DeltaRocked Posted January 24, 2011 Posted January 24, 2011 Hello All, A few days ago I had commented on The code for this Anti-Keylogger based virtual keyboard is ; for lower-case Send("{ASC " & AscW($_Key) & "}") ;for upper case Send("{ASC " & AscW(StringUpper($_Key)) & "}")I have tested this against all the known keyloggers commercial - non-commercial and even wrote a few using different methods just to test the viability of this code.The only problem which I had faced when testing was that some of the unicode keyloggers (kernel based) logged the keystrokes as Alt 097 for 'a' . while some were pathetic even in this, anyway its not my concern .My Concern is, instead of sending keystrokes as a unicode, is there any other method available which will mask the keystrokes?RegardsDelta Rocked.
Mat Posted January 24, 2011 Posted January 24, 2011 I imagine getting the control handle and using ControlSend or (even better) ControlSetText. That way there will be no way they can log it. AutoIt Project Listing
DeltaRocked Posted January 24, 2011 Author Posted January 24, 2011 (edited) I imagine getting the control handle and using ControlSend or (even better) ControlSetText. That way there will be no way they can log it.Hi Mat,It works... now finding a way to send the keystrokes using the virtual keyboard.... cause I might end up having problems with Shift keys , Alt Key Ctrl keys... so need to segregate them and then use only the character keys.I think i have already segregated the keys ... so the task is to grab the current window (that also is integrated) and do extensive testing...regardsDelta Rocked.PS: this code has not been entirely written by me, all I am doing is modifying, so that the compiled application functions the way it should function. Edited January 24, 2011 by deltarocked
DeltaRocked Posted January 24, 2011 Author Posted January 24, 2011 (edited) Done. Tested with some of the best known keyloggers thanks Mat. expandcollapse popupGlobal $keyStroke_Array[68] = ['{SPACE}', '{ENTER}', '{ALT}', '{BS}', '{BACKSPACE}', '{DEL}', '{UP}', '{DOWN}', _ '{LEFT}', '{RIGHT}', '{HOME}', '{END}', '{ESC}', '{INS}', '{PGUP}', '{PGDN}', '{F1}', '{F2}', '{F3}', _ '{F4}', '{F5}', '{F6}', '{F7}', '{F8}', '{F9}', '{F10}', '{F11}', '{F12}', '{TAB}', '{PRINTSCREEN}', '{LWIN}', _ '{RWIN}', '{BREAK}', '{PAUSE}', '{NUMPADMULT}', '{NUMPADADD}', '{NUMPADSUB}', '{NUMPADDIV}', '{NUMPADDOT}', _ '{NUMPADENTER}', '{APPSKEY}', '{LALT}', '{RALT}', '{LCTRL}', '{RCTRL}', '{LSHIFT}', '{RSHIFT}', '{SLEEP}', _ '{NUMPAD0}', '{NUMPAD1}', '{NUMPAD2}', '{NUMPAD3}', '{NUMPAD4}', '{NUMPAD5}', '{NUMPAD6}', '{NUMPAD7}', _ '{NUMPAD8}', '{NUMPAD9}', '{ALTDOWN}', '{SHIFTDOWN}', '{CTRLDOWN}', '{ALTUP}', '{CTRLUP}', '{SHIFTUP}', '{CAPSLOCK}', _ '{INSERT}', '{DELETE}', '{Escape}'] _ArraySort($keyStroke_Array) ;;;;;;;;;;; ;;Some code... ;;;;;;;;;; Func PressButton($_Key, $_HoldNeeded) Local $ctrl $ReplacedString = StringReplace(WinGetTitle($Form1), "Virtual Keyboard v0.1 - ", "") WinActivate($ReplacedString) $ctrl = ControlGetFocus($ReplacedString) If WinActivate($ReplacedString) Then If _ArrayBinarySearch($keyStroke_Array, $_Key) <> -1 And $_Key <> "{TAB}" Then Select Case $_Key == '{SHIFTDOWN}' $shiftstatus = 1 Case $_Key == '{SHIFTUP}' $shiftstatus = 0 Case $_Key == '{CTRLDOWN}' $ctrlstatus = 1 Case $_Key == '{CTRLUP}' $ctrlstatus = 0 Case $_Key == '{ALTUP}' $altstatus = 0 