├── .gitignore
├── LICENSE
├── README.md
├── WeixinHunter.sln
├── WeixinHunter
├── WeixinHunter.vcxproj
├── aobscan.cpp
├── aobscan.h
├── main.cpp
├── utils.cpp
└── utils.h
└── img
└── weixin.png
/.gitignore:
--------------------------------------------------------------------------------
1 | ## Ignore Visual Studio temporary files, build results, and
2 | ## files generated by popular Visual Studio add-ons.
3 | ##
4 | ## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore
5 |
6 | # User-specific files
7 | *.suo
8 | *.user
9 | *.userosscache
10 | *.sln.docstates
11 |
12 | # User-specific files (MonoDevelop/Xamarin Studio)
13 | *.userprefs
14 |
15 | # Build results
16 | [Dd]ebug/
17 | [Dd]ebugPublic/
18 | [Rr]elease/
19 | [Rr]eleases/
20 | x64/
21 | x86/
22 | bld/
23 | [Bb]in/
24 | [Oo]bj/
25 | [Ll]og/
26 |
27 | # Visual Studio 2015 cache/options directory
28 | .vs/
29 | # Uncomment if you have tasks that create the project's static files in wwwroot
30 | #wwwroot/
31 |
32 | # MSTest test Results
33 | [Tt]est[Rr]esult*/
34 | [Bb]uild[Ll]og.*
35 |
36 | # NUNIT
37 | *.VisualState.xml
38 | TestResult.xml
39 |
40 | # Build Results of an ATL Project
41 | [Dd]ebugPS/
42 | [Rr]eleasePS/
43 | dlldata.c
44 |
45 | # .NET Core
46 | project.lock.json
47 | project.fragment.lock.json
48 | artifacts/
49 | **/Properties/launchSettings.json
50 |
51 | *_i.c
52 | *_p.c
53 | *_i.h
54 | *.ilk
55 | *.meta
56 | *.obj
57 | *.pch
58 | *.pdb
59 | *.pgc
60 | *.pgd
61 | *.rsp
62 | *.sbr
63 | *.tlb
64 | *.tli
65 | *.tlh
66 | *.tmp
67 | *.tmp_proj
68 | *.log
69 | *.vspscc
70 | *.vssscc
71 | .builds
72 | *.pidb
73 | *.svclog
74 | *.scc
75 |
76 | # Chutzpah Test files
77 | _Chutzpah*
78 |
79 | # Visual C++ cache files
80 | ipch/
81 | *.aps
82 | *.ncb
83 | *.opendb
84 | *.opensdf
85 | *.sdf
86 | *.cachefile
87 | *.VC.db
88 | *.VC.VC.opendb
89 |
90 | # Visual Studio profiler
91 | *.psess
92 | *.vsp
93 | *.vspx
94 | *.sap
95 |
96 | # TFS 2012 Local Workspace
97 | $tf/
98 |
99 | # Guidance Automation Toolkit
100 | *.gpState
101 |
102 | # ReSharper is a .NET coding add-in
103 | _ReSharper*/
104 | *.[Rr]e[Ss]harper
105 | *.DotSettings.user
106 |
107 | # JustCode is a .NET coding add-in
108 | .JustCode
109 |
110 | # TeamCity is a build add-in
111 | _TeamCity*
112 |
113 | # DotCover is a Code Coverage Tool
114 | *.dotCover
115 |
116 | # Visual Studio code coverage results
117 | *.coverage
118 | *.coveragexml
119 |
120 | # NCrunch
121 | _NCrunch_*
122 | .*crunch*.local.xml
123 | nCrunchTemp_*
124 |
125 | # MightyMoose
126 | *.mm.*
127 | AutoTest.Net/
128 |
129 | # Web workbench (sass)
130 | .sass-cache/
131 |
132 | # Installshield output folder
133 | [Ee]xpress/
134 |
135 | # DocProject is a documentation generator add-in
136 | DocProject/buildhelp/
137 | DocProject/Help/*.HxT
138 | DocProject/Help/*.HxC
139 | DocProject/Help/*.hhc
140 | DocProject/Help/*.hhk
141 | DocProject/Help/*.hhp
142 | DocProject/Help/Html2
143 | DocProject/Help/html
144 |
145 | # Click-Once directory
146 | publish/
147 |
148 | # Publish Web Output
149 | *.[Pp]ublish.xml
150 | *.azurePubxml
151 | # TODO: Comment the next line if you want to checkin your web deploy settings
152 | # but database connection strings (with potential passwords) will be unencrypted
153 | *.pubxml
154 | *.publishproj
155 |
156 | # Microsoft Azure Web App publish settings. Comment the next line if you want to
157 | # checkin your Azure Web App publish settings, but sensitive information contained
158 | # in these scripts will be unencrypted
159 | PublishScripts/
160 |
161 | # NuGet Packages
162 | *.nupkg
163 | # The packages folder can be ignored because of Package Restore
164 | **/packages/*
165 | # except build/, which is used as an MSBuild target.
