1. No. Run SysInternal's Process Explorer (procexp.exe) on other processes after you killed yours, and you will see the fact.
2. No. Could be my bad memory, but this global hook job requires that your process contains user32.dll, which means your application is of a windowed app --- so if you write a console one, or a Windows service program, this global hook won't work, since they do not load user32.dll.
Once the DLL gets hooked into the target process, ALL the threads running within the process will call its DllMain() with ThreadAttach parameter and so on. It will stay there in other processes unless its load count reaches ZERO --- tons of ways you can do to make it.
3. DLL_PROCESS_DETACH的含义?
The DllMain() will be called with DLL_PROCESS_DETACH once before the process will die, either exit by itself, or someone force it to down.
为什么我全局钩子后,有的进程还在 却几次跑到DLL_PROCESS_DETACH处的代码?
Then it's a bug, either in Windows, or in someone's code :-)
Typically it should access the code within DllMain()!DLL_PROCESS_DETACH for just once, and may access code at DllMain()!DLL_THREAD_DETACH for certain number of times depends on how many threads you have in the process.
