目錄

?

?

程序運行

代碼與實例

源碼打包下載

---

?

?

程序運行

運行程序：

點擊確定：

本人微信對應的版本如下：

微信版本如下：

?

?

?

代碼與實例

這里直接用CE，然后用二分法去找基址就可以。最后發現是在

WeChatWin.dll加上0x13972DC的偏移上，這里給出其他信息的偏移：

關鍵代碼如下：

注入器：

#include <iostream> #include <windows.h> #include <string> #include <TlHelp32.h> #include <atlbase.h> #include <atlconv.h> using namespace std;bool Inject(LPCTSTR DLLPath, DWORD ProcessID){HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, ProcessID);if(!hProcess){cout << "OpenProcess failed!" << endl;return false;}SIZE_T pathSize = (_tcslen(DLLPath) + 1) * sizeof(TCHAR);LPVOID startAddress = VirtualAllocEx(hProcess, NULL, pathSize, MEM_COMMIT, PAGE_READWRITE);if(!startAddress){cout << "VirtualAllocEx failed" << endl;return false;}if(!WriteProcessMemory(hProcess, startAddress, DLLPath, pathSize, NULL)){cout << "WriteProcessMemory failed" << endl;return false;}PTHREAD_START_ROUTINE pfnStartAddress = (PTHREAD_START_ROUTINE)GetProcAddress(GetModuleHandle(_T("kernel32.dll")), "LoadLibraryW");if(!pfnStartAddress){cout << "GetProcAddress failed" << endl;return false;}HANDLE hThread = CreateRemoteThreadEx(hProcess, NULL, NULL, pfnStartAddress, startAddress, NULL, NULL, NULL);if(!hThread){cout << "CreateRemoteThreadEx failed" << endl;return false;}WaitForSingleObject(hThread, INFINITE);CloseHandle(hThread);CloseHandle(hProcess);return true; }int main(int argc, int *argv[]){HANDLE hProcess = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, NULL);if(!hProcess){cout << "CreateToolhelp32Snapshot failed!" << endl;getchar();return 0;}PROCESSENTRY32 info;info.dwSize = sizeof(PROCESSENTRY32);if(!Process32First(hProcess, &info)){cout << "Process32First failed!" << endl;getchar();return 0;}DWORD wxPid;while(true){USES_CONVERSION;if(strcmp("WeChat.exe", W2A(info.szExeFile)) == 0){wxPid = info.th32ProcessID;break;}if(!Process32Next(hProcess, &info)){wxPid = 0;break;}}if(wxPid == 0){cout << "Process32Next over! unfind pid!" << endl;getchar();return 0;}//開始注入if(Inject(L"E:\\vs2012\\hackWechat\\Debug\\hackDll.dll", wxPid)){cout << "inject successfully!" << endl;}getchar();return 0; }

注入的dll關鍵代碼：

#include "stdafx.h" #include "My.h" #include <stdio.h> #include <stdlib.h>void getAllInfo(){MessageBoxA(NULL, "開始解析", "報告首長", NULL);//WeChatWin.dll的基址DWORD weChatWinAddr = (DWORD)GetModuleHandle(L"WeChatWin.dll");char wxID[0x1000] = {0};DWORD weIDDW = weChatWinAddr + 0x13972DC;//wxID[0] = (char)(*(DWORD*)weIDDW);for(int i = 0; i < 40; i++){wxID[i] = (char)(*(DWORD*)weIDDW);if(wxID[i] == '0'){break;}weIDDW += 0x1;}MessageBoxA(NULL, wxID, "報告首長", NULL); }

這里要注意，這個版本的微信，使用sprinf_s和memcpy會有問題，會被攔截，大家可以試試，只有用這種一個字節，一個字節的讀，不會出現問題！

?

源碼打包下載

https://github.com/fengfanchen/CAndCPP/tree/master/hookWeChat

總結

以上是生活随笔為你收集整理的C++笔记-利用远程线程注入获取PC版微信个人昵称的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。