Use Windows hook to get lost password

Brief introduction

A few years ago I downloaded a program called Eureka in CodeGuru, if you forget the password, you can use the program to "fetch" the password back. Instead of a password-cracking program, it uses a Windows security vulnerability to copy the password of another running program. I am very interested in this program, decided to write a version of their own. Later, when Windows 2000 was released, I was disappointed to find that Microsoft had patched up that vulnerability, so that the program would not work on Windows 2000. After trying, I finally found a way to copy any password that runs a program on a 32-bit Windows system.

This article Example program:

How to use:

The use of Passwordspy programs is very simple. You simply run the program that contains the forgotten password, and then run Passwordspy. Then drag the magnifying glass to the password input field, and Passwordspy will display the password. Passwordspy program is not malicious, the purpose of developing it is just to retrieve the password, the program in Win95/98/me and Winnt/2k/xp/windows 2003 test pass.

Function Description:

In addition to the use of Passwordspy itself, it also demonstrates some useful and interesting code:

Single instance application-if the user starts the second instance of Passwordspy, the system finds the first instance and displays the Passwordspy interface at the very front of all windows;

Always on top--is always on top, and you can start and disable this feature in your program with just one line of code.

interprocess communication--passwordspy uses several forms of IPC, including WM_COPYDATA messages and memory-mapped files;

Set the window hook--to draw a password in Windows 2000/windows XP, you have to use a hook in the remote process.

Code Implementation Details:

So far, the most interesting part of the Passwordspy program is actually using the SetWindowsHookEx API. function to set up windows hooks. With this function you can install hooks into the operating system or in a particular process. There are many kinds of hooks, each of which is different, and is used to monitor a particular set of events. When a certain type of event occurs, the hook code is invoked. Passwordspy uses the Wh_getmessage hook, which monitors calls to GetMessage and PeekMessage. For more information on hooks please refer to the SetWindowsHookEx of the MSDN Library.

I found several examples of hooks on the internet, in books, and on MSDN, each with at least one bug. This article I solved these problems with my own solution. The hardest part of using Windows hooks is to store hook handles properly. Before you set up the hook, you need to do two things: