Welcome to Stealth Logger online manual.
Below you will find all information required to use Stealth Logger.
| Contents : | |
|
|
|
Introduction to Stealth Logger.
What is Stealth Logger ?
The answer is simple : Stealth Logger is a program that records keystrokes received from keyboard. They are then written into a human readable file.
The program writes all keystrokes into a user-defined file. This file can also be buffered in memory. That means all keystrokes are written to the log only after this buffer is full. The size of buffer is also user-defned. Window titles are logged optionally with time stamps.
When will it start ?
By default, setup program will configure Stealth Logger to start BEFORE Windows logon promt.( This doesn't work under NT ).
Stealth Logger may be run from any directory. Also you may rename program file as you like. Note that DLL file - wsdll.dll may not be renamed. DLL must be in the same directory as ws32.exe or in Windows system directory. Stealth Logger may be configured through "sl.ini" config file. INI file must be in the same directory as executable or in 'current directory' - line that is written to log file every time Stealth Logger is starting.
( after '[ *** Started *** , date ]' message )You may simply run it from command promt or from start menu. If you want the program to start automatically you may add shortcut to Startup folder or add following string to WIN.INI file:
[windows]
load=PathToLogger\ws32.exe
( [windows] means "Windows" section of win.ini; PathToLogger is path to Stealth Logger; you may also replace "load" with "run" )
Can Windows 95 logon password be logged ?
Yes. Setup program will configure Stealth Logger to start before Windows 95 starts and BEFORE logon promt. That means that Windows 95 password and user name WILL BE RECORDED.
Using INI file
Stealth Logger INI file is optional. If Stealth Logger cannot find it it will use defaults.
1. Log file path ( eg "C:\Temp\log.out" ) File where logger will save all keystrokes and windows received. Default = C:\Temp\w32.dll. Syntax:
"logpath = [path]"2. Buffer size. If = 0 then program will record key name immidately after it is pressed. If > 0 key scancodes will be put in buffer and when it is full buffer will be written to the log file. Syntax:
"buffer = x" where x - number of keys to be remebered in buffer before saving to disk. Note: if user was typing something and buffer was for example half-full and user pressed Reset or System hung then that half of buffer will not be written to disk ! If everything is ok buffer is saved when it is full or when the next window is activated.3. Keyrepeat. If user presses ALT key for example and holds it, key repeat setting specifies how many chars will be written to a log/buffer. If set to 0, Stealth Logger will record every repeated key. If keyrepeat is 0 your log may look terrible : <ALT> <ALT> <ALT> <ALT> <ALT> <ALT> <ALT> <ALT> <ALT> <ALT> and so on. Syntax:
"keyrepeat = x" where x = number of chars.4. Windowlog. This specifies whether to record or not window titles. For example you left logger somewhere working for a week or more. When you look at the log you'll discover that it's size is really huge. That is because Window titles take a lot of HD space. But if you check your log often and then delete it you will not get it so huge. With window titles logger switched on you can understand exactly what was going on on a computer. Syntax:
"windowlog = x" where x = 0 ( Do not log ) or 1 ( Log )5. Filter. Add this value if you want Stealth Logger to write down keystrokes received only in selected windows. format of this command: "filter = window1;window2;window3;....". SL will search each of substrings ended wih ";" in opened window title, although title may be much longer than substring. If it finds a substring, like "window1", it will record it to the log and then write down all keys pressed until next window is activated. Note: in principle search is case sensitive. But if you forgot where is uppercase, write the WHOLE substring in lowercase. SL will then transform windows to lowercase and search in them.
Example : You want to log only in Telnet application. You add "filter = telnet;" or "filter = Telnet;" to SL.INI. And then you get in your log only those letters which were typed in window that contain "telnet" :
like "Telnet: 127.0.0.1"6. Saveedit. Very useful feature. When a dialog box appear it's contens ( Static and Edit boxes - these typically are text and text edit ) are dumped to a log file. Takes much space but is VERY useful when using with "filter" option. Syntax is : "saveedit = 1"
7. Crypt. Also very useful if you don't want somebody else to see your log file. Crypt value syntax can be following :
"crypt = [value]" Where [value] can be :
* empty ( or whole string is absent ) - no log crypting;
* "inverse" - This does not crypt log also. This only inverts characters and makes text unreadable. This is the most recommended option because it is 100% safe.
* [CryptedPassword] ( Any string except above ) - Using SL with this value in INI will crypt your log file. Do not write your password in plaintext here ! [CryptedPassword] value is unique string generated by LogViewer and is actually your encrypted password. You do need even to know all this. All should have done automatically. Run LogViewer utility and use it to crypt/uncrypt log.BE CAREFUL with crypted logs. You may not write logs encrypted with different passwords to one file ! And you may only delete crypted log file to clean it while SL is resident. You may not edit it ! This may get your log corrupted and undecryptable or only half decryptable.
NOTE : every string in ini file must be : X = Y. You must put spaces after and before '=' sign. If you dont the program will not read settings correctly !
Log file is NOT crypted. It is written in human-readable format. So everybody can read it. Hide your log somewhere where nobody can find it, give it extensions like .dll or .exe ( of cource don't run such files ).
How fast Stealth Logger works ?
That depends on computer you are using and buffer length of Stealth Logger. On slow machines with little RAM you may see or hear disk activity after each keypress. If you set buffer length = 30 you will not see anything even on 386. NT is a little bit slower with Stealth Logger. But it accesses hard disk a lot even if system is idle so you also should not see anything.
REALLY stealth ! There is no window, it is not visible in taskbar. It doesn't appear even in Task Manager ( under Windows 95 only ) So nothing can tell you that the system is being monitored.
What will Stealth Logger log and what not ?
Stealth Logger will log EVERYTHING except what was typed in DOS applications under Win95 or NT. There may be programs that have protection against keyloggers also.
If you are using different from English language, Stealth Logger should ask keyboard driver to 'translate' such keystroke. For example : I am typing in Russian.
When I press English letter 'A', system prints on the screen another Cyrillic letter mapped to A. keylogger "translates" such letter and logs it translated !
Hacking or breaking into other computers is ILLEGAL !!! This software is designed for use by system administrators or computer owners.
Author is NOT responsible for any misuse or damage caused by this software. Final user takes all responsibility of using this software.
You may forget that it is in memory and get your own password logged. BE CAREFUL
Do not run multiple copies of Stealth Logger (latest versions do not allow this) . That will get your log unreadable.
No, you do not. Setup program will do everything for you. Stealth Logger MUST start at next boot. You may see whether it is in memory by running LogViewer utility.
That means that SL does not find its ini. The best place to keep this sl.ini is directory that is written to the log after "*** started ***" message and before User string. Example : --------------------------------------------------------------------
*** Started *** , 10:14:53 07/06
--------------------------------------------------------------------
[C:\: 10:14:53 07/06] <-- Here is it
[Program Manager: 10:14:57 07/06]
<alt> <alt>
With current configuration as above "sl.ini" must be in "C:\" root. That is because program starts before windows logon.
If you have any problems using Stealth Logger, please visit Stealth Logger FAQ at
For latest updates visit Stealth Logger Official homepage at http://ssoft.virtualave.net
Feel free to mail me