flat assembler
Message board for the users of flat assembler.
 Home   FAQ   Search   Register 
 Profile   Log in to check your private messages   Log in 
flat assembler > Windows > How to write my keylogger onto MBR

Author
Thread Post new topic Reply to topic
luish



Joined: 26 Jan 2018
Posts: 13

How to write my keylogger onto MBR

i write a keylogger that modify IVT to intercept Int9 to retrieve keystrokes however when i try to write my keylogger in MBR i kant modify the 0:24h of int 9. why in windows MBR i dont modify the IVT?
Post 05 Feb 2018, 11:12
View user's profile Send private message Reply with quote
DimonSoft



Joined: 03 Mar 2010
Posts: 242
Location: Belarus

Re: How to write my keylogger onto MBR


luish wrote:
i write a keylogger that modify IVT to intercept Int9 to retrieve keystrokes however when i try to write my keylogger in MBR i kant modify the 0:24h of int 9. why in windows MBR i dont modify the IVT?


You have an error in your code at line 17.

Unless you target pre-Win95 versions, you will not gain much by intercepting Int9 handling.

Not to offend you, but either you try to do something really cool that you cannot explain or you don’t understand certain basic topics like the difference between real mode and protected mode, the OS loading process, stuff like that. Anyway, in order to get any decent help you need to formulate the task you’re trying to solve and (since you apparently have some code that doesn’t work) the solution you’ve chosen but have difficulties to implement.
Post 05 Feb 2018, 11:35
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 15818
Location: Misner space

It you are using a version of Windows based upon NT* then you can't override or monitor the system from real mode code in the MBR.

* 2000 and later.

Anyhow, the latest version of Windows has an inbuilt keylogger that sends all the keystrokes to MS. You can ask MS for a copy.
Post 05 Feb 2018, 11:36
View user's profile Send private message Visit poster's website Reply with quote
luish



Joined: 26 Jan 2018
Posts: 13

Why windows freeze onto MBR if i try to write at interrupt?

i already know that isn't a good idea hook int 9 however i want know why windows freeze if i try to write at 0:24h at MBR?
Post 05 Feb 2018, 11:45
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 15818
Location: Misner space

Re: Why windows freeze onto MBR if i try to write at interrupt?


luish wrote:
i already know that isn't a good idea hook int 9 however i want know why windows freeze if i try to write at 0:24h at MBR?

Because your code it buggy? Because your code writes to memory used by Windows? Because Windows is buggy? Because Windows detects something not right? Because Windows writes to memory used by your code? All of the above? Remember that Windows isn't expecting anything to be in the RAM except for its own MBR so it would just use memory as it wants to.

Without the source code for either Windows or your MBR it is going to be very hard to find out why. You could try running in a VM and using a host debugger or logger.
Post 05 Feb 2018, 11:50
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >

Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Main index   Download   Documentation   Examples   Message board
Copyright © 2004-2018, Tomasz Grysztar.
Powered by rwasa.