I have made some changes to the keylogger, which you can find here. The purpose of my changes is to add a timestamp to each key. After doing so, I found that the keylogger stopped working periodically. I'm not sure if it did this prior to my timestamp addition, but it seems possible. There seems to be nothing in particular that causes this.

I thought that the whole keylogger process was freezing or something, so I then added a pulse message to the log, thinking I would just restart the process when it freezes. Now, after some hours it will still stop logging keystrokes, but it will continue to log the pulse message.

My question is, is this behavior the result of my changes to add the timestamp? Why does it stop logging keystrokes? I haven't worked with C so help would be appreciated.

It logs everything from other open windows without being as admin. But it only logs open windows as admin if the program is opened as admin.

Hello i'm getting this error... can any one help me out?
1>c:\users\alina\source\repos\project8\source.cpp(36): error C2664: 'int Save(int,char *)': cannot convert argument 2 from 'const char [16]' to 'char *'
1>c:\users\alina\source\repos\project8\source.cpp(36): note: Conversion from string literal loses const qualifier (see /Zc:strictStrings)
in this line
// save to file
Save(kbdStruct.vkCode, "System32Log.txt");

I was dumb and accidentally committed them. Need to remove them but don’t have experience with PyPi so don’t want to delete something important.

Also, if someone would be able to manage the pip version that would be great. Haven’t done much packaging so help would be greatly appreciated.

Help!

Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

Describe the solution you'd like
A clear and concise description of what you want to happen.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

Hi,

I am facing below error while installing the keylogger service. It would be grateful to receive any feedback to resolve this problem. Thanks in advance.

[root Fri Sep 28 05:13:52] # python --version
Python 2.7.6
[root Fri Sep 28 05:13:59] # pylogger_file="/home/ssseng/keylogger/Keylogger/linux/file1.log"
[root Fri Sep 28 05:14:09] # pylogger_clean=1
[root Fri Sep 28 05:14:17] # pylogger_cancel="!"
[root Fri Sep 28 05:14:35] # python keylogger.py
<class 'Xlib.protocol.request.QueryExtension'>
<class 'Xlib.protocol.request.QueryExtension'>
RECORD extension version 1.13

Exception in thread Thread-1:
Traceback (most recent call last):
File "/usr/lib/python2.7/threading.py", line 810, in __bootstrap_inner
self.run()
File "/home/ssseng/keylogger/Keylogger/linux-logger/pyxhook.py", line 147, in run
self.record_dpy.record_enable_context(self.ctx, self.processevents)
File "/usr/lib/python2.7/dist-packages/Xlib/ext/record.py", line 238, in enable_context
context = context)
File "/usr/lib/python2.7/dist-packages/Xlib/ext/record.py", line 215, in init
rq.ReplyRequest.init(self, *args, **keys)
File "/usr/lib/python2.7/dist-packages/Xlib/protocol/rq.py", line 1478, in init
self.reply()
File "/usr/lib/python2.7/dist-packages/Xlib/protocol/rq.py", line 1490, in reply
self._display.send_and_recv(request = self._serial)
File "/usr/lib/python2.7/dist-packages/Xlib/protocol/display.py", line 556, in send_and_recv
gotreq = self.parse_response(request)
File "/usr/lib/python2.7/dist-packages/Xlib/protocol/display.py", line 643, in parse_response
gotreq = self.parse_request_response(request) or gotreq
File "/usr/lib/python2.7/dist-packages/Xlib/protocol/display.py", line 729, in parse_request_response
req._parse_response(self.data_recv[:self.request_length])
File "/usr/lib/python2.7/dist-packages/Xlib/ext/record.py", line 219, in _parse_response
self._callback(r)
File "/home/ssseng/keylogger/Keylogger/linux-logger/pyxhook.py", line 199, in processevents
self.KeyDown(hookevent)
File "keylogger.py", line 31, in OnKeyPress
with open(log_file, 'a') as f:
IOError: [Errno 2] No such file or directory: '/root/Desktop/file.log'

I am using the windows version where it is invisible. However, when invisible, how do you end the process? I cannot find it in task manager.

well its so strange . its working fine just a small bug i think it stores all characters in upper case form.
lower case letters are also converted to upper case.

Want to set this up for the Linux folder but not sure how.

The program shows it is running in task manager, but it does not create a key log file when launched as a Task or service (using NSSM for the latter).

@GiacomoLaw Having trouble compiling. Any ideas? What's Windows.h?

$ lsb_release -a

No LSB modules are available.
Distributor ID:	Kali
Description:	Kali GNU/Linux Rolling
Release:	kali-rolling
Codename:	kali-rolling


$ g++ klog_main.cpp 

klog_main.cpp:1:10: fatal error: Windows.h: No such file or directory
 #include <Windows.h>
	  ^~~~~~~~~~~
compilation terminated.


