More code
Download KeyTrap.zip
Driver: KeyTrap
Written by Jon Daley for Carnegie-Mellon University, 05/27/1998
Modified from Ctrl2Cap NTDDK sample
Built and tested on WinNT 4.00.1381
Ctrl2Cap info:
Copyright © 1997 Mark Russinovich
Used by permission
Last Updated July 9, 1997
http:www.sysinternals.com/ctrl2cap.zip
KeyTrap info:
Purpose:
1. Monitor all keystrokes, (I have first access before
NT sees them)
2. If I am on*, I will disable the specified keys in
KeyTrapReadComplete.
3. If I am off**, I will pass the keys through to NT.
4. Each key status is outputted to the standard debugging
mechanism***
Required registry entries:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\KeyTrap]
"ErrorControl"=dword:00000001
"Type"=dword:00000001
"Start"=dword:00000001
"Group"="Keyboard Class"
"DisplayName"="KeyTrap"
Unloading of this driver is disabled, because you must use a
two-step process to unload, first, do not hook next IRP on current
keystroke, wait for next keystroke, and then shut down the driver.
This proved to be more work than was possible and is left as an
exercise to the reader.
* This driver is intended to be loaded the entire NT session, you can
start it via "net start keytrap" or the devices menu in the
control panel.
Keytrapping is enabled (after the driver is loaded)
by one of two ways:
1. Press F12 three times in a row
2. Call CreateFile("\\\\.\\KeyTrap",GENERIC_READ |
GENERIC_WRITE,0,NULL,OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,NULL)
from within a Win32 program.
** This driver can be turned off, (ie. no disabled keys) by one of
three ways:
1. Press F12 three times in a row
2. Call CloseHandle(handle) from within the Win32 program
that called CreateFile()
3. Close the Win32 program that called CreateFile()
*** http://www.sysinternals.com has a neat debugging tool called DebugView.