|
|
使用pyhook模块可以很快地完成键盘及鼠标事件捕获,此模块可从http://sourceforge.net/projects/pyhook/files/pyhook/1.5.1/下载,API手册:http://pyhook.sourceforge.net/doc_1.5.0/,网站上提供了个使用的例子,改写了下,将信息记录到文件中,本来想使用python的logging模块,但测试时发现,因为鼠标事件频率太高,导致写时报I/O错误的异常,所以使用了自己写文件记录日志的方式。
代码:
#!/usr/bin/env python# -*- coding: utf-8 -*-import pythoncomimport pyHookimport timedef onMouseEvent(event):"处理鼠标事件"fobj.writelines('-' * 20 + 'MouseEvent Begin' + '-' * 20 + '\n')fobj.writelines("Current Time:%s\n" % time.strftime("%a, %d %b %Y %H:%M:%S", time.gmtime()))fobj.writelines("MessageName:%s\n" % str(event.MessageName))fobj.writelines("Message:%d\n" % event.Message)fobj.writelines("Time_sec:%d\n" % event.Time)fobj.writelines("Window:%s\n" % str(event.Window))fobj.writelines("WindowName:%s\n" % str(event.WindowName))fobj.writelines("Position:%s\n" % str(event.Position))fobj.writelines('-' * 20 + 'MouseEvent End' + '-' * 20 + '\n')return Truedef onKeyboardEvent(event): "处理键盘事件" fobj.writelines('-' * 20 + 'Keyboard Begin' + '-' * 20 + '\n')fobj.writelines("Current Time:%s\n" % time.strftime("%a, %d %b %Y %H:%M:%S", time.gmtime()))fobj.writelines("MessageName:%s\n" % str(event.MessageName))fobj.writelines("Message:%d\n" % event.Message)fobj.writelines("Time:%d\n" % event.Time)fobj.writelines("Window:%s\n" % str(event.Window))fobj.writelines("WindowName:%s\n" % str(event.WindowName))fobj.writelines("Ascii_code: %d\n" % event.Ascii)fobj.writelines("Ascii_char:%s\n" % chr(event.Ascii))fobj.writelines("Key:%s\n" % str(event.Key))fobj.writelines('-' * 20 + 'Keyboard End' + '-' * 20 + '\n')return Trueif __name__ == "__main__": '''Function:操作SQLITE3数据库函数Input:NONEOutput: NONEauthor: socratesblog:http://blog.csdn.net/dyx1024date:2012-03-1''' #打开日志文件file_name = "D:\\hook_log.txt"fobj = open(file_name, 'w') #创建hook句柄hm = pyHook.HookManager()#监控键盘hm.KeyDown = onKeyboardEventhm.HookKeyboard()#监控鼠标hm.MouseAll = onMouseEventhm.HookMouse()#循环获取消息pythoncom.PumpMessages()#关闭日志文件fobj.close()
测试:--------------------Keyboard Begin--------------------Current Time:Thu, 01 Mar 2012 15:07:01MessageName:key downMessage:256Time:6376015Window:66926WindowName:淘宝网 - 淘我喜欢! - Windows Internet ExplorerAscii_code: 103Ascii_char:gKey:G--------------------Keyboard End----------------------------------------MouseEvent Begin--------------------Current Time:Thu, 01 Mar 2012 15:07:01MessageName:mouse moveMessage:512Time_sec:6376078Window:132584WindowName:NonePosition:(724, 344)--------------------MouseEvent End----------------------------------------MouseEvent Begin--------------------Current Time:Thu, 01 Mar 2012 15:07:01MessageName:mouse moveMessage:512Time_sec:6376109Window:132584WindowName:NonePosition:(724, 344)--------------------MouseEvent End----------------------------------------Keyboard Begin--------------------Current Time:Thu, 01 Mar 2012 15:07:01MessageName:key downMessage:256Time:6376625Window:66926WindowName:淘宝网 - 淘我喜欢! - Windows Internet ExplorerAscii_code: 111Ascii_char:oKey:O--------------------Keyboard End----------------------------------------Keyboard Begin--------------------Current Time:Thu, 01 Mar 2012 15:07:02MessageName:key downMessage:256Time:6376781Window:66926WindowName:淘宝网 - 淘我喜欢! - Windows Internet ExplorerAscii_code: 111Ascii_char:oKey:O--------------------Keyboard End----------------------------------------Keyboard Begin--------------------Current Time:Thu, 01 Mar 2012 15:07:02MessageName:key downMessage:256Time:6377000Window:66926WindowName:淘宝网 - 淘我喜欢! - Windows Internet ExplorerAscii_code: 103Ascii_char:gKey:G--------------------Keyboard End----------------------------------------Keyboard Begin--------------------Current Time:Thu, 01 Mar 2012 15:07:02MessageName:key downMessage:256Time:6377140Window:66926WindowName:淘宝网 - 淘我喜欢! - Windows Internet ExplorerAscii_code: 108Ascii_char:lKey:L--------------------Keyboard End----------------------------------------Keyboard Begin--------------------Current Time:Thu, 01 Mar 2012 15:07:02MessageName:key downMessage:256Time:6377187Window:66926WindowName:淘宝网 - 淘我喜欢! - Windows Internet ExplorerAscii_code: 101Ascii_char:eKey:E--------------------Keyboard End----------------------------------------MouseEvent Begin--------------------Current Time:Thu, 01 Mar 2012 15:07:07MessageName:mouse moveMessage:512Time_sec:6382093Window:132584WindowName:NonePosition:(725, 344)--------------------MouseEvent End--------------------
由上面的记录可以看出,当时我通过IE上淘宝,并且输入了google这个单词,有可能这是商品名,用户名,或者密码,呵呵。
查看Ascii_char字段即可看出输入的字母。如果没有解析出来,可通过Ascii_code字段的值到ASCII表中查找即可。
附:
ASCII(American Standard Code for Information Interchange,美国信息互换标准代码,ASCⅡ)是基于拉丁字母的一套电脑编码系统。它主要用于显示现代英语和其他西欧语言。它是现今最通用的单字节编码系统,并等同于国际标准ISO/IEC 646。
ASCII第一次以规范标准的型态发表是在1967年,最后一次更新则是在1986年,至今为止共定义了128个字符,其中33个字符无法显示(这是以现今操作系统为依归,但在DOS模式下可显示出一些诸如笑脸、扑克牌花式等8-bit符号),且这33个字符多数都已是陈废的控制字符,控制字符的用途主要是用来操控已经处理过的文字,在33个字符之外的是95个可显示的字符,包含用键盘敲下空白键所产生的空白字符也算1个可显示字符(显示为空白)。
ASCII控制字符
二进制十进制十六进制缩写可以显示的表示法名称/意义00000000000NUL␀空字符(Null)00000001101SOH␁标题开始00000010202STX␂本文开始00000011303ETX␃本文结束00000100404EOT␄传输结束00000101505ENQ␅请求00000110606ACK␆确认回应00000111707BEL␇响铃00001000808BS␈退格00001001909HT␉水平定位符号00001010100ALF␊换行键00001011110BVT␋垂直定位符号00001100120CFF␌换页键00001101130DCR␍归位键00001110140ESO␎取消变换(Shift out)00001111150FSI␏启用变换(Shift in)000100001610DLE␐跳出数据通讯000100011711DC1␑设备控制一(XON 启用软件速度控制)000100101812DC2␒设备控制二000100111913DC3␓设备控制三(XOFF 停用软件速度控制)000101002014DC4␔设备控制四000101012115NAK␕确认失败回应000101102216SYN␖同步用暂停000101112317ETB␗区块传输结束000110002418CAN␘取消000110012519EM␙连接介质中断00011010261ASUB␚替换00011011271BESC␛跳出00011100281CFS␜文件分割符00011101291DGS␝组群分隔符00011110301ERS␞记录分隔符00011111311FUS␟单元分隔符011111111277FDEL␡删除ASCII可显示字符
| 二进制十进制十六进制图形 | | 00100000 | 32 | 20 | (空格)(␠) | | 00100001 | 33 | 21 | ! | | 00100010 | 34 | 22 | " | | 00100011 | 35 | 23 | # | | 00100100 | 36 | 24 | $ | | 00100101 | 37 | 25 | % | | 00100110 | 38 | 26 | & | | 00100111 | 39 | 27 | ' | | 00101000 | 40 | 28 | ( | | 00101001 | 41 | 29 | ) | | 00101010 | 42 | 2A | * | | 00101011 | 43 | 2B | + | | 00101100 | 44 | 2C | , | | 00101101 | 45 | 2D | - | | 00101110 | 46 | 2E | . | | 00101111 | 47 | 2F | / | | 00110000 | 48 | 30 | 0 | | 00110001 | 49 | 31 | 1 | | 00110010 | 50 | 32 | 2 | | 00110011 | 51 | 33 | 3 | | 00110100 | 52 | 34 | 4 | | 00110101 | 53 | 35 | 5 | | 00110110 | 54 | 36 | 6 | | 00110111 | 55 | 37 | 7 | | 00111000 | 56 | 38 | 8 | | 00111001 | 57 | 39 | 9 | | 00111010 | 58 | 3A | : | | 00111011 | 59 | 3B | ; | | 00111100 | 60 | 3C | < | | 00111101 | 61 | 3D | = | | 00111110 | 62 | 3E | > | | 00111111 | 63 | 3F | ? |
二进制十进制十六进制图形010000006440@010000016541A010000106642B010000116743C010001006844D010001016945E010001107046F010001117147G010010007248H010010017349I01001010744AJ01001011754BK01001100764CL01001101774DM01001110784EN01001111794FO010100008050P010100018151Q010100108252R010100118353S010101008454T010101018555U010101108656V010101118757W010110008858X010110018959Y01011010905AZ01011011915B[01011100925C\01011101935D]01011110945E^01011111955F_二进制十进制十六进制图形011000009660`011000019761a011000109862b011000119963c0110010010064d0110010110165e0110011010266f0110011110367g0110100010468h0110100110569i011010101066Aj011010111076Bk011011001086Cl011011011096Dm011011101106En011011111116Fo0111000011270p0111000111371q0111001011472r0111001111573s0111010011674t0111010111775u0111011011876v0111011111977w0111100012078x0111100112179y011110101227Az011110111237B{011111001247C|011111011257D}011111101267E~ |
|
QQ群⑧:
窥视卡
雷达卡
发表于 2017-5-8 10:57:14
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