943,833 Members | Top Members by Rank

Software Development > C# > Client monitoring - Keylogging problem
Ad:
  • C# Discussion Thread
  • Marked Solved
  • Views: 1475
  • C# RSS
Permalink
May 11th, 2009
0

Client monitoring - Keylogging problem

Expand Post »
First of all, the keylogger that i am developing is not at all for offensive and destructive purposes.

I am developing a client monitoring application in C#.NET.
Keylogging is one of the features in my application.
Though i have developed the code for the keylogger, i have not been able to implement it properly in my application.

There are two projects in my solution.
The UserInterface - for server side.
The Tracker - for client side PCs.
The keylogging module Keylogger is in the Tracker project.

I have used the helper classes for socket programming - TcpClient, TcpListener and NetworkStream to help them out.

Also, i am using asynchronous mode for communication.

Though i have attached the whole code with this post, i am posting the part of code with which i am facing the problem :

C# Syntax (Toggle Plain Text)
  1. //This code resides on the server-side monitoring interface.When //the administrator hits a btnKeyLog button, a message //"StartKeyLog" is sent to the respective client, and the keylogging //is handled on the client.
  2. private void btnKeyLog_Click ( object sender, EventArgs e )
  3. {
  4. 	messageBuffer = new byte[100];
  5.  
  6. 	if ( btnKeyLog1.Text == "Start Keylogging" )
  7. 	{
  8. 		btnKeyLog1.Text = "Stop Keylogging";
  9. 		message = "StartKeyLog";
  10.  
  11. 		messageBuffer = Encoding.ASCII.GetBytes ( message );
  12. 		try
  13. 		{
  14.                 //begin writing on the stream.
  15. 		clientConnections[0].networkStream.BeginWrite (messageBuffer, 0, messageBuffer.Length, new AsyncCallback ( onDataWrite ), null );
  16. 		}
  17. 		catch ( Exception exc )
  18. 		{
  19. 			MessageBox.Show ( exc.Message + exc.StackTrace );
  20. 		}
  21. 	}
  22. 	else
  23. 	{
  24. 		btnKeyLog1.Text = "Start Keylogging";
  25. 		message = "StopKeyLog";
  26.  
  27. 		messageBuffer = Encoding.ASCII.GetBytes ( message );
  28. 		try
  29. 		{
  30. 		clientConnections[0].networkStream.BeginWrite ( messageBuffer, 0, messageBuffer.Length, new AsyncCallback ( onDataWrite ), null );
  31. 		}
  32. 		catch ( Exception exc )
  33. 		{
  34. 			MessageBox.Show ( exc.Message + exc.StackTrace );
  35. 		}
  36. 	}
  37. }


Now, the client-side code :
C# Syntax (Toggle Plain Text)
  1. //the following method is the callback method (called by //TcpListener.BeginAcceptTcpClient() )that accepts the connection //and starts reading using BeginRead() :
  2. public void onConnectionRequested ( IAsyncResult ar )
  3. {
  4. 	try
  5. 	{
  6. 	clientConnection.client = listener.EndAcceptTcpClient ( ar );
  7. 	//MessageBox.Show ( "UI connected!" );
  8.  
  9. 	messageBuffer = new byte[100];
  10. 	clientConnection.networkStream = clientConnection.client.GetStream ( );
  11. 	clientConnection.networkStream.BeginRead ( messageBuffer, 0, messageBuffer.Length, new AsyncCallback ( onDataReceived ), null );
  12. 	}
  13. 	catch ( Exception exc )
  14. 	{
  15. 		MessageBox.Show ( exc.Message + exc.StackTrace );
  16. 	}
  17. }
  18.  
  19.  
  20. // the following is the callback function that will process the data //received from the server.
  21. // temporarily, i am using a switch case structure.
  22. public void onDataReceived ( IAsyncResult ar )
  23. {
  24. 	int nBytesRead = 0;
  25. 	try
  26. 	{
  27. 		nBytesRead = clientConnection.networkStream.EndRead ( ar );
  28. 	}
  29. 	catch ( Exception exc )
  30. 	{
  31. 		MessageBox.Show ( exc.Message + exc.StackTrace );
  32. 	}
  33. 		message = Encoding.ASCII.GetString ( messageBuffer,0, nBytesRead);
  34.  
  35. 		switch (message)
  36. 		{
  37. 			case "StartKeyLog" :
  38. 				MessageBox.Show ( "Keylogger started." );
  39.                                //the following static method wraps the Win32 //implementation of SetWindowsHookEx - all given in Keylogger //module
  40. 				KeyboardHook.installHook ( );
  41.                                 //after this method is called, the hook is //actually installed; the callback function KeyboardHookProc is also //called. Here, keylogger seems to be working fine, except that the //system slows down considerably when i type keystrokes.
  42. 				break;
  43.  
  44. 			case "StopKeyLog":
  45. 				MessageBox.Show ( "Keylogger stopped." );
  46.                                // the following method releases the hook
  47. 				KeyboardHook.releaseHook ( );
  48. 				break;
  49. 		}
  50.  
  51. 		try
  52. 		{
  53. 			messageBuffer = new byte[100];
  54. 			clientConnection.networkStream.BeginRead ( messageBuffer, 0, messageBuffer.Length, new AsyncCallback ( onDataReceived ), null );
  55. 		}
  56. 		catch ( Exception exc )
  57. 		{
  58. 			MessageBox.Show ( exc.Message + exc.StackTrace );
  59. 		}
  60. 		//MessageBox.Show ( "Stop" );
  61. //as soon as this function ends, however, the callback function of //the keyboard hook stops being called; keystrokes are not //processed.
  62. //the keystrokes are caught until this function the control is in this //function. i assume that it has to do something with the thread.
  63. }

