|
|
分享源码
| 界面截图: |
- |
| 是否带模块: |
- |
| 备注说明: |
- |
vxhook-3.9.12.51 X64 接受消息 之内存地址特征吗 大佬更新了 可惜发送信息好像没更新0.0 把HOOK的位置 找了下特征 很简单勿喷呀 以后更新自己就可以更新内存了
WeChatWin.dll+20B3F88 - 0F10 06 - movups xmm0,[rsi] { rsi值 读字符串=VXID
--------------------------------------
VXhook位置 特征 48 3B ?????????? 74 ??48 8B ???? 48 85 C9 74 ??488B??E8
WeChatWin.dll+25C742D - 48 3B 83 D8000000 - cmp rax,[rbx+000000D8] { ************hook地址WeChatWin.dll+25C742D
WeChatWin.dll+25C737C - CC - int 3
WeChatWin.dll+25C737D - CC - int 3
WeChatWin.dll+25C737E - CC - int 3
WeChatWin.dll+25C737F - CC - int 3
WeChatWin.dll+25C7380 - 48 89 5C 24 10 - mov [rsp+10],rbx
WeChatWin.dll+25C7385 - 48 89 6C 24 18 - mov [rsp+18],rbp
WeChatWin.dll+25C738A - 48 89 74 24 20 - mov [rsp+20],rsi
WeChatWin.dll+25C738F - 57 - push rdi
WeChatWin.dll+25C7390 - 48 83 EC 50 - sub rsp,50 { 80 }
WeChatWin.dll+25C7394 - 48 8B FA - mov rdi,rdx
WeChatWin.dll+25C7397 - 48 8B D9 - mov rbx,rcx
WeChatWin.dll+25C739A - 80 B9 10010000 00 - cmp byte ptr [rcx+00000110],00 { 0 }
WeChatWin.dll+25C73A1 - 0F84 AA000000 - je WeChatWin.dll+25C7451
WeChatWin.dll+25C73A7 - 8B 8A B8000000 - mov ecx,[rdx+000000B8]
WeChatWin.dll+25C73AD - 48 8B 83 18010000 - mov rax,[rbx+00000118]
WeChatWin.dll+25C73B4 - 48 3B C8 - cmp rcx,rax
WeChatWin.dll+25C73B7 - 76 07 - jna WeChatWin.dll+25C73C0
WeChatWin.dll+25C73B9 - 48 87 8B 18010000 - xchg [rbx+00000118],rcx
WeChatWin.dll+25C73C0 - 48 8D B3 E8000000 - lea rsi,[rbx+000000E8]
WeChatWin.dll+25C73C7 - 48 89 74 24 20 - mov [rsp+20],rsi
WeChatWin.dll+25C73CC - 33 ED - xor ebp,ebp
WeChatWin.dll+25C73CE - 89 6C 24 28 - mov [rsp+28],ebp
WeChatWin.dll+25C73D2 - 48 8B CE - mov rcx,rsi
WeChatWin.dll+25C73D5 - FF 15 8DD52202 - call qword ptr [WeChatWin.dll+47F4968] { -ntdll.RtlEnterCriticalSection }
WeChatWin.dll+25C73DB - 90 - nop
WeChatWin.dll+25C73DC - 48 8D 57 10 - lea rdx,[rdi+10]
WeChatWin.dll+25C73E0 - 48 8D 4C 24 30 - lea rcx,[rsp+30]
WeChatWin.dll+25C73E5 - E8 16640600 - call WeChatWin.dll+262D800
WeChatWin.dll+25C73EA - 4C 8D 44 24 30 - lea r8,[rsp+30]
WeChatWin.dll+25C73EF - 48 8D 54 24 60 - lea rdx,[rsp+60]
WeChatWin.dll+25C73F4 - 48 8D 8B D8000000 - lea rcx,[rbx+000000D8]
WeChatWin.dll+25C73FB - E8 808658FF - call WeChatWin.dll+1B4FA80
WeChatWin.dll+25C7400 - 48 8B 4C 24 30 - mov rcx,[rsp+30]
WeChatWin.dll+25C7405 - 48 85 C9 - test rcx,rcx
WeChatWin.dll+25C7408 - 74 0A - je WeChatWin.dll+25C7414
WeChatWin.dll+25C740A - E8 052EE401 - call WeChatWin.dll+440A214
WeChatWin.dll+25C740F - 48 89 6C 24 30 - mov [rsp+30],rbp
WeChatWin.dll+25C7414 - 48 89 6C 24 38 - mov [rsp+38],rbp
WeChatWin.dll+25C7419 - 48 8B 4C 24 40 - mov rcx,[rsp+40]
WeChatWin.dll+25C741E - 48 85 C9 - test rcx,rcx
WeChatWin.dll+25C7421 - 74 05 - je WeChatWin.dll+25C7428
WeChatWin.dll+25C7423 - E8 EC2DE401 - call WeChatWin.dll+440A214
WeChatWin.dll+25C7428 - 48 8B 44 24 60 - mov rax,[rsp+60]
WeChatWin.dll+25C742D - 48 3B 83 D8000000 - cmp rax,[rbx+000000D8] { ************hook地址WeChatWin.dll+25C742D
}
WeChatWin.dll+25C7434 - 74 12 - je WeChatWin.dll+25C7448
WeChatWin.dll+25C7436 - 48 8B 48 40 - mov rcx,[rax+40]
WeChatWin.dll+25C743A - 48 85 C9 - test rcx,rcx
WeChatWin.dll+25C743D - 74 09 - je WeChatWin.dll+25C7448
WeChatWin.dll+25C743F - 48 8B D7 - mov rdx,rdi
WeChatWin.dll+25C7442 - E8 59AA65FF - call WeChatWin.dll+1C21EA0
WeChatWin.dll+25C7447 - 90 - nop
WeChatWin.dll+25C7448 - 48 8B CE - mov rcx,rsi
WeChatWin.dll+25C744B - FF 15 1FD52202 - call qword ptr [WeChatWin.dll+47F4970] { -ntdll.RtlLeaveCriticalSection }
WeChatWin.dll+25C7451 - 48 8B 5C 24 68 - mov rbx,[rsp+68]
WeChatWin.dll+25C7456 - 48 8B 6C 24 70 - mov rbp,[rsp+70]
WeChatWin.dll+25C745B - 48 8B 74 24 78 - mov rsi,[rsp+78]
WeChatWin.dll+25C7460 - 48 83 C4 50 - add rsp,50 { 80 }
WeChatWin.dll+25C7464 - 5F - pop rdi
WeChatWin.dll+25C7465 - C3 - ret
WeChatWin.dll+25C7466 - CC - int 3
|
|
粤公网安备 44522102000125 增值电信业务经营许可证 粤B2-20192173
发表于 
主题置顶卡
沉默卡
变色卡
楼主
啥版本 特征一般也不会变化 除非结构大变化了才会变
扫一扫,关注易界动态