VERSION 1.2.2.1 ~~~~~~~~~~~~~~~ Changes: - wh00ps, signed/unsigned bug in FormatKey! Now I can remember why those char arrays used to be unsigned. It's fixed anyway. - Due to an error in LogSendBack(), a file written to an FTP would contain freshly-allocated-heap-memory- junk-bytes, but that has been fixed as well. - Tiny fix for nano not properly auto-starting when installed with a non-admin account and related woes. ToDo; - If you use %USERPROFILE% and try to install nano as administrator, it doesnt work properly because the LOCAL SYSTEM account has a different home directory than the administrator. This needs fixing. - Implement logging to alternate data streams? Dunno yet. VERSION 1.2.2.0 ~~~~~~~~~~~~~~~ Changes: - Multiuser support for Win2K3 / XP systems, nano will log to HKCU if HKLM is not available - DNS lookup would fuck up with stack overflow when no network adapter was present, fixed (recursion limit added and check for resolved GTLD server IP) - Fixed bug in NanoGetPath() wich returned only the drive letter when trying to strip an alternate data stream (el stupido!) - Rewrote log.cpp completely for better logging and LogWrite synchronization through critical sections - Major improvements and bugfixes ToDo: - If you use %USERPROFILE% and try to install nano as administrator, it doesnt work properly because the LOCAL SYSTEM account has a different home directory than the administrator. This needs fixing. - Implement logging to alternate data streams? Dunno yet. VERSION 1.2.1.1 ~~~~~~~~~~~~~~~ Changes: - Bugfix for a stupid mistake in eml.cpp, pointed out by powercome (at libero.it) - thanks a lot man VERSION 1.2.1.0 ~~~~~~~~~~~~~~~ Changes: - Nano can now highlight keystrokes that are inserted into a password edit box in a separate table row in the logs. This is an optional feature. - The suicide code has been improved with a source code snippet from byterage.hackaholic.org VERSION 1.2.0.7 ~~~~~~~~~~~~~~~ Changes: - Updated Nano with the fixed version of my MX lookup code for Windows 9X. There was something heaviely wrong with a WSAEventSelect() call. - Only the Administrator Account on Windows NT5 machines can access the Service Control Manager, so it is impossible for nano to install itself as a service when the user who executes it does not have these privileges. Due to this issue, nano 1.2.0.6 only worked for users with adminsitrator privileges on WinNT machines. I fixed it so that nano uses the standard Windows 9X startup method when the user does not have the appropriate privileges. VERSION 1.2.0.6 ~~~~~~~~~~~~~~~ Changes: - Fixed the bug that caused empty keystroke log rows in the logfile tables. - Fixed the clipboard implementation, sometimes clipboard contents got truncated so that the last character was missing. This was caused by a stupid mistake when using strncpy(), which is a very very bad mistake. - The clipboard implementation will now properly parse CR, LF and CRLF sequences to
HTML tags. - Fixed Error in the Date implementation from version 1.205. The Date header was sent with two line breaks and therefore, the following headers including the content type were not recognized as headers by the receiving mailserver. VERSION 1.2.0.5 ~~~~~~~~~~~~~~~ Changes: - Fixed the bug that caused nested logfile tables. - Added a correct Date header to the SMTP implementation using API calls instead of C standard library routines. - A tiny bit of code cleanup VERSION 1.2.0.4 ~~~~~~~~~~~~~~~ Changes: - Nano can now delete its originating executable from the system it is being installed on. This means, nano copies itself to the location that has been specified and deletes the original executable afterwards. - I stole an idea from sub7 and added the possibility to display a fake error message box upon installation. - As requested, Nano can be set up to use PASV mode for FTP uploads now. PASV mode is now also part of the standard configuration. ToDo: - Implement a feature to remotely configure and remove nano (yes, yes, I am working on it!!) VERSION 1.2.0.3 ~~~~~~~~~~~~~~~ Changes: - Added memory cleanup by using DnsRecordListFree() to the Windows NT 5.0 MX lookup implementation. - Thanks to a comment from marcoss_115@hotmail.com, I found out that my dirty fix for quoted-printable encoding (all those =3D sequences in the HTML code) messed up the logfiles uploaded via FTP because the sequences were not translated back to equation signs in LogSendBack(). I now implemented a proper mechanism to perform the entire quoted-printable encoding in the eml.cpp module itself, the algorithm acts