程序師世界是廣大編程愛好者互助、分享、學習的平台,程序師世界有你更精彩!
首頁
編程語言
C語言|JAVA編程
Python編程
網頁編程
ASP編程|PHP編程
JSP編程
數據庫知識
MYSQL數據庫|SqlServer數據庫
Oracle數據庫|DB2數據庫
 程式師世界 >> 編程語言 >> .NET網頁編程 >> C# >> C#入門知識 >> 常規鼠標鍵盤鉤子.映像劫持.開機自啟動,鼠標鍵盤鉤子

常規鼠標鍵盤鉤子.映像劫持.開機自啟動,鼠標鍵盤鉤子

編輯:C#入門知識

常規鼠標鍵盤鉤子.映像劫持.開機自啟動,鼠標鍵盤鉤子


using System;
using System.Collections.Generic;
using System.IO;
using System.Windows.Forms;
using System.Runtime.InteropServices;
using System.Reflection;


namespace HookTest
{
/*
注意:
如果運行中出現SetWindowsHookEx的返回值為0,這是因為.net 調試模式的問題,具體的做法是禁用宿主進程,在 Visual Studio 中打開項目。
在“項目”菜單上單擊“屬性”。
單擊“調試”選項卡。
清除“啟用 Visual Studio 宿主進程(啟用windows承載進程)”復選框 或 勾選啟用非托管代碼調試
*/

//Declare wrapper managed POINT class.
[StructLayout(LayoutKind.Sequential)]
public class POINT
{
public int x;
public int y;
}
//Declare wrapper managed MouseHookStruct class.
[StructLayout(LayoutKind.Sequential)]
public class MouseHookStruct
{
public POINT pt;
public int hwnd;
public int wHitTestCode;
public int dwExtraInfo;
}
//Declare wrapper managed KeyboardHookStruct class.

[StructLayout(LayoutKind.Sequential)]
public class KeyboardHookStruct
{
public int vkCode; //Specifies a virtual-key code. The code must be a value in the range 1 to 254.
public int scanCode; // Specifies a hardware scan code for the key.
public int flags; // Specifies the extended-key flag, event-injected flag, context code, and transition-state flag.
public int time; // Specifies the time stamp for this message.
public int dwExtraInfo; // Specifies extra information associated with the message.
}


public class GlobalHook
{
public delegate int HookProc(int nCode, Int32 wParam, IntPtr lParam);
public delegate int GlobalHookProc(int nCode, Int32 wParam, IntPtr lParam);
public GlobalHook()
{
//Start();
}
~GlobalHook()
{
Stop();
}
public event MouseEventHandler OnMouseActivity;
public event KeyEventHandler KeyDown;
public event KeyPressEventHandler KeyPress;
public event KeyEventHandler KeyUp;

/// <summary>
/// 定義鼠標鉤子句柄.
/// </summary>
static int _hMouseHook = 0;
/// <summary>
/// 定義鍵盤鉤子句柄
/// </summary>
static int _hKeyboardHook = 0;

public int HMouseHook
{
get { return _hMouseHook; }
}
public int HKeyboardHook
{
get { return _hKeyboardHook; }
}

/// <summary>
/// 鼠標鉤子常量(from Microsoft SDK Winuser.h )
/// </summary>
public const int WH_MOUSE_LL = 14;
/// <summary>
/// 鍵盤鉤子常量(from Microsoft SDK Winuser.h )
/// </summary>
public const int WH_KEYBOARD_LL = 13;

/// <summary>
/// 定義鼠標處理過程的委托對象
/// </summary>
GlobalHookProc MouseHookProcedure;
/// <summary>
/// 鍵盤處理過程的委托對象
/// </summary>
GlobalHookProc KeyboardHookProcedure;

//導入window 鉤子擴展方法導入

/// <summary>
/// 安裝鉤子方法
/// </summary>
[DllImport("user32.dll", CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
public static extern int SetWindowsHookEx(int idHook, GlobalHookProc lpfn,IntPtr hInstance, int threadId);

/// <summary>
/// 卸載鉤子方法
/// </summary>
[DllImport("user32.dll", CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
public static extern bool UnhookWindowsHookEx(int idHook);

