[Win32]获取QQ密码输入框所属进程ID
2013-11-12 09:18
239 查看
这个得分32位和64位系统。由于QQ的保护驱动挂钩了NtOpenProcess,因此在32位下无法在用户态通过获取QQ加载模块来判断是否是登陆框。
先来64位的:
再来32位的:
先来64位的:
BOOL IsQQPasswordProcessInWow64(__in DWORD aProcessId)
{
int errCode = ERROR_SUCCESS;
TCHAR dbgStr[1024] = {0};
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, aProcessId);
if (hProcess == NULL)
{
ZeroMemory(dbgStr, 1024 * sizeof(TCHAR));
_stprintf_s(dbgStr, 1024, _T("OpenProcess failed . errCode : %d\n"), GetLastError());
tcout<<dbgStr;
OutputDebugString(dbgStr);
return FALSE;
}
TCHAR processImagePath[MAX_PATH] = {0};
DWORD ret = GetProcessImageFileName(hProcess, processImagePath, MAX_PATH);
if (ret == 0)
{
ZeroMemory(dbgStr, 1024 * sizeof(TCHAR));
_stprintf_s(dbgStr, 1024, _T("GetProcessImageFileName failed . errCode : %d\n"), GetLastError());
tcout<<dbgStr;
OutputDebugString(dbgStr);
}
TCHAR processName[MAX_PATH] = {0};
GetModuleNameFromPath(processImagePath, processName);
_tcsupr_s(processName, MAX_PATH);
HMODULE hMods[1024] = {0};
DWORD cbm = sizeof(hMods);
DWORD neededm = 0;
BOOL b2 = EnumProcessModules(hProcess, hMods, cbm, &neededm);
if (!b2)
{
ZeroMemory(dbgStr, 1024 * sizeof(TCHAR));
_stprintf_s(dbgStr, 1024, _T("EnumProcessModules failed . errCode : %d\n"), GetLastError());
tcout<<dbgStr;
OutputDebugString(dbgStr);
CloseHandle(hProcess);
return FALSE;
}
DWORD modulesCounts = neededm / sizeof(DWORD);
BOOL isFind = FALSE;
for (DWORD j = 0; j < modulesCounts; ++j)
{
TCHAR moduleName[MAX_PATH] = {0};
DWORD ret2 = GetModuleFileNameEx(hProcess, hMods[j], moduleName, MAX_PATH);
if (ret2 == 0)
{
ZeroMemory(dbgStr, 1024 * sizeof(TCHAR));
_stprintf_s(dbgStr, 1024, _T("\tGetModuleFileNameEx failed. errCode : %d\n"), GetLastError());
tcout<<dbgStr;
OutputDebugString(dbgStr);
continue;
}
ZeroMemory(dbgStr, 1024 * sizeof(TCHAR));
TCHAR name[MAX_PATH] = {0};
GetModuleNameFromPath(moduleName, name);
_tcsupr_s(name, MAX_PATH);
if (_tcscmp(name, MODULE_NAME) == 0)
{
isFind = TRUE;
break;
}
}
CloseHandle(hProcess);
return isFind;
}再来32位的:
#define QQPWDEDIT_GUID _T("E72C6EAA-E6A2-404D-B469-5574831884D1")
BOOL isGUID = FALSE;
BOOL CALLBACK EnumWindowsProc(HWND hwnd,DWORD lParam)
{
DWORD mpid;
GetWindowThreadProcessId(hwnd, &mpid);
if (mpid == lParam)
{
int i = GetWindowTextLength(hwnd);
TCHAR szhello[MAX_PATH] = {0};
GetWindowText(hwnd, szhello, i + 1);
if (i > 0)
{
_tcsupr_s(szhello, MAX_PATH);
if (_tcscmp(QQPWDEDIT_GUID, szhello) == 0)
isGUID = TRUE;
}
}
return TRUE;
}
BOOL IsQQPasswordProcess(__in DWORD aProcessId)
{
BOOL ret = FALSE;
isGUID = FALSE;
EnumWindows((WNDENUMPROC)EnumWindowsProc, aProcessId);
return isGUID;
}
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- [Win32]获取当前输入焦点窗口所属进程的进程ID
- WIN32程序获取父进程ID的方法
- [vc win32 console 模式适用]获取输入的密码,以*显示,并支持退格的函数
- WIN32开发:如何获取父进程的ID
- WIN32开发:如何获取父进程的ID
- 微信去除 防欺诈或盗号请不要输入qq密码 的方法
- linux 下获取进程ID 和 进程名
- [转]C#获取窗口进程ID与句柄还有读写内存类
- linux通过进程名获取进程id
- java获取当前进程ID
- C#获取运行程序的进程ID
- 微信开发提示【防盗号或诈骗,请不要输入QQ密码】
- 如何获取父进程的ID
- 怎样通过HOOK获取QQ登录密码
- 百度网盘提交提取密码:根据cookies获取loginId 的js
- android 仿QQ,微信群组里的@功能,支持@多人,并能一键删除,能获取上传对应的id(修改版)
- 根据关键词获取进程ID然后杀掉进程
- jquery获取密码输入框内的密码
- Java获取当前进程ID(PID)
- java代码中获取进程process id(转)