关于NtUserSetWindowsHookEx这个函数

.text:77D311D1 ; HHOOK __stdcall SetWindowsHookExA(int idHook, HOOKPROC lpfn, HINSTANCE hmod, DWORD dwThreadId)
.text:77D311D1                public _SetWindowsHookExA@16
.text:77D311D1 _SetWindowsHookExA@16 proc near
.text:77D311D1
.text:77D311D1 idHook          = dword ptr  8
.text:77D311D1 lpfn            = dword ptr  0Ch
.text:77D311D1 hModule        = dword ptr  10h
.text:77D311D1 dwThreadId      = dword ptr  14h
.text:77D311D1
.text:77D311D1                mov    edi, edi
.text:77D311D3                push    ebp
.text:77D311D4                mov    ebp, esp
.text:77D311D6                push    2              ; int
.text:77D311D8                push    [ebp+dwThreadId] ; int
.text:77D311DB                push    [ebp+hModule]  ; hModule
.text:77D311DE                push    [ebp+lpfn]      ; int
.text:77D311E1                push    [ebp+idHook]    ; int
.text:77D311E4                call    _SetWindowsHookExAW@20 ; SetWindowsHookExAW(x,x,x,x,x)
.text:77D311E9                pop    ebp
.text:77D311EA                retn    10h
.text:77D311EA _SetWindowsHookExA@16 endp

.text:77D2DCFD ; int __stdcall SetWindowsHookExAW(int, int, HMODULE hModule, int, int)
.text:77D2DCFD _SetWindowsHookExAW@20 proc near        ; CODE XREF: SetWindowsHookExW(x,x,x,x)+13p
.text:77D2DCFD                                        ; SetWindowsHookExA(x,x,x,x)+13p
.text:77D2DCFD
.text:77D2DCFD Filename        = word ptr -20Ch
.text:77D2DCFD var_4          = dword ptr -4
.text:77D2DCFD arg_0          = dword ptr  8
.text:77D2DCFD arg_4          = dword ptr  0Ch
.text:77D2DCFD hModule        = dword ptr  10h
.text:77D2DCFD arg_C          = dword ptr  14h
.text:77D2DCFD arg_10          = dword ptr  18h
.text:77D2DCFD
.text:77D2DCFD                mov    edi, edi
.text:77D2DCFF                push    ebp
.text:77D2DD00                mov    ebp, esp
.text:77D2DD02                sub    esp, 20Ch
.text:77D2DD08                mov    eax, ___security_cookie
.text:77D2DD0D                push    esi
.text:77D2DD0E                mov    esi, [ebp+hModule]
.text:77D2DD11                test    esi, esi
.text:77D2DD13                push    edi
.text:77D2DD14                mov    edi, [ebp+arg_4]
.text:77D2DD17                mov    [ebp+var_4], eax
.text:77D2DD1A                jz      short loc_77D2DD33
.text:77D2DD1C                push    104h            ; nSize
.text:77D2DD21                lea    eax, [ebp+Filename]
.text:77D2DD27                push    eax            ; lpFilename
.text:77D2DD28                push    esi            ; hModule
.text:77D2DD29                call    ds:__imp__GetModuleFileNameW@12 ; GetModuleFileNameW(x,x,x)
.text:77D2DD2F                test    eax, eax
.text:77D2DD31                jz      short loc_77D2DD52
.text:77D2DD33
.text:77D2DD33 loc_77D2DD33:                          ; CODE XREF: SetWindowsHookExAW(x,x,x,x,x)+1Dj
.text:77D2DD33                push    [ebp+arg_10]
.text:77D2DD36                mov    eax, esi
.text:77D2DD38                push    edi
.text:77D2DD39                push    [ebp+arg_0]
.text:77D2DD3C                neg    eax
.text:77D2DD3E                push    [ebp+arg_C]
.text:77D2DD41                sbb    eax, eax
.text:77D2DD43                lea    ecx, [ebp+Filename]
.text:77D2DD49                and    eax, ecx
.text:77D2DD4B                push    eax
.text:77D2DD4C                push    esi
.text:77D2DD4D                call    __SetWindowsHookEx@24 ; _SetWindowsHookEx(x,x,x,x,x,x)
.text:77D2DD52
.text:77D2DD52 loc_77D2DD52:                          ; CODE XREF: SetWindowsHookExAW(x,x,x,x,x)+34j
.text:77D2DD52                mov    ecx, [ebp+var_4]
.text:77D2DD55                pop    edi
.text:77D2DD56                pop    esi
.text:77D2DD57                call    @__security_check_cookie@4 ; __security_check_cookie(x)
.text:77D2DD5C                leave
.text:77D2DD5D                retn    14h
.text:77D2DD5D _SetWindowsHookExAW@20 endp
.text:77D2DD5D

.text:77D2DD65 ; __stdcall _SetWindowsHookEx(x, x, x, x, x, x)
.text:77D2DD65 __SetWindowsHookEx@24 proc near        ; CODE XREF: SetWindowsHookExAW(x,x,x,x,x)+50p
.text:77D2DD65
.text:77D2DD65 var_10          = byte ptr -10h
.text:77D2DD65 var_8          = dword ptr -8
.text:77D2DD65 var_4          = dword ptr -4
.text:77D2DD65 arg_0          = dword ptr  8
.text:77D2DD65 arg_4          = dword ptr  0Ch
.text:77D2DD65 arg_8          = dword ptr  10h
.text:77D2DD65 arg_C          = dword ptr  14h
.text:77D2DD65 arg_10          = dword ptr  18h
.text:77D2DD65 arg_14          = dword ptr  1Ch
.text:77D2DD65
.text:77D2DD65                mov    edi, edi
.text:77D2DD67                push    ebp
.text:77D2DD68                mov    ebp, esp
.text:77D2DD6A                sub    esp, 10h
.text:77D2DD6D                push    [ebp+arg_4]
.text:77D2DD70                and    [ebp+var_4], 0
.text:77D2DD74                lea    eax, [ebp+var_10]
.text:77D2DD77                push    eax
.text:77D2DD78                mov    [ebp+var_8], eax
.text:77D2DD7B                call    ds:__imp__RtlInitUnicodeString@8 ; RtlInitUnicodeString(x,x)
.text:77D2DD81                push    [ebp+arg_14]
.text:77D2DD84                push    [ebp+arg_10]
.text:77D2DD87                push    [ebp+arg_C]
.text:77D2DD8A                push    [ebp+arg_8]
.text:77D2DD8D                push    [ebp+var_8]
.text:77D2DD90                push    [ebp+arg_0]
.text:77D2DD93                call    _NtUserSetWindowsHookEx@24 ; NtUserSetWindowsHookEx(x,x,x,x,x,x)
.text:77D2DD98                leave
.text:77D2DD99                retn    18h
.text:77D2DD99 __SetWindowsHookEx@24 endp
.text:77D2DD99