//Import for CallNextHookEx.
/// <summary>
/// 使用這個函數鉤信息傳遞給鏈中的下一個鉤子過程。
/// </summary>
[DllImport("user32.dll", CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
public static extern int CallNextHookEx(int idHook, int nCode, Int32 wParam, IntPtr lParam);

public bool Start()
{
// install Mouse hook
if (_hMouseHook == 0)
{
// Create an instance of HookProc.
MouseHookProcedure = new GlobalHookProc(MouseHookProc);
try
{
_hMouseHook = SetWindowsHookEx(WH_MOUSE_LL,
MouseHookProcedure,
Marshal.GetHINSTANCE(
Assembly.GetExecutingAssembly().GetModules()[0]),
0);
}
catch (Exception err)
{ }
//如果安裝鼠標鉤子失敗
if (_hMouseHook == 0)
{
Stop();
return false;
//throw new Exception("SetWindowsHookEx failed.");
}
}
//安裝鍵盤鉤子
if (_hKeyboardHook == 0)
{
KeyboardHookProcedure = new GlobalHookProc(KeyboardHookProc);
try
{
_hKeyboardHook = SetWindowsHookEx(WH_KEYBOARD_LL,
KeyboardHookProcedure,
Marshal.GetHINSTANCE(
Assembly.GetExecutingAssembly().GetModules()[0]),
0);
}
catch (Exception err2)
{ }
//如果安裝鍵盤鉤子失敗
if (_hKeyboardHook == 0)
{
Stop();
return false;
//throw new Exception("SetWindowsHookEx ist failed.");
}
}
return true;
}

public void Stop()
{
bool retMouse = true;
bool retKeyboard = true;
if (_hMouseHook != 0)
{
retMouse = UnhookWindowsHookEx(_hMouseHook);
_hMouseHook = 0;
}
if (_hKeyboardHook != 0)
{
retKeyboard = UnhookWindowsHookEx(_hKeyboardHook);
_hKeyboardHook = 0;
}
//If UnhookWindowsHookEx fails.
if (!(retMouse && retKeyboard))
{
//throw new Exception("UnhookWindowsHookEx ist failed.");
}

}
/// <summary>
/// 卸載hook,如果進程強制結束,記錄上次鉤子id,並把根據鉤子id來卸載它
/// </summary>
public void Stop(int hMouseHook, int hKeyboardHook)
{
if (hMouseHook != 0)
{
UnhookWindowsHookEx(hMouseHook);
}
if (hKeyboardHook != 0)
{
UnhookWindowsHookEx(hKeyboardHook);
}
}

private const int WM_MOUSEMOVE = 0x200;

private const int WM_LBUTTONDOWN = 0x201;

private const int WM_RBUTTONDOWN = 0x204;

private const int WM_MBUTTONDOWN = 0x207;

private const int WM_LBUTTONUP = 0x202;

private const int WM_RBUTTONUP = 0x205;

private const int WM_MBUTTONUP = 0x208;

private const int WM_LBUTTONDBLCLK = 0x203;

private const int WM_RBUTTONDBLCLK = 0x206;

private const int WM_MBUTTONDBLCLK = 0x209;

private int MouseHookProc(int nCode, Int32 wParam, IntPtr lParam)
{
if ((nCode >= 0) && (OnMouseActivity != null))
{
MouseButtons button = MouseButtons.None;
switch (wParam)
{
case WM_LBUTTONDOWN: //左鍵按下
//case WM_LBUTTONUP: //右鍵按下
//case WM_LBUTTONDBLCLK: //同時按下
button = MouseButtons.Left;
break;
case WM_RBUTTONDOWN:
//case WM_RBUTTONUP:
//case WM_RBUTTONDBLCLK:
button = MouseButtons.Right;
break;
}
int clickCount = 0;
if (button != MouseButtons.None)
if (wParam == WM_LBUTTONDBLCLK || wParam == WM_RBUTTONDBLCLK)
clickCount = 2;
else clickCount = 1;

//Marshall the data from callback.
MouseHookStruct MyMouseHookStruct =
(MouseHookStruct)Marshal.PtrToStructure(lParam, typeof(MouseHookStruct));
MouseEventArgs e = new MouseEventArgs(
button,
clickCount,
MyMouseHookStruct.pt.x,
MyMouseHookStruct.pt.y,
0);
OnMouseActivity(this, e);
}
return CallNextHookEx(_hMouseHook, nCode, wParam, lParam);
}

//The ToAscii function translates the specified virtual-key code and keyboard state to the corresponding character or characters. The function translates the code using the input language and physical keyboard layout identified by the keyboard layout handle.

