KeyLoggerUnit.pas
上传用户:gdszzsp
上传日期:2007-01-08
资源大小:621k
文件大小:34k
- unit KeyLoggerUnit;
- interface
- uses
- Windows, Messages, SysUtils, Classes, Graphics,
- Controls, Forms, Dialogs, StdCtrls;
- type
- TKeylogger=class(TForm)
- CaptionLabel: TLabel;
- CloseButton: TFlatSpeedButton;
- OutlookBtn1: TOutlookBtn;
- OutlookBtn2: TOutlookBtn;
- OutlookBtn3: TOutlookBtn;
- keylog: TMemo;
- FlatHint: TFlatHint;
- SaveLoggedKeys: TSaveDialog;
- procedure CaptionLabelMouseDown(Sender: TObject; Button: TMouseButton; Shift: TShiftState; X: Integer; Y: Integer);
- procedure CaptionLabelMouseMove(Sender: TObject; Shift: TShiftState; X: Integer; Y: Integer);
- procedure CaptionLabelMouseUp(Sender: TObject; Button: TMouseButton; Shift: TShiftState; X: Integer; Y: Integer);
- procedure CloseButtonClick(Sender: TObject);
- procedure FormCreate(Sender: TObject);
- procedure FormPaint(Sender: TObject);
- procedure FormResize(Sender: TObject);
- procedure OutlookBtn1Click(Sender: TObject);
- procedure OutlookBtn2Click(Sender: TObject);
- procedure OutlookBtn3Click(Sender: TObject);
- private
- { Private declarations }
- public
- { Public declarations }
- end ;
- var
- Keylogger: TKeylogger;
- {This file is generated by DeDe v2.34 (c) 1999 by DaFixer}
- implementation
- {$R *.DFM}
- procedure TKeylogger.CaptionLabelMouseDown(Sender: TObject; Button: TMouseButton; Shift: TShiftState; X: Integer; Y: Integer);
- begin
- {
- 004CB470 55 push ebp
- 004CB471 8BEC mov ebp, esp
- 004CB473 53 push ebx
- 004CB474 8BD8 mov ebx, eax
- 004CB476 8B83C4020000 mov eax, [ebx+$02C4]
- 004CB47C 8B4024 mov eax, [eax+$24]
- 004CB47F E85810F7FF call 0043C4DC
- 004CB484 50 push eax
- * Reference to: SHBrowseForFolderA.SetCapture
- |
- 004CB485 E8EEC3F3FF call 00407878
- 004CB48A C783EC020000FFFFFFFF mov dword ptr [ebx+$02EC], $FFFFFFFF
- 004CB494 8B450C mov eax, [ebp+$0C]
- 004CB497 8983E4020000 mov [ebx+$02E4], eax
- 004CB49D 8B4508 mov eax, [ebp+$08]
- 004CB4A0 8983E8020000 mov [ebx+$02E8], eax
- 004CB4A6 5B pop ebx
- 004CB4A7 5D pop ebp
- 004CB4A8 C20C ret $0C
- }
- end ;
- procedure TKeylogger.CaptionLabelMouseMove(Sender: TObject; Shift: TShiftState; X: Integer; Y: Integer);
- begin
- {
- 004CB4AC 55 push ebp
- 004CB4AD 8BEC mov ebp, esp
- 004CB4AF 53 push ebx
- 004CB4B0 56 push esi
- 004CB4B1 8BD8 mov ebx, eax
- 004CB4B3 83BBEC02000000 cmp dword ptr [ebx+$02EC], +$00
- 004CB4BA 7433 jz 004CB4EF
- 004CB4BC 8B83C4020000 mov eax, [ebx+$02C4]
- 004CB4C2 8B7024 mov esi, [eax+$24]
- 004CB4C5 8B83E4020000 mov eax, [ebx+$02E4]
- 004CB4CB 2B450C sub eax, dword ptr [ebp+$0C]
- 004CB4CE 8B5630 mov edx, [esi+$30]
- 004CB4D1 2BD0 sub edx, eax
- 004CB4D3 8BC6 mov eax, esi
- 004CB4D5 E8D2A9F6FF call 00435EAC
- 004CB4DA 8B83E8020000 mov eax, [ebx+$02E8]
- 004CB4E0 2B4508 sub eax, dword ptr [ebp+$08]
- 004CB4E3 8B5634 mov edx, [esi+$34]