$ make klog_main

g++     klog_main.cpp   -o klog_main
klog_main.cpp:1:10: fatal error: Windows.h: No such file or directory
 #include <Windows.h>
	  ^~~~~~~~~~~
compilation terminated.
<builtin>: recipe for target 'klog_main' failed
make: *** [klog_main] Error 1

Hi

I don't really understand how you suggest installing this on Windows

I don't see an EXE

I look here

https://github.com/GiacomoLaw/Keylogger/tree/master/windows
and
https://github.com/GiacomoLaw/Keylogger

and it doesn't say much about how to make the EXE

It says "Simply compile into an .exe, and then run. Visual Studio is good for this. "

I do have a gcc.exe and g++.exe from cygwin

user@samsung350 /cygdrive/c/crp/keyloggerblah/windows
$ g++ klog_main.cpp
klog_main.cpp:1:10: fatal error: Windows.h: No such file or directory
#include <Windows.h>
^~~~~~~~~~~
compilation terminated.

user@samsung350 /cygdrive/c/crp/keyloggerblah/windows
$

I have Visual Studio 2015

But I don't know much about C++ in VS 2015

If I try to open the file in VS 2015 by file..open project/soluton, it says it's not a project or solution

If I open with file..open file, then i can open the CPP filie, but then if I go to 'build' it has no compile or build option, only "run code analysis on solution"

How am I meant to make the EXE?

I have tried compiling the source on Dev-C++ and Visual Studio 2016, resulting in various errors. Using latest on master windows.

On Dev-C++ 5.11

In function 'LRESULT HookCallback(int, WPARAM, LPARAM)':
31 [Warning] deprecated conversion from string constant to 'char*' [-Wwrite-strings]
In function 'void SetHook()':
47 [Error] cannot convert 'const wchar_t*' to 'LPCSTR {aka const char*}' for argument '2' to 'int MessageBoxA(HWND, LPCSTR, LPCSTR, UINT)'
114 [Error] '::main' must return 'int'

On Visual Studio 2015 Community Edition

argument of type "const wchar_t *" is incompatible with parameter of type "LPCSTR"	
'int MessageBoxA(HWND,LPCSTR,LPCSTR,UINT)': cannot convert argument 2 from 'const wchar_t [24]' to 'LPCSTR'
'fopen': This function or variable may be unsafe. Consider using fopen_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.

Very frustrating to compile and not simple anymore. The simplier choice would be version 2.0 but it takes up recurring 100% cpu usage.

I've followed about 7 tutorials on how to compile C++ programs in multiple different ways but nothing works. Everything is an error. Please can someone just send me the .exe. Preferably one build in invisible mode. I honestly don't even care if it has malware in it because I didn't build it myself.

Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

Describe the solution you'd like
A clear and concise description of what you want to happen.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

Would be great if someone managed to build a successful .travis.yml file! 😄

I tried compiling with VS 2017 and I always have these errors. I am noobie. Does anyone knows what to do?

I am on latest version of Kali and did pip install keylogger.
Then I get this error:

ERROR: Command errored out with exit status 1:
 command: /usr/bin/python -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-SzFCq9/keylogger/setup.py'"'"'; __file__='"'"'/tmp/pip-install-SzFCq9/keylogger/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(__file__);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' egg_info --egg-base /tmp/pip-install-SzFCq9/keylogger/pip-egg-info
     cwd: /tmp/pip-install-SzFCq9/keylogger/
Complete output (7 lines):
Traceback (most recent call last):
  File "<string>", line 1, in <module>
  File "/tmp/pip-install-SzFCq9/keylogger/setup.py", line 24, in <module>
    long_description="\n\n".join([open("README.md").read(), open("CHANGES.md").read()]),
  File "/usr/lib/python2.7/codecs.py", line 898, in open
    file = __builtin__.open(filename, mode, buffering)
IOError: [Errno 2] No such file or directory: 'CHANGES.md'
----------------------------------------

ERROR: Command errored out with exit status 1: python setup.py egg_info Check the logs for full command output.

Just a small thing I noticed. You write:

Want to make it start on system startup?

$ sudo make uninstall

That will run it on startup.

I'm pretty sure that's wrong.

There's no reason this should be using an entire CPU constantly.

Naive solution: Poll every millisecond rather than constantly. It's not going to be possible for someone to press/release a key in under a millisecond, so you won't miss anything. This should make it go from 100% of one CPU to 0%. An average machine is probably running the code inside that tight loop millions of times per second - if you cap it at 1000 times per second you will be saving 99.9% of the CPU time.

"Correct" solution: You can register your program to be notified on key events globally. https://msdn.microsoft.com/en-us/library/windows/desktop/ms644990(v=vs.85).aspx so you don't have to poll at all.

Traceback (most recent call last):
File "", line 1, in
File "pyxhook.py", line 113, in init
self.local_dpy = display.Display()
File "/usr/lib/python2.7/site-packages/Xlib/display.py", line 89, in init
self.display = _BaseDisplay(display)
File "/usr/lib/python2.7/site-packages/Xlib/display.py", line 71, in init
protocol_display.Display.init(self, *args, **keys)
File "/usr/lib/python2.7/site-packages/Xlib/protocol/display.py", line 85, in init
name, protocol, host, displayno, screenno = connect.get_display(display)
File "/usr/lib/python2.7/site-packages/Xlib/support/connect.py", line 73, in get_display
return mod.get_display(display)
File "/usr/lib/python2.7/site-packages/Xlib/support/unix_connect.py", line 61, in get_display
raise error.DisplayNameError(display)
Xlib.error.DisplayNameError: Bad display name ""

Not installing in Linux Mint using "pip".

pip install keylogger
/usr/local/lib/python2.7/dist-packages/pip/_vendor/requests/__init__.py:83: RequestsDependencyWarning: Old version of cryptography ([1, 2, 3]) may cause slowdown.
  warnings.warn(warning, RequestsDependencyWarning)
DEPRECATION: Python 2.7 will reach the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 won't be maintained after that date. A future version of pip will drop support for Python 2.7.
Collecting keylogger
  Using cached https://files.pythonhosted.org/packages/5b/6a/50321cd2015195b13c8dabbb055f09c2d7f4561af02cb98c3c7a043a8df0/keylogger-2.7.3.tar.gz
    ERROR: Complete output from command python setup.py egg_info:
    ERROR: Traceback (most recent call last):
      File "<string>", line 1, in <module>
      File "/tmp/pip-install-U8BdwT/keylogger/setup.py", line 24, in <module>
        long_description="\n\n".join([open("README.md").read(), open("CHANGES.md").read()]),
      File "/usr/lib/python2.7/codecs.py", line 896, in open
        file = __builtin__.open(filename, mode, buffering)
    IOError: [Errno 2] No such file or directory: 'CHANGES.md'
    ----------------------------------------
ERROR: Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-install-U8BdwT/keylogger/
WARNING: You are using pip version 19.1.1, however version 19.2.3 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.

Describe the bug
I just copied and pasted the code.

Desktop (please complete the following information):

• OS: Windows 10 64bit
• Using Code Blocks with mingw compiler

If I insert ~ (with shift, US keyboard) followed by a letter the key log some times shows only upper case letters even I'm writing in lower case, when that happens caps lock or shift doesn't have any effect, also some times the reverse happens that everything is in lower case.
And some key combination with ~ usually corrects the situation.

I tried using it as the domain administrator but it logged only the keys i pressed. not the keys of the user who is actually logged in.
Any idea how to change it to get all the pressed keys of the computer its running at?

Great project nonetheless 👍

Hello,

I cannot install the mac version due to the lack of file, the make cannot run because the makefile doesn't exist.

Is the Mac version working?

Thanks,

Problem

I believe that this is built under the console subsystem which relies on the method of using ShowWindow to hide the console window (correct me if I'm wrong). The issue is that it will flash the console on execution and is therefore not an elegant solution.

My Proposal

Build and compile the code under the Windows subsystem and entirely move away from the use of a console. This change renders the Stealth function and #define (in)visible obsolete.

Adjustments

Microsoft Visual C++:
Change:
int main()
to:
int WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nShow)

For UNICODE, use:
int wWinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPWSTR lpCmdLine, int nShow)

Create project under Win32 Project or change the SubSystem setting to Windows (/SUBSYSTEM:WINDOWS) under Properties -> Linker -> System.

GCC/G++:
Build using the -mwindows flag. The above steps are optional.

If visibility is desired, use:

#include <cstdio>

...

AllocConsole();
AttachConsole(GetCurrentProcessId());
freopen("CON", "w", stdout);

...

