using Microsoft.Win32;
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.IO;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
using System.Windows;
namespace L000WeChatDllInjector
{
/// <summary>
/// MainWindow.xaml 的交互邏輯
/// </summary>
public partial class MainWindow : Window
{
public MainWindow()
{
InitializeComponent();
}
private void Window_Loaded(object sender, RoutedEventArgs e)
{
Refresh();
}
/// <summary>
/// 刷新信息
/// </summary>
public void Refresh()
{
int WxId = 0;
Process[] processes = Process.GetProcessesByName("WeChat");
StringBuilder wxInfo = new StringBuilder();
wxInfo.Append("刷新時間:\t" + DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss") + Environment.NewLine);
wxInfo.Append("DLL位置:\t" + Path.GetDirectoryName(Process.GetCurrentProcess().MainModule.FileName) + Environment.NewLine);
foreach (Process process in processes)
{
WxId = process.Id;
wxInfo.Append("進程PID:\t" + process.Id + Environment.NewLine);
wxInfo.Append("窗口標題:\t" + process.MainWindowTitle + Environment.NewLine);
wxInfo.Append("啓動時間:\t" + process.StartTime.ToString("yyyy-MM-dd HH:mm:ss") + Environment.NewLine);
//確定微信版本
foreach (ProcessModule item in process.Modules)
{
if (item.ModuleName.ToLower() != "WeChatWin.dll".ToLower()) continue;
wxInfo.Append("微信目錄:\t" + System.IO.Path.GetDirectoryName(process.MainModule.FileName) + Environment.NewLine);
wxInfo.Append("微信版本:\t" + item.FileVersionInfo.FileVersion + Environment.NewLine);
wxInfo.Append("微信基址:\t" + "0x" + item.BaseAddress.ToString("X8") + Environment.NewLine);
break;
}
break;
}
tb_WxInfo.Text = wxInfo.ToString();
//遍歷當前文件目錄下的DLL
List<String> fileList = new List<string>();
this.cb_dllLists.ItemsSource = null;
foreach (String item in Directory.GetFiles(".", "*.dll"))
{
fileList.Add(System.IO.Path.GetFileName(item));
}
this.cb_dllLists.ItemsSource = fileList;
this.cb_dllLists.SelectedIndex = 0;
if (WxId == 0)
{
tb_WxInfo.Text = "錯誤信息:注入前請先啓動微信!";
}
}
/// <summary>
/// 刷新
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
private void Bt_Refresh_Click(object sender, RoutedEventArgs e)
{
Refresh();
}
/// <summary>
/// 注入
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
private void Bt_Inject_Click(object sender, RoutedEventArgs e)
{
//1) 遍歷系統中的進程,找到微信進程(CreateToolhelp32Snapshot、Process32Next)
Process[] processes = Process.GetProcesses();
Process WxProcess = null;
foreach (Process process in processes)
{
if (process.ProcessName.ToLower() == "WeChat".ToLower())
{
WxProcess = process;
foreach (ProcessModule processModule in WxProcess.Modules)
{
if (processModule.ModuleName == cb_dllLists.Text)
{
MessageBox.Show("DLL文件“" + cb_dllLists.Text + "”之前已注入!\n\n若要重新注入,請先重啓微信!", "警告", MessageBoxButton.OK, MessageBoxImage.Stop);
return;
}
}
break;
}
}
if (WxProcess == null)
{
MessageBox.Show("注入前請先啓動微信!", "錯誤", MessageBoxButton.OK, MessageBoxImage.Error);
return;
}
//2) 打開微信進程,獲得HANDLE(OpenProcess)。
//3) 在微信進程中爲DLL文件路徑字符串申請內存空間(VirtualAllocEx)。
if (this.cb_dllLists.Items.Count == 0)
{
MessageBox.Show("沒找到被注入的DLL文件!\n請把被注入的DLL文件放在本程序所在目錄下。", "錯誤", MessageBoxButton.OK, MessageBoxImage.Error);
return;
}
//默認選擇第一項
if (this.cb_dllLists.SelectedIndex == -1)
{
this.cb_dllLists.SelectedIndex = 0;
}
if (this.cb_dllLists.Text == null || this.cb_dllLists.Text == "")
{
MessageBox.Show("沒找到被注入的DLL文件!\n請把被注入的DLL文件放在本程序所在目錄下。", "錯誤", MessageBoxButton.OK, MessageBoxImage.Error);
return;
}
String DLlPath = System.IO.Path.GetFullPath(this.cb_dllLists.Text); //\0
if (File.Exists(DLlPath) == false)
{
MessageBox.Show("被注入的DLL文件(" + DLlPath + ")不存在!\n請把被注入的DLL文件放在本程序所在目錄下。", "錯誤", MessageBoxButton.OK, MessageBoxImage.Error);
return;
}
int DllPathSize = DLlPath.Length * 2 + 1;
int MEM_COMMIT = 0x00001000;
int PAGE_READWRITE = 0x04;
int DllAddress = VirtualAllocEx((int)WxProcess.Handle, 0, DllPathSize, MEM_COMMIT, PAGE_READWRITE);
if (DllAddress == 0)
{
MessageBox.Show("內存分配失敗!");
return;
}
tb_WxInfo.AppendText("內存地址:\t" + "0x" + DllAddress.ToString("X8") + Environment.NewLine);
//4) 把DLL文件路徑字符串寫入到申請的內存中(WriteProcessMemory)
if (WriteProcessMemory((int)WxProcess.Handle, DllAddress, DLlPath, DllPathSize, 0) == false)
{
MessageBox.Show("內存寫入失敗!");
return;
};
//5) 從Kernel32.dll中獲取LoadLibraryA的函數地址(GetModuleHandle、GetProcAddress)
int module = GetModuleHandleA("Kernel32.dll");
int LoadLibraryAddress = GetProcAddress(module, "LoadLibraryA");
if (LoadLibraryAddress == 0)
{
MessageBox.Show("查找LoadLibraryA地址失敗!");
return;
}
//6) 在微信中啓動內存中指定了文件名路徑的DLL(CreateRemoteThread)。
if (CreateRemoteThread((int)WxProcess.Handle, 0, 0, LoadLibraryAddress, DllAddress, 0, 0) == 0)
{
MessageBox.Show("執行遠程線程失敗!");
return;
}
tb_WxInfo.AppendText("成功注入:\t" + cb_dllLists.Text + Environment.NewLine);
}
#region WinApi
[DllImport("Kernel32.dll")]
//LPVOID VirtualAllocEx(
// HANDLE hProcess,
// LPVOID lpAddress,
// SIZE_T dwSize,
// DWORD flAllocationType,
// DWORD flProtect
//);
public static extern int VirtualAllocEx(int hProcess, int lpAddress, int dwSize, int flAllocationType, int flProtect);
[DllImport("Kernel32.dll")]
//BOOL WriteProcessMemory(
// HANDLE hProcess,
// LPVOID lpBaseAddress,
// LPCVOID lpBuffer,
// SIZE_T nSize,
// SIZE_T* lpNumberOfBytesWritten
//);
public static extern Boolean WriteProcessMemory(int hProcess, int lpBaseAddress, String lpBuffer, int nSize, int lpNumberOfBytesWritten);
[DllImport("Kernel32.dll")]
//HMODULE GetModuleHandleA(
// LPCSTR lpModuleName
//);
public static extern int GetModuleHandleA(String lpModuleName);
[DllImport("Kernel32.dll")]
//FARPROC GetProcAddress(
// HMODULE hModule,
// LPCSTR lpProcName
//);
public static extern int GetProcAddress(int hModule, String lpProcName);
[DllImport("Kernel32.dll")]
//HANDLE CreateRemoteThread(
// HANDLE hProcess,
// LPSECURITY_ATTRIBUTES lpThreadAttributes,
// SIZE_T dwStackSize,
// LPTHREAD_START_ROUTINE lpStartAddress,
// LPVOID lpParameter,
// DWORD dwCreationFlags,
// LPDWORD lpThreadId
//);
public static extern int CreateRemoteThread(int hProcess, int lpThreadAttributes, int dwStackSize, int lpStartAddress, int lpParameter, int dwCreationFlags, int lpThreadId);
[DllImport("Kernel32.dll")]
//BOOL VirtualFreeEx(
// HANDLE hProcess,
// LPVOID lpAddress,
// SIZE_T dwSize,
// DWORD dwFreeType
//);
public static extern Boolean VirtualFreeEx(int hProcess, int lpAddress, int dwSize, int dwFreeType);
#endregion
/// <summary>
/// 打開視頻幫助
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
private void Bt_Help_Click(object sender, RoutedEventArgs e)
{
Process.Start("http://t.cn/EXUbebQ");
}
/// <summary>
/// 重啓微信
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
private void Bt_WxRestart_Click(object sender, RoutedEventArgs e)
{
//如果當前系統中,微信在運行,則重啓微信
String WxPath = "";
Process[] processes = Process.GetProcesses();
foreach (Process process in processes)
{
if (process.ProcessName.ToLower() == "WeChat".ToLower())
{
if (WxPath == "")
{
WxPath = process.MainModule.FileName;
}
process.Kill();
}
}
//啓動微信
if (WxPath == "")
{
//在註冊表中查找微信
//計算機\HKEY_CURRENT_USER\Software\Tencent\WeChat
//InstallPath
try
{
RegistryKey registryKey = Registry.CurrentUser;
RegistryKey software = registryKey.OpenSubKey("Software\\Tencent\\WeChat");
object InstallPath = software.GetValue("InstallPath");
WxPath = InstallPath.ToString() + "\\WeChat.exe";
registryKey.Close();
}
catch
{
WxPath = "";
}
}
if (WxPath != "")
{
Process.Start(WxPath);
Thread.Sleep(500);
Refresh();
}
else
{
MessageBox.Show("在系統中未找到微信,請手動啓動微信", "錯誤", MessageBoxButton.OK, MessageBoxImage.Asterisk);
}
}
/// <summary>
/// 打開github代碼倉庫
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
private void Bt_GitHub_Click(object sender, RoutedEventArgs e)
{
Process.Start("https://github.com/zmrbak/PcWeChatHooK");
}
}
}
示例來源:
網易雲課堂《2019 PC 微信探祕》