Jump to content

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Find out more here. X
X


Photo

Keyboard Hook


  • Please log in to reply
36 replies to this topic

#21 piccaso

piccaso

    Rock me, Amadeus!

  • MVPs
  • 893 posts

Posted 05 April 2007 - 10:19 PM

Larry already made a nice hooking dll.
Posted Image CoProc Multi Process Helper libraryTrashBin.nfshost.com store your AutoIt related files here!AutoIt User Map







#22 FuryCell

FuryCell

    A cornered fox is more dangerous than a jackal!

  • Active Members
  • PipPipPipPipPipPip
  • 2,437 posts

Posted 05 April 2007 - 11:24 PM

Larry already made a nice hooking dll.

Here is the link for those interested.

http://www.autoitscript.com/forum/index.php?showtopic=23173

Edited by SolidSnake, 05 April 2007 - 11:25 PM.

HKTunes:Softpedia | GoogleCodeLyricToy:Softpedia | GoogleCodeRCTunes:Softpedia | GoogleCodeMichtaToolsProgrammer n. - An ingenious device that turns caffeine into code.

#23 daslick

daslick

    Polymath

  • Active Members
  • PipPipPipPip
  • 226 posts

Posted 06 April 2007 - 10:13 PM

I was hoping to hook without a dll. Does anyone have code they will share for this?

#24 zatorg

zatorg

    Wayfarer

  • Active Members
  • Pip
  • 79 posts

Posted 07 April 2007 - 12:29 PM

I was hoping to hook without a dll. Does anyone have code they will share for this?

As a matter of fact, it's pretty simple as long as you use a programming language that supports callbacks.
This is to illustrate that it's possible in C(++):


At first, register the callback function:
HHOOK Hook; Hook = SetWindowsHookEx (     WH_KEYBOARD_LL,     SomeCallbackProcedure,     GetModuleHandle( NULL ), // the handle of the window you want to hook.                                           // NULL => the hook is global.     0 );


Then, poll for events:
MSG msg; GetMessage( &msg, NULL, 0, 0 ); // will NOT return until the end of execution. UnhookWindowsHookEx( Hook ); // if you don't unhook, you may expect your program to crash.



The procedure which will be called:
Plain Text         
// At first, define some variables. BYTE                          KeybState[ 256 ]; WORD                        Symbol; KBDLLHOOKSTRUCT * stKey; LRESULT CALLBACK SomeCallbackProcedure ( int nCode, WPARAM wParam, LPARAM lParam ) {     if( nCode == HC_ACTION && wParam == WM_KEYDOWN )     // only in this case are we interested in the event.     {         stKey = ( KBDLLHOOKSTRUCT * ) /* cast needed */ lParam;         GetKeyState( 0 ); // something like "flush" :)         GetKeyboardState( KeybState ); // dump every key's state into the array         if         (          ToAscii          (           stKey->vkCode,           stKey->scanCode,           KeybState,           &Symbol, // if successful, stores the symbol here           0          )         ) // if it's not some weird key (i.e. ESC)         {            // "Symbol" now holds the key.            // You may need to cast it to char.            // Do whatever you need here - log it, etc.         }     }     return CallNextHookEx     ( NULL, nCode, wParam, lParam ); }


Again, notice that GetMessage() doesn't return until the execution is finished!

#25 zatorg

zatorg

    Wayfarer

  • Active Members
  • Pip
  • 79 posts

Posted 07 April 2007 - 03:22 PM

Ah yes, your'e right about that Windows 9x incompatibility...

#26 Jon

Jon

    Up all night to get lucky

  • Administrators
  • 10,630 posts

Posted 07 April 2007 - 04:26 PM

You can't hook "global" events without a DLL.

#27 zatorg

zatorg

    Wayfarer

  • Active Members
  • Pip
  • 79 posts

Posted 07 April 2007 - 05:57 PM

You can't hook "global" events without a DLL.