166 | !**/packages/build/
167 | # Uncomment if necessary however generally it will be regenerated when needed
168 | #!**/packages/repositories.config
169 | # NuGet v3's project.json files produces more ignorable files
170 | *.nuget.props
171 | *.nuget.targets
172 |
173 | # Microsoft Azure Build Output
174 | csx/
175 | *.build.csdef
176 |
177 | # Microsoft Azure Emulator
178 | ecf/
179 | rcf/
180 |
181 | # Windows Store app package directories and files
182 | AppPackages/
183 | BundleArtifacts/
184 | Package.StoreAssociation.xml
185 | _pkginfo.txt
186 |
187 | # Visual Studio cache files
188 | # files ending in .cache can be ignored
189 | *.[Cc]ache
190 | # but keep track of directories ending in .cache
191 | !*.[Cc]ache/
192 |
193 | # Others
194 | ClientBin/
195 | ~$*
196 | *~
197 | *.dbmdl
198 | *.dbproj.schemaview
199 | *.jfm
200 | *.pfx
201 | *.publishsettings
202 | orleans.codegen.cs
203 |
204 | # Since there are multiple workflows, uncomment next line to ignore bower_components
205 | # (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
206 | #bower_components/
207 |
208 | # RIA/Silverlight projects
209 | Generated_Code/
210 |
211 | # Backup & report files from converting an old project file
212 | # to a newer Visual Studio version. Backup files are not needed,
213 | # because we have git ;-)
214 | _UpgradeReport_Files/
215 | Backup*/
216 | UpgradeLog*.XML
217 | UpgradeLog*.htm
218 |
219 | # SQL Server files
220 | *.mdf
221 | *.ldf
222 | *.ndf
223 |
224 | # Business Intelligence projects
225 | *.rdl.data
226 | *.bim.layout
227 | *.bim_*.settings
228 |
229 | # Microsoft Fakes
230 | FakesAssemblies/
231 |
232 | # GhostDoc plugin setting file
233 | *.GhostDoc.xml
234 |
235 | # Node.js Tools for Visual Studio
236 | .ntvs_analysis.dat
237 | node_modules/
238 |
239 | # Typescript v1 declaration files
240 | typings/
241 |
242 | # Visual Studio 6 build log
243 | *.plg
244 |
245 | # Visual Studio 6 workspace options file
246 | *.opt
247 |
248 | # Visual Studio 6 auto-generated workspace file (contains which files were open etc.)
249 | *.vbw
250 |
251 | # Visual Studio LightSwitch build output
252 | **/*.HTMLClient/GeneratedArtifacts
253 | **/*.DesktopClient/GeneratedArtifacts
254 | **/*.DesktopClient/ModelManifest.xml
255 | **/*.Server/GeneratedArtifacts
256 | **/*.Server/ModelManifest.xml
257 | _Pvt_Extensions
258 |
259 | # Paket dependency manager
260 | .paket/paket.exe
261 | paket-files/
262 |
263 | # FAKE - F# Make
264 | .fake/
265 |
266 | # JetBrains Rider
267 | .idea/
268 | *.sln.iml
269 |
270 | # CodeRush
271 | .cr/
272 |
273 | # Python Tools for Visual Studio (PTVS)
274 | __pycache__/
275 | *.pyc
276 |
277 | # Cake - Uncomment if you are using it
278 | # tools/**
279 | # !tools/packages.config
280 |
281 | # Telerik's JustMock configuration file
282 | *.jmconfig
283 |
284 | # BizTalk build output
285 | *.btp.cs
286 | *.btm.cs
287 | *.odx.cs
288 | *.xsd.cs
289 |
290 | *.ini
291 | !skin.ini
292 | *.dat
293 | *.bak
294 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | MIT License
2 |
3 | Copyright (c) 2023 baiyies
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy
6 | of this software and associated documentation files (the "Software"), to deal
7 | in the Software without restriction, including without limitation the rights
8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # CppWeixinHunter
2 | 微信内存信息提取 c++实现。体现微信"小而美"的设计理念。可获取自己电脑上已登录微信的微信号,wxid,手机号,sqlite解密密钥。
3 |
4 | # 原理
5 | 通过c++实现的Sunday模式匹配算法。从内存中快速搜索指定数据。获取基址+偏移量与特征,从而达到微信版本每次更新不需要重新查找地址。
6 |
7 | 
8 |
9 | # 参考项目
10 | https://github.com/x1hy9/WeChatUserDB
11 |
--------------------------------------------------------------------------------
/WeixinHunter.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio Version 16
4 | VisualStudioVersion = 16.0.32602.291
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "WeixinHunter", "WeixinHunter\WeixinHunter.vcxproj", "{0B748145-77E0-47AB-B060-70D44FD7B9A2}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|x64 = Debug|x64
11 | Debug|x86 = Debug|x86
12 | Release|x64 = Release|x64
13 | Release|x86 = Release|x86
14 | EndGlobalSection
15 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
16 | {0B748145-77E0-47AB-B060-70D44FD7B9A2}.Debug|x64.ActiveCfg = Debug|x64
17 | {0B748145-77E0-47AB-B060-70D44FD7B9A2}.Debug|x64.Build.0 = Debug|x64
18 | {0B748145-77E0-47AB-B060-70D44FD7B9A2}.Debug|x86.ActiveCfg = Debug|Win32
19 | {0B748145-77E0-47AB-B060-70D44FD7B9A2}.Debug|x86.Build.0 = Debug|Win32
20 | {0B748145-77E0-47AB-B060-70D44FD7B9A2}.Release|x64.ActiveCfg = Release|x64
21 | {0B748145-77E0-47AB-B060-70D44FD7B9A2}.Release|x64.Build.0 = Release|x64
22 | {0B748145-77E0-47AB-B060-70D44FD7B9A2}.Release|x86.ActiveCfg = Release|Win32
23 | {0B748145-77E0-47AB-B060-70D44FD7B9A2}.Release|x86.Build.0 = Release|Win32
24 | EndGlobalSection
25 | GlobalSection(SolutionProperties) = preSolution
26 | HideSolutionNode = FALSE
27 | EndGlobalSection
28 | GlobalSection(ExtensibilityGlobals) = postSolution
29 | SolutionGuid = {81DEE007-8C7A-408D-9303-5A7BCEF7003A}
30 | EndGlobalSection
31 | EndGlobal
32 |
--------------------------------------------------------------------------------
/WeixinHunter/WeixinHunter.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 | Debug
14 | x64
