首頁 探索 說明
登入
WM
/
WechatBakTool
镜像来自 https://github.com/SuxueCode/WechatBakTool
2
0
複刻 0
檔案 問題管理 0 Wiki
目錄樹: 1929ef64fe
分支列表 標籤列表
WechatBakTool
/
Helpers
/
ProcessHelper.cs

ProcessHelper.cs 2.6 KB
文件歷史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778 
  1. using System;
    2. 

  2. using System.Collections.Generic;
    3. 

  3. using System.Diagnostics;
    4. 

  4. using System.IO;
    5. 

  5. using System.Linq;
    6. 

  6. using System.Net.NetworkInformation;
    7. 

  7. using System.Runtime.InteropServices;
    8. 

  8. using System.Text;
    9. 

  9. using System.Threading.Tasks;
    10. 

  10. using System.Windows;
    11. 

  11. 

  12. namespace WechatBakTool.Helpers
    13. 

  13. {
    14. 

  14.     public class ProcessHelper
    15. 

  15.     {
    16. 

  16.         public static ProcessModule? FindProcessModule(int ProcessId, string ModuleName)
    17. 

  17.         {
    18. 

  18.             Process process = Process.GetProcessById(ProcessId);
    19. 

  19.             foreach (ProcessModule module in process.Modules)
    20. 

  20.             {
    21. 

  21.                 if (module.ModuleName == ModuleName)
    22. 

  22.                     return module;
    23. 

  23.             }
    24. 

  24.             return null;
    25. 

  25.         }
    26. 

  26. 

  27.         public static List<int> FindProcessMemory(IntPtr processHandle, ProcessModule module, string content)
    28. 

  28.         {
    29. 

  29.             byte[] buffer = new byte[module.ModuleMemorySize];
    30. 

  30.             byte[] search = Encoding.ASCII.GetBytes(content);
    31. 

  31.             // 逐页读取数据
    32. 

  32. 

  33.             List<int> offset = new List<int>();
    34. 

  34.             int readBytes;
    35. 

  35.             bool success = ReadProcessMemory(processHandle, module.BaseAddress, buffer, buffer.Length,out readBytes);
    36. 

  36. 

  37.             if (!success || readBytes == 0)
    38. 

  38.             {
    39. 

  39.                 int error = Marshal.GetLastWin32Error();
    40. 

  40.                 Console.WriteLine($"ReadProcessMemory failed. GetLastError: {error}");
    41. 

  41.             }
    42. 

  42.             else
    43. 

  43.             {
    44. 

  44.                 for (int i = 0; i < buffer.Length; i++)
    45. 

  45.                 {
    46. 

  46.                     if (buffer[i] == search[0])
    47. 

  47.                     {
    48. 

  48.                         for (int s = 1; s < search.Length; s++)
    49. 

  49.                         {
    50. 

  50.                             if (buffer[i + s] != search[s])
    51. 

  51.                                 break;
    52. 

  52.                             if (s == search.Length - 1)
    53. 

  53.                                 offset.Add(i);
    54. 

  54.                         }
    55. 

  55. 

  56.                     }
    57. 

  57.                 }
    58. 

  58.             }
    59. 

  59.             return offset;
    60. 

  60.         }
    61. 

  61. 

  62.         // 这里开始下面是对Windows API引用声明
    63. 

  63.         public static byte[]? ReadMemoryDate(IntPtr hProcess, IntPtr lpBaseAddress, int nSize = 100)
    64. 

  64.         {
    65. 

  65.             byte[] array = new byte[nSize];
    66. 

  66.             int readByte;
    67. 

  67.             if (!ReadProcessMemory(hProcess, lpBaseAddress, array, nSize, out readByte))
    68. 

  68.                 return null;
    69. 

  69.             else
    70. 

  70.                 return array;
    71. 

  71.         }
    72. 

  72. 

  73.         [DllImport("kernel32.dll", SetLastError = true)]
    74. 

  74.         public static extern bool ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [Out] byte[] lpBuffer, int nSize, out int lpNumberOfBytesRead);
    75. 

  75.         
    76. 

  76.     }
    77. 

  77. 

  78. }
    79.