Skip to content

C
ComWeChatRobot

被猫吃掉的鱼Z / ComWeChatRobot
与 Fork 源项目一致

从无法访问的项目Fork

通知 1
Star 1
Fork 0
C
ComWeChatRobot

体验新版 GitCode,发现更多精彩内容 >>

切换分支/标签
查找文件 普通视图历史永久链接Permalink
GetDbHandles.cpp 4.9 KB
Newer Older
L
添加数据库相关接口  
ljc545w 已提交
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 
#include "pch.h"

struct TableInfoAddrStruct {
    DWORD name;
    DWORD l_name;
    DWORD tbl_name;
    DWORD l_tbl_name;
    DWORD sql;
    DWORD l_sql;
    DWORD rootpage;
    DWORD l_rootpage;
};

struct DbInfoAddrStruct {
    DWORD handle;
    DWORD dbname;
    DWORD l_dbname;
    // vectorݽṹ
#ifdef _DEBUG
    DWORD v_head;
#endif
    DWORD v_data;
    DWORD v_end1;
    DWORD v_end2;
    // 
    DWORD count;
};

struct TableInfoStruct {
    char* name;
    char* tbl_name;
    char* sql;
    char* rootpage;
};

struct DbInfoStruct {
    DWORD handle;
    wchar_t* dbname;
    vector<TableInfoStruct> tables;
    DWORD count;
};

vector<DbInfoStruct> dbs;

