WM
/
WechatBakTool
-ын хуулбар https://github.com/SuxueCode/WechatBakTool


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899
							using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.IO;
using System.Linq;
using System.Net.NetworkInformation;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading.Tasks;
using System.Windows;

namespace WechatPCMsgBakTool.Helpers
{
    public class ProcessHelper
    {
        
        public static Process? GetProcess(string ProcessName)
        {
            Process[] processes = Process.GetProcessesByName(ProcessName);
            if (processes.Length == 0)
                return null;
            else if(processes.Length > 1) {
                SelectWechat selectWechat = new SelectWechat();
                MessageBox.Show("检测到有多个微信，请选择本工作区对应的微信");
                selectWechat.ShowDialog();
                if (selectWechat.SelectProcess == null)
                    return null;

                Process? p = processes.ToList().Find(x => x.Id.ToString() == selectWechat.SelectProcess.ProcessId);
                if (p == null)
                    return null;
                return p;
            }
            else
                return processes[0];
        }
        public static ProcessModule? FindProcessModule(int ProcessId, string ModuleName)
        {
            Process process = Process.GetProcessById(ProcessId);
            foreach (ProcessModule module in process.Modules)
            {
                if (module.ModuleName == ModuleName)
                    return module;
            }
            return null;
        }

        public static List<int> FindProcessMemory(IntPtr processHandle, ProcessModule module, string content)
        {
            byte[] buffer = new byte[module.ModuleMemorySize];
            byte[] search = Encoding.ASCII.GetBytes(content);
            // 逐页读取数据

            List<int> offset = new List<int>();
            int readBytes;
            bool success = ReadProcessMemory(processHandle, module.BaseAddress, buffer, buffer.Length,out readBytes);

            if (!success || readBytes == 0)
            {
                int error = Marshal.GetLastWin32Error();
                Console.WriteLine($"ReadProcessMemory failed. GetLastError: {error}");
            }
            else
            {
                for (int i = 0; i < buffer.Length; i++)
                {
                    if (buffer[i] == search[0])
                    {
                        for (int s = 1; s < search.Length; s++)
                        {
                            if (buffer[i + s] != search[s])
                                break;
                            if (s == search.Length - 1)
                                offset.Add(i);
                        }

                    }
                }
            }
            return offset;
        }

        // 这里开始下面是对Windows API引用声明
        public static byte[]? ReadMemoryDate(IntPtr hProcess, IntPtr lpBaseAddress, int nSize = 100)
        {
            byte[] array = new byte[nSize];
            int readByte;
            if (!ReadProcessMemory(hProcess, lpBaseAddress, array, nSize, out readByte))
                return null;
            else
                return array;
        }

        [DllImport("kernel32.dll", SetLastError = true)]
        public static extern bool ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [Out] byte[] lpBuffer, int nSize, out int lpNumberOfBytesRead);
        
    }

}