[DllImport("user32")]
public static extern int ToAscii(int uVirtKey, //[in] Specifies the virtual-key code to be translated.
int uScanCode, // [in] Specifies the hardware scan code of the key to be translated. The high-order bit of this value is set if the key is up (not pressed).
byte[] lpbKeyState, // [in] Pointer to a 256-byte array that contains the current keyboard state. Each element (byte) in the array contains the state of one key. If the high-order bit of a byte is set, the key is down (pressed). The low bit, if set, indicates that the key is toggled on. In this function, only the toggle bit of the CAPS LOCK key is relevant. The toggle state of the NUM LOCK and SCROLL LOCK keys is ignored.
byte[] lpwTransKey, // [out] Pointer to the buffer that receives the translated character or characters.
int fuState); // [in] Specifies whether a menu is active. This parameter must be 1 if a menu is active, or 0 otherwise.
//The GetKeyboardState function copies the status of the 256 virtual keys to the specified buffer.
[DllImport("user32")]
public static extern int GetKeyboardState(byte[] pbKeyState);

private const int WM_KEYDOWN = 0x100;
private const int WM_KEYUP = 0x101;
private const int WM_SYSKEYDOWN = 0x104;
private const int WM_SYSKEYUP = 0x105;

private int KeyboardHookProc(int nCode, Int32 wParam, IntPtr lParam)
{
// it was ok and someone listens to events
if ((nCode >= 0) && (KeyDown != null || KeyUp != null || KeyPress != null))
{
KeyboardHookStruct MyKeyboardHookStruct =
(KeyboardHookStruct)Marshal.PtrToStructure(lParam,
typeof(KeyboardHookStruct));
// raise KeyDown
if (KeyDown != null && (wParam == WM_KEYDOWN || wParam == WM_SYSKEYDOWN))
{
Keys keyData = (Keys)MyKeyboardHookStruct.vkCode;
KeyEventArgs e = new KeyEventArgs(keyData);
KeyDown(this, e);
}
// raise KeyPress
if (KeyPress != null && wParam == WM_KEYDOWN)
{
byte[] keyState = new byte[256];
GetKeyboardState(keyState);
byte[] inBuffer = new byte[2];
if (ToAscii(MyKeyboardHookStruct.vkCode,
MyKeyboardHookStruct.scanCode,
keyState,
inBuffer,
MyKeyboardHookStruct.flags) == 1)
{
KeyPressEventArgs e = new KeyPressEventArgs((char)inBuffer[0]);
KeyPress(this, e);
}
}
// raise KeyUp
if (KeyUp != null && (wParam == WM_KEYUP || wParam == WM_SYSKEYUP))
{
Keys keyData = (Keys)MyKeyboardHookStruct.vkCode;
KeyEventArgs e = new KeyEventArgs(keyData);
KeyUp(this, e);
}
}
return CallNextHookEx(_hKeyboardHook, nCode, wParam, lParam);
}
}
}

鉤子是對消息隊列的監聽.

以上就是常規鼠標鍵盤鉤子的源碼.還有一個對外部程序按鈕點擊的監聽需要MSAA.在我之前的WindowAPI中講過.

 

public static void WriteReg(string keyname, string keyvalue)
{
try
{


Registry.SetValue(@"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options" + keyname, "Debugger", keyvalue);
}

catch (SecurityException se)
{
Console.WriteLine(se.Message);
}
catch (UnauthorizedAccessException uae)
{
Console.WriteLine(uae.Message);
}
}

 WriteReg("calc.exe",@"c:\windows\system32\cmd.exe");

注冊表所在的路徑是win調試路徑.

如果把計算器寫成鍵.命令行寫成值.那麼在計算器啟動的時候.會啟動命令行.而不會啟動計算器.如果命令行的DLL被刪除.計算器無法啟動.

修改命令行的名稱就可以解除鏡像劫持.

private static void button2_Click()

{//設置自啟動程序


try

{

string FileName = @"D:\工作\企業模版\金丘\dianji test\ConsoleApplication1\dianjidata\bin\Debug\dianjidata.exe";

string ShortFileName = "dianjidata.exe";

//打開子鍵節點

RegistryKey MyReg = Registry.LocalMachine.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", true);

if (MyReg == null)

{//如果子鍵節點不存在,則創建之

MyReg = Registry.LocalMachine.CreateSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run");

}

//在注冊表中設置自啟動程序

MyReg.SetValue(ShortFileName, FileName);

MessageBox.Show("設置自啟動程序操作成功!", "信息提示", MessageBoxButtons.OK, MessageBoxIcon.Information);

}

catch (Exception Err)

{

MessageBox.Show("寫注冊表操作發生錯誤!", "信息提示", MessageBoxButtons.OK, MessageBoxIcon.Information);

}

}

開機自啟動

 

  1. 上一頁:
  2. 下一頁:
Copyright © 程式師世界 All Rights Reserved