利用消息钩子中的外壳钩子函数实现截获系统活动窗口的标题和程序名(程序名最好还要进行处理,就获取文件名及扩展名,即是去掉路径),还有自动获取主机名和系统当前时间(可用VC本身自带函数),并把他们都上传到数据库,不需要显示出来,上传到数据库就行了!
部分程序:
ShellHook.h文件中声明导出类:
class AFX_EXT_CLASS CShellHook:public CObject
{
public:
CShellHook();//钩子类的构造函数
~CShellHook();//钩子类的析构函数
void SetShellHook(); //安装钩子函数
void unSetShellHook(); //卸载钩子函数
};
ShellHook.cpp文件的内容:
// ShellHook.cpp : Defines the initialization routines for the DLL.
//#include "stdafx.h"
#include <afxdllx.h>
#include"ShellHook.h"
#ifdef _DEBUG
#define new DEBUG_NEW
#undef THIS_FILE
static char THIS_FILE[] = __FILE__;
#endifHHOOK glShellHook; //安装的外壳钩子句柄
HINSTANCE hInst; //DLL实例句柄LRESULT CALLBACK ShellHookProc(int nCode,WPARAM wParam,LPARAM lParam);
void SaveLog(CString str);static AFX_EXTENSION_MODULE ShellHookDLL = { NULL, NULL };extern "C" int APIENTRY
DllMain(HINSTANCE hInstance, DWORD dwReason, LPVOID lpReserved)
{
// Remove this if you use lpReserved
//如果使用lpReserved参数则删除下面这行
UNREFERENCED_PARAMETER(lpReserved); if (dwReason == DLL_PROCESS_ATTACH)
{
TRACE0("SHELLHOOK.DLL Initializing!\n");
// Extension DLL one-time initialization
//扩展DLL仅初始化一次
if (!AfxInitExtensionModule(ShellHookDLL, hInstance))
return 0; // Insert this DLL into the resource chain
// NOTE: If this Extension DLL is being implicitly linked to by
// an MFC Regular DLL (such as an ActiveX Control)
// instead of an MFC application, then you will want to
// remove this line from DllMain and put it in a separate
// function exported from this Extension DLL. The Regular DLL
// that uses this Extension DLL should then explicitly call that
// function to initialize this Extension DLL. Otherwise,
// the CDynLinkLibrary object will not be attached to the
// Regular DLL's resource chain, and serious problems will
// result. new CDynLinkLibrary(ShellHookDLL);
//把DLL加入动态MFC类库中
hInst=hInstance; //插入保存DLL实例句柄
}
else if (dwReason == DLL_PROCESS_DETACH)
{
TRACE0("SHELLHOOK.DLL Terminating!\n");
// Terminate the library before destructors are called
//终止这个链接库前调用它
AfxTermExtensionModule(ShellHookDLL);
}
return 1; // ok
}CShellHook::CShellHook()
//类构造函数
{
}
CShellHook::~CShellHook()
//类析构函数
{
unSetShellHook();
}void CShellHook::SetShellHook()
//安装钩子并设定接收显示窗口句柄
{
glShellHook=(HHOOK)SetWindowsHookEx(WH_SHELL,ShellHookProc,hInst,0);
}void CShellHook::unSetShellHook()
//卸载钩子
{
if (glShellHook)
{
BOOL bRet=UnhookWindowsHookEx(glShellHook);
if (bRet)
{
glShellHook=NULL;//清变量
}
}
}
void SaveLog(CString str)
{
CTime tm=CTime::GetCurrentTime();
CString name;
name.Format("D:\\shellhook_%d_%d.log",tm.GetMonth(),tm.GetDay());
CFile file;
if (!file.Open(name,CFile::modeReadWrite))
{
file.Open(name,CFile::modeCreate|CFile::modeReadWrite);
}
file.SeekToEnd();
file.Write(str.GetBuffer(128),str.GetLength());
CString strTime;
strTime.Format("\t%02d:%02d:%02d\r\n",tm.GetHour(),tm.GetMinute(),tm.GetSecond());
file.Write(strTime.GetBuffer(128),strTime.GetLength());
file.Close();
}LRESULT CALLBACK ShellHookProc(int nCode,WPARAM wParam,LPARAM lParam)
{
if (nCode==HSHELL_WINDOWCREATED)
{
CWnd* pwnd=CWnd::FromHandle((HWND)wParam);
CString strName;
pwnd->GetWindowText(strName);
SaveLog(strName);
if (strName=="扫雷")
{
PostMessage(pwnd->GetSafeHwnd(),WM_CLOSE,0,0);
}
}
return 0;
}
蓝色部分就是要改成实现截取功能的部分(或者有其他实现方法也可,不过要用到消息钩子)。最好能加上注释!其他部分如有改动也请写上注释!(开发语言:VC++)
部分程序:
ShellHook.h文件中声明导出类:
class AFX_EXT_CLASS CShellHook:public CObject
{
public:
CShellHook();//钩子类的构造函数
~CShellHook();//钩子类的析构函数
void SetShellHook(); //安装钩子函数
void unSetShellHook(); //卸载钩子函数
};
ShellHook.cpp文件的内容:
// ShellHook.cpp : Defines the initialization routines for the DLL.
