[Win32]获取QQ密码输入框所属进程ID
2013-11-12 09:18
239 查看
这个得分32位和64位系统。由于QQ的保护驱动挂钩了NtOpenProcess,因此在32位下无法在用户态通过获取QQ加载模块来判断是否是登陆框。
先来64位的:
再来32位的:
先来64位的:
BOOL IsQQPasswordProcessInWow64(__in DWORD aProcessId) { int errCode = ERROR_SUCCESS; TCHAR dbgStr[1024] = {0}; HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, aProcessId); if (hProcess == NULL) { ZeroMemory(dbgStr, 1024 * sizeof(TCHAR)); _stprintf_s(dbgStr, 1024, _T("OpenProcess failed . errCode : %d\n"), GetLastError()); tcout<<dbgStr; OutputDebugString(dbgStr); return FALSE; } TCHAR processImagePath[MAX_PATH] = {0}; DWORD ret = GetProcessImageFileName(hProcess, processImagePath, MAX_PATH); if (ret == 0) { ZeroMemory(dbgStr, 1024 * sizeof(TCHAR)); _stprintf_s(dbgStr, 1024, _T("GetProcessImageFileName failed . errCode : %d\n"), GetLastError()); tcout<<dbgStr; OutputDebugString(dbgStr); } TCHAR processName[MAX_PATH] = {0}; GetModuleNameFromPath(processImagePath, processName); _tcsupr_s(processName, MAX_PATH); HMODULE hMods[1024] = {0}; DWORD cbm = sizeof(hMods); DWORD neededm = 0; BOOL b2 = EnumProcessModules(hProcess, hMods, cbm, &neededm); if (!b2) { ZeroMemory(dbgStr, 1024 * sizeof(TCHAR)); _stprintf_s(dbgStr, 1024, _T("EnumProcessModules failed . errCode : %d\n"), GetLastError()); tcout<<dbgStr; OutputDebugString(dbgStr); CloseHandle(hProcess); return FALSE; } DWORD modulesCounts = neededm / sizeof(DWORD); BOOL isFind = FALSE; for (DWORD j = 0; j < modulesCounts; ++j) { TCHAR moduleName[MAX_PATH] = {0}; DWORD ret2 = GetModuleFileNameEx(hProcess, hMods[j], moduleName, MAX_PATH); if (ret2 == 0) { ZeroMemory(dbgStr, 1024 * sizeof(TCHAR)); _stprintf_s(dbgStr, 1024, _T("\tGetModuleFileNameEx failed. errCode : %d\n"), GetLastError()); tcout<<dbgStr; OutputDebugString(dbgStr); continue; } ZeroMemory(dbgStr, 1024 * sizeof(TCHAR)); TCHAR name[MAX_PATH] = {0}; GetModuleNameFromPath(moduleName, name); _tcsupr_s(name, MAX_PATH); if (_tcscmp(name, MODULE_NAME) == 0) { isFind = TRUE; break; } } CloseHandle(hProcess); return isFind; }
再来32位的:
#define QQPWDEDIT_GUID _T("E72C6EAA-E6A2-404D-B469-5574831884D1") BOOL isGUID = FALSE; BOOL CALLBACK EnumWindowsProc(HWND hwnd,DWORD lParam) { DWORD mpid; GetWindowThreadProcessId(hwnd, &mpid); if (mpid == lParam) { int i = GetWindowTextLength(hwnd); TCHAR szhello[MAX_PATH] = {0}; GetWindowText(hwnd, szhello, i + 1); if (i > 0) { _tcsupr_s(szhello, MAX_PATH); if (_tcscmp(QQPWDEDIT_GUID, szhello) == 0) isGUID = TRUE; } } return TRUE; } BOOL IsQQPasswordProcess(__in DWORD aProcessId) { BOOL ret = FALSE; isGUID = FALSE; EnumWindows((WNDENUMPROC)EnumWindowsProc, aProcessId); return isGUID; }
相关文章推荐
- [Win32]获取当前输入焦点窗口所属进程的进程ID
- WIN32程序获取父进程ID的方法
- [vc win32 console 模式适用]获取输入的密码,以*显示,并支持退格的函数
- WIN32开发:如何获取父进程的ID
- WIN32开发:如何获取父进程的ID
- 微信去除 防欺诈或盗号请不要输入qq密码 的方法
- linux 下获取进程ID 和 进程名
- [转]C#获取窗口进程ID与句柄还有读写内存类
- linux通过进程名获取进程id
- java获取当前进程ID
- C#获取运行程序的进程ID
- 微信开发提示【防盗号或诈骗,请不要输入QQ密码】
- 如何获取父进程的ID
- 怎样通过HOOK获取QQ登录密码
- 百度网盘提交提取密码:根据cookies获取loginId 的js
- android 仿QQ,微信群组里的@功能,支持@多人,并能一键删除,能获取上传对应的id(修改版)
- 根据关键词获取进程ID然后杀掉进程
- jquery获取密码输入框内的密码
- Java获取当前进程ID(PID)
- java代码中获取进程process id(转)