Privacy invasion! It is the main reason why I have been programming for the past few years. Well, the ONLY option you have is assembly language, in my case, Win32asm in Hutch's Masm32 package.
Introduction
Privacy invasion, or whatever you call it, is a zillion times more interesting ( and addicting ) than what your 'botak' professor lectures in a huge medieval lecture hall... The way their lecture is the perfect lullaby... Forget about those hypocrites who tell you that assembly language is used when computers were made from ROCKS during the stone age. :) The fact is: if you try to use C++ and invade someone's privacy, anyone with intelligence equivalent to Amoeba will suspect something because even C++ is soooooo slooooooooow... ( C++ and even Visual Basic is good, but absolutely NOT for our purposes. )
What we commonly heard about privacy invasion is: recording EVERY keystroke you press, EVERY site you visit, EVERY e-mail you send and receive, EVERY program you execute (games are the usual targets), EVERY damned message you chat...
Those are what I have been working on over the past few months... Remember, never misuse your knowledge. Besides, knowledge is not easily gained, I crawled the net and went lost in piles and piles of codes, crashed and smashed Windoze 98 a few hundred times before I come up with all these. So, happy learning and happy programming!
Ethics
Yes, invasion of privacy IS ILLEGAL. The only legal to do so is to join your country's secret service, say CIA, FBI... I am interested in this area but I have never spied on anybody except myself, if you get caught, escape to nowhere, you deserve punishment... :)
Now, to the interesting part, programming your computer to spy!
Keyboard Recording...
Under Windoze (9x/Me/NT), the only option (which I know) you have is hooks. Hey, Gates' company provides enough ( if not complete ) documentation which serves our purposes so well... And that is the only good thing did by Micro$oft. Iczellion wrote a good tutorial about Windows hooks, find it at http://win32asm.cjb.net.
To hook the keyboard, you need to create a system wide hook, using SetWindowsHookEx, since a local hook only hooks YOUR window's keystrokes. I personally wrote a key logging program also, and here it is: KeySpyV1.zip. The code is a little messy, and HUGE ( around 1000 lines of assembly! ), anyway it is still faster than any C++ proggie and works faster than light speed... :)
Website/e-mail/chat etc Recording
This is what almost every men with above average intelligence and curiosity is interested in. Anyway, only a few who are assembly language programmers managed to do something... :) The only way you can record web activites is through API hooks, where Winsock APIs are your targets.
The main problem with web activity recording is: how on earth can we hook APIs??? I don't think any university lecturer will tell you how, they only tell you how to program in C++, V. Basic to overbloat your system... After months of researching, I managed to grab Y0da's Invisibility.zip, from there, I used his technique to hook APIs... ( Y0da, you are a GREAT programmer, you are a better candidate for my university's Vice Chancellor! )
To get to know API hooks inside-out ( Y0da's method ), read his Invisibility.zip and MY own tutorial: MsgBoxHack.zip. See, good OCY tells you what your never learn in your 4-5 years degree course! ( and ironically, what good OCY tells you is soooooooo important! ) Hence, who says university education provides you with enough knowledge?
Imagine you are able to hook APIs now, what Winsock APIs you are going to hook? The answer is: it depends on your needs... If you just want to know what site is being visited, of course the answer is only gethostbyname. Anyway, gethostbyname only gives you the host name, say 'www.micro$oft.com'. Say the user is sending an e-mail, the mail program will connect to a SMTP (Simple Mail Transfer Protocol) server, and if we only hook gethostbyname, we are going to miss all the mail that is sent out to the smtp server! So, the next API you have to hook is send, of course.
Well, what about the e-mails someone receives? Our very next target is recv... Hei hei hei... And hooking these 3 APIs is more than enough to totally takeover one's privacy on the net... What you need is a little more wizardry than average programmers.
And at last, here is my creation - which I am very proud of :) : IntHook2.zip. The API hooks are based on MsgBoxHack.zip's method, so just make sure you study the latter first.
Program Execution Recording...
This is the easiest spying method... Even amateur Windoze programmers can come up with different ways to log program execution. It is useful when some notorious employer wants to make sure it's employees do not play games during work. Anyway, I have 3 solutions for you ( nope, I did not write any proggies to do this... I am just damn sure that these methods work).
1. Use Process32First and Process32Next for Windoze 9x/Me. Repeat the process trapeze again and again, triggered by a timer... This is very easy to do, if you are interested, write one yourself! :)
2. For all spesies of Windoze (except Win 3.1, Win 3.1 is condemned to extinction), use EnumWindows. This method is very easy as well, but not very accurate... Anyway, if you combine this method and method 1, you get a semi-powerful proggie... I wrote one proggie when I was still an lame beginner in Win32asm - it terminates Netscape and Internet Explorer when you try to search for pornography... ( it grabs the window's text and scan for words like 'porn', 'sex' ... but I am not letting you to download it. :P ) Hey, I have been doing good since I was a lamer, what 'bout you? :)
3. Hook ShellExecute and ShellExecuteEx... I won't recommend this... API hooking is the last alternative you should consider for the following reasons: API hooks programming tends to crash your system many times before you create a perfect working proggie, and API hooks programming requires you to gather a lot of info about the API itself first... Anyway, the 2 methods above is more than sufficient to do such a simple task. :)
Just A Minute.......!!
OCY says: "Always remember that writing a keyboard logger, winsock API hooker is totally legal, since programming is a noble act, nobody is going to stop you. However, if you use those programs to spy around, prepare for jail. Don't say that I never warn you... FBI already did that, but remember, you ARE NOT FBI... They can prosecute you, I don't think you can sue them..." :P
Well, I actually wrote the winsock API hooker (hooks gethostbyname, send, and recv) to study how our browsers work. For example, IntHook version 1 taught me that we should hook the highest version of Winsock (2.0 instead of 1.1), since hooking version 1.1 only works with Internet Exploiter, but not Netscape. And I discover a bug (I think it is a bug) with getpeername: if you call getpeername with an UNCONNECTED socket, it crashes the system instead of giving you the WSAE_NOTCONN (not connected) error.
Besides, there is a strange behaviour of Netscape Messenger... If you try to send an e-mail OFFLINE, after gethostbyname(your_SMTP_server)and fails, it still tries to send a "QUIT" command to nowhere, what on earth is the motive behind this?? ( if the socket is connected to nowhere, sending the "QUIT" is totally meaningless, and the "QUIT" will go nowhere) Let's hope somebody will give me an explanation... :P What?! You don't believe me? Try IntHook2.zip and send an e-mail offline!
The Spider Web - The End of All Bugs
Code Jungle
About me
Home