I am trying to explain the situation here.
To start keylogging, the server UI would send a message "StartKeyLog" to the client.
On receiving the message, the client will process it in the callback function "onDataReceived".In this function, the message is processed and the installHook() method is called, which would install the hook.

When i ran the application, the hook got installed; also, the KeyboardHookProc() callback got called properly, and the keystrokes were processed. But this was the case only till the onDataReceived callback method was alive. As soon as the that method ended, the KeyboardHookProc() stopped getting called; keys were no longer processed, as if the hook was never installed.

Another problem was that after the hook got installed, the system got considerably slow when i hit any key.

My assumption is that both the things have something to do with the threading that happens here. But, i am not able to get the exact problem.
I have tried my best to explain the situation.Still, any questions are welcome.
Could anyone provide me with the solution??
Attached Files
File Type: txt ClientSideTrackerForm.txt (4.1 KB, 35 views)
File Type: txt ClientSideKeylogger.txt (2.6 KB, 34 views)
File Type: txt ServerSideMainInterface.txt (3.1 KB, 26 views)
Similar Threads
Reputation Points: 10
Solved Threads: 1
Junior Poster in Training
Bhoot is offline Offline
53 posts
since Oct 2008
Permalink
May 11th, 2009
0

Re: Client monitoring - Keylogging problem

Quote ...
KeyboardHookProc() stopped getting called:
I cant be sure of this without you posting a sample application, but from the sound of it you are either closing the connection OR the connection variables is going out of scope and becomes breakfast for the garbage collector.

Quote ...
Another problem was that after the hook got installed, the system got considerably slow when i hit any key.
Most likely it would. From the looks of it you are hooking on the win32 keypress and sending that packet over ethernet to the listener. Imagine if every time you went to type a key your system pinged google.com to make sure you were on the internet. You should buffer the keypresses in a local cache and send them every second or two, or when the buffer gets so big. Do not do *anything* other than buffering the key in the delegate that gets the keypress information from windows.


Quote ...
messageBuffer = new byte[100];
I'm not sure why you have a size declared on your message buffer. The MTU of 99% of ethernet cards is 1492-1500 (minus ~160 bytes for the header) for so if you're trying to limit the connection to a single packet, get the frame size from PMTU discovery/MSS.

For more on MTU see:
http://en.wikipedia.org/wiki/Maximum_transmission_unit

I found an example of client-server communications with numeric commands/enums at:
See http://www.codeproject.com/KB/IP/Cha...CPSockets.aspx

I made a few "educated guesses" in my answer about the inner working of the application but it is hard to read that much code without being able to compile it easily. Let me know if I missed my mark on the functionality.

Good luck
Featured Poster
Reputation Points: 1749
Solved Threads: 735
Senior Poster
sknake is offline Offline
3,948 posts
since Feb 2009
Permalink
May 14th, 2009
0

Re: Client monitoring - Keylogging problem

Click to Expand / Collapse  Quote originally posted by sknake ...
I cant be sure of this without you posting a sample application, but from the sound of it you are either closing the connection OR the connection variables is going out of scope and becomes breakfast for the garbage collector.



Most likely it would. From the looks of it you are hooking on the win32 keypress and sending that packet over ethernet to the listener. Imagine if every time you went to type a key your system pinged google.com to make sure you were on the internet. You should buffer the keypresses in a local cache and send them every second or two, or when the buffer gets so big. Do not do *anything* other than buffering the key in the delegate that gets the keypress information from windows.




I'm not sure why you have a size declared on your message buffer. The MTU of 99% of ethernet cards is 1492-1500 (minus ~160 bytes for the header) for so if you're trying to limit the connection to a single packet, get the frame size from PMTU discovery/MSS.

For more on MTU see:
http://en.wikipedia.org/wiki/Maximum_transmission_unit

I found an example of client-server communications with numeric commands/enums at:
See http://www.codeproject.com/KB/IP/Cha...CPSockets.aspx

I made a few "educated guesses" in my answer about the inner working of the application but it is hard to read that much code without being able to compile it easily. Let me know if I missed my mark on the functionality.

Good luck

sorry for a late reply. I was out for last 2 days.
anyways, you mentioned about some variable going out-of-scope. I have checked it out, but couldnt find one. Also, connection is not getting closed either.

Another thing you said is the processing part. No, i am doing almost exactly what you recommended, i.e., all the processing part has always been on the client-side. I have planned (though havent yet implemented) to send the data every minute or so, and not at every keystroke. For the time being, i have been writing the keystrokes to a file.

And you mentioned about MTU. Thanks, i didnt know about that. I would change to what you suggested.

Right now, i dont have a compilable and executable copy of my code at hand. I will post it tomorrow for your reference. Maybe, you could point out my mistake.
Reputation Points: 10
Solved Threads: 1
Junior Poster in Training
Bhoot is offline Offline
53 posts
since Oct 2008
Permalink
May 15th, 2009
0

Re: Client monitoring - Keylogging problem

ok..i am attaching the compilable and executable code of the keylogger.
The interface is too much primary, so dont get bothered by it
"Connect 1" button would connect to your own PC (the loopback IP).
So you may try it out.
Please guide me in this problem
Attached Files
File Type: zip NetworkTracker.zip (108.9 KB, 47 views)
Reputation Points: 10
Solved Threads: 1
Junior Poster in Training
Bhoot is offline Offline
53 posts
since Oct 2008
Permalink
May 17th, 2009
0

Re: Client monitoring - Keylogging problem

Could anyone help me out??
I am stuck at this point since last 5 days and now i am pulling my hairs off.
Reputation Points: 10
Solved Threads: 1
Junior Poster in Training
Bhoot is offline Offline
53 posts
since Oct 2008
Permalink
May 17th, 2009
0

Re: Client monitoring - Keylogging problem

ya..to simplify my problem i would like to add the following :

The keylogger basically works perfectly (no slowdowns and every keystroke is logged) if i install the hook in the main thread (for eg., in the constructor of the form).
However, it doesnt work at all - hook gets installed, but callback is not called even once; also it slows down for 3-4 seconds; no keystroke is logged - if i install the hook in some subordinate thread (for eg., in NetworkStream.BeginRead() or a created thread specially for keylogger).
Also, i had a messagebox in the above two subordinate thread i mentioned above. The messagebox was just after the "installHook" method (for debugging purpose). Now, if i dont hit the messagebox, then the keystrokes were logged (no slowdown too).
As soon as i hit the messagebox, it all goes the wrong way - a slowdown for 2-3 seconds, and then nothing is logged.

I have explained in as simple manner as i could. I am desperate for some guidance.
Reputation Points: 10
Solved Threads: 1
Junior Poster in Training
Bhoot is offline Offline
53 posts
since Oct 2008

This thread is solved

Either the thread starter or a moderator has marked this thread as solved. You can most likely trust the responses and answers given. There is most likely no reason for any further responses to be posted here. If you have a related question, please start a new thread in this forum instead.

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Message:
Previous Thread in C# Forum Timeline: Datasets and dbnull values
Next Thread in C# Forum Timeline: Problem on Creating a Crystal Report





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC