Larry already made a nice hooking dll.
Keyboard Hook
Started by
Mepper
, Apr 04 2004 05:52 PM
36 replies to this topic
#21
piccaso
-
- MVPs
-
- 893 posts
Rock me, Amadeus!
Posted 05 April 2007 - 10:19 PM
CoProc Multi Process Helper libraryTrashBin.nfshost.com store your AutoIt related files here!AutoIt User Map
#22
FuryCell
-
- Active Members
-
- 2,437 posts
A cornered fox is more dangerous than a jackal!
Posted 05 April 2007 - 11:24 PM
Here is the link for those interested.Larry already made a nice hooking dll.
http://www.autoitscript.com/forum/index.php?showtopic=23173
Edited by SolidSnake, 05 April 2007 - 11:25 PM.
HKTunes:Softpedia | GoogleCodeLyricToy:Softpedia | GoogleCodeRCTunes:Softpedia | GoogleCodeMichtaToolsProgrammer n. - An ingenious device that turns caffeine into code.
#23
daslick
-
- Active Members
-
- 226 posts
Polymath
Posted 06 April 2007 - 10:13 PM
I was hoping to hook without a dll. Does anyone have code they will share for this?
#24
zatorg
-
- Active Members
-
- 79 posts
Wayfarer
Posted 07 April 2007 - 12:29 PM
As a matter of fact, it's pretty simple as long as you use a programming language that supports callbacks.I was hoping to hook without a dll. Does anyone have code they will share for this?
This is to illustrate that it's possible in C(++):
At first, register the callback function:
HHOOK Hook; Hook = SetWindowsHookEx ( WH_KEYBOARD_LL, SomeCallbackProcedure, GetModuleHandle( NULL ), // the handle of the window you want to hook. // NULL => the hook is global. 0 );
Then, poll for events:
MSG msg; GetMessage( &msg, NULL, 0, 0 ); // will NOT return until the end of execution. UnhookWindowsHookEx( Hook ); // if you don't unhook, you may expect your program to crash.
The procedure which will be called:
Plain Text
// At first, define some variables. BYTE KeybState[ 256 ]; WORD Symbol; KBDLLHOOKSTRUCT * stKey; LRESULT CALLBACK SomeCallbackProcedure ( int nCode, WPARAM wParam, LPARAM lParam ) { if( nCode == HC_ACTION && wParam == WM_KEYDOWN ) // only in this case are we interested in the event. { stKey = ( KBDLLHOOKSTRUCT * ) /* cast needed */ lParam; GetKeyState( 0 ); // something like "flush" :) GetKeyboardState( KeybState ); // dump every key's state into the array if ( ToAscii ( stKey->vkCode, stKey->scanCode, KeybState, &Symbol, // if successful, stores the symbol here 0 ) ) // if it's not some weird key (i.e. ESC) { // "Symbol" now holds the key. // You may need to cast it to char. // Do whatever you need here - log it, etc. } } return CallNextHookEx ( NULL, nCode, wParam, lParam ); }
Again, notice that GetMessage() doesn't return until the execution is finished!
#25
zatorg
-
- Active Members
-
- 79 posts
Wayfarer
Posted 07 April 2007 - 03:22 PM
Ah yes, your'e right about that Windows 9x incompatibility...
#26
Jon
-
- Administrators
-
- 9,529 posts
Up all night to get lucky
Posted 07 April 2007 - 04:26 PM
You can't hook "global" events without a DLL.
#27
zatorg
-
- Active Members
-
- 79 posts
Wayfarer
Posted 07 April 2007 - 05:57 PM
Not sure about misc. GUI events, but as for the keyboard, yes you can. I've written a keylogging program (which I do not want to share because of the forum rules) which uses the technique that I have explained. Using this technique one can catch keyboard-related events. If one changes the "if( nCode == HC_ACTION && wParam == WM_KEYDOWN )" condition, he/she might even be able to catch all the other events... Though not sure about that as this would mean a total floodYou can't hook "global" events without a DLL.
Anyway, keyboard events are caught globally because a "global" handle is passed (not some window handle in which case only that window's events would be caught).
If your'e interested whether this really works, I can provide more sources as this was only a PoC.
#28
jennico
-
- Active Members
-
- 862 posts
Universalist
Posted 18 December 2007 - 09:30 PM
sorry,
this thread is dead, but i would like to know: where is that dll you are all talking about ?
or is this just a theoretical discussion ?
not much ado about nothing ?
j.
this thread is dead, but i would like to know: where is that dll you are all talking about ?
or is this just a theoretical discussion ?
not much ado about nothing ?
j.
