如何在键盘输入筛选器驱动程序(kbfiltr)中记录键盘输入 [英] How to log keyboard inputs in Keyboard Input Filter Driver (kbfiltr)

问题描述

我试图存储使用kbfiltr驱动程序(在Windows驱动程序工具包中提供)监视的所有键盘输入.目前，我只能在DriverEntry例程内使用ZwCreateFile例程创建文本文件；但是我无法在KbFilter_ServiceCallback函数中将任何信息写入文件.请帮助我如何将拦截的键盘数据包保存到日志文件中.

I am trying to store all the keyboard inputs being monitored using the kbfiltr driver (given in the Windows Driver Kit). At present, I can only create a text file using the ZwCreateFile routine, inside the DriverEntry routine; but I cannot write any information to file inside the KbFilter_ServiceCallback function. Please help me as to how I can save the intercepted keyboard packets in the log file.

推荐答案

我做了不同的操作，但是您可以尝试一下，

I did it differently, but you can give it a try,

KbFilter_IsrHook(
    PDEVICE_OBJECT         DeviceObject,               
    PKEYBOARD_INPUT_DATA   CurrentInput, 
    POUTPUT_PACKET         CurrentOutput,
    UCHAR                  StatusByte,
    PUCHAR                 DataByte,
    PBOOLEAN               ContinueProcessing,
    PKEYBOARD_SCAN_STATE   ScanState
    )

*DataByte为您提供实际截获的键盘值.您可以创建一个缓冲区并将其添加到DPCforISR中.偶尔，您可以从应用程序中调用IOCTL并将其写入文件.

*DataByte gives you the actual intercepted keyboard value. You can create a buffer and add to it in a DPCforISR. Once in a while you can have IOCTL call from your application and write it to file.

这篇关于如何在键盘输入筛选器驱动程序(kbfiltr)中记录键盘输入的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！