zoukankan      html  css  js  c++  java
  • 今天尝试获取QQ的clientkey未果,做个记号

    今天突发感觉,想通过内存查找来获得clientkey,通过多次查询,发现这个key位置不固定,于是全部在内存查,结果是,95%能找到,但能查到一堆,其中只有一个可以用,其它都不能用。

    郁闷了一下午。。。。。。

    使用的主要代码贴出来。。

    using   System;   
      using   System.Diagnostics;   
      using   System.Runtime.InteropServices;
    
    namespace ToolsDll
    {
        public class ProcessMemoryReaderApi
        {
            [Flags]
            public enum ProcessAccessType
            {
                PROCESS_TERMINATE = (0x0001),
                PROCESS_CREATE_THREAD = (0x0002),
                PROCESS_SET_SESSIONID = (0x0004),
                PROCESS_VM_OPERATION = (0x0008),
                PROCESS_VM_READ = (0x0010),
                PROCESS_VM_WRITE = (0x0020),
                PROCESS_DUP_HANDLE = (0x0040),
                PROCESS_CREATE_PROCESS = (0x0080),
                PROCESS_SET_QUOTA = (0x0100),
                PROCESS_SET_INFORMATION = (0x0200),
                PROCESS_QUERY_INFORMATION = (0x0400)
            }
    
            [DllImport("kernel32.dll")]
            public static extern IntPtr OpenProcess(UInt32 dwDesiredAccess, Int32 bInheritHandle, UInt32 dwProcessId);
    
            [DllImport("kernel32.dll")]
            public static extern Int32 CloseHandle(IntPtr hObject);
    
            [DllImport("kernel32.dll")]
            public static extern Int32 ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [In, Out]   byte[] buffer, int size, out   IntPtr lpNumberOfBytesRead);
    
            [DllImport("kernel32.dll")]
            public static extern Int32 WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [In, Out]   byte[] buffer, int size, out   IntPtr lpNumberOfBytesWritten);
    
        }
        public class ProcessMemoryReader
        {
    
            public ProcessMemoryReader()
            {
            }
            public Process ReadProcess
            {
                get
                {
                    return m_ReadProcess;
                }
                set
                {
                    m_ReadProcess = value;
                }
            }
            private Process m_ReadProcess = null;
    
            private IntPtr m_hProcess = IntPtr.Zero;
    
            public void OpenProcess()
            {
                //	 m_hProcess   =   ProcessMemoryReaderApi.OpenProcess(ProcessMemoryReaderApi.PROCESS_VM_READ,   1,   (uint)m_ReadProcess.Id);   
                ProcessMemoryReaderApi.ProcessAccessType access;
                access = ProcessMemoryReaderApi.ProcessAccessType.PROCESS_VM_READ
                | ProcessMemoryReaderApi.ProcessAccessType.PROCESS_VM_WRITE
                | ProcessMemoryReaderApi.ProcessAccessType.PROCESS_VM_OPERATION;
                m_hProcess = ProcessMemoryReaderApi.OpenProcess((uint)access, 1, (uint)m_ReadProcess.Id);
            }
    
            public void CloseHandle()
            {
                int iRetValue;
                iRetValue = ProcessMemoryReaderApi.CloseHandle(m_hProcess);
                if (iRetValue == 0)
                    throw new Exception("CloseHandle   failed");
            }
    
            public byte[] ReadProcessMemory(IntPtr MemoryAddress, int bytesToRead, out   int bytesRead)
            {
                byte[] buffer = new byte[bytesToRead];
    
                IntPtr ptrBytesRead;
                ProcessMemoryReaderApi.ReadProcessMemory(m_hProcess, MemoryAddress, buffer, bytesToRead, out   ptrBytesRead);
    
                bytesRead = ptrBytesRead.ToInt32();
    
                return buffer;
            }
    
            public void WriteProcessMemory(IntPtr MemoryAddress, byte[] bytesToWrite, out   int bytesWritten)
            {
                IntPtr ptrBytesWritten;
                ProcessMemoryReaderApi.WriteProcessMemory(m_hProcess, MemoryAddress, bytesToWrite, bytesToWrite.Length, out   ptrBytesWritten);
    
                bytesWritten = ptrBytesWritten.ToInt32();
            }
        }
    }
    
      
    
            static void Scaner(Process p, int StartAddress, int EndAddress)
            {
                IntPtr baseAddress = (IntPtr)StartAddress;
                IntPtr lastAddress = (IntPtr)EndAddress;
                int ReadStackSize = 20480;
    
                int arraysDifference = 256/8 - 1;
    