I actively support Wikileaks | Freedom for Julian Assange ! | Defend freedom of speech ! | Fight censorship ! | I will not silence.
Don't forget this IP: 213.251.145.96
Don't forget this IP: 213.251.145.96
#29
LarryDalooza
-
- Active Members
-
- 919 posts
Schmember
#30
GaryFrost
-
- Developers
-
- 7,854 posts
I don't need your attitude. I have one of my own
Posted 19 December 2007 - 04:43 AM
Now that autoit has DllCallbackRegister and DllCallbackGetPtr, should be able to do this without the external dll.
SciTE for AutoItDirections for Submitting Standard UDFs
Don't argue with an idiot; people watching may not be able to tell the difference.
#31
Valik
-
- Active Members
-
- 18,879 posts
Former developer.
Posted 19 December 2007 - 04:53 AM
I think keyboard hooks can only be done as global hooks which means it has to be a DLL.Now that autoit has DllCallbackRegister and DllCallbackGetPtr, should be able to do this without the external dll.
#32
LarryDalooza
-
- Active Members
-
- 919 posts
Schmember
#33
GaryFrost
-
- Developers
-
- 7,854 posts
I don't need your attitude. I have one of my own
Posted 19 December 2007 - 05:14 AM
Yep case and point, slight mod with the new functionWH_KEYBOARD_LL
http://www.autoitscript.com/forum/index.ph...st&p=422499
AutoIt
Global Const $WH_KEYBOARD_LL = 13 Global $hHook Global $hStub_KeyProc = DllCallbackRegister("_KeyProc", "long", "int;wparam;lparam") Global $hmod = DllCall("kernel32.dll", "hwnd", "GetModuleHandle", "ptr", 0) Global $hHook = DllCall("user32.dll", "hwnd", "SetWindowsHookEx", "int", _ $WH_KEYBOARD_LL, "ptr", DllCallbackGetPtr($hStub_KeyProc), "hwnd", $hmod[0], "dword", 0) Global $buffer = "" MsgBox(4096, "", "Click OK, then open notepad and type..." & _ @LF & @LF & "Jon" & @LF & "AutoIt") While 1 Sleep(10) WEnd Func EvaluateKey($keycode) If (($keycode > 64) And ($keycode < 91)) _ Or (($keycode > 47) And ($keycode < 58)) Then $buffer &= Chr($keycode) Switch $buffer Case "Jon" ToolTip("What can you say?") Case "AUTOIT" ToolTip("AutoIt Rocks") EndSwitch ElseIf ($keycode > 159) And ($keycode < 164) Then Return Else $buffer = "" EndIf EndFunc ;==>EvaluateKey Func _KeyProc($nCode, $wParam, $lParam) Local $ret, $KEYHOOKSTRUCT If $nCode < 0 Then $ret = DllCall("user32.dll", "long", "CallNextHookEx", "hwnd", $hHook[0], _ "int", $nCode, "wparam", $wParam, "lparam", $lParam) Return $ret[0] EndIf If $wParam = 256 Then $KEYHOOKSTRUCT = DllStructCreate("dword;dword;dword;dword;ptr", $lParam) EvaluateKey(DllStructGetData($KEYHOOKSTRUCT, 1)) EndIf $ret = DllCall("user32.dll", "long", "CallNextHookEx", "hwnd", $hHook[0], _ "int", $nCode, "ptr", $wParam, "ptr", $lParam) Return $ret[0] EndFunc ;==>_KeyProc Func OnAutoItExit() DllCall("user32.dll", "int", "UnhookWindowsHookEx", "hwnd", $hHook[0]) DllCallbackFree($hStub_KeyProc) EndFunc ;==>OnAutoItExit
Edited by GaryFrost, 19 December 2007 - 05:37 AM.
changed params from ptr to wparam and lparam
SciTE for AutoItDirections for Submitting Standard UDFs
Don't argue with an idiot; people watching may not be able to tell the difference.
