不知道这个对你有没有帮助
win9x,nt,w2k 中的系统日志钩子示例程序(delphi 版)
-----------------------------------------------------
windows下的日志钩子是一种很有用的hook类型,他不需要动态链接库*.dll,就能实现
系统级的事件监控,它只能监视两种硬件的事件,即鼠标,键盘的操作,而不能监视其它
消息,被记录的消息可以用日志回放钩子将它还原,下面这个程序用delphi设计,没有
用delphi的控件,只用了win32 api,所以通用于delphi的任何版本,当然你也可以用c
来实现,有看不懂的可以写信给我,这是第一版,可能有bug,大家发现了通知我一下,欢
迎大家和我一起来讨论hook技术:
-----------------------------------------------------
first created:njhhack 2001.6.14 (ver1.0)
电子信箱:njhhack@21cn.com
主页:hotsky.363.net
}
program journal;
//包含如下头文件
uses windows,messages,sysutils;
{$r *.res} //使用资源文件
//定义一个新的结构类型
type
twin = record
msg:tmsg;
wclass:twndclass;
hmain:integer;
lr:trect;
tem:teventmsg;
end;
var
win:twin; //结构变量
hhjournalrecordproc:integer; //日志钩子句柄
//将字符串str写到文件c:/key.txt中
procedure saveinfo(str:string);stdcall;
var
f:textfile;
fname:string;
begin
fname:='c:/key.txt';
assignfile(f,fname);
if fileexists(fname)=false then rewrite(f)
else append(f);
writeln(f,str);
closefile(f);
end;
//将信息写到屏幕
procedure writestr;
var
hdc:integer;
str:string;
begin
hdc:=getdc(win.hmain);
roundrect(hdc,10,10,240,140,12,8);
with win.tem do
begin
str:=format('窗口句柄=%x',[hwnd]);
textout(hdc,30,24*1,pchar(str),length(str));
str:=format('鼠标位置=(%d,%d)',[paraml,paramh]);
textout(hdc,30,24*2,pchar(str),length(str));
str:=format('消息类型=%x',[message]);
textout(hdc,30,24*3,pchar(str),length(str));
str:=format('时间=%d',[time div 1000]);
textout(hdc,30,24*4,pchar(str),length(str));
end;
releasedc(win.hmain,hdc);
end;
//日志钩子的回调函数
function journalrecordproc(ncode:integer;wparam:wparam;lparam:lparam):lresult;stdcall;
begin
win.tem:=teventmsg(peventmsg(lparam)^);
if ncode>=0 then
begin
with win.tem do
begin
with win.lr do
begin
left:=10;
top:=10;
right:=240;
bottom:=140;
end;
invalidaterect(win.hmain,@win.lr,false);
if message=wm_lbuttondown then
begin
saveinfo(format('窗口句柄=%x,鼠标位置=(%d,%d),消息类型=wm_lbuttondown,时间=%d',[hwnd,paraml,paramh,time div 1000]));
end;
end;
end;
result:=callnexthookex(hhjournalrecordproc,ncode,wparam,lparam); //调用下一个钩子
end;
//钩子设置和删除函数
procedure sethook(fset:boolean);
begin
if fset=true then
begin
if hhjournalrecordproc=0 then hhjournalrecordproc:=setwindowshookex(wh_journalrecord,@journalrecordproc,hinstance,0);
end else
begin
if hhjournalrecordproc<>0 then unhookwindowshookex(hhjournalrecordproc);
end;
end;
//主程序的回调函数
function windowproc(hwnd,msg,wparam,lparam:longint):lresult; stdcall;
begin
result:=defwindowproc(hwnd,msg,wparam,lparam);
case msg of
wm_paint:writestr;
wm_destroy:begin sethook(false);halt;end;
end;
end;
//主程序的执行函数
procedure run;stdcall;
begin
win.wclass.hinstance:= hinstance;
with win.wclass do
begin
hicon:= loadicon(hinstance,'mainicon');
hcursor:= loadcursor(0,idc_arrow);
hbrbackground:= color_btnface+1;
style:= cs_parentdc;
lpfnwndproc:= @windowproc;
lpszclassname:='journalrecordhook';
end;
registerclass(win.wclass);
win.hmain:=createwindow(win.wclass.lpszclassname,'系统日志钩子演示程序',ws_visible or ws_overlappedwindow,10,10,260,180,0,0,hinstance,nil);
sethook(true);
while(getmessage(win.msg,win.hmain,0,0))do
begin
translatemessage(win.msg);
dispatchmessage(win.msg);
end;
end;
begin
run; //开始运行主程序
end.
