why we must place a global hook procedure in a separate DLL

i read some article and msdn and blog but have some question

why we must place a global hook procedure in a DLL separate from t开发者_如何学Gohe application installing the hook procedure

and what is different from global hook and keyloger( i write key loge without separate dll)? how key loger intercept all application keyboard message without separate dll?

finaly

what code is in dll for global hook ?

please give some step for writing global hook with detail

Basically there are two ways how to capture keystrokes globally (the keylogger can use any of them):

1. Using global keyboard hook. This method needs a HookProcedure located in seperate DLL file as you stated above. This is the right way how to capture keystrokes, because your function is called only on each keypress.

   This article could be useful: http://www.codeproject.com/KB/DLL/keyboardhook.aspx

2. Calling WinAPI function GetKeyboardState. This method doesn't require separate DLL file, but have a big drawback. The function returns only actual state of keyboard. It is necessary to call it in an infinite loop (probably in separate thread, but not necessarily) with a little sleep time to caputre all keystrokes.

   This results in increased CPU usage. I don't recommend you to use this technique. Also an antivirus software with good heuristics will consider such code as keylogger.

A keylogger without DLL probably uses the second approach or generates the DLL on the fly.