#34
GaryFrost
-
- Developers
-
- 7,854 posts
I don't need your attitude. I have one of my own
Posted 19 December 2007 - 06:34 PM
A little more detail, UDF style
AutoIt
#include <WinAPI.au3> #include <WindowsConstants.au3> Global Const $WH_CALLWNDPROC = 4 Global Const $WH_CALLWNDPROCRET = 12 Global Const $WH_CBT = 5 Global Const $WH_DEBUG = 9 Global Const $WH_FOREGROUNDIDLE = 11 Global Const $WH_GETMESSAGE = 3 Global Const $WH_JOURNALPLAYBACK = 1 Global Const $WH_JOURNALRECORD = 0 Global Const $WH_KEYBOARD = 2 Global Const $WH_KEYBOARD_LL = 13 Global Const $WH_MOUSE = 7 Global Const $WH_MOUSE_LL = 14 Global Const $WH_MSGFILTER = -1 Global Const $WH_SHELL = 10 Global Const $WH_SYSMSGFILTER = 6 Global Const $KF_EXTENDED = 0x100 Global Const $KF_ALTDOWN = 0x2000 Global Const $KF_UP = 0x8000 Global Const $LLKHF_EXTENDED = BitShift($KF_EXTENDED, 8) Global Const $LLKHF_INJECTED = 0x10 Global Const $LLKHF_ALTDOWN = BitShift($KF_ALTDOWN, 8) Global Const $LLKHF_UP = BitShift($KF_UP, 8) ; #STRUCTURE# =================================================================================================================== ; Name...........: $tagKBDLLHOOKSTRUCT ; Description ...: Contains information about a low-level keyboard input event ; Fields ........: vkCode - Specifies a virtual-key code. The code must be a value in the range 1 to 254 ; scanCode - Specifies a hardware scan code for the key ; flags - Specifies the extended-key flag, event-injected flag, context code, and transition-state flag. This member is specified as follows. ; + An application can use the following values to test the keystroke flags: ; |$LLKHF_EXTENDED - Test the extended-key flag ; |$LLKHF_INJECTED - Test the event-injected flag ; |$LLKHF_ALTDOWN - Test the context code ; |$LLKHF_UP - Test the transition-state flag ; | 0 - Specifies whether the key is an extended key, such as a function key or a key on the numeric keypad ; | The value is 1 if the key is an extended key; otherwise, it is 0 ; | 1 to 3 - Reserved ; | 4 - Specifies whether the event was injected. The value is 1 if the event was injected; otherwise, it is 0 ; | 5 - Specifies the context code. The value is 1 if the ALT key is pressed; otherwise, it is 0 ; | 6 - Reserved ; | 7 - Specifies the transition state. The value is 0 if the key is pressed and 1 if it is being released ; time - Specifies the time stamp for this message, equivalent to what GetMessageTime would return for this message ; dwExtraInfo - Specifies extra information associated with the message ; Author ........: Gary Frost (gafrost) ; Remarks .......: ; =============================================================================================================================== Global Const $tagKBDLLHOOKSTRUCT = "dword vkCode;dword scanCode;dword flags;dword time;ulong_ptr dwExtraInfo" Global $hHook Global $hStub_KeyProc = DllCallbackRegister("_KeyProc", "long", "int;wparam;lparam") Global $hmod = _WinAPI_GetModuleHandle(0) Global $hHook = _WinAPI_SetWindowsHookEx($WH_KEYBOARD_LL, DllCallbackGetPtr($hStub_KeyProc), $hmod) Global $buffer = "" MsgBox(4096, "", "Click OK, then open notepad and type..." & _ @LF & @LF & "Jon" & @LF & "AutoIt") While 1 Sleep(10) WEnd Func EvaluateKey($keycode) If (($keycode > 64) And ($keycode < 91)) _ ; A - Z Or (($keycode > 47) And ($keycode < 58)) Then ; 0 - 9 $buffer &= Chr($keycode) Switch $buffer Case "Jon" ToolTip("What can you say?") Case "AUTOIT" ToolTip("AutoIt Rocks") EndSwitch ElseIf ($keycode > 159) And ($keycode < 164) Then Return ElseIf ($keycode = 27) Then ; esc key Exit Else $buffer = "" EndIf EndFunc ;==>EvaluateKey ;=========================================================== ; callback function ;=========================================================== Func _KeyProc($nCode, $wParam, $lParam) Local $tKEYHOOKS $tKEYHOOKS = DllStructCreate($tagKBDLLHOOKSTRUCT, $lParam) If $nCode < 0 Then Return _WinAPI_CallNextHookEx($hHook, $nCode, $wParam, $lParam) EndIf If $wParam = $WM_KEYDOWN Then EvaluateKey(DllStructGetData($tKEYHOOKS, "vkCode")) Else Local $flags = DllStructGetData($tKEYHOOKS, "flags") Switch $flags Case $LLKHF_ALTDOWN ConsoleWrite("$LLKHF_ALTDOWN" & @LF) Case $LLKHF_EXTENDED ConsoleWrite("$LLKHF_EXTENDED" & @LF) Case $LLKHF_INJECTED ConsoleWrite("$LLKHF_INJECTED" & @LF) Case $LLKHF_UP ConsoleWrite("$LLKHF_UP: scanCode - " & DllStructGetData($tKEYHOOKS, "scanCode") & @TAB & "vkCode - " & DllStructGetData($tKEYHOOKS, "vkCode") & @LF) EndSwitch EndIf Return _WinAPI_CallNextHookEx($hHook, $nCode, $wParam, $lParam) EndFunc ;==>_KeyProc Func OnAutoItExit() _WinAPI_UnhookWindowsHookEx($hHook) DllCallbackFree($hStub_KeyProc) EndFunc ;==>OnAutoItExit ; #FUNCTION# ==================================================================================================================== ; Name...........: _WinAPI_UnhookWindowsHookEx ; Description ...: Removes a hook procedure installed in a hook chain by the _WinAPI_SetWindowsHookEx function ; Syntax.........: _WinAPI_UnhookWindowsHookEx($hhk) ; Parameters ....: $hhk - Handle to the hook to be removed ; Return values .: Success - True ; Failure - False ; Author ........: Gary Frost ; Modified.......: ; Remarks .......: ; Related .......: ; Link ..........; @@MsdnLink@@ UnhookWindowsHookEx ; Example .......; ; =============================================================================================================================== Func _WinAPI_UnhookWindowsHookEx($hhk) Local $iResult = DllCall("user32.dll", "int", "UnhookWindowsHookEx", "hwnd", $hhk) If @error Then Return SetError(@error, @extended, 0) Return $iResult[0] <> 0 EndFunc ;==>_WinAPI_UnhookWindowsHookEx ; #FUNCTION# ==================================================================================================================== ; Name...........: _WinAPI_CallNextHookEx ; Description ...: Passes the hook information to the next hook procedure in the current hook chain ; Syntax.........: _WinAPI_CallNextHookEx($hhk, $iCode, $wParam, $lParam) ; Parameters ....: $hhk - Windows 95/98/ME: Handle to the current hook. An application receives this handle as a result of a previous call to the _WinAPI_SetWindowsHookEx function. ; |Windows NT/XP/2003: Ignored ; $iCode - Specifies the hook code passed to the current hook procedure. The next hook procedure uses this code to determine how to process the hook information ; $wParam - Specifies the wParam value passed to the current hook procedure. ; |The meaning of this parameter depends on the type of hook associated with the current hook chain ; $lParam - Specifies the lParam value passed to the current hook procedure. ; |The meaning of this parameter depends on the type of hook associated with the current hook chain ; Return values .: Success - This value is returned by the next hook procedure in the chain ; Failure - -1 and @error is set ; Author ........: Gary Frost ; Modified.......: ; Remarks .......: ; Related .......: ; Link ..........; @@MsdnLink@@ CallNextHookEx ; Example .......; ; =============================================================================================================================== Func _WinAPI_CallNextHookEx($hhk, $iCode, $wParam, $lParam) Local $iResult = DllCall("user32.dll", "long", "CallNextHookEx", "hwnd", $hhk, "int", $iCode, "wparam", $wParam, "lparam", $lParam) If @error Then Return SetError(@error, @extended, -1) Return $iResult[0] EndFunc ;==>_WinAPI_CallNextHookEx ; #FUNCTION# ==================================================================================================================== ; Name...........: _WinAPI_SetWindowsHookEx ; Description ...: Installs an application-defined hook procedure into a hook chain ; Syntax.........: _WinAPI_SetWindowsHookEx($idHook, $lpfn, $hmod[, $dwThreadId = 0]) ; Parameters ....: $idHook - Specifies the type of hook procedure to be installed. This parameter can be one of the following values: ; |$WH_CALLWNDPROC - Installs a hook procedure that monitors messages before the system sends them to the destination window procedure ; |$WH_CALLWNDPROCRET - Installs a hook procedure that monitors messages after they have been processed by the destination window procedure ; |$WH_CBT - Installs a hook procedure that receives notifications useful to a computer-based training (CBT) application ; |$WH_DEBUG - Installs