首先需要創建一個進程內COM對象,選菜單命令New | ActiveX Library,然後點擊菜單New|Com Object,創建COM對象框架,按圖2.14填充對話框的內容,然後點擊OK按鈕。Delphi就會自動生成框架文件,並保存生成的文件。
IShellExecuteHook的接口定義在shlobj.pas單元中,添加shlobj到單元uses部分,然後添加IShellExecuteHooko方法原型到COM對象聲明部分,聲明部分代碼如下:
unit ShellExecuteHookObj;
interface
uses
Windows, ActiveX, ComObj, ShlObj, ShellAPI;
type
TTShellExecuteHook = class (TComObject, IShellExecuteHook)
protected
function Execute(var ShellExecuteInfo: TShellExecuteInfo): HResult; stdcall;
end;
const
Class_TShellExecuteHook: TGUID = '{935FA400-243D-11D3-B06E-857B2AE2BE64}';
下面就是用來截獲並記錄外殼操作的實現部分,一旦外殼擴展被注冊後,每次ShellExecute 和ShellExecuteEx函數運行時都會調用COM對象的Execute函數。我們的核心代碼就是通過Execute方法實現的。方法定義如下:
function TTShellExecuteHook.Execute(
var ShellExecuteInfo: TShellExecuteInfo): HResult;
Execute方法會從外殼獲得一個類型為TshellExecuteInfo的參數,參數定義如下:
_SHELLEXECUTEINFOA = record
cbSize: DWord;
fMask: ULONG;
Wnd: HWND;
lpVerb: PAnsiChar;
lpFile: PAnsiChar;
lpParameters: PAnsiChar;
lpDirectory: PAnsiChar;
nShow: Integer;
hInstApp: HINST;
{ Optional fIElds }
lpIDList: Pointer;
lpClass: PAnsiChar;
hkeyClass: HKEY;
dwHotKey: DWord;
hIcon: THandle;
hProcess: THandle;
end;
