The trouble is:
I wrote a keylogger and i need to write in my log file not only chars pressed but a function keys and so on. For example , , etc.
My Dll is only sending wParam after keyboard hook (course, I'm checking bit 30 and 31 :)).
Now, in my programm in data section I'm creating an array to determine key value like that:
...
k11 db "",0
k12 db "",0
...
keyarr dd 0,0,0,0,0,0,0,0,k08,0,0,0,0,0,0,0 ;00
dd 0,k11,k12,k13,k14,0,0,0,0,0,0,k1B,0,0,0,0 ;01
...
In Win9x everything works fine, but in Win2k theese key names like "",0 are filled with some garbage. :(
Any help appreciated.
Posted on 2002-02-08 02:05:31 by masquer
You are getting messed up strings because you are obtaining incorrect pointers to your string, i think you have probably devised some very hackish scheme to work out which string to print, and the hack isn't working. Without seeing your actual code, it is impossible to say what exactly is wrong.

Instead of the scheme you have, why don't you maintain an array of pointers to your NULL terminated strings, and use the ascii code you get as an index into that array?
Posted on 2002-02-08 02:48:42 by sluggy

Instead of the scheme you have, why don't you maintain an array of pointers to your NULL terminated strings, and use the ascii code you get as an index into that array?


Thats what I do:
As you can see keyarr is an array of pointers to NULL terminating string. I do the following:

;al - is wParam
movzx ebx, al
shl ebx, 2
mov edi,
or edi, edi
jz @@not_a_function_key ;
After that edi is pointed on the start of desired NULL terminating string, then calculate string length and save the string

I repeat, under Win9x everythings work OK, but under Win2k I can't even trace the moment of erasing my data (under SoftICE bpm not worked).
Posted on 2002-02-08 05:08:45 by masquer
hm my guess is you forget to preserve your registers...
ebx, edi and esi MUST preserved in callback functions...
win9x may run your code but nt and above will definitively
not! use the "PROC _bla USES EBX EDI ESI" notation or
just don't use those regs...

movzx eax, ??? ;<- wParam value
or dword ptr , 0
jz @@not_a_function_key
Posted on 2002-02-08 05:32:46 by mob
Thanks, maybe thats the point. I'll certainly check it write now.
I faced whith register preserving, when writing dll to work with VB program and for testing inside VB IDE. It was really fun, but I do it. :)
Posted on 2002-02-08 05:49:50 by masquer
YES, problem is solved. It is about register preserving (esi and edi for me).
Thanks for everybody :grin: :grin: :grin:
Posted on 2002-02-08 07:16:11 by masquer
keylogger, pfffffft. Take your trojan somewhere else.
Posted on 2002-02-08 12:42:20 by f0dder
1. It is not a trojan.
2. I don't asking YOUR comments about my programm
Even if it is a trojan or a virus, just try to respect soneone's work insted of screaming.
BTW if you sending someone to somewere, dont you think than someone can send you too. Anyway I dont want to sink to your level.
"Thanks" for YOUR attention (2 fodder) and my best wishes to mob and sluggy, who really help me
Posted on 2002-02-09 03:36:18 by masquer

Even if it is a trojan or a virus, just try to respect soneone's work

Respect trojans or virii? Don't get me started here... suffice to say
the board is NOT for pathetic virus/trojan wankers. And if I find out
that you're one of these evildoers... well, suffice to say you wouldn't
want to meet me in person then.

If your program isn't a trojan, fine fine. I might have misjudged you,
after all I am only human. It's just that I haven't yet seen any use
for keylogging outside trojans / snooping on employees.
Posted on 2002-02-09 09:53:02 by f0dder
I am sorry if it looks like a flame, but you start it. :)

I'm just try to describe my attitude to virus/etc.
I am start to learn assembly language because of virus. First time the word "virus" was very awful for me, but starting to learn asm, virus technique, programming at all, i'm understand than he is not so black as he is painted.

I'm not demand to respect viruses, it is personal business, but IMHO, some algos/technique/concepts are merit to be respected. That's why I'm using the word "respect". It is not concerning script language viruses. :-[

Though my level let me possibility to write this type of programm, so to say, I'd rather drink beer.

BTW, all definition of term "virus" I ever heard, easily may correspond to Windows

Now, I repeat - it is not a trojan/virii/etc, it is just for educational purpouses, so, if you deside to rehabilitate me :), I think we can close this thread.
Posted on 2002-02-09 11:38:02 by masquer
Besides a trojan or a program with educational purposes, a keylogger is useful for good things. You can use to detect if someone is tring to break some password of yours in your computer (specially if you are system administrator or something like that), to control that people do not go to bad sites (when the program detects you wrote some bad address it displays a message such as Hey, if you go to this site again an email will be sent to the system administrator among other good things that can help you control your system.
Posted on 2002-02-09 12:36:06 by CodeLover
Password breaking done by entering chars? Get real. Blocking sites
by monitoring keyboard input? Get real. Try thinking of one useful
and legal use for keylogging... I dare you. I can't think of anything
except monitoring employees... which might not even be legal.
And it would be easier to just watch their internet activity (through
for example a proxy server), and/or filter their email.
Posted on 2002-02-10 15:43:17 by f0dder
masquer,

Just exercise some caution here, f0dder is one of our moderators and he is acting correctly in objecting to the type of posting you have made. When he has warned you to keep this type of code and request out of here, take notice of it or it will be removed very quickly.

Regards,

hutch@movsd.com
Posted on 2002-02-10 15:56:03 by hutch--
Oh, god, I'm tired to repeat, it is NOT A TROJAN, it is ONLY for my personal educational purpose!!!
I dont want to enumerate the cases of using interception of keystrokes (see MSDN for example). So accuse me of writing trojan is like accuse of murder, if you have knife in your hand.

BTW, is this correct to say

... you wouldn't want to meet me in person then.

Is this a demonstration of mutual respect? I dont think so
Posted on 2002-02-10 23:36:07 by masquer
masquer,

One more posting like this and this topic goes to the scrap heap. One of our moderators has warned you about making reference to virus/trojan techniques and you have openly posted support for these techniques which is not allowed in the rules that the forum has.

Feel free to post technical question here as long as they are legal but leave the rest behind.

Regards,

hutch@movsd.com
Posted on 2002-02-11 00:26:43 by hutch--