Allegro.cc - Online Community

Allegro.cc Forums » Programming Questions » really hard questions

This thread is locked; no one can reply to it. rss feed Print
really hard questions
AzNTriK
Member #3,489
May 2003

is it possible to capture keypresses OUTSIDE of the program? and, is there a way to keep the program from appearing in the task manager AND the lower right corner of the desktop? you know, the little icon. and, also hide the window from the task bar. thanks!

X-G
Member #856
December 2000
avatar

Writing a keylogger, are we? Yes, it's possible to hook keyboard from outside your own process, and hide yourself from the taskbar/little thingies at the bottom right. To hide your process entirely, though, you would need an equivalent of a rootkit, which AFAIK only work on NT flavors.

--
Since 2008-Jun-18, democracy in Sweden is dead. | 悪霊退散!悪霊退散!怨霊、物の怪、困った時は ドーマン!セーマン!ドーマン!セーマン! 直ぐに呼びましょう陰陽師レッツゴー!

AzNTriK
Member #3,489
May 2003

yeah :P howd you know?? well i know its POSSIBLE to catch keys.. but how? and how do i keep the window from showiing on the taskbar? some code would be nice. or an explanation. thank you

lynerd
Member #2,388
May 2002

why would he tell you how to make a key logger...

no good usually come from those, atleast not to the person who doesnt know it is on his cpu.

X-G
Member #856
December 2000
avatar

That might be his point. :P
This sounds like a typical keylogger trojan. Well, anyway ... I don't have any code, since I don't deal with it, but look at Packetstorm Security - you should be able to find some proof-of-concept code for it there. To avoid visibility in the taskbar, just don't create a window. You can't hide yourself from the process list without a rootkit or equivalent, AFAIK.

--
Since 2008-Jun-18, democracy in Sweden is dead. | 悪霊退散!悪霊退散!怨霊、物の怪、困った時は ドーマン!セーマン!ドーマン!セーマン! 直ぐに呼びましょう陰陽師レッツゴー!

Derezo
Member #1,666
April 2001
avatar

I didn't know you could hide from the process list at all :P

Anyway, if you learn how to grab keys/messages using Win32, it should be very simple. Check out msdn perhaps.

Just make a program with no window, as X-G says, and keep listening for messages in windows...

"He who controls the stuffing controls the Universe"

X-G
Member #856
December 2000
avatar

It is possible - rootkits such as this famous one can do it.

--
Since 2008-Jun-18, democracy in Sweden is dead. | 悪霊退散!悪霊退散!怨霊、物の怪、困った時は ドーマン!セーマン!ドーマン!セーマン! 直ぐに呼びましょう陰陽師レッツゴー!

AzNTriK
Member #3,489
May 2003

thanks guys. im not trying to do anything illegal here.. btw, im jus trying to figure out my cousin's password for this one game that we both play ;D he's coming by later >=)

oh yeah, i searched msdn and i couldnt find anything.. please help

i found this bit of code in delphi which does the hiding windows from task/bar part but not catching keys.. anyone know how to do this in c??

1. whats a rootkit?
2. how do i check keyboard messages in win32 from OTHER programs?

Steve Terry
Member #1,989
March 2002
avatar

You can download freeware keyloggers IIRC. Never tried one though...

___________________________________
[ Facebook ]
Microsoft is not the Borg collective. The Borg collective has got proper networking. - planetspace.de
Bill Gates is in fact Shawn Hargreaves' ßî+çh. - Gideon Weems

X-G
Member #856
December 2000
avatar

Quote:

1. whats a rootkit?

I pasted a link. Read it.

--
Since 2008-Jun-18, democracy in Sweden is dead. | 悪霊退散!悪霊退散!怨霊、物の怪、困った時は ドーマン!セーマン!ドーマン!セーマン! 直ぐに呼びましょう陰陽師レッツゴー!

kronoman
Member #2,911
November 2002
avatar

For hiding the window, what about creating it like this: [Only tested on Win 98... ]

1hwnd = CreateWindowEx(
2 WS_EX_TOOLWINDOW,
3 szClassName,
4 " ",
5 WS_OVERLAPPEDWINDOW,
6 -10000,
7 -10000,
8 5 ,
9 5 ,
10 HWND_DESKTOP,
11 NULL,
12 hThisInstance,
13 NULL
14 );
15
16 ShowWindow(hwnd, SW_HIDE);

You can get the state of the keyboard with GetAsyncKeyState (only Win 98, I think)

And... with GetForegroundWindow() you can get the active window (the one that the user is using)
And with GetWindowText, you can get the title of any window.

Notice that all this apis are documented somewhere in the SDKs of MS... or something...
There was some called APIGuide that has a good guide about this APIs, google for it.

That's more that enough to make a keylogger.

IronBob
Member #3,248
February 2003
avatar

i dont think you even have to create the window. just have the main msg loop and track the keys.

AzNTriK
Member #3,489
May 2003

GetASyncState doesnt work for other processes?

Quote:

Windows NT/2000/XP: The return value is zero for the following cases:

The current desktop is not the active desktop
The foreground thread belongs to another process and the desktop does not allow the hook or the journal record.

also, it seem a bit inefficient..

SHORT GetAsyncKeyState(int vKey);

doesnt that mean that i have to individually check EVERY SINGLE key in order to check the whole keyboard? and i dont think i can use a loop because the letters are hexadecimal? i have no idea.

IronBob
Member #3,248
February 2003
avatar

no, i said nothing about GetAsyncKeyState(). i said in the MSG LOOP. for "case WM_KEYDOWN:" either the HIWORD or the LOWORD contains some value that tells you what the key is. check on MSDN in the Win32API reference section.

AzNTriK
Member #3,489
May 2003

but does that also work for processes other than the current one?

IronBob
Member #3,248
February 2003
avatar

im not sure. you need to do your own research too.

CGamesPlay
Member #2,559
July 2002
avatar

no, WM_KEYDOWN doesn't.

I believe there's a function called SetWindowHook or the like, you need to trap the WM_CHAR message the game gets and write them out to a file or something.

Also, NT based kernels (2k+XP) might have protection against that, they might not... and if its only for a game, do you really need to worry about it being in the process list?

[edit]
Didn't RealPlayer do something like that where it kept running without being in the process list?

--
Tomasu: Every time you read this: hugging!

Ryan Patterson - <http://cgamesplay.com/>

Go to: