 |  |  |  |  |  |  |  |
Client monitoring - Keylogging problem
Please support our C# advertiser: Intel Parallel Studio Home
Thread Solved |
•
•
Join Date: Oct 2008
Posts: 52
Reputation: 
Solved Threads: 1
Junior Poster in Training
First of all, the keylogger that i am developing is not at all for offensive and destructive purposes. 
I am developing a client monitoring application in C#.NET.
Keylogging is one of the features in my application.
Though i have developed the code for the keylogger, i have not been able to implement it properly in my application.
There are two projects in my solution.
The UserInterface - for server side.
The Tracker - for client side PCs.
The keylogging module Keylogger is in the Tracker project.
I have used the helper classes for socket programming - TcpClient, TcpListener and NetworkStream to help them out.
Also, i am using asynchronous mode for communication.
Though i have attached the whole code with this post, i am posting the part of code with which i am facing the problem :
Now, the client-side code :
I am trying to explain the situation here.
To start keylogging, the server UI would send a message "StartKeyLog" to the client.
On receiving the message, the client will process it in the callback function "onDataReceived".In this function, the message is processed and the installHook() method is called, which would install the hook.
When i ran the application, the hook got installed; also, the KeyboardHookProc() callback got called properly, and the keystrokes were processed. But this was the case only till the onDataReceived callback method was alive. As soon as the that method ended, the KeyboardHookProc() stopped getting called; keys were no longer processed, as if the hook was never installed.
Another problem was that after the hook got installed, the system got considerably slow when i hit any key.
My assumption is that both the things have something to do with the threading that happens here. But, i am not able to get the exact problem.
I have tried my best to explain the situation.Still, any questions are welcome.
Could anyone provide me with the solution??
I am developing a client monitoring application in C#.NET.
Keylogging is one of the features in my application.
Though i have developed the code for the keylogger, i have not been able to implement it properly in my application.
There are two projects in my solution.
The UserInterface - for server side.
The Tracker - for client side PCs.
The keylogging module Keylogger is in the Tracker project.
I have used the helper classes for socket programming - TcpClient, TcpListener and NetworkStream to help them out.
Also, i am using asynchronous mode for communication.
Though i have attached the whole code with this post, i am posting the part of code with which i am facing the problem :
C# Syntax (Toggle Plain Text)
Now, the client-side code :
C# Syntax (Toggle Plain Text)
I am trying to explain the situation here.
To start keylogging, the server UI would send a message "StartKeyLog" to the client.
On receiving the message, the client will process it in the callback function "onDataReceived".In this function, the message is processed and the installHook() method is called, which would install the hook.
When i ran the application, the hook got installed; also, the KeyboardHookProc() callback got called properly, and the keystrokes were processed. But this was the case only till the onDataReceived callback method was alive. As soon as the that method ended, the KeyboardHookProc() stopped getting called; keys were no longer processed, as if the hook was never installed.
Another problem was that after the hook got installed, the system got considerably slow when i hit any key.
My assumption is that both the things have something to do with the threading that happens here. But, i am not able to get the exact problem.
I have tried my best to explain the situation.Still, any questions are welcome.
Could anyone provide me with the solution??
Bhoot
•
•
•
•
KeyboardHookProc() stopped getting called:
•
•
•
•
Another problem was that after the hook got installed, the system got considerably slow when i hit any key.
•
•
•
•
messageBuffer = new byte[100];
For more on MTU see:
http://en.wikipedia.org/wiki/Maximum_transmission_unit
I found an example of client-server communications with numeric commands/enums at:
See http://www.codeproject.com/KB/IP/Cha...CPSockets.aspx
I made a few "educated guesses" in my answer about the inner working of the application but it is hard to read that much code without being able to compile it easily. Let me know if I missed my mark on the functionality.
Good luck
•
•
Join Date: Oct 2008
Posts: 52
Reputation:
Solved Threads: 1
Junior Poster in Training
•
•
•
•
Originally Posted by sknake 
I cant be sure of this without you posting a sample application, but from the sound of it you are either closing the connection OR the connection variables is going out of scope and becomes breakfast for the garbage collector.
Most likely it would. From the looks of it you are hooking on the win32 keypress and sending that packet over ethernet to the listener. Imagine if every time you went to type a key your system pinged google.com to make sure you were on the internet. You should buffer the keypresses in a local cache and send them every second or two, or when the buffer gets so big. Do not do *anything* other than buffering the key in the delegate that gets the keypress information from windows.
I'm not sure why you have a size declared on your message buffer. The MTU of 99% of ethernet cards is 1492-1500 (minus ~160 bytes for the header) for so if you're trying to limit the connection to a single packet, get the frame size from PMTU discovery/MSS.
For more on MTU see:
http://en.wikipedia.org/wiki/Maximum_transmission_unit
I found an example of client-server communications with numeric commands/enums at:
See http://www.codeproject.com/KB/IP/Cha...CPSockets.aspx
I made a few "educated guesses" in my answer about the inner working of the application but it is hard to read that much code without being able to compile it easily. Let me know if I missed my mark on the functionality.
