监视或禁用 WinAPI 功能
作为概念证明,我在 .NET 中编写了一个快速键盘记录器.它只有 150 行,而且运行完美.
As a proof of concept, I wrote a quick keylogger in .NET. It was only 150 lines and it worked flawlessly.
效果惊人.通过对 WinAPI 函数 GetAsyncKeyState 的一些相对简单的使用,我能够捕获任何和所有击键并将它们保存到数据文件中.
It's frighteningly effective. With some relatively simple use of the WinAPI function GetAsyncKeyState, I was able to capture any and all keystrokes and save them to a data file.
我的问题是,一个程序是否可以检测到另一个程序何时调用GetAsyncKeyState?
此外,是否可以检测到另一个程序何时调用了任何 winAPI 函数?
谢谢!
是的,Microsoft 提供了 Detours 库,可让您挂钩任何 API 调用.不过图书馆挺贵的.凭借足够的技能,您可以实现与 MIcrosoft 相同的功能(许多保护解决方案,如防病毒和应用程序防火墙都可以做到这一点).
Yes, Microsoft offers Detours library which lets you hook any API calls. The library is quite expensive though. With enough skill you can implement the same that MIcrosoft does yourself as well (and many protection solutions like antivirus and application firewalls do this).