Keystroke Logging


Application Security Testing: An Integral Part of DevOps

Key Logger

This article is about how to log keystrokes. There is an article on this topic, "Hooking the Keyboard," already on CodeGuru.

Regarding that key logger, it is a system-wide hook. But, that article is a little bit old, and says that if we need to install a system-wide hook, we have to make it in a shared DLL, but that it will divide our code into some pieces and it will be difficult to hide it in the system.

Windows 2000 onwards provides system-wide, low-level hooks. By using these hooks, we can have a system-wide hook in a single program/project. We can use this functionality to set a system-wide hook.

(int idHook, HOOKPROC lpfn, HINSTANCE hMod, DWORD dwThreadId);

idHook is the hook ID for which we want to hook. Windows supports the following hooks:

  • WH_CBT

The lpfn parameter is a function pointer to a callback function that we want to invoke after getting the event.

hMod is the handle of the current application. It is different from the window handle; it can be retrieved by calling the AfxGetInstanceHandle function of MFC.


This specifies the identifier of the thread with which the hook procedure is to be associated. If this parameter is zero, the hook procedure is associated with all existing threads running in the same desktop as the calling thread.

I am enclosing a running example for hooking the keyboard.

About the Author

Pradeep Kumar Paijwar

Working as Senior Software Engineer in India Need something, Get it here Things chang over time, Now I work on mobile devices Symbian/J2ME/Windows Mobile/BREW/Android/IPhone

  • Experise in C,C++,
  • Socket Programming.
  • Embeded Systems
  • Experience on Solaris,Linux,Windows
  • Symbian OS.

    Hands on Experience of

  • Visual Studio
  • Rational ClearCase
  • Perforce


  • Would you mind sharing the source code?

    Posted by greenhand on 04/21/2006 09:26pm

    Hello Pradeep, I am just a beginner starting to 'hook'. With a lot of references, both online and books, I still can't get SetWindowsHookEx to work as your program does. Could you share the source code?? or just a bit more tips. greenhand

  • How can execute plogit without ask me the path of a file?

    Posted by ronalquin on 08/12/2005 10:17am

    How can execute plogit without ask me the full path and filename?

  • You must have javascript enabled in order to post comments.

Leave a Comment
  • Your email address will not be published. All fields are required.

Top White Papers and Webcasts

  • As all sorts of data becomes available for storage, analysis and retrieval - so called 'Big Data' - there are potentially huge benefits, but equally huge challenges...
  • The agile organization needs knowledge to act on, quickly and effectively. Though many organizations are clamouring for "Big Data", not nearly as many know what to do with it...
  • Cloud-based integration solutions can be confusing. Adding to the confusion are the multiple ways IT departments can deliver such integration...

Most Popular Programming Stories

More for Developers

RSS Feeds

Thanks for your registration, follow us on our social networks to keep up-to-date
We have made updates to our Privacy Policy to reflect the implementation of the General Data Protection Regulation.