really hard questions
AzNTriK

is it possible to capture keypresses OUTSIDE of the program? and, is there a way to keep the program from appearing in the task manager AND the lower right corner of the desktop? you know, the little icon. and, also hide the window from the task bar. thanks!

X-G

Writing a keylogger, are we? Yes, it's possible to hook keyboard from outside your own process, and hide yourself from the taskbar/little thingies at the bottom right. To hide your process entirely, though, you would need an equivalent of a rootkit, which AFAIK only work on NT flavors.

AzNTriK

yeah :P howd you know?? well i know its POSSIBLE to catch keys.. but how? and how do i keep the window from showiing on the taskbar? some code would be nice. or an explanation. thank you

lynerd

why would he tell you how to make a key logger...

no good usually come from those, atleast not to the person who doesnt know it is on his cpu.

X-G

That might be his point. :P
This sounds like a typical keylogger trojan. Well, anyway ... I don't have any code, since I don't deal with it, but look at Packetstorm Security - you should be able to find some proof-of-concept code for it there. To avoid visibility in the taskbar, just don't create a window. You can't hide yourself from the process list without a rootkit or equivalent, AFAIK.

Derezo

I didn't know you could hide from the process list at all :P

Anyway, if you learn how to grab keys/messages using Win32, it should be very simple. Check out msdn perhaps.

Just make a program with no window, as X-G says, and keep listening for messages in windows...

X-G

It is possible - rootkits such as this famous one can do it.

AzNTriK

thanks guys. im not trying to do anything illegal here.. btw, im jus trying to figure out my cousin's password for this one game that we both play ;D he's coming by later >=)

oh yeah, i searched msdn and i couldnt find anything.. please help

i found this bit of code in delphi which does the hiding windows from task/bar part but not catching keys.. anyone know how to do this in c??

1. whats a rootkit?
2. how do i check keyboard messages in win32 from OTHER programs?

Steve Terry

You can download freeware keyloggers IIRC. Never tried one though...

X-G

Quote:

1. whats a rootkit?

I pasted a link. Read it.

kronoman

For hiding the window, what about creating it like this: [Only tested on Win 98... ]

1hwnd = CreateWindowEx(
2 WS_EX_TOOLWINDOW,
3 szClassName,
4 " ",
5 WS_OVERLAPPEDWINDOW,
6 -10000,
7 -10000,
8 5 ,
9 5 ,
10 HWND_DESKTOP,
11 NULL,
12 hThisInstance,
13 NULL
14 );
15
16 ShowWindow(hwnd, SW_HIDE);

You can get the state of the keyboard with GetAsyncKeyState (only Win 98, I think)

And... with GetForegroundWindow() you can get the active window (the one that the user is using)
And with GetWindowText, you can get the title of any window.

Notice that all this apis are documented somewhere in the SDKs of MS... or something...
There was some called APIGuide that has a good guide about this APIs, google for it.

That's more that enough to make a keylogger.

IronBob

i dont think you even have to create the window. just have the main msg loop and track the keys.

AzNTriK

GetASyncState doesnt work for other processes?

Quote:

Windows NT/2000/XP: The return value is zero for the following cases:

The current desktop is not the active desktop
The foreground thread belongs to another process and the desktop does not allow the hook or the journal record.

also, it seem a bit inefficient..

SHORT GetAsyncKeyState(int vKey);

doesnt that mean that i have to individually check EVERY SINGLE key in order to check the whole keyboard? and i dont think i can use a loop because the letters are hexadecimal? i have no idea.

IronBob

no, i said nothing about GetAsyncKeyState(). i said in the MSG LOOP. for "case WM_KEYDOWN:" either the HIWORD or the LOWORD contains some value that tells you what the key is. check on MSDN in the Win32API reference section.

AzNTriK

but does that also work for processes other than the current one?

IronBob

im not sure. you need to do your own research too.

CGamesPlay

no, WM_KEYDOWN doesn't.

I believe there's a function called SetWindowHook or the like, you need to trap the WM_CHAR message the game gets and write them out to a file or something.

Also, NT based kernels (2k+XP) might have protection against that, they might not... and if its only for a game, do you really need to worry about it being in the process list?

[edit]
Didn't RealPlayer do something like that where it kept running without being in the process list?

Thread #278339. Printed from Allegro.cc