The pretender独家出品
从我们最简单的分析 在客户端上安装阿里旺旺或者直接安装ActiveX完全能够很清晰的看到用户的本机信息。 首先在客户端上安装旺旺 一般手法是建立一个权限 简称健权 然后我这边是简单调用C语言 下面这个是我本人写的一些代码 可以调用出很多信息 你们可以参考下 如果代码看不懂得话 直接看我上面的标题 Ps 阿里工程师很强大 远比我复杂
操作系统的登录用户名
string GetUserName()
{
try
{
string st = "";
ManagementClass mc = new ManagementClass("Win32_ComputerSystem");
ManagementObjectCollection moc = mc.GetInstances();
foreach (ManagementObject mo in moc)
{
st = mo["UserName"].ToString();
}
moc = null;
mc = null;
return st;
}
catch
{
return "unknow";
}
finally
{ }
}
获取MAC地址
string GetMacAddress()
{
try
{
//获取网卡硬件地址
string mac = "";
ManagementClass mc = new ManagementClass("Win32_NetworkAdapterConfiguration");
ManagementObjectCollection moc = mc.GetInstances();
foreach (ManagementObject mo in moc)
{
if ((bool)mo["IPEnabled"] == true)
{
mac = mo["MacAddress"].ToString();
break;
}
}
moc = null;
mc = null;
return mac;
}
catch
{
return "unknow";
}
finally
{ }
}
获取IP地址
///
/// 获取客户端内网IP地址
///
///
private static string getClientLocalIPAddress()
{
string localIP=null;
try
{
IPHostEntry ipHost = System.Net.Dns.GetHostEntry(Dns.GetHostName());// Dns.Resolve(Dns.GetHostName()); ;
IPAddress ipaddress = ipHost.AddressList[0];
localIP = ipaddress.ToString();
return "内网IP地址:"+localIP;
}
catch
{
return "内网IP地址:unknown";
}
finally
{ }
}
///
/// 获得客户端外网IP地址
///
///
public static string getClientInternetIPAddress()
{
string internetAddress = "";
try
{
using (WebClient webClient = new WebClient())
{
internetAddress = webClient.DownloadString("http://www.coridc.com/ip");//从外部网页获得IP地址
//判断IP是否合法
if (!System.Text.RegularExpressions.Regex.IsMatch(internetAddress, "[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}"))
{
internetAddress = webClient.DownloadString("http://fw.qq.com/ipaddress");//从腾讯提供的API中获得IP地址
}
}
return "外网IP地址:" + internetAddress;
}
catch
{
return "外网IP地址:unknown";
}
finally
{ }
}
获取硬盘ID
string GetDiskID()
{
try
{
String HDid = "";
ManagementClass mc = new ManagementClass("Win32_DiskDrive");
ManagementObjectCollection moc = mc.GetInstances();
foreach (ManagementObject mo in moc)
{
//HDid = (string)mo.Properties["Model"].ToString();
HDid = (String)mo.Properties["Model"].Value.ToString();
}
moc = null;
mc = null;
return HDid;
}
catch
{
return "unknow";
}
finally
{ }
}
获取CPUid
string GetCpuID()
{
try
{
//获取CPU序列号代码
string cpuInfo = "";//cpu序列号
ManagementClass mc = new ManagementClass("Win32_Processor");
ManagementObjectCollection moc = mc.GetInstances();
foreach (ManagementObject mo in moc)
{
cpuInfo = mo.Properties["ProcessorId"].Value.ToString();
}
moc = null;
mc = null;
return cpuInfo;
}
catch
{
return "unknow";
}
finally
{ }
}
系统名称
string GetSystemType()
{
try
{
string st = "";
ManagementClass mc = new ManagementClass("Win32_ComputerSystem");
ManagementObjectCollection moc = mc.GetInstances();
foreach (ManagementObject mo in moc)
{
st = mo["SystemType"].ToString();
}
moc = null;
mc = null;
return st;
}
catch
{
return "unknow";
}
finally
{ }
}
获取物理内存
string GetTotalPhysicalMemory()
{
try
{
string st = "";
ManagementClass mc = new ManagementClass("Win32_ComputerSystem");
ManagementObjectCollection moc = mc.GetInstances();
foreach (ManagementObject mo in moc)
{
st = mo["TotalPhysicalMemory"].ToString();
}
moc = null;
mc = null;
return st;
}
catch
{
return "unknow";
