科技行者

行者学院 转型私董会 科技行者专题报道 网红大战科技行者

知识库

知识库 安全导航

至顶网软件频道基础软件鼠标屏幕取词的原码!

鼠标屏幕取词的原码!

  • 扫一扫
    分享文章到微信

  • 扫一扫
    关注官方公众号
    至顶头条

屏幕取词代码,兼问题向高手求教。

作者:wstcwstc 来源:CSDN 2008年3月27日

关键字: 取词 屏幕 鼠标 汇编语言 Linux

  • 评论
  • 分享微博
  • 分享邮件

文件1--HOOKAPIFAR.ASM

; 完成钩子和挂钩DLL,完成向文件输出取词结果

.386
.model flat,stdcall
option casemap:none
;*********************************************************************************************************************
include e:\masm32\include\windows.inc
include e:\masm32\include\kernel32.inc
includelib e:\masm32\lib\kernel32.lib
include e:\masm32\include\user32.inc
includelib e:\masm32\lib\user32.lib
include e:\masm32\include\gdi32.inc
includelib e:\masm32\lib\gdi32.lib
;**********************************************************************************************************************
jmpinto struct;数据结构,用来存储跳转代码
a db ?
newapi dd ?
b db ?
d db ?
jmpinto ends

HookApi proto :DWORD,:DWORD,:DWORD,:DWORD,:DWORD,:DWORD
_SetWindowText proto :DWORD,:DWORD,:DWORD
NTextOutA PROTO :DWORD,:DWORD,:DWORD,:DWORD,:DWORD
NTextOutW PROTO :DWORD,:DWORD,:DWORD,:DWORD,:DWORD
NExtTextOutA PROTO :DWORD,:DWORD,:DWORD,:DWORD,:DWORD,:DWORD,:DWORD,:DWORD
NExtTextOutW PROTO :DWORD,:DWORD,:DWORD,:DWORD,:DWORD,:DWORD,:DWORD,:DWORD
_ptextout typedef PROTO :DWORD,:DWORD,:DWORD,:DWORD,:DWORD
ptextout typedef ptr _ptextout
_pexttextout typedef PROTO :DWORD,:DWORD,:DWORD,:DWORD,:DWORD,:DWORD,:DWORD,:DWORD
pexttextout typedef ptr _pexttextout
;***********************************************************************************************************************
.data?
hText  dd ?
Hhost  dd ?
.data
hHook dd 0
code_ta db 10 dup(0)
code_tw db 10 dup(0)
code_ea db 10 dup(0)
code_ew db 10 dup(0)
tajmpinto jmpinto<0,0,0,0>
twjmpinto jmpinto<0,0,0,0>
eajmpinto jmpinto<0,0,0,0>
ewjmpinto jmpinto<0,0,0,0>
OldTextOutA ptextout 0
OldTextOutW ptextout 0
OldExtTextOutA pexttextout 0
OldExtTextOutW pexttextout 0
hProcess dd ?
PHandle dd 0
PId dd 0
numused  dd 0
szTextOutA db "TextOutA",0
szTextOutW db "TextOutW",0
szExtTextOutA db "ExtTextOutA",0
szExtTextOutW db "ExtTextOutW",0
szGdi32 db "gdi32.dll",0
szFile db "c:\dbg.debug",0
settext dd 0
FileHeader db 0ffh,0feh
;***************************************************************************************************************************************
.code
DllMain proc hInst:HINSTANCE,reason:DWORD,reserved1:DWORD;挂钩API
.if reason==DLL_PROCESS_ATTACH
 push hInst
 pop hProcess
 invoke GetCurrentProcessId
 mov PId,eax
 invoke OpenProcess,PROCESS_ALL_ACCESS,FALSE,PId
 .if(eax==0)
  mov eax,FALSE
  ret
 .endif
 mov PHandle,eax 
 mov eax,hProcess
 .if(eax!=Hhost);在我的XP下似乎只有最后一个函数是输出字符的,但为了扩展我保存了前三个的位置
;  invoke HookApi,addr szGdi32,addr szTextOutA,addr NTextOutA,addr code_ta,addr OldTextOutA,addr tajmpinto
;  invoke HookApi,addr szGdi32,addr szTextOutW,addr NTextOutW,addr code_tw,addr OldTextOutW,addr twjmpinto
;  invoke HookApi,addr szGdi32,addr szExtTextOutA,addr NExtTextOutA,addr code_ea,addr OldExtTextOutA,addr eajmpinto
  invoke HookApi,addr szGdi32,addr szExtTextOutW,addr NExtTextOutW,addr code_ew,addr OldExtTextOutW,addr ewjmpinto
 .endif
 mov eax,TRUE
 ret
.elseif reason==DLL_PROCESS_DETACH;解除挂钩
 mov eax,hProcess
 .if(eax!=Hhost)
;  invoke WriteProcessMemory,PHandle,OldTextOutA,addr code_ta,sizeof code_ta,addr numused
;  invoke WriteProcessMemory,PHandle,OldTextOutW,addr code_tw,sizeof code_tw,addr numused 
;  invoke WriteProcessMemory,PHandle,OldExtTextOutA,addr code_ea,sizeof code_ea,addr numused 
  invoke WriteProcessMemory,PHandle,OldExtTextOutW,addr code_ew,sizeof code_ew,addr numused
 .endif
 mov eax,TRUE
 ret
.endif
mov eax,TRUE
ret
DllMain endp
;/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
MouseProc proc nCode:DWORD,wParam:DWORD,lParam:DWORD;名为鼠标,其实是键盘钩子
local mousepos:POINT
local rect:RECT
LOCAL hWnd:HWND
.if wParam==VK_CONTROL;如果CONTROL被按下
 invoke GetCursorPos,addr mousepos
 invoke WindowFromPoint,mousepos.x,mousepos.y
 mov hWnd,eax
 invoke ScreenToClient,hWnd,addr mousepos
 push mousepos.x
 pop rect.left
 push mousepos.y
 pop rect.top
 push mousepos.x
 pop rect.right
 inc rect.right
 push mousepos.y
 pop rect.bottom
 inc rect.bottom
 invoke InvalidateRect,hWnd,addr rect,TRUE ;发重画消息
.endif
invoke CallNextHookEx,hHook,nCode,wParam,lParam
ret
MouseProc endp