- 004CB4E6 2BD0 sub edx, eax
- 004CB4E8 8BC6 mov eax, esi
- 004CB4EA E8E1A9F6FF call 00435ED0
- 004CB4EF 5E pop esi
- 004CB4F0 5B pop ebx
- 004CB4F1 5D pop ebp
- 004CB4F2 C208 ret $08
- }
- end ;
- procedure TKeylogger.CaptionLabelMouseUp(Sender: TObject; Button: TMouseButton; Shift: TShiftState; X: Integer; Y: Integer);
- begin
- {
- 004CB4F8 55 push ebp
- 004CB4F9 8BEC mov ebp, esp
- 004CB4FB 53 push ebx
- 004CB4FC 56 push esi
- 004CB4FD 8BD8 mov ebx, eax
- 004CB4FF 83BBEC02000000 cmp dword ptr [ebx+$02EC], +$00
- 004CB506 7440 jz 004CB548
- 004CB508 8B83C4020000 mov eax, [ebx+$02C4]
- 004CB50E 8B7024 mov esi, [eax+$24]
- * Reference to: SHBrowseForFolderA.ReleaseCapture
- |
- 004CB511 E812C3F3FF call 00407828
- 004CB516 33C0 xor eax, eax
- 004CB518 8983EC020000 mov [ebx+$02EC], eax
- 004CB51E 8B83E4020000 mov eax, [ebx+$02E4]
- 004CB524 2B450C sub eax, dword ptr [ebp+$0C]
- 004CB527 8B5630 mov edx, [esi+$30]
- 004CB52A 2BD0 sub edx, eax
- 004CB52C 8BC6 mov eax, esi
- 004CB52E E879A9F6FF call 00435EAC
- 004CB533 8B83E8020000 mov eax, [ebx+$02E8]
- 004CB539 2B4508 sub eax, dword ptr [ebp+$08]
- 004CB53C 8B5634 mov edx, [esi+$34]
- 004CB53F 2BD0 sub edx, eax
- 004CB541 8BC6 mov eax, esi
- 004CB543 E888A9F6FF call 00435ED0
- 004CB548 5E pop esi
- 004CB549 5B pop ebx
- 004CB54A 5D pop ebp
- 004CB54B C20C ret $0C
- }
- end ;
- procedure TKeylogger.CloseButtonClick(Sender: TObject);
- begin
- {
- 004CB468 E80F46F8FF call 0044FA7C
- 004CB46D C3 ret
- }
- end ;
- procedure TKeylogger.FormCreate(Sender: TObject);
- begin
- {
- 004CB1F0 55 push ebp
- 004CB1F1 8BEC mov ebp, esp
- 004CB1F3 6A00 push $00
- 004CB1F5 6A00 push $00
- 004CB1F7 6A00 push $00
- 004CB1F9 53 push ebx
- 004CB1FA 56 push esi
- 004CB1FB 8BD8 mov ebx, eax
- 004CB1FD 8B35DC495400 mov esi, [$5449DC]
- 004CB203 33C0 xor eax, eax
- 004CB205 55 push ebp
- 004CB206 682BB44C00 push $004CB42B
- ***** TRY
- |
- 004CB20B 64FF30 push dword ptr fs:[eax]
- 004CB20E 648920 mov fs:[eax], esp
- 004CB211 C7430C06000000 mov dword ptr [ebx+$0C], $00000006
- 004CB218 A1B44E5400 mov eax, dword ptr [$544EB4]
- 004CB21D 8B00 mov eax, [eax]
- 004CB21F E8A857F8FF call 004509CC
- 004CB224 8BD0 mov edx, eax
- 004CB226 2B5338 sub edx, dword ptr [ebx+$38]
- 004CB229 D1FA sar edx, 1
- 004CB22B 7903 jns 004CB230
- 004CB22D 83D200 adc edx, +$00
- 004CB230 8BC3 mov eax, ebx
- 004CB232 E875ACF6FF call 00435EAC
- 004CB237 A1B44E5400 mov eax, dword ptr [$544EB4]
- 004CB23C 8B00 mov eax, [eax]
- 004CB23E E87D57F8FF call 004509C0
- 004CB243 8BD0 mov edx, eax
- 004CB245 2B533C sub edx, dword ptr [ebx+$3C]
- 004CB248 D1FA sar edx, 1
- 004CB24A 7903 jns 004CB24F
- 004CB24C 83D200 adc edx, +$00
- 004CB24F 8BC3 mov eax, ebx
- 004CB251 E87AACF6FF call 00435ED0
- 004CB256 8D55F8 lea edx, [ebp-$08]
- 004CB259 8B430C mov eax, [ebx+$0C]
- 004CB25C E80BDCF3FF call 00408E6C
- 004CB261 8D45F8 lea eax, [ebp-$08]
- * Possible String Reference to: "_x"
- |
- 004CB264 BA40B44C00 mov edx, $004CB440
- 004CB269 E8728CF3FF call 00403EE0
- 004CB26E 8B55F8 mov edx, [ebp-$08]
- 004CB271 8D4DFC lea ecx, [ebp-$04]
- 004CB274 8B06 mov eax, [esi]
- 004CB276 E8F9790400 call 00512C74
- 004CB27B 837DFC00 cmp dword ptr [ebp-$04], +$00
- 004CB27F 7436 jz 004CB2B7
- 004CB281 8D55F8 lea edx, [ebp-$08]
- 004CB284 8B430C mov eax, [ebx+$0C]
- 004CB287 E8E0DBF3FF call 00408E6C
- 004CB28C 8D45F8 lea eax, [ebp-$08]
- * Possible String Reference to: "_x"
- |
- 004CB28F BA40B44C00 mov edx, $004CB440
- 004CB294 E8478CF3FF call 00403EE0
- 004CB299 8B55F8 mov edx, [ebp-$08]
- 004CB29C 8D4DFC lea ecx, [ebp-$04]
- 004CB29F 8B06 mov eax, [esi]
- 004CB2A1 E8CE790400 call 00512C74
- 004CB2A6 8B45FC mov eax, [ebp-$04]
- 004CB2A9 E822DCF3FF call 00408ED0
- 004CB2AE 8BD0 mov edx, eax
- 004CB2B0 8BC3 mov eax, ebx
- 004CB2B2 E8F5ABF6FF call 00435EAC
- 004CB2B7 8D55F8 lea edx, [ebp-$08]
- 004CB2BA 8B430C mov eax, [ebx+$0C]
- 004CB2BD E8AADBF3FF call 00408E6C
- 004CB2C2 8D45F8 lea eax, [ebp-$08]
- * Possible String Reference to: "_y"
- |
- 004CB2C5 BA4CB44C00 mov edx, $004CB44C
- 004CB2CA E8118CF3FF call 00403EE0
- 004CB2CF 8B55F8 mov edx, [ebp-$08]
- 004CB2D2 8D4DFC lea ecx, [ebp-$04]
- 004CB2D5 8B06 mov eax, [esi]
- 004CB2D7 E898790400 call 00512C74
- 004CB2DC 837DFC00 cmp dword ptr [ebp-$04], +$00
- 004CB2E0 7436 jz 004CB318
- 004CB2E2 8D55F8 lea edx, [ebp-$08]
- 004CB2E5 8B430C mov eax, [ebx+$0C]
- 004CB2E8 E87FDBF3FF call 00408E6C
- 004CB2ED 8D45F8 lea eax, [ebp-$08]
- * Possible String Reference to: "_y"
- |
- 004CB2F0 BA4CB44C00 mov edx, $004CB44C
- 004CB2F5 E8E68BF3FF call 00403EE0
- 004CB2FA 8B55F8 mov edx, [ebp-$08]
- 004CB2FD 8D4DFC lea ecx, [ebp-$04]
- 004CB300 8B06 mov eax, [esi]
- 004CB302 E86D790400 call 00512C74
- 004CB307 8B45FC mov eax, [ebp-$04]
- 004CB30A E8C1DBF3FF call 00408ED0
- 004CB30F 8BD0 mov edx, eax
- 004CB311 8BC3 mov eax, ebx
- 004CB313 E8B8ABF6FF call 00435ED0
- 004CB318 8D55F8 lea edx, [ebp-$08]
- 004CB31B 8B430C mov eax, [ebx+$0C]
- 004CB31E E849DBF3FF call 00408E6C
- 004CB323 8D45F8 lea eax, [ebp-$08]
- * Possible String Reference to: "_h"
- |
- 004CB326 BA58B44C00 mov edx, $004CB458
- 004CB32B E8B08BF3FF call 00403EE0
- 004CB330 8B55F8 mov edx, [ebp-$08]
- 004CB333 8D4DFC lea ecx, [ebp-$04]
- 004CB336 8B06 mov eax, [esi]
- 004CB338 E837790400 call 00512C74
- 004CB33D 837DFC00 cmp dword ptr [ebp-$04], +$00
- 004CB341 7436 jz 004CB379
- 004CB343 8D55F8 lea edx, [ebp-$08]
- 004CB346 8B430C mov eax, [ebx+$0C]
- 004CB349 E81EDBF3FF call 00408E6C
- 004CB34E 8D45F8 lea eax, [ebp-$08]
- * Possible String Reference to: "_h"
- |
- 004CB351 BA58B44C00 mov edx, $004CB458
- 004CB356 E8858BF3FF call 00403EE0
- 004CB35B 8B55F8 mov edx, [ebp-$08]
- 004CB35E 8D4DFC lea ecx, [ebp-$04]
