First, illegal access to the principle of password: Edit control is a standard control for Windows. When the Password property is set to TRUE, the input content is shielded as an asterisk to achieve the purpose of protection. Although we seem to be an asterisk, the EDIT control in the program is still the password entered by the user. The application can get the password in the control, and other applications can also get the EDIT control by sending a WM_GETTEXT or EM_GETLINE message. The content. The hacker program is using this feature of the Edit control. When the currently detected window is an EDIT control and has an ES_Password property, the WM_GETTEXT or EM_GETLINE message is sent to this window via SendMessage, so that the content in the EDIT box will be at a glance. Second, the work method of hacker software: first get the current window, and determine if it is an Edit control, generally to specify a window to be detected, for example, in the response function of the WM_MOUSEMOVE message, now the code snippet is as follows: / / Convert customer coordinates into screen coordinate clienttoscreen (& points); // Return to a window CWnd * PWnd (POINT); if (PWND) {// Get window handle HWND HWNDCURR = PWND -> getsafehwnd (); if ((:: getWindowThreadProcess))! = (: GetWindowThreadProcessid (HWndCurr, null)) {char lpclassname [255]; // Get class name if (: getClassName) (HWNDCURR, LPCLASSNAME, 255)) {// Judgment whether it is an Edit control if (0 == m_Strwndclass.Comparenocase ("Edit")) {// Get window style long lStyle = :: getWindowlong (hwndcurr, gwl_style); // If the ES_Password property IF (LStyle & Es_password) {char sztext [255]; // Send WM_GETTEXT messages to this control by mastering HWNDCURR :: SendMessage (hwndcurr, wm_gettext, 255, (lparam) sztext); // password Saved in sztext m_strpassword = sztext;}}}} The following cries are worth noting in the above code: ClientToscreen (& Point); CWND * PWND = CWnd :: WindowFromPoint (Point); hwnd hwndcurr = p Wnd-> getSafehWnd (); These three sentences can get the window handle of the current mouse location in SendMessage. :: SendMessage (hwndcurr, wm_gettext, 255, (lparam) sztext); this is a true SENDMESSAGE. The first parameter specifies the window handle to receive the message, we have obtained through the above code, The two parameters are the WM_Gettext message that allows the Edit control to return characters and saved the obtained content in Sztext.
Third, the prevention measures have since we can't make a universal hacking software, then we can naturally develop a set of measures to prevent its attacks. Below we have to protect Password. From the above analysis, we can see that the vulnerability of the EDIT control is mainly inspected for the identity of the sending WM_GETTEXT or EM_GETLINE message, as long as the EDIT window handle can be found, any process can get its content. Therefore, you must verify the identity of the sending message. A method is given to verify whether the identity of the sending message is legal: 1. Creating a new CEDIT class from CEDIT a subclass CPasswordedit, declaring global variable g_bsenderidentity indicates message sender Identity: BOOL g_bsenderidentity; then responding to the virtual function DEFWINDOWPROC of CWnd, authenticate in this callback function: LResultcpassword :: DefWindowProc (uintmessage, wparamwparam, lparamlparam) {// The content of Edit must obtain one of the following two messages IF ((Message == WM_GETTEXT) || (// Check if it is legal if (! g_bsenderidentity) {/ illegally acquired, display information AFXMESSAGEBOX (_t ("report: I am trying to steal password!" )); Return 0;} // Legal acquisition g_bsenderidentity = false;} Return Cedit :: DefWindowProc (Message, WPARAM, LPARAM);} 2. Do some processing in the Data Enter dialog box in the dialog box in dialogue M_EDtpassword : CPasswordEDit m_edtpassword; then add the following code in OnInitDialog () in the dialog: m_edtpassword.subclassdlgitem (idc_edit_password, this); Associate the control with the new class. After you want to set the identity as a legality in the dialog box: Void CDLGINPUT :: DODATAEXCHANGE (CDataExchange * PDX) {// If you get data // Note: IF (PDX-> M_BsaveAndValidate) for CPROPERTYPAGE categories if (pDX-> m_bSaveAndValidate) {g_bSenderIdentity = TRUE;} CDialog :: DoDataExchange (pDX); // {{AFX_DATA_MAP (CDlgInput) DDX_Text (pDX, IDC_EDIT_PASSWORD, m_sPassword); //}} AFX_DATA_MAP} Thus, Password input box to It has legal identity and will be protected. Conclusion: The above method is only for VC programs, for other languages such as VB, Delphi, etc., need to make a password ActiveX control with VC, and implement the method is basically similar to the above method. The above procedures are prepared by VisualC 6.0.
