学步园

[cpp]
view plaincopyprint?

1. #include "stdafx.h" 
   
2.  
3. //对比数据，找到相同字节集的偏移 
   
4. int GetInBuffer(const
   void *pStart, int nLen,
   const void *pFindBuffer,
   int nfLen) 
5. { 
6.     for (int i = 0; i < nLen - nfLen; i++) 
   
7.     { 
8.         if (memcmp((void *)((ULONG)pStart + i), pFindBuffer, nfLen) == 0) 
   
9.         { 
10.             return i; 
11.         } 
12.     } 
13.  
14.     return -1; 
15. } 
16.  
17. void ReadQQ(DWORD dwProcessId) 
    
18. { 
19.     //由于QQ是使用Unicode字符集的，所以我们使用wchar_t类型 
    
20.     static wchar_t QQDATA[] = L"Msg2.0.db";  
    
21.     //MsgEx.db，好像以前有个版本的数据库文件是MsgEx.db，用MsgEx来当关键字检索速度会变慢。 
    
22.     //但是QQ2010的是用Msg2.0.db的。 
    
23.  
24.     //打开进程 
25.     HANDLE hProcess = OpenProcess(PROCESS_VM_READ | PROCESS_QUERY_INFORMATION, 0, dwProcessId); 
    
26.  
27.     int nMemLen = 28, nMemStart; 
    
28.     void *pMemAddress = NULL; 
    
29.     BYTE *bMemBuffer; 
    
30.  
31.     MEMORY_BASIC_INFORMATION mbi; 
32.     memset(&mbi, 0, sizeof(MEMORY_BASIC_INFORMATION)); 
    
33.  
34.     wchar_t szQQnumber[15]; 
    
35.     szQQnumber[0] = 0; 
36.  
37.     //寻找进程空间 
38.     while (VirtualQueryEx(hProcess, pMemAddress, &mbi, nMemLen) != 0) 
    
39.     { 
40.         if (mbi.Type == MEM_PRIVATE && mbi.Protect == PAGE_READWRITE) 
    
41.         { 
42.             //分配足够的内存空间，存放数据 
    
43.             bMemBuffer = new
    BYTE[mbi.RegionSize + 1]; 
44.             bMemBuffer[mbi.RegionSize] = 0; 
45.  
46.             if (ReadProcessMemory(hProcess, pMemAddress, bMemBuffer, mbi.RegionSize, NULL)) 
    
47.             { 
48.                 //尝试寻找当前内存空间中是否包含Msg2.0.db 
    
49.                 nMemStart = GetInBuffer(bMemBuffer, mbi.RegionSize, QQDATA,
    sizeof(QQDATA)); 
50.  
51.                 if (nMemStart != -1) 
    
52.                 { 
53.                     //向前推一定位置，因为路径是 ..\[QQ号]\Msg2.0.db 
    
54.  
55.                     wchar_t *pQQText = (wchar_t *)&bMemBuffer[nMemStart - 28]; 
    
56.                     wchar_t *pQQstart = wcsstr(pQQText, L"\\"); 
    
57.                     if (pQQstart) 
    
58.                     { 
59.                         pQQstart++; 
60.                         wchar_t *pQQEnd = wcsstr(pQQstart, L"\\"); 
    
61.                         if (pQQEnd) 
    
62.                         { 
63.                             lstrcpynW(szQQnumber, pQQstart, pQQEnd - pQQstart + 1); 
    
64.                             wprintf(L"%s\n", szQQnumber); 
    
65.                         } 
66.                     } 
67.  
68.                     delete[] bMemBuffer; 
    
69.                     break; 
    
70.                 } 
71.             } 
72.  
73.             //销毁刚刚分配的内存空间 
    
74.             delete[] bMemBuffer; 
    
75.  
76.         } 
77.         pMemAddress = (void *)((ULONG)pMemAddress + mbi.RegionSize); 
    
78.     } 
79.  
80.     CloseHandle(hProcess); 
81. } 
82.  
83. void FindQQ() 
84. { 
85.     //DWORD dwProcessId = 0; 
    
86.     //进程快照~ 
87.     HANDLE Snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0); 
    
88.  
89.     PROCESSENTRY32 pl; 
90.     pl.dwSize=sizeof(PROCESSENTRY32); 
    
91.     if (Process32First(Snapshot, &pl)) 
    
92.     { 
93.         do{ 
94.             if(lstrcmpi(pl.szExeFile, _T("QQ.exe")) == 0) 
    
95.             { 
96.                 //读取QQ号 
97.                 ReadQQ(pl.th32ProcessID); 
98.                 //dwProcessId = pl.th32ProcessID; 
    
99.                 //循环，读取本地所有登录的QQ号。 
    
100.                 //break;    跳出循环 
     
101.             } 
102.         }while(Process32Next(Snapshot, &pl)); 
     
103.          
104.     } 
105.     CloseHandle(Snapshot); 
106.     //return dwProcessId; 
107. } 
108.  
109.  
110. int _tmain(int argc, _TCHAR* argv[]) 
     
111. { 
112.     FindQQ(); 
113.     scanf("%*c"); 
     
114.     return 0; 
115. }