📄 mouspy.bat
字号:
;@echo off
;goto make
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
;
; Client of MouSpy.sys driver
;
; Written by Four-F (four-f@mail.ru)
;
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
.386
.model flat, stdcall
option casemap:none
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; I N C L U D E F I L E S
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
include \masm32\include\windows.inc
include \masm32\include\kernel32.inc
include \masm32\include\user32.inc
include \masm32\include\comctl32.inc
include \masm32\include\advapi32.inc
includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\user32.lib
includelib \masm32\lib\comctl32.lib
includelib \masm32\lib\advapi32.lib
include \masm32\include\winioctl.inc
include cocomac\cocomac.mac
include cocomac\ListView.mac
include \masm32\Macros\Strings.mac
include ..\common.inc
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; S T R U C T U R E S
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; Because of improper definition in windows.inc
_LARGE_INTEGER UNION
struct
LowPart DWORD ?
HighPart SDWORD ?
ends
struct u
LowPart DWORD ?
HighPart SDWORD ?
ends
QuadPart QWORD ? ; signed
_LARGE_INTEGER ENDS
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; E Q U A T E S
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
IDD_MAIN equ 1000
IDC_LISTVIEW equ 1001
IDC_INVERT_BUTTONS equ 1002
IDC_INVERT_MOVEMENT equ 1003
IDI_ICON equ 1004
IDM_ABOUT equ 2000
IDM_STAY_ON_TOP equ 2001
IDM_AUTOSCROLL equ 2002
IDM_CLEAR equ 2003
MAX_ITEMS equ 1000
; ntddmou.inc defines the...
MOUSE_LEFT_BUTTON_DOWN equ 0001 ; Left Button changed to down.
MOUSE_LEFT_BUTTON_UP equ 0002 ; Left Button changed to up.
MOUSE_RIGHT_BUTTON_DOWN equ 0004 ; Right Button changed to down.
MOUSE_RIGHT_BUTTON_UP equ 0008 ; Right Button changed to up.
MOUSE_MIDDLE_BUTTON_DOWN equ 0010h ; Middle Button changed to down.
MOUSE_MIDDLE_BUTTON_UP equ 0020h ; Middle Button changed to up.
MOUSE_WHEEL equ 0400h
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; U N I N I T I A L I Z E D D A T A
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
.data?
g_hDevice HANDLE ?
g_hEvent HANDLE ?
g_hInstance HINSTANCE ?
g_hwndDlg HWND ?
g_hwndListView HWND ?
g_fExitNow BOOL ?
g_dwDlgWidth DWORD ?
g_hPopupMenu HMENU ?
g_fAlwaysOnTop BOOL ?
g_fAutoscroll BOOL ?
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; C O D E
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
.code
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; malloc
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
malloc proc dwBytes:DWORD
option PROLOGUE:NONE
option EPILOGUE:NONE
invoke GetProcessHeap
invoke HeapAlloc, eax, HEAP_ZERO_MEMORY, [esp+4]
ret 4
option PROLOGUE:PROLOGUEDEF
option EPILOGUE:EPILOGUEDEF
malloc endp
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; free
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
free proc lpMem:PVOID
option PROLOGUE:NONE
option EPILOGUE:NONE
invoke GetProcessHeap
