Hooks: System Shell Hook  

Send By: Radikal (Q3 Team)
Web : http://www.q3.nu
Email: radikal@q3.nu
Date: 16/03/00

Tip accessed 663 times

 


In this trick, you have an example of installation of a hook type Shell at system level.
With it, you will have an event that it will inform you of what window it has been activated, created or destroyed in all Windows.
For example, we could create an application that it goes recording in a file the windows that the user has gone opening up...

As it is a hook at system level, this must go separated in a DLL.
To know more than the operation of the hook, the DLL and the communication between the DLL and our application, take a look to the trick [408], since it is similar astante to this trick, and I won't repeat the explanations here:

[408] - Hooks: Capture keys in all Windows applications


Hook's DLL




 library HookShell;
 {Demo de Hook de Shell a nivel de sistema, Radikal.}

 uses Windows,
   Messages;

 const
  CM_CHIVATO = WM_USER + $1000;

 var
  HookDeShell     : HHook;
  FicheroM    : THandle;
  PReceptor   : ^Integer;

 function CallBackDelHook( Code    : Integer;
                           wParam  : WPARAM;
                           lParam  : LPARAM
                           )       : LRESULT; stdcall;

 {Esta es la funcion CallBack a la cual llamará el hook.}
 {This is the CallBack function called by he Hook}
 begin
  if code >=0 then
  begin
   {Miramos si existe el fichero}
   {if the mapfile exists}
   FicheroM:=OpenFileMapping(FILE_MAP_READ,False,'ElReceptor');
   {Si no existe, no enviamos nada a la aplicacion receptora}
   {If dont, send nothing to receiver application}
   if FicheroM<>0 then
   begin
     PReceptor:=MapViewOfFile(FicheroM,FILE_MAP_READ,0,0,0);
     PostMessage(PReceptor^,CM_CHIVATO,wParam,Code);
     UnmapViewOfFile(PReceptor);
     CloseHandle(FicheroM);
   end;
  end;
  {Llamamos al siguiente hook de la cadena}
  {call to next hook of the chain}
  Result := CallNextHookEx(HookDeShell, Code, wParam, lParam)
 end;

 procedure HookOn; stdcall;
 {Procedure que instala el hook}
 {procedure for install the hook}
 begin
   HookDeShell:=SetWindowsHookEx(WH_SHELL, @CallBackDelHook, HInstance , 0);
 end;

 procedure HookOff;  stdcall;
 begin
 {procedure para desinstalar el hook}
 {procedure to uninstall the hook}
   UnhookWindowsHookEx(HookDeShell);
 end;

 exports
 {Exportamos las procedures...}
 {Export the procedures}
  HookOn,
  HookOff;

 begin
 end.





Demo application



  • Put a TMemo (Memo1) in your form
  • Put this code in the form's unit


     unit Unit1;
    
     interface
    
     uses
       Windows, Messages, SysUtils, Classes, Graphics, Controls, Forms, Dialogs,
       StdCtrls;
    
     const
       NombreDLL       = 'HookShell.dll';
       CM_CHIVATO      = WM_USER + $1000;
    
     type
       THookTeclado=procedure; stdcall;
    
     type
       TForm1 = class(TForm)
         Label1: TLabel;
         Memo1: TMemo;
         Button1: TButton;
         procedure FormCreate(Sender: TObject);
         procedure FormDestroy(Sender: TObject);
       private
         { Private declarations }
         FicheroM       : THandle;
         PReceptor      : ^Integer;
         HandleDLL      : THandle;
         HookOn,
         HookOff        : THookTeclado;
    
         procedure LlegaDelHook(var message: TMessage); message CM_CHIVATO;
       public
         { Public declarations }
       end;
    
     var
       Form1: TForm1;
    
     implementation
    
     {$R *.DFM}
    
     procedure TForm1.FormCreate(Sender: TObject);
     begin
       {No queremos que el Memo maneje el teclado...}
       {We dont want that the memo read the keyboard...}
       Memo1.ReadOnly:=TRUE;
    
       HandleDLL:=LoadLibrary( PChar(ExtractFilePath(Application.Exename)+
                                     NombreDLL ) );
       if HandleDLL = 0 then raise Exception.Create('No se pudo cargar la DLL');
    
       @HookOn :=GetProcAddress(HandleDLL, 'HookOn');
       @HookOff:=GetProcAddress(HandleDLL, 'HookOff');
    
       IF not assigned(HookOn) or
          not assigned(HookOff)  then
          raise Exception.Create('No se encontraron las funciones en la DLL'+#13+
                                 'Cannot find the required DLL functions');
    
       {Creamos el fichero de memoria}
       FicheroM:=CreateFileMapping( $FFFFFFFF,
                                   nil,
                                   PAGE_READWRITE,
                                   0,
                                   SizeOf(Integer),
                                   'ElReceptor');
    
        {Si no se creó el fichero, error}
        if FicheroM=0 then
          raise Exception.Create( 'Error al crear el fichero'+
                                  '/Error while create file');
    
        {Direccionamos nuestra estructura al fichero de memoria}
        PReceptor:=MapViewOfFile(FicheroM,FILE_MAP_WRITE,0,0,0);
    
        {Escribimos datos en el fichero de memoria}
        PReceptor^:=Handle;
        HookOn;
     end;
    
     procedure TForm1.LlegaDelHook(var message: TMessage);
    
       function PillaTituloVentana(Mango:integer):string;
       var
         Titulo : string;
       begin
         Titulo:=StringOfChar(' ',200);
         GetWindowText( Message.WParam,
                        PChar(Titulo),200);
         Result:=Titulo;
       end;
    
     var
        sTemp  : string;
     begin
       sTemp:='Nada';
       case message.LParam of
         HSHELL_TASKMAN:
           sTemp:='Activada la barra de tareas';
         HSHELL_WINDOWACTIVATED:
           sTemp:= 'Activada la ventana: '+
                   PillaTituloVentana(Message.wParam);
         HSHELL_WINDOWCREATED:
           sTemp:= 'Creada la ventana: '+
                   PillaTituloVentana(Message.wParam);
         HSHELL_WINDOWDESTROYED:
           sTemp:= 'Destruida la ventana: '+
                   PillaTituloVentana(Message.wParam);
       end;
       if sTemp<>'Nada' then Memo1.Lines.Append( sTemp );
     end;
    
     procedure TForm1.FormDestroy(Sender: TObject);
     begin
      {Desactivamos el Hook}
      {Uninstall the Hook}
      if Assigned(HookOff) then HookOff;
    
      {Liberamos la DLL}
      {Free the DLL}
      if HandleDLL<>0 then
       FreeLibrary(HandleDLL);
    
      {Cerramos la vista del fichero y el fichero}
      {Close the memfile and the View}
      if FicheroM<>0 then
      begin
        UnmapViewOfFile(PReceptor);
        CloseHandle(FicheroM);
      end;
     end;
    
     end.
    


    Make the DLL and compile it, and then make and compile the demo application. Try to put everything in the same directory, so that the application demo can finds the DLL.
    If everything goes well, in the Memo1 it will go appearing a list of the windows that you go creating, closing and activating.
    I will go putting more applications of this hook type in successive tricks.