成绩 |
目录
一、实验目标
理解木马原理,学会实现方法,特别是挂钩函数的使用
二、实验工具
编程工具VS2022系列等
三、实验内容
1. 编写一个键盘监听木马
消息截获顺序:钩子是按加入到钩子链表的顺序决定消息截获顺序。就是说最后加入到链表的钩子最先得到消息。截获范围:钩子分为线程钩子和全局钩子,线程钩子只能截获本线程的消息,全局钩子可以截获整个系统消息。
除了第五部分的关键代码,也可以参考如下代码:
https://www.cnblogs.com/zhaoyuncai/p/7684958.html
https://download.csdn.net/download/jieyanping2708/10596398
https://download.csdn.net/download/xsam95/3654596
实验结果
钩子就是想钩住一些东西,在程序里可以利用钩子提前处理些Windows消息。本实验内容:有一个Form,Form里添加一个TextBox,用户在TextBox里输入的时候,不管敲键盘的哪个键,TextBox里显示的始终为“钩子已经改写了输入内容!”并给出提示信息“您输入的内容已经被改写,小心病毒哦!”;这时就可以利用钩子监听键盘消息,先往Windows的钩子链表中加入一个自己写的钩子监听键盘消息,只要一按下键盘就会产生一个键盘消息,我们的钩子在这个消息传到TextBox之前先截获它,让TextBox显示“钩子已经改写了输入内容!”并弹出提示信息,之后结束这个消息,这样TextBox得到的总是“钩子已经改写了输入内容!”。
实验代码
- 关键代码
int SetWindowsHookEx(int idHook, HookProc lpfn, IntPtr hInstance, int threadId);
// 卸载钩子函数原型
public static extern bool UnhookWindowsHookEx(int idHook);
// 继续下一个钩子函数原型
public static extern int CallNextHookEx(int idHook, int nCode, Int32 wParam, IntPtr lParam);
// 取得当前线程编号函数原型
static extern int GetCurrentThreadId();
private int KeyboardHookProc(int nCode, Int32 wParam, IntPtr lParam)
{
if (nCode >= 0)
{
textBox1.Text = "钩子已经改写了输入内容!";
MessageBox.Show("您输入的内容已经被改写,小心病毒哦!");
return 1;
}
return CallNextHookEx(hKeyboardHook, nCode, wParam, lParam);
}
public void HookStart()
{
if (hKeyboardHook == 0)
{
// 创建HookProc实例
KeyboardHookProcedure = new HookProc(KeyboardHookProc);
// 设置线程钩子
hKeyboardHook = SetWindowsHookEx(2, KeyboardHookProcedure, IntPtr.Zero, GetCurrentThreadId());
// 如果设置钩子失败
if (hKeyboardHook == 0)
{
HookStop();
throw new Exception("SetWindowsHookEx failed.");
}
}
}
public void HookStop()
{
bool retKeyboard = true;
if (hKeyboardHook != 0)
{
retKeyboard = UnhookWindowsHookEx(hKeyboardHook);
hKeyboardHook = 0;
}
if (!(retKeyboard))
throw new Exception("UnhookWindowsHookEx failed.");
}
完整代码
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;
using static System.Windows.Forms.VisualStyles.VisualStyleElement;
namespace WindowsFormsApp1
{
public partial class Form1 : Form
{
public delegate int HookProc(int nCode, Int32 wParam, IntPtr lParam);
static int hKeyboardHook = 0;
HookProc KeyboardHookProcedure;
// 安装钩子
[DllImport("user32.dll", CharSet = CharSet.Auto, CallingConvention =
CallingConvention.StdCall)]
public static extern int SetWindowsHookEx(int idHook, HookProc lpfn, IntPtr
hInstance, int threadId);
// 卸载钩子
[DllImport("user32.dll", CharSet = CharSet.Auto, CallingConvention =
CallingConvention.StdCall)]
public static extern bool UnhookWindowsHookEx(int idHook);
// 继续下一个钩子
[DllImport("user32.dll", CharSet = CharSet.Auto, CallingConvention =
CallingConvention.StdCall)]
public static extern int CallNextHookEx(int idHook, int nCode, Int32 wParam, IntPtr
lParam);
// 取得当前线程编号
[DllImport("kernel32.dll")]
static extern int GetCurrentThreadId();
public Form1()
{
InitializeComponent();
}
private int KeyboardHookProc(int nCode, Int32 wParam, IntPtr lParam)
{
if (nCode >= 0)
{
textBox1.Text = "钩子已改写了输入内容!";
MessageBox.Show("您的输入内容已被改写,小心病毒!");
return 1;
}
return CallNextHookEx(hKeyboardHook, nCode, wParam, lParam);
}
public void HookStart()
{
if (hKeyboardHook == 0)
{
// 创建 HookProc 实例
KeyboardHookProcedure = new HookProc(KeyboardHookProc);
// 设置线程钩子
hKeyboardHook = SetWindowsHookEx(2, KeyboardHookProcedure,
IntPtr.Zero, GetCurrentThreadId());
// 如果设置钩子失败
if (hKeyboardHook == 0)
{
HookStop();
throw new Exception("SetWindowsHookEx failed.");
}
}
}
// 卸载钩子
public void HookStop()
{
bool retKeyboard = true;
if (hKeyboardHook != 0)
{
retKeyboard = UnhookWindowsHookEx(hKeyboardHook);
hKeyboardHook = 0;
}
if (!(retKeyboard)) throw new Exception("UnhookWindowsHookEx failed.");
}
private void Form1_Load(object sender, EventArgs e)
{
}
private void backgroundWorker1_DoWork(object sender, DoWorkEventArgs e)
{
}
private void textBox1_TextChanged_1(object sender, EventArgs e)
{
HookStart();
}
}
}
实验心得
本次软件安全实验中,我了解了键盘键盘监听木马的原理,对钩子函数有了
一定的认识,并能将钩子函数与 C#相结合使用,在指导书的帮助下,成功编写
代码并实现相应功能,顺利完成实验。
标签:hKeyboardHook,int,钩子,public,键盘,木马,监听 From: https://www.cnblogs.com/maqun/p/18517083