Hooking Keyboard messages from Internet Explorer

Environment: VC6, Windows 2000

The following code demonstrates an example on hooks. A friend of mine asked me to write a program that logs keyboard messages from a given application. Here is how it works:

After executing the program it installs the hook functions to monitor keyboard messages from IE then writes the chars to a file. The program has no window, so it can be stopped only through Task Manager (or by CTR-ALT-DEL in Win95/98). It is simple to modify the code to monitor all/another running application’s keyboard messages. A hook function must be a CALLBACK function and must be placed in a dll. So you have to create a dll and an exe that calls it.

The dll

If you want to create a Win32 dll (there is MFC dll but its size is big) run Visual C++ and from the FILE MENU click NEW – make sure the projects tab is selected – fill out the edit-boxes then click on “Win32 Dynamic-Link Library”, click OK, then choose “An Empty Dll project”. Now you have to add two files (.h, .c). To do this choose FILE/NEW – make sure the files tab is selected – click on “C/C++ Header file” fill out the edit-boxes and click OK. Now repeat the process but choose “C++ Source File” and you are ready for writing the code. From the workspace window choose FileView and by clicking on the “+” signs move in the tree until the .h file is not visible (it’s in “Header Files”). Double click on it, so it will be active. Now you can write your code and do this for the .c file, and include the header file in the .c file than Build the dll. The __declspec(dllexport) means that the associated functions are exported (they can be called from an exe though are in the dll). Now take a look at the .c file in the dllsource code. There are three important functions:

  • SetKbHook

  • CBTProc

  • KeyboardProc

In SetKbHook you install the hooks (KeyboardProc and CBTProc are the hook functions) through the SetWindowsHookEx function (VC++ help). The KeyboardProc hook function monitors keyboard messages and writes them to a file. The wParam parameter contains the virtual-key codes. The CBTProc function monitors active windows, and from it’s handle it gets the “class name” of the window through the GetClassName function (VC++ help).

The exe

Now you will create a Win32 Application. Select FILE MENU/CLOSE WORKSPACE and close all windows. FILE MENU/NEW then click on “Win32 Application” (make sure Projects tab is selected), fill out the edit-boxes then click OK. Choose An empty project then click OK. Copy the dll’s .h file to this project’s folder, then PROJECT MENU/Add to Project/Files add the copied .h file to the exe project (it will appear in the workspace window under “Header Files”). FILE MENU/NEW add a “C++ Source File” to the project. Include the dll’s .h file, so the exe will now know about the dll’s exported functions. Use LoadLibrary to load the dll, and call SetKbHook function through GetProcAddress (VC++ help). This is explicit linking.

If you want to link the dll implicit you don’t have to use LoadLibrary you can directly call the SetKbHook function. You can achive this if you copy and add the .lib file of the dll to the exe project (The compiler builds the .lib file during Build). It’s important that you set BUILD MENU/SET ACTIVE CONFIGURATION to Release both in the exe and dll project. The program will not monitor a window if it became active before it’s been executed.

You can easily add a window to the program if you define the window-handler CALLBACK function and fill the WNDCLASS and CREATEWINDOW structures and call RegisterClassEx, ShowWindow and UpdateWindow functions in the exe project’s .c code.


Download exe and dll source – 20 Kb

More by Author

Must Read