-3

I'm trying to write in c program which analyzes statistically the using of some keyboard keys. First I want to create a keylogger using global hook and log it to file.

Here is the first part of the code i wrote:

#include <stdio.h>
#include <Windows.h>

HHOOK hook;

LRESULT CALLBACK hook_proc(int nCode, WPARAM wParam, LPARAM lParam)
{
    if (wParam == WM_KEYDOWN)
    {
        KBDLLHOOKSTRUCT kbdstruct = *((KBDLLHOOKSTRUCT*)lParam);
        char ch = kbdstruct.vkCode;
        printf("%c", ch);

    }

    return CallNextHookEx(hook, nCode, wParam, lParam);
}


void main()
{
    MSG msg;
    hook = SetWindowsHookEx(WH_KEYBOARD_LL, HOOKPROC(hook_proc), NULL, 0);
    while (GetMessage(&msg, NULL, 0, 0))
    {

    }
}
  1. Why do I have to create Infinite loop? it doesnt work without it.
  2. I read that for global hook the second parameter in SetWindowHookEx should point to the hook procedure in EXTERNAL DLL. It works fine that why only printing the virtual code. How do I convert it to "regular keys" without switch case for every virtual key? Is there a effective way?
  3. If an external dll is required how should it be written and called from the main based on the code I wrote?
alk
  • 69,737
  • 10
  • 105
  • 255
TryingToCode
  • 1
  • 1
    There is no keyboard in C. – alk Jul 04 '15 at 14:06
  • 1
    This question seems to be three questions. Therefore I consider it to be "*too broad*". – alk Jul 04 '15 at 14:08
  • 1: the operating system has to break into your program to make the hook_proc() call. It only does that when your main thread can be safely interrupted to make the call. GetMessage() is the universal solution to the [producer-consumer problem](https://en.wikipedia.org/wiki/Producer%E2%80%93consumer_problem). 2: WH_KEYBOARD_LL is special, it doesn't require a DLL. – Hans Passant Jul 04 '15 at 14:13
  • I also stuck with 2-nd problem before (while writing my own spy program), and the most elegant solution that I found so far is... Implement your own keyboard driver and somehow programmically put it into your client's system (or victim's system :D). If you understand russian then I can give you some link to a tutorial in russian language. – Chan Kha Vu Jul 04 '15 at 15:24
  • 2
    What's infinite about `while()`? – IInspectable Jul 04 '15 at 15:30

1 Answers1

1
  1. You need a message loop to process the keyboard activity. This is clearly stated in the documentation:

This hook is called in the context of the thread that installed it. The call is made by sending a message to the thread that installed the hook. Therefore, the thread that installed the hook must have a message loop.

  1. Most global hooks run in the context of each running process, so the hook must be in a DLL so it can be injected into other processes. But not WH_KEYBOARD_LL (see above). As for the keys themselves, KBDLLHOOKSTRUCT provides only virtual keys and scan codes. To convert them into characters, use MapVirtualKey(), MapVirtualKeyEx(), ToUnicode(), or ToUnicodeEx().

  2. A DLL is not required for WH_KEYBOARD_LL. See above.

Remy Lebeau
  • 555,201
  • 31
  • 458
  • 770