-3

I am designing a key logger to make statistics such as "Most queried Google strings" and such... Users will know it is a key logger and it is not "clandestine".

I have looked into the GetAsyncKeyState WinAPI function, but I have also come across using hooks. Which one would take up the least system resources? What would be the most EFFICIENT way to log keystrokes?

43.52.4D.
  • 950
  • 6
  • 14
  • 28
  • Oh, well. If it's for a *good* cause, I guess we should make this code public then, eh? – Linus Kleen Dec 28 '12 at 03:15
  • Am I sensing sarcasm? I never asked for the code, I am asking which is more efficient, GetAsyncKeyState or using hooks. I already know the code... – 43.52.4D. Dec 28 '12 at 03:17
  • 1
    Efficient in what way. Speed, performance, accuracy? Ah doesn't matter, I'd rather stick pins in my eyes than help someone write a keylogger anyway. – Tony Hopkinson Dec 28 '12 at 03:18
  • I already said "What would take up the least SYSTEM RESOURCES"... I already KNOW how to write a key logger... ANYONE with HALF A MIND could copy and paste example code from Google. I'm just asking which method is most efficient. – 43.52.4D. Dec 28 '12 at 03:20
  • So does anyone have a LEGITIMATE answer? – 43.52.4D. Dec 28 '12 at 03:30
  • The easiest way to gain these metrics is by trying it. Code it up both ways and measure your results. – Sam Axe Dec 28 '12 at 03:48
  • It's funny how Linus and Tony are so naïve, maybe you haven't searched Google lately, but there is 2.1 million results for "keylogger tutorial". But you are probably right, making this code public will vastly increase the number of keylogger viruses. Oops, that was sarcasm. – 43.52.4D. Feb 12 '13 at 23:20
  • 1
    Least system resources? `GetAsyncKeyState`. It's just a single system call. `SetWindowsHooksEx` will load your module into every process (sure, the OS does nice tricks to keep that efficient, but still, lots of modifications to lots of processes). Too bad this was closed, it's a decent question. – mrduclaw Mar 30 '13 at 04:13
  • @mrduclaw thanks for understanding! But I was shot down by the community of programmer Gods who devoted there lives to stopping malware lol – 43.52.4D. Mar 30 '13 at 04:15
  • Meh, I think part of that fear is a lack of understanding. If you wrote a keylogger and tried to distribute it using either of the two techniques I enumerated, Anti-Virus would flag it based on heuristics alone. Those two ways, albeit best known, are just not good at logging keystrokes for malicious purposes anymore. Nonetheless, good luck in your endeavors. You might also enjoy the new ReverseEngineering StackExchange site. :) – mrduclaw Mar 30 '13 at 04:17
  • @mrduclaw how else would it be done then? – 43.52.4D. Mar 30 '13 at 04:19
  • @43.52.4D. There's many ways to log keystrokes, those are just the two most common, especially for malware. (Bad suggestion incoming, but useful as an example as another way to do things) You could introduce a driver and log the key strokes from the kernel. For more ways to do it, in general, you could reverse-engineer what happens with a key stroke event occurs. I'm sure you'll find more ways if you do. :) I'm sorry but I'd rather not be more specific on a public forum. – mrduclaw Mar 30 '13 at 04:23

1 Answers1

3

Rather than writing a keylogger, which would have to look at individual keystrokes and manually try to figure out what they belong to, I would write a browser plugin instead that looks at the actual URLs being requested. Then you can look for the Google URLs, and when detected then look at the actual search terms being submitted. Much more accurate and efficient then a plain keylogger.

Remy Lebeau
  • 555,201
  • 31
  • 458
  • 770
  • 3
    A more general solution would be to run a loopback proxy so that you can capture traffic regardless of the application. This is how tools like Fiddler work. – Raymond Chen Dec 28 '12 at 03:47
  • Also, I believe this information is available vi the google apis – Sam Axe Dec 28 '12 at 03:47
  • The downside to the proxy approach is it requires reconfiguring each app to connect to it. Fiddler modifies the WinInet API config, which affects all WinInet apps, including IE. IE has its own API for hooking requests, other browsers may have similar hooks. A "more general" solution would be to use WinPCap to capture and analyze all socket communications for all apps transparently. – Remy Lebeau Dec 28 '12 at 08:55