Research on Internet Plug-in Technology of reflux technology Part 2

Research on Internet Plug-in Technology of reflux technology Part 1: http://blog.csdn.net/davemin/archive/2007/01/05/1474858.aspx

Note: the technologies involved in this article are for reference only and cannot be used for illegal activities. I am not responsible for them.

2.3. BHO example

A. Next I will explain how to use the VC in Microsoft vistual Studio 6.0 to create the BHO program.
First, find a Microsoft SDK. I used this:
October 2002 SDK Release Notes
The Microsoft Platform SDK provides developers with documentation, header files, and sample code necessary to write software for Microsoft Windows and Microsoft Windows NT. the Platform SDK simplifies installation by integrating components from different SDKs and installing them in common paths on your hard disk. it can also set the search paths used by Microsoft Visual Studio.

Step 1 ).Use wizard and select atl com AppWizard, Project Name = BHOTest

Step 2 ).You do not need to use MFC. If you choose your preferred method, you may not need to use MFC at all. Or, if you want to minimize the executable files of this program, it is better not to use MFC. I will not select MFC here. Others remain unchanged.

Step 3 ).New ATL Object, name = MyBHO, which is exactly the same as the ordinary ATL Com component. There are no two differences.

Step 4 ).Add the parent class, public IObjectWithSiteImpl <CMyBHO>, COM_INTERFACE_ENTRY (IObjectWithSite), and related events.
Refer to the source program. It cannot be explained here.

Step 5 ).Add BHO register to the MyBHO. rgs file.

HKLM
{
SOFTWARE
{
Microsoft
{
Windows
{
CurrentVersion
{
Explorer
{
'Browser Helper objects'
{
{C28BCCCA-BE95-40EB-A5A9-8384C9D2E478}
}
}
}
}
}
}
}

 

Step 6 ).IE event processing, Invoke (...)

Open Web page completion event: DISPID_DOCUMENTCOMPLETE
For other events, refer:
Http://msdn.microsoft.com/workshop/browser/mshtml/reference/events/htmlformelementevents/htmlformelementevents.asp
Note: include MSHTMDID. H

After these six steps, a basic BHO program has been completed. Programmers can add or subtract code themselves.
In addition, you can Copy the content and Code mentioned in the previous article.

For details, refer to the source code BHOTest1_Code.zip.

 

B. Threats to IE passwords

In the past two years, many important organizations have begun to pay attention to the insecure IE input data, especially online transactions in financial systems.
However, the web end of most financial systems is still very dangerous, and in this way, simple BHO programs can obtain all the input confidential data.

Here is an example of https://reg.163.com/logins.jsp.
Implementation: Obtain the entered 163 passport account password in real time.

For details, refer to the source code BHOTest2_Code.zip.

 

C. Applications for registering accounts and replying to spam on forums or blogs

From the second code: BHOTest2_Code.zip example, we can see that IE can be fully automated.
Alternatively, you can create a Dialog to operate the settings, automatically register the account, and automatically send junk data in the Forum. Or automatically add junk data comments to various blogs.

For the setting value of IHTMLInputElement, different html tags use different APIs, such as put_value, put_checked, and others. For details, refer to msdn.
After the form data is filled in, the form is automatically submitted by calling the IHTMLFormElement-> submit () API. It can achieve automatic login, reply to posts, add blog comments, and so on.

The following is a simple description and no source program is provided. See the previous two Examples.

 

 
2.4. Browsers using the IWebBrowser2 interface of other applications

In fact, the browser that uses the IWebBrowser2 interface can be fully listed by calling the IShellWindows COM interface.

Refer to the following code.

USES_CONVERSION;

//
: CoInitialize (NULL );
CComPtr <IShellWindows> spShellWin;
HRESULT hr = spShellWin. CoCreateInstance (CLSID_ShellWindows );
If (FAILED (hr ))
{
Return NO_ERROR;
}

While (TRUE)
{
Long nCount = 0;
SpShellWin-> get_Count (& nCount );
If (0 = nCount)
{
Continue;
}

For (int I = 0; I <nCount; I ++)
{
CComPtr <IDispatch> spDispIE;
Hr = spShellWin-> Item (CComVariant (long) I), & spDispIE );
If (FAILED (hr) continue;

CComQIPtr <IWebBrowser2> spBrowser = spDispIE;
If (! SpBrowser) continue;

//...
}
}

//...

 

2.5. Additional instructions
The content mentioned in section 2.2 may involve many things. For example, I saw a piece of news on the Internet a few days ago saying that an IT company is upgrading its Baidu and Google rankings for a company's website,
In any case, how to search is ranked first. Then the company was happy, paid, and traded. Later, the company found that this was not the case on their own computers. The IT company said that software should be installed.

Well, it is actually the technical implementation described in section 2.2.
It's funny to remember.

 

3. Thoughts on Anti-BHO

I read a few reflux software and thought they were too harsh on BHO-related programs. It seems that as long as it is a BHO killer, you are well-known security BHO, such as Google toolbar.
If this is the case against BHO, then there will be no more formal BHO components than Google Toolbar in the future, because it will be scanned and killed before it comes out. Good or bad.

Therefore, I personally think it is best to change it further. BHO is technically not necessarily a malicious program.

 

4. Write at the end

Two cigarettes and one cup of wine, Hangzhou winter, and this long night.
I'm a little trembling and worried about the soft Internet traffic in China. Today I found that on a computer where I have made security settings, KMD (Kernel Mode Driver) appeared).

In this case, the reflux task is more difficult. I don't believe that currently popular reflux tools can clear all soft streams. Especially at the KMD level.
Because I hope that you can write more cattle reflux software in the form of free software for the use of ordinary Chinese netizens.