flat assembler
Message board for the users of flat assembler.
Index
> Windows > How to write my keylogger onto MBR |
Author |
|
DimonSoft 05 Feb 2018, 11:35
luish wrote: i write a keylogger that modify IVT to intercept Int9 to retrieve keystrokes however when i try to write my keylogger in MBR i kant modify the 0:24h of int 9. why in windows MBR i dont modify the IVT? You have an error in your code at line 17. Unless you target pre-Win95 versions, you will not gain much by intercepting Int9 handling. Not to offend you, but either you try to do something really cool that you cannot explain or you don’t understand certain basic topics like the difference between real mode and protected mode, the OS loading process, stuff like that. Anyway, in order to get any decent help you need to formulate the task you’re trying to solve and (since you apparently have some code that doesn’t work) the solution you’ve chosen but have difficulties to implement. |
|||
05 Feb 2018, 11:35 |
|
revolution 05 Feb 2018, 11:36
It you are using a version of Windows based upon NT* then you can't override or monitor the system from real mode code in the MBR.
* 2000 and later. Anyhow, the latest version of Windows has an inbuilt keylogger that sends all the keystrokes to MS. You can ask MS for a copy. |
|||
05 Feb 2018, 11:36 |
|
luish 05 Feb 2018, 11:45
i already know that isn't a good idea hook int 9 however i want know why windows freeze if i try to write at 0:24h at MBR?
|
|||
05 Feb 2018, 11:45 |
|
revolution 05 Feb 2018, 11:50
luish wrote: i already know that isn't a good idea hook int 9 however i want know why windows freeze if i try to write at 0:24h at MBR? Without the source code for either Windows or your MBR it is going to be very hard to find out why. You could try running in a VM and using a host debugger or logger. |
|||
05 Feb 2018, 11:50 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.