The Following Article is About Using Global Hooks and Code Injection to create an Application Specific keylogger.
You must know basic C++. Windows Programming, Global Hooks (for dll injection). You Must know, what's a Keylogger?
Though The program is well tested i have to include this disclaimer. By Executing/Compiling The Program you agree that The author nor the site hosting this article shall not be held responsible for any damages occurred due to the this program. This Program Comes with NO WARRANTY. USE AT YOUR OWN RISK!! If this scares you, you probably shouldn't run this Program. The Author Hereby disclaims himself. This article may not be re-published elsewhere without the permission of the author.
Using the code
Download the Binaries, Extract them into the same directory. Run the DllTester.exe, Hit Load.
Your Anti-Virus will (should) Flag This Application Hostile. To Test it you'll need to disable your AV. No Autorun capability has been added so to Clean your system perform a Cold Reboot. The Application has Malware Characteristics and IS Intended to Compromise Security. The Dll is Injected into Multiple Processes and may cause the system to slow down or de-stabilize. If This Scares You should Delete The Source Code and Binaries right now.
What The Code Does?
Most keyloggers log almost all keys typed including stuff you type while playing games,writing school report,etc mostly irrelevant stuff...
SpyNet Can be Configured to Log Only
"Iexplore.exe", "Firefox.exe","Opera.exe", "msdev.exe", "ypager.exe",etc so you don't need to worry about other "useless" crap people type...
Only relevant information like Every Email, Login, Chat Session, etc will be logged.
You'll need to modify bits of the code to make it full-stealth...Just a Precaution to prevent abuse...
The Dll injection method is based of Ivo Ivanov's Code. A Million Thanks to Him. Search This Site For it.
The Dll exports 2 Functions that return Boolean. (True on Success, False on Fail)
InstallHook - Creates Callwnd Hook to Inject Ourselves into other Processes
UninstallHook - Stops Process Injection although The Already Injected Instances will remain.
Note : If the Original process which hooked the callwnd is terminated the injection hook is also terminated. but the Keylogger will still run.
SpyNet Main Procedure (DllMain)
- If Process is not in Attack List, Unload self.
- Establish a
Callback Function Log All Key's and active Window Title's.
- SpyNet is Invisible to the Task Manager (it's dll.)
- Logs only "Relevant" Keystrokes.
- Logs Time, Current Username.
- Does not Affect Console Programs (Because they don't have Message Queue's)
- "Recognise" Password Textboxes.
- Auto-Email/FTP Upload the Log File.
- Host Log File on Pseudo Http Server.
The Keylogger Code is "inspired" from 2 Sources
- Pranay Kanwar's Keylogger (warl0ck) (link) The Search for "Shift" Codes and Capslock...the rest is recycled code of my other keylogger.
- BO2K (Back Orifice 2000) (Everything you'll need to know about C++.)
22 Feb 08 : Original Draft