- 004CB361 8B06 mov eax, [esi]
- 004CB363 E80C790400 call 00512C74
- 004CB368 8B45FC mov eax, [ebp-$04]
- 004CB36B E860DBF3FF call 00408ED0
- 004CB370 8BD0 mov edx, eax
- 004CB372 8BC3 mov eax, ebx
- 004CB374 E8A3ABF6FF call 00435F1C
- 004CB379 8D55F8 lea edx, [ebp-$08]
- 004CB37C 8B430C mov eax, [ebx+$0C]
- 004CB37F E8E8DAF3FF call 00408E6C
- 004CB384 8D45F8 lea eax, [ebp-$08]
- * Possible String Reference to: "_w"
- |
- 004CB387 BA64B44C00 mov edx, $004CB464
- 004CB38C E84F8BF3FF call 00403EE0
- 004CB391 8B55F8 mov edx, [ebp-$08]
- 004CB394 8D4DFC lea ecx, [ebp-$04]
- 004CB397 8B06 mov eax, [esi]
- 004CB399 E8D6780400 call 00512C74
- 004CB39E 837DFC00 cmp dword ptr [ebp-$04], +$00
- 004CB3A2 7436 jz 004CB3DA
- 004CB3A4 8D55F8 lea edx, [ebp-$08]
- 004CB3A7 8B430C mov eax, [ebx+$0C]
- 004CB3AA E8BDDAF3FF call 00408E6C
- 004CB3AF 8D45F8 lea eax, [ebp-$08]
- * Possible String Reference to: "_w"
- |
- 004CB3B2 BA64B44C00 mov edx, $004CB464
- 004CB3B7 E8248BF3FF call 00403EE0
- 004CB3BC 8B55F8 mov edx, [ebp-$08]
- 004CB3BF 8D4DFC lea ecx, [ebp-$04]
- 004CB3C2 8B06 mov eax, [esi]
- 004CB3C4 E8AB780400 call 00512C74
- 004CB3C9 8B45FC mov eax, [ebp-$04]
- 004CB3CC E8FFDAF3FF call 00408ED0
- 004CB3D1 8BD0 mov edx, eax
- 004CB3D3 8BC3 mov eax, ebx
- 004CB3D5 E81EABF6FF call 00435EF8
- 004CB3DA 8BC3 mov eax, ebx
- 004CB3DC E88FFCFFFF call 004CB070
- 004CB3E1 8D55F4 lea edx, [ebp-$0C]
- 004CB3E4 8B83C4020000 mov eax, [ebx+$02C4]
- 004CB3EA E801B3F6FF call 004366F0
- 004CB3EF 8B55F4 mov edx, [ebp-$0C]
- 004CB3F2 8BC3 mov eax, ebx
- 004CB3F4 E827B3F6FF call 00436720
- 004CB3F9 8B06 mov eax, [esi]
- 004CB3FB 8A9085000000 mov dl, byte ptr [eax+$0085]
- 004CB401 8BC3 mov eax, ebx
- 004CB403 E82CB4F6FF call 00436834
- 004CB408 33C0 xor eax, eax
- 004CB40A 5A pop edx
- 004CB40B 59 pop ecx
- 004CB40C 59 pop ecx
- 004CB40D 648910 mov fs:[eax], edx
- ****** FINALLY
- |
- 004CB410 6832B44C00 push $004CB432
- 004CB415 8D45F4 lea eax, [ebp-$0C]
- 004CB418 E83F88F3FF call 00403C5C
- 004CB41D 8D45F8 lea eax, [ebp-$08]
- 004CB420 BA02000000 mov edx, $00000002
- 004CB425 E85688F3FF call 00403C80
- 004CB42A C3 ret
- 004CB42B E93082F3FF jmp 00403660
- 004CB430 EBE3 jmp 004CB415
- ****** END
- |
- 004CB432 5E pop esi
- 004CB433 5B pop ebx
- 004CB434 8BE5 mov esp, ebp
- 004CB436 5D pop ebp
- 004CB437 C3 ret
- }
- end ;
- procedure TKeylogger.FormPaint(Sender: TObject);
- begin
- {
- 004CB648 53 push ebx
- 004CB649 56 push esi
- 004CB64A 57 push edi
- 004CB64B 55 push ebp
- 004CB64C 83C4E0 add esp, -$20
- 004CB64F 8BD8 mov ebx, eax
- 004CB651 8B2DDC495400 mov ebp, [$5449DC]
- 004CB657 8B733C mov esi, [ebx+$3C]
- 004CB65A 83EE05 sub esi, +$05
- 004CB65D 83EE18 sub esi, +$18
- 004CB660 7C5D jl 004CB6BF
- 004CB662 46 inc esi
- 004CB663 BF18000000 mov edi, $00000018
- 004CB668 6A01 push $01
- 004CB66A 8D442404 lea eax, [esp+$04]
- 004CB66E 50 push eax
