So, i'm making a little retarded keylogger for windows,

Another question, should I just make a C# program to do this all, since C# can access C functions?

Pattern scanning.

>>55861903
I should have stated more clearly, how do I go about reading the file, converting it to unicode, and finding the string?

>>55861817
post your code nigga

>>55862012
I'll just send the essential part of it, its got one source file that i'm embarrassed about ( the one that converts the virtual codes to strings )

>>55861817
make it use alternate file streams
write your config data to free_porn.exe:config, then read the AFS from your C program
further reading: https://blogs.technet.microsoft.com/askcore/2013/03/24/alternate-data-streams-in-ntfs/

>>55862046
I considered a config file, but I ruled it out because it made the programs dependent on a single file.

http://pastebin.com/1Fa0P1CQ

>>55862035
who cares if the code quality is shit? maybe i can help you make it better? just post it all

>>>>55862086
I can upload most of the other source files if you want to take a look but I don't have all of them with me atm.

>>55862099
Nvm, lmao just found them. First time writing a keylogger, a bit surprised that totalvirus didn't find anything

File: zone identifier.png (11KB, 1278x680px) Image search: [Google]

11KB, 1278x680px

>>55862073
no, an AFS is like a property of a file(in this case, your executable). it's like an invisible file that exists behind a "normal" file. it's not a separate file like it would be if you used vanilla config files.
as an example, you ever notice that when you download something from the internet, windows will ask you whether you want to run it because it knows that the file came from the internet. that's not because there's an actual NTFS attribtue that says "this filecame from the internet", it's because there's an AFS with the file itself. try running "notepad file_that_came_from_the_internet.png:Zone.Identifier" and you'll see pic related. it's like a file you can open and write to, but it's not visible and it's not easily modified(very little people know that they exist)

>>55862112
That makes sense, thanks anon. Most likely gonna implement this.

>>55862148
no problem anon, good luck with your keylogger

Here's the source.
http://expirebox.com/download/d62947c82c8b5ff923c6650d7a07ceb9.html

>>55862172
It's just RAR5, btw.

>>55862148
The original anon who suggested the AFS here, I did a little research, apparently in C, you don't have any problems with opening the AFS as filename:stream(so you can just treat it like a normal config file), but in C#, the FileStream constructor apparently checks for illegal chars(which happens to contain ':'), so you actually have to use P/Invoke to call the Win32 APIs to open an AFS in C#. Just a heads-up.

>>55862266
Ok, shouldn't be a problem, the C# thing is just to disguise and distribute the keylogger.

>>55862086
How is it so far?

>>55862266
>':')
>using the smiling unicorn with the apostrophe nose
kys

Deleting the link. Better hurry up if you want it anon's.

>>55861992
You don't need to convert anything to unicode with patter scanning. You just scan the file using a pattern of bytes (containing wildcards too) and you get the location of the matched pattern. Then you replace the string with whatever you want.

>>55862543
Ok, thanks. I will remember that in the future, but as of right now I am going to use AFS.

Link was deleted.