feat: log keystrokes via rawinput (#1078)

* feat: log keystrokes via directx

* fix: williballenthin review

* move register-raw-input-devices from nursery

* use original rule name

Author: zeze-zeze

nursery/register-raw-input-devices.yml …on/keylog/register-raw-input-devices.ymlnursery/register-raw-input-devices.yml renamed to collection/keylog/register-raw-input-devices.yml nursery/register-raw-input-devices.yml renamed to collection/keylog/register-raw-input-devices.yml

@@ -1,13 +1,17 @@
-# generated using capa explorer for IDA Pro
 rule:
   meta:
     name: register raw input devices
-    namespace: host-interaction/hardware
+    namespace: collection/keylog
     authors:
+      - zeze-zeze
       - [email protected]
     scopes:
       static: basic block
       dynamic: call
+    att&ck:
+      - Collection::Input Capture::Keylogging [T1056.001]
+    examples:
+      - 52d8e95c9883cd16d7b44e3a7adc22d6.exe_
   features:
     - or:
       - api: user32.RegisterRawInputDevices