请教下钩子卸载的问题

h5587686

include"head.h"

HINSTANCE g_hInstance = NULL;
HHOOK g_Khook = NULL;
HWND g_hwnd = NULL;

BOOL DllMain(HINSTANCE hInstace, DWORD reason, LPVOID lp)
{
switch (reason)
{
case DLL_PROCESS_ATTACH:
g_hInstance = hInstace;
break;
default:
break;
}
return TRUE;
}

void ShowMsg(HWND hwnd)
{
g_hwnd = hwnd;
wchar_t text[100]{ 0 };
wsprintf(text, L"当前实例句柄:%p", g_hInstance);
MessageBoxW(*hwnd, text, 0, 0);
}

LRESULT CALLBACK KeyProc(
In int    nCode,
In WPARAM wParam,
In LPARAM lParam
)
{
if (nCode==HC_ACTION)
{
if ((wParam == 0x5a)&&((lParam&0x80000000)==0))
{
if (UnhookWindowsHookEx(g_Khook))
{
MessageBoxW(g_hwnd, L"钩子解除", 0, 0);
return 1;
}
else
{
//DWORD a = GetLastError();
wchar_t text[100]{ 0 };
wsprintf(text, L"钩子句柄:%p", g_Khook);
MessageBoxW(g_hwnd, text, 0, 0);
wsprintf(text, L"实例句柄:%p", g_hInstance);
MessageBoxW(g_hwnd, text, 0, 0);
wsprintf(text, L"主窗口句柄:%p", g_hwnd);
MessageBoxW(g_hwnd, text, 0, 0);
return 1;
}
}
}
return CallNextHookEx(g_Khook,nCode,wParam,lParam);
}

BOOL Sethook()
{
HINSTANCE hdll = GetModuleHandleW(L"g:\自动扫雷(DLL注入).dll");
g_Khook = SetWindowsHookEx(WH_KEYBOARD, KeyProc, hdll, GetWindowThreadProcessId(g_hwnd, 0));
if (g_Khook == 0)
{
return FALSE;
}
wchar_t text[100]{ 0 };
wsprintf(text, L"钩子句柄是:%p", g_Khook);
MessageBoxW(g_hwnd, text, 0, 0);
return TRUE;
}

BOOL Unhook()
{
if (UnhookWindowsHookEx(g_Khook))
{
return TRUE;
}
return FALSE;
}

这是单纯的DLL文件然后我注入到x86的扫雷中

我想请教下钩子的回调函数在dll是怎么运作的 3个句柄只有1个DLL本身的实例句柄能识别 为什么会这样呢

h5587686

是不是和共享节有关联？

苏紫方璇

应该是没做共享数据段

w92vv

钩子是啥