Windows (C++) 中的 WH_JOURNALRECORD 挂钩 - 从未调用过回调. [英] WH_JOURNALRECORD hook in Windows (C++) - Callback never called.
问题描述
以下代码在过去几个小时一直给我带来一些麻烦.我正在尝试编写一个小程序(基于网络上的一些教程),它使用 WH_JOURNALRECORD Windows 挂钩来记录击键.
The following code has been giving me some troubles for the past few hours. I'm trying to write a small program (based on some tutorials from the web), that uses a WH_JOURNALRECORD windows hook to log keystrokes.
主要代码:
#include "StdAfx.h"
#include <tchar.h>
#include <iostream>
#include <windows.h>
using std::cout;
using std::endl;
int _tmain(int argc, _TCHAR* argv[]) {
HINSTANCE hinst = LoadLibrary(_T("testdll3.dll"));
typedef void (*Install)();
typedef void (*Uninstall)();
Install install = (Install) GetProcAddress(hinst, "install");
Uninstall uninstall = (Uninstall) GetProcAddress(hinst, "uninstall");
install();
int foo;
std::cin >> foo;
cout << "Uninstalling" << endl;
uninstall();
return 0;
}
DLL 代码:
#include <windows.h>
#include <stdio.h>
#include <tchar.h>
HHOOK hhk;
HHOOK hhk2;
LRESULT CALLBACK journalRecordProc(int code, WPARAM wParam, LPARAM lParam) {
FILE * fileLog = fopen("journal.txt", "a+");
fprintf(fileLog,"loggedJournal\n");
fclose(fileLog);
CallNextHookEx(hhk,code,wParam,lParam);
return 0;
}
LRESULT CALLBACK wireKeyboardProc(int code,WPARAM wParam,LPARAM lParam) {
FILE * fileLog = fopen("keyboard.txt", "a+");
fprintf(fileLog,"loggedKeyboard\n");
fclose(fileLog);
CallNextHookEx(hhk,code,wParam,lParam);
return 0;
}
extern "C" __declspec(dllexport) void install() {
HINSTANCE thisDllInstance = LoadLibrary(_T("testdll3.dll"));
hhk = SetWindowsHookEx(WH_JOURNALRECORD, journalRecordProc, thisDllInstance, NULL);
hhk2 = SetWindowsHookEx(WH_KEYBOARD, wireKeyboardProc, thisDllInstance, NULL);
}
extern "C" __declspec(dllexport) void uninstall() {
UnhookWindowsHookEx(hhk);
UnhookWindowsHookEx(hhk2);
}
BOOL WINAPI DllMain( __in HINSTANCE hinstDLL, __in DWORD fdwReason, __in LPVOID lpvReserved) {
return TRUE;
}
由于某种原因,键盘钩子 (SetWindowsHookEx(WH_KEYBOARD, wireKeyboardProc,..)) 工作('keyboard.txt' 文件被创建),但日志钩子(SetWindowsHookEx(WH_JOURNALRECORD, journalRecordProc,...))没有.也就是说,日志挂钩的回调永远不会被调用(永远不会创建 journal.txt 文件).
For some reason, the keyboard hook (SetWindowsHookEx(WH_KEYBOARD, wireKeyboardProc,..)) works (the 'keyboard.txt' file is created), but the journaling hook (SetWindowsHookEx(WH_JOURNALRECORD, journalRecordProc,...)) doesn't. That is, the callback for the journaling hook is never called (journal.txt file is never created).
我认为这可能与 Windows 的 UAC(我在搜索网络时发现的)有关,但禁用 UAC 并以管理权限运行该程序并没有帮助.
I think this might have something to do with Windows' UAC (which I discovered while searching the web), but disabling UAC and running the program with administrative rights didn't help.
我不知道现在该怎么办.有人可以帮我吗?
I'm not sure what to do now. Can anyone help me?
谢谢
乔里斯
附加信息:我使用的是 Windows 7 + Visual Studio 2010
Additional Info: I'm using Windows 7 + Visual Studio 2010
编辑:事实证明,这确实与访问权限有关.也就是说,在 Windows Vista 中,出于安全原因禁用了日志挂钩 (WH_JOURNALRECORD)(另请参见 本网站).最后,我们使用了一种完全不同的方法在我们的应用程序中提供了类似的功能(我不会在这里详细介绍,因为我在问这个问题 1.5 年后才编辑这个问题,我不记得所有的我们解决方案的详细信息).
Edit: It turned out that this was indeed related to access rights. That is, in since Windows Vista, the journal hooks (WH_JOURNALRECORD) are disabled for security reasons (see also this website). In the end, we used a totally different approach to provide similar functionality in our application (which I won't go into detail here, as I'm editing this question 1.5 years after I asked this question and I don't recall all the details of our solution).
推荐答案
答案,根据已编辑问题中的链接:
The answer, as per the link in the edited question:
- 应用程序需要以管理权限运行.
- 应用必须从(子目录)
c:\program files运行 - 要禁用 UAC 对话框,必须对应用进行数字签名.
请注意,使用 UAC 活动的 Windows(Vista 及更高版本)将不允许调试 exe.
或者...您可以禁用 UAC(在调试时很有用).
Or... You can disable UAC (useful when debugging).
这是 Visual Studio 的设置对话框,将检查是否可以获取 XML 格式的清单文件
Here's the settings dialog for Visual Studio, will check to see if I can get the manifest file in XML format
这篇关于Windows (C++) 中的 WH_JOURNALRECORD 挂钩 - 从未调用过回调.的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
