I want to create a keyboard and mouse hook which will be started as a windows service. I want to monitor the activity of the various users who use the system throughout the day. i.e. which users are active at what times.
我想创建一个键盘和鼠标钩子,它将作为Windows服务启动。我想监视全天使用该系统的各种用户的活动。即哪些用户在什么时间活跃。
Is is possible to determine which user will be receiving the events? (The service will be running as a separate user so getCurrentUser is not appropriate)
是否可以确定哪个用户将收到事件? (该服务将作为单独的用户运行,因此getCurrentUser不合适)
4 个解决方案
#1
1
No, Environment.UserName does not work - the hook procedure is not called under the context of the input receiver.
不,Environment.UserName不起作用 - 在输入接收器的上下文中不调用钩子过程。
Indeed, I think this is not possible - the _LL hooks, which you are no doubt using if using .NET, are low-level hooks. It seems to me that they are executed well before Windows even determines which desktop/application will receive the event. I may be wrong, though - I have never used the _LL hooks myself.
实际上,我认为这是不可能的 - 如果使用.NET,你无疑会使用的_LL钩子是低级别的钩子。在我看来,在Windows确定哪个桌面/应用程序将收到该事件之前,它们的执行情况良好。我可能错了 - 我自己从未使用过_LL钩子。
#2
0
@TcKs - Um, what about Fast User Switching?
@TcKs - 嗯,快速用户切换怎么样?
#3
0
Another way:
The WTSGetActiveConsoleSessionId function allows you get a ID of active session. Concrete:
WTSGetActiveConsoleSessionId函数允许您获取活动会话的ID。具体:
The WTSGetActiveConsoleSessionId function retrieves the Terminal Services session that is currently attached to the physical console. The physical console is the monitor, keyboard, and mouse. Note that it is not necessary that Terminal Services be running for this function to succeed.
WTSGetActiveConsoleSessionId函数检索当前附加到物理控制台的终端服务会话。物理控制台是显示器,键盘和鼠标。请注意,没有必要运行终端服务才能使此功能成功。
Then you can use a WTSQueryUserToken to geting user's token, then you should be able to get a information about user with the token.
然后,您可以使用WTSQueryUserToken来设置用户的令牌,然后您应该能够使用令牌获取有关用户的信息。
This functions are from Terminal Services, but documentation says:
这些功能来自终端服务,但文档说:
Note that it is not necessary that Terminal Services be running for this function to succeed.
请注意,没有必要运行终端服务才能使此功能成功。
So I think, this can be way.
所以我认为,这可能是方式。
#4
-2
I don't know about these hooks - do they receive events from Remote Desktop keyboards? If they only get the local keyboard, then I think you need to find the owner of WinSta0.
我不知道这些钩子 - 他们是否从远程桌面键盘接收事件?如果他们只获得本地键盘,那么我认为你需要找到WinSta0的所有者。
#1
1
No, Environment.UserName does not work - the hook procedure is not called under the context of the input receiver.
不,Environment.UserName不起作用 - 在输入接收器的上下文中不调用钩子过程。
Indeed, I think this is not possible - the _LL hooks, which you are no doubt using if using .NET, are low-level hooks. It seems to me that they are executed well before Windows even determines which desktop/application will receive the event. I may be wrong, though - I have never used the _LL hooks myself.
实际上,我认为这是不可能的 - 如果使用.NET,你无疑会使用的_LL钩子是低级别的钩子。在我看来,在Windows确定哪个桌面/应用程序将收到该事件之前,它们的执行情况良好。我可能错了 - 我自己从未使用过_LL钩子。
#2
0
@TcKs - Um, what about Fast User Switching?
@TcKs - 嗯,快速用户切换怎么样?
#3
0
Another way:
The WTSGetActiveConsoleSessionId function allows you get a ID of active session. Concrete:
WTSGetActiveConsoleSessionId函数允许您获取活动会话的ID。具体:
The WTSGetActiveConsoleSessionId function retrieves the Terminal Services session that is currently attached to the physical console. The physical console is the monitor, keyboard, and mouse. Note that it is not necessary that Terminal Services be running for this function to succeed.
WTSGetActiveConsoleSessionId函数检索当前附加到物理控制台的终端服务会话。物理控制台是显示器,键盘和鼠标。请注意,没有必要运行终端服务才能使此功能成功。
Then you can use a WTSQueryUserToken to geting user's token, then you should be able to get a information about user with the token.
然后,您可以使用WTSQueryUserToken来设置用户的令牌,然后您应该能够使用令牌获取有关用户的信息。
This functions are from Terminal Services, but documentation says:
这些功能来自终端服务,但文档说:
Note that it is not necessary that Terminal Services be running for this function to succeed.
请注意,没有必要运行终端服务才能使此功能成功。
So I think, this can be way.
所以我认为,这可能是方式。
#4
-2
I don't know about these hooks - do they receive events from Remote Desktop keyboards? If they only get the local keyboard, then I think you need to find the owner of WinSta0.
我不知道这些钩子 - 他们是否从远程桌面键盘接收事件?如果他们只获得本地键盘,那么我认为你需要找到WinSta0的所有者。