InstallHook proc _hStatic:DWORD,_Hhost;装钩子
 push _Hhost
 pop Hhost
 push _hStatic
 pop hText
 invoke SetWindowsHookEx,WH_KEYBOARD,addr MouseProc,hProcess,NULL
 mov hHook,eax
 ret
InstallHook endp
UnInstallHook proc
 invoke UnhookWindowsHookEx,hHook
 ret
UnInstallHook endp
;/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
HookApi proc uses ebx edi esi szlib,szproc,lpfunc,lpbuffer,lpOld,lpjmpinto;挂钩API
;save first bits
local hDll,lpproc
local meminfo:MEMORY_BASIC_INFORMATION
local numdid
mov esi,lpjmpinto
assume esi:ptr jmpinto
invoke RtlZeroMemory,esi,sizeof jmpinto
mov [esi].a,0b8h
mov eax,lpfunc
mov [esi].newapi,eax
mov [esi].b,0ffh
mov [esi].d,0e0h
invoke LoadLibrary,szlib
mov hDll,eax
invoke GetProcAddress,hDll,szproc
mov edi,lpOld
mov dword ptr[edi],eax
invoke VirtualQueryEx,PHandle,[edi],addr meminfo,sizeof meminfo
invoke VirtualProtectEx,PHandle,meminfo.BaseAddress,0ah,PAGE_EXECUTE_READWRITE,addr meminfo.Protect
invoke GetLastError
invoke ReadProcessMemory,PHandle,[edi],lpbuffer,10,addr numdid
invoke WriteProcessMemory,PHandle,[edi],esi,sizeof jmpinto,addr numdid
ret
HookApi endp
;/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
_SetWindowText proc uses ebx edi esi hWnd,lpBuffer,cbCount;在C:\DBG.DEBUG中自启动之后截获的全部词句
local written
local lpMultiByteStr[256]:BYTE
local @end[2]:BYTE
invoke RtlZeroMemory,addr lpMultiByteStr,sizeof lpMultiByteStr
invoke CreateFile,addr szFile,GENERIC_READ or GENERIC_WRITE,FILE_SHARE_READ or FILE_SHARE_WRITE,NULL,OPEN_EXISTING,NULL,NULL
mov hText,eax
;invoke WriteFile,hText,addr FileHeader,2,addr written,NULL
invoke SetFilePointer,hText,NULL,NULL,FILE_END
;invoke WideCharToMultiByte,CP_ACP,WC_COMPOSITECHECK,lpBuffer,255,addr lpMultiByteStr,sizeof lpMultiByteStr,NULL,NULL
invoke WriteFile,hText,lpBuffer,cbCount,addr written,NULL
;mov @end,0
;mov @end+1,'#'
;invoke WriteFile,hText,addr @end,2,addr written,NULL
invoke CloseHandle,hText
;SendMessage,hWnd,WM_CHAR,'#',1
ret
_SetWindowText endp
;/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
NTextOutA proc uses ebx edi esi hdc,nXStart,nYStart,lpString,cbString;四个被钩函数
pusha
invoke WriteProcessMemory,PHandle,OldTextOutA,addr code_ew,sizeof code_ew,addr numused
push cbString
mov eax,cbString
add cbString,eax
invoke GetAsyncKeyState,VK_CONTROL
and eax,8000h
.if eax
 invoke _SetWindowText,hText,lpString,cbString
.endif
pop cbString
popa
invoke OldTextOutA,hdc,nXStart,nYStart,lpString,cbString
invoke WriteProcessMemory,PHandle,OldTextOutA,addr tajmpinto,sizeof tajmpinto,addr numused
ret
NTextOutA endp