pretty much according to RFC 2045. This should improve both the email logs and the FTP logs. - Added timestamps to the keylogs ToDo: - Implement a feature to remotely configure and remove nano. VERSION 1.2.0.2 ~~~~~~~~~~~~~~~ Changes: - Added an option to log keystrokes only when the user is online - Improved the clipboard monitoring implementation by moving it into the main message loop and applying GetClipboardOwner() - NanoAgent now offers the possibility to dump a single registry logfile or all of them to HD. - Changed the configuration mechanism slightly. The following options are now toggled by using a single bitmask (stored as IDS_LOG_FLAGS in the resource script) - also check out global.h: -- Send logfiles to an email address (mask 0x01) -- Send logfiles to an FTP account (mask 0x02) -- Only log keystrokes when user is online (mask 0x04) -- Behave stealthy (mask 0x08) -- Also log injected keystrokes (mask 0x10) -- Monitor clipboard activity (mask 0x20) VERSION 1.2.0.1 ~~~~~~~~~~~~~~~ Changes: - DNS MX lookup support for Windows 9X added. Makes the executable by far larger than before if compiled with NANO_WIN option! - Fixed a stupid bug in the FTP implementation. VERSION 1.2.0.0 ~~~~~~~~~~~~~~~ Changes: - I finally found one awesome piece of code that does all the job that BeginUpdateResource(), UpdateResource() and EndUpdateResource() do on Windows NT platforms - but on Windows 9X as well. This means that the NanoAgent editor for nano executables now also works on Windows 9X platforms - the entire program package works on all Windows platforms now. VERSION 1.1.0.3 ~~~~~~~~~~~~~~~ Changes: - I finally managed to install Windows 98 on a second machine and fixed ALL bugs that caused problems on Windows 9X machines. Nano and NanoAgent will now definitely work on all versions of Windows OS. - Removed a static link to IsDebuggerPresent() in nano, an API that is not available on Windows 95. - Added the KeyLoggerQuit() routine that allows the keylogger to terminate itself more reliably than by using KeyLoggerEnd(). KeyLoggerEnd() is only responsible for cleanup now. - Added the KeyLoggerPause() routine as well to allow the keylogger to be paused. The service on NT/2k/XP platforms can now also be paused and stopped if nano is installed with stealth option. - The NanoAgent Admin interface has been changed and a bunch of bugs have been fixed: -- NanoAgent can search the list of running processes now to find a running instance of nano on the computer. -- The NanoAgent list of logfiles on the computer is now updated automatically as changes occur to the registry key that holds them. -- It is possible to connect to a copy of nano that has been installed on a computer somewhere withn the ethernet. This works only on Windows NT/XP/2k networks and with an appropriate administrator account, though. VERSION 1.1.0.2 ~~~~~~~~~~~~~~~ Changes: - NanoAgent can find running instances of nano on a machine if nano has not been packet with an upx-like tool now for easier removal. - Fixed a heavy bug in nano that caused an access violation if nano was compiled to work on Windows 9X platforms. Details: nano links to service API dynamically now, and the function addresses were retrieved after the start() routine in nano.cpp was called in version 1.1.0.1 when nano was compiled with the NANO_WIN macro enabled. This would cause an access violation as start() needs the service API functions to install the service and therefore tries to call a function at 0x00000000 (the function pointers to the service API are initially set to 0). - Fixed a bug in the NanoAgent editor that did not write the resource value for Email/FTP upload correctly. VERSION 1.1.0.1 ~~~~~~~~~~~~~~~ Changes: - NED has been replaced by the far more advanced NanoAgent that is able to remove nano, view logfiles and start/stop nano as well. On Windows 2k/XP/NT systems, NED is available as a part of NanoAgent. - Removed (hopefully) all static NT API links from nano itself to make it actually work on Win9x platforms - The clipboard is now compared by using a simple hash function instead of buffering the entire clipboard contents in memory. Far more elegant. - Removed a bunch of minor bugs that occured with the HTML logfile creation. Should work smooth now. - Slightly altered nano's message loop for NT systems, seems to work better with a PeekMessage Implementation. ToDo: - Make Nano work on NT machines without requiring administrator priviledges. VERSION 1.0.0.1 ~~~~~~~~~~~~~~~ ToDo: - Code a local administration and removal tool - Code a local logfile viewer