0

通过以下代码,我尝试实现一个简单的击键捕捉器。当用户点击一个键时,他会收到通知。Java 代码加载dll运行该DllMain方法的方法,并从该方法开始一个新线程。

Java 代码在静态块中加载一个库。dll具有DllMain执行和打印一些语句的方法。它还从DllMain. 在休眠 2 毫秒的 java 程序中也启动了一个新线程。从输出看来,DllMain,installHook被多次调用。这是为什么 ?问题是什么 ?

虽然在点击键时会通知用户,但为什么多次调用相同的函数?我认为我已经实现了该功能installHook或以一种糟糕的方式实现了线程逻辑。

Java 代码:

package keylogger;

public class TestKeys {
private static int i = 0;
private native void setWinHook();
private native void unregisterWinHook();

public static void main(String args[]) {

    //TestKeys o = new TestKeys();


    System.out.println("After the call to load library !");

    Runnable r = new Runnable() {
        @Override
        public void run() {
            try {
                System.out.println("Sleeping...");
                Thread.sleep(2);
            }catch(Exception exc) {
                exc.printStackTrace();
            }
        }
    };
    new Thread(r,"new thread").start();       
}

static {
    System.loadLibrary("MyHook");
}
}

C代码:

#include <stdio.h>
#include <windows.h>
#include <w32api.h>
#include "keylogger_TestKeys.h"

static HHOOK handleKeyboardHook = NULL;
HINSTANCE hInst = NULL;
static DWORD hookThreadId = 0;
static HANDLE hookThreadHandle = NULL;
BOOL WINAPI installHook(HINSTANCE hinstDLL, DWORD fwdReason, LPVOID lpvReserved);

static LRESULT CALLBACK LowLevelKeyboardProc(int nCode, WPARAM wParam, LPARAM lParam) {
 printf("You pressed the key !\n");
 return CallNextHookEx(handleKeyboardHook, nCode, wParam, lParam);
}

BOOL WINAPI DllMain( HINSTANCE hinstDLL, DWORD fwdReason, LPVOID lpvReserved) {
  LPTHREAD_START_ROUTINE lpStartAddress = &installHook;
  printf("From DllMain : %u\n",fwdReason);
  hookThreadHandle = CreateThread(NULL, 0, lpStartAddress, NULL, 0, &hookThreadId);
  if(hookThreadHandle == NULL) {
    printf("\nhookThreadHandle is NULL\n");
  }
  return TRUE;
}

JNIEXPORT void JNICALL Java_keylogger_TestKeys_unregisterWinHook
 (JNIEnv *env, jobject obj) {
   if(handleKeyboardHook != NULL) {
    UnhookWindowsHookEx(handleKeyboardHook);
    printf("Keyboard hook successfully unregistered !");
   } else {
      printf("Coudn't Unhook the keyboard hook !");
     }
} 

BOOL WINAPI installHook(HINSTANCE hinstDLL, DWORD fwdReason, LPVOID lpvReserved) {
printf("From installHook : %u",fwdReason);
handleKeyboardHook = SetWindowsHookEx(WH_KEYBOARD_LL, LowLevelKeyboardProc, hinstDLL, 0);
MSG msg;

while(GetMessage(&msg, NULL, 0, 0))
{
  TranslateMessage(&msg);
  DispatchMessage(&msg);
}
return msg.wParam;

}

输出 :

From DllMain : 1
From DllMain : 2
From installHook : 66321916From DllMain : 2
After the call to load library !From installHook : 65797624
From DllMain : 2
From installHook : 67304108From DllMain : 2
From installHook : 60423404From DllMain : 2
From installHook : 67893304From DllMain : 2
From installHook : 68484828From DllMain : 2
From installHook : 69204012From DllMain : 2 
From installHook : 61799988From DllMain : 2
From installHook : 62847812From DllMain : 2
From DllMain : 2
Sleeping... 
From installHook : 71695184From DllMain : 2
From installHook : 70907884From DllMain : 2
From installHook : 70581032From DllMain : 2
From installHook : 72219984From DllMain : 2
From installHook : 73071020From DllMain : 2
From installHook : 66649544From DllMain : 2
From installHook : 73399648From DllMain : 3
From DllMain : 2
From DllMain : 3
From installHook : 73858604From DllMain : 2
From DllMain : 3
From installHook : 75955548From DllMain : 3
From DllMain : 2
From installHook : 72548100From DllMain : 2
From installHook : 74643796From DllMain : 2
From installHook : 75560952From DllMain : 3
From DllMain : 2
From installHook : 71236420From DllMain : 2
From installHook : 74316888From DllMain : 2
From installHook : 77265476From DllMain : 0

hookThreadHandle is NULL
4

1 回答 1

1

DllMain文档中:

动态链接库 (DLL) 的可选入口点。当系统启动或终止进程或线程时,它会使用进程的第一个线程为每个加载的 DLL 调用入口点函数。当使用 LoadLibrary 和 FreeLibrary 函数加载或卸载 DLL 时,系统还会调用 DLL 的入口点函数。

由于您在该函数中创建了一个线程,因此您基本上在那里有一个无限循环 - DllMain(在加载时)创建一个线程,DllMain所谓的,启动一个线程,DllMain所谓的......

仔细阅读该文档,如果原因不是DLL_PROCESS_ATTACH1),您可能不应该做任何事情。(我实际上不确定从该程序启动线程是否合法。)

于 2012-05-30T12:15:16.690 回答