Application Icon rawKeyLogger

Download: rawKeyLogger_v0.8_(password=cresstone).zip (97.00 KB) – 2020-01-18
Note: due to false-positive anti-virus hits, this .zip file has been encrypted, the password for all encrypted .zip files is: cresstone
( View sha256 hashes )

rawKeyLogger_v0.8 ReadMe

rawKeyLogger.exe was created to log and chart keyboard, mouse, and window events. It can be configued to log any or all of those events, and uses the raw input and accessibility event APIs to capture them on a low level. The app can log for days/weeks/months at a time, and can display and export any saved logs.

When displaying logged data, the following modes are available as tabs:
Histogram: A general activity log over time, shows a bar chart of the three event types.
Event log: A chronological list of events, shows all information each event conveyed.
'As Typed' log: Tries to capture what the user typed, and where they typed it. It is intended to be a convenient way to read or copy typed text.

Usage Notes

Requirements: Version 4 or better of the .net framework is recommended. Get it from Microsoft.

No installation; just unpack and run. A settings file and ancillary files may be created in the program folder.


After running the program, open the settings dialog and configure the logging options you want. The program displays the active log by default, but you can use the 'Display Log' drop-down to show a saved log, or to hide the display entirely to reduce resource use.

When displaying a log, each of the three display-mode tabs have can navigate the log or export their content to a text file. The 'Activity Histogram' tab is probably the quickest way to navigate the log. Left-clicking on the histogram chart will jump to that position in the 'Event Log', and right-clicking will jump to the 'As Typed' log.

In the 'Event Log', (the full list of all information about all events), the "Event Info" and "Event Details" vary based on the event type:

Finally, the program includes no way to hide or disguise its operation. It is intended as a productivity tool; not for surreptitious surveillance.

Notes on log files and size:
Whenever logging is turned on, the log file being recorded to is expanded by up to 1MB beyond its 'real' size (where the 'real' size is the size needed to hold all log events). This is done to speed up certain navigation operations. Once logging stops, the program will shrink the log, so it doesn't use any more space than necessary.

The program loads the log as a memory-mapped file. While you don't need to have enough physical RAM to hold the file, you do need the address space for it. Users on 32-bit versions of windows may encounter problems if the file grows larger than 500MB. That represents a lot of logging, so monthly log rotation will be enough to prevent any errors. Users on 64-bit systems should be able to log for years without issue.

To save space and processing the .keylog file format is binary and stores low-level information. You can easily load any binary log file into the application to retrieve a plaintext readout of key presses. Eventually I'll add a specification for the file format, but for now, briefly: The file is divided into 128 bit packets, 1 packet per event. The first 64 bits are the event payload, starting with the event type; the last 64 bits are the time in Ticks. The fact that the format aligns nicely in a hex editor is purely a coincidence. I swear.

Command Line Usage:


License Information

This software includes code or resources from the following sources:

This software is distributed as-is, without any representations or warranties of any kind.
The author of this software imposes no additional license terms or limits upon its use or redistribution.


Send to
App Website

DocumentId: b29e310d50c1000aee092422ecf46648358ea537

rawKeyLogger Screenshot
rawKeyLogger Screenshot
rawKeyLogger Screenshot