Case $_Key == '{ALTDOWN}' $altstatus = 1 Case StringLower($_Key) == StringLower('{BS}') ControlFocus($ReplacedString, "", $ctrl) ControlSend($ReplacedString, "", $ctrl, "{ASC 008}") Case StringLower($_Key) == StringLower('{BACKSPACE}') ControlFocus($ReplacedString, "", $ctrl) ControlSend($ReplacedString, "", $ctrl, "{ASC 008}") Case Else Send($_Key) EndSelect Else If $shiftstatus == 1 And $CapsLockOn == False And $ctrlstatus == 0 And $altstatus == 0 And $_Key <> "{TAB}" Then ControlFocus($ReplacedString, "", $ctrl) ControlSend($ReplacedString, "", $ctrl, "{ASC " & AscW(StringUpper($_Key)) & "}") ; uppercase ElseIf $shiftstatus == 0 And $CapsLockOn == True And $ctrlstatus == 0 And $altstatus == 0 And $_Key <> "{TAB}" Then ControlFocus($ReplacedString, "", $ctrl) ControlSend($ReplacedString, "", $ctrl, "{ASC " & AscW(StringUpper($_Key)) & "}") ;uppercase ElseIf $shiftstatus == 1 And $CapsLockOn == True And $ctrlstatus == 0 And $altstatus == 0 And $_Key <> "{TAB}" Then ControlFocus($ReplacedString, "", $ctrl) ControlSend($ReplacedString, "", $ctrl, "{ASC " & AscW($_Key) & "}") ;lowercase ElseIf $shiftstatus == 0 And $CapsLockOn == False And $ctrlstatus == 0 And $altstatus == 0 And $_Key <> "{TAB}" Then ControlFocus($ReplacedString, "", $ctrl) ControlSend($ReplacedString, "", $ctrl, "{ASC " & AscW($_Key) & "}") ; lowercase ElseIf $ctrlstatus == 1 And $altstatus == 0 Then ControlFocus($ReplacedString, "", $ctrl) ControlSend($ReplacedString, "", $ctrl, '^' & $_Key) ElseIf $ctrlstatus == 0 And $altstatus == 1 Then ControlFocus($ReplacedString, "", $ctrl) ControlSend($ReplacedString, "", $ctrl, '!' & $_Key) Else ControlFocus($ReplacedString, "", $ctrl) ControlSend($ReplacedString, "", $ctrl, "{ASC 0x09}") EndIf EndIf EndIf If $_HoldNeeded = 1 Then SoundPlay("Hold.wav") Else SoundPlay("Type.wav") SoundSetWaveVolume(10);Set volume for both Hold.wav and Type.wav EndIf EndFunc ;==>PressButton Edited January 24, 2011 by deltarocked
DeltaRocked Posted January 24, 2011 Author Posted January 24, 2011 Using Spy++ reveals : <00001> 001B0338 P WM_KEYDOWN nVirtKey:'G' cRepeat:1 ScanCode:22 fExtended:0 fAltDown:0 fRepeat:0 fUp:0 <00002> 001B0338 P WM_CHAR chCharCode:'g' (103) cRepeat:1 ScanCode:22 fExtended:0 fAltDown:0 fRepeat:0 fUp:0 But on the other hand when did the same against another virtual keyboard the result was First a 0 is sent then a backspace then the WM_Char is empty. but still the character appears on the notepad. damn.... i am frustrated...
Coulihan Posted January 24, 2011 Posted January 24, 2011 Where can I get your program? I'm interested in testing it against my own keylogger.
Mat Posted January 24, 2011 Posted January 24, 2011 I don't like the way this thread is headed at the moment... It seems we are gradually slipping down to a dark subject that this forum isn't interested in. If I were you Coulihan I would be very careful. AutoIt Project Listing
Coulihan Posted January 24, 2011 Posted January 24, 2011 I don't like the way this thread is headed at the moment... It seems we are gradually slipping down to a dark subject that this forum isn't interested in. If I were you Coulihan I would be very careful.Don't worry, my own software will not be distributed or shared here in any way. As the OP was allowed to take the thread this far, I figured he would be allowed to share his program with me as well. I have no problem with it if not.