Good luck
sorry for a late reply. I was out for last 2 days.
anyways, you mentioned about some variable going out-of-scope. I have checked it out, but couldnt find one. Also, connection is not getting closed either.
Another thing you said is the processing part. No, i am doing almost exactly what you recommended, i.e., all the processing part has always been on the client-side. I have planned (though havent yet implemented) to send the data every minute or so, and not at every keystroke. For the time being, i have been writing the keystrokes to a file.
And you mentioned about MTU. Thanks, i didnt know about that. I would change to what you suggested.
Right now, i dont have a compilable and executable copy of my code at hand. I will post it tomorrow for your reference. Maybe, you could point out my mistake.
Bhoot
•
•
Join Date: Oct 2008
Posts: 52
Reputation:
Solved Threads: 1
Junior Poster in Training
ok..i am attaching the compilable and executable code of the keylogger.
The interface is too much primary, so dont get bothered by it
"Connect 1" button would connect to your own PC (the loopback IP).
So you may try it out.
Please guide me in this problem
The interface is too much primary, so dont get bothered by it
"Connect 1" button would connect to your own PC (the loopback IP).
So you may try it out.
Please guide me in this problem
Bhoot
•
•
Join Date: Oct 2008
Posts: 52
Reputation:
Solved Threads: 1
Junior Poster in Training
Could anyone help me out?? 
I am stuck at this point since last 5 days and now i am pulling my hairs off.
I am stuck at this point since last 5 days and now i am pulling my hairs off.
Bhoot
•
•
Join Date: Oct 2008
Posts: 52
Reputation:
Solved Threads: 1
Junior Poster in Training
ya..to simplify my problem i would like to add the following :
The keylogger basically works perfectly (no slowdowns and every keystroke is logged) if i install the hook in the main thread (for eg., in the constructor of the form).
However, it doesnt work at all - hook gets installed, but callback is not called even once; also it slows down for 3-4 seconds; no keystroke is logged - if i install the hook in some subordinate thread (for eg., in NetworkStream.BeginRead() or a created thread specially for keylogger).
Also, i had a messagebox in the above two subordinate thread i mentioned above. The messagebox was just after the "installHook" method (for debugging purpose). Now, if i dont hit the messagebox, then the keystrokes were logged (no slowdown too).
As soon as i hit the messagebox, it all goes the wrong way - a slowdown for 2-3 seconds, and then nothing is logged.
I have explained in as simple manner as i could. I am desperate for some guidance.
The keylogger basically works perfectly (no slowdowns and every keystroke is logged) if i install the hook in the main thread (for eg., in the constructor of the form).
However, it doesnt work at all - hook gets installed, but callback is not called even once; also it slows down for 3-4 seconds; no keystroke is logged - if i install the hook in some subordinate thread (for eg., in NetworkStream.BeginRead() or a created thread specially for keylogger).
Also, i had a messagebox in the above two subordinate thread i mentioned above. The messagebox was just after the "installHook" method (for debugging purpose). Now, if i dont hit the messagebox, then the keystrokes were logged (no slowdown too).
As soon as i hit the messagebox, it all goes the wrong way - a slowdown for 2-3 seconds, and then nothing is logged.
I have explained in as simple manner as i could. I am desperate for some guidance.
Bhoot
 |
Similar Threads
- strange signs server->client connection with select() (C++)
- Problems with Asynchronous calls between AXIS Java client and GSOAP C++ server (Java)
- Annoying outlook problem, please help. (Windows Software)
- Multiple items with the same id problem (edit-in-place) (JavaScript / DHTML / AJAX)
- Problem with socket (C++)
- problem with MATLAB loop (Legacy and Other Languages)
- Problem with Novell Client and loggin in (Novell)
- problem uploading org chart with live link to intranet (Software Development Job Offers)
- client server communication problem in CSocket program (C)
Other Threads in the C# Forum
- Previous Thread: Datasets and dbnull values
- Next Thread: Problem on Creating a Crystal Report
| Thread Tools | Search this Thread |
Latest C# Posts
- Today's Posts
- Unanswered Threads
Related Forum Features
Tag cloud for C#
.net access ado.net algorithm array barchart bitmap box broadcast buttons c# chat check checkbox class client color combobox control conversion csharp custom database datagrid datagridview dataset datetime degrees development drawing encryption enum event excel file files form format function gdi+ httpwebrequest image index input install java label list listbox listener login mandelbrot math mouseclick mysql networking object operator oracle path photoshop picturebox pixelinversion post prime programming radians regex remote remoting resource richtextbox save saving serialization server sleep socket sql statistics stream string table tcp text textbox thread time timer treeview update usercontrol validation view visualstudio webbrowser windows winforms wpf xml