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 |
22 | 16.0
23 | Win32Proj
24 | {0b748145-77e0-47ab-b060-70d44fd7b9a2}
25 | wexinmemoryinfo
26 | 10.0
27 |
28 |
29 |
30 | Application
31 | true
32 | v142
33 | MultiByte
34 |
35 |
36 | Application
37 | false
38 | v142
39 | true
40 | MultiByte
41 |
42 |
43 | Application
44 | true
45 | v142
46 | Unicode
47 |
48 |
49 | Application
50 | false
51 | v142
52 | true
53 | Unicode
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 | true
75 |
76 |
77 | false
78 |
79 |
80 | true
81 |
82 |
83 | false
84 |
85 |
86 |
87 | Level3
88 | true
89 | WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)
90 | false
91 |
92 |
93 | Console
94 | true
95 |
96 |
97 |
98 |
99 | Level3
100 | true
101 | true
102 | false
103 | WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)
104 | false
105 | MultiThreaded
106 |
107 |
108 | Console
109 | true
110 | true
111 | false
112 |
113 |
114 |
115 |
116 | Level3
117 | true
118 | _DEBUG;_CONSOLE;%(PreprocessorDefinitions)
119 | true
120 |
121 |
122 | Console
123 | true
124 |
125 |
126 |
127 |
128 | Level3
129 | true
130 | true
131 | false
132 | NDEBUG;_CONSOLE;%(PreprocessorDefinitions)
133 | true
134 | MultiThreaded
135 |
136 |
137 | Console
138 | true
139 | true
140 | false
141 |
142 |
143 |
144 |
145 |
146 |
147 |
148 |
149 |
150 |
151 |
152 |
153 |
154 |
155 |
--------------------------------------------------------------------------------
/WeixinHunter/aobscan.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/baiyies/CppWeixinHunter/01186f2f02e5c4a72db10f575eb9ca5cb808f7af/WeixinHunter/aobscan.cpp
--------------------------------------------------------------------------------
/WeixinHunter/aobscan.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/baiyies/CppWeixinHunter/01186f2f02e5c4a72db10f575eb9ca5cb808f7af/WeixinHunter/aobscan.h
--------------------------------------------------------------------------------
/WeixinHunter/main.cpp:
--------------------------------------------------------------------------------
1 | #include "utils.h"
2 | //#include
3 | #include "aobscan.h"
4 |
5 | void PrintfHex(BYTE* buff, DWORD length) {
6 | for (size_t i = 0; i < length; i++){
7 | printf("0x%x ",*(buff + i));
8 | }
9 | printf("\n");
10 | }
11 |
12 | void PrintfCFormat(char* name, BYTE* buff, DWORD length) {
13 | printf("unsigned char %s[] = {",name);
14 | for (size_t i = 0; i < length; i++) {
15 | printf("0x%x, ", *(buff + i));
16 | }
17 | printf("};\n");
18 | }
19 |
20 | BOOL ParseWeixin(DWORD PID, BYTE* sig) {
21 | DWORD pBase = 0;
22 | DWORD dwSize = 0;
23 | char* szProcName = "wechatwin.dll";
24 | FindModule(PID, szProcName, &pBase, &dwSize);
25 |
26 | DWORD pAddr = SUNDAY(PID, (unsigned char*)pBase, (unsigned char*)sig, /*sizeof(sig)*/ sizeof(DWORD), dwSize);
27 | if (pAddr == 0){
28 | //printf("未搜索到特征值\n");
29 | return FALSE;
30 | }
31 |
32 | printf("wechatwin.dll基址为:0x%x\n\n", pBase);
33 | //printf("pAddr:0x%x\n", pAddr);
34 |
35 | int usernameLength = 0;
36 | //int intUsernameLength = 0;
37 | ReadProcessMem(PID, (PVOID)(pAddr - 0x5c), &usernameLength, sizeof(int));
38 | //printf("usernameLength:%d\n", usernameLength);
39 |
40 |
41 | BYTE* username = new BYTE[usernameLength + 1];
