小隐的博客

人生在世,笑饮一生
随笔 - 304, 文章 - 0, 评论 - 345, 阅读 - 50万
  博客园  :: 首页  :: 新随笔  :: 联系 :: 订阅 订阅  :: 管理
< 2025年1月 >
29 30 31 1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31 1
2 3 4 5 6 7 8

今天尝试获取QQ的clientkey未果,做个记号

Posted on   隐客  阅读(1504)  评论(2编辑  收藏  举报

今天突发感觉,想通过内存查找来获得clientkey,通过多次查询,发现这个key位置不固定,于是全部在内存查,结果是,95%能找到,但能查到一堆,其中只有一个可以用,其它都不能用。

 

郁闷了一下午。。。。。。

 

使用的主要代码贴出来。。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
using   System;  
  using   System.Diagnostics;  
  using   System.Runtime.InteropServices;
 
namespace ToolsDll
{
    public class ProcessMemoryReaderApi
    {
        [Flags]
        public enum ProcessAccessType
        {
            PROCESS_TERMINATE = (0x0001),
            PROCESS_CREATE_THREAD = (0x0002),
            PROCESS_SET_SESSIONID = (0x0004),
            PROCESS_VM_OPERATION = (0x0008),
            PROCESS_VM_READ = (0x0010),
            PROCESS_VM_WRITE = (0x0020),
            PROCESS_DUP_HANDLE = (0x0040),
            PROCESS_CREATE_PROCESS = (0x0080),
            PROCESS_SET_QUOTA = (0x0100),
            PROCESS_SET_INFORMATION = (0x0200),
            PROCESS_QUERY_INFORMATION = (0x0400)
        }
 
        [DllImport("kernel32.dll")]
        public static extern IntPtr OpenProcess(UInt32 dwDesiredAccess, Int32 bInheritHandle, UInt32 dwProcessId);
 
        [DllImport("kernel32.dll")]
        public static extern Int32 CloseHandle(IntPtr hObject);
 
        [DllImport("kernel32.dll")]
        public static extern Int32 ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [In, Out]   byte[] buffer, int size, out   IntPtr lpNumberOfBytesRead);
 
        [DllImport("kernel32.dll")]
        public static extern Int32 WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [In, Out]   byte[] buffer, int size, out   IntPtr lpNumberOfBytesWritten);
 
    }
    public class ProcessMemoryReader
    {
 
        public ProcessMemoryReader()
        {
        }
        public Process ReadProcess
        {
            get
            {
                return m_ReadProcess;
            }
            set
            {
                m_ReadProcess = value;
            }
        }
        private Process m_ReadProcess = null;
 
        private IntPtr m_hProcess = IntPtr.Zero;
 
        public void OpenProcess()
        {
            //     m_hProcess   =   ProcessMemoryReaderApi.OpenProcess(ProcessMemoryReaderApi.PROCESS_VM_READ,   1,   (uint)m_ReadProcess.Id);  
            ProcessMemoryReaderApi.ProcessAccessType access;
            access = ProcessMemoryReaderApi.ProcessAccessType.PROCESS_VM_READ
            | ProcessMemoryReaderApi.ProcessAccessType.PROCESS_VM_WRITE
            | ProcessMemoryReaderApi.ProcessAccessType.PROCESS_VM_OPERATION;
            m_hProcess = ProcessMemoryReaderApi.OpenProcess((uint)access, 1, (uint)m_ReadProcess.Id);
        }
 
        public void CloseHandle()
        {
            int iRetValue;
            iRetValue = ProcessMemoryReaderApi.CloseHandle(m_hProcess);
            if (iRetValue == 0)
                throw new Exception("CloseHandle   failed");
        }
 
        public byte[] ReadProcessMemory(IntPtr MemoryAddress, int bytesToRead, out   int bytesRead)
        {
            byte[] buffer = new byte[bytesToRead];
 
            IntPtr ptrBytesRead;
            ProcessMemoryReaderApi.ReadProcessMemory(m_hProcess, MemoryAddress, buffer, bytesToRead, out   ptrBytesRead);
 
            bytesRead = ptrBytesRead.ToInt32();
 
            return buffer;
        }
 
        public void WriteProcessMemory(IntPtr MemoryAddress, byte[] bytesToWrite, out   int bytesWritten)
        {
            IntPtr ptrBytesWritten;
            ProcessMemoryReaderApi.WriteProcessMemory(m_hProcess, MemoryAddress, bytesToWrite, bytesToWrite.Length, out   ptrBytesWritten);
 
            bytesWritten = ptrBytesWritten.ToInt32();
        }
    }
}
 
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
static void Scaner(Process p, int StartAddress, int EndAddress)
{
    IntPtr baseAddress = (IntPtr)StartAddress;
    IntPtr lastAddress = (IntPtr)EndAddress;
    int ReadStackSize = 20480;
 
    int arraysDifference = 256/8 - 1;
 
