小弟想远程注射到指定进程然后HOOK此进程

下面是小弟的代码，导出SetHook();
// RemoteDll.cpp : Defines the initialization routines for the DLL.
//

#include "stdafx.h"
#include <afxdllx.h>
#include "TestCallClass.h"

#ifdef _MANAGED
#error Please read instructions in RemoteDll.cpp to compile with /clr
// If you want to add /clr to your project you must do the following:
//        1. Remove the above include for afxdllx.h
//        2. Add a .cpp file to your project that does not have /clr thrown and has
//           Precompiled headers disabled, with the following text:
//                        #include <afxwin.h>
//                        #include <afxdllx.h>
#endif

#ifdef _DEBUG
#define new DEBUG_NEW
#endif

DWORD WINAPI ThreadProc(LPVOID lpParameter);
void SetHook();
HHOOK hmouse;
LRESULT CALLBACK KeyboardProc(int ncode,WPARAM wParam,LPARAM lParam);

static AFX_EXTENSION_MODULE RemoteDllDLL = { NULL, NULL };

#ifdef _MANAGED
#pragma managed(push, off)
#endif

CTestCallClass testcallclass;
extern "C" int APIENTRY
DllMain(HINSTANCE hInstance, DWORD dwReason, LPVOID lpReserved)
{
        // Remove this if you use lpReserved
        UNREFERENCED_PARAMETER(lpReserved);

        if (dwReason == DLL_PROCESS_ATTACH)
        {
                TRACE0("RemoteDll.DLL Initializing!\n");
               
                // Extension DLL one-time initialization
                if (!AfxInitExtensionModule(RemoteDllDLL, hInstance))
                        return 0;

               
                HANDLE Threadhandle;

                Threadhandle=CreateThread(NULL,0,ThreadProc,NULL,0,0);
                if (Threadhandle==NULL)
                {
                        MessageBox(NULL,L"Create Thread Failure!",L"Error",MB_OK);
                        return -1;
                }
                Sleep(1000);
                CloseHandle(Threadhandle);

                new CDynLinkLibrary(RemoteDllDLL);

        }
        else if (dwReason == DLL_PROCESS_DETACH)
        {
                TRACE0("RemoteDll.DLL Terminating!\n");

                // Terminate the library before destructors are called
                AfxTermExtensionModule(RemoteDllDLL);
        }
        return 1;   // ok
}

#ifdef _MANAGED
#pragma managed(pop)
#endif

DWORD WINAPI ThreadProc(LPVOID lpParameter)

{
        testcallclass.Create(IDD_DLG_CALLTEST,NULL);
        SetHook();
        return 1;

}

void SetHook()
{
        hmouse=SetWindowsHookEx(WH_KEYBOARD,KeyboardProc,NULL,GetCurrentThreadId());
        if (hmouse==NULL)
        {
                MessageBox(NULL,L"Set KeyboardHook Failure!",L"Error",MB_OK);
                return;
        }

}

LRESULT CALLBACK KeyboardProc(int ncode,WPARAM wParam,LPARAM lParam)
{
        if (VK_HOME==wParam)
        {
                if(!testcallclass.IsWindowVisible())
                {
                        testcallclass.ShowWindow(SW_SHOWNORMAL);
                        return 1;
                }
                else
                {
                        testcallclass.ShowWindow(SW_HIDE);
                        return 1;
                }

        }
         MessageBox(NULL,L"KeyboardProc OK!",L"test",MB_OK);     //测试此过程
        CallNextHookEx(hmouse,ncode,wParam,lParam);
        return 1;

}

比如注射到A进程后HOOK键盘上的HOME键，来控制对话框的显示和隐藏

小弟google了一下，有人说在DLL_PROCESS_ATTACH处理里不能下钩子，必须另开线程
小弟的代码编译后调用SetHook()后没有错提示，但是不能HOOK键盘上的HOME键

最后我在回调函数处理中加了
MessageBox(NULL,L"KeyboardProc OK!",L"test",MB_OK);  
但是按下键盘的任意键都没有反映

如果说安装钩子不成功的话
会有MessageBox(NULL,L"Set KeyboardHook Failure!",L"Error",MB_OK);来提示
可是没有提示，说明安装成功

但是怎么HOOK不起作用呢？

[培训]《安卓高级研修班(网课)》月薪三万计划，掌握调试、分析还原ollvm、vmp的方法，定制art虚拟机自动化脱壳的方法