From 2e5f315d4d52e0d4628ccf75a678c1f63380e327 Mon Sep 17 00:00:00 2001
From: Moritz <mr-tz@users.noreply.github.com>
Date: Fri, 6 Oct 2023 16:38:47 +0200
Subject: [PATCH] Create log-keystrokes-via-input-method-manager.yml

---
 .../log-keystrokes-via-input-method-manager.yml  | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 nursery/log-keystrokes-via-input-method-manager.yml

diff --git a/nursery/log-keystrokes-via-input-method-manager.yml b/nursery/log-keystrokes-via-input-method-manager.yml
new file mode 100644
index 00000000..0a266d23
--- /dev/null
+++ b/nursery/log-keystrokes-via-input-method-manager.yml
@@ -0,0 +1,16 @@
+# generated using capa explorer for IDA Pro
+rule:
+  meta:
+    name: log keystrokes via Input Method Manager
+    namespace: collection/keylog
+    authors:
+      - "@mr-tz"
+    scope: function
+  features:
+    - and:
+      - or:
+        - api: ImmGetCompositionString
+        - api: ImmGetVirtualKey
+      - optional:
+        - api: ImmGetContext
+        - api: ImmReleaseContext