                ProcessMemoryReader reader = new ProcessMemoryReader();
                reader.ReadProcess = p;
                //Open the pocess to read the memory.
                reader.OpenProcess();
    
    
                //Calculate the size of memory to scan.
                int memorySize = (int)((int)lastAddress - (int)baseAddress);
    
                //If more that one block of memory is requered to be read,
                if (memorySize >= ReadStackSize)
                {
                    //Count of loops to read the memory blocks.
                    int loopsCount = memorySize / ReadStackSize;
    
                    //Look to see if there is any other bytes let after the loops.
                    int outOfBounds = memorySize % ReadStackSize;
    
                    //Set the currentAddress to first address.
                    int currentAddress = (int)baseAddress;
    
                    //This will be used to check if any bytes have been read from the memory.
                    int bytesReadSize;
    
                    //Set the size of the bytes blocks.
                    int bytesToRead = ReadStackSize;
    
                    //An array to hold the bytes read from the memory.
                    byte[] array;
    
                    //Progress percentage.
                    int progress;
    
                    for (int i = 0; i < loopsCount; i++)
                    {
                        Console.WriteLine (i.ToString ());
    
                        //Read the bytes from the memory.
                        array = reader.ReadProcessMemory((IntPtr)currentAddress, bytesToRead, out bytesReadSize);
    
                        //If any byte is read from the memory (there has been any bytes in the memory block),
                        if (bytesReadSize > 0)
                        {
                            join(array);
                        }
                        //Move currentAddress after the block already scaned, but
                        //move it back some steps backward (as much as arraysDifference)
                        //to avoid loosing any values at the end of the array.
                        currentAddress += array.Length - arraysDifference;
    
                        //Set the size of the read block, bigger, to  the steps backward.
                        //Set the size of the read block, to fit the back steps.
                        bytesToRead = ReadStackSize + arraysDifference;
                    }
                    //If there is any more bytes than the loops read,
                    if (outOfBounds > 0)
                    {
                        //Read the additional bytes.
                        byte[] outOfBoundsBytes = reader.ReadProcessMemory((IntPtr)currentAddress, ((int)lastAddress - currentAddress), out bytesReadSize);
    
                        //If any byte is read from the memory (there has been any bytes in the memory block),
                        if (bytesReadSize > 0)
                        {
                            join(outOfBoundsBytes);
                        }
                    }
                }
                //If the block could be read in just one read,
                else
                {
                    //Calculate the memory block's size.
                    int blockSize = memorySize % ReadStackSize;
    
                    //Set the currentAddress to first address.
                    int currentAddress = (int)baseAddress;
    
                    //Holds the count of bytes read from the memory.
                    int bytesReadSize;
    
                    //If the memory block can contain at least one 16 bit variable.
                    if (blockSize > 256/8)
                    {
                        //Read the bytes to the array.
                        byte[] array = reader.ReadProcessMemory((IntPtr)currentAddress, blockSize, out bytesReadSize);
    
                        //If any byte is read,
                        if (bytesReadSize > 0)
                        {
                            join(array);
    
                        }
                    }
                }
                //Close the handle to the process to avoid process errors.
                reader.CloseHandle();
    
            }
     
     
            static  void join(byte[] b1)
            {
    
                
                if (re == null)
                {
                    re = b1;
                }
                else
                {
                    byte[] b0 = new byte[re.Length];
                    re.CopyTo(b0, 0);
                    re = new byte[b0.Length + b1.Length];
                    b0.CopyTo(re, 0);
                    b1.CopyTo(re, b0.Length);
                }
            }
    
    
    
    以下调用
                //Process[] ps = Process.GetProcesses();
                //Process pqq = null;
                //foreach (Process p in ps)
                //{
                //    if (p.ProcessName=="QQ" && p.MainModule.FileName.Contains ("QQ.exe"))
                //    {
                //        pqq = p;
                //        break;
                //    }
                //}
                //int firstAddress = int.Parse("06000000", System.Globalization.NumberStyles.HexNumber);
                //int lastAddress = int.Parse("09F00000", System.Globalization.NumberStyles.HexNumber);
                //Scaner(pqq, firstAddress, lastAddress);
    
    
  • 相关阅读:
    使用truffle测试部署合约
    nodejs promise深度解析
    pthread线程特定数据
    基于信号量与互斥锁实现的生产者和消费者
    Linux coredump 的打开和关闭
    Linux 双网卡配置两个IP同时只有一个会通的原因
    进程间通信-共享内存
    进程间通信-消息队列
    TCP/IP SIGPIPE信号
    Select模式和超时
  • 原文地址:https://www.cnblogs.com/szyicol/p/1715568.html
Copyright © 2011-2022 走看看