Writing a Harmless Keylogger in .NET

Experimenting with Low-Level Keyboard Hooks and Simulated Input

Posted by Hüseyin Sekmenoğlu on August 02, 2014 Application Security Backend Development

During a vacation, I explored the archived blog posts of Oğuzhan Yılmaz, a developer I had followed since 2008. Revisiting those old articles not only reminded me of forgotten techniques but also reignited my curiosity. As a small side project, I decided to experiment with a basic keyboard manipulation tool in .NET which mimicked the behaviour of a keylogger, though it was harmless and meant solely for educational purposes.

While browsing that blog, I came across a job posting published in December. I had spent half a day trying to find the application link. Later, I stumbled upon an article introducing a site called “Regular Expressions Resource Site” where the link was secretly embedded. I had already visited that site earlier while trying to find the solution but it had not helped me at the time.

The second feature I saw was about a project called Code4Fun. Just to have my own little contribution there, I thought I would write a simple virus for fun.

🧪 What This Tool Does

The application performs two main actions:

  • Logs keystrokes to a visible UI element

  • Alters the behavior of specific keys like E and H

For example:

  • Pressing E removes it and types A instead

  • Pressing H appends the string üseyin

To ensure this does not run in multiple instances or recursively trigger input, a control flag Working is used.

🧩 Example Implementation in VB.NET

Here is a simplified version of the key handler logic:

If Working = True Then Exit Sub
TextBox1.Text = TextBox1.Text & Key.ToString
Working = True
Try
    If Key = Keys.H Then
        My.Computer.Keyboard.SendKeys("üseyin")
    ElseIf Key = Keys.E Then
        My.Computer.Keyboard.SendKeys("{BACKSPACE}")
        My.Computer.Keyboard.SendKeys("A")
    End If
Catch ex As Exception
    ' You can log the error if needed
End Try
Working = False

🧷 Requirements and Limitations

To run this tool successfully, the following conditions must be met:

  • .NET Framework 3.5 must be installed

  • The application must be executed with administrator privileges

Because of these requirements, the tool is limited in scope and cannot function as a true background keylogger without user interaction or consent. This makes it a good candidate for testing and educational purposes only.

🔐 Final Thoughts

This project was never intended to cause harm. It served as a practical way to explore input interception and simulation within the .NET environment. Creating this kind of application highlights how easy it is to manipulate input at a low level but it also demonstrates the ethical responsibility developers have.

When experimenting with sensitive topics like this one, always remain within legal boundaries and avoid misuse. Tools like this should only be used in secure environments for learning or testing purposes.