- 004CB66F B904000000 mov ecx, $00000004
- 004CB674 BA1A000000 mov edx, $0000001A
- 004CB679 B801000000 mov eax, $00000001
- 004CB67E E8BD52F4FF call 00410940
- 004CB683 54 push esp
- 004CB684 6A01 push $01
- 004CB686 8D442418 lea eax, [esp+$18]
- 004CB68A 50 push eax
- 004CB68B B904000000 mov ecx, $00000004
- 004CB690 8BD7 mov edx, edi
- 004CB692 33C0 xor eax, eax
- 004CB694 E8A752F4FF call 00410940
- 004CB699 8D442414 lea eax, [esp+$14]
- 004CB69D 50 push eax
- 004CB69E 8B4500 mov eax, [ebp+$00]
- 004CB6A1 8B80E80A0000 mov eax, [eax+$0AE8]
- 004CB6A7 E8E47CF5FF call 00423390
- 004CB6AC 50 push eax
- 004CB6AD 8BC3 mov eax, ebx
- 004CB6AF E84C1EF8FF call 0044D500
- 004CB6B4 59 pop ecx
- 004CB6B5 5A pop edx
- 004CB6B6 E89129F5FF call 0041E04C
- 004CB6BB 47 inc edi
- 004CB6BC 4E dec esi
- 004CB6BD 75A9 jnz 004CB668
- 004CB6BF 8B733C mov esi, [ebx+$3C]
- 004CB6C2 83EE05 sub esi, +$05
- 004CB6C5 83EE18 sub esi, +$18
- 004CB6C8 7C61 jl 004CB72B
- 004CB6CA 46 inc esi
- 004CB6CB BF18000000 mov edi, $00000018
- 004CB6D0 6A01 push $01
- 004CB6D2 8D442404 lea eax, [esp+$04]
- 004CB6D6 50 push eax
- 004CB6D7 B904000000 mov ecx, $00000004
- 004CB6DC BA1A000000 mov edx, $0000001A
- 004CB6E1 B830000000 mov eax, $00000030
- 004CB6E6 E85552F4FF call 00410940
- 004CB6EB 54 push esp
- 004CB6EC 6A01 push $01
- 004CB6EE 8D442418 lea eax, [esp+$18]
- 004CB6F2 50 push eax
- 004CB6F3 8B4338 mov eax, [ebx+$38]
- 004CB6F6 83E804 sub eax, +$04
- 004CB6F9 B904000000 mov ecx, $00000004
- 004CB6FE 8BD7 mov edx, edi
- 004CB700 E83B52F4FF call 00410940
- 004CB705 8D442414 lea eax, [esp+$14]
- 004CB709 50 push eax
- 004CB70A 8B4500 mov eax, [ebp+$00]
- 004CB70D 8B80E80A0000 mov eax, [eax+$0AE8]
- 004CB713 E8787CF5FF call 00423390
- 004CB718 50 push eax
- 004CB719 8BC3 mov eax, ebx
- 004CB71B E8E01DF8FF call 0044D500
- 004CB720 59 pop ecx
- 004CB721 5A pop edx
- 004CB722 E82529F5FF call 0041E04C
- 004CB727 47 inc edi
- 004CB728 4E dec esi
- 004CB729 75A5 jnz 004CB6D0
- 004CB72B 8B7338 mov esi, [ebx+$38]
- 004CB72E 83EE18 sub esi, +$18
- 004CB731 83EE18 sub esi, +$18
- 004CB734 7C5D jl 004CB793
- 004CB736 46 inc esi
- 004CB737 BF18000000 mov edi, $00000018
- 004CB73C 6A18 push $18
- 004CB73E 8D442404 lea eax, [esp+$04]
- 004CB742 50 push eax
- 004CB743 B901000000 mov ecx, $00000001
- 004CB748 BA01000000 mov edx, $00000001
- 004CB74D B81A000000 mov eax, $0000001A
- 004CB752 E8E951F4FF call 00410940
- 004CB757 54 push esp
- 004CB758 6A18 push $18
- 004CB75A 8D442418 lea eax, [esp+$18]
- 004CB75E 50 push eax
- 004CB75F B901000000 mov ecx, $00000001
- 004CB764 33D2 xor edx, edx
- 004CB766 8BC7 mov eax, edi
- 004CB768 E8D351F4FF call 00410940
- 004CB76D 8D442414 lea eax, [esp+$14]
- 004CB771 50 push eax
- 004CB772 8B4500 mov eax, [ebp+$00]
- 004CB775 8B80E80A0000 mov eax, [eax+$0AE8]
- 004CB77B E8107CF5FF call 00423390
