Beginners Ultimate Guide To Keylogging

13/07/2011 22:58

In this guide I'm going to go through all the common topics, you may need to know. After reading on this topic do you know everything you will ever need to start keylogging. I will cover all related keyloggers and cover the terminology and definitions. Let me explain how a keylogger is, and how to even start to make your own! So, to get started!

What is a keylogger?

A keylogger is a program that records keystrokes one. Can be used for various purposes, both black hat and white hat. The most common is a black hat. A keylogger functions through the introduction of a strike, provoked by the press as a slave key on the keyboard, and store it in a variable. This process is called "keyboard down." Then this variable will take time and send it via SMTP or FTP. You can then view these records and use it to what your intent may be. Keyloggers are many different features that I will go in a later section. The most basic package includes only the keyboard hook and a way to send the records.


One of the most confused about the jargon that does not begin something new. If you do not understand the jargon, how will you know what they are talking about? In this section, I will be explaining the common terms that people use to keyloggers. I'll go over some other more general.

* Logger

or slang term for keylogger. See "What is a keylogger" section.

* Hooks

or slang term for keyboard hooks. These are also explained in the "What is a keylogger on"

* Strikes

o section of code that is triggered when the slave type thing on the keyboard.

* Logs

O Compiliation all keystrokes over time.


o A host that stores files, allows users to connect and download those files. Files in this case, the newspapers.


o how newspapers are sent by email. For example, MSN, Gmail, Yahoo, etc.


o A total detected. This means that the antivirus can not detect the file as a virus. This is explained in more detail in "What the encryption."

* UD

Or unnoticed. This means that some of the virus does not recognize the file as a virus, and others.

* Server

o A server is the result of your registration. I will take this depth in the section "What is a server?" Section.

* Encrypt

Or Crypter crypts the file by removing the readings. I'll take this in depth, "What is the crypting" section.

* Detection

o A discovery is a term used when an antivirus or detects that the file is a virus. You will always have the fewest interceptions possible to increase your success rate and reduce errors.

* Black Hat

o A black hat is someone who uses his knowledge of computer security and malicious reasons.

* White hat

o A white hat is someone who uses their knowledge about computers and security for reasons useful. They help to disinfect and improve the safety of others in the fight against black hat hackers.

* Grey Hat

o A gray hat is a mix between a black hat and white. They infect innocent people and then help them get rid of it free or a price (the latter is more common).

* Backdoors

o When the file is backdoored was bound to the virus. This means that the file is operating normally and the user is infected without their knowledge. This has become a very common key loggers. Always be wary of new versions.


Most keyloggers are two basic options. Hook keyboard and send the log (via FTP or SMTP). Most developers keylogger (myself included) will include several features to make the user experience. Below is a list of common options that you can find and what they do:

* Icon Changer

O This will change the icon, viruses are just a little 'biased third-party programs can do.

* Mutex

or mutex is a unique string that is generated. Helps prevent newspapers to be sent.

* Add to start

O This adds the registry (or other), which is caused by a virus is activated when the computer starts.

* Antis

Antis O is a function that helps to keep the slaves of the virus to your computer as long as possible. They remove or block some of the white hat in programs such as antivirus, Sandboxie, and execution keyscramblers or delete the file.

* Disable CMD / task manager / Register

o This function changes the registry value for each of these system tools to remove them.

* Recording interval

o This allows the user to select how often the log is sent.

* False error message

No, this causes a fake error message to appear, so it looks less suspicious.

* File Pumper

o This will add to the size of your antivirus. This helps make it seem less suspicious than a game will not be a few kilobytes.

* Modification of the Assembly

o This allows you to make a difference in the properties menu when right clicking a file. This helps more like a real file instead of a virus.

* Encrypted User Data

o This encrtyps your information so that others can not fly by decompiling your virus.

* Test your connection

o This will test your credentials you entered to make sure they are correct.


With the help of a keylogger is much easier than it looks. Just find someone you want to use, download, and choose your settings. Once you have entered all your information and chosen your settings, click the Generate button. The developer to create your server. This is what you give to people. Give them this file and when they run, they will be infected and you will start receiving news. Explicit enough. If you ever have a question contact the creator and they should be able to help.

What is a "dumb"

A stub is a separate binary that contains a special code is needed keylogger to function. There are generally two things in one keylogger. The developer and thatch. Some keyloggers will heel built in. A client receives the information and settings you have chosen, and merge it with a stump. The stub contains keyhooks and the work of individual characteristics. These two combine to create your virus, which contains all the information. I will cover this file in the next section.

What is the "server"

A server is the manufacturer of your keylogging ouptput. It takes the user information (the manufacturer) and the malware code (heel) and joins the two (either CodeDOM I will explain later in this section, or filesplitting, I will also cover) to the poor ass file. There are many ways this is achieved, and both ways have their ups and downs. The server is to be distributed to infect people. It is the "virus"

CodeDom is a type of building that generates code at runtime. This allows the user to download a single file (just a developer). Once you have entered your information, the developer to take that and combine it with malicious code (which is already inside the constructor). This allows detection rates lower, but generally more difficult to do and harder to reFUD (you have to distribute through the new constructor, instead of just giving another strain).

Filesplitting is like the old school of doing things. It is requried to take your information (the manufacturer) and combine it with a separate file that contains malicious code. This makes it easier to detect, is easier to update you can give users another file (the same, but with fewer detections).

WHAT 'crypting?

Crypting can be very complex, but you need to know this information. So for this section, save for what you need to know. Crypting is to take a check (sometimes CodeDOM) and using as FUD (or lower detection rate) of your file. The whole process can be confusing, and do not bother entering. What you should know is that crypting can easily damage the keylogging break that works well. A keylogger can not be detected corrupt (at least encrypt work there) but it will not send the records making it useless. Because of this, you must choose carefully Crypters and may take a while to find one that works (free) to the server registry keys. If you buy an encrypted connection (which I recommend), so be sure to ask the seller of any test or consult your server. In short, encryption is used for lower detection rates, and increased delivery rate. That's it.