📄 kbdspy.bat
字号:
;@echo off
;goto make
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
;
; Client of KbdSpy.sys driver
;
; Written by Four-F (four-f@mail.ru)
;
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
.386
.model flat, stdcall
option casemap:none
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; I N C L U D E F I L E S
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
include \masm32\include\windows.inc
include \masm32\include\kernel32.inc
include \masm32\include\user32.inc
include \masm32\include\comctl32.inc
include \masm32\include\advapi32.inc
includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\user32.lib
includelib \masm32\lib\comctl32.lib
includelib \masm32\lib\advapi32.lib
include \masm32\include\winioctl.inc
include cocomac\cocomac.mac
include cocomac\ListView.mac
include \masm32\Macros\Strings.mac
include ..\common.inc
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; S T R U C T U R E S
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; Because of improper definition in windows.inc
_LARGE_INTEGER UNION
struct
LowPart DWORD ?
HighPart SDWORD ?
ends
struct u
LowPart DWORD ?
HighPart SDWORD ?
ends
QuadPart QWORD ? ; signed
_LARGE_INTEGER ENDS
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; E Q U A T E S
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
IDD_MAIN equ 1000
IDC_LISTVIEW equ 1001
IDI_ICON equ 1002
IDM_ABOUT equ 2000
IDM_STAY_ON_TOP equ 2001
IDM_CLEAR equ 2002
MAX_ITEMS equ 1000
; ntddkbd.inc defines the keyboard input data Flags.
KEY_MAKE equ 0
KEY_BREAK equ 1
KEY_E0 equ 2
KEY_E1 equ 4
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; U N I N I T I A L I Z E D D A T A
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
.data?
g_hDevice HANDLE ?
g_hEvent HANDLE ?
g_hInstance HINSTANCE ?
g_hwndDlg HWND ?
g_hwndListView HWND ?
g_fExitNow BOOL ?
g_fAlwaysOnTop BOOL ?
g_dwDlgWidth DWORD ?
g_hPopupMenu HMENU ?
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; C O D E
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
.code
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; malloc
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
malloc proc dwBytes:DWORD
option PROLOGUE:NONE
option EPILOGUE:NONE
invoke GetProcessHeap
invoke HeapAlloc, eax, HEAP_ZERO_MEMORY, [esp+4]
ret 4
option PROLOGUE:PROLOGUEDEF
option EPILOGUE:EPILOGUEDEF
malloc endp
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; free
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
free proc lpMem:PVOID
option PROLOGUE:NONE
option EPILOGUE:NONE
invoke GetProcessHeap
invoke HeapFree, eax, 0, [esp+4]
ret 4
option PROLOGUE:PROLOGUEDEF
option EPILOGUE:EPILOGUEDEF
free endp
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; UnregisterDriver
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
UnregisterDriver proc
local hSCManager:HANDLE
invoke OpenSCManager, NULL, NULL, SC_MANAGER_ALL_ACCESS
.if eax != NULL
mov hSCManager, eax
; Unregister driver - remove registry directory
invoke OpenService, hSCManager, $CTA0("KbdSpy"), DELETE
.if eax != NULL
push eax
invoke DeleteService, eax
call CloseServiceHandle
.endif
invoke CloseServiceHandle, hSCManager
.endif
ret
UnregisterDriver endp
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
;
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
RegisterAndStartDriver proc
local hSCManager:HANDLE
local hService:HANDLE
local hDevice:HANDLE
local acModulePath[MAX_PATH]:CHAR
mov hDevice, INVALID_HANDLE_VALUE
invoke OpenSCManager, NULL, NULL, SC_MANAGER_ALL_ACCESS
.if eax != NULL
mov hSCManager, eax
push eax
invoke GetFullPathName, $CTA0("KbdSpy.sys"), sizeof acModulePath, addr acModulePath, esp
pop eax
invoke CreateService, hSCManager, $CTA0("KbdSpy"), $CTA0("Keyboard Spy"), \
SERVICE_START, SERVICE_KERNEL_DRIVER, SERVICE_DEMAND_START, \
SERVICE_ERROR_IGNORE, addr acModulePath, NULL, NULL, NULL, NULL, NULL
.if eax != NULL
mov hService, eax
invoke StartService, hService, 0, NULL
.if eax != 0
invoke CreateFile, $CTA0("\\\\.\\KbdSpy"), GENERIC_READ + GENERIC_WRITE, \
0, NULL, OPEN_EXISTING, 0, NULL
.if eax != INVALID_HANDLE_VALUE
mov hDevice, eax
.endif
.endif
invoke CloseServiceHandle, hService
.endif
invoke CloseServiceHandle, hSCManager
.endif
invoke GetLastError
mov eax, hDevice
ret
RegisterAndStartDriver endp
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
;
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
StopDriver proc
local hSCManager:HANDLE
local hService:HANDLE
local _ss:SERVICE_STATUS
local fOK:BOOL
and fOK, FALSE
invoke OpenSCManager, NULL, NULL, SC_MANAGER_ALL_ACCESS
.if eax != NULL
mov hSCManager, eax
invoke OpenService, hSCManager, $CTA0("KbdSpy"), SERVICE_STOP + DELETE
.if eax != NULL
mov hService, eax
invoke ControlService, hService, SERVICE_CONTROL_STOP, addr _ss
.if eax != 0
invoke GetLastError
.if eax == ERROR_SUCCESS || eax == ERROR_IO_PENDING
mov fOK, TRUE
.endif
.endif
invoke DeleteService, hService
invoke CloseServiceHandle, hService
.endif
invoke CloseServiceHandle, hSCManager
.endif
mov eax, fOK
ret
StopDriver endp
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; MyUnhandledExceptionFilter
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
MyUnhandledExceptionFilter proc lpExceptionInfo:PTR EXCEPTION_POINTERS
; Just cleanup every possible thing
local dwBytesReturned:DWORD
local _ss:SERVICE_STATUS
; If something went wrong let the driver know it should undo the things.
invoke DeviceIoControl, g_hDevice, IOCTL_KEYBOARD_DETACH, NULL, 0, NULL, 0, \
addr dwBytesReturned, NULL
mov g_fExitNow, TRUE ; Loop thread should exit now.
invoke SetEvent, g_hEvent
invoke CloseHandle, g_hEvent
invoke CloseHandle, g_hDevice
invoke StopDriver
mov eax, EXCEPTION_EXECUTE_HANDLER
ret
MyUnhandledExceptionFilter endp
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; ListViewInsertColumn
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
ListViewInsertColumn proc
local lvc:LV_COLUMN
mov lvc.imask, LVCF_TEXT + LVCF_WIDTH
mov lvc.pszText, $CTA0("Key")
mov lvc.lx, 76
invoke SendMessage, g_hwndListView, LVM_INSERTCOLUMN, 0, addr lvc
mov lvc.pszText, $CTA0("Code")
mov lvc.lx, 40
invoke SendMessage, g_hwndListView, LVM_INSERTCOLUMN, 1, addr lvc
mov lvc.pszText, $CTA0("Type")
mov lvc.lx, 50
invoke SendMessage, g_hwndListView, LVM_INSERTCOLUMN, 2, addr lvc
or lvc.imask, LVCF_FMT
mov lvc.fmt, LVCFMT_CENTER
mov lvc.pszText, $CTA0("E0")
mov lvc.lx, 30
invoke SendMessage, g_hwndListView, LVM_INSERTCOLUMN, 3, addr lvc
mov lvc.pszText, $CTA0("E1")
invoke SendMessage, g_hwndListView, LVM_INSERTCOLUMN, 4, addr lvc
ret
ListViewInsertColumn endp
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; FillKeyInfo
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
FillKeyInfo proc uses esi ebx paKeyData:PTR KEY_DATA, cb:UINT
local lvi:LV_ITEM
local buffer[32]:CHAR
ListView_GetItemCount g_hwndListView
.if eax > MAX_ITEMS
mov ebx, eax
sub ebx, MAX_ITEMS
invoke SendMessage, g_hwndListView, WM_SETREDRAW , FALSE, 0
.while ebx
; Delete oldest item
ListView_DeleteItem g_hwndListView, 0
dec ebx
.endw
invoke SendMessage, g_hwndListView, WM_SETREDRAW , TRUE, 0
.endif
mov esi, paKeyData
assume esi:ptr KEY_DATA
mov eax, cb
mov ecx, sizeof KEY_DATA
xor edx, edx
div ecx
mov ebx, eax
mov lvi.imask, LVIF_TEXT
ListView_GetItemCount g_hwndListView
mov lvi.iItem, eax
.while ebx
mov edx, [esi].dwScanCode
shl edx, 16
mov eax, [esi].Flags
and eax, KEY_E0
.if eax != 0
or edx, 1 SHL 24
.endif
invoke GetKeyNameText, edx, addr buffer, sizeof buffer
; KeyName
and lvi.iSubItem, 0
lea ecx, buffer
mov lvi.pszText, ecx
ListView_InsertItem g_hwndListView, addr lvi
; Scan Code
inc lvi.iSubItem
invoke wsprintf, addr buffer, $CTA0("%04X"), [esi].dwScanCode
ListView_SetItem g_hwndListView, addr lvi
; Type
inc lvi.iSubItem
mov eax, [esi].Flags
and eax, (KEY_MAKE + KEY_BREAK) ; I know it's the same as anding with KEY_BREAK
.if eax == KEY_MAKE
mov lvi.pszText, $CTA0("make")
.else
mov lvi.pszText, $CTA0("break")
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -