Articles

Metasploit Framework Windows Tutorial
Remote Desktop Connection
Windows Processes That May Be Dangerous
How-To use NetCat a Tutorial
Common Linux Commands
Common Ports
Netcat Commands
HTTP Response Codes
War-Google Hack Terms
Wardriving
Avoiding Social Engineering and Phishing Attacks
Intrusion Detection on Linux
Linux Intrusion Detection
Penetration Testing Guide
Penetration Testing Tools
Social Engineering Fundamentals, Part I: Hacker Tactics
Social engineering (computer security)
The Psychology of Social Engineering

The Archives

General GSO
GovernmentSecurity.org News & Suggestions
In The News
Open Topic
General Security Information
Trash Can
Exploit & Vulnerability Mailing List Archives
Trial Member Forum
Product and Program Reviews GSO Tutorials
System Security
Windows Systems
Beginners Section
Linux & Unix Systems
File Downloads
Exploit Research & Discussion Trojan & Virus Errata
Networking Security / Firewall / IDS / VPN / Routers
System Hardening
E-Mail Security
Wifi Security
Trial Member Uploads
Upload discovered Trojans & Mal ware
GSO Programming Section
C , C++ , VC++
Visual Basic.NET
Perl /CGI
Java/Javascript
PHP/XML/ASP/HTML
Assembly + Other
The Cork Board
Network Security Consultant Directory
Network Security Jobs
The Archives
Encryption Information
General Network Security
Internet Anonymity
HTTP Protocol Security
Linux Security
MS IIS Information
Exploit Articles
Programming / Tool Design
GSO Software Projects
Public Downloads
Microsoft Security Questions and Papers
Help - Search - Member List - Calendar
GovernmentSecurity.org > System Security > Trojan & Virus Errata
no_face_king
Aug 8 2005, 07:53 PM
i used c language for written one keylogger and in that i use this function:
while(1){
some code...
}
and this function cuse my cpu usage %100
i found one way to avoiding it is using keyhook but we can hook when we load one dll and i want write keylogger whitout loading any dll
anybody can help me?
tibbar
Aug 8 2005, 08:18 PM
put Sleep(10) inside the loop
n.n.p
Aug 9 2005, 03:35 PM
Let my guess, your using GetAsyncKeys() (or something similar?)

You should look into WH_KEYBOARD_LL hooks

Here http://msdn.microsoft.com/library/default....eyboardproc.asp

would be a good place to start.

If you have any other questions ask, im just finishing up one i've written using a DLL. MSDN will be your best friend.
no_face_king
Aug 14 2005, 08:14 PM
sleep(10) is good idea i should test it.
and my friend i know about hooking when we want load a dll but i don't want load any dll
just one exe file.
mmm very nice i have another question for my virus in c
my virus can find all *.exe in system directory with this function GetSystemDirectory and findfirstfile and findnextfile but it need find all of exe files on the hard drives...
i have one idea my virus can use this function system("dir /A:D /B >13.txt");
and then fread 13.txt to a string then use another system function to go to directory but i need new idea maybe with api can you help me?
mr-rodgers
Aug 15 2005, 06:28 AM
the windows api has functions for checking drive letters - i used to encounter this a lot when i was into cracking copyright protection on cds etc.

i believe that there are two functions, one for enumerating all drive letters, and one for checking what type of drive they are (i.e. cd, hdd, floppy, etc).

i cant recall the exact names of the functions but you could soon find out using google and the msdn library. try GetLogicalDriveStrings and GetDriveType.

regards,
suma
no_face_king
Aug 15 2005, 08:37 PM
dear i need find all *.exe files on hard drives for infecting
but do you think this api can help me?
mr-rodgers
Aug 15 2005, 09:52 PM
QUOTE(no_face_king @ Aug 15 2005, 08:37 PM)
dear i need find all *.exe files on hard drives for infecting
but do you think  this api can help me?
*



yes, use GetLogicalDriveStrings and GetDriveType to get every hard disc drive. once u have that info, use FindFirstFile and FindNextFile to search for all files on the volume. It would be a simple matter to read in the filename and check to see if it ends in exe.

Heyboy
Aug 16 2005, 05:44 PM
QUOTE(no_face_king @ Aug 14 2005, 08:14 PM)
sleep(10) is good idea i should test it.
and my friend i know about hooking when we want load a dll but i don't want load any dll
just one exe file.
*



If you ever learned enough from system hooks then you would know that JournalHook doesnt need to lay in a dll. It can be 1 .exe file.

no_face_king
Aug 16 2005, 08:12 PM
i used Sleep(1); and it worked and dears when we can use this simple way why should use api calling?
sleep(1) means sleep for 1 milisecond do you thinks users typing faster than 1 milisecond exactly no then our keylogger can log all key even sleep for 1 milisecond
thanks
i 'll check this function to finding exe files
thanks guys
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2005 Invision Power Services, Inc.