Tinky Winkey is a Windows service project written in C++. The goal is to explore Windows API concepts such as service management, token handling, and process creation inside a controlled virtual environment.
- The program must never crash or quit unexpectedly.
- A
NMakefilemust be provided and evaluated using NMAKE. - Compilation must use
clwith flags /Wall and /WX. - Only C or C++ languages are allowed.
- Must run on Windows 10 or higher inside a virtual machine.
- You may use official Microsoft Windows 10+ images.
- Windows Defender may be temporarily disabled for testing.
- Proper error handling and handle cleanup are mandatory.
The project contains two executables:
| Executable | Description |
|---|---|
svc |
A Windows service named tinky that can be installed, started, stopped, and deleted. |
winkey |
A keylogger launched by the service under a SYSTEM token. |
| Function | Purpose |
|---|---|
OpenSCManager |
Opens a handle to the Service Control Manager. |
CreateService |
Installs the service. |
OpenService |
Opens an existing service. |
StartService |
Starts a service. |
ControlService |
Sends control codes to a service (e.g., stop). |
CloseServiceHandle |
Closes service-related handles. |
DuplicateTokenEx |
Duplicates an access token for impersonation or process creation. |
The service must:
- Accept the following commands:
install,start,stop, anddelete. - Register itself in the Service Control Manager (SCM) as tinky.
- Impersonate a SYSTEM token using
DuplicateTokenEx. - Launch the winkey process with that token.
- Ensure only one instance of
winkeyruns at a time. - Terminate
winkeywhen the service is deleted.
According to the original subject, winkey should:
- Capture keyboard input using a low-level keyboard hook.
- Record the foreground process, timestamp, and keystrokes.
- Store data in a human-readable format, following the locale identifier.
- Use Developer Command Prompt for VS (x64).
- Run all commands with Administrator privileges (required for SCM operations).
nmake