Nicely done on the project. As for all the comments about the validity of this project;
this is a great exercise on windows hook, IPC, and memory maps.
I was playing around on my 64bit OS, and found a couple small glitches.
Here is what I did to fix it, if anyone is interested:
----- change CreateFileMapping to use predefined (ln 33)----
m_hFileMap = CreateFileMapping(INVALID_HANDLE_VALUE,
----- change pointer math in ReadIPCMMF
bool CIPC::ReadIPCMMF(LPBYTE pBuf, DWORD &dwBufSize)
{
_ASSERTE(pBuf);
bool bSuccess = true;
try
{
if(m_hFileMap == NULL)
return false;
DWORD* pdwBaseMMF = (DWORD*)MapViewOfFile(m_hFileMap, FILE_MAP_READ | FILE_MAP_WRITE, 0, 0, 0);
_ASSERTE(pdwBaseMMF);
// The first DWORD in the MMF contains the size of the data
DWORD dwSizeofInBuf = dwBufSize;
dwBufSize = *pdwBaseMMF;
if(dwSizeofInBuf != 0)
{
if(dwBufSize > dwSizeofInBuf)
bSuccess = false;
else
CopyMemory(pBuf, pdwBaseMMF + 1, dwBufSize);
}
UnmapViewOfFile((LPVOID)pdwBaseMMF);
}
catch(...) {}
return bSuccess;
}
----- change pointer math in WriteIPCMMF
bool CIPC::WriteIPCMMF(const LPBYTE pBuf, const DWORD dwBufSize)
{
_ASSERTE(pBuf);
bool bSuccess = true;
try
{
if(m_hFileMap == NULL)
return false;
DWORD* pdwBaseMMF = (DWORD*)MapViewOfFile(m_hFileMap, FILE_MAP_READ | FILE_MAP_WRITE, 0, 0, 0);
_ASSERTE(pdwBaseMMF);
// The first DWORD in the MMF contains the size of the data
*pdwBaseMMF = dwBufSize;
CopyMemory(pdwBaseMMF + 1, pBuf, dwBufSize);
UnmapViewOfFile((LPVOID)pdwBaseMMF);
}
catch(...) {}
return bSuccess;
}
Reply
I Came. I Saw. I Read. now... XP is Dead. Great Going Sir.Reply
Originally posted by: John T Edwards
"It should be noted that PasswordSpy is not intended for mischievous purposes."
Can you explain to me some other valid purpose for this?
Reply
Originally posted by: Brian Friesen
Several people have brought it to my attention that Norton AntiVirus reports that PwdSpyHk.dll is the "Power Spider" virus. This is a false positive, PasswordSpy is not a virus! What has apparently happened is some developer out there with malicious intentions has used my article and my source code to write a virus, which has since been dubbed "Power Spider." But because this virus was written using my source code to do part of its evil work, NAV confuses PasswordSpy with this virus. I have contacted Norton about this issue, but it is clear Norton does not care one iota about resolving this, nor are they willing to admit their scanner is producing a false positive. Interestingly enough, other virus scanners (such as McAfee) which also scan for Power Spider do not confuse it with PasswordSpy. Only NAV has this problem, which only confirms my feelings that NAV is a ****py product.
Anyway, I have just updated the source code and downloads for PasswordSpy. NAV will not confuse this new version with Power Spider. However all previous downloads will have this problem.
If you don't believe me that PasswordSpy is not a virus, then you don't have to download or use it. But as a developer you can read through all the source code and compile it for yourself, so you should be able to see PasswordSpy is indeed NOT A VIRUS.
Oh, if the developer who wrote Power Spider is reading this post, I have one thing to say to you. You SUCK!
Brian
Originally posted by: Angry
for a litle, i woud catch two virusis downloading your spy password so please put you]r program on hack sites to fake same beginners
by,by beginners
Reply
Originally posted by: D. Richter
When I began proramming I was told to visualize windows sockets as if the Unix input/output redirection of porting code was a fair similarity, or baseline. The streaming of source through the compiler should occur as the directives lead them and the libraries pre-defined the system calls. I salute your coding prowess. Passing a command line to the main() as opposed to invoking one almost forced a retalation of an applet that would stream as data upon loading a browser, define itself as a provider of data objects, and verify that expanded cab files having digital signatures of a recognizable flow in IE. This code of yours combined with a working ability to use TCP/IP should be formidable against an applet that serves to emulate a terminal, or display type, yet get straight to an IP and evade the dns resolution and proxy detection. When script embedded in tags loads and the data is consumed to output graphics that alter baud, font, key stroke appearance at will, while noting a text buffer, your code is good at what is meant to do. If IE is an interface shell shell program with maybe a different tree structure or search query than browsers that offer a different channel selection (with server connection), decompiling script to get to the difficult remains standard while every transaction on IE is cached, much more than URL history, cookies, and temp files. Build ups, unrequested information, etc. While this caching is meant to balance abstract and the concrete, it may be missing character counting and data window possibilites, as it also(probably in an effort to speed up patching), allow downloading so they can install these updates, maybe noting system and device files noted during initiation to see if who is who. sequential security get easily predicted tospike a dll and force the excess to overflow into the system. That's why I try to learn. When he data structures are perfect tolet the program run, the algorithms used provide options for strings or what bits are so frequent they encode easily.
The data boxes are easy calcuations. Which ones steal the bandwidth or which ones are field for input are options in your open source. Have a good one.
Originally posted by: forgie
with SP2 installed on win XP it looks Microsoft has fixed bug.
It does not function any more. I can see just stairs : *****
forgie
ReplyOriginally posted by: Karunakar
hello sir,
Actually every time when i used to logon to my system I thought of hacking that password.U have made life easy for me.thank u .
Originally posted by: Kaustuv Basu
this is a great application software for the administrators of the machines. we system administrators need some of these to keep track of the authorised person.
Originally posted by: ZHEFU ZHANG
Hi, Brian:
I am the author of http://www.codeguru.com/ieprogram/SPwdSpy.html
Thank you very much for the base work of Password Peeker. I used your resource file directly for I like the style of it.
And also one word, the Arnold head is really cool, I love it. In this July 3, we can see <<Terminator 3>>.
Nice work of yours!