Windows XP Tablet Ed.Embedded Windows Vista .NET 1.0 Visual Studio .NET 2003 Windows 2003 .NET 1.1 Visual Studio 2005 Windows 2000 Advanced Windows XP .NET 2.0 Dev Visual Studio Windows .NET Visual Basic

Pedrams Elite Keylogger

Pedram Emrouznejad

2.97/5 (40 votes)

Jun 22, 2005

4 min read

152909

10557

Logs any Keys and/or Blocks Keys/key combinations

Download Source Code
Download Demo Project
Sample Image - P-E-K.jpg

Note: I intend to make another version, and beside removing bugs and making current code more reliable, I also want to add new features. What features would you like to see in a Keylogger or how could this program be extended? (Please email me at one of the email addresses at the end of the article)

Introduction

This program is capable of capturing any keys at any time. This program can also be customised to preferences. I have created a user interface where you can change options and settings. I have also included a function, where you can block any keys/key combinations pressed.

Using the code

All the keyboard logging/blocking related code is in a module called Keyboard.vb. When you first start the program you might be given an error which says that "Block.txt" is in use or it cannot find "Settings.Set", ignore them and the next time you start the program it should be fixed. In order to see the user interface, you will need to press F12 to exit stealth mode then double-click on the notify icon that appears in the Notification Area (System Tray).

Functions

Below is a list of impotant functions and how they are used

IsHooked - Blocking Keys

(- Public Function IsHooked(ByRef Hookstruct As KBDLLHOOKSTRUCT) As Boolean -)

This function is used to block the key/key combination that has been pressed, to block a key all you have to do is put in 'Return True' :

Public Function IsHooked(ByRef Hookstruct As KBDLLHOOKSTRUCT) As Boolean 
Return True
End Sub

However, this would block any key that is pressed so in order to just block the specified keys you should use Hookstruct.vkcode and the GetAsyncKeyState() function:

Public Function IsHooked(ByRef Hookstruct As KBDLLHOOKSTRUCT) As Boolean 
If Hookstruct.vkcode = 13 Then
Return True
End If
Return False
End Sub

This would block the 'Enter' Key as the keycode for the enter key is 13. Instead of 13, Keys.Enter or VK_ENTER could also be used: Hookstruct.vkcode = 13 > Hookstruct.vkcode = Keys.Enter OR Hookstruct.vkcode = VK_ENTER

To block key combinations the GetAsyncKeyState() function should be used:

Public Function IsHooked(ByRef Hookstruct As KBDLLHOOKSTRUCT) As Boolean 
If GetAsyncKeyState(VK_MENU) and Hookstruct.vkcode = VK_TAB Then
Return True
End If
Return False
End Sub

This would block the key combination ALT + TAB. It first checks too see if the ALT key is down, then it checks too see if the TAB has been pressed. This also means that the Keys ALT and TAB can still be used, but not together.

HookKeyboard & KeyboardCallback - Logging Keys

(- Public Sub HookKeyboard() -)
(- Public Function KeyboardCallback(ByVal Code As Integer, _
ByVal wParam As Integer, _
ByRef lParam As KBDLLHOOKSTRUCT) As Integer -)

These two functions are used in logging every key pressed, first HookKeyboard is called from the load event in the main form (Form1.vb) and through a timer, this then 'Hooks' the keyboard and enables the program to log every key pressed. It does this by first retrieving every key pressed before the system does. HookKeyboard then calls KeyboardCallback which determines which key has been pressed. The variable wParam is used to check if any key has been pressed at all:

If wParam = WM_KEYDOWN Then

Once we know that a key has been pressed we have to determine which key it was. This part is easy:

keycode = lParam.vkCode

lParam.vkCode contains the keycode for the key that has been pressed.

In my program, I have used these functions to gather all the keys pressed then write it to a Log File when the user has switched programs:

GetForegroundWindow, GetWindowTextLength, GetWindowText - Logging Keys

(- Private Declare Function GetWindowText Lib "user32" Alias "GetWindowTextA" (ByVal hwnd As Integer, ByVal lpString As String, ByVal cch As Integer) As Integer -)
(- Private Declare Function GetWindowTextLength Lib "user32" Alias "GetWindowTextLengthA" (ByVal hwnd As Integer) As Integer -)
(- Private Declare Function GetForegroundWindow Lib "user32" () As Integer -)

In Timer1 I have used these functions to get the program titles that the user has active. The timer builds up a list of Keys (KeysList) that has been pressed, and when the user switches to another program it writes the program title and the keys into the Log file.

If title <> last And last <> "" Then
    writekeys()
End If

It records the windows titles into a variable and checks it agaisnt the new window title, if they are the same the user has still got the same program activated, if they are different the user has switched windows and the keys are written into the Log File.

CreateDefaultSI - Settings

(- Public Function CreateDefaultSI() -)

This is a more simple function which is called if the settings file cannot be found and is corrupt. It deletes the old settings file (if any) then replaces it with a new one with the default settings.

Most functions have not been reviewed in this article and I have just covered the main ones, if you have any questions or need help concerning the code email me at one of the emails listed at the end of this article.

This program was created by Pedram Emrouznejad (p3pedram@hotmail.com, pthree2004@aol.com, pedramscomputer3@aol.com)
Please read the Read Me file (Read Me!!!.txt) (It Explains a lot of stuff)This program is not intended for malicious activities. Use this program at your own risk!
Please retain all credits and give a reference to me and my email when using this code.