In Windows operating system, a hook is a mechanism by which a function can intercept events (messages, mouse actions, keystrokes) before they reach an application. The function can act on events and, in some cases, modify or discard them. Functions that receive events are called filter functions and are classified according to the type of event they intercept. For example, a filter function might want to receive all keyboard or mouse events. For Windows to call a filter function, the filter function must be installed, that is, attached to Windows hook (for example, to a Keyboard hook). Attaching one or more niter functions to a hook is known as setting a hook. If a hook has more than one filter function attached, Windows maintains a chain of filter functions. The most recently installed function is at the beginning of the chain, and the least recently installed function is at the end.
When a hook has one or more filter functions attached and an event occurs that triggers the hook, Windows call the first filter function in the filter function chain. This action is known as calling the hook. For example, if a filter function is attached to the CBT hook and an event that triggered the hook occurs. (for example, a window is about to be created), Windows calls the CBT hook by calling the first function in the filter function chain.
To maintain and access filter functions, applications use the SetWindowsHookEx( ) and the UnhookWindowsHookEx( ) functions. Hooks provide powerful capabilities for Windows-based applications. Given below is a list of hooks and what can be achieved using them.
The SetWindowsHookEx( ) function adds a filter function to a hook. This function takes four arguments:
The filter function KeyboardProc( ) receives three parameters: ncode (the hook code), wParam, and lParam. The hook code is an integer code that informs the filter function of any additional data it should know. If the hook code is less than zero, the filter function should not process the event; it should call CallNextHookEx( ). The second and the third parameter passed to the filter function contain information needed by the filter function. Each book attaches different meanings to these parameters. For example, filter functions attached to the WH_KEYBOARD hook receive a virtual-key code in the second parameter, and bit fields describing the state of the keyboard in the third parameter.
In this program I have installed a keyboard hook. Whenever a keyboard event occurs the filter function would get called. In this function the status of the Caps Lock is set to off. As a result, once this program is executed, there onwards any attempt to put on the Caps Lock on would fail. This is because an attempt to put it on would result into transfer of control to our filter function. And this function would put the Caps Lock off.
To ensure that this effect remains permanent even if we reboot the machine, we have made an entry in the registry under the sub-key "Software\Microsoft\Windows\CurrentVersion\Run" in the HKEY_LOCAL_MACHINE branch. This entry is made when we close our application for the first time. After making this entry when we reboot the machine our program would run automatically. Note that you must specify the path of your '.exe' file in the RegSetValueEx( ) function.