Beefy Boxes and Bandwidth Generously Provided by pair Networks
go ahead... be a heretic
 
PerlMonks  

Keystoke Logger

by Anonymous Monk
on Feb 20, 2002 at 13:31 UTC ( [id://146575]=perlquestion: print w/replies, xml ) Need Help??

Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

OK, I know the title doesn't sound good, but honestly I'm not a "hacker" (maybe a perl hacker after several days of attempts with this subject...LOL) I have obtained a plethora of keystroke logger programs to disect, but haven't had any luck in transfering them to perl code. I am very interested in the workings of such a program strictly for knowledge of course. If any one could explain how I can perform such an act with perl or maybe point me to some literature I can read, it would be greatly appreciated. I think I have found a new home(Very nice site!)

Replies are listed 'Best First'.
Re: Keystoke Logger
by rchiav (Deacon) on Feb 20, 2002 at 20:06 UTC
    Yes, it can be done with VB.. and as far as I know, there's no way to do it that's completely Perl. Here's why..

    First, you have to create a "System Wide Hook". This is done by creating a DLL. You can't do that in Perl. A "Hook" is basically a low level operation where you create a callback to an API function. In your case, you'd have to hook the Keyboard API. You can probably use Win32::API to create the app that loads the DLL, but not the DLL itself.

    Pick your poision.. VB or C++ for the DLL. There's info on VB here. There's something in C++ here but it involves more than just the keyboard.

    I could be wrong, but I'm pretty sure there's no pure Perl way to do it.

    If you're interested in some more advanced stuff, there's also Detours Which will inject code into an apps memory space, replacing functions in the app.

    Rich

[reply]
      If you really, really want to give it a try, it just might be possible to port the VB code via the Win32 modules, and with Perl Dev Kit you can build DLL's and other stuff from pure perl. It does cost money, but hey, so does Visual Studio.

      The only reason to go this way, however, would be pure interest, or good old "Because it's there", I think. I am a very strong believer in choosing the tools for the job, not the other way around - so I recommend that you take rchiav's advice and try to build it in some language that does it natively. VB if you have access to Visual Studio, C++ otherwise. Dev-C++, for instance, is a free IDE for C++ that can build stuff for the windows platform. It seems pretty good. UPDATE: of course, http://www.bloodshed.net is down at the moment. Here is the Google cache in the meantime.

      No matter what way you choose, however, you will have to go native on the platforms you choose - of course, you could very well write some wrapper class that uses the correct underlying modules depending on what OS it is running under, and possibly create a transparent cross-platform keylogger. Unless it is for "Because..." reasons, you have to ask yourself if it is worth it. :)

      You have moved into a dark place.
      It is pitch black. You are likely to be eaten by a grue.
[reply]
Re: Keystoke Logger
by davis (Vicar) on Feb 20, 2002 at 15:10 UTC
    Hmmm... What I believe you're trying to do is "snoop" on the keyboard - log all entries, regardless of what program the user is using.
    This wouldn't be possible in Perl (Well, I suspect *anything's* possible in Perl)- it would have to be implemented at the keyboard driver level, or possibly using the tty snp device in *BSD - but then you get the program "watch" anyway.
    Any solution that could be formed would also have to be strongly OS-dependent - eg, it might be relatively easy in *BSD because of the snp device, but (I believe) you'd have to replace the keyboard driver in something such as Windows - Perl drivers anyone? ;-)
    davis
    Is this going out live?
    No, Homer, very few cartoons are broadcast live - it's a terrible strain on the animator's wrist
[reply]
      As far as I know there is no way to intercept a CTRL-ALT-DELETE combination on a Windows NT/2k box. Nor the password box that pops up afterwards. I could be wrong though...

      Yves / DeMerphq
      --
      When to use Prototypes?

[reply]
        demerphq That is correct you can not intercept CTRL-ALT-DEL on NT based systems(NT/2000). That is a security feature (what? M$ security feature that works). That way when you log in with C-A-D there is no possibilty that a trojan could pop up a window instead.

        grep
        grep> rm -f /bin/laden
[reply]
      Davis, Thanks for the comment, I'm building this on 'ehum' Windows XP. I have a sparc 20 running solaris 2.7, but I want to extend my ability to include windows platforms. I've seen this done in VB (Is that really a language?..LOL)before with ease, so I know it has to be possible with perl. Thanks for your help
[reply]
Re: Keystoke Logger
by hakkr (Chaplain) on Feb 20, 2002 at 13:59 UTC 
    print "Enter your keystrokes";
#now enter print to see print echoed back and program exit
my $keystrokes =<STDIN>;
chop $keystrokes;
if ($keystroke eq "print"){
    print $keystrokes;
    exit;
}

    [download]
    Not so difficult many programs 'log keystrokes' to operate their commands. Remember to chop the keystrokes to ditch newlines
[reply]
[d/l]
    A reply falls below the community's threshold of quality. You may see it by logging in.

Back to Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: perlquestion [id://146575]
Approved by root
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others chanting in the Monastery: (4)
As of 2025-03-17 09:01 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    When you first encountered Perl, which feature amazed you the most?










    Results (54 votes). Check out past polls.