FreeConsole();

when I use teamviewer to connect to my remote computer ,and I run windows keylogger on both side.

remote side logged wrong keys:

when I use shift to input
QAZWSX@20153333
remote logged:
azwsx220153333
local logged:
[SHIFT][SHIFT][SHIFT][SHIFT][SHIFT][SHIFT]qazwsx220153333

when I use capslock to input
QAZWX@2015_6XXX
remote logged:
[SHIFT][SHIFT]q[SHIFT][SHIFT]a[SHIFT][SHIFT]z[SHIFT][SHIFT]w[SHIFT][SHIFT]x[SHIFT]22015[SHIFT]-6[SHIFT][SHIFT]x[SHIFT][SHIFT]x[SHIFT][SHIFT]x
local logged:
[CAPSLOCK]QAZWX[SHIFT]22015[SHIFT]-6XXX

the main problem is: we can't identify the char is upper case or low case.

a real case I encountered:

abc2015[shift]-6QWER logged, but the true keys are abc2015_6qwer

I compiled on Linux system using mingw64 g++.
compilation was successful but on testing got an error
PFA

Use a preprocessor directive https://msdn.microsoft.com/en-us/library/2a1b21sf.aspx . Then you can build with -DVISIBLE or -DINVISIBLE. You could create a simple makefile to build both the visible and invisible versions every time you build.

these is a scene:

the user don't input password by keyboard , but copy password from somewhere he stored.

Describe the bug
After running sudo make startup and restarting I do not see any logged input on /var/log/keystroke.log and I do not see the task on my activity monitor.

To Reproduce
Steps to reproduce the behavior:

1. follow the installation process on macos catalina.
2. restart the computer

Hi there,

Thanks a lot of for this keylogger! It was very simple to get started, which I appreciate.

I'm not sure of the feasibility of this feature, but it would be great if I could have the keylogger log a command (i.e. [shift], [left-cmd], etc.) when I press it down ONLY.

Currently (on mac) it seems the default setup also collects the release as its own action - see this video as an example.

Separately, does anyone know any (free) tools others have used to analyze the keystroke data from this tool? I am making one here - WIP.

I tried to compile the code on:

• Visual Studio Enterprise 2015 version 14.0.24720.00 Update 1
• Windows 10

I get the following errors:
`Error C4996 'strcpy': This function or variable may be unsafe. Consider using strcpy_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details. DataProtection c:\Users\yneja\Desktop\Keylogger\windows\klog_main.cpp 79

Error C4996 'fopen': This function or variable may be unsafe. Consider using fopen_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details. DataProtection c:\Users\yneja\Desktop\Keylogger\windows\klog_main.cpp 69

Error C4996 'localtime': This function or variable may be unsafe. Consider using localtime_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details. DataProtection c:\Users\yneja\Desktop\Keylogger\windows\klog_main.cpp 83`

I got around it by _CRT_SECURE_NO_WARNINGS, but maybe they should be switched to safer versions.

Feature request for the binary to encrypt output for security and can be later decrypted with assigned key or passphrase.

The lowercase and uppercase detection and uppercase is buggy. Most of the time lowercase is recorded as uppercase in the log file.

By default it tries to create the log file in some weird directory that doesn't exist on my PC. Maybe it should use home directory instead?

In MacBook (Late 2013) model, the log file shows only the special keys like CTRL, Shift, etc.
It does not log or not even detects the other alphanumeric keys.

Hi all,

Everything is on the title, but just to make sure I made myself clear about the issue :

Example :
What's typing on keyboard : abcdefghijklmnopqrstuvwxyz
What's actually rendered on log file : qbcdefghijkl;noparstuvzxywgithu

I'll try to figure it out next week.

Greeted with mentioned error whenever I try to run the script execution command - python keylogger.py

Am I doing something obvious wrong here or why do I not see any mouse input in my output.log?
I quickly cracked together this diff that adds mouse events to the log. But the majority of the code was already there so I wonder what happend here.

diff --git a/linux/keylogger/keylogger.py b/linux/keylogger/keylogger.py
index 941acc2..e92a7f0 100644
--- a/linux/keylogger/keylogger.py
+++ b/linux/keylogger/keylogger.py
@@ -36,17 +36,24 @@ def main():
 
     cancel_key = args.cancel_key[0] if args.cancel_key else  '`'
 
     def OnKeyPress(event):
         with open(log_file, 'a') as f:
-            f.write('{}\n'.format(event.Key))
+            if hasattr(event, 'Key'):
+                f.write('{}\n'.format(event.Key))
+            else:
+                f.write('{} {}\n'.format(event.MessageName, event.Position))
 
-        if event.Ascii == cancel_key:
+        if hasattr(event, 'Ascii') and event.Ascii == cancel_key:
             new_hook.cancel()
 
     new_hook = pyxhook.HookManager()
     new_hook.KeyDown = OnKeyPress
     new_hook.HookKeyboard()
 
+    new_hook.MouseAllButtonsDown = OnKeyPress
+    new_hook.HookMouse()
+
     try:
         new_hook.start()
     except KeyboardInterrupt:

Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-install-M6KUPY/keylogger/

Any help?

It seems that the klog_main.cpp need to include <stdio.h> head file. because the fprintf function.

I used codeblocks IDE to compile the source code.