NTextOutW proc uses ebx edi esi hdc,nXStart,nYStart,lpString,cbString
pusha
invoke WriteProcessMemory,PHandle,OldTextOutW,addr code_ew,sizeof code_ew,addr numused
push cbString
mov eax,cbString
add cbString,eax
invoke GetAsyncKeyState,VK_CONTROL
and eax,8000h
.if eax
 invoke _SetWindowText,hText,lpString,cbString
.endif
pop cbString
popa
invoke OldTextOutW,hdc,nXStart,nYStart,lpString,cbString
invoke WriteProcessMemory,PHandle,OldTextOutW,addr twjmpinto,sizeof twjmpinto,addr numused
ret
NTextOutW endp

NExtTextOutA proc uses ebx edi esi hdc,X,Y,fuOptions,lprc,lpString,cbCount,lpDx
pusha
invoke WriteProcessMemory,PHandle,OldExtTextOutA,addr code_ew,sizeof code_ew,addr numused
push cbCount
mov eax,cbCount
add cbCount,eax
invoke GetAsyncKeyState,VK_CONTROL
and eax,8000h
.if eax
 invoke _SetWindowText,hText,lpString,cbCount
.endif
pop cbCount
popa
invoke OldExtTextOutA,hdc,X,Y,fuOptions,lprc,lpString,cbCount,lpDx
invoke WriteProcessMemory,PHandle,OldExtTextOutA,addr ewjmpinto,sizeof eajmpinto,addr numused
ret
NExtTextOutA endp

NExtTextOutW proc uses ebx edi esi hdc,X,Y,fuOptions,lprc,lpString,cbCount,lpDx
pusha
invoke WriteProcessMemory,PHandle,OldExtTextOutW,addr code_ew,sizeof code_ew,addr numused
push cbCount
mov eax,cbCount
add cbCount,eax
invoke GetAsyncKeyState,VK_CONTROL
and eax,8000h
.if eax
 invoke _SetWindowText,hText,lpString,cbCount
.endif
pop cbCount
popa
invoke OldExtTextOutW,hdc,X,Y,fuOptions,lprc,lpString,cbCount,lpDx
invoke WriteProcessMemory,PHandle,OldExtTextOutW,addr ewjmpinto,sizeof ewjmpinto,addr numused
ret
NExtTextOutW endp
end DllMain