Not sure about misc. GUI events, but as for the keyboard, yes you can. I've written a keylogging program (which I do not want to share because of the forum rules) which uses the technique that I have explained. Using this technique one can catch keyboard-related events. If one changes the "if( nCode == HC_ACTION && wParam == WM_KEYDOWN )" condition, he/she might even be able to catch all the other events... Though not sure about that as this would mean a total flood :shocked:

Anyway, keyboard events are caught globally because a "global" handle is passed (not some window handle in which case only that window's events would be caught).

If your'e interested whether this really works, I can provide more sources as this was only a PoC.

#28 jennico

jennico

    Universalist

  • Active Members
  • PipPipPipPipPipPip
  • 862 posts

Posted 18 December 2007 - 09:30 PM

sorry,
this thread is dead, but i would like to know: where is that dll you are all talking about ?
or is this just a theoretical discussion ?
not much ado about nothing ?
j.
I actively support Wikileaks | Freedom for Julian Assange ! | Defend freedom of speech ! | Fight censorship ! | I will not silence.Posted ImageDon't forget this IP: 213.251.145.96

#29 LarryDalooza

LarryDalooza

    Schmember

  • Active Members
  • PipPipPipPipPipPip
  • 962 posts

Posted 19 December 2007 - 03:03 AM

http://www.autoitscript.com/forum/index.ph...st&p=402567
Posted ImageAutoIt3 Yahoo Group - Expert LarryA tool of Big Blue...

#30 GaryFrost

GaryFrost

    I don't need your attitude. I have one of my own

  • Developers
  • 7,854 posts

Posted 19 December 2007 - 04:43 AM

Now that autoit has DllCallbackRegister and DllCallbackGetPtr, should be able to do this without the external dll.

SciTE for AutoItDirections for Submitting Standard UDFs

Don't argue with an idiot; people watching may not be able to tell the difference.


#31 Valik

Valik

    Former developer.

  • Active Members
  • PipPipPipPipPipPip
  • 18,879 posts

Posted 19 December 2007 - 04:53 AM

Now that autoit has DllCallbackRegister and DllCallbackGetPtr, should be able to do this without the external dll.

I think keyboard hooks can only be done as global hooks which means it has to be a DLL.

#32 LarryDalooza

LarryDalooza

    Schmember

  • Active Members
  • PipPipPipPipPipPip
  • 962 posts

Posted 19 December 2007 - 04:57 AM

WH_KEYBOARD_LL

http://www.autoitscript.com/forum/index.ph...st&p=422499
Posted ImageAutoIt3 Yahoo Group - Expert LarryA tool of Big Blue...

