170 likes | 440 Views
Computer Security Project Key Logger. 2012/03/15. Project 1 : Windows Socket Programming Project 2 : Key Logger Project 3 : Key Logger and encrypted communication. Computer security. Project 2 : Key logger. Requirement. You need to write a key logger program Your program must
E N D
Computer Security Project Key Logger 2012/03/15
Project 1 : Windows Socket Programming • Project 2 : Key Logger • Project 3 : Key Logger and encrypted communication
Computer security Project 2 : Key logger
Requirement • You need to write a key logger program • Your program must • Hijack every keystroke • Store all characters/numbers to file C:\<Student ID>.txt • Ex. 9917001.txt
API Hooking • Change program’s control flow • Hijack original function call to your own function • Do something(change data in kernel ,backdoor) • Jump back to real function • Usage • Hide some information • Steal user data
API Hooking Function A { CALL Function B } Function A { CALL Function B } Function myfun { do something call Function B } Function B { Do something } Function B { Do something }
SetWindowsHookEx(1/2) • Install a application-defined hook to monitor system events • When system receive event • It check if any function in hook chain • Send the event to function in hook chain • You need to hook WH_KEYBOARD_LL type
SetWindowsHookEx(2/2) • Function proto type • To hook keyboard • adHook : WH_KEYBOARD_LL • lpfn : you must write your own call back function which has type LowLevelKeyboardProc HHOOK WINAPI SetWindowsHookEx( __in intidHook, __in HOOKPROC lpfn, __in HINSTANCE hMod, __in DWORD dwThreadId );
LowLevelKeyboardProc • Function that called when keystroke happened • wParam: The identifier of the keyboard message • lParam: A pointer to a KBDLLHOOKSTRUCT structure LRESULT CALLBACK LowLevelKeyboardProc( __in intnCode, __in WPARAM wParam, __in LPARAM lParam );
You need to • Upload your project to e3 • Compress as <Student ID>.zip • Ex. 9917001.zip • Include source code and report • Report must include • Explain your program • What you can do by API-Hooking • Other way to hook API • You can reference to TA’s code that log mouse movement • Deadline : 2012-05-11 23:59:59
Reference • Mouse movement logger(TA Provide) • http://bletchley.twbbs.org/comsec/hook.cpp • MSDN SetWindowsHookEx • http://msdn.microsoft.com/en-us/library/windows/desktop/ms644990(v=vs.85).aspx • MSDN LowLevelKeyboardProc • http://msdn.microsoft.com/en-us/library/windows/desktop/ms644985(v=vs.85).aspx