我们可以用SetWindowsHook 安装一个低级钩子,然后回调函数lParam是一个 MSLLHOOKSTRUCT结构指针结构体定义如下:
typedef struct tagMSLLHOOKSTRUCT {
POINT pt;
DWORD mouseData;
DWORD flags;
DWORD time;
ULONG_PTR dwExtraInfo;
} MSLLHOOKSTRUCT, FAR *LPMSLLHOOKSTRUCT, *PMSLLHOOKSTRUCT;
当使用sendmessage或sendinput发送的虚拟消息时,flags为1
这样就可以检测到模拟的键鼠消息。
参考: 234K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6E0M7$3c8F1i4K6u0W2L8h3W2U0M7X3!0K6L8$3k6@1i4K6u0W2j5$3!0E0i4K6u0r3k6h3&6Q4x3X3c8#2M7#2)9J5c8X3I4A6j5Y4u0S2M7Y4W2Q4x3V1k6%4K9h3&6V1L8%4N6K6i4K6u0r3k6r3g2K6K9%4c8G2M7q4)9J5c8X3#2K6y4U0b7@1z5e0R3$3i4K6t1^5N6W2)9K6c8s2k6K6i4K6u0W2z5o6g2Q4x3U0W2Q4x3X3g2S2M7%4m8^5
void InstallHook()
{
if (!(hook = SetWindowsHookEx(WH_MOUSE_LL, LLMP, NULL, 0)))
{
MessageBox(NULL, "failed to install hook", "fail", MB_ICONERROR);
}
}
void main()
{
InstallHook();
// Message loop to keep console alive/get messages.
MSG gmsg;
while (GetMessage(&gmsg, NULL, 0, 0))
{
}
}
LRESULT CALLBACK LLMP(int nCode, WPARAM wParam, LPARAM lParam)
{
if (nCode >= 0)
{
mouseStruct = *((MSLLHOOKSTRUCT*)lParam);
mouseStruct.flags = 1;
// LLMHF_INJECTED FLAG
if (mouseStruct.flags & 0x01)
{
MessageBox(NULL, "ss", "Detected!", MB_ICONINFORMATION);
}
}
return CallNextHookEx(hook, nCode, wParam, lParam);
}
[培训]科锐逆向工程师培训第53期2025年7月8日开班!