#33 GaryFrost

GaryFrost

    I don't need your attitude. I have one of my own

  • Developers
  • 7,854 posts

Posted 19 December 2007 - 05:14 AM

WH_KEYBOARD_LL

http://www.autoitscript.com/forum/index.ph...st&p=422499

Yep case and point, slight mod with the new function

AutoIt         
Global Const $WH_KEYBOARD_LL = 13 Global $hHook Global $hStub_KeyProc = DllCallbackRegister("_KeyProc", "long", "int;wparam;lparam") Global $hmod = DllCall("kernel32.dll", "hwnd", "GetModuleHandle", "ptr", 0) Global $hHook = DllCall("user32.dll", "hwnd", "SetWindowsHookEx", "int", _         $WH_KEYBOARD_LL, "ptr", DllCallbackGetPtr($hStub_KeyProc), "hwnd", $hmod[0], "dword", 0) Global $buffer = "" MsgBox(4096, "", "Click OK, then open notepad and type..." & _         @LF & @LF & "Jon" & @LF & "AutoIt") While 1     Sleep(10) WEnd Func EvaluateKey($keycode)     If (($keycode > 64) And ($keycode < 91)) _             Or (($keycode > 47) And ($keycode < 58)) Then         $buffer &= Chr($keycode)         Switch $buffer             Case "Jon"                 ToolTip("What can you say?")             Case "AUTOIT"                 ToolTip("AutoIt Rocks")         EndSwitch     ElseIf ($keycode > 159) And ($keycode < 164) Then         Return     Else         $buffer = ""     EndIf EndFunc   ;==>EvaluateKey Func _KeyProc($nCode, $wParam, $lParam)     Local $ret, $KEYHOOKSTRUCT     If $nCode < 0 Then         $ret = DllCall("user32.dll", "long", "CallNextHookEx", "hwnd", $hHook[0], _                 "int", $nCode, "wparam", $wParam, "lparam", $lParam)         Return $ret[0]     EndIf     If $wParam = 256 Then         $KEYHOOKSTRUCT = DllStructCreate("dword;dword;dword;dword;ptr", $lParam)         EvaluateKey(DllStructGetData($KEYHOOKSTRUCT, 1))     EndIf     $ret = DllCall("user32.dll", "long", "CallNextHookEx", "hwnd", $hHook[0], _             "int", $nCode, "ptr", $wParam, "ptr", $lParam)     Return $ret[0] EndFunc   ;==>_KeyProc Func OnAutoItExit()     DllCall("user32.dll", "int", "UnhookWindowsHookEx", "hwnd", $hHook[0])     DllCallbackFree($hStub_KeyProc) EndFunc   ;==>OnAutoItExit

Edited by GaryFrost, 19 December 2007 - 05:37 AM.
changed params from ptr to wparam and lparam

SciTE for AutoItDirections for Submitting Standard UDFs

Don't argue with an idiot; people watching may not be able to tell the difference.


