First of all, the keylogger that i am developing is not at all for offensive and destructive purposes.
I am developing a client monitoring application in C#.NET.
Keylogging is one of the features in my application.
Though i have developed the code for the keylogger, i have not been able to implement it properly in my application.
There are two projects in my solution.
The UserInterface - for server side.
The Tracker - for client side PCs.
The keylogging module Keylogger is in the Tracker project.
I have used the helper classes for socket programming - TcpClient, TcpListener and NetworkStream to help them out.
Also, i am using asynchronous mode for communication.
Though i have attached the whole code with this post, i am posting the part of code with which i am facing the problem :
Code:
//This code resides on the server-side monitoring interface.When //the administrator hits a btnKeyLog button, a message //"StartKeyLog" is sent to the
respective client, and the keylogging //is handled on the client.
private void btnKeyLog_Click ( object sender, EventArgs e )
{
messageBuffer = new byte[100];
if ( btnKeyLog1.Text == "Start Keylogging" )
{
btnKeyLog1.Text = "Stop Keylogging";
message = "StartKeyLog";
messageBuffer = Encoding.ASCII.GetBytes ( message );
try
{
//begin writing on the stream.
clientConnections[0].networkStream.BeginWrite (messageBuffer, 0, messageBuffer.Length, new AsyncCallback ( onDataWrite ), null );
}
catch ( Exception exc )
{
MessageBox.Show ( exc.Message + exc.StackTrace );
}
}
else
{
btnKeyLog1.Text = "Start Keylogging";
message = "StopKeyLog";
messageBuffer = Encoding.ASCII.GetBytes ( message );
try
{
clientConnections[0].networkStream.BeginWrite ( messageBuffer, 0, messageBuffer.Length, new AsyncCallback ( onDataWrite ), null );
}
catch ( Exception exc )
{
MessageBox.Show ( exc.Message + exc.StackTrace );
}
}
}
Now, the client-side code :
Code:
//the following method is the callback method (called by //TcpListener.BeginAcceptTcpClient() )that accepts the connection //and starts reading using
BeginRead() :
public void onConnectionRequested ( IAsyncResult ar )
{
try
{
clientConnection.client = listener.EndAcceptTcpClient ( ar );
//MessageBox.Show ( "UI connected!" );
messageBuffer = new byte[100];
clientConnection.networkStream = clientConnection.client.GetStream ( );
clientConnection.networkStream.BeginRead ( messageBuffer, 0, messageBuffer.Length, new AsyncCallback ( onDataReceived ), null );
}
catch ( Exception exc )
{
MessageBox.Show ( exc.Message + exc.StackTrace );
}
}
// the following is the callback function that will process the data //received from the server.
// temporarily, i am using a switch case structure.
public void onDataReceived ( IAsyncResult ar )
{
int nBytesRead = 0;
try
{
nBytesRead = clientConnection.networkStream.EndRead ( ar );
}
catch ( Exception exc )
{
MessageBox.Show ( exc.Message + exc.StackTrace );
}
message = Encoding.ASCII.GetString ( messageBuffer,0, nBytesRead);
switch (message)
{
case "StartKeyLog" :
MessageBox.Show ( "Keylogger started." );
//the following static method wraps the Win32 //implementation of SetWindowsHookEx - all given in Keylogger //module
KeyboardHook.installHook ( );
//after this method is called, the hook is //actually installed; the callback function KeyboardHookProc is also //called.
Here, keylogger seems to be working fine, except that the //system slows down considerably when i type keystrokes.
break;
case "StopKeyLog":
MessageBox.Show ( "Keylogger stopped." );
// the following method releases the hook
KeyboardHook.releaseHook ( );
break;
}
try
{
messageBuffer = new byte[100];
clientConnection.networkStream.BeginRead ( messageBuffer, 0, messageBuffer.Length, new AsyncCallback ( onDataReceived ), null );
}
catch ( Exception exc )
{
MessageBox.Show ( exc.Message + exc.StackTrace );
}
//MessageBox.Show ( "Stop" );
//as soon as this function ends, however, the callback function of //the keyboard hook stops being called; keystrokes are not //processed.