invoke HeapFree, eax, 0, [esp+4]
ret 4
option PROLOGUE:PROLOGUEDEF
option EPILOGUE:EPILOGUEDEF
free endp
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; UnregisterDriver
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
UnregisterDriver proc
local hSCManager:HANDLE
invoke OpenSCManager, NULL, NULL, SC_MANAGER_ALL_ACCESS
.if eax != NULL
mov hSCManager, eax
; Unregister driver - remove registry directory
invoke OpenService, hSCManager, $CTA0("MouSpy"), DELETE
.if eax != NULL
push eax
invoke DeleteService, eax
call CloseServiceHandle
.endif
invoke CloseServiceHandle, hSCManager
.endif
ret
UnregisterDriver endp
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
;
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
RegisterAndStartDriver proc
local hSCManager:HANDLE
local hService:HANDLE
local hDevice:HANDLE
local acModulePath[MAX_PATH]:CHAR
mov hDevice, INVALID_HANDLE_VALUE
invoke OpenSCManager, NULL, NULL, SC_MANAGER_ALL_ACCESS
.if eax != NULL
mov hSCManager, eax
push eax
invoke GetFullPathName, $CTA0("MouSpy.sys"), sizeof acModulePath, addr acModulePath, esp
pop eax
invoke CreateService, hSCManager, $CTA0("MouSpy"), $CTA0("Mouse Spy"), \
SERVICE_START, SERVICE_KERNEL_DRIVER, SERVICE_DEMAND_START, \
SERVICE_ERROR_IGNORE, addr acModulePath, NULL, NULL, NULL, NULL, NULL
.if eax != NULL
mov hService, eax
invoke StartService, hService, 0, NULL
.if eax != 0
invoke CreateFile, $CTA0("\\\\.\\MouSpy"), GENERIC_READ + GENERIC_WRITE, \
0, NULL, OPEN_EXISTING, 0, NULL
.if eax != INVALID_HANDLE_VALUE
mov hDevice, eax
.endif
.endif
invoke CloseServiceHandle, hService
.endif
invoke CloseServiceHandle, hSCManager
.endif
invoke GetLastError
mov eax, hDevice
ret
RegisterAndStartDriver endp
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
;
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
StopDriver proc
local hSCManager:HANDLE
local hService:HANDLE
local _ss:SERVICE_STATUS
local fOK:BOOL
and fOK, FALSE
invoke OpenSCManager, NULL, NULL, SC_MANAGER_ALL_ACCESS
.if eax != NULL
mov hSCManager, eax
invoke OpenService, hSCManager, $CTA0("MouSpy"), SERVICE_STOP + DELETE
.if eax != NULL
mov hService, eax
invoke ControlService, hService, SERVICE_CONTROL_STOP, addr _ss
.if eax != 0
invoke GetLastError
.if eax == ERROR_SUCCESS || eax == ERROR_IO_PENDING
mov fOK, TRUE
.endif
.endif
invoke DeleteService, hService
invoke CloseServiceHandle, hService
.endif
invoke CloseServiceHandle, hSCManager
.endif
mov eax, fOK
ret
StopDriver endp
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; MyUnhandledExceptionFilter
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
MyUnhandledExceptionFilter proc lpExceptionInfo:PTR EXCEPTION_POINTERS
; Just cleanup every possible thing
local dwBytesReturned:DWORD
local _ss:SERVICE_STATUS
; If something went wrong let the driver know it should undo the things.
invoke DeviceIoControl, g_hDevice, IOCTL_MOUSE_DETACH, NULL, 0, NULL, 0, \
addr dwBytesReturned, NULL
mov g_fExitNow, TRUE ; Loop thread should exit now.
