What must be done to start the keylogger automatically on a systemstart (e.g. before login in XP)
in order to start it on startup, just add a key to
your registry at
with the path to pykeylogger.exe, and add any commandline options you wish to include.
this will run pykeylogger every time computer starts up.
I can not find a pykeylogger.exe file anywhere?
read the following, about getting the exe:
to summarize, versions prior to 0.7 are available in exe format for free, but starting with 0.7 you have to make one from source yourself, or donate to this project and i will make one for you.
After the compilation of 0.7 version I have a keylogger.exe file, but this can be renamed as u like it.
I put at the same key how nonotube said, but only for the users I am interested to make backup for (let's read spy on).
What I like about this is that u can renamed as a windows critic process and u can not stop it with taskmanager. This is fun.
PS: ewido found traces of some type of worm in the keylogger.exe. I belive this is normal, right?
well, it is a keylogger, so i suppose if it is flagged as a trojan by an antispyware software, that is only to be expected.
i can assure you that i have not put anything untoward into pykeylogger, and all it does is log the keys, as it's supposed to. since you compiled yourself from source, you can be sure of that, as you could verify by reading the source. :)
Ya, I know there is no spyware, trojan or any other crap in this beautiful piece of code!
Thank u for giving us the opportunity to spy, cough cough backup our user's stuff!
I'm in trouble because the above mentioned registry entry does not work.
This key is the added one:
On startup following error message appears:
Traceback (most recent call last):
File "keylogger.pyw", line 138, in <module>
File "keylogger.pyw", line 24, in __init__
File "keylogger.pyw", line 85, in ParseConfigFile
File "configobj.pyc", line 1259, in __init__
File "configobj.pyc", line 1793, in _handle_configspec
IOError: Reading configspec failed: Config file not found: "pykeylogger.val".
Could you please tell me how to solve the problem?
apparently your regkey starts pykeylogger running in some different directory, but pykeylogger looks for the configfile in its own dir.
to solve this, you could either set up a shortcut to pykeylogger, that has the target directory set to the path to pykeylogger, or add a commandline switch to directly specify where pykeylogger.val and pykeylogger.ini are located. (see usage instructions for details on commandline options)
i tried this myself from the usage help on the website and it doesnt appear to work for me either?
is it possible to simply rename the pykeylogger.val and ini files and then reference them from the exe start command?? the folder consists of quite a few files, can I assume that all that is needed with in that folder is the .VAL .INI and .EXE to run the logger?
yes, you can rename the .val and the .ini files to anything you want, and then just put that into the command line arguments with '-c' and '-v' so the program can find them.
however, all of the other "quite a few files" that you mention are libraries and dlls that /are/ needed to run the keylogger [except for maybe the w9xpopen.exe (which is something py2exe throws in but is only used on win9x), and keylogger_debug.exe (which is only necessary to run keylogger in debug mode)]. so no, you can't just clean out all the stuff except for the .exe, .val, and .ini. (you don't have to take my word for it, try it and see if it still works. :) )
I have been testing this on Vista (I know, don't shoot me). I have the binaries in .exe because I kindly donated but when I entered the startup string in regedit I get a series of errors. With the user control setting enabled Vista just blocks the program, but when they are disabled the program loads but has a full set of errors in the config file which I have not tried to edit manually.
Any ideas what might be causing the errors? I followed the startup on boot procedure but am having no joy. I hope it can be fixed as I'm beginning to wonder if it was worth $20.
Could you post the exact text of all the error messages you see, and tell me where exactly you see them? (You say errors in config file... you mean you are seeing errors being written inside the actual .ini file?)
Also, please post the exact location and string you are using in the registry to set up the start on boot.
I don't have a vista machine to test this on, but hopefully this info will help me figure this out. :)
Well, The error was in an application box with a titlebar subject of 'error in config' I cant recall fully what it said. The main error was basically a paste of all the functions in the config file all set to 'false'.
I followed the guide of adding a string value to registry and replaced the info with my own and is as follows:
I went to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
then I created a new string value with the name of 'alt' and in the value space I typed "C:\Program Files\Alt\alt\alt.exe" -c "C:\Program Files\Alt\altpykeylogger.ini" -v "C:\Program Files\Alt\alt\pykeylogger.val"
I did not rename the .ini or the .val
However, I got annoyed with the error, so I deleted the entry and used Vista's Task Scheduler which is in All Programs > Accessories > System Tools(i think) and in there I created a basic scheduler for the keylogger to run on system startup with administrator privs. I turned off the User control settings to stop Vista moaning at me and found that this method works great! I have had no problems and it seems to be working fine now. Oh, I also added the files to AVG exceptions list too.
I hope this is of some help to someone!
well, if they were all set to false, then probably that means you mistyped the ini file name, so it couldn't find any of the values.
note also that the registry entry you posted:
"C:\Program Files\Alt\alt\alt.exe" -c "C:\Program Files\Alt\altpykeylogger.ini" -v "C:\Program Files\Alt\alt\pykeylogger.val"
contains a typo in the .ini filepath: it should have an extra backslash between "alt" and "pykeylogger.ini". probably it was some kind of similar error in your registry entry.
anyway, it's good to know that you solved the problem - thanks for sharing your solution. :)