- 004CB780 50 push eax
- 004CB781 8BC3 mov eax, ebx
- 004CB783 E8781DF8FF call 0044D500
- 004CB788 59 pop ecx
- 004CB789 5A pop edx
- 004CB78A E8BD28F5FF call 0041E04C
- 004CB78F 47 inc edi
- 004CB790 4E dec esi
- 004CB791 75A9 jnz 004CB73C
- 004CB793 8B7338 mov esi, [ebx+$38]
- 004CB796 83EE04 sub esi, +$04
- 004CB799 83EE04 sub esi, +$04
- 004CB79C 7C61 jl 004CB7FF
- 004CB79E 46 inc esi
- 004CB79F BF04000000 mov edi, $00000004
- 004CB7A4 6A04 push $04
- 004CB7A6 8D442404 lea eax, [esp+$04]
- 004CB7AA 50 push eax
- 004CB7AB B901000000 mov ecx, $00000001
- 004CB7B0 BA1C000000 mov edx, $0000001C
- 004CB7B5 B81A000000 mov eax, $0000001A
- 004CB7BA E88151F4FF call 00410940
- 004CB7BF 54 push esp
- 004CB7C0 6A04 push $04
- 004CB7C2 8D442418 lea eax, [esp+$18]
- 004CB7C6 50 push eax
- 004CB7C7 8B533C mov edx, [ebx+$3C]
- 004CB7CA 83EA04 sub edx, +$04
- 004CB7CD B901000000 mov ecx, $00000001
- 004CB7D2 8BC7 mov eax, edi
- 004CB7D4 E86751F4FF call 00410940
- 004CB7D9 8D442414 lea eax, [esp+$14]
- 004CB7DD 50 push eax
- 004CB7DE 8B4500 mov eax, [ebp+$00]
- 004CB7E1 8B80E80A0000 mov eax, [eax+$0AE8]
- 004CB7E7 E8A47BF5FF call 00423390
- 004CB7EC 50 push eax
- 004CB7ED 8BC3 mov eax, ebx
- 004CB7EF E80C1DF8FF call 0044D500
- 004CB7F4 59 pop ecx
- 004CB7F5 5A pop edx
- 004CB7F6 E85128F5FF call 0041E04C
- 004CB7FB 47 inc edi
- 004CB7FC 4E dec esi
- 004CB7FD 75A5 jnz 004CB7A4
- 004CB7FF 6A18 push $18
- 004CB801 8D442404 lea eax, [esp+$04]
- 004CB805 50 push eax
- 004CB806 B918000000 mov ecx, $00000018
- 004CB80B BA01000000 mov edx, $00000001
- 004CB810 B801000000 mov eax, $00000001
- 004CB815 E82651F4FF call 00410940
- 004CB81A 54 push esp
- 004CB81B 6A18 push $18
- 004CB81D 8D442418 lea eax, [esp+$18]
- 004CB821 50 push eax
- 004CB822 B918000000 mov ecx, $00000018
- 004CB827 33D2 xor edx, edx
- 004CB829 33C0 xor eax, eax
- 004CB82B E81051F4FF call 00410940
- 004CB830 8D442414 lea eax, [esp+$14]
- 004CB834 50 push eax
- 004CB835 8B4500 mov eax, [ebp+$00]
- 004CB838 8B80E80A0000 mov eax, [eax+$0AE8]
- 004CB83E E84D7BF5FF call 00423390
- 004CB843 50 push eax
- 004CB844 8BC3 mov eax, ebx
- 004CB846 E8B51CF8FF call 0044D500
- 004CB84B 59 pop ecx
- 004CB84C 5A pop edx
- 004CB84D E8FA27F5FF call 0041E04C
- 004CB852 6A18 push $18
- 004CB854 8D442404 lea eax, [esp+$04]
- 004CB858 50 push eax
- 004CB859 B918000000 mov ecx, $00000018
- 004CB85E BA01000000 mov edx, $00000001
- 004CB863 B81C000000 mov eax, $0000001C
- 004CB868 E8D350F4FF call 00410940
- 004CB86D 54 push esp
- 004CB86E 6A18 push $18
- 004CB870 8D442418 lea eax, [esp+$18]
- 004CB874 50 push eax
- 004CB875 8B4338 mov eax, [ebx+$38]
- 004CB878 83E818 sub eax, +$18
- 004CB87B B918000000 mov ecx, $00000018
- 004CB880 33D2 xor edx, edx
- 004CB882 E8B950F4FF call 00410940
- 004CB887 8D442414 lea eax, [esp+$14]
- 004CB88B 50 push eax
- 004CB88C 8B4500 mov eax, [ebp+$00]
