C# Hook 键盘记录 , 监听窗口

Vvvvvoid

rt

KEYBOARD Hooker

[C#] 纯文本查看 复制代码

     public void Hook()
        {
            if (_keyboardHookHandle != IntPtr.Zero)
                return;
            
            using (var curProcess = Process.GetCurrentProcess())
            using (var curModule = curProcess.MainModule)
            {
                _keyboardHookHandle = NativeMethods.SetWindowsHookEx(
                    HookType.WH_KEYBOARD_LL,
                    KeyboardHookProc, NativeMethods.GetModuleHandle(curModule.ModuleName),
                    0);
            }

            if (_keyboardHookHandle == IntPtr.Zero)
            {
                var errorCode = Marshal.GetLastWin32Error();
                throw new Win32Exception(errorCode);
            }
        }

Windows Hooker

[C#] 纯文本查看 复制代码

public void Hook()
        {

            if (_hookHandleWinChange==IntPtr.Zero)
                _hookHandleWinChange = NativeMethods.SetWinEventHook(EVENT_SYSTEM_FOREGROUND, EVENT_SYSTEM_FOREGROUND,
                    IntPtr.Zero,
                    WinEventProc, 0, 0, WINEVENT_OUTOFCONTEXT);
                
            
            if (_hookHandleWinChange == IntPtr.Zero)
            {
                var errorCode = Marshal.GetLastWin32Error();
                throw new Win32Exception(errorCode);
            }

            if (_hookHandleTitleChange==IntPtr.Zero)
                _hookHandleTitleChange = NativeMethods.SetWinEventHook(EVENT_OBJECT_NAMECHANGE, EVENT_OBJECT_NAMECHANGE,
                    IntPtr.Zero,
                    WinEventProc, 0, 0, WINEVENT_OUTOFCONTEXT);

            if (_hookHandleTitleChange == IntPtr.Zero)
            {
                var errorCode = Marshal.GetLastWin32Error();
                throw new Win32Exception(errorCode);
            }
            RaiseOne();
        }

Hook 的记录 除了编辑框外，
还计划写入了本地文件， 并会记录按文件大小或者缓存来定期处理，比如发邮件之类 （这快还没做完。。）欢迎大佬提 request






Src: https://github.com/marlkiller/KeyBoardHook
Release : Release.7z (19.83 KB, 下载次数: 241)

2021-8-19 16:06 上传

点击文件名下载附件

whathell

windows 7，键盘hook有超时时间，如果有需要一直监控键盘的话，需要改注册表项，如下

MSDN 的Remark:

An application installs the hook procedure by specifying the WH_KEYBOARD_LL hook type and a pointer to the hook procedure in a call to the SetWindowsHookEx function.

This hook is called in the context of the thread that installed it. The call is made by sending a message to the thread that installed the hook. Therefore, the thread that installed the hook must have a message loop.

The hook procedure should process a message in less time than the data entry specified in the LowLevelHooksTimeout value in the following registry key:
HKEY_CURRENT_USER\Control Panel\Desktop

The value is in milliseconds. If the hook procedure does not return during this interval, the system will pass the message to the next hook.

Note that debug hooks cannot track this type of hook.

msdn原文链接：
https://social.msdn.microsoft.com/Forums/en-US/f6032ca1-31b8-4ad5-be39-f78dd29952da/hooking-problem-in-windows-7?forum=windowscompatibility

注册表截图在附件中:

Bds1r

楼主能出个C#hook 微信call 的例程吗

alex5153

谢谢分享 。学习学习

blueflagbj

很棒，就需要这个东西，好好学习学习

whathell

再给一个注册表文件

crlong33

有Python版本吗

不名物

source失效了

Otoboku

底层钩子调试中断，按下键盘然后卡死。

Vvvvvoid

Bds1r 发表于 2021-8-19 17:21
楼主能出个C#hook 微信call 的例程吗

hook 外部程序 一般都需要 DLL 注入,
C# 的 DLL 不适合做注入,  通常都是C++的