invoke SetEvent, g_hEvent
invoke CloseHandle, g_hEvent
invoke CloseHandle, g_hDevice
invoke StopDriver
mov eax, EXCEPTION_EXECUTE_HANDLER
ret
MyUnhandledExceptionFilter endp
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; ListViewInsertColumn
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
ListViewInsertColumn proc
local lvc:LV_COLUMN
mov lvc.imask, LVCF_TEXT + LVCF_WIDTH + LVCF_FMT
mov lvc.fmt, LVCFMT_LEFT
mov lvc.pszText, $CTA0("L")
mov lvc.lx, 40
invoke SendMessage, g_hwndListView, LVM_INSERTCOLUMN, 0, addr lvc
mov lvc.pszText, $CTA0("M")
invoke SendMessage, g_hwndListView, LVM_INSERTCOLUMN, 1, addr lvc
mov lvc.pszText, $CTA0("R")
invoke SendMessage, g_hwndListView, LVM_INSERTCOLUMN, 2, addr lvc
mov lvc.fmt, LVCFMT_RIGHT
mov lvc.pszText, $CTA0("X")
invoke SendMessage, g_hwndListView, LVM_INSERTCOLUMN, 3, addr lvc
mov lvc.pszText, $CTA0("Y")
invoke SendMessage, g_hwndListView, LVM_INSERTCOLUMN, 4, addr lvc
mov lvc.pszText, $CTA0("Wheel")
mov lvc.lx, 50
invoke SendMessage, g_hwndListView, LVM_INSERTCOLUMN, 5, addr lvc
ret
ListViewInsertColumn endp
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; FillMouseInfo
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
FillMouseInfo proc uses esi ebx paKeyData:PTR KEY_DATA, cb:UINT
local lvi:LV_ITEM
local buffer[32]:CHAR
ListView_GetItemCount g_hwndListView
.if eax > MAX_ITEMS
mov ebx, eax
sub ebx, MAX_ITEMS
invoke SendMessage, g_hwndListView, WM_SETREDRAW , FALSE, 0
.while ebx
; Delete oldest item
ListView_DeleteItem g_hwndListView, 0
dec ebx
.endw
invoke SendMessage, g_hwndListView, WM_SETREDRAW , TRUE, 0
.endif
mov esi, paKeyData
assume esi:ptr MOUSE_DATA
mov eax, cb
mov ecx, sizeof MOUSE_DATA
xor edx, edx
div ecx
mov ebx, eax
mov lvi.imask, LVIF_TEXT
ListView_GetItemCount g_hwndListView
mov lvi.iItem, eax
.while ebx
; buttons
and lvi.iSubItem, 0
movzx eax, [esi].ButtonFlags
.if eax & MOUSE_LEFT_BUTTON_DOWN
mov ecx, $CTA0("down")
.elseif eax & MOUSE_LEFT_BUTTON_UP
mov ecx, $CTA0("up")
.else
mov ecx, $CTA0("")
.endif
mov lvi.pszText, ecx
ListView_InsertItem g_hwndListView, addr lvi
inc lvi.iSubItem
movzx eax, [esi].ButtonFlags
.if eax & (MOUSE_MIDDLE_BUTTON_DOWN or MOUSE_MIDDLE_BUTTON_UP)
.if eax & MOUSE_MIDDLE_BUTTON_DOWN
mov ecx, $CTA0("down")
.elseif eax & MOUSE_MIDDLE_BUTTON_UP
mov ecx, $CTA0("up")
.endif
mov lvi.pszText, ecx
ListView_SetItem g_hwndListView, addr lvi
.endif
inc lvi.iSubItem
movzx eax, [esi].ButtonFlags
.if eax & (MOUSE_RIGHT_BUTTON_DOWN or MOUSE_RIGHT_BUTTON_UP)
.if eax & MOUSE_RIGHT_BUTTON_DOWN
mov ecx, $CTA0("down")
.elseif eax & MOUSE_RIGHT_BUTTON_UP
mov ecx, $CTA0("up")
.endif
mov lvi.pszText, ecx
ListView_SetItem g_hwndListView, addr lvi
.endif
; X
inc lvi.iSubItem
.if [esi].LastX != 0
invoke wsprintf, addr buffer, $CTA0("%d"), [esi].LastX
lea ecx, buffer
mov lvi.pszText, ecx
ListView_SetItem g_hwndListView, addr lvi
.endif
; Y
inc lvi.iSubItem
.if [esi].LastY != 0
invoke wsprintf, addr buffer, $CTA0("%d"), [esi].LastY
lea ecx, buffer
mov lvi.pszText, ecx
ListView_SetItem g_hwndListView, addr lvi
.endif
; Wheel if any
inc lvi.iSubItem
movzx eax, [esi].ButtonFlags
.if eax & MOUSE_WHEEL
movzx eax, [esi].ButtonData
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -