CodeGuru Home VC++ / MFC / C++ .NET / C# Visual Basic VB Forums Developer.com
Results 1 to 10 of 10
  1. #1
    Join Date
    May 2009
    Posts
    8

    Unhappy Client monitoring - Keylogging problem

    First of all, the keylogger that i am developing is not at all for offensive and destructive purposes.

    I am developing a client monitoring application in C#.NET.
    Keylogging is one of the features in my application.
    Though i have developed the code for the keylogger, i have not been able to implement it properly in my application.

    There are two projects in my solution.
    The UserInterface - for server side.
    The Tracker - for client side PCs.
    The keylogging module Keylogger is in the Tracker project.

    I have used the helper classes for socket programming - TcpClient, TcpListener and NetworkStream to help them out.

    Also, i am using asynchronous mode for communication.

    Though i have attached the whole code with this post, i am posting the part of code with which i am facing the problem :

    Code:
    //This code resides on the server-side monitoring interface.When //the administrator hits a btnKeyLog button, a message //"StartKeyLog" is sent to the 
    
    respective client, and the keylogging //is handled on the client.
    private void btnKeyLog_Click ( object sender, EventArgs e )
    {
    	messageBuffer = new byte[100];
    
    	if ( btnKeyLog1.Text == "Start Keylogging" )
    	{
    		btnKeyLog1.Text = "Stop Keylogging";
    		message = "StartKeyLog";
    				
    		messageBuffer = Encoding.ASCII.GetBytes ( message );
    		try
    		{
                    //begin writing on the stream.
    		clientConnections[0].networkStream.BeginWrite (messageBuffer, 0, messageBuffer.Length, new AsyncCallback ( onDataWrite ), null );
    		}
    		catch ( Exception exc )
    		{
    			MessageBox.Show ( exc.Message + exc.StackTrace );
    		}
    	}
    	else
    	{
    		btnKeyLog1.Text = "Start Keylogging";
    		message = "StopKeyLog";
    				
    		messageBuffer = Encoding.ASCII.GetBytes ( message );
    		try
    		{
    		clientConnections[0].networkStream.BeginWrite ( messageBuffer, 0, messageBuffer.Length, new AsyncCallback ( onDataWrite ), null );
    		}
    		catch ( Exception exc )
    		{
    			MessageBox.Show ( exc.Message + exc.StackTrace );
    		}
    	}
    }

    Now, the client-side code :
    Code:
    //the following method is the callback method (called by //TcpListener.BeginAcceptTcpClient() )that accepts the connection //and starts reading using 
    
    BeginRead() :
    public void onConnectionRequested ( IAsyncResult ar )
    {
    	try
    	{
    	clientConnection.client = listener.EndAcceptTcpClient ( ar );
    	//MessageBox.Show ( "UI connected!" );
    
    	messageBuffer = new byte[100];
    	clientConnection.networkStream = clientConnection.client.GetStream ( );
    	clientConnection.networkStream.BeginRead ( messageBuffer, 0, messageBuffer.Length, new AsyncCallback ( onDataReceived ), null );
    	}
    	catch ( Exception exc )
    	{
    		MessageBox.Show ( exc.Message + exc.StackTrace );
    	}
    }
    
    
    // the following is the callback function that will process the data //received from the server.
    // temporarily, i am using a switch case structure.
    public void onDataReceived ( IAsyncResult ar )
    {
    	int nBytesRead = 0;
    	try
    	{
    		nBytesRead = clientConnection.networkStream.EndRead ( ar );
    	}
    	catch ( Exception exc )
    	{
    		MessageBox.Show ( exc.Message + exc.StackTrace );
    	}
    	message = Encoding.ASCII.GetString ( messageBuffer,0, nBytesRead);
    	switch (message)
    	{
    		case "StartKeyLog" :
    			MessageBox.Show ( "Keylogger started." );
                           //the following static method wraps the Win32 //implementation of SetWindowsHookEx - all given in Keylogger //module
    			KeyboardHook.installHook ( );
                           //after this method is called, the hook is //actually installed; the callback function KeyboardHookProc is also //called. 		
    