42 | ReadProcessMem(PID, (PVOID)(pAddr - 0x6c), username, usernameLength);
43 | username[usernameLength] = 0x00;
44 | printf("username:%s\n\n", username);
45 |
46 | int wxidLength = 0;
47 | ReadProcessMem(PID, (PVOID)(pAddr - 0x44), &wxidLength, sizeof(int));
48 | //printf("wxidLength:%d\n", wxidLength);
49 |
50 | //BYTE* wxidAddress = new BYTE[sizeof(int)];
51 | int wxidAddress = 0;
52 | ReadProcessMem(PID, (PVOID)(pAddr - 0x54), &wxidAddress, sizeof(int));
53 | //printf("wxidAddress:0x%x\n", wxidAddress);
54 |
55 | BYTE* wxid = new BYTE[wxidLength + 1];
56 | ReadProcessMem(PID, (PVOID)wxidAddress, wxid, wxidLength);
57 | wxid[wxidLength] = 0x00;
58 | printf("wxid:%s\n\n", wxid);
59 | delete[] wxid;
60 |
61 | int mobilePhoneModelLength = 0;
62 | ReadProcessMem(PID, (PVOID)(pAddr - 0xC), &mobilePhoneModelLength, sizeof(int));
63 | //printf("mobilePhoneModelLength:%d\n", mobilePhoneModelLength);
64 |
65 | BYTE* mobileModel = new BYTE[mobilePhoneModelLength + 1];
66 | ReadProcessMem(PID, (PVOID)wxidAddress, mobileModel, mobilePhoneModelLength);
67 | mobileModel[mobilePhoneModelLength] = 0x00;
68 | //printf("mobileModel:%s\n", mobileModel);
69 | delete[] mobileModel;
70 |
71 | int phoneNumberLength = 0;
72 | ReadProcessMem(PID, (PVOID)(pAddr - 0x47c), &phoneNumberLength, sizeof(int));
73 | //printf("phoneNumberLength:%d\n", phoneNumberLength);
74 |
75 | BYTE* phoneNumber = new BYTE[phoneNumberLength + 1];
76 | ReadProcessMem(PID, (PVOID)(pAddr - 0x48c), phoneNumber, phoneNumberLength);
77 | phoneNumber[phoneNumberLength] = 0x00;
78 | printf("phoneNumber:%s\n\n", phoneNumber);
79 | delete[] phoneNumber;
80 |
81 | int publicKeyLength = 0;
82 | ReadProcessMem(PID, (PVOID)(pAddr + 0x10), &publicKeyLength, sizeof(int));
83 |
84 | int publicKeyAddress = 0;
85 | ReadProcessMem(PID, (PVOID)(pAddr), &publicKeyAddress, sizeof(int));
86 |
87 | BYTE* publicKey = new BYTE[publicKeyLength + 1];
88 | ReadProcessMem(PID, (PVOID)publicKeyAddress, publicKey, publicKeyLength);
89 | publicKey[publicKeyLength] = 0x00;
90 | printf("publicKey:\n%s\n\n", publicKey);
91 | delete[] publicKey;
92 |
93 | int privateKeyLength = 0;
94 | ReadProcessMem(PID, (PVOID)(pAddr + 0x28), &privateKeyLength, sizeof(int));
95 |
96 | int privateKeyAddress = 0;
97 | ReadProcessMem(PID, (PVOID)(pAddr + 0x18), &privateKeyAddress, sizeof(int));
98 |
99 | BYTE* privateKey = new BYTE[privateKeyLength + 1];
100 | ReadProcessMem(PID, (PVOID)privateKeyAddress, privateKey, privateKeyLength);
101 | privateKey[privateKeyLength] = 0x00;
102 | printf("privateKey:\n%s\n\n", privateKey);
103 | delete[] privateKey;
104 |
105 | int sqliteKeyLength = 0;
106 | ReadProcessMem(PID, (PVOID)(pAddr - 0x8c), &sqliteKeyLength, sizeof(int));
107 | //printf("sqliteKeyLength:%d\n", sqliteKeyLength);
108 |
109 | int sqliteKeyAddress = 0;
110 | ReadProcessMem(PID, (PVOID)(pAddr - 0x90), &sqliteKeyAddress, sizeof(int));
111 | //printf("sqliteKeyAddress:0x%x\n", sqliteKeyAddress);
112 |
113 | BYTE* sqliteKey = new BYTE[sqliteKeyLength];
114 | ReadProcessMem(PID, (PVOID)sqliteKeyAddress, sqliteKey, sqliteKeyLength);
115 | //printf("sqliteKey:%s\n", sqliteKey);
116 | printf("解密ChatMsg.db的C语言格式密码:\n");
117 | PrintfCFormat("pass", sqliteKey, sqliteKeyLength);
