I want to intercept Russian keys in a specific application and send it something else. I don't really know the steps required to achieve it.
Is there a way to write an app in C++ that captures key presses and sends different ones to a specific program, process?
I guess I had to find the answer myself so I've duckduckgoed and found this: C++ KeyBoard hook
Seems like I have to inject a DLL in a process and call SetWindowsHookExA function that supposedly ought to intercept and transform key events that are sent to the process.
Related
Currently i'm working on a security monitoring app that continuously monitor new processes created.
For that im using wim and event watcher, witch works fine in VB.NET.
But there are 2 features that im missing.
I need to monitor process API calls, and I've been searching the web like mad, and come up empty.
Basically i need to monitor process WaitForSingleObject, LoadLibraryA, CreateProcessW and WriteProcessMemory. And registry access/changes as well.
Im hoping this can be done without a system wide hook, but form what i can find, it cannot be done via WMI.
So the question is, how to, and what can i do with managed code.
I'm gonna focus on the second point as i don't have experience on your first.
For checking if a process is signed i am using the sigcheck.exe from Mark Russinovich, because of the various methods it uses to verify files. Some are catalogsigned, some have the key embedded, there is iirc another weird method. There is no easy way to do it yourself. Had weird false detections with trying self-built methods to cover all possibilities. Hope that info helps
I wrote this code to hook API functions by changing the address in the IAT and EAT: http://pastebin.com/7d9N1J2c
This works just fine when I want to hook "recv" or "connect". However for some unknown reason when trying to hook "gethostbyname", my hook function is never called.
I tried to find "gethostbyname" in a debugger by taking the base address of the wsock32.dll module + 0x375e, which is what the ordinal 52 of my wsock32.dll is showing as offset. But that just makes me end up in some random asm code, not at the beginning of a function.
The same method however works fine for trying to find the "recv" entry point.
Does anyone see what I might be doing wrong?
I recommend this tool:
http://www.moduleanalyzer.com/
They do exactly the same and show the url that was connected with that API.
The problem is that there are more than one API to translate an url to an address. The application you are hooking may be using another version of the API that you're not intercepting.
Run some disassembler like IDA and attach to your process after you hook this functions, ida get apply changes on attaching and play process and check what is wrong.
In other way you have many libraries to do hooks with trampolines like Microsoft Detours, NCodeHook etc.
Is it possible to write a key logger in Visual Basic.NET? Is this the right language to be using?
So far, I've gotten a console app to read input and append to a file.
1)How can I make a .NET program "catch" all keyboard input?
2)How do I make a process not show up in Task Manager?
This is not for a virus, but rather a parental control program for a specific clientele. No malicious intent here.
You need to set a Keyboard Hook.
This is extremely difficult and is not possible on 64-bit editions of Windows.
If you're really doing this with consent, this shouldn't be necessary.
Here's a sample of how to write a key logger in .net. http://www.scratchprojects.com/2008/09/csharp_keylogger_p01.php
Your best bet for making it not show up in Task Manager is to make it look like something that belongs. Call it "svchost.exe". :-)
Hoepfully someone can shed some light on a problem - I am trying to listen to\intercept all windows messages generated by an application and dispose of certain types, for example Notify or Gesture messages.
I have been reading articals on how to do this using the Microsoft.WindowsCE.Forms.MessageWindow and creating a class which inherits this, overrides the WndProc method but I have been unalbe to get this start listening\watching the message queue automatically when the application starts.
I know it is possible to do this with the OpenNetCF framework and the Application2 namespace however I would prefer not to use 3rd party software at the moment - no offence to the OpenNetCF guys.
Hopefully this makes sense. Also, i am using C#2.0 and Windows Mobile 6.5.
Thanks for your help,
Morris
The solution, then, is pretty simple - all you have to do is spend your time duplicating what the Smart Device Framework code is doing.
You need to create your own message pump via P/Invokes to GetMessage, TranslateMessage and DispatchMessage (it will look just like it does in C). Use this pump instead of calling Application.Run (so there can be no calls to Application.Run in your application).
Inside that new message pump insert your filtering logic.
I'm working on a small application using C++/wxWidgets, where several parts of the GUI need to be updated based on e.g. received UDP datagrams. More specifically, a secondary thread tries to keep a list of available "clients" in the network (which may come and go away) and e.g. corresponding comboboxes in the UI need to be updated to reflect the changes.
The documentation mentions that for this kind of thing EVT_UPDATE_UI would be a good choice. As far as I can understand from the sparse documentation, this event is sent automatically by the system and provides some support for assisted UI change.
However, I'd feel more comfortable using a more direct approach, i.e. where e.g. a window object could register/subscribe to receive notifications (either events or callbacks) upon particular events and another part of the code is sending out these notifications when required. I could do this in C++ using my own code, however I guess if wxWidgets already supports something like that, I should make use of it. However I haven't found anything in that regards.
So, the question is: does wxWidgets support this kind of notification system (or similar alternatives) or would I be best served coding my own?
AFAIK there is nothing directly usable in wxWidgets, but doing it on your own seems easy.
What I would do:
Create a wxEvtHandler-descendent class to hold the list of available "clients" in the network. Let this class have a wxCriticalSection, and use a wxCriticalSectionLocker for that in all methods that add or delete "clients".
Create a worker thread class by inheriting wxThread to handle your UDP datagrams, using blocking calls. The thread should directly call methods of the client list object whenever a client has to be added or removed. In these methods update the list of clients, and ::wxPostEvent() an event to itself (this will execute the whole notification calls in the main GUI thread).
Handle the event in the client list class, and notify all listeners that the list of clients has changed. The observer pattern seems to me a good fit. You could either call a method of all registered listeners directly, or send a wxCommandEvent to them.
Have you tried calling Update() on the widget(s) that change? Once you update the contents of the combo box, call Update(), and the contents should update.