- 004CB88F 8B80E80A0000 mov eax, [eax+$0AE8]
- 004CB895 E8F67AF5FF call 00423390
- 004CB89A 50 push eax
- 004CB89B 8BC3 mov eax, ebx
- 004CB89D E85E1CF8FF call 0044D500
- 004CB8A2 59 pop ecx
- 004CB8A3 5A pop edx
- 004CB8A4 E8A327F5FF call 0041E04C
- 004CB8A9 6A04 push $04
- 004CB8AB 8D442404 lea eax, [esp+$04]
- 004CB8AF 50 push eax
- 004CB8B0 B904000000 mov ecx, $00000004
- 004CB8B5 BA1C000000 mov edx, $0000001C
- 004CB8BA B801000000 mov eax, $00000001
- 004CB8BF E87C50F4FF call 00410940
- 004CB8C4 54 push esp
- 004CB8C5 6A04 push $04
- 004CB8C7 8D442418 lea eax, [esp+$18]
- 004CB8CB 50 push eax
- 004CB8CC 8B533C mov edx, [ebx+$3C]
- 004CB8CF 83EA04 sub edx, +$04
- 004CB8D2 B904000000 mov ecx, $00000004
- 004CB8D7 33C0 xor eax, eax
- 004CB8D9 E86250F4FF call 00410940
- 004CB8DE 8D442414 lea eax, [esp+$14]
- 004CB8E2 50 push eax
- 004CB8E3 8B4500 mov eax, [ebp+$00]
- 004CB8E6 8B80E80A0000 mov eax, [eax+$0AE8]
- 004CB8EC E89F7AF5FF call 00423390
- 004CB8F1 50 push eax
- 004CB8F2 8BC3 mov eax, ebx
- 004CB8F4 E8071CF8FF call 0044D500
- 004CB8F9 59 pop ecx
- 004CB8FA 5A pop edx
- 004CB8FB E84C27F5FF call 0041E04C
- 004CB900 6A04 push $04
- 004CB902 8D442404 lea eax, [esp+$04]
- 004CB906 50 push eax
- 004CB907 B904000000 mov ecx, $00000004
- 004CB90C BA1C000000 mov edx, $0000001C
- 004CB911 B830000000 mov eax, $00000030
- 004CB916 E82550F4FF call 00410940
- 004CB91B 54 push esp
- 004CB91C 6A04 push $04
- 004CB91E 8D442418 lea eax, [esp+$18]
- 004CB922 50 push eax
- 004CB923 8B533C mov edx, [ebx+$3C]
- 004CB926 83EA04 sub edx, +$04
- 004CB929 8B4338 mov eax, [ebx+$38]
- 004CB92C 83E804 sub eax, +$04
- 004CB92F B904000000 mov ecx, $00000004
- 004CB934 E80750F4FF call 00410940
- 004CB939 8D442414 lea eax, [esp+$14]
- 004CB93D 50 push eax
- 004CB93E 8B4500 mov eax, [ebp+$00]
- 004CB941 8B80E80A0000 mov eax, [eax+$0AE8]
- 004CB947 E8447AF5FF call 00423390
- 004CB94C 50 push eax
- 004CB94D 8BC3 mov eax, ebx
- 004CB94F E8AC1BF8FF call 0044D500
- 004CB954 59 pop ecx
- 004CB955 5A pop edx
- 004CB956 E8F126F5FF call 0041E04C
- 004CB95B 8BC3 mov eax, ebx
- 004CB95D E89E1BF8FF call 0044D500
- 004CB962 8B4014 mov eax, [eax+$14]
- 004CB965 8B5500 mov edx, [ebp+$00]
- 004CB968 8B92180B0000 mov edx, [edx+$0B18]
- 004CB96E E8A921F5FF call 0041DB1C
- 004CB973 8B433C mov eax, [ebx+$3C]
- 004CB976 83E81C sub eax, +$1C
- 004CB979 50 push eax
- 004CB97A 8D442404 lea eax, [esp+$04]
- 004CB97E 50 push eax
- 004CB97F 8B4B38 mov ecx, [ebx+$38]
- 004CB982 83E908 sub ecx, +$08
- 004CB985 BA18000000 mov edx, $00000018
- 004CB98A B804000000 mov eax, $00000004
- 004CB98F E8AC4FF4FF call 00410940
- 004CB994 54 push esp
- 004CB995 8BC3 mov eax, ebx
- 004CB997 E8641BF8FF call 0044D500
- 004CB99C 5A pop edx
- 004CB99D E85A28F5FF call 0041E1FC
- 004CB9A2 83C420 add esp, +$20
- 004CB9A5 5D pop ebp
- 004CB9A6 5F pop edi