#34 GaryFrost

GaryFrost

    I don't need your attitude. I have one of my own

  • Developers
  • 7,854 posts

Posted 19 December 2007 - 06:34 PM

A little more detail, UDF style

AutoIt         
#include <WinAPI.au3> #include <WindowsConstants.au3> Global Const $WH_CALLWNDPROC     = 4 Global Const $WH_CALLWNDPROCRET  = 12 Global Const $WH_CBT             = 5 Global Const $WH_DEBUG           = 9 Global Const $WH_FOREGROUNDIDLE  = 11 Global Const $WH_GETMESSAGE      = 3 Global Const $WH_JOURNALPLAYBACK = 1 Global Const $WH_JOURNALRECORD   = 0 Global Const $WH_KEYBOARD        = 2 Global Const $WH_KEYBOARD_LL     = 13 Global Const $WH_MOUSE           = 7 Global Const $WH_MOUSE_LL        = 14 Global Const $WH_MSGFILTER       = -1 Global Const $WH_SHELL           = 10 Global Const $WH_SYSMSGFILTER    = 6 Global Const $KF_EXTENDED    = 0x100 Global Const $KF_ALTDOWN     = 0x2000 Global Const $KF_UP          = 0x8000 Global Const $LLKHF_EXTENDED = BitShift($KF_EXTENDED, 8) Global Const $LLKHF_INJECTED = 0x10 Global Const $LLKHF_ALTDOWN  = BitShift($KF_ALTDOWN, 8) Global Const $LLKHF_UP       = BitShift($KF_UP, 8) ; #STRUCTURE# =================================================================================================================== ; Name...........: $tagKBDLLHOOKSTRUCT ; Description ...: Contains information about a low-level keyboard input event ; Fields ........: vkCode               - Specifies a virtual-key code. The code must be a value in the range 1 to 254 ;                  scanCode             - Specifies a hardware scan code for the key ;                  flags                - Specifies the extended-key flag, event-injected flag, context code, and transition-state flag. This member is specified as follows. ;                  +  An application can use the following values to test the keystroke flags: ;                  |$LLKHF_EXTENDED     - Test the extended-key flag ;                  |$LLKHF_INJECTED     - Test the event-injected flag ;                  |$LLKHF_ALTDOWN      - Test the context code ;                  |$LLKHF_UP           - Test the transition-state flag ;                  |  0      - Specifies whether the key is an extended key, such as a function key or a key on the numeric keypad ;                  |    The value is 1 if the key is an extended key; otherwise, it is 0 ;                  |  1 to 3 - Reserved ;                  |  4      - Specifies whether the event was injected. The value is 1 if the event was injected; otherwise, it is 0 ;                  |  5      - Specifies the context code. The value is 1 if the ALT key is pressed; otherwise, it is 0 ;                  |  6      - Reserved ;                  |  7      - Specifies the transition state. The value is 0 if the key is pressed and 1 if it is being released ;                  time                 - Specifies the time stamp for this message, equivalent to what GetMessageTime would return for this message ;                  dwExtraInfo          - Specifies extra information associated with the message ; Author ........: Gary Frost (gafrost) ; Remarks .......: ; =============================================================================================================================== Global Const $tagKBDLLHOOKSTRUCT = "dword vkCode;dword scanCode;dword flags;dword time;ulong_ptr dwExtraInfo" Global $hHook Global $hStub_KeyProc = DllCallbackRegister("_KeyProc", "long", "int;wparam;lparam") Global $hmod = _WinAPI_GetModuleHandle(0) Global $hHook = _WinAPI_SetWindowsHookEx($WH_KEYBOARD_LL, DllCallbackGetPtr($hStub_KeyProc), $hmod) Global $buffer = "" MsgBox(4096, "", "Click OK, then open notepad and type..." & _         @LF & @LF & "Jon" & @LF & "AutoIt") While 1     Sleep(10) WEnd Func EvaluateKey($keycode)     If (($keycode > 64) And ($keycode < 91)) _ ; A - Z             Or (($keycode > 47) And ($keycode < 58)) Then ; 0 - 9         $buffer &= Chr($keycode)         Switch $buffer             Case "Jon"                 ToolTip("What can you say?")             Case "AUTOIT"                 ToolTip("AutoIt Rocks")         EndSwitch     ElseIf ($keycode > 159) And ($keycode < 164) Then         Return     ElseIf ($keycode = 27) Then ; esc key         Exit     Else         $buffer = ""     EndIf EndFunc   ;==>EvaluateKey ;=========================================================== ; callback function ;=========================================================== Func _KeyProc($nCode, $wParam, $lParam)     Local $tKEYHOOKS     $tKEYHOOKS = DllStructCreate($tagKBDLLHOOKSTRUCT, $lParam)     If $nCode < 0 Then         Return _WinAPI_CallNextHookEx($hHook, $nCode, $wParam, $lParam)     EndIf     If $wParam = $WM_KEYDOWN Then         EvaluateKey(DllStructGetData($tKEYHOOKS, "vkCode"))     Else         Local $flags = DllStructGetData($tKEYHOOKS, "flags")         Switch $flags             Case $LLKHF_ALTDOWN                 ConsoleWrite("$LLKHF_ALTDOWN" & @LF)             Case $LLKHF_EXTENDED                 ConsoleWrite("$LLKHF_EXTENDED" & @LF)             Case $LLKHF_INJECTED                 ConsoleWrite("$LLKHF_INJECTED" & @LF)             Case $LLKHF_UP                 ConsoleWrite("$LLKHF_UP: scanCode - " & DllStructGetData($tKEYHOOKS, "scanCode") & @TAB & "vkCode - " & DllStructGetData($tKEYHOOKS, "vkCode") & @LF)         EndSwitch     EndIf     Return _WinAPI_CallNextHookEx($hHook, $nCode, $wParam, $lParam) EndFunc   ;==>_KeyProc Func OnAutoItExit()     _WinAPI_UnhookWindowsHookEx($hHook)     DllCallbackFree($hStub_KeyProc) EndFunc   ;==>OnAutoItExit ; #FUNCTION# ==================================================================================================================== ; Name...........: _WinAPI_UnhookWindowsHookEx ; Description ...: Removes a hook procedure installed in a hook chain by the _WinAPI_SetWindowsHookEx function ; Syntax.........: _WinAPI_UnhookWindowsHookEx($hhk) ; Parameters ....: $hhk - Handle to the hook to be removed ; Return values .: Success      - True ;                  Failure      - False ; Author ........: Gary Frost ; Modified.......: ; Remarks .......: ; Related .......: ; Link ..........; @@MsdnLink@@ UnhookWindowsHookEx ; Example .......; ; =============================================================================================================================== Func _WinAPI_UnhookWindowsHookEx($hhk)     Local $iResult = DllCall("user32.dll", "int", "UnhookWindowsHookEx", "hwnd", $hhk)     If @error Then Return SetError(@error, @extended, 0)     Return $iResult[0] <> 0 EndFunc   ;==>_WinAPI_UnhookWindowsHookEx ; #FUNCTION# ==================================================================================================================== ; Name...........: _WinAPI_CallNextHookEx ; Description ...: Passes the hook information to the next hook procedure in the current hook chain ; Syntax.........: _WinAPI_CallNextHookEx($hhk, $iCode, $wParam, $lParam) ; Parameters ....: $hhk - Windows 95/98/ME: Handle to the current hook. An application receives this handle as a result of a previous call to the _WinAPI_SetWindowsHookEx function. ;                  |Windows NT/XP/2003: Ignored ;                  $iCode - Specifies the hook code passed to the current hook procedure. The next hook procedure uses this code to determine how to process the hook information ;                  $wParam  - Specifies the wParam value passed to the current hook procedure. ;                  |The meaning of this parameter depends on the type of hook associated with the current hook chain ;                  $lParam - Specifies the lParam value passed to the current hook procedure. ;                  |The meaning of this parameter depends on the type of hook associated with the current hook chain ; Return values .: Success      - This value is returned by the next hook procedure in the chain ;                  Failure      - -1 and @error is set ; Author ........: Gary Frost ; Modified.......: ; Remarks .......: ; Related .......: ; Link ..........; @@MsdnLink@@ CallNextHookEx ; Example .......; ; =============================================================================================================================== Func _WinAPI_CallNextHookEx($hhk, $iCode, $wParam, $lParam)     Local $iResult = DllCall("user32.dll", "long", "CallNextHookEx", "hwnd", $hhk, "int", $iCode, "wparam", $wParam, "lparam", $lParam)     If @error Then Return SetError(@error, @extended, -1)     Return $iResult[0] EndFunc   ;==>_WinAPI_CallNextHookEx ; #FUNCTION# ==================================================================================================================== ; Name...........: _WinAPI_SetWindowsHookEx ; Description ...: Installs an application-defined hook procedure into a hook chain ; Syntax.........: _WinAPI_SetWindowsHookEx($idHook, $lpfn, $hmod[, $dwThreadId = 0]) ; Parameters ....: $idHook  - Specifies the type of hook procedure to be installed. This parameter can be one of the following values: ;                  |$WH_CALLWNDPROC     - Installs a hook procedure that monitors messages before the system sends them to the destination window procedure ;                  |$WH_CALLWNDPROCRET  - Installs a hook procedure that monitors messages after they have been processed by the destination window procedure ;                  |$WH_CBT             - Installs a hook procedure that receives notifications useful to a computer-based training (CBT) application ;                  |$WH_DEBUG           - Installs a hook procedure useful for debugging other hook procedures ;                  |$WH_FOREGROUNDIDLE  - Installs a hook procedure that will be called when the application's foreground thread is about to become idle ;                  |$WH_GETMESSAGE      - Installs a hook procedure that monitors messages posted to a message queue ;                  |$WH_JOURNALPLAYBACK - Installs a hook procedure that posts messages previously recorded by a $WH_JOURNALRECORD hook procedure ;                  |$WH_JOURNALRECORD   - Installs a hook procedure that records input messages posted to the system message queue ;                  |$WH_KEYBOARD        - Installs a hook procedure that monitors keystroke messages ;                  |$WH_KEYBOARD_LL     - Windows NT/2000/XP: Installs a hook procedure that monitors low-level mouse input events ;                  |$WH_MOUSE           - Installs a hook procedure that monitors mouse messages ;                  |$WH_MOUSE_LL        - Windows NT/2000/XP: Installs a hook procedure that monitors low-level mouse input events ;                  |$WH_MSGFILTER       - Installs a hook procedure that monitors messages generated as a result of an input event in a dialog box, message box, menu, or scroll bar ;                  |$WH_SHELL           - Installs a hook procedure that receives notifications useful to shell applications ;                  |$WH_SYSMSGFILTER    - Installs a hook procedure that monitors messages generated as a result of an input event in a dialog box, message box, menu, or scroll bar ;                  $lpfn  - Pointer to the hook procedure. If the $dwThreadId parameter is zero or specifies the identifier of a thread created by a different process, ;                  + the $lpfn parameter must point to a hook procedure in a DLL. ;                  |Otherwise, $lpfn can point to a hook procedure in the code associated with the current process ;                  $hmod  - Handle to the DLL containing the hook procedure pointed to by the $lpfn parameter. ;                  |The $hMod parameter must be set to NULL if the $dwThreadId parameter specifies a thread created by the current process and if the hook procedure is within the ;                  + code associated with the current process ;                  $dwThreadId - Specifies the identifier of the thread with which the hook procedure is to be associated. ;                  |If this parameter is zero, the hook procedure is associated with all existing threads running in the same desktop as the calling thread ; Return values .: Success      - Handle to the hook procedure ;                  Failure      - 0 and @error is set ; Author ........: Gary Frost ; Modified.......: ; Remarks .......: ; Related .......: ; Link ..........; @@MsdnLink@@ SetWindowsHookEx ; Example .......; ; =============================================================================================================================== Func _WinAPI_SetWindowsHookEx($idHook, $lpfn, $hmod, $dwThreadId = 0)     Local $hwndHook = DllCall("user32.dll", "hwnd", "SetWindowsHookEx", "int", $idHook, "ptr", $lpfn, "hwnd", $hmod, "dword", $dwThreadId)     If @error Then Return SetError(@error, @extended, 0)     Return $hwndHook[0] EndFunc   ;==>_WinAPI_SetWindowsHookEx

