无法使用 SetWindowsHookEx 和注入的 DLL 连接到 Microsoft Store 应用程序
Can not hook into Microsoft Store Application with SetWindowsHookEx and injected DLL
我正在尝试检索输入消息。首先,我尝试在全球范围内执行此操作,但 api 表示不会注入 Microsoft Store 应用程序。所以我尝试了一种特定于应用程序的方法,该方法适用于记事本应用程序,但不适用于 Microsoft Whiteboard 应用程序,这让我觉得它毕竟不可能。
注入的 DLL:
// dllmain.cpp : Defines the entry point for the DLL application.
#include "pch.h"
#pragma data_seg("Shared")
#pragma data_seg()
#pragma comment(linker,"/section:Shared,rws")
#include <windows.h>
#include <stdio.h>
HHOOK tHook;
extern "C" __declspec(dllexport) int meconnect(int code, WPARAM wParam, LPARAM lParam) {
BOOL EnableMouseInPointer = TRUE;
if (code == HC_ACTION) {
LPMSG data = (LPMSG)lParam;
if (data->message == WM_KEYDOWN || data->message == WM_POINTERUPDATE) {
MessageBoxA(NULL, "Hi", NULL, 0);
}
}
return(CallNextHookEx(tHook, code, wParam, lParam));
}
Python申请代码:
import ctypes
import os
from ctypes import *
from ctypes.wintypes import *
user32 = WinDLL('user32', use_last_error=True)
kernel32 = ctypes.WinDLL('kernel32', use_last_error=True)
user32.EnableMouseInPointer(True)
HC_ACTION = 0
WH_MOUSE_LL = 14
WH_KEYBOARD_LL = 13
WH_GETMESSAGE = 3
WH_CALLWNDPROC = 4
def errcheck_bool(result, func, args):
if not result:
raise WinError(get_last_error())
return args
user32.SetWindowsHookExA.errcheck = errcheck_bool
user32.SetWindowsHookExA.restype = HHOOK
user32.SetWindowsHookExA.argtypes = (c_int, # _In_ idHook
HOOKPROC, # _In_ lpfn
HINSTANCE, # _In_ hMod
DWORD) # _In_ dwThreadId
user32.CallNextHookEx.restype = LRESULT
user32.CallNextHookEx.argtypes = (HHOOK, # _In_opt_ hhk
c_int, # _In_ nCode
WPARAM, # _In_ wParam
LPARAM) # _In_ lParam
user32.GetMessageW.argtypes = (LPMSG, # _Out_ lpMsg
HWND, # _In_opt_ hWnd
UINT, # _In_ wMsgFilterMin
UINT) # _In_ wMsgFilterMax
user32.TranslateMessage.argtypes = (LPMSG,)
user32.DispatchMessageW.argtypes = (LPMSG,)
GetModuleHandle = ctypes.windll.kernel32.GetModuleHandleA
GetModuleHandle.restype = POINTER(c_void_p)
LoadLibrary = ctypes.windll.kernel32.LoadLibraryA
LoadLibrary.restype = HINSTANCE
GetProcAddress = ctypes.windll.kernel32.GetProcAddress
GetProcAddress.restype = HOOKPROC
user32.GetWindowThreadProcessId.restype = DWORD
def pointer_msg_loop():
dll_name = 'Dll.dll'
dll_abspath = os.path.abspath(os.path.join(os.path.dirname(__file__), '.', dll_name))
print(dll_abspath)
lib = LoadLibrary('C:\Users\Braun\Documents\Git Kraken\ba-oliver-braun-logging-tool-code\MessagesDll\x64\Debug\HOOKDLL.dll')
handle = GetModuleHandle('C:\Users\Braun\Documents\Git Kraken\ba-oliver-braun-logging-tool-code\MessagesDll\x64\Debug\HOOKDLL.dll')
print(lib)
print(handle)
procedure = GetProcAddress(handle, "meconnect")
print(procedure)
if (procedure):
print('correct value procedure')
white = user32.FindWindowA(None, 'Microsoft Whiteboard')
print(white)
threadId = user32.GetWindowThreadProcessId(white, None)
