一、MyHook帮助类
此类需要编写指定屏蔽的按键,灵活性差。
using System;
using System.Runtime.InteropServices;
using System.Diagnostics;
using System.Windows.Forms;
using Microsoft.Win32;
namespace MyHookClass
{
///
/// 类一
///
public class MyHook
{
//消息函数的委托
public delegate int HookProc(int nCode, int wParam, IntPtr lParam);
static int hHook = 0;
public const int WH_KEYBOARD_LL = 13;//底层键盘钩子
static HookProc KeyBoardHookProcedure;
//按键信息结构
[StructLayout(LayoutKind.Sequential)]
public class KeyBoardHookStruct
{
public int vkCode;
public int scanCode;
public int flags;
public int time;
public int dwExtraInfo;
}
//安装钩子
[DllImport("user32.dll")]
public static extern int SetWindowsHookEx(int idHook, HookProc lpfn, IntPtr hInstance, int threadId);
//卸载钩子
[DllImport("user32.dll", CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
public static extern bool UnhookWindowsHookEx(int idHook);
//下一个钩挂的函数
[DllImport("user32.dll")]
public static extern int CallNextHookEx(int idHook, int nCode, int wParam, IntPtr lParam);
//返回当前线程 ID
[DllImport("kernel32.dll")]
public static extern int GetCurrentThreadId();
//得到模块的句柄
[DllImport("kernel32.dll")]
public static extern IntPtr GetModuleHandle(string name);
//安装钩子
public static void InsertHook()
{
if (hHook == 0)
{
KeyBoardHookProcedure = new HookProc(KeyBoardHookProc);
hHook = SetWindowsHookEx(WH_KEYBOARD_LL,
KeyBoardHookProcedure,
GetModuleHandle(Process.GetCurrentProcess().MainModule.ModuleName), 0);
if (hHook == 0)
{
UnHook();
throw new Exception("设置Hook失败!");
}
else
{
RegistryKey key = Registry.CurrentUser.OpenSubKey(@"Software\Microsoft\Windows\CurrentVersion\Policies\System", true);
if (key == null)//如果该项不存在的话,则创建该项
key = Registry.CurrentUser.CreateSubKey(@"Software\Microsoft\Windows\CurrentVersion\Policies\System");
key.SetValue("DisableTaskMgr", 1, RegistryValueKind.DWord);
//key.SetValue("DisableLockWorkstation", 1, RegistryValueKind.DWord);
key.Close();
}
}
}
//卸载钩子
public static void UnHook()
{
bool retKeyboard = true;
if (hHook != 0)
{
retKeyboard = UnhookWindowsHookEx(hHook);
hHook = 0;
}
//if (!retKeyboard) throw new Exception("卸载Hook失败!");
RegistryKey key = Registry.CurrentUser.OpenSubKey(@"Software\Microsoft\Windows\CurrentVersion\Policies\System", true);
if (key != null)
{
key.DeleteValue("DisableTaskMgr", false);
//key.DeleteValue("DisableLockWorkstation", false);
key.Close();
}
}
//按键消息的处理函数
public static int KeyBoardHookProc(int nCode, int wParam, IntPtr lParam)
{
if (nCode >= 0)
{
KeyBoardHookStruct kbh = (KeyBoardHookStruct)Marshal.PtrToStructure(lParam, typeof(KeyBoardHookStruct));
//添加自己的判断语句,如果符合要求的按键,就 return 1;
//没有判断直接 return 1;那么就屏蔽所有按键除了ctrl+alt+del