118 | delete[] sqliteKey;
119 |
120 | return TRUE;
121 | }
122 |
123 | int main() {
124 | DWORD PID = GetProcessID("WeChat.exe");
125 | char* sig = "2D2D2D2D2D424547494E205055424C4943204B45592D2D2D2D2D0A";
126 |
127 | printf("github:https://github.com/baiyies/CppWeixinHunter \n");
128 | printf("仅限用于教育目的,使用本工具的过程中存在任何非法行为,需自行承担相应后果,作者不承担任何法律及连带责任。\n\n");
129 | printf(R"delimiter(
130 |
131 |
132 | __ __ __ __ __ __ __
133 | / | _ / | / | / | / | / | / |
134 | $$ | / \ $$ | ______ $$/ __ __ $$/ _______ $$ | $$ | __ __ _______ _$$ |_ ______ ______
135 | $$ |/$ \$$ | / \ / |/ \ / |/ |/ \ $$ |__$$ |/ | / |/ \ / $$ | / \ / \
136 | $$ /$$$ $$ |/$$$$$$ |$$ |$$ \/$$/ $$ |$$$$$$$ |$$ $$ |$$ | $$ |$$$$$$$ |$$$$$$/ /$$$$$$ |/$$$$$$ |
137 | $$ $$/$$ $$ |$$ $$ |$$ | $$ $$< $$ |$$ | $$ |$$$$$$$$ |$$ | $$ |$$ | $$ | $$ | __ $$ $$ |$$ | $$/
138 | $$$$/ $$$$ |$$$$$$$$/ $$ | /$$$$ \ $$ |$$ | $$ |$$ | $$ |$$ \__$$ |$$ | $$ | $$ |/ |$$$$$$$$/ $$ |
139 | $$$/ $$$ |$$ |$$ |/$$/ $$ |$$ |$$ | $$ |$$ | $$ |$$ $$/ $$ | $$ | $$ $$/ $$ |$$ |
140 | $$/ $$/ $$$$$$$/ $$/ $$/ $$/ $$/ $$/ $$/ $$/ $$/ $$$$$$/ $$/ $$/ $$$$/ $$$$$$$/ $$/
141 |
142 |
143 |
144 |
145 | )delimiter");
146 | if (PID == 0) {
147 | printf("未能找到WeChat.exe进程!搜索失败!\n");
148 | return -1;
149 | }
150 |
151 |
152 |
153 | BOOL isSuccess = FALSE;
154 |
155 | std::vector vResultContainer = AobScan::FindSigX32(PID, sig, 0, 0x7fffffff);
156 | int nSize1 = 0;
157 |
158 | //for (auto it = vResultContainer.begin(); it != vResultContainer.end(); it++) {
159 | // printf("0x%x\n", *it);
160 | //}
161 |
162 | for (auto it = vResultContainer.begin(); it != vResultContainer.end(); it++)
163 | {
164 | BYTE* buf = new BYTE[sizeof(DWORD)];
165 | memcpy(buf, &(*it), sizeof(DWORD));
166 | //PrintfHex(buf, sizeof(DWORD));
167 |
168 | if (ParseWeixin(PID, buf)) {
169 | isSuccess = TRUE;
170 | break;
171 | }
172 | }
173 |
174 | if (isSuccess){
175 | printf("\n搜索成功!\n");
176 | return 0;
177 | }
178 | else{
179 | printf("\n搜索失败!只有登录后才能正确搜索!\n");
180 | return 1;
181 | }
182 | }
--------------------------------------------------------------------------------
/WeixinHunter/utils.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/baiyies/CppWeixinHunter/01186f2f02e5c4a72db10f575eb9ca5cb808f7af/WeixinHunter/utils.cpp
--------------------------------------------------------------------------------
/WeixinHunter/utils.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #include
4 | #include
5 | #include
6 | #include
7 |
8 | DWORD SUNDAY(DWORD PID, unsigned char* lpBaseBuf, unsigned char* pFindData, DWORD nFindDataSize, DWORD nMaxSize);
9 | BOOL FindModule(DWORD pid, char* sz_Module, DWORD* pBase, DWORD* dwSize);
10 | BOOL GetModuleInfo(DWORD dwPID, DWORD* pBase, DWORD* dwSize);
11 | BOOL ReadProcessMem(DWORD dwProcessId, PVOID pAddress, PVOID pReadBuf, DWORD dwReadBufferSize);
12 | DWORD GetProcessID(LPCTSTR lpProcessName);
--------------------------------------------------------------------------------
/img/weixin.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/baiyies/CppWeixinHunter/01186f2f02e5c4a72db10f575eb9ca5cb808f7af/img/weixin.png
--------------------------------------------------------------------------------