So, i'm making a little retarded keylogger for windows, everything works well so far...

So, i'm making a little retarded keylogger for windows, everything works well so far. It writes to two directories and doesn't create a window whatsoever. It uses only about ~300kb memory and totals in at about 22kb. The issue is i'm also making a program to disguise the keylogger, install it to multiple directories, have it log to multiple different directories, start them on boot, and upload the log files to an sftp server every hour and because I need it to log to multiple different directories I need to change the constant strings that determine the directories it writes to. Ive done this with hex editors but how would one go about doing this in C# ( the keylogger is in C ).

Other urls found in this thread:

blogs.technet.microsoft.com/askcore/2013/03/24/alternate-data-streams-in-ntfs/
pastebin.com/1Fa0P1CQ
expirebox.com/download/d62947c82c8b5ff923c6650d7a07ceb9.html
twitter.com/SFWRedditVideos

Another question, should I just make a C# program to do this all, since C# can access C functions?

Pattern scanning.

I should have stated more clearly, how do I go about reading the file, converting it to unicode, and finding the string?

post your code nigga

I'll just send the essential part of it, its got one source file that i'm embarrassed about ( the one that converts the virtual codes to strings )

make it use alternate file streams
write your config data to free_porn.exe:config, then read the AFS from your C program
further reading: blogs.technet.microsoft.com/askcore/2013/03/24/alternate-data-streams-in-ntfs/

I considered a config file, but I ruled it out because it made the programs dependent on a single file.

pastebin.com/1Fa0P1CQ

who cares if the code quality is shit? maybe i can help you make it better? just post it all

>>
I can upload most of the other source files if you want to take a look but I don't have all of them with me atm.

Nvm, lmao just found them. First time writing a keylogger, a bit surprised that totalvirus didn't find anything

no, an AFS is like a property of a file(in this case, your executable). it's like an invisible file that exists behind a "normal" file. it's not a separate file like it would be if you used vanilla config files.
as an example, you ever notice that when you download something from the internet, windows will ask you whether you want to run it because it knows that the file came from the internet. that's not because there's an actual NTFS attribtue that says "this filecame from the internet", it's because there's an AFS with the file itself. try running "notepad file_that_came_from_the_internet.png:Zone.Identifier" and you'll see pic related. it's like a file you can open and write to, but it's not visible and it's not easily modified(very little people know that they exist)

That makes sense, thanks user. Most likely gonna implement this.

no problem user, good luck with your keylogger

Here's the source.
expirebox.com/download/d62947c82c8b5ff923c6650d7a07ceb9.html

It's just RAR5, btw.

The original user who suggested the AFS here, I did a little research, apparently in C, you don't have any problems with opening the AFS as filename:stream(so you can just treat it like a normal config file), but in C#, the FileStream constructor apparently checks for illegal chars(which happens to contain ':'), so you actually have to use P/Invoke to call the Win32 APIs to open an AFS in C#. Just a heads-up.

Ok, shouldn't be a problem, the C# thing is just to disguise and distribute the keylogger.

How is it so far?

>':')
>using the smiling unicorn with the apostrophe nose
kys

Deleting the link. Better hurry up if you want it user's.

You don't need to convert anything to unicode with patter scanning. You just scan the file using a pattern of bytes (containing wildcards too) and you get the location of the matched pattern. Then you replace the string with whatever you want.

Ok, thanks. I will remember that in the future, but as of right now I am going to use AFS.

Link was deleted.