search

werkamsus / Lilith

Lilith, C++ Cybersecurity Research Project
https://nick.sl
MIT License
717 stars 207 forks source link

Keylogger #8

Closed JulianGi closed 7 years ago

JulianGi commented 7 years ago

Hey I saw your feedback on opening/closing the file 100x a sec so I changed it to only touch the file if user input is detected. I could also use a buffer in memory and write this buffer to the file once it reaches a certain capacity, but I fear that this might lead to data loss e.g when the user shuts down his pc with a half filled buffer.

werkamsus commented 7 years ago

Wow! Didn't think you'd be so quick. I have also thought about using a buffer but came to a similar conclusion. Have you tested if it still works the same after the changes? And on a side note - the keydump command seems to mess up when the file gets too long, therefore i added the little script thing. Feel free to pitch in with any ideas you might have, you don't have to articulate them in code to do so, although i am always happy to see something new working! :)

JulianGi commented 7 years ago

Thank you. I tested it and it works without a problem. I am not sure about the original keydump command but the solution that you implemented works nicely even with large text files. Regarding the new ideas: I looked into a WindowsApi function called ToAsciiEx that uses the local keyboard layout of the target machine to convert key- or scancodes into charracters. This would be usefull for the keylogger since there would be no need to hardcode every single virutal keycode and it would be possible to use the keylogger on every pc regardless of the keyboard it is using. However when I tried this function it only returned the ascii values of the speciffied keycodes and never the actual chars. Maybe you could have a go at it. Anyway I got a bit of freetime on my hands right now so I will look in to your TODO list and try to contribute some more.

Edit: Just saw what you meant with small script thing. Have not tried that one yet but the keydump command that you implemented worked for me even on large files.

werkamsus commented 7 years ago

Sadly I don't have too much spare time on my hands currently, but I try my best to revise new code and implement smaller features, such as those the comments on youtube asked for.