Learn how keystrokes work in Windows

Asked 2 years ago, Updated 2 years ago, 119 views

Developing Windows applications in C++.

To get the key event, first get WM_KEYDOWN.
Global Hook if you want to know sooner.
Develop KeyboardFilterDriver if you want to know more quickly...

This is how I've been digging into Windows keystrokes, but I can't figure out how the software handles keystrokes from the hardware.
Could you tell me more about the sequence of keystrokes from hard to kernel, driver, user land, user applications...

The goal is to get keystrokes quickly on the user land side (not the system).
Driver development may allow you to obtain keystrokes as part of the system, but there are only a limited number of applications available (you must be an administrator).
So I want to understand how keystrokes work so that I can get them.

Thank you for your cooperation.

c++ windows-10

2022-09-29 21:53

1 Answers

Comments to answer

Fig.9 in the following article illustrates a series of trends.
However, since this is a 2011 article, there may be some changes in Windows 10.
Keyloggers:Implementing keyloggers in Windows.Part Two

Fig 9: Overview of how Windows processes keyboard input
Fig 9: Overview of how Windows processes keyboard input

In the figure, the red circles 1.1, 1.2, and 1.4 are shown below.

  • 1.1.Setting hooks for keyboard messages
  • 1.2.Using cyclic query of the keyboard
  • 1.4.Using the raw input model

UserMode reads the GetAsyncnKeyState/GetKeyState in 1.2. However, since this call cannot work with the up/down key, it is more likely that the system will be overloaded by missing data or calling frequently.

A relatively stable and fast one would be RawInput in 1.4.The WM_INPUT used for this is not notified by default, so you must create an explicit mechanism to receive it.
Raw Input/About Raw Input
Registration for Raw Input

By default, applications do not receive raw input.Applications must register the device to receive raw input from the device.

Here's a demo and commentary on how multiple keyboards are connected to ignore input from a particular keyboard.It will be helpful for software development.
Combining Raw Input and Keyboard Hook to selectively block input from multiple keyboards

This demo uses both Raw Input and Keyboard Hook, but does not use LowLevel Keyboard Hook because of the following caveats:

As for hooks, things get a little tricky.When I first tried API combinations, I tried to use the global Low Level Keyboard Hook (WH_KEYBOARD_LL).The problem is that if you use a low-level keyboard hook to block any input (if you stop the message from progressing), Windows will not generate a Raw Input event.In other words, applications cannot obtain the appropriate Raw Input message (WM_INPUT).Therefore, you cannot use the Low Level Keyboard Hook, but you must use the standard Keyboard Hook (WH_KEYBOARD).This is a little difficult to configure.If you want to use this hook globally, or for running applications, the procedure must be in a different DLL module.

However, when combined as described above, it is stated that messages are not notified or that various strange symptoms occur.Please be careful.
Hook message is missing
Raw Input message is missing
Yet more odities

2022-09-29 21:53

If you have any answers or tips

Popular Tags
python x 4647
android x 1593
java x 1494
javascript x 1427
c x 927
c++ x 878
ruby-on-rails x 696
php x 692
python3 x 685
html x 656
Popular Questions

546 Understanding How to Configure Google API Key

555 Scrap text information after the "View More" button when searching in the Yahoo! News search window

547 PHP ssh2_scp_send fails to send files as intended

547 Who developed the "avformat-59.dll" that comes with FFmpeg?

977 In Java servlet, when SHA-256 sends WW-Authenticate header for digest authentication, the client does not return the result.

© 2024 OneMinuteCode. All rights reserved.