Keystroke Logging

Monday Dec 13th 2004 by Pradeep Kumar Paijwar
Share:

Learn to create a stealth keylogger on Windows 2000/NT/XP.

Key Logger

This article is about how to log keystrokes. There is an article on this topic, "Hooking the Keyboard," already on CodeGuru.

Regarding that key logger, it is a system-wide hook. But, that article is a little bit old, and says that if we need to install a system-wide hook, we have to make it in a shared DLL, but that it will divide our code into some pieces and it will be difficult to hide it in the system.

Windows 2000 onwards provides system-wide, low-level hooks. By using these hooks, we can have a system-wide hook in a single program/project. We can use this functionality to set a system-wide hook.

HHOOK
SetWindowsHookEx
(int idHook, HOOKPROC lpfn, HINSTANCE hMod, DWORD dwThreadId);

idHook is the hook ID for which we want to hook. Windows supports the following hooks:

  • WH_CALLWNDPROC
  • WH_CALLWNDPROCRET
  • WH_CBT
  • WH_DEBUG
  • WH_FOREGROUNDIDLE
  • WH_GETMESSAGE
  • WH_JOURNALPLAYBACK
  • WH_JOURNALRECORD
  • WH_KEYBOARD
  • WH_KEYBOARD_LL
  • WH_MOUSE
  • WH_MOUSE_LL
  • WH_MSGFILTER
  • WH_SHELL
  • WH_SYSMSGFILTER

The lpfn parameter is a function pointer to a callback function that we want to invoke after getting the event.

hMod is the handle of the current application. It is different from the window handle; it can be retrieved by calling the AfxGetInstanceHandle function of MFC.

dwThreadId,

This specifies the identifier of the thread with which the hook procedure is to be associated. If this parameter is zero, the hook procedure is associated with all existing threads running in the same desktop as the calling thread.

I am enclosing a running example for hooking the keyboard.

Share:
Home
Mobile Site | Full Site
Copyright 2017 © QuinStreet Inc. All Rights Reserved