}
finally
{ }
}
这段代码 直接挖到心脏处
BIOS 编号,支持 AMI, AWARD, PHOENIX
SIZE_T ssize; word/media/image1.gifword/media/image1.gif LARGE_INTEGER so; word/media/image1.gif so.LowPart=0x000f0000;word/media/image1.gif so.HighPart=0x00000000; word/media/image1.gif ssize=0xffff; word/media/image1.gif wchar_t strPH[30]=L\\device\\physicalmemory; word/media/image1.gifword/media/image1.gif DWORD ba=0;word/media/image1.gifword/media/image1.gif UNICODE_STRING struniph; word/media/image1.gif struniph.Buffer=strPH; word/media/image1.gif struniph.Length=0x2c; word/media/image1.gif struniph.MaximumLength =0x2e; word/media/image1.gifword/media/image1.gif OBJECT_ATTRIBUTES obj_ar; word/media/image1.gif obj_ar.Attributes =64;word/media/image1.gif obj_ar.Length =24;word/media/image1.gif obj_ar.ObjectName=&struniph;word/media/image1.gif obj_ar.RootDirectory=0; word/media/image1.gif obj_ar.SecurityDescriptor=0; word/media/image1.gif obj_ar.SecurityQualityOfService =0; word/media/image1.gifword/media/image1.gif HMODULE hinstLib = LoadLibrary("ntdll.dll"); word/media/image1.gif ZWOS ZWopenS=(ZWOS)GetProcAddress(hinstLib,"ZwOpenSection"); word/media/image1.gif ZWMV ZWmapV=(ZWMV)GetProcAddress(hinstLib,"ZwMapViewOfSection"); word/media/image1.gif ZWUMV ZWunmapV=(ZWUMV)GetProcAddress(hinstLib,"ZwUnmapViewOfSection"); word/media/image1.gif word/media/image1.gif //调用函数,对物理内存进行映射 word/media/image1.gif HANDLE hSection; word/media/image1.gif if( 0 == ZWopenS(&hSection,4,&obj_ar) && word/media/image1.gif 0 == ZWmapV( word/media/image1.gif ( HANDLE )hSection, //打开Section时得到的句柄 word/media/image1.gif ( HANDLE )0xFFFFFFFF, //将要映射进程的句柄, word/media/image1.gif &ba, //映射的基址 word/media/image1.gif 0,word/media/image1.gif 0xFFFF, //分配的大小 word/media/image1.gif &so, //物理内存的地址 word/media/image1.gif &ssize, //指向读取内存块大小的指针 word/media/image1.gif 1, //子进程的可继承性设定 word/media/image1.gif 0, //分配类型 word/media/image1.gif 2 //保护类型 word/media/image1.gif ) )word/media/image1.gif //执行后会在当前进程的空间开辟一段64k的空间,并把f000:0000到f000:ffff处的内容映射到这里 word/media/image1.gif //映射的基址由ba返回,如果映射不再有用,应该用ZwUnmapViewOfSection断开映射 word/media/image2.gif {word/media/image1.gif BYTE* pBiosSerial = ( BYTE* )ba;word/media/image1.gif UINT uBiosSerialLen = FindAwardBios( &pBiosSerial );word/media/image1.gif if( uBiosSerialLen == 0U )word/media/image2.gif {word/media/image1.gif uBiosSerialLen = FindAmiBios( &pBiosSerial );word/media/image1.gif if( uBiosSerialLen == 0U )word/media/image2.gif {word/media/image1.gif uBiosSerialLen = FindPhoenixBios( &pBiosSerial );word/media/image3.gif }word/media/image3.gif }word/media/image1.gif if( uBiosSerialLen != 0U )word/media/image2.gif {word/media/image1.gif CopyMemory( szSystemInfo + uSystemInfoLen, pBiosSerial, uBiosSerialLen );word/media/image1.gif uSystemInfoLen += uBiosSerialLen;word/media/image3.gif }word/media/image1.gif ZWunmapV( ( HANDLE )0xFFFFFFFF, ( void* )ba );word/media/image3.gif }word/media/image4.gif }word/media/image5.gif // 完毕, 系统特征码已取得。
然后就是ActiveX了 在功能上,插件通常是用来渲染页面里的 或 标签;不会增加浏览器自身的功能。 插件通常实现比较底层的功能,一般以操作系统的本地代码(也叫"原生代码")编写,可以调用操作系统的 API。形式上,插件以动态库(Windows 上就是 DLL 文件)的方式,加载到浏览器的进程内。所以说安装了淘宝旺旺登录不同的小号去做操作 那是必死的,同样的如果不安装淘宝旺旺 安装支付宝控件 也是一样必死的。方法在哪里?百度 the pretender 刷销量
本文来源:https://www.2haoxitong.net/k/doc/0377042502020740be1e9b7c.html
文档为doc格式