    	Here, keylogger seems to be working fine, except that the //system slows down considerably when i type keystrokes.
    		break;
    
    		case "StopKeyLog":
    			MessageBox.Show ( "Keylogger stopped." );
                            // the following method releases the hook
    			KeyboardHook.releaseHook ( );
    		break;
    	}
    			
    	try
    	{
    		messageBuffer = new byte[100];
    		clientConnection.networkStream.BeginRead ( messageBuffer, 0, messageBuffer.Length, new AsyncCallback ( onDataReceived ), null );
    	}
    	catch ( Exception exc )
    	{
    		MessageBox.Show ( exc.Message + exc.StackTrace );
    	}
    	//MessageBox.Show ( "Stop" );
    //as soon as this function ends, however, the callback function of //the keyboard hook stops being called; keystrokes are not //processed.
    //the keystrokes are caught until this function the control is in this //function. i assume that it has to do something with the thread.
    }
    I am trying to explain the situation here.
    To start keylogging, the server UI would send a message "StartKeyLog" to the client.
    On receiving the message, the client will process it in the callback function "onDataReceived".In this function, the message is processed and the

    installHook() method is called, which would install the hook.

    When i ran the application, the hook got installed; also, the KeyboardHookProc() callback got called properly, and the keystrokes were processed. But this

    was the case only till the onDataReceived callback method was alive. As soon as the that method ended, the KeyboardHookProc() stopped getting called; keys

    were no longer processed, as if the hook was never installed.

    Another problem was that after the hook got installed, the system got considerably slow when i hit any key.

    My assumption is that both the things have something to do with the threading that happens here. But, i am not able to get the exact problem.
    I have tried my best to explain the situation.Still, any questions are welcome.
    Could anyone provide me with the solution??
    Attached Files Attached Files

  2. #2
    Join Date
    Jun 2008
    Posts
    2,477

    Re: Client monitoring - Keylogging problem

    Quote Originally Posted by bhoot_jb View Post
    First of all, the keylogger that i am developing is not at all for offensive and destructive purposes.
    Doesn't matter. If it can be used for malicious purposes, no one here can help you.

  3. #3
    Join Date
    May 2009
    Posts
    8

    Red face Re: Client monitoring - Keylogging problem

    Quote Originally Posted by BigEd781 View Post
    Doesn't matter. If it can be used for malicious purposes, no one here can help you.
    well, i have already tried to explain my project. I need some guidance on the way i am handling the keylogger, and not the keylogger itself.

  4. #4
    Join Date
    Jun 2008
    Posts
    2,477

    Re: Client monitoring - Keylogging problem

    Quote Originally Posted by bhoot_jb View Post
    well, i have already tried to explain my project. I need some guidance on the way i am handling the keylogger, and not the keylogger itself.
    The point is that the code is publicly available.

  5. #5
    Join Date
    May 2009
    Posts
    8

    Red face Re: Client monitoring - Keylogging problem

    ohk..Do you want to say that i didnt require that sentence to include here?

    But then, would you mind to guide me out for my problem?

  6. #6
    Join Date
    Mar 2004
    Location
    33°11'18.10"N 96°45'20.28"W
    Posts
    1,808

    Re: Client monitoring - Keylogging problem

    don't mind them. they write bug free code and break rose smelling wind.

    here's an article on the matter. hopefully it gives you some info that can help you solve your all-too-common issue. http://www.codeproject.com/KB/system...ystemhook.aspx


    If your key watcher is used only within your local application, you can simply use an IMessageFilter object and add it to the Application context, and it will preview all the win32 message before they get dispatched to your application. you could do the hooking there. here's an example of that: http://www.codeguru.com/forum/showpo...64&postcount=3 that example is for a particular key being pressed, but you could just watch and notify on all key presses instead of doing something for just a single key.
    Last edited by MadHatter; May 12th, 2009 at 07:10 PM.