SAFEARRAY* CreateDbInfoSafeArray() {
    SAFEARRAY* psaValue;
    ULONG count = 0;
    HRESULT hr = S_OK;
    for (unsigned int i = 0; i < dbs.size(); i++) {
        count += dbs[i].count;
    }
    SAFEARRAYBOUND rgsaBound[3] = { {count,0},{6,0},{2,0} };
    psaValue = SafeArrayCreate(VT_VARIANT, 3, rgsaBound);
    long index = 0;
    for (unsigned int i = 0; i < dbs.size(); i++) {
        for (unsigned int j = 0; j < dbs[i].tables.size(); j++) {
            LONG ArrayIndex[3] = { index,0,0 };
            ArrayIndex[1] = 0; ArrayIndex[2] = { 0 };
            hr = SafeArrayPutElement(psaValue, ArrayIndex, &(_variant_t)L"dbname");
            ArrayIndex[1] = 0; ArrayIndex[2] = { 1 };
            hr = SafeArrayPutElement(psaValue, ArrayIndex, &(_variant_t)dbs[i].dbname);
            ArrayIndex[1] = 1; ArrayIndex[2] = { 0 };
            hr = SafeArrayPutElement(psaValue, ArrayIndex, &(_variant_t)L"Handle");
            ArrayIndex[1] = 1; ArrayIndex[2] = { 1 };
            hr = SafeArrayPutElement(psaValue, ArrayIndex, &(_variant_t)dbs[i].handle);
            ArrayIndex[1] = 2; ArrayIndex[2] = { 0 };
            hr = SafeArrayPutElement(psaValue, ArrayIndex, &(_variant_t)L"name");
            ArrayIndex[1] = 2; ArrayIndex[2] = { 1 };
            hr = SafeArrayPutElement(psaValue, ArrayIndex, &(_variant_t)dbs[i].tables[j].name);
            ArrayIndex[1] = 3; ArrayIndex[2] = { 0 };
            hr = SafeArrayPutElement(psaValue, ArrayIndex, &(_variant_t)L"tbl_name");
            ArrayIndex[1] = 3; ArrayIndex[2] = { 1 };
            hr = SafeArrayPutElement(psaValue, ArrayIndex, &(_variant_t)dbs[i].tables[j].tbl_name);
            ArrayIndex[1] = 4; ArrayIndex[2] = { 0 };
            hr = SafeArrayPutElement(psaValue, ArrayIndex, &(_variant_t)L"rootpage");
            ArrayIndex[1] = 4; ArrayIndex[2] = { 1 };
            hr = SafeArrayPutElement(psaValue, ArrayIndex, &(_variant_t)dbs[i].tables[j].rootpage);
            ArrayIndex[1] = 5; ArrayIndex[2] = { 0 };
            hr = SafeArrayPutElement(psaValue, ArrayIndex, &(_variant_t)L"sql");
            ArrayIndex[1] = 5; ArrayIndex[2] = { 1 };
            hr = SafeArrayPutElement(psaValue, ArrayIndex, &(_variant_t)dbs[i].tables[j].sql);
            index++;
        }
    }
    return psaValue;
}
L
提供多开管理Beta  
ljc545w 已提交
88 
SAFEARRAY* GetDbHandles(DWORD pid) {
L
优化多开管理  
ljc545w 已提交
89 90 91 92 93 
    dbs.clear();
    WeChatProcess hp(pid);
    if (!hp.m_init) return NULL;
    DWORD GetDbHandlesRemoteAddr = hp.GetProcAddr(GetDbHandlesRemote);
    if (GetDbHandlesRemoteAddr == 0)
L
添加数据库相关接口  
ljc545w 已提交
94 
        return NULL;
L
优化多开管理  
ljc545w 已提交
95 
    DWORD ret = CallRemoteFunction(hp.GetHandle(), GetDbHandlesRemoteAddr, NULL);
L
添加数据库相关接口  
ljc545w 已提交
96 97 
    while (1) {
        DbInfoAddrStruct dbaddr = { 0 };
L
优化多开管理  
ljc545w 已提交
98 
        ReadProcessMemory(hp.GetHandle(), (LPCVOID)ret, &dbaddr, sizeof(DbInfoAddrStruct), 0);
L
添加数据库相关接口  
ljc545w 已提交
99 100 101 102 103 104 
        if (dbaddr.handle == 0)
            break;
        DbInfoStruct db = { 0 };
        db.handle = dbaddr.handle;
        db.count = dbaddr.count;
        db.dbname = new wchar_t[dbaddr.l_dbname + 1];
L
优化多开管理  
ljc545w 已提交
105 
        ReadProcessMemory(hp.GetHandle(), (LPCVOID)dbaddr.dbname, db.dbname, sizeof(wchar_t) * (dbaddr.l_dbname + 1), 0);
L
添加数据库相关接口  
ljc545w 已提交
106 107 108 109 
        DWORD db_table_start_addr = dbaddr.v_data;
        while (db_table_start_addr < dbaddr.v_end1) {
            TableInfoAddrStruct tbaddr = { 0 };
            TableInfoStruct tb = { 0 };
L
优化多开管理  
ljc545w 已提交
110 
            ReadProcessMemory(hp.GetHandle(), (LPCVOID)db_table_start_addr, &tbaddr, sizeof(TableInfoAddrStruct), 0);
L
添加数据库相关接口  
ljc545w 已提交
111 
            tb.name = new char[tbaddr.l_name + 1];
L
优化多开管理  
ljc545w 已提交
112 
            ReadProcessMemory(hp.GetHandle(), (LPCVOID)tbaddr.name, tb.name, tbaddr.l_name + 1, 0);
L
添加数据库相关接口  
ljc545w 已提交
113 
            tb.tbl_name = new char[tbaddr.l_tbl_name + 1];
L
优化多开管理  
ljc545w 已提交
114 
            ReadProcessMemory(hp.GetHandle(), (LPCVOID)tbaddr.tbl_name, tb.tbl_name, tbaddr.l_tbl_name + 1, 0);
L
添加数据库相关接口  
ljc545w 已提交
115 
            tb.rootpage = new char[tbaddr.l_rootpage + 1];
L
优化多开管理  
ljc545w 已提交
116 
            ReadProcessMemory(hp.GetHandle(), (LPCVOID)tbaddr.rootpage, tb.rootpage, tbaddr.l_rootpage + 1, 0);
L
添加数据库相关接口  
ljc545w 已提交
117 
            tb.sql = new char[tbaddr.l_sql + 1];
L
优化多开管理  
ljc545w 已提交
118 
            ReadProcessMemory(hp.GetHandle(), (LPCVOID)tbaddr.sql, tb.sql, tbaddr.l_sql + 1, 0);
L
添加数据库相关接口  
ljc545w 已提交
119 120 121 122 
            db.tables.push_back(tb);
            db_table_start_addr += sizeof(TableInfoAddrStruct);
        }
        dbs.push_back(db);
L
优化多开管理  
ljc545w 已提交
123 
        ret += sizeof(DbInfoAddrStruct);
L
添加数据库相关接口  
ljc545w 已提交
124 125 126 127 
    }
    SAFEARRAY* psaValue = CreateDbInfoSafeArray();
    return psaValue;
}