Saturday, September 29, 2012

KeyLogging through DLL Injection[The Simplest Way]

Keystroke logging is the action of tracking (or logging) the keys struck on a keyboard.Malwares often use dll injection technique to do malicious activity on a system. Few days back to demonstrate the process of how malwares can inject malicious dll to an existing process to do malicious activity on a system,I have coded a very simple dll which simply logs keystrokes after getting injected into a remote process. Here I am sharing the simplest part.

Please remember this information is for Educational Purpose only and should not be used for malicious purpose.I will not assume any liability or responsibility to any person or entity with respect to loss or damages incurred from information contained in this article.

Generally a keylogger for Win32 platform uses the SetWindowsHookEx API. Here I will also use the same technique to log keystrokes.

The Dll Code is written in C:

After successful injection to any arbitrarily chosen remote process the dll will log all keystrokes to "log.txt" file in the same directory.

Generally I use this python script to quickly inject any dlls to any process. I have added few line in this script for current purpose. Now this script will inject dll to target process and execute the function called "startlog()" which resides in the newly injected dll to start key logging. This script uses python ctype library. So make sure you have it installed with your python installation to make this script work.