  7. #7
    Join Date
    Jun 2008
    Posts
    2,477

    Re: Client monitoring - Keylogging problem

    Quote Originally Posted by MadHatter View Post
    don't mind them. they write bug free code and break rose smelling wind.
    While both of those statements are true, I was just under the impression that it was against forum rules.

  8. #8
    Join Date
    Jan 2006
    Location
    Fox Lake, IL
    Posts
    15,007

    Re: Client monitoring - Keylogging problem

    Just watching what the kids type, or sending banking info to your webservice.
    There's one that might apply:

    You will not use these Forums for the purposes of sharing or distributing viruses, licenses, registration information, software keys, "cracks," or other information designed to do harm to or allow unlawful access to any computer hardware, software, networks, or any other systems.
    David

    CodeGuru Article: Bound Controls are Evil-VB6
    2013 Samples: MS CODE Samples

    CodeGuru Reviewer
    2006 Dell CSP
    2006, 2007 & 2008 MVP Visual Basic
    If your question has been answered satisfactorily, and it has been helpful, then, please, Rate this Post!

  9. #9
    Join Date
    Mar 2004
    Location
    33°11'18.10"N 96°45'20.28"W
    Posts
    1,808

    Re: Client monitoring - Keylogging problem

    Quote Originally Posted by BigEd781 View Post
    While both of those statements are true, I was just under the impression that it was against forum rules.
    if talking about trying to hook operating system events were illegal here, nobody could talk about it or windows CBT because it *could* easily be exploited (poorly) to do something malicious.

    likewise you could post code that would leak massive amounts of memory, which could cause a computer to force a crash. if done carelessly it's not wrong, but if done intentionally it's bad. so is posting leaky code against the TOS? I'd tend to think no...

    it's all a matter of perspective IMO. Several weeks ago, someone came in here asking how to alter an open source video game cheat. well known cheats, or hacks are clearly against the TOS, but understanding an existing API provided and documented by Microsoft (again poorly).

    there are a lot of legitimate uses for this type of thing. Like I've said before, trying to implement malicious programs in .NET is kind of like creating a death chamber out of a padded cell (gonna pillow someone to death?). .NET is the last method of coding malicious code. it would be like a javascript app to delete all the files from your computer.

    rather than comment on the topic, you can click on the report the post link, and let the site admin take care of it.

    simply posting "that's not allowed" isn't helpful. it may not truely be against the TOS, then again, they might. let the people who exist to fix these things, do their job, and help out where you can in the meanwhile.
    Last edited by MadHatter; May 13th, 2009 at 12:33 AM.

  10. #10
    Join Date
    Jul 2001
    Location
    Sunny South Africa
    Posts
    11,283

    Re: Client monitoring - Keylogging problem

    Let me chime in here.......

    Although this may seem to be a valid topic with a valid reason behind it, it may not be. Millions of people access these threads daily, just looking for something like this. The OP may also be untruthful ( not saying that it is the case ).

    The AUP states this :
    You will not use these Forums for the purposes of sharing or distributing viruses, licenses, registration information, software keys, "cracks," or other information designed to do harm to or allow unlawful access to any computer hardware, software, networks, or any other systems.
    As David has pointed out.

    I am going to close this thread. There has already been some personal remarks made :
    they write bug free code and break rose smelling wind.
    Which can be deemed offensive, and also disrespect the AUP rules :
    You will not behave in an abusive and/or hateful manner, and will not harass, threaten, nor attack anyone.

    You will not use profanity in our forums, and will neither post with language or content that is obscene, sexually oriented, or sexually suggestive nor link to sites that contain such content.
    Look at the Bolded lines.

    So technically more han one rules has been "broken" by more than one person.

    Before this ends up in a mudslinging contest, and the thread content deteriorates, I'm drawing the line here.

    Let's all play nice.

    If you have Any problems with my decision, feel free to contact me, or any other mod.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  





Click Here to Expand Forum to Full Width

Featured