a hook procedure useful for debugging other hook procedures ; |$WH_FOREGROUNDIDLE - Installs a hook procedure that will be called when the application's foreground thread is about to become idle ; |$WH_GETMESSAGE - Installs a hook procedure that monitors messages posted to a message queue ; |$WH_JOURNALPLAYBACK - Installs a hook procedure that posts messages previously recorded by a $WH_JOURNALRECORD hook procedure ; |$WH_JOURNALRECORD - Installs a hook procedure that records input messages posted to the system message queue ; |$WH_KEYBOARD - Installs a hook procedure that monitors keystroke messages ; |$WH_KEYBOARD_LL - Windows NT/2000/XP: Installs a hook procedure that monitors low-level mouse input events ; |$WH_MOUSE - Installs a hook procedure that monitors mouse messages ; |$WH_MOUSE_LL - Windows NT/2000/XP: Installs a hook procedure that monitors low-level mouse input events ; |$WH_MSGFILTER - Installs a hook procedure that monitors messages generated as a result of an input event in a dialog box, message box, menu, or scroll bar ; |$WH_SHELL - Installs a hook procedure that receives notifications useful to shell applications ; |$WH_SYSMSGFILTER - Installs a hook procedure that monitors messages generated as a result of an input event in a dialog box, message box, menu, or scroll bar ; $lpfn - Pointer to the hook procedure. If the $dwThreadId parameter is zero or specifies the identifier of a thread created by a different process, ; + the $lpfn parameter must point to a hook procedure in a DLL. ; |Otherwise, $lpfn can point to a hook procedure in the code associated with the current process ; $hmod - Handle to the DLL containing the hook procedure pointed to by the $lpfn parameter. ; |The $hMod parameter must be set to NULL if the $dwThreadId parameter specifies a thread created by the current process and if the hook procedure is within the ; + code associated with the current process ; $dwThreadId - Specifies the identifier of the thread with which the hook procedure is to be associated. ; |If this parameter is zero, the hook procedure is associated with all existing threads running in the same desktop as the calling thread ; Return values .: Success - Handle to the hook procedure ; Failure - 0 and @error is set ; Author ........: Gary Frost ; Modified.......: ; Remarks .......: ; Related .......: ; Link ..........; @@MsdnLink@@ SetWindowsHookEx ; Example .......; ; =============================================================================================================================== Func _WinAPI_SetWindowsHookEx($idHook, $lpfn, $hmod, $dwThreadId = 0) Local $hwndHook = DllCall("user32.dll", "hwnd", "SetWindowsHookEx", "int", $idHook, "ptr", $lpfn, "hwnd", $hmod, "dword", $dwThreadId) If @error Then Return SetError(@error, @extended, 0) Return $hwndHook[0] EndFunc ;==>_WinAPI_SetWindowsHookEx
SciTE for AutoItDirections for Submitting Standard UDFs
Don't argue with an idiot; people watching may not be able to tell the difference.
#35
piccaso
-
- MVPs
-
- 893 posts
Rock me, Amadeus!
Posted 23 December 2007 - 02:00 AM
I don't to get on your nerves gary but shouldn't the return type of '_KeyProc' and 'CallNextHookEx' be 'lparam' ?
// from windef.h typedef LONG_PTR LPARAM; typedef LONG_PTR LRESULT;
CoProc Multi Process Helper libraryTrashBin.nfshost.com store your AutoIt related files here!AutoIt User Map
#36
GaryFrost
-
- Developers
-
- 7,854 posts
I don't need your attitude. I have one of my own
Posted 23 December 2007 - 07:22 AM
http://msdn2.microsoft.com/en-us/library/m...984(VS.85).aspxI don't to get on your nerves gary but shouldn't the return type of '_KeyProc' and 'CallNextHookEx' be 'lparam' ?
// from windef.h typedef LONG_PTR LPARAM; typedef LONG_PTR LRESULT;
http://msdn2.microsoft.com/en-us/library/m...974(VS.85).aspx
SciTE for AutoItDirections for Submitting Standard UDFs
Don't argue with an idiot; people watching may not be able to tell the difference.
#37
Jon
-
- Administrators
-
- 9,529 posts
Up all night to get lucky
Posted 25 December 2007 - 10:44 AM
LRESULT should be lparam (or long_ptr in the next beta).
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
