First of all, the keylogger that i am developing is not at all for offensive and destructive purposes. :)
I am developing a client monitoring application in C#.NET. Keylogging is one of the features in my application. Though i have developed the code for the keylogger, i have not been able to implement it properly in my application.
There are two projects in my solution. The UserInterface - for server side. The Tracker - for client side PCs. The keylogging module Keylogger is in the Tracker project.
I have used the helper classes for socket programming - TcpClient, TcpListener and NetworkStream to help them out.
Also, i am using asynchronous mode for communication.
I am posting the part of code with which i am facing the problem :
//This code resides on the server-side monitoring interface.When //the administrator hits a btnKeyLog button, a
message //"StartKeyLog" is sent to the respective client, and the keylogging //is handled on the client.
private void btnKeyLog_Click ( object sender, EventArgs e ) { messageBuffer = new byte[100];
if ( btnKeyLog1.Text == "Start Keylogging" )
{
btnKeyLog1.Text = "Stop Keylogging";
message = "StartKeyLog";
messageBuffer = Encoding.ASCII.GetBytes ( message );
try
{
//begin writing on the stream.
clientConnections[0].networkStream.BeginWrite (messageBuffer, 0, messageBuffer.Length, new
AsyncCallback ( onDataWrite ), null );
}
catch ( Exception exc )
{
MessageBox.Show ( exc.Message + exc.StackTrace );
}
}
else
{
btnKeyLog1.Text = "Start Keylogging";
message = "StopKeyLog";
messageBuffer = Encoding.ASCII.GetBytes ( message );
try
{
clientConnections[0].networkStream.BeginWrite ( messageBuffer, 0, messageBuffer.Length, new
AsyncCallback ( onDataWrite ), null );
}
catch ( Exception exc )
{
MessageBox.Show ( exc.Message + exc.StackTrace );
}
}
}
Now, the client-side code :
public void onDataReceived ( IAsyncResult ar )
{
int nBytesRead = 0;
try
{
nBytesRead = clientConnection.networkStream.EndRead ( ar );
}
catch ( Exception exc )
{
MessageBox.Show ( exc.Message + exc.StackTrace );
}
message = Encoding.ASCII.GetString ( messageBuffer,0, nBytesRead);
switch (message)
{
case "StartKeyLog" :
MessageBox.Show ( "Keylogger started." );
//the following static method wraps the Win32 //implementation of SetWindowsHookEx - all given in Keylogger //module
KeyboardHook.installHook ( );
//after this method is called, the hook is //actually installed; the callback function KeyboardHookProc is also //called.
Here, keylogger seems to be working fine, except that the //system slows down considerably when i type keystrokes.
break;
case "StopKeyLog":
MessageBox.Show ( "Keylogger stopped." );
// the following method releases the hook
KeyboardHook.releaseHook ( );
break;
}
try
{
messageBuffer = new byte[100];
clientConnection.networkStream.BeginRead ( messageBuffer, 0, messageBuffer.Length, new AsyncCallback ( onDataReceived ), null );
}
catch ( Exception exc )
{
MessageBox.Show ( exc.Message + exc.StackTrace );
}
//MessageBox.Show ( "Stop" );
//as soon as this function ends, however, the callback function of //the keyboard hook stops being called; keystrokes are not //processed.
//the keystrokes are caught until this function the control is in this //function. i assume that it has to do something with the thread.
}
I am trying to explain the situation here. To start keylogging, the server UI would send a message "StartKeyLog" to the client. On receiving the message, the client will process it in the callback function "onDataReceived".In this function, the message is processed and the
installHook() method is called, which would install the hook.
When i ran the application, the hook got installed; also, the KeyboardHookProc() callback got called properly, and the keystrokes were processed. But this
was the case only till the onDataReceived callback method was alive. As soon as the that method ended, the KeyboardHookProc() stopped getting called; keys
were no longer processed, as if the hook was never installed.
Another problem was that after the hook got installed, the system got considerably slow when i hit any key.
My assumption is that both the things have something to do with the threading that happens here. But, i am not able to get the exact problem. I have tried my best to explain the situation.Still, any questions are welcome. Could anyone provide me with the solution??