private void button5_Click(object sender, EventArgs e) { byte[] jmp_inst = { 233, 0, 0, 0, 0,//JMP Address }; int Method = NativeAPI.GetMethodPTR(typeof(WeChetHook), "Callback"); textBox3.Text = (3212659 + int.Parse(label1.Text)).ToString(); List <byte> byteSource = new List <byte>(); byteSource.AddRange(new byte[] { 199, 134, 236, 2, 0, 0 }); //mov dword [esi+0x000002EC], byteSource.AddRange(BitConverter.GetBytes(int.Parse(textBox3.Text) + 5)); //0x00000000 把hook的后五个字节地址压进寄存器 byteSource.AddRange(jmp_inst); //让他跳到跳板函数 //这部分根据实际情况填写 byteSource.Add(185); //补充替换的汇编指令 byteSource.AddRange(BitConverter.GetBytes(int.Parse(label1.Text) + 19255272)); //补充替换的汇编指令地址 //开始hook Inline_Hook.InlineHook(int.Parse(textBox3.Text), 5, byteSource.ToArray(), getInt(Method), 11 + 10, "接收消息", (obj) => { StringBuilder sb = new StringBuilder(); sb.Append("接收消息:"); int a = 0x68; //System.Windows.Forms.MessageBox.Show("esp:"+a.ToString()); try { if (obj.ESP == 0) { return; } int MsgPtr = NativeAPI.ReadMemoryValue(obj.ESP); if (MsgPtr == 0) { return; } MsgPtr = NativeAPI.ReadMemoryValue(MsgPtr); if (MsgPtr == 0) { return; } MsgPtr = NativeAPI.ReadMemoryValue(MsgPtr + 0x68); if (MsgPtr == 0) { return; } int len = NativeAPI.lstrlenW(MsgPtr); if (len == 0) { return; } sb.Append(NativeAPI.ReadMemoryStrValue(MsgPtr, len * 2 + 2)); sb.Append("\r\n"); listBox1.Items.Add(sb.ToString()); } catch (Exception es) { File.AppendAllText("error.txt", es.Message); } }); }
/// <summary> /// 前两个是不属于参数 /// </summary> /// <param name="Default1">默认</param> /// <param name="Default2">默认</param> /// <param name="EAX"></param> /// <param name="EBX"></param> /// <param name="ECX"></param> /// <param name="EDX"></param> /// <param name="ESI"></param> /// <param name="EDI"></param> /// <param name="EBP"></param> /// <param name="ESP"></param> public static void Callback(int Default1, int Default2, int ECX, int EAX, int EDX, int EBX, int ESP, int EBP, int ESI, int EDI) { int ptr = NativeAPI.ReadMemoryValue(Default2); if (Methods.callBacks.ContainsKey(ptr)) { Methods.callBacks[ptr](Default1, ptr, ECX, EAX, EDX, EBX, ESP, EBP, ESI, EDI); } //System.Windows.Forms.MessageBox.Show("微信hook消息拦截成功EAX:" + NativeAPI.ReadMemoryValue(Default2).ToString(), "hook成功"); //System.Windows.Forms.MessageBox.Show("微信hook消息拦截成功ESP:" + Default2.ToString(), "hook成功"); }