不能使用SetWindowsHookEx和注入的DLL挂接到Microsoft商店应用程序



我正在尝试检索输入消息。首先,我尝试在全球范围内执行此操作,但 api 说不会注入Microsoft应用商店应用程序。所以我尝试了一种特定于应用程序的方法,该方法适用于记事本应用程序,但不适用于Microsoft白板应用程序,这让我认为这毕竟是不可能的。

注入的 DLL:

// dllmain.cpp : Defines the entry point for the DLL application.
#include "pch.h"
#pragma data_seg("Shared")
#pragma data_seg()
#pragma comment(linker,"/section:Shared,rws")
#include <windows.h>
#include <stdio.h>
HHOOK tHook;
extern "C" __declspec(dllexport) int meconnect(int code, WPARAM wParam, LPARAM lParam) {
BOOL EnableMouseInPointer = TRUE;
if (code == HC_ACTION) {
LPMSG data = (LPMSG)lParam;
if (data->message == WM_KEYDOWN || data->message == WM_POINTERUPDATE) {
MessageBoxA(NULL, "Hi", NULL, 0);
}
}
return(CallNextHookEx(tHook, code, wParam, lParam));
}

Python 应用程序代码:

import ctypes
import os
from ctypes import *
from ctypes.wintypes import *
user32 = WinDLL('user32', use_last_error=True)
kernel32 = ctypes.WinDLL('kernel32', use_last_error=True)
user32.EnableMouseInPointer(True)
HC_ACTION = 0
WH_MOUSE_LL = 14
WH_KEYBOARD_LL = 13
WH_GETMESSAGE = 3
WH_CALLWNDPROC = 4
def errcheck_bool(result, func, args):
if not result:
raise WinError(get_last_error())
return args
user32.SetWindowsHookExA.errcheck = errcheck_bool
user32.SetWindowsHookExA.restype = HHOOK
user32.SetWindowsHookExA.argtypes = (c_int,     # _In_ idHook
HOOKPROC,  # _In_ lpfn
HINSTANCE, # _In_ hMod
DWORD)     # _In_ dwThreadId
user32.CallNextHookEx.restype = LRESULT
user32.CallNextHookEx.argtypes = (HHOOK,  # _In_opt_ hhk
c_int,  # _In_     nCode
WPARAM, # _In_     wParam
LPARAM) # _In_     lParam
user32.GetMessageW.argtypes = (LPMSG, # _Out_    lpMsg
HWND,  # _In_opt_ hWnd
UINT,  # _In_     wMsgFilterMin
UINT)  # _In_     wMsgFilterMax
user32.TranslateMessage.argtypes = (LPMSG,)
user32.DispatchMessageW.argtypes = (LPMSG,)
GetModuleHandle = ctypes.windll.kernel32.GetModuleHandleA
GetModuleHandle.restype = POINTER(c_void_p)
LoadLibrary = ctypes.windll.kernel32.LoadLibraryA
LoadLibrary.restype = HINSTANCE
GetProcAddress = ctypes.windll.kernel32.GetProcAddress
GetProcAddress.restype = HOOKPROC
user32.GetWindowThreadProcessId.restype = DWORD
def pointer_msg_loop():
dll_name = 'Dll.dll'
dll_abspath = os.path.abspath(os.path.join(os.path.dirname(__file__), '.', dll_name))
print(dll_abspath)
lib = LoadLibrary('C:\Users\Braun\Documents\Git Kraken\ba-oliver-braun-logging-tool-code\MessagesDll\x64\Debug\HOOKDLL.dll')
handle = GetModuleHandle('C:\Users\Braun\Documents\Git Kraken\ba-oliver-braun-logging-tool-code\MessagesDll\x64\Debug\HOOKDLL.dll')
print(lib)
print(handle)
procedure = GetProcAddress(handle, "meconnect")
print(procedure)
if (procedure):
print('correct value procedure')
white = user32.FindWindowA(None, 'Microsoft Whiteboard')
print(white)
threadId = user32.GetWindowThreadProcessId(white, None)
tHook = user32.SetWindowsHookExA(WH_GETMESSAGE, procedure, lib, threadId)
time.sleep(30)
user32.UnhookWindowsHookEx(tHook)
print(tHook)
msg = MSG()
while True:
bRet = user32.GetMessageW(byref(msg), None, 0, 0)
if not bRet:
break
if bRet == -1:
raise WinError(get_last_error())
user32.TranslateMessage(byref(msg))
user32.DispatchMessageW(byref(msg))
if __name__ == '__main__':
import time
import datetime
import threading
startTime = datetime.datetime.now()
#print(ctypes.windll.user32.GetSystemMetrics(94))
#tmouse = threading.Thread(target=mouse_msg_loop)
#tkeyboard = threading.Thread(target=keyboard_msg_loop)
ttouch = threading.Thread(target=pointer_msg_loop)
#tmouse.start()
#tkeyboard.start()
ttouch.start()
while True:
try:
time.sleep(1)
except KeyboardInterrupt:
#     user32.PostThreadMessageW(tmouse.ident, WM_QUIT, 0, 0)
break
Windows 应用商店应用

开发 如果 dwThreadId 为零,则不会在进程中加载窗口挂钩 DLL 对于Windows 应用商店应用进程和 Windows 运行时代理进程,除非它们是 由任一 UIAccess 进程(辅助功能工具(安装。这 这些钩子的通知在安装程序的线程上传递:

  • WH_JOURNALPLAYBACK
  • WH_JOURNALRECORD
  • WH_KEYBOARD
  • WH_KEYBOARD_LL
  • WH_MOUSE
  • WH_MOUSE_LL

此行为类似于存在体系结构时发生的情况 挂钩 DLL 与目标应用程序进程不匹配,对于 例如,当挂钩 DLL 为 32 位并且应用程序进程 64 位。

文档指出,除了上面提到的钩子之外,其他钩子不能应用于Windows应用商店应用。

相关内容

  • 没有找到相关文章

最新更新