今天突发感觉,想通过内存查找来获得clientkey,通过多次查询,发现这个key位置不固定,于是全部在内存查,结果是,95%能找到,但能查到一堆,其中只有一个可以用,其它都不能用。
郁闷了一下午。。。。。。
使用的主要代码贴出来。。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 | using System; using System.Diagnostics; using System.Runtime.InteropServices; namespace ToolsDll { public class ProcessMemoryReaderApi { [Flags] public enum ProcessAccessType { PROCESS_TERMINATE = (0x0001), PROCESS_CREATE_THREAD = (0x0002), PROCESS_SET_SESSIONID = (0x0004), PROCESS_VM_OPERATION = (0x0008), PROCESS_VM_READ = (0x0010), PROCESS_VM_WRITE = (0x0020), PROCESS_DUP_HANDLE = (0x0040), PROCESS_CREATE_PROCESS = (0x0080), PROCESS_SET_QUOTA = (0x0100), PROCESS_SET_INFORMATION = (0x0200), PROCESS_QUERY_INFORMATION = (0x0400) } [DllImport( "kernel32.dll" )] public static extern IntPtr OpenProcess(UInt32 dwDesiredAccess, Int32 bInheritHandle, UInt32 dwProcessId); [DllImport( "kernel32.dll" )] public static extern Int32 CloseHandle(IntPtr hObject); [DllImport( "kernel32.dll" )] public static extern Int32 ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [In, Out] byte [] buffer, int size, out IntPtr lpNumberOfBytesRead); [DllImport( "kernel32.dll" )] public static extern Int32 WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [In, Out] byte [] buffer, int size, out IntPtr lpNumberOfBytesWritten); } public class ProcessMemoryReader { public ProcessMemoryReader() { } public Process ReadProcess { get { return m_ReadProcess; } set { m_ReadProcess = value; } } private Process m_ReadProcess = null ; private IntPtr m_hProcess = IntPtr.Zero; public void OpenProcess() { // m_hProcess = ProcessMemoryReaderApi.OpenProcess(ProcessMemoryReaderApi.PROCESS_VM_READ, 1, (uint)m_ReadProcess.Id); ProcessMemoryReaderApi.ProcessAccessType access; access = ProcessMemoryReaderApi.ProcessAccessType.PROCESS_VM_READ | ProcessMemoryReaderApi.ProcessAccessType.PROCESS_VM_WRITE | ProcessMemoryReaderApi.ProcessAccessType.PROCESS_VM_OPERATION; m_hProcess = ProcessMemoryReaderApi.OpenProcess(( uint )access, 1, ( uint )m_ReadProcess.Id); } public void CloseHandle() { int iRetValue; iRetValue = ProcessMemoryReaderApi.CloseHandle(m_hProcess); if (iRetValue == 0) throw new Exception( "CloseHandle failed" ); } public byte [] ReadProcessMemory(IntPtr MemoryAddress, int bytesToRead, out int bytesRead) { byte [] buffer = new byte [bytesToRead]; IntPtr ptrBytesRead; ProcessMemoryReaderApi.ReadProcessMemory(m_hProcess, MemoryAddress, buffer, bytesToRead, out ptrBytesRead); bytesRead = ptrBytesRead.ToInt32(); return buffer; } public void WriteProcessMemory(IntPtr MemoryAddress, byte [] bytesToWrite, out int bytesWritten) { IntPtr ptrBytesWritten; ProcessMemoryReaderApi.WriteProcessMemory(m_hProcess, MemoryAddress, bytesToWrite, bytesToWrite.Length, out ptrBytesWritten); bytesWritten = ptrBytesWritten.ToInt32(); } } } |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 | static void Scaner(Process p, int StartAddress, int EndAddress) { IntPtr baseAddress = (IntPtr)StartAddress; IntPtr lastAddress = (IntPtr)EndAddress; int ReadStackSize = 20480; int arraysDifference = 256/8 - 1; ProcessMemoryReader reader = new ProcessMemoryReader(); reader.ReadProcess = p; //Open the pocess to read the memory. reader.OpenProcess(); //Calculate the size of memory to scan. int memorySize = ( int )(( int )lastAddress - ( int )baseAddress); //If more that one block of memory is requered to be read, if (memorySize >= ReadStackSize) { //Count of loops to read the memory blocks. int loopsCount = memorySize / ReadStackSize; //Look to see if there is any other bytes let after the loops. int outOfBounds = memorySize % ReadStackSize; //Set the currentAddress to first address. int currentAddress = ( int )baseAddress; //This will be used to check if any bytes have been read from the memory. int bytesReadSize; //Set the size of the bytes blocks. int bytesToRead = ReadStackSize; //An array to hold the bytes read from the memory. byte [] array; //Progress percentage. int progress; for ( int i = 0; i < loopsCount; i++) { Console.WriteLine (i.ToString ()); //Read the bytes from the memory. array = reader.ReadProcessMemory((IntPtr)currentAddress, bytesToRead, out bytesReadSize); //If any byte is read from the memory (there has been any bytes in the memory block), if (bytesReadSize > 0) { join (array); } //Move currentAddress after the block already scaned, but //move it back some steps backward (as much as arraysDifference) //to avoid loosing any values at the end of the array. currentAddress += array.Length - arraysDifference; //Set the size of the read block, bigger, to the steps backward. //Set the size of the read block, to fit the back steps. bytesToRead = ReadStackSize + arraysDifference; } //If there is any more bytes than the loops read, if (outOfBounds > 0) { //Read the additional bytes. byte [] outOfBoundsBytes = reader.ReadProcessMemory((IntPtr)currentAddress, (( int )lastAddress - currentAddress), out bytesReadSize); //If any byte is read from the memory (there has been any bytes in the memory block), if (bytesReadSize > 0) { join (outOfBoundsBytes); } } } //If the block could be read in just one read, else { //Calculate the memory block's size. int blockSize = memorySize % ReadStackSize; //Set the currentAddress to first address. int currentAddress = ( int )baseAddress; //Holds the count of bytes read from the memory. int bytesReadSize; //If the memory block can contain at least one 16 bit variable. if (blockSize > 256/8) { //Read the bytes to the array. byte [] array = reader.ReadProcessMemory((IntPtr)currentAddress, blockSize, out bytesReadSize); //If any byte is read, if (bytesReadSize > 0) { join (array); } } } //Close the handle to the process to avoid process errors. reader.CloseHandle(); } |
1 | |
1 | |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 | static void join ( byte [] b1) { if (re == null ) { re = b1; } else { byte [] b0 = new byte [re.Length]; re.CopyTo(b0, 0); re = new byte [b0.Length + b1.Length]; b0.CopyTo(re, 0); b1.CopyTo(re, b0.Length); } } 以下调用 //Process[] ps = Process.GetProcesses(); //Process pqq = null; //foreach (Process p in ps) //{ // if (p.ProcessName=="QQ" && p.MainModule.FileName.Contains ("QQ.exe")) // { // pqq = p; // break; // } //} //int firstAddress = int.Parse("06000000", System.Globalization.NumberStyles.HexNumber); //int lastAddress = int.Parse("09F00000", System.Globalization.NumberStyles.HexNumber); //Scaner(pqq, firstAddress, lastAddress); |
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】凌霞软件回馈社区,博客园 & 1Panel & Halo 联合会员上线
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步