    ProcessMemoryReader reader = new ProcessMemoryReader();
    reader.ReadProcess = p;
    //Open the pocess to read the memory.
    reader.OpenProcess();
 
 
    //Calculate the size of memory to scan.
    int memorySize = (int)((int)lastAddress - (int)baseAddress);
 
    //If more that one block of memory is requered to be read,
    if (memorySize >= ReadStackSize)
    {
        //Count of loops to read the memory blocks.
        int loopsCount = memorySize / ReadStackSize;
 
        //Look to see if there is any other bytes let after the loops.
        int outOfBounds = memorySize % ReadStackSize;
 
        //Set the currentAddress to first address.
        int currentAddress = (int)baseAddress;
 
        //This will be used to check if any bytes have been read from the memory.
        int bytesReadSize;
 
        //Set the size of the bytes blocks.
        int bytesToRead = ReadStackSize;
 
        //An array to hold the bytes read from the memory.
        byte[] array;
 
        //Progress percentage.
        int progress;
 
        for (int i = 0; i < loopsCount; i++)
        {
            Console.WriteLine (i.ToString ());
 
            //Read the bytes from the memory.
            array = reader.ReadProcessMemory((IntPtr)currentAddress, bytesToRead, out bytesReadSize);
 
            //If any byte is read from the memory (there has been any bytes in the memory block),
            if (bytesReadSize > 0)
            {
                join(array);
            }
            //Move currentAddress after the block already scaned, but
            //move it back some steps backward (as much as arraysDifference)
            //to avoid loosing any values at the end of the array.
            currentAddress += array.Length - arraysDifference;
 
            //Set the size of the read block, bigger, to  the steps backward.
            //Set the size of the read block, to fit the back steps.
            bytesToRead = ReadStackSize + arraysDifference;
        }
        //If there is any more bytes than the loops read,
        if (outOfBounds > 0)
        {
            //Read the additional bytes.
            byte[] outOfBoundsBytes = reader.ReadProcessMemory((IntPtr)currentAddress, ((int)lastAddress - currentAddress), out bytesReadSize);
 
            //If any byte is read from the memory (there has been any bytes in the memory block),
            if (bytesReadSize > 0)
            {
                join(outOfBoundsBytes);
            }
        }
    }
    //If the block could be read in just one read,
    else
    {
        //Calculate the memory block's size.
        int blockSize = memorySize % ReadStackSize;
 
        //Set the currentAddress to first address.
        int currentAddress = (int)baseAddress;
 
        //Holds the count of bytes read from the memory.
        int bytesReadSize;
 
        //If the memory block can contain at least one 16 bit variable.
        if (blockSize > 256/8)
        {
            //Read the bytes to the array.
            byte[] array = reader.ReadProcessMemory((IntPtr)currentAddress, blockSize, out bytesReadSize);
 
            //If any byte is read,
            if (bytesReadSize > 0)
            {
                join(array);
 
            }
        }
    }
    //Close the handle to the process to avoid process errors.
    reader.CloseHandle();
 
}
1
  
1
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
        static  void join(byte[] b1)
        {
 
             
            if (re == null)
            {
                re = b1;
            }
            else
            {
                byte[] b0 = new byte[re.Length];
                re.CopyTo(b0, 0);
                re = new byte[b0.Length + b1.Length];
                b0.CopyTo(re, 0);
                b1.CopyTo(re, b0.Length);
            }
        }
 
 
 
以下调用
            //Process[] ps = Process.GetProcesses();
            //Process pqq = null;
            //foreach (Process p in ps)
            //{
            //    if (p.ProcessName=="QQ" && p.MainModule.FileName.Contains ("QQ.exe"))
            //    {
            //        pqq = p;
            //        break;
            //    }
            //}
            //int firstAddress = int.Parse("06000000", System.Globalization.NumberStyles.HexNumber);
            //int lastAddress = int.Parse("09F00000", System.Globalization.NumberStyles.HexNumber);
            //Scaner(pqq, firstAddress, lastAddress);
QQ交流
点击右上角即可分享
微信分享提示