//屏蔽Ctrl+Esc
if (kbh.vkCode == (int)Keys.Delete && (int)Control.ModifierKeys == (int)Keys.Control + (int)Keys.Alt) //截获Ctrl+Alt+Delete
{
PubLibrary.WriteErrLog("1.拦截信息:Ctrl+Alt+Delete");
return 1;
}
if (kbh.vkCode == (int)Keys.Escape)
{
PubLibrary.WriteErrLog("2.拦截信息:Escape");
return 1;
}
if (kbh.vkCode == 91) // 截获左win(开始菜单键)
{
PubLibrary.WriteErrLog("3.拦截信息:截获左win");
return 1;
}
if (kbh.vkCode == 92)// 截获右win
{
PubLibrary.WriteErrLog("4.拦截信息:截获右win");
return 1;
}
//if (kbh.vkCode == (int)Keys.L)
//{
// PubLibrary.WriteErrLog("5.拦截信息:L");
// return 1;
//}
if (kbh.vkCode == (int)Keys.Alt)
{
PubLibrary.WriteErrLog("6.拦截信息:Alt");
return 1;
}
if ((int)Control.ModifierKeys == (int)Keys.Alt) //截获alt
{
PubLibrary.WriteErrLog("7.拦截信息:Alt");
return 1;
}
if (kbh.vkCode == (int)Keys.Escape && (int)Control.ModifierKeys == (int)Keys.Control) //截获Ctrl+Esc
{
PubLibrary.WriteErrLog("8.拦截信息:Ctrl+Esc");
return 1;
}
if (kbh.vkCode == (int)Keys.Escape && (int)Control.ModifierKeys == (int)Keys.Alt) //截获Alt+Esc
{
PubLibrary.WriteErrLog("9.拦截信息:Alt+Esc");
return 1;
}
if (kbh.vkCode == (int)Keys.F4 && (int)Control.ModifierKeys == (int)Keys.Alt) //截获alt+f4
{
PubLibrary.WriteErrLog("10.拦截信息:F4+Alt");
return 1;
}
if (kbh.vkCode == (int)Keys.Tab && (int)Control.ModifierKeys == (int)Keys.Alt) //截获alt+tab
{
PubLibrary.WriteErrLog("10.拦截信息:alt+tab");
return 1;
}
if (kbh.vkCode == (int)Keys.Escape && (int)Control.ModifierKeys == (int)Keys.Control + (int)Keys.Shift) //截获Ctrl+Shift+Esc
{
PubLibrary.WriteErrLog("11.拦截信息:Ctrl+Shift+Esc");
return 1;
}
if (kbh.vkCode == (int)Keys.Space && (int)Control.ModifierKeys == (int)Keys.Alt) //截获alt+空格
{
PubLibrary.WriteErrLog("12.拦截信息:alt+空格");
return 1;
}
if (kbh.vkCode == 241) //截获F1
{
PubLibrary.WriteErrLog("13.拦截信息:F1");
return 1;
}
if ((int)Control.ModifierKeys == (int)Keys.Control + (int)Keys.Alt + (int)Keys.Delete) //截获Ctrl+Alt+Delete
{
PubLibrary.WriteErrLog("14.拦截信息:Ctrl+Alt+Delete");
return 1;
}
if ((int)Control.ModifierKeys == (int)Keys.Control + (int)Keys.Shift) //截获Ctrl+Shift
{
PubLibrary.WriteErrLog("15.拦截信息:Ctrl+Shift");
return 1;
}
if (kbh.vkCode == (int)Keys.Space && (int)Control.ModifierKeys == (int)Keys.Control + (int)Keys.Alt) //截获Ctrl+Alt+空格
{
PubLibrary.WriteErrLog("16.拦截信息:Ctrl+Alt+空格");
return 1;
}
}
return CallNextHookEx(hHook, nCode, wParam, lParam);
}
}
}
二、KeyboardHookLib帮助类
using System;
using System.Runtime.InteropServices;
using System.Diagnostics;
using Microsoft.Win32;
namespace VendorSoftwareReleaseLW.Class
{
///
/// 键盘Hook管理类
///
public class KeyboardHookLib
{
private const int WH_KEYBOARD_LL = 13; //键盘
//键盘处理事件委托 ,当捕获键盘输入时调用定义该委托的方法.