Mat Posted January 24, 2011 Posted January 24, 2011 Then why did you feel the need to mention it? You could have said: "Where can I get your program? I'm interested in testing it.". It's unneccesary as maybe you have legit reasons but the next person won't, and if you are allowed to talk about a keylogger you made, why can't he? Thats why there's a line, your toes are on the edge at the moment, step back. AutoIt Project Listing
Coulihan Posted January 24, 2011 Posted January 24, 2011 Then why did you feel the need to mention it? You could have said: "Where can I get your program? I'm interested in testing it.". It's unneccesary as maybe you have legit reasons but the next person won't, and if you are allowed to talk about a keylogger you made, why can't he? Thats why there's a line, your toes are on the edge at the moment, step back.Unnecessary nit-picking.I already said I'm not going to share anything, this should be enough. Especially since the OP started the mentioning of keyloggers in a thread that you have not reacted to thus far. It would be like telling him that he can't use the phrase "anti-keylogger" because it might arouse someone else to mention this awful word or ask him where he got any of the programs he was testing against.I hate this kind of thread-filling silly argument garbage that you have started for no good reason. Now if you feel like you need to take it out on me because you have something to prove, go right ahead. I don't care, no damage will be done for me at all.
GEOSoft Posted January 24, 2011 Posted January 24, 2011 I think the point Mat is trying to make is something along these lines. The OP was asking about an anti-keylogger. You asked for that code to test your keylogger against. If that were to happen it would enable you to modify your keylogger to overcome whatever protection he managed to put in thus in fact making your request an appeal to help make your keylogger better and therefore against the rules. George Question about decompiling code? Read the decompiling FAQ and don't bother posting the question in the forums.Be sure to read and follow the forum rules. -AKA the AutoIt Reading and Comprehension Skills test.*** The PCRE (Regular Expression) ToolKit for AutoIT - (Updated Oct 20, 2011 ver:3.0.1.13) - Please update your current version before filing any bug reports. The installer now includes both 32 and 64 bit versions. No change in version number. Visit my Blog .. currently not active but it will soon be resplendent with news and views. Also please remove any links you may have to my website. it is soon to be closed and replaced with something else. "Old age and treachery will always overcome youth and skill!"
iamtheky Posted January 24, 2011 Posted January 24, 2011 (edited) Not that I would help but by that same logic:modified quote:If that were to happen it would enable you to modify the Anti-keylogger to overcome whatever protection the Keylogger managed to put in thus in fact making your request an appeal to help make the Anti-keylogger better and therefore adheres the rules.I like the All or Nothing stance towards botting, seems the same should apply for logging. Edited January 24, 2011 by iamtheky ,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-. |(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/ (_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_) | | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) ( | | | | |)| | \ / | | | | | |)| | `--. | |) \ | | `-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_| '-' '-' (__) (__) (_) (__)
GEOSoft Posted January 24, 2011 Posted January 24, 2011 We don't have rules against anti-keyloggers as you are well aware. We do on the otherhand have ne desire to see people getting help with a keylogger as you are also well aware. George Question about decompiling code? Read the decompiling FAQ and don't bother posting the question in the forums.Be sure to read and follow the forum rules. -AKA the AutoIt Reading and Comprehension Skills test.*** The PCRE (Regular Expression) ToolKit for AutoIT - (Updated Oct 20, 2011 ver:3.0.1.13) - Please update your current version before filing any bug reports. The installer now includes both 32 and 64 bit versions. No change in version number. Visit my Blog .. currently not active but it will soon be resplendent with news and views. Also please remove any links you may have to my website. it is soon to be closed and replaced with something else. "Old age and treachery will always overcome youth and skill!"
iamtheky Posted January 24, 2011 Posted January 24, 2011 Quite, my only point being (feeling quite the antagonist today). How do you know your Anti-Keylogger code implementation works? And once you have that test, how do you make that test non-beneficial to someone developing a Keylogger? So you cant define the enemy, explain its behaviors, or attempt to mimic its attacks....but you are welcome to try and thwart it (but please do so in a manner that does not reveal anything of substance). ,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-. |(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/ (_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_) | | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) ( | | | | |)| | \ / | | | | | |)| | `--. | |) \ | | `-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_| '-' '-' (__) (__) (_) (__)
everseeker Posted January 24, 2011 Posted January 24, 2011 wait a sec... Key-loggers = Bad Anti-Key-Loggers = good Anti-Key Logger testing vs. a Keylogger = bad Do I have that right? Everseeker
Developers Jos Posted January 24, 2011 Developers Posted January 24, 2011 K folks... lets close the conversation and leave it to this... Jos SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past.
Recommended Posts