SciTE for AutoItDirections for Submitting Standard UDFs

Don't argue with an idiot; people watching may not be able to tell the difference.


#35 piccaso

piccaso

    Rock me, Amadeus!

  • MVPs
  • 893 posts

Posted 23 December 2007 - 02:00 AM

I don't to get on your nerves gary but shouldn't the return type of '_KeyProc' and 'CallNextHookEx' be 'lparam' ?
// from windef.h typedef LONG_PTR            LPARAM; typedef LONG_PTR            LRESULT;

Posted Image CoProc Multi Process Helper libraryTrashBin.nfshost.com store your AutoIt related files here!AutoIt User Map

#36 GaryFrost

GaryFrost

    I don't need your attitude. I have one of my own

  • Developers
  • 7,854 posts

Posted 23 December 2007 - 07:22 AM

I don't to get on your nerves gary but shouldn't the return type of '_KeyProc' and 'CallNextHookEx' be 'lparam' ?

// from windef.h typedef LONG_PTR            LPARAM; typedef LONG_PTR            LRESULT;

http://msdn2.microsoft.com/en-us/library/m...984(VS.85).aspx
http://msdn2.microsoft.com/en-us/library/m...974(VS.85).aspx

SciTE for AutoItDirections for Submitting Standard UDFs

Don't argue with an idiot; people watching may not be able to tell the difference.


#37 Jon

Jon

    Up all night to get lucky

  • Administrators
  • 10,630 posts

Posted 25 December 2007 - 10:44 AM

LRESULT should be lparam (or long_ptr in the next beta).




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users