private delegate int HookHandle(int nCode, int wParam, IntPtr lParam);
//客户端键盘处理事件
public delegate void ProcessKeyHandle(HookStruct param, out bool handle);
//接收SetWindowsHookEx返回值
private static int _hHookValue = 0;
//勾子程序处理事件
private HookHandle _KeyBoardHookProcedure;
//Hook结构
[StructLayout(LayoutKind.Sequential)]
public class HookStruct
{
public int vkCode;
public int scanCode;
public int flags;
public int time;
public int dwExtraInfo;
}
//设置钩子
[DllImport("user32.dll")]
private static extern int SetWindowsHookEx(int idHook, HookHandle lpfn, IntPtr hInstance, int threadId);
//取消钩子
[DllImport("user32.dll", CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
private static extern bool UnhookWindowsHookEx(int idHook);
//调用下一个钩子
[DllImport("user32.dll")]
private static extern int CallNextHookEx(int idHook, int nCode, int wParam, IntPtr lParam);
//获取当前线程ID
[DllImport("kernel32.dll")]
private static extern int GetCurrentThreadId();
//Gets the main module for the associated process.
[DllImport("kernel32.dll")]
private static extern IntPtr GetModuleHandle(string name);
private IntPtr _hookWindowPtr = IntPtr.Zero;
//构造器
public KeyboardHookLib() { }
//外部调用的键盘处理事件
private static ProcessKeyHandle _clientMethod = null;
///
/// 安装勾子
///
/// 外部调用的键盘处理事件
public void InstallHook(ProcessKeyHandle clientMethod)
{
_clientMethod = clientMethod;
// 安装键盘钩子
if (_hHookValue == 0)
{
_KeyBoardHookProcedure = new HookHandle(OnHookProc);
_hookWindowPtr = GetModuleHandle(Process.GetCurrentProcess().MainModule.ModuleName);
//************************************
//键盘线程钩子
//SetWindowsHookEx( 2,KeyboardHookProcedure, IntPtr.Zero, GetCurrentThreadId()); //GetCurrentThreadId()为要监视的线程ID,你完全可以自己写个方法获取QQ的线程哦
//键盘全局钩子,需要引用空间(using System.Reflection;)
//SetWindowsHookEx( 13,KeyboardHookProcedure,Marshal.GetHINSTANCE(Assembly.GetExecutingAssembly().GetModules()[0]),0);
//
//关于SetWindowsHookEx (int idHook, HookProc lpfn, IntPtr hInstance, int threadId)函数将钩子加入到钩子链表中,说明一下四个参数:
//idHook 钩子类型,即确定钩子监听何种消息,上面的代码中设为2,即监听键盘消息并且是线程钩子,如果是全局钩子监听键盘消息应设为13,
//线程钩子监听鼠标消息设为7,全局钩子监听鼠标消息设为14。
//
//lpfn 钩子子程的地址指针。如果dwThreadId参数为0 或是一个由别的进程创建的线程的标识,lpfn必须指向DLL中的钩子子程。 除此以外,lpfn可
//以指向当前进程的一段钩子子程代码。钩子函数的入口地址,当钩子钩到任何消息后便调用这个函数。
//
//hInstance应用程序实例的句柄。标识包含lpfn所指的子程的DLL。如果threadId 标识当前进程创建的一个线程,而且子程代码位于当前
//进程,hInstance必须为NULL。可以很简单的设定其为本应用程序的实例句柄。
//
//threadedId 与安装的钩子子程相关联的线程的标识符。如果为0,钩子子程与所有的线程关联,即为全局钩子。
//************************************
_hHookValue = SetWindowsHookEx(
WH_KEYBOARD_LL,
_KeyBoardHookProcedure,
_hookWindowPtr,
0);
//如果设置钩子失败.
if (_hHookValue == 0)
{
UninstallHook();
}
else
{
RegistryKey key = Registry.CurrentUser.OpenSubKey(@"Software\Microsoft\Windows\CurrentVersion\Policies\System", true);
if (key == null)//如果该项不存在的话,则创建该项
key = Registry.CurrentUser.CreateSubKey(@"Software\Microsoft\Windows\CurrentVersion\Policies\System");
key.SetValue("DisableTaskMgr", 1, RegistryValueKind.DWord);
//key.SetValue("DisableLockWorkstation", 1, RegistryValueKind.DWord);
key.Close();
}
}
}
//取消钩子事件
public void UninstallHook()
{
if (_hHookValue != 0)
{
bool ret = UnhookWindowsHookEx(_hHookValue);
if (ret) _hHookValue = 0;
}
RegistryKey key = Registry.CurrentUser.OpenSubKey(@"Software\Microsoft\Windows\CurrentVersion\Policies\System", true);
if (key != null)
{
key.DeleteValue("DisableTaskMgr", false);
//key.DeleteValue("DisableLockWorkstation", false);
key.Close();
}
}
//钩子事件内部调用,调用_clientMethod方法转发到客户端应用。
private static int OnHookProc(int nCode, int wParam, IntPtr lParam)
{
if (nCode >= 0)
{
//转换结构
HookStruct hookStruct = (HookStruct)Marshal.PtrToStructure(lParam, typeof(HookStruct));
if (_clientMethod != null)
{
bool handle = false;
//调用客户提供的事件处理程序。
_clientMethod(hookStruct, out handle);
if (handle) return 1; //1:表示拦截键盘,return 退出
}
}
return CallNextHookEx(_hHookValue, nCode, wParam, lParam);
}
}
}
三、在WinForm中的使用
using Newtonsoft.Json;
using System;
using System.Collections.Generic;
using System.Data;
using System.Diagnostics;
using System.Runtime.InteropServices;
using System.Threading;
using System.Windows.Forms;
using MyHookClass;
using KeyboardHookLibClass;
namespace TestForm
{
public partial class LoginForm : Form
{
DateTime _dtNow;
[DllImport("user32.dll")]
private static extern IntPtr GetForegroundWindow();
[DllImport("user32.dll")]
private static extern bool SetForegroundWindow(IntPtr hWnd);
[DllImport("user32.dll")]
private static extern IntPtr FindWindow(string lpClassName, string lpWindowName);
[DllImport("user32.dll")]
public static extern bool SetWindowPos(IntPtr hWnd, int hWndInsertAfter, int X, int Y, int cx, int cy, int uFlags);
[DllImport("user32.dll")]
public static extern bool IsWindowVisible(IntPtr hWnd);
//勾子管理类
private KeyboardHookLib _keyboardHook = null;
public delegate void ForegroundWin();
private void LoginForm_Load(object sender, EventArgs e)
{
SetHook();
Thread threadForeground = new Thread(ShowWindowAsync);
//threadForeground.IsBackground = true;
threadForeground.Start();
}
private void txt_KeyDown(object sender, KeyEventArgs e)
{
_dtNow = DateTime.Now;
}
private void txt_KeyUp(object sender, KeyEventArgs e)
{
if (e.KeyCode != Keys.Enter)
{
DateTime dtTemp = DateTime.Now;
TimeSpan ts = dtTemp.Subtract(_dtNow);
if (ts.Milliseconds > 65)
{
//setTool("错误:禁止手工输入!", "N");
txt.Text = "";//清空
}
}
}
private void txtID_KeyPress(object sender, KeyPressEventArgs e)
{
if (e.KeyChar == 13)
{
//做些操作
ClearHook();
}
}
public static void SetWindowPos(IntPtr hWnd)
{
//0x0010为不激活窗口,这个比较关键
SetWindowPos(hWnd, -1, 0, 0, 0, 0, 0x0001 | 0x0002 | 0x0010);// 0x001 | 0x002 | 0x0010| 0x040
}
private void ShowWindowAsync()
{
while (true)
{
//高版本的这里可以直接使用Action,更简化一些
//ForegroundWin d = new ForegroundWin(action);
//this.Invoke(d);
Action a = new Action(() => { action(); });
Thread.Sleep(100);//这个时间间隔,用户基本感觉不出有切换窗体
}
}
void action()
{
IntPtr hWnd = this.Handle;
if (hWnd != IntPtr.Zero || GetForegroundWindow() != hWnd)
{
//选中当前的句柄窗口
SetWindowPos(hWnd);
//SendKeys.SendWait(" ");
}
}
private void ClearHook()
{
//取消勾子
if (_keyboardHook != null) _keyboardHook.UninstallHook();
//MyHook.UnHook();
//ProcessMgr.ResumeWinlogon();
}
private void SetHook()
{
//安装勾子
_keyboardHook = new KeyboardHookLib();
_keyboardHook.InstallHook(this.OnKeyPress);
//MyHook.InsertHook();
//ProcessMgr.SuspendWinlogon();
}
///
/// 客户端键盘捕捉事件.