tHook = user32.SetWindowsHookExA(WH_GETMESSAGE, procedure, lib, threadId)
time.sleep(30)
user32.UnhookWindowsHookEx(tHook)
print(tHook)
msg = MSG()
while True:
bRet = user32.GetMessageW(byref(msg), None, 0, 0)
if not bRet:
break
if bRet == -1:
raise WinError(get_last_error())
user32.TranslateMessage(byref(msg))
user32.DispatchMessageW(byref(msg))
if __name__ == '__main__':
import time
import datetime
import threading
startTime = datetime.datetime.now()
#print(ctypes.windll.user32.GetSystemMetrics(94))
#tmouse = threading.Thread(target=mouse_msg_loop)
#tkeyboard = threading.Thread(target=keyboard_msg_loop)
ttouch = threading.Thread(target=pointer_msg_loop)
#tmouse.start()
#tkeyboard.start()
ttouch.start()
while True:
try:
time.sleep(1)
except KeyboardInterrupt:
# user32.PostThreadMessageW(tmouse.ident, WM_QUIT, 0, 0)
break
Windows Store app development If dwThreadId is zero, then window hook DLLs are not loaded in-process for the Windows Store app
processes and the Windows Runtime broker process unless they are
installed by either UIAccess processes (accessibility tools). The
notification is delivered on the installer's thread for these hooks:
- WH_JOURNALPLAYBACK
- WH_JOURNALRECORD
- WH_KEYBOARD
- WH_KEYBOARD_LL
- WH_MOUSE
- WH_MOUSE_LL
This behavior is similar to what happens when there is an architecture
mismatch between the hook DLL and the target application process, for
example, when the hook DLL is 32-bit and the application process
64-bit.
doc指出,除了上面提到的钩子,其他钩子不能应用到Windows商店应用程序。
我正在尝试检索输入消息。首先,我尝试在全球范围内执行此操作,但 api 表示不会注入 Microsoft Store 应用程序。所以我尝试了一种特定于应用程序的方法,该方法适用于记事本应用程序,但不适用于 Microsoft Whiteboard 应用程序,这让我觉得它毕竟不可能。
注入的 DLL:
// dllmain.cpp : Defines the entry point for the DLL application.
#include "pch.h"
#pragma data_seg("Shared")
#pragma data_seg()
#pragma comment(linker,"/section:Shared,rws")
#include <windows.h>
#include <stdio.h>
HHOOK tHook;
extern "C" __declspec(dllexport) int meconnect(int code, WPARAM wParam, LPARAM lParam) {
BOOL EnableMouseInPointer = TRUE;
if (code == HC_ACTION) {
LPMSG data = (LPMSG)lParam;
if (data->message == WM_KEYDOWN || data->message == WM_POINTERUPDATE) {
MessageBoxA(NULL, "Hi", NULL, 0);
}
}
return(CallNextHookEx(tHook, code, wParam, lParam));
}
Python申请代码:
import ctypes
import os
from ctypes import *
from ctypes.wintypes import *
user32 = WinDLL('user32', use_last_error=True)
kernel32 = ctypes.WinDLL('kernel32', use_last_error=True)
user32.EnableMouseInPointer(True)
HC_ACTION = 0
WH_MOUSE_LL = 14
WH_KEYBOARD_LL = 13
WH_GETMESSAGE = 3
WH_CALLWNDPROC = 4
def errcheck_bool(result, func, args):
if not result:
raise WinError(get_last_error())
return args
user32.SetWindowsHookExA.errcheck = errcheck_bool
user32.SetWindowsHookExA.restype = HHOOK
user32.SetWindowsHookExA.argtypes = (c_int, # _In_ idHook
HOOKPROC, # _In_ lpfn
HINSTANCE, # _In_ hMod
DWORD) # _In_ dwThreadId
