TebBaseAddress PVOID ? ; PTEB
ClientId CLIENT_ID <> ; 8h
AffinityMask DWORD ? ;
Priority DWORD ?
BasePriority DWORD ?
THREAD_BASIC_INFORMATION ENDS
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
; 子程序声明
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_ProcDlgMain PROTO :DWORD,:DWORD,:DWORD,:DWORD
ViewPass proto
_ProcessPeFile proto :dword
GetUnknowVarOffset proto
GetUser32Base proto :dword
CheckOS proto
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
; Equ 数据
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
.const
STATUS_SUCCESS equ 0
ThreadBasicInformation equ 0
DLG_MAIN equ 1000
ID_PWD equ 1001
IDB_1 equ 1
IDC_BMP equ 108
RGB MACRO red, green, blue
xor eax, eax
mov al, blue ; blue
rol eax, 8
mov al, green ; green
rol eax, 8
mov al, red ; red
ENDM
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
; 数据段
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
.data
hWinMain dd ?
vp db ’viewpass 0.1 codz czy’,0
PASSLEN DD ?
ENCODE DD ?
WINTHREADID DD ?
WINHAND DD 0
unknownvar DD ?
VirtualAddress dd ?
VirtualSize dd ?
VarOffset dd ?
modbase dd ?
lenoffset dd ?
passoffset dd ?
Tahoma db ’Tahoma’,0
editname db ’EdIt’,0
Richeditname db ’RichEdit20W’,0
dataname db ’.data ’,0
erros db ’不是吧,还在用WIN9X/NT4’,0
nowin db ’找不到主窗体’,0
nowin2 db ’找不到子窗体中的密码窗口’,0
errnowow db ’不能找到UserRegisterWowHandlers函数地址’,0
errnocode db ’不能找到UserRegisterWowHandlers函数中相匹配的机器码’,0
erropenthread db ’不能打开线程’,0
errgetteb db ’打开线程但不能得到TEB’,0
errnorealcid db ’不能得到TEB中的RealClientID’,0
errnounknowvar db ’不能从user32.dll中找到未知变量’,0
passerr db ’密码太长或为空’,0
tebformat db ’TEB %x’,0
varformat db ’user32.dll gSharedInfo addr:%x’,0
varformat2 db ’GUI TABLE in user modle addr:%08x’,0
realcidformat db ’real cid:%x’,0
Wndformat db ’pass window hand:%x,win thread id:%x’,0
wndcontformat db ’win struct:%x’,0
passaddrformat db ’pass addr:%x’,0
passlenformat db ’pass len:%d’,0
passformat db ’pass decode is:%x’,0
user32dll db ’user32.dll’,0
Ntdll db "NTDLL.DLL",0
_UserRegisterWowHandlers db "UserRegisterWowHandlers",0
_ZwQueryInformationThread db "ZwQueryInformationThread",0
THREADHAND DD 0
apiquerthread dd ?
Pthreadinfo dd ?
.data?
hInstance dd ?
szBuffer db 256 dup (?)
buffervar db 32 dup (?)
buffervar2 db 32 dup (?)
bufferteb db 32 dup (?)
bufferPassWnd db 32 dup (?)
bufferrealcid db 32 dup (?)
bufferwndcont db 32 dup (?)
bufferpassaddr db 32 dup (?)
bufferpasslen db 32 dup (?)
bufferpass1 db 128 dup (?)
bufferuni db 256 dup (?)
classname db 128 dup (?)
buffer1 db 128 dup (?)
buffercode db 1024 dup (?)
.code
;********************************************************************
ViewPass proc
LOCAL parid:dword
LOCAL threadinfTHREAD_BASIC_INFORMATION
上一页 1 2 3 4 5 6 7 8 9 10 下一页 |
安全中国首页 > 文章中心 > 黑客编程