PUSH EAX
+ 0hB8 + BinToC(m.lpHookCmd, "4rs") ; && MOV EAX,[lpHookCmd]
+ 0h50 ; && PUSH EAX
+ 0h8D45A0 ; && LEA EAX,[EBP-60h]
+ 0h50 ; && PUSH EAX
+ 0hB8 + BinToC(m.lpSwprintf, "4rs") ; && MOV EAX,[lpSwprintf]
+ 0hFFD0 ; && CALL EAX
+ 0h83C40C ; && ADD ESP,0Ch -- 调用 swfprintf 需要自动恢复堆栈指针
+ 0h8D45A0 ; && LEA EAX,[EBP-60h]
+ 0h50 ; && PUSH EAX
+ 0hB8 + BinToC(m.lpSysAlloc, "4rs") ; && MOV EAX,[lpSysAlloc]
+ 0hFFD0 ; && CALL EAX
+ 0h8945F0 ; && MOV [EBP-10h],EAX
+ 0h50 ; && PUSH EAX
+ 0hB8 + BinToC(Sys(3095, _vfp), "4rs") ; && MOV EAX,[Sys(3095, _vfp)]
+ 0h50 ; && PUSH EAX
+ 0h8B00 ; && MOV EAX,[EAX]
+ 0h0584000000 ; && ADD EAX,00000084h
+ 0hFF10 ; && CALL [EAX]
+ 0h83F800 ; && CMP EAX,00h
+ 0hB8 + BinToC(m.lpSysFree, "4rs") ; && MOV EAX,[lpSysFree]
+ 0hFFD0 ; && CALL EAX
+ 0hB800000000 ; && MOV EAX,00000000h
+ 0h8BE5 ; && MOV ESP,EBP
+ 0h5D ; && POP EBP
+ 0hC20800 && RET 0008h
lpHookAddress = HeapAlloc(m.lhHeap, 0, Len(m.lcHookBinCode))
Sys(2600, m.lpHookAddress, Len(m.lcHookBinCode), m.lcHookBinCode)
#define WH_KEYBOARD 2
Declare Long SetWindowsHookEx In "User32.dll" Long, Long, Long, Long
Declare Long GetWindowThreadProcessId in user32 ;
Long hwnd, ;
Long @lpdwProcId
Public hh, cc, th
cc = 0
th = 0
th = GetWindowThreadProcessId(_vfp.hWnd ,@cc)
hh = SetWindowsHookEx(WH_KEYBOARD, m.lpHookAddress, 0, th)
?'hook handle' ,hh ,th
Return
Function KeyHook
LPARAMETERS ncode ,wp ,lp
* Activate Screen
? Time(), Seconds() ,ncode ,wp ,lp
EndFunc
------解决方案--------------------
多谢分享!
------解决方案--------------------
th = GetWindowThreadProcessId(_vfp.hWnd ,@cc)
直接用:_VFP.ThreadId就可以了
这个回调哪天我还是自己解释下吧,估计你这样解释别人还是看不懂!
------解决方案--------------------
很是高深啊!目前还看不懂,等待后续的讨论。