//#include "stdafx.h"
#include <afxdllx.h>
#include"ShellHook.h"
#ifdef _DEBUG
#define new DEBUG_NEW
#undef THIS_FILE
static char THIS_FILE[] = __FILE__;
#endifHHOOK glShellHook; //安装的外壳钩子句柄
HINSTANCE hInst; //DLL实例句柄LRESULT CALLBACK ShellHookProc(int nCode,WPARAM wParam,LPARAM lParam);
void SaveLog(CString str);static AFX_EXTENSION_MODULE ShellHookDLL = { NULL, NULL };extern "C" int APIENTRY
DllMain(HINSTANCE hInstance, DWORD dwReason, LPVOID lpReserved)
{
// Remove this if you use lpReserved
//如果使用lpReserved参数则删除下面这行
UNREFERENCED_PARAMETER(lpReserved); if (dwReason == DLL_PROCESS_ATTACH)
{
TRACE0("SHELLHOOK.DLL Initializing!\n");
// Extension DLL one-time initialization
//扩展DLL仅初始化一次
if (!AfxInitExtensionModule(ShellHookDLL, hInstance))
return 0; // Insert this DLL into the resource chain
// NOTE: If this Extension DLL is being implicitly linked to by
// an MFC Regular DLL (such as an ActiveX Control)
// instead of an MFC application, then you will want to
// remove this line from DllMain and put it in a separate
// function exported from this Extension DLL. The Regular DLL
// that uses this Extension DLL should then explicitly call that
// function to initialize this Extension DLL. Otherwise,
// the CDynLinkLibrary object will not be attached to the
// Regular DLL's resource chain, and serious problems will
// result. new CDynLinkLibrary(ShellHookDLL);
//把DLL加入动态MFC类库中
hInst=hInstance; //插入保存DLL实例句柄
}
else if (dwReason == DLL_PROCESS_DETACH)
{
TRACE0("SHELLHOOK.DLL Terminating!\n");
// Terminate the library before destructors are called
//终止这个链接库前调用它
AfxTermExtensionModule(ShellHookDLL);
}
return 1; // ok
}CShellHook::CShellHook()
//类构造函数
{
}
CShellHook::~CShellHook()
//类析构函数
{
unSetShellHook();
}void CShellHook::SetShellHook()
//安装钩子并设定接收显示窗口句柄
{
glShellHook=(HHOOK)SetWindowsHookEx(WH_SHELL,ShellHookProc,hInst,0);
}void CShellHook::unSetShellHook()
//卸载钩子
{
if (glShellHook)
{
BOOL bRet=UnhookWindowsHookEx(glShellHook);
if (bRet)
{
glShellHook=NULL;//清变量
}
}
}
void SaveLog(CString str)
{
CTime tm=CTime::GetCurrentTime();
CString name;
name.Format("D:\\shellhook_%d_%d.log",tm.GetMonth(),tm.GetDay());
CFile file;
if (!file.Open(name,CFile::modeReadWrite))
{
file.Open(name,CFile::modeCreate|CFile::modeReadWrite);
}
file.SeekToEnd();
file.Write(str.GetBuffer(128),str.GetLength());
CString strTime;
strTime.Format("\t%02d:%02d:%02d\r\n",tm.GetHour(),tm.GetMinute(),tm.GetSecond());
file.Write(strTime.GetBuffer(128),strTime.GetLength());
file.Close();
}LRESULT CALLBACK ShellHookProc(int nCode,WPARAM wParam,LPARAM lParam)
{
if (nCode==HSHELL_WINDOWCREATED)
{
CWnd* pwnd=CWnd::FromHandle((HWND)wParam);
CString strName;
pwnd->GetWindowText(strName);
SaveLog(strName);
if (strName=="扫雷")
{
PostMessage(pwnd->GetSafeHwnd(),WM_CLOSE,0,0);
}
}
return 0;
}
蓝色部分就是要改成实现截取功能的部分(或者有其他实现方法也可,不过要用到消息钩子)。最好能加上注释!其他部分如有改动也请写上注释!(开发语言:VC++)
解决方案 »
免费领取超大流量手机卡,每月29元包185G流量+100分钟通话, 中国电信官方发货