Posted on 2010-01-11 23:49
S.l.e!ep.¢% 閱讀(1276)
評(píng)論(0) 編輯 收藏 引用 所屬分類:
RootKit
轉(zhuǎn):Windows硬件輸入模型
------------------------------------
1.SetForegroundWindow 和 SetActiveWindow的區(qū)別?
??? SetActiveWindow改變的是一個(gè)線程的局部狀態(tài)變量,所以這個(gè)函數(shù)不能夠跨線程調(diào)用(也就是說(shuō)不能夠改變另外一個(gè)線程的局部變量),但是改變當(dāng)前線程的局部變量的操作總是能夠成功的。 SetForegroundWindow,SetWindowPos ,BringWindowToTop三個(gè)函數(shù)改變的是系統(tǒng)全局的屬性:Foreground Window和Z-order,所以可以跨越線程及其進(jìn)程,但是由于Windows防止突然的一個(gè)窗口跳至屏幕的Foreground,所以背景線程調(diào)用 SetForegroundWindow產(chǎn)生的將是任務(wù)欄閃爍效果,而B(niǎo)ringWindowToTop和SetWindowPos (TOP)在沒(méi)有連接到RIT的時(shí)候則干脆不起效果。但是需要注意的是SetWindowPos(BOTTOM)還是有效果的(因?yàn)椴贿`反Windows 的這個(gè)約束)。
2.RIT,SHIQ工作原理?
???? 當(dāng)操作系統(tǒng)啟動(dòng)、初始化時(shí)會(huì)有一個(gè)被稱為Raw Input Thread (RIT)的特殊線程被創(chuàng)造出來(lái),同時(shí)一個(gè)被稱為 System Hardware Input Queue (SHIQ) 的隊(duì)列被創(chuàng)造出來(lái),RIT和SHIQ就是專門用來(lái)處理鼠標(biāo)事件和鍵盤事件的。RIT平時(shí)都是睡著的,當(dāng)有hardware input 事件發(fā)生時(shí),這些硬件的驅(qū)動(dòng)程序(device driver for the hardware device )將這些硬件事件放到SHIQ中,這樣就喚醒了RIT,RIT從SHIQ中提取事件并把它們翻譯成相應(yīng)的消息(比如WM_MOUSEMOVE, WM_KEY*等),這些消息然后被送到相應(yīng)線程的消息隊(duì)列中去。做完這些,RIT繼續(xù)睡覺(jué),至于怎么判斷到底應(yīng)該送給那個(gè)線程,對(duì)鼠標(biāo)事件和鍵盤事件又區(qū)別:對(duì)鼠標(biāo)事件來(lái)說(shuō),鼠標(biāo)之光標(biāo)在哪個(gè)窗口內(nèi),改鼠標(biāo)事件就被送給創(chuàng)造這個(gè)窗口的線程。對(duì)鍵盤事件來(lái)說(shuō),比較復(fù)雜。在任一時(shí)間會(huì)有一個(gè)線程與RIT有聯(lián)系,這個(gè)線程被稱為foreground thread,簡(jiǎn)單的說(shuō),這個(gè)線程創(chuàng)建的窗口為當(dāng)前活動(dòng)窗口(或者被稱為焦點(diǎn)窗口),于是所有的鍵盤消息被送給該線程的消息隊(duì)列。當(dāng)激活另一個(gè)窗口時(shí),新的焦點(diǎn)窗口所屬的線程就成了foreground thread ,于是。。。
3.VIQ 虛假輸入隊(duì)列?
??? 每個(gè)執(zhí)行的線程都有自己的虛擬輸入隊(duì)列(Virtual Input Queue),用來(lái)處理來(lái)自硬件、處理器(Processor)或操作系統(tǒng)的消息(Message)。這些隊(duì)列都是異步的,也就是說(shuō),當(dāng)處理器發(fā)送一個(gè)消息給另外一個(gè)線程的隊(duì)列時(shí),發(fā)送函數(shù)不用等待其他線程處理該消息就可返回,而接收消息的線程可以等到該線程準(zhǔn)備好時(shí)再訪問(wèn)并處理接收到的消息。
4.虛擬輸入隊(duì)列和局部輸入狀態(tài)分別是什么? (cqf)
????? 虛擬輸入隊(duì)列見(jiàn)問(wèn)題3
????? 局部輸入狀態(tài):
????? Each thread has its own local input state, which is managed inside a thread's THREADINFO structure (discussed in Chapter 26). This input state consists of the thread's virtualized input queue as well as a set of variables. These variables keep track of the following input state management information:
????? Keyboard input and window focus information, such as
????? Which window has keyboard focus;Which window is active;Which keys are considered pressed down;The state of the caret;
????? The variables also keep track of mouse cursor management information, such as
????? Which window has mouse capture;The shape of the mouse cursor;The visibility of the mouse cursor;