微信多开源码 android,微信(WeChat)电脑端多开分析+源码
[C++] 纯文本查看 复制代码//步骤1和2的代码//获取到微信所有进程句柄DWORD Num = GetProcIds(L"WeChat.exe", Pids);...Status = ZwQuerySystemInformation(SystemHandleInformation, pbuffer, 0x1000, &dwSize);PSYSTEM_HANDLE_INFORMATIO
[C++] 纯文本查看 复制代码//步骤1和2的代码
//获取到微信所有进程句柄
DWORD Num = GetProcIds(L"WeChat.exe", Pids);
...
Status = ZwQuerySystemInformation(SystemHandleInformation, pbuffer, 0x1000, &dwSize);
PSYSTEM_HANDLE_INFORMATION1 pHandleInfo = (PSYSTEM_HANDLE_INFORMATION1)pbuffer;
for(nIndex = 0; nIndex < pHandleInfo->NumberOfHandles; nIndex++)
{
//句柄在Pids中,就是微信进程的句柄信息
if(IsTargetPid(pHandleInfo->Handles[nIndex].UniqueProcessId, Pids, Num))
{
HANDLE hHandle = DuplicateHandleEx(pHandleInfo->Handles[nIndex].UniqueProcessId,
(HANDLE)pHandleInfo->Handles[nIndex].HandleValue,
DUPLICATE_SAME_ACCESS
);
//对象名
Status = NtQueryObject(hHandle, ObjectNameInformation, szName, 512, &dwFlags);
//对象类型名
Status = NtQueryObject(hHandle, ObjectTypeInformation, szType, 128, &dwFlags);
//找到微信的标志
if (0 == wcscmp(TypName, L"Mutant"))
{
if (wcsstr(Name, L"_WeChat_App_Instance_Identity_Mutex_Name"))
{
//DUPLICATE_CLOSE_SOURCE标志很重要,不明白的查一查
hHandle = DuplicateHandleEx(pHandleInfo->Handles[nIndex].UniqueProcessId,
(HANDLE)pHandleInfo->Handles[nIndex].HandleValue,
DUPLICATE_CLOSE_SOURCE
);
if(hHandle)
{
printf("+ Patch wechat success!\n");
CloseHandle(hHandle);
}
}
}
}
}
}
更多推荐
所有评论(0)