Posted on 2010-01-13 00:30
S.l.e!ep.¢% 閱讀(2377)
評(píng)論(0) 編輯 收藏 引用 所屬分類(lèi):
RootKit
鍵盤(pán)鉤子中KBDLLHOOKSTRUCT到MSG的轉(zhuǎn)換,
|
|
?
|
LRESULT CALLBACK KeyboardProc(int nCode,WPARAM wParam,LPARAM lParam)
{????
????assert(hookWnd !=NULL);
????if(nCode ==HC_ACTION)
????{
????????KBDLLHOOKSTRUCT *Key_Info =(KBDLLHOOKSTRUCT*)lParam;
????????DWORD dwvk = Key_Info->vkCode;
????????DWORD dwMsg = 1;
????????dwMsg += Key_Info->scanCode << 16;
????????dwMsg += Key_Info->flags << 24; ????
????????//str存儲(chǔ)的即是鍵盤(pán)的鍵名。
#ifdef _DEBUG
????????char str[20]={0};
????????GetKeyNameText( dwMsg, str, 20);
#endif
????????::PostMessage( hookWnd, WM_USER_DEFINE,(WPARAM)dwvk,(LPARAM)dwMsg);
????????if((166 <= dwvk && dwvk<=169)||(170 <= dwvk && dwvk<= 181))
????????????returntrue;
????}
????return CallNextHookEx(hhkHook, nCode, wParam, lParam);
}
|
改部分代碼在斷點(diǎn)調(diào)試的情況下并不能屏蔽一些系統(tǒng)擴(kuò)展鍵!在運(yùn)行時(shí)可以屏蔽!可能系統(tǒng)的鍵盤(pán)事件是異步的,在一定時(shí)間沒(méi)有TRUE返回的時(shí)候?qū)⒄{(diào)用別的事件函數(shù)(系統(tǒng)事件處理函數(shù))。導(dǎo)致上述情況出現(xiàn) !!!
|
|