Use hook technology to implement keyboard monitoring
Urumqi Medical College
Lu Lijian
---- In many systems, for security or other reasons, often require monitoring keyboards at any time, a professional monitoring program must have two points, one is real-time; second, it runs as an indication icon. This can be achieved in the indicator of the application that uses hook (ie hook) technology to add the application to the WINDOW taskbar. Based on the API help documentation, I discussed the two parts according to the specific implementation of the Delphi development environment.
First, the implementation of hook (hook):
---- Hook is a mechanism for monitoring a message stream in the Microsoft Windows message processing process to monitor message flows and have not yet reached the window of the window. If the hook process is implemented in the application, if the application is not the current window, the hook does not work; if the hook is implemented in the DLL, the program is dynamically called it in the run, which can monitor the system in real time. As needed, we use the way to implement HOOK in the DLL.
---- 1. Newly built a DLL file that exports two functions, defines the hook specific implementation process in HookProc.PAS. code show as below:
Library Keyspy;
Uses
Windows, Messages, HookProc in 'hookproc.pas';
Exports
SetKeyHOK,
EndKeyhook;
Begin
NextHOKPROC: = 0;
ProcsaveExit: = exitproc;
EXITPROC: = @ Keyhookexit;
End.
2. Realize the specific process of hooks in hookProc.pas:
Unit hookproc;
Interface
Uses
Windows, Messages, Sysutils, Controls, Stdctrls;
VAR
NextHOKPROC: hHOOK;
ProcsaveExit: Pointer;
Function KeyboardHook (icode: integer; wparam: wparam;
LPARAM: LPARAM): LRESULT; stdcall;
Function setKeyhook: bool; export; // load hook
Function endkeyhook: bool; export; // Uninstall hook
Procedure Keyhookexit; FAR;
Const
AfileName = 'c: /debug.txt'; / / write keyboard input action write file
VAR
Debugfile: TextFile;
IMPLEMENTATION
Function KeyboardHookHandler (Icode: wparam;
LPARAM: LPARAM): LRESULT; stdcall;
Begin
Icode <0 THEN
Begin
Result: = CallNexthookex (HNEXTHOOKPROC, ICODE, WPARAM, LPARAM);
EXIT;
END;
Assignfile (Debugfile, AfileName);
Append (debugfile);
IF getKeyState (vk_return) <0 THEN
Begin
Writeln (Debugfile, '');
Write (Debugfile, Char (WPARAM));
end
Else
Write (Debugfile, Char (WPARAM));
Closefile (Debugfile);
Result: = 0;
END;
Function endkeyhook: bool; export; begin
If nextookProc <> 0 THEN Begin
UnHookWindowshookex (NextHOOKPROC);
NextHOKPROC: = 0;
MessageBeep (0);
Result: = HNEXTHOKPROC = 0;
END;
Procedure Keyhookexit; FAR;
Begin
IF nextookProc <> 0. EndKeyhook;
EXITPROC: = procsaveexit;
End.
---- II, WIN95 / 98 uses the task bar to display the application or tool icon to the indication area icon, involve an API function shell_notifyicon, there are two parameters, one is pointing to the TNOTIFYICONDATA structure, The other is to add, delete, change the icon. The icon's icon is added to the indicator area through this function function, increasing professional characteristics as an icon. When the program starts, right-click the icon, pop up a menu, select Sthook or Endhook.
Unit KB;
Interface
Uses
Windows, Messages, Sysutils, Classes,
Graphics, Controls, Forms,
Dialogs,
STDCTRLS, MENUS, Shellapi;
Const
Icon_ID = 1;
MI_ICONEVENT = WM_USER 1; // Define a user message
Type
TFORM1 = Class (TFORM)
Popupmenu1: TPopupmenu;
Sthook1: Tmenuitem;
Endhook1: tmenuitem;
N1: tMenuitem;
About1: TMenuItem
Close1: TMenuItem
GetText1: TMenuItem
Procedure formcreate (Sender: TOBJECT);
Procedure setook1click (sender: TOBJECT);
Procedure endhook1click (sender: TOBJECT);
Procedure FormDestroy (Sender: TOBJECT);
Procedure Close1Click (Sender: TOBJECT);
Private
{Private Declarations}
NID: TNOTIFYICONDATA;
Normalicon: ticon;
public
{Public declarations}
Procedure icontray (var Msg: tMessage);
Message mi_ICONEVENT;
END;
VAR
FORM1: TFORM1;
IMPLEMENTATION
{$ R * .dfm}
Function setKeyhook: bool; exTernal 'keysspy.dll';
Function endkeyhook: bool; external 'keyspy.dll';
Procedure TFORM1.ICONTRAY (VAR MSG: TMESSAGE);
VAR
PT: TPOINT;
Begin
IF msg.lparam = wm_lbuttondown then
SetHook1click (Self);
if msg.lparam = wm_rbuttondown then
Begin
GetCursorpos (PT);
SetForegroundWindow (Handle);
PopupMenu1.Popup (pt.x, pt.y);
END;
Procedure TFORM1.FormCreate (Sender: TOBJECT);
Begin
Normalicon: = ticon.create;
Application.title: = CAPTION;
Nid.cbsize: = sizeof (NID);
Nid.wnd: = Handle;
Nid.uid: = icon_id;
Nid.uflags: = nif_icon or nif_message or nif_tip;
Nid.ucallbackMessage: = mi_ICONEVENT;
Nid.hicon: = normalicon.handle;
Strcopy (Nid.sztip, Pchar (CAPTION);
Nid.uflags: = nif_message or nif_icon or nif_tip;
Shell_notifyicon (NIM_ADD, @ NID);
Setwindowlong (Application.handle,
GWL_EXSTYLE, WS_EX_TOOLWINDOW);
END;
Procedure TFORM1.SETHOK1CLICK (Sender: TOBJECT);
Begin
SetKeyHOK;
END;
Procedure TFORM1.ENDHOOK1CLICK (Sender: TOBJECT);
Begin
EndKeyhook;
END;
Procedure TFORM1.FORMDESTROY (Sender: TOBJECT);
Begin
Nid.uflags: = 0;
Shell_notifyicon (Nim_Delete, @ NID);
END;
Procedure tform1.close1click (sender: TOBJECT);
Begin
Application.Terminate;
END;
---- This program only uses several shellai functions, but it involves more important than references to DLLs in Delphi, hook implementation, the operation of the indicator, the user-defined message processing, and the reading and writing of the file. Content, I believe this article can help many Delphi's beginners.
---- The program runs normally in Win98, Delphi4.0.