user32.CallNextHookEx.restype = LRESULT
user32.CallNextHookEx.argtypes = (HHOOK, # _In_opt_ hhk
c_int, # _In_ nCode
WPARAM, # _In_ wParam
LPARAM) # _In_ lParam
user32.GetMessageW.argtypes = (LPMSG, # _Out_ lpMsg
HWND, # _In_opt_ hWnd
UINT, # _In_ wMsgFilterMin
UINT) # _In_ wMsgFilterMax
user32.TranslateMessage.argtypes = (LPMSG,)
user32.DispatchMessageW.argtypes = (LPMSG,)
GetModuleHandle = ctypes.windll.kernel32.GetModuleHandleA
GetModuleHandle.restype = POINTER(c_void_p)
LoadLibrary = ctypes.windll.kernel32.LoadLibraryA
LoadLibrary.restype = HINSTANCE
GetProcAddress = ctypes.windll.kernel32.GetProcAddress
GetProcAddress.restype = HOOKPROC
user32.GetWindowThreadProcessId.restype = DWORD
def pointer_msg_loop():
dll_name = 'Dll.dll'
dll_abspath = os.path.abspath(os.path.join(os.path.dirname(__file__), '.', dll_name))
print(dll_abspath)
lib = LoadLibrary('C:\Users\Braun\Documents\Git Kraken\ba-oliver-braun-logging-tool-code\MessagesDll\x64\Debug\HOOKDLL.dll')
handle = GetModuleHandle('C:\Users\Braun\Documents\Git Kraken\ba-oliver-braun-logging-tool-code\MessagesDll\x64\Debug\HOOKDLL.dll')
print(lib)
print(handle)
procedure = GetProcAddress(handle, "meconnect")
print(procedure)
if (procedure):
print('correct value procedure')
white = user32.FindWindowA(None, 'Microsoft Whiteboard')
print(white)
threadId = user32.GetWindowThreadProcessId(white, None)
tHook = user32.SetWindowsHookExA(WH_GETMESSAGE, procedure, lib, threadId)
time.sleep(30)
user32.UnhookWindowsHookEx(tHook)
print(tHook)
msg = MSG()
while True:
bRet = user32.GetMessageW(byref(msg), None, 0, 0)
if not bRet:
break
if bRet == -1:
raise WinError(get_last_error())
user32.TranslateMessage(byref(msg))
user32.DispatchMessageW(byref(msg))
if __name__ == '__main__':
import time
import datetime
import threading
startTime = datetime.datetime.now()
#print(ctypes.windll.user32.GetSystemMetrics(94))
#tmouse = threading.Thread(target=mouse_msg_loop)
#tkeyboard = threading.Thread(target=keyboard_msg_loop)
ttouch = threading.Thread(target=pointer_msg_loop)
#tmouse.start()
#tkeyboard.start()
ttouch.start()
while True:
try:
time.sleep(1)
except KeyboardInterrupt:
# user32.PostThreadMessageW(tmouse.ident, WM_QUIT, 0, 0)
break
Windows Store app development If dwThreadId is zero, then window hook DLLs are not loaded in-process for the Windows Store app processes and the Windows Runtime broker process unless they are installed by either UIAccess processes (accessibility tools). The notification is delivered on the installer's thread for these hooks:
- WH_JOURNALPLAYBACK
- WH_JOURNALRECORD
- WH_KEYBOARD
- WH_KEYBOARD_LL
- WH_MOUSE
- WH_MOUSE_LL
This behavior is similar to what happens when there is an architecture mismatch between the hook DLL and the target application process, for example, when the hook DLL is 32-bit and the application process 64-bit.
doc指出,除了上面提到的钩子,其他钩子不能应用到Windows商店应用程序。