Click here to Skip to main content
11,706,979 members (50,833 online)
Click here to Skip to main content

Tagged as

SpyNet - An Application Specific Keylogger.

, 14 Nov 2008 CPOL 40.9K 3K 40
Rate this:
Please Sign up or sign in to vote.
An Application Specific Keylogger.

Introduction

The Following Article is About Using Global Hooks and Code Injection to create an Application Specific keylogger.

Background

You must know basic C++. Windows Programming, Global Hooks (for dll injection). You Must know, what's a Keylogger?

Disclaimer

Though The program is well tested i have to include this disclaimer. By Executing/Compiling The Program you agree that The author nor the site hosting this article shall not be held responsible for any damages occurred due to the this program. This Program Comes with NO WARRANTY. USE AT YOUR OWN RISK!! If this scares you, you probably shouldn't run this Program. The Author Hereby disclaims himself. This article may not be re-published elsewhere without the permission of the author.

Using the code

Download the Binaries, Extract them into the same directory. Run the DllTester.exe, Hit Load.

Warning

Your Anti-Virus will (should) Flag This Application Hostile. To Test it you'll need to disable your AV. No Autorun capability has been added so to Clean your system perform a Cold Reboot. The Application has Malware Characteristics and IS Intended to Compromise Security. The Dll is Injected into Multiple Processes and may cause the system to slow down or de-stabilize. If This Scares You should Delete The Source Code and Binaries right now.

What The Code Does?

Most keyloggers log almost all keys typed including stuff you type while playing games,writing school report,etc mostly irrelevant stuff...

SpyNet Can be Configured to Log Only "Iexplore.exe", "Firefox.exe","Opera.exe", "msdev.exe", "ypager.exe",etc so you don't need to worry about other "useless" crap people type...
Only relevant information like Every Email, Login, Chat Session, etc will be logged.

You'll need to modify bits of the code to make it full-stealth...Just a Precaution to prevent abuse...

DLL injection

The Dll injection method is based of Ivo Ivanov's Code. A Million Thanks to Him. Search This Site For it.

Working

The Dll exports 2 Functions that return Boolean. (True on Success, False on Fail)

  1. InstallHook - Creates Callwnd Hook to Inject Ourselves into other Processes
  2. UninstallHook - Stops Process Injection although The Already Injected Instances will remain.
Note : If the Original process which hooked the callwnd is terminated the injection hook is also terminated. but the Keylogger will still run.

SpyNet Main Procedure (DllMain)

  1. If Process is not in Attack List, Unload self.
  2. Establish a WH_KEYBOARD Hook
  3. Have Callback Function Log All Key's and active Window Title's.

Features

  1. SpyNet is Invisible to the Task Manager (it's dll.)
  2. Logs only "Relevant" Keystrokes.
  3. Logs Time, Current Username.

Drawbacks

  1. Does not Affect Console Programs (Because they don't have Message Queue's)

TODO

  1. "Recognise" Password Textboxes.
  2. Auto-Email/FTP Upload the Log File.
  3. Host Log File on Pseudo Http Server.

Acknowledgement

The Keylogger Code is "inspired" from 2 Sources

  1. Pranay Kanwar's Keylogger (warl0ck) (link) The Search for "Shift" Codes and Capslock...the rest is recycled code of my other keylogger.
  2. BO2K (Back Orifice 2000) (Everything you'll need to know about C++.)

Authors Notes

--

History

22 Feb 08 : Original Draft

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Share

About the Author

st0le
Other Student
India India
No Biography provided

You may also be interested in...

Comments and Discussions

 
Questionon compilation with Dev C++ it gives an error Pin
aakash.me23-Sep-13 21:22
memberaakash.me23-Sep-13 21:22 
GeneralMy vote of 5 Pin
gndnet20-Jul-12 1:24
membergndnet20-Jul-12 1:24 
Generalinjection method Pin
dekl5-Oct-09 2:21
memberdekl5-Oct-09 2:21 
GeneralRe: injection method Pin
st0le5-Oct-09 7:08
memberst0le5-Oct-09 7:08 
GeneralRe: injection method Pin
st0le5-Oct-09 7:13
memberst0le5-Oct-09 7:13 
QuestionBug? Pin
st0le22-Jul-09 21:13
memberst0le22-Jul-09 21:13 
QuestionMemory leak?? Pin
plaskey22-Jul-09 13:17
memberplaskey22-Jul-09 13:17 
AnswerRe: Memory leak?? Pin
st0le22-Jul-09 21:09
memberst0le22-Jul-09 21:09 
GeneralWM_PAINT Pin
FISH78623-Jun-09 2:44
memberFISH78623-Jun-09 2:44 
GeneralRe: WM_PAINT Pin
st0le24-Jun-09 21:26
memberst0le24-Jun-09 21:26 
GeneralRe: WM_PAINT Pin
FISH78625-Jun-09 2:07
memberFISH78625-Jun-09 2:07 
GeneralRe: WM_PAINT Pin
st0le26-Jun-09 1:10
memberst0le26-Jun-09 1:10 
GeneralRe: WM_PAINT Pin
FISH78626-Jun-09 2:20
memberFISH78626-Jun-09 2:20 
GeneralRe: WM_PAINT Pin
st0le26-Jun-09 19:05
memberst0le26-Jun-09 19:05 
Generalarticle content Pin
Harold Bamford17-Nov-08 4:50
memberHarold Bamford17-Nov-08 4:50 
GeneralRe: article content Pin
st0le17-Nov-08 19:21
memberst0le17-Nov-08 19:21 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Terms of Use | Mobile
Web01 | 2.8.150819.1 | Last Updated 15 Nov 2008
Article Copyright 2008 by st0le
Everything else Copyright © CodeProject, 1999-2015
Layout: fixed | fluid