Results 1 to 3 of 3

Thread: Hex Editing binary for KeyLogger

  1. #1

    Lightbulb Hex Editing binary for KeyLogger

    I've been hexing a vb6 program for the past hour and can't find what I need found. I'm using Hex Workshop Hex Editor and I'm trying to find a pws/keylogger entry in a 10mb. executable with no search strings in mind..... because I don't keylog. {-_-} Anyhow, I was wondering if anyone knew of some search strings to try so I can track down this guy and maybe disable him so I can use the program without having to worry about it pws'ing. I tried quite a few query's but had no luck. I am 100% positive that it's there and I'm 100% sure that it uses an ICQ UIN as the interceptor of the passwords to be forwarded to. I did some google searches, found some src sort of like this and tried to plug some strings in there but still had no luck. Any suggestions on some hex or ascii strings to search for ? I've actually seen this pws/keylogging function extracted before and pasted in a chatroom to expose the author of the program after it'd been found through a hex, so I know it without a doubt is there. So far I've tried "uin", "rcpt" and many others all leading no where. I tried all of these in lowercase and uppercase strings -- hex and ascii. If anyone knows some stuff to try, I'd be more than glad to try them. Thanks.


  2. #2
    Senior Member
    Join Date
    Mar 2002
    'Hexing' a 10 mb file is not going to do you any good. You would be best off setting up a packet sniffer such as this one and monitoring the packets one by one leaving your machine. After you have a packet sniffer enabled, stop all of your internet traffic and close everything. Then open up this keylogger program and wait for it to send something off. You can then intercept the packet it sent, and fairly easily get his UIN from there.

    I am not going to go too specific into this because you might have malicious intent, and even though this ass hole would deserve it, I still cannot condone it.

  3. #3
    Thanks a lot man......... that's actually what I ended up doing. I got frustrated and remembered that this was how the keylogger was exposed...... through the outgoing ip packet's data. I've got his UIN and everything and the data that was sent. Thanks again for your reply. {-_-}

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts