1.找到微信进程和基址
//微信进程
Process WxProcess = null;
//WeChatWin.dll基址
IntPtr WeChatWinBaseAddress = IntPtr.Zero;
//微信版本
String WeChatVersion = "";
Process[] processes = Process.GetProcesses();
foreach (Process process in processes)
{
if (process.ProcessName == "WeChat")
{
WxProcess = process;
this.textBox1.AppendText("微信已找到!" + Environment.NewLine);
this.textBox1.AppendText("微信句柄:\t" + "0x" + ((int)(process.Handle)).ToString("X8") + Environment.NewLine);
foreach (ProcessModule processModule in process.Modules)
{
if (processModule.ModuleName == "WeChatWin.dll")
{
WeChatWinBaseAddress = processModule.BaseAddress;
this.textBox1.AppendText("微信基址:\t" + "0x" + ((long)(processModule.BaseAddress)).ToString("X8") + Environment.NewLine);
WeChatVersion = processModule.FileVersionInfo.FileVersion;
this.textBox1.AppendText("微信版本:\t" + processModule.FileVersionInfo.FileVersion + Environment.NewLine);
break;
}
}
break;
}
}
if (WxProcess == null)
{
this.textBox1.AppendText("微信没有找到!");
return;
}2.读取微信昵称、微信号和微信ID
//微信号
long WxNameAddress = (long)WeChatWinBaseAddress + 0x3DFD4F8;
this.textBox1.AppendText("微信号地址:\t" + "0x" + WxNameAddress.ToString("X8") + Environment.NewLine);
this.textBox1.AppendText("微信号:\t" + GetString(WxProcess.Handle, (IntPtr)WxNameAddress) + Environment.NewLine);
//微信昵称
long WxNickNameAddress = (long)WeChatWinBaseAddress + 0x3DFD5D8;
this.textBox1.AppendText("微信昵称地址:\t" + "0x" + WxNickNameAddress.ToString("X8") + Environment.NewLine);
this.textBox1.AppendText("微信昵称:\t" + GetString(WxProcess.Handle, (IntPtr)WxNickNameAddress) + Environment.NewLine);
//微信Id
long WxIdAddress = (long)WeChatWinBaseAddress + 0x3DFD470;
this.textBox1.AppendText("微信Id地址:\t" + "0x" + WxIdAddress.ToString("X8") + Environment.NewLine);
this.textBox1.AppendText("微信Id:\t" + GetString(WxProcess.Handle, (IntPtr)GetAddress(WxProcess.Handle, (IntPtr)WxIdAddress)) + Environment.NewLine);
3.使用ReadProcessMemory读取内存数据
想要读取内存数据,需要借助win32API的ReadProcessMemory函数
微软官方文档介绍:
BOOL ReadProcessMemory(
[in] HANDLE hProcess,
[in] LPCVOID lpBaseAddress,
[out] LPVOID lpBuffer,
[in] SIZE_T nSize,
[out] SIZE_T *lpNumberOfBytesRead
);由于是外部函数,在C#中使用DllImport和extern关键字,可以使用dll的导出函数:
[DllImport("Kernel32.dll")]
public static extern int ReadProcessMemory(
IntPtr hProcess, //正在读取内存的进程句柄。句柄必须具有PROCESS_VM_READ访问权限。
IntPtr lpBaseAddress, //指向要从中读取的指定进程中的基址的指针。在发生任何数据传输之前,系统会验证基本地址和指定大小的内存中的所有数据是否都可以进行读访问,如果无法访问,则该函数将失败。
byte[] lpBuffer, //指向缓冲区的指针,该缓冲区从指定进程的地址空间接收内容。
int nSize, //要从指定进程读取的字节数。
int lpNumberOfBytesRead //指向变量的指针,该变量接收传输到指定缓冲区的字节数。如果lpNumberOfBytesRead为NULL,则忽略该参数。
);4.定义的读取方法
这里定义了2个方法,GetString读取字符串,GetAddress找到真正地址(适用指针)
String GetString(IntPtr hProcess, IntPtr lpBaseAddress, int nSize = 100)
{
int readByty;
byte[] data = new byte[nSize];
if (ReadProcessMemory(hProcess, lpBaseAddress, data, nSize, 0) == 0)
{
//读取内存失败!
return "";
}
String result = "";
String TempString = Encoding.UTF8.GetString(data);
// \0
foreach (char item in TempString)
{
if (item == '\0')
{
break;
}
result += item.ToString();
}
return result;
}
long GetAddress(IntPtr hProcess, IntPtr lpBaseAddress)
{
//64位是8byte 32位是4byte
byte[] data = new byte[8];
if (ReadProcessMemory(hProcess, lpBaseAddress, data, 8, 0) == 0)
{
//读取内存失败!
return 0;
}
var hex = data[7].ToString("x2") +
data[6].ToString("x2") +
data[5].ToString("x2") +
data[4].ToString("x2") +
data[3].ToString("x2") +
data[2].ToString("x2") +
data[1].ToString("x2") +
data[0].ToString("x2");
return long.Parse(hex, System.Globalization.NumberStyles.HexNumber);
}
《前世今生》国产剧高清在线免费观看:https://www.jgz518.com/xingkong/37774.html
《梦想职达2012》大陆综艺高清在线免费观看:https://www.jgz518.com/xingkong/55610.html
《梦想职达2012》大陆综艺高清在线免费观看:https://www.jgz518.com/xingkong/55610.html
《很高兴遇见你》爱情片高清在线免费观看:https://www.jgz518.com/xingkong/11095.html
《战争与和平4:皮埃尔别祖霍夫》剧情片高清在线免费观看:https://www.jgz518.com/xingkong/126676.html
《很高兴遇见你》爱情片高清在线免费观看:https://www.jgz518.com/xingkong/11095.html
《七十二家房客第一部粤语》国产剧高清在线免费观看:https://www.jgz518.com/xingkong/28424.html