文件2-HOOKAPIFAR.DEF

EXPORTS InstallHook
  UnInstallHook

文件3-HOOKAPIFARMAIN.ASM-尚未完成的主界面,也是我求教的地方

.386
.model flat,stdcall
option casemap:none
;*********************************************************************************************************************
include e:\masm32\include\windows.inc
include e:\masm32\include\kernel32.inc
includelib e:\masm32\lib\kernel32.lib
include e:\masm32\include\user32.inc
includelib e:\masm32\lib\user32.lib
;**********************************************************************************************************************
DialogMain proto :DWORD,:DWORD,:DWORD,:DWORD
InstallHookA typedef proto :DWORD,:DWORD
InstallHookB typedef ptr InstallHookA
UnInstallHookA typedef proto
UnInstallHookB typedef ptr UnInstallHookA
;***********************************************************************************************************************
.const
IDD_MAIN equ 1000
IDC_WORD equ 1001
;***********************************************************************************************************************
.data?
numused  dd ?
hProcess dd ?
hText  dd ?
.data
FileHeader db 0ffh,0feh
szlib db "hookapifar.dll",0
hlib dd 0
InstallHook InstallHookB 0
UnInstallHook UnInstallHookB 0
szinstall db "InstallHook",0
szuninstall db "UnInstallHook",0
szClassNotePad db "Notepad",0
szFile db "c:\dbg.debug",0;这个文件输出最后的取词结果,可以用记事本打开看之
hNotepad dd ?
written dd 0
;***************************************************************************************************************************
.code
_main:
invoke GetModuleHandle,NULL
mov hProcess,eax
invoke LoadLibrary,addr szlib
mov hlib,eax
invoke GetLastError
invoke GetProcAddress,hlib,addr szinstall
mov InstallHook,eax
invoke GetProcAddress,hlib,addr szuninstall
mov UnInstallHook,eax
invoke CreateFile,addr szFile,GENERIC_READ or GENERIC_WRITE,FILE_SHARE_READ or FILE_SHARE_WRITE,NULL,CREATE_ALWAYS,NULL,NULL
mov hText,eax
invoke WriteFile,hText,addr FileHeader,2,addr written,NULL;UNICODE的记事本文件头写入
invoke CloseHandle,hText
invoke DialogBoxParam,hProcess,IDD_MAIN,NULL,DialogMain,NULL
invoke ExitProcess,NULL
;///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
DialogMain proc uses ebx edi esi hWnd,uMsg,wParam,lParam
local _buffer[100]:BYTE
local hdc:HDC
local mousepos:POINT
local rect:RECT
local keystate[256]:BYTE
.if uMsg==WM_CLOSE
 invoke EndDialog,hWnd,NULL
 invoke UnInstallHook
.elseif uMsg==WM_INITDIALOG
 invoke SetWindowPos,hWnd,HWND_TOPMOST,0,0,0,0,SWP_NOSIZE
 invoke InstallHook,hText,hProcess
.else
 mov eax,FALSE
 ret
.endif
mov eax,TRUE
ret
DialogMain endp
end _main

#include <e:\masm32\include\resource.h>
#define IDD_MAIN 1000
#define IDC_WORD 1001

文件四-HOOKAPIFAR.RC

IDD_MAIN DIALOG DISCARDABLE  0, 0, 187, 60
STYLE DS_MODALFRAME | WS_POPUP | WS_CAPTION | WS_SYSMENU
CAPTION "getword"
FONT 10, "System"
BEGIN

hookapifar.obj /Dll /Section:.bss,S /Def:f:\technique\hookapifar.def
    EDITTEXT        IDC_WORD,16,22,149,12,ES_LEFT
END

文件五:ML.BAT:

e:

cd masm32

cd bin

ml /c /coff /Zi /Cp f:\technique\hookapifarmain.asm

link /subsystem:windows /DEBUG /DEBUGTYPE:CV hookapifarmain.obj f:\technique\hookapifar.res

ml /c /coff /Zi /Cp f:\technique\hookapifar.asm

link /subsystem:windows /DEBUG /DEBUGTYPE:CV

编译时要保证MASM32在E盘中,或者改下我的程序中路径

这个程序不大,但已经竭尽我的全力(菜鸟哈),它可以取词,并把结果输出到C:\DBG.DEBUG文件中,大家可以打开看看

但这里我想问下做过的人,你们做的时候是如何拼接字串的?我的实验表明WINDOWS输出哪怕是屏幕上的图标的字符也要调用几次EXTTEXTOUTW那么如何去把一个一个字串拼成一个完整的呢?

    • 评论
    • 分享微博
    • 分享邮件
    邮件订阅

    如果您非常迫切的想了解IT领域最新产品与技术信息,那么订阅至顶网技术邮件将是您的最佳途径之一。

    重磅专题
    往期文章
    最新文章