///
/// 由Hook程序发送的按键信息
/// 是否拦截
public void OnKeyPress(KeyboardHookLib.HookStruct hookStruct, out bool handle)
{
handle = false; //预设不拦截任何键
if (hookStruct.vkCode == 91) // 截获左win(开始菜单键)
{
handle = true;
}
if (hookStruct.vkCode == 92)// 截获右win
{
handle = true;
}
if ((int)Control.ModifierKeys == (int)Keys.Alt) //截获alt
{
handle = true;
}
//截获Ctrl+Esc
if (hookStruct.vkCode == (int)Keys.Escape && (int)Control.ModifierKeys == (int)Keys.Control)
{
handle = true;
}
//截获alt+f4
if (hookStruct.vkCode == (int)Keys.F4 && (int)Control.ModifierKeys == (int)Keys.Alt)
{
handle = true;
}
//截获alt+tab
if (hookStruct.vkCode == (int)Keys.Tab && (int)Control.ModifierKeys == (int)Keys.Alt)
{
handle = true;
}
//截获alt+tab
if (hookStruct.vkCode == (int)Keys.Escape && (int)Control.ModifierKeys == (int)Keys.Alt)
{
handle = true;
}
//截获F1
if (hookStruct.vkCode == (int)Keys.F1)
{
handle = true;
}
//截获Ctrl+Alt+Delete
if ((int)Control.ModifierKeys == (int)Keys.Control + (int)Keys.Alt + (int)Keys.Delete)
{
handle = true;
}
//如果键A~Z
if (hookStruct.vkCode >= (int)Keys.A && hookStruct.vkCode <= (int)Keys.Z)
{
//挡掉B键
if (hookStruct.vkCode == (int)Keys.B)
hookStruct.vkCode = (int)Keys.None; //设键为0
handle = true;
}
Keys key = (Keys)hookStruct.vkCode;
PubLibrary.WriteErrLog("你按下:" + (key == Keys.None ? "" : key.ToString()));
}
}
}
四、其他类
using System;
using System.Runtime.InteropServices;
namespace ShareToolClass
{
public class ShareTool : IDisposable
{
[DllImport("advapi32.dll", SetLastError = true)]
static extern bool LogonUser(string pszUsername, string pszDomain, string pszPassword,
int dwLogonType, int dwLogonProvider, ref IntPtr phToken);
// closes open handes returned by LogonUser
[DllImport("kernel32.dll", CharSet = CharSet.Auto)]
extern static bool CloseHandle(IntPtr handle);
[DllImport("Advapi32.DLL")]
static extern bool ImpersonateLoggedOnUser(IntPtr hToken);
[DllImport("Advapi32.DLL")]
static extern bool RevertToSelf();
const int LOGON32_PROVIDER_DEFAULT = 0;
const int LOGON32_LOGON_NEWCREDENTIALS = 9;
const int LOGON32_LOGON_INTERACTIVE = 2;
private bool disposed;
public ShareTool(string username, string password, string ip)
{
// initialize tokens
IntPtr pExistingTokenHandle = new IntPtr(0);
IntPtr pDuplicateTokenHandle = new IntPtr(0);
try
{
// get handle to token
bool bImpersonated = LogonUser(username, ip, password,
LOGON32_LOGON_NEWCREDENTIALS, LOGON32_PROVIDER_DEFAULT, ref pExistingTokenHandle);
if (bImpersonated)
{
if (!ImpersonateLoggedOnUser(pExistingTokenHandle))
{
int nErrorCode = Marshal.GetLastWin32Error();
throw new Exception("ImpersonateLoggedOnUser error;Code=" + nErrorCode);
}
}
else
{
int nErrorCode = Marshal.GetLastWin32Error();
throw new Exception("LogonUser error;Code=" + nErrorCode);
}
}
finally
{
// close handle(s)
if (pExistingTokenHandle != IntPtr.Zero)
CloseHandle(pExistingTokenHandle);
if (pDuplicateTokenHandle != IntPtr.Zero)
CloseHandle(pDuplicateTokenHandle);
}
}
protected virtual void Dispose(bool disposing)
{
if (!disposed)
{
RevertToSelf();
disposed = true;
}
}
public void Dispose()
{
Dispose(true);
}
}
}
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
namespace ProcessMgrClass
{
class ProcessMgr
{
///
/// The process-specific access rights.
