VC编程实现IE7 IE8 IE9自动完成口令获取

/****************************************************************************************************

都是网上的代码，自己组合起来的，刚开始报很多错误，花了很多时间终于搞定了

环境：VC6.0+SDK（SDK必须）

简单说明：IE7 IE8 IE9将网站的URL保存于历史文件中，将自动完成的密码保存于注册表中的以下位置:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2。

很简单，有我的部分注释，哈哈。

****************************************************************************************************/

#include "stdio.h"
#include <windows.h>
#define _WIN32_WINNT 0x0500 //必须，否则wincrypt.h用不了，报很多错误，郁闷
#include <Wincrypt.h>
#include "COMDEF.H"
#include "URLHIST.H" // Needed for IUrlHistoryStg2 and IID_IUrlHistoryStg2
#include <shlguid.h> // Needed for CLSID_CUrlHistory
#define URL_HISTORY_MAX 5000
#pragma comment(lib, "Crypt32.lib")

int GetUrlHistory(wchar_t *UrlHistory[URL_HISTORY_MAX])
{
int max = 0;
CoInitialize(NULL);
IUrlHistoryStg2* pUrlHistoryStg2=NULL;
HRESULT hr = CoCreateInstance(CLSID_CUrlHistory, NULL, CLSCTX_INPROC_SERVER,IID_IUrlHistoryStg2,(void**)(&pUrlHistoryStg2));
if(SUCCEEDED(hr))
{
IEnumSTATURL* pEnumUrls;
hr = pUrlHistoryStg2->EnumUrls(&pEnumUrls);
if (SUCCEEDED(hr))
{
STATURL StatUrl[1];
ULONG ulFetched;
while (max<URL_HISTORY_MAX && (hr = pEnumUrls->Next(1, StatUrl, &ulFetched)) == S_OK){
if (StatUrl->pwcsUrl != NULL)
{
wchar_t *p;
if(NULL!=(p = wcschr(StatUrl->pwcsUrl,'?')))
*p='\0';
UrlHistory[max] = new wchar_t[wcslen(StatUrl->pwcsUrl)+1];
wcscpy(UrlHistory[max],StatUrl->pwcsUrl);
max++;
}
}
pEnumUrls->Release();
}
pUrlHistoryStg2->Release();
}
CoUninitialize();
return max;
}
//计算hash
void GetHashStr(wchar_t *Password,char *HashStr)
{
HashStr[0]='\0';
HCRYPTPROV hProv = NULL;
HCRYPTHASH hHash = NULL;
CryptAcquireContext(&hProv, 0,0,PROV_RSA_FULL,0);
if(CryptCreateHash(hProv,CALG_SHA1, 0, 0,&hHash))
{
if(CryptHashData(hHash,(unsigned char *)Password,(wcslen(Password)+1)*2,0))
{
DWORD dwHashLen=20;
BYTE Buffer[20];
if(CryptGetHashParam(hHash,HP_HASHVAL,Buffer,&dwHashLen,0))
{
CryptDestroyHash(hHash);
CryptReleaseContext(hProv, 0);
char TmpBuf[128];
unsigned char tail=0;
for(int i=0;i<20;i++){
unsigned char c = Buffer[i];
tail+=c;
wsprintf(TmpBuf,"%s%2.2X",HashStr,c);
strcpy(HashStr,TmpBuf);
}
wsprintf(TmpBuf,"%s%2.2X",HashStr,tail);
strcpy(HashStr,TmpBuf);
}
}
}
}
//数据输出
void PrintData(char *Data)
{
unsigned int HeaderSize;
unsigned int DataSize;
unsigned int DataMax;
memcpy(&HeaderSize,&Data[4],4); //the 4th byte from the beginning is Header size
memcpy(&DataSize,&Data[8],4); //the 8th byte from the beginning is Data size
memcpy(&DataMax,&Data[20],4); //the 20th byte from the beginning is Data number
printf("HeaderSize=%d DataSize=%d DataMax=%d\n",HeaderSize,DataSize,DataMax);
char *pInfo = &Data[36];
char *pData = &Data[HeaderSize];
// afterwards, the same number of information data (16 bytes) as the data number comes
for(int n=0;n<DataMax;n++)
{
FILETIME ft,ftLocal;
SYSTEMTIME st;
unsigned int offset;
memcpy(&offset,pInfo,4); // the null byte from the beginning of information data is the offset of the data
memcpy(&ft,pInfo+4,8); // the 4th byte from the beginning of information data is the date
// the 12th byte from the beginning of information data is    the data length
FileTimeToLocalFileTime(&ft,&ftLocal);
FileTimeToSystemTime(&ftLocal, &st);
char TmpBuf[1024];
int l = ::WideCharToMultiByte(CP_THREAD_ACP, 0,(wchar_t*)
&Data[HeaderSize+12+offset], -1, NULL, 0, NULL, NULL );
if(-1!=l)
{
::WideCharToMultiByte(CP_THREAD_ACP, 0, (wchar_t*)&Data[HeaderSize+12+offset],
wcslen((wchar_t*)&Data[HeaderSize+12+offset])+1, TmpBuf, l, NULL, NULL );
printf("[%d][%4.4d/%2.2d/%2.2d %2.2d:%2.2d]%s\n",n,st.wYear,st.wMonth,st.wDay,st.wHour,st.wMinute,TmpBuf);
}
pInfo+=16;
}
}

int main()
{
// TODO: Place code here.
wchar_t *UrlHistory[URL_HISTORY_MAX];
int UrlListoryMax = GetUrlHistory(UrlHistory);
char *KeyStr = {"Software\\Microsoft\\Internet Explorer\\IntelliForms\\Storage2"};
HKEY hKey;
if(ERROR_SUCCESS==RegOpenKeyEx(HKEY_CURRENT_USER,KeyStr,0,KEY_QUERY_VALUE,&hKey)){
for(int i=0;;i++)
{
char Val[1024];
DWORD Size = 1024;
if(ERROR_NO_MORE_ITEMS==RegEnumValue(hKey,i,Val, &Size, NULL,NULL, NULL, NULL))//i Storage2下第i个键值，返回键的名称
break;
for(int n=0;n<UrlListoryMax;n++)
{
char HashStr[1024];
GetHashStr(UrlHistory
,HashStr);
if(strcmp(Val,HashStr)==0)
{
printf("ur : %ls\n",UrlHistory
);
printf("hash : %s\n",HashStr);
DWORD BufferLen;
DWORD dwType;
RegQueryValueEx(hKey,Val,0,&dwType,NULL,&BufferLen);
BYTE *Buffer = new BYTE[BufferLen];
if(RegQueryValueEx(hKey,Val,0,&dwType,Buffer,&BufferLen)==ERROR_SUCCESS)
{
DATA_BLOB DataIn;
DATA_BLOB DataOut;
DATA_BLOB OptionalEntropy;
DataIn.pbData = Buffer;
DataIn.cbData = BufferLen;
OptionalEntropy.pbData = (unsigned char *)UrlHistory
;
OptionalEntropy.cbData = (wcslen(UrlHistory
)+1)*2;

//CryptUnprotectData 确实在Wincrypt.h中，但是是定义在 Platform SDK中
if(CryptUnprotectData(&DataIn,0,&OptionalEntropy,NULL,NULL,1,&DataOut)){

PrintData((char *)DataOut.pbData); //纯粹的数据输出
//printf("%s\n",(char *)DataOut.pbData);
LocalFree(DataOut.pbData);
}
delete Buffer;
}
break;
}
}
}
RegCloseKey(hKey);
}
return 0;
}