{WIN9X, NT, W2K system log hook sample program (Delphi version) --------------------------------- -------------------- WINDOWS Log Hook under Windows is a very useful hook type, he does not need dynamic link library * .dll, you can implement system level Event monitoring, it can only monitor the two hardware events, namely the mouse, keyboard operation, and cannot monitor other messages, recorded messages can be restored with log playback hooks, below this program, using Delphi, Control, only Win32 API, so it is used for any version of Delphi, of course, you can also use C to implement, you can write to me, this is the first edition, there may be BUG, everyone discovered the notice Let me, welcome everyone to discuss HOOK technology with me: -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ----------------- First Created: NJHHACK 2001.6.14 (VER1.0) E-mail: NJHHACK@21cn.com Home: Hotsky.363.net} program journal; // Contains Uses Windows, Messages, Sysutils; {$ R * .RES} // Use resource files // Define a new structure type Type Twin = Record MSG: TMSG; Wclass: TwndClass; Hmain: integer; lr: TRECT TEM: TEVENTMSG; END; VAR WIN: Twin; // Structural Variable HHJOURNALRECORDPROC: INTEGER; / / Log Hook handle // Write string STR to file C: /Key.txt Procedure SaveInfo (String); stdcall VAR f: textfile; fname: string; begin fname: = 'c: /key.txt'; assignfile (f, fname); if FileExists (FNAME) = false Then ReWrite (f) Else append (f); Writeln (f, str); closefile (f); end; // Write information to screen procedure Writestr; var HDC: Integer; str: string; begin hdc: = getdc (win .hmain; RoundRect (HDC, 10, 10, 240, 140, 12, 8); WITH WIN.TEM DO BEGIN STR: = Format ('window handle =% x', [hwnd]); Textout (HDC, 30, 24 * 1 , PCHAR (STR), Length (STR); str: = format ('mouse position = (% D,% d)', [paraml, paramh]); Textout (HDC, 30, 24 * 2, Pchar (STR) ), loncth (str)); str: = format ('message type =% x', [message]); Textout (HDC, 30, 24 * 3, PCHAR (STR), Length (STR)); str: = Format ('time =% d', [TIME DIV 1000]);
Textout (HDC, 30, 24 * 4, PCHAR (STR), Length (STR)); End; ReleaseDC (Win.hmain, HDC); END; // Requirers The callback function function journalRecordProc (ncode: integer; wparam: WPARAM; LPARAM: LPARAM: LRESULT; STDCALL; Begin Win.tem: = TEVENTMSG (PEVENTMSG (LPARAM) ^); if ncode> = 0 Then Begin with win.tem do begin with win.lr do begin left: = 10; Top: = 10; Right: = 240; Bottom: = 140; End; InvalidateRect (win.hmain, @ win.l, false); if message = wm_lbuttondown dam saveInfo (Format ('window handle =% x, mouse position = (% D,% d), message type = WM_LButtondown, time =% d ', [hWnd, paraml, paramH, time div 1000])); end; end; end; result: = CallnexThookex (hhjournalrRecordproc, ncode, wparam , lParam); // call at a hook end; // set the hook and delete function procedure SetHook (fSet: boolean); begin if fSet = true then begin if HHJournalRecordProc = 0 then HHJournalRecordProc: = SetWindowsHookEx (WH_JOURNALRECORD, @ JournalRecordProc, hinstance , 0); ELSE BEGIN IF HHJOURNALNALNALRECORDPROC <> 0 THEN UNHOOKWINDOWSHOKEX (HHJOURNALRECORDPROC); END; end; // main callback function WindowProc (hWnd, Msg, wParam, lParam: longint): LRESULT; stdcall; begin Result: = DefWindowProc (hWnd, Msg, wParam, lParam); case Msg of wm_paint: writestr; wm_destroy : Begin Sthook (false); Halt; End; End; End; // The execution function of the main program Procedure Run; start; begin win.wclass.hinstance: = Hinstance; WIN.WCLASTANCE; WITH WIN.WCLASS DO BEGIN HICON: = LoadCon (Hinstance, 'MAINICON'); hCursor: = LoadCursor (0, IDC_ARROW); hbrBackground: = COLOR_BTNFACE 1; Style: = CS_PARENTDC; lpfnWndProc: = @WindowProc; lpszClassName: = 'JournalRecordHook'; end; RegisterClass (win.wClass);