///
[Flags]
public enum ProcessAccess : uint
{
///
/// Required to terminate a process using TerminateProcess.
///
Terminate = 0x1,
///
/// Required to create a thread.
///
CreateThread = 0x2,
///
/// Undocumented.
///
SetSessionId = 0x4,
///
/// Required to perform an operation on the address space of a process (see VirtualProtectEx and WriteProcessMemory).
///
VmOperation = 0x8,
///
/// Required to read memory in a process using ReadProcessMemory.
///
VmRead = 0x10,
///
/// Required to write to memory in a process using WriteProcessMemory.
///
VmWrite = 0x20,
///
/// Required to duplicate a handle using DuplicateHandle.
///
DupHandle = 0x40,
///
/// Required to create a process.
///
CreateProcess = 0x80,
///
/// Required to set memory limits using SetProcessWorkingSetSize.
///
SetQuota = 0x100,
///
/// Required to set certain information about a process, such as its priority class (see SetPriorityClass).
///
SetInformation = 0x200,
///
/// Required to retrieve certain information about a process, such as its token, exit code, and priority class (see OpenProcessToken, GetExitCodeProcess, GetPriorityClass, and IsProcessInJob).
///
QueryInformation = 0x400,
///
/// Undocumented.
///
SetPort = 0x800,
///
/// Required to suspend or resume a process.
///
SuspendResume = 0x800,
///
/// Required to retrieve certain information about a process (see QueryFullProcessImageName). A handle that has the PROCESS_QUERY_INFORMATION access right is automatically granted PROCESS_QUERY_LIMITED_INFORMATION.
///
QueryLimitedInformation = 0x1000,
///
/// Required to wait for the process to terminate using the wait functions.
///
Synchronize = 0x100000
}
[DllImport("ntdll.dll")]
private static extern uint NtResumeProcess([In] IntPtr processHandle);
[DllImport("ntdll.dll")]
private static extern uint NtSuspendProcess([In] IntPtr processHandle);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern IntPtr OpenProcess(
ProcessAccess desiredAccess,
bool inheritHandle,
int processId);
[DllImport("kernel32.dll", SetLastError = true)]
[return: MarshalAs(UnmanagedType.Bool)]
private static extern bool CloseHandle([In] IntPtr handle);
public static void SuspendProcess(int processId)
{
IntPtr hProc = IntPtr.Zero;
try
{
// Gets the handle to the Process
hProc = OpenProcess(ProcessAccess.SuspendResume, false, processId);
if (hProc != IntPtr.Zero)
NtSuspendProcess(hProc);
}
finally
{
// Don't forget to close handle you created.
if (hProc != IntPtr.Zero)
CloseHandle(hProc);
}
}
public static void ResumeProcess(int processId)
{
IntPtr hProc = IntPtr.Zero;
try
{
// Gets the handle to the Process
hProc = OpenProcess(ProcessAccess.SuspendResume, false, processId);
if (hProc != IntPtr.Zero)
NtResumeProcess(hProc);
}
finally
{
// Don't forget to close handle you created.
if (hProc != IntPtr.Zero)
CloseHandle(hProc);
}
}
public static void SuspendWinlogon()
{
Process[] processes = Process.GetProcesses();
foreach (Process process in processes)
{
if (process.ProcessName == "winlogon")
{
SuspendProcess(process.Id);
}
}
}
public static void ResumeWinlogon()
{
Process[] processes = Process.GetProcesses();
foreach (Process process in processes)
{
Console.WriteLine(process.ProcessName);
if (process.ProcessName == "winlogon")
{
ResumeProcess(process.Id);
}
}
}
}
}