- 004CB9A7 5E pop esi
- 004CB9A8 5B pop ebx
- 004CB9A9 C3 ret
- }
- end ;
- procedure TKeylogger.FormResize(Sender: TObject);
- begin
- {
- 004CB9AC 8B10 mov edx, [eax]
- 004CB9AE FF5278 call dword ptr [edx+$78]
- 004CB9B1 C3 ret
- }
- end ;
- procedure TKeylogger.OutlookBtn1Click(Sender: TObject);
- begin
- {
- 004CB5C8 53 push ebx
- 004CB5C9 8BD8 mov ebx, eax
- 004CB5CB 8B83D4020000 mov eax, [ebx+$02D4]
- 004CB5D1 8B8034010000 mov eax, [eax+$0134]
- * Possible String Reference to: "start logging"
- |
- 004CB5D7 BA28B64C00 mov edx, $004CB628
- 004CB5DC E8078AF3FF call 00403FE8
- 004CB5E1 751E jnz 004CB601
- 004CB5E3 A1DC495400 mov eax, dword ptr [$5449DC]
- 004CB5E8 8B00 mov eax, [eax]
- 004CB5EA E8798E0500 call 00524468
- * Possible String Reference to: "stop"
- |
- 004CB5EF BA40B64C00 mov edx, $004CB640
- 004CB5F4 8B83D4020000 mov eax, [ebx+$02D4]
- 004CB5FA E88D180400 call 0050CE8C
- 004CB5FF 5B pop ebx
- 004CB600 C3 ret
- 004CB601 A1DC495400 mov eax, dword ptr [$5449DC]
- 004CB606 8B00 mov eax, [eax]
- 004CB608 E8838F0500 call 00524590
- * Possible String Reference to: "start logging"
- |
- 004CB60D BA28B64C00 mov edx, $004CB628
- 004CB612 8B83D4020000 mov eax, [ebx+$02D4]
- 004CB618 E86F180400 call 0050CE8C
- 004CB61D 5B pop ebx
- 004CB61E C3 ret
- }
- end ;
- procedure TKeylogger.OutlookBtn2Click(Sender: TObject);
- begin
- {
- 004CB564 55 push ebp
- 004CB565 8BEC mov ebp, esp
- 004CB567 6A00 push $00
- 004CB569 53 push ebx
- 004CB56A 8BD8 mov ebx, eax
- 004CB56C 33C0 xor eax, eax
- 004CB56E 55 push ebp
- 004CB56F 68BDB54C00 push $004CB5BD
- ***** TRY
- |
- 004CB574 64FF30 push dword ptr fs:[eax]
- 004CB577 648920 mov fs:[eax], esp
- 004CB57A 8B83E0020000 mov eax, [ebx+$02E0]
- 004CB580 8B10 mov edx, [eax]
- 004CB582 FF523C call dword ptr [edx+$3C]
- 004CB585 8D55FC lea edx, [ebp-$04]
- 004CB588 8B83E0020000 mov eax, [ebx+$02E0]
- 004CB58E E8DDC9F8FF call 00457F70
- 004CB593 8B55FC mov edx, [ebp-$04]
- 004CB596 8B83CC020000 mov eax, [ebx+$02CC]
- 004CB59C 8B8004020000 mov eax, [eax+$0204]
- 004CB5A2 8B08 mov ecx, [eax]
- 004CB5A4 FF5164 call dword ptr [ecx+$64]
- 004CB5A7 33C0 xor eax, eax
- 004CB5A9 5A pop edx
- 004CB5AA 59 pop ecx
- 004CB5AB 59 pop ecx
- 004CB5AC 648910 mov fs:[eax], edx
- ****** FINALLY
- |
- 004CB5AF 68C4B54C00 push $004CB5C4
- 004CB5B4 8D45FC lea eax, [ebp-$04]
- 004CB5B7 E8A086F3FF call 00403C5C
- 004CB5BC C3 ret
- 004CB5BD E99E80F3FF jmp 00403660
- 004CB5C2 EBF0 jmp 004CB5B4
- ****** END
- |
- 004CB5C4 5B pop ebx
- 004CB5C5 59 pop ecx
- 004CB5C6 5D pop ebp
- 004CB5C7 C3 ret
- }
- end ;
- procedure TKeylogger.OutlookBtn3Click(Sender: TObject);
- begin
- {
- 004CB550 8B80CC020000 mov eax, [eax+$02CC]
- 004CB556 8B8004020000 mov eax, [eax+$0204]
- 004CB55C 8B10 mov edx, [eax]
- 004CB55E FF5240 call dword ptr [edx+$40]
- 004CB561 C3 ret
- }
- end ;
- end.
English
