用来在早期版本的Chrome浏览器工作时,此MASM32代码:
**EnumChildChrome** PROC hwndChild:DWORD,lParam:DWORD
LOCAL lpClassUrl[64] :BYTE
invoke RtlZeroMemory,addr lpClassUrl, 64
invoke GetClassName, hwndChild, addr lpClassUrl, 64
; Get URL from AddressBar class Chrome_AutocompleteEditView.
; Get URL from AddressBar class Chrome_OmniboxView.
; Get URL from AddressBar class Chrome_WidgetWin_1.
.IF (dword ptr [lpClassUrl+7]=='otuA') || (dword ptr [lpClassUrl+7]=='inmO') || (dword ptr [lpClassUrl+7]=='gdiW')
invoke RtlZeroMemory,wText, BUFSIZE
invoke SendMessage, hwndChild, WM_GETTEXT, BUFSIZE, wText
invoke WriteToMem,3,addr startURL,wText,addr endURL
.ENDIF
mov eax,hwndChild
ret
EnumChildChrome ENDP
然而,从最新版本的Chrome浏览器的网址捕捉,我下面写了这个黑客版本。 (可以很容易地移植到C,VB等)。它基本上使用Chrome Tab标题(WinText)作为历史文件中的搜索关键字。此外,Chrome似乎会延迟URL写入,所以这是一个克服的障碍。目前,我通过历史进行了数次传球,比如说5秒,然后在没有发现的情况下放弃。 。:(
...
googlePath db "%USERPROFILE%\Local Settings\Application Data\Google\Chrome\User Data\Default\History",0
GoogleChrome db " - Google Chrome",0
...
invoke HeapAlloc, hHeap, HEAP_ZERO_MEMORY, BUFSIZE
mov googleHistory,eax
invoke HeapAlloc, hHeap, HEAP_ZERO_MEMORY, MAXSIZE
mov WinText,eax
invoke HeapAlloc, hHeap, HEAP_ZERO_MEMORY, BUFSIZE
mov winTitle,eax
invoke HeapAlloc, hHeap, HEAP_ZERO_MEMORY, BUFSIZE
mov wwinTitle,eax
invoke HeapAlloc, hHeap, HEAP_ZERO_MEMORY, BUFSIZE
mov uwinTitle,eax
...
; --- Find Google History file path ---
invoke RtlZeroMemory,googleHistory,BUFSIZE
invoke ExpandEnvironmentStrings, addr googlePath, googleHistory, BUFSIZE
...
Chrome PROC
LOCAL found_url_ok :DWORD
mov found_url_ok,FALSE
invoke readdiskfile,googleHistory,addr lpMem,addr lpLen
.IF (eax==0)
ret
.ENDIF
invoke RtlZeroMemory,winTitle, BUFSIZE
invoke RtlZeroMemory,wwinTitle, BUFSIZE
invoke RtlZeroMemory,uwinTitle, BUFSIZE
;; Chrome History Titles are stored in UTF8 format. Example: Polítiques i principis -----> Pol,0C3h,0ADh,tiques i principis
invoke szRemove,WinText,winTitle,addr GoogleChrome
invoke CharToUTF8,winTitle,wwinTitle,uwinTitle
invoke lstrlen,uwinTitle
invoke BinSearch,0,lpMem,lpLen,uwinTitle,eax
; --- Search backwards looking for a begin url marker 01h ...
.IF (eax!=-1)
mov ecx,eax
add eax,lpMem
mov byte ptr[eax],0 ; end of url
find_url_start:
cmp byte ptr[eax-1],01h
je start_url
dec eax
loop find_url_start
jecxz no_url_found
start_url:
invoke WriteToMem,3,addr startURL,eax,addr endURL
mov found_url_ok,TRUE
no_url_found:
.ENDIF
invoke GlobalFree,lpMem
mov eax,found_url_ok
ret
Chrome ENDP
CharToUTF8 proc pAsciiString:DWORD,pWideOutbuf:DWORD,pUTF8Outbuf:DWORD
invoke lstrlen,pAsciiString
invoke MultiByteToWideChar,CP_ACP,0,pAsciiString,-1,pWideOutbuf,eax
invoke WideCharToMultiByte,CP_UTF8,0,pWideOutbuf,-1,pUTF8Outbuf,BUFSIZE,NULL,NULL
ret
CharToUTF8 endp
我不是真的这个方法的粉丝,但它是所有我能想到的今天 一些其他的想法浮现在脑海中:
查询浏览器进程的内存和提取的URL可能是一个更好的办法。
中使用sqlite3的API来解析历史。
szSQLite3Lib DB “sqlite3.dll”,0H
szfnSQLite3_close分贝 “sqlite3_close”,0H
szfnSQLite3_column_text分贝 “sqlite3_column_text”,0H
szfnSQLite3_exec分贝 “sqlite3_exec”,0H
szfnSQLite3_open分贝 “sqlite3_open_v2”,0H
szfnSQLite3_prepare分贝“sqlite3_prepare”,0h
szfnSQLite3_step db“sqlite3_step”,0h
szSQLStmt5 db“SELECT datetime(((visits.visit_time/1000000)-11644473600),”,34,“unixepoch”,34,“),urls.url,urls.title FROM urls,WHERE urls.id = visits.url;“,0
如果您发现一个很好的方法,请在此处发布您的发现。谢谢!
上面的代码被用在我的键盘记录的网站:
MyKeylogger.com - Web monitoring software to monitor children or employees and watch it LIVE online!
请说明您的具体问题或添加额外的细节,突显正是你需要的。正如它目前所写,很难确切地说出你在问什么。 –