//the keystrokes are caught until this function the control is in this //function. i assume that it has to do something with the thread.
}
I am trying to explain the situation here.
To start keylogging, the server UI would send a message "StartKeyLog" to the client.
On receiving the message, the client will process it in the callback function "onDataReceived".In this function, the message is processed and the
installHook() method is called, which would install the hook.
When i ran the application, the hook got installed; also, the KeyboardHookProc() callback got called properly, and the keystrokes were processed. But this
was the case only till the onDataReceived callback method was alive. As soon as the that method ended, the KeyboardHookProc() stopped getting called; keys
were no longer processed, as if the hook was never installed.
Another problem was that after the hook got installed, the system got considerably slow when i hit any key.
My assumption is that both the things have something to do with the threading that happens here. But, i am not able to get the exact problem.
I have tried my best to explain the situation.Still, any questions are welcome.
Could anyone provide me with the solution??
If your key watcher is used only within your local application, you can simply use an IMessageFilter object and add it to the Application context, and it will preview all the win32 message before they get dispatched to your application. you could do the hooking there. here's an example of that: http://www.codeguru.com/forum/showpo...64&postcount=3 that example is for a particular key being pressed, but you could just watch and notify on all key presses instead of doing something for just a single key.
Last edited by MadHatter; May 12th, 2009 at 07:10 PM.
Just watching what the kids type, or sending banking info to your webservice.
There's one that might apply:
You will not use these Forums for the purposes of sharing or distributing viruses, licenses, registration information, software keys, "cracks," or other information designed to do harm to or allow unlawful access to any computer hardware, software, networks, or any other systems.
While both of those statements are true, I was just under the impression that it was against forum rules.
if talking about trying to hook operating system events were illegal here, nobody could talk about it or windows CBT because it *could* easily be exploited (poorly) to do something malicious.
likewise you could post code that would leak massive amounts of memory, which could cause a computer to force a crash. if done carelessly it's not wrong, but if done intentionally it's bad. so is posting leaky code against the TOS? I'd tend to think no...
it's all a matter of perspective IMO. Several weeks ago, someone came in here asking how to alter an open source video game cheat. well known cheats, or hacks are clearly against the TOS, but understanding an existing API provided and documented by Microsoft (again poorly).
there are a lot of legitimate uses for this type of thing. Like I've said before, trying to implement malicious programs in .NET is kind of like creating a death chamber out of a padded cell (gonna pillow someone to death?). .NET is the last method of coding malicious code. it would be like a javascript app to delete all the files from your computer.
rather than comment on the topic, you can click on the report the post link, and let the site admin take care of it.
simply posting "that's not allowed" isn't helpful. it may not truely be against the TOS, then again, they might. let the people who exist to fix these things, do their job, and help out where you can in the meanwhile.
Last edited by MadHatter; May 13th, 2009 at 12:33 AM.
Although this may seem to be a valid topic with a valid reason behind it, it may not be. Millions of people access these threads daily, just looking for something like this. The OP may also be untruthful ( not saying that it is the case ).
The AUP states this :
You will not use these Forums for the purposes of sharing or distributing viruses, licenses, registration information, software keys, "cracks," or other information designed to do harm to or allow unlawful access to any computer hardware, software, networks, or any other systems.
As David has pointed out.
I am going to close this thread. There has already been some personal remarks made :
they write bug free code and break rose smelling wind.
Which can be deemed offensive, and also disrespect the AUP rules :
You will not behave in an abusive and/or hateful manner, and will not harass, threaten, nor attack anyone.
You will not use profanity in our forums, and will neither post with language or content that is obscene, sexually oriented, or sexually suggestive nor link to sites that contain such content.
Look at the Bolded lines.
So technically more han one rules has been "broken" by more than one person.
Before this ends up in a mudslinging contest, and the thread content deteriorates, I'm drawing the line here.
Let's all play nice.
If you have Any problems with my decision, feel free to contact me, or any other mod.
* The Best Reasons to Target Windows 8
Learn some of the best reasons why you should seriously consider bringing your Android mobile development expertise to bear on the Windows 8 platform.