谈谈wxHOOK为什么会限制
2024-05-11 01:05:08
wx检测机制有很多,其中最重要的就是CCD了,还有就是不属于此系统平台的接口你调用了 就会导致封号风险。
CCD上报的内容十分详细,包含是否越狱,是否root,是否双开,是否调试,包的校验值,加载的模块,是否被hook,一些运行安全信息等。通过变种的某算法进行加密传输。
如果这个数据登录的时候不传,就会提示非法客户端登录!
如果这个数据服务器解不开,就会提示你的微信版本过低 请更新版本!
-------------
!!!!!!!!!
注意 所有平台的CCD明文是不一样的 mac的在我以前中已经贴过了
这边我们看看win的 调试状态上报的信息(部分数据已打码,打码的地方包含了 我个人电脑信息)
pb.setVarint (“08”, XXXXXXXXXXXXXXXXXX)
pb.setVarint (“10”, XXXXXXXXXXXXXXXXXX)
pb.setVarint (“1A.8002”, XXXXXXXXXXXXXXXXXX)
pb.setStr (“1A.0A”, "XXXXXXXXXXXXXXXXXX")
pb.setStr (“1A.12”, "166GB")
pb.setStr (“1A.1A”, "XXXXXXXXXXXXXXXXXX")
pb.setStr (“1A.22”, "E:\PCHook\吾爱破解专用版Ollydbg\吾爱破解[LCG].exe")
pb.setVarint (“1A.9802”, XXXXXXXXXXXXXXXXXX)
pb.setVarint (“1A.30”, 0)
pb.setVarint (“1A.38”, 0)
pb.setStr (“1A.42”, "XXXXXXXXXXXXXXXXXX")
pb.setStr (“1A.4A”, "XXXXXXXXXXXXXXXXXX")
pb.setStr (“1A.52”, "Windows 10")
pb.setStr (“1A.5A”, "XXXXXXXXXXXXXXXXXX")
pb.setVarint (“1A.60”, XXXXXXXXXXXXXXXXXX)
pb.setVarint (“1A.68”, XXXXXXXXXXXXXXXXXX)
pb.setVarint (“1A.70”, XXXXXXXXXXXXXXXXXX)
pb.setStr (“1A.7A”, "None")
pb.setVarint (“1A.8801”, XXXXXXXXXXXXXXXXXX)
pb.setVarint (“1A.9001”, XXXXXXXXXXXXXXXXXX)
pb.setVarint (“1A.9801”, XXXXXXXXXXXXXXXXXX)
pb.setVarint (“1A.A001”, XXXXXXXXXXXXXXXXXX)
pb.setVarint (“1A.A801”, XXXXXXXXXXXXXXXXXX)
pb.setBin (“1A.B201”, {237,182,XXXXXXXXXXXXXXXXXX})
pb.setBin (“1A.BA01”, {216,234,204XXXXXXXXXXXXXXXXXX)
pb.setBin (“1A.D201”, {206,195,206,220,196,206,175,162,175,190XXXXXXXXXXXXXXXXXX191,186,161,191,183,175,206,226,23XXXXXXXXXXXXXXXXXX})
pb.setBin (“1A.DA01”, {193,224,251,234,237,224,224,228XXXXXXXXXXXXXXXXXX})
pb.setBin (“1A.E201”, {190,185,184,1XXXXXXXXXXXXXXXXXX})
pb.setBin (“1A.EA01”, {198,225,251,234,227,167,221,166,175,1XXXXXXXXXXXXXXXXXX5,190,191,185,191})
pb.setBin (“1A.F201”, {202,181,211,175,95,77,51,92XXXXXXXXXXXXXXXXXX,175,193,219,201,220})
pb.setVarint (“1A.F801”, XXXXXXXXXXXXXXXXXX)
pb.setStr (“1A.2A.0A”, "E:\WeChat\WeChat.exe")
pb.setStr (“1A.2A-2.0A”, "C:\WINDOWS\SYSTEM32\ntdll.dll")
pb.setStr (“1A.2A-3.0A”, "C:\WINDOWS\System32\KERNEL32.DLL")
pb.setStr (“1A.2A-4.0A”, "C:\WINDOWS\System32\KERNELBASE.dll")
pb.setStr (“1A.2A-5.0A”, "C:\WINDOWS\SYSTEM32\apphelp.dll")
pb.setStr (“1A.2A-6.0A”, "C:\WINDOWS\System32\USER32.dll")
pb.setStr (“1A.2A-7.0A”, "C:\WINDOWS\System32\win32u.dll")
pb.setStr (“1A.2A-8.0A”, "C:\WINDOWS\System32\GDI32.dll")
pb.setStr (“1A.2A-9.0A”, "C:\WINDOWS\System32\gdi32full.dll")
pb.setStr (“1A.2A-10.0A”, "C:\WINDOWS\System32\msvcp_win.dll")
pb.setStr (“1A.2A-11.0A”, "C:\WINDOWS\System32\ucrtbase.dll")
pb.setStr (“1A.2A-12.0A”, "C:\WINDOWS\System32\ADVAPI32.dll")
pb.setStr (“1A.2A-13.0A”, "C:\WINDOWS\System32\msvcrt.dll")
pb.setStr (“1A.2A-14.0A”, "C:\WINDOWS\System32\sechost.dll")
pb.setStr (“1A.2A-15.0A”, "C:\WINDOWS\System32\RPCRT4.dll")
pb.setStr (“1A.2A-16.0A”, "C:\WINDOWS\System32\SHELL32.dll")
pb.setStr (“1A.2A-17.0A”, "C:\WINDOWS\System32\ole32.dll")
pb.setStr (“1A.2A-18.0A”, "C:\WINDOWS\System32\combase.dll")
pb.setStr (“1A.2A-19.0A”, "C:\WINDOWS\System32\SHLWAPI.dll")
pb.setStr (“1A.2A-20.0A”, "C:\WINDOWS\System32\IMM32.DLL")
pb.setStr (“1A.2A-21.0A”, "D:\Program Files (x86)\360\360Safe\safemon\SafeWrapper32.dll")
pb.setStr (“1A.2A-22.0A”, "D:\Program Files (x86)\360\360Safe\safemon\safemon.dll")
pb.setStr (“1A.2A-23.0A”, "C:\WINDOWS\System32\OLEAUT32.dll")
pb.setStr (“1A.2A-24.0A”, "C:\WINDOWS\System32\PSAPI.DLL")
pb.setStr (“1A.2A-25.0A”, "C:\WINDOWS\System32\WS2_32.dll")
pb.setStr (“1A.2A-26.0A”, "C:\WINDOWS\SYSTEM32\VERSION.dll")
pb.setStr (“1A.2A-27.0A”, "C:\WINDOWS\SYSTEM32\urlmon.dll")
pb.setStr (“1A.2A-28.0A”, "C:\WINDOWS\SYSTEM32\NETAPI32.dll")
pb.setStr (“1A.2A-29.0A”, "C:\WINDOWS\SYSTEM32\OLEACC.dll")
pb.setStr (“1A.2A-30.0A”, "C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL")
pb.setStr (“1A.2A-31.0A”, "C:\WINDOWS\SYSTEM32\iertutil.dll")
pb.setStr (“1A.2A-32.0A”, "C:\WINDOWS\SYSTEM32\srvcli.dll")
pb.setStr (“1A.2A-33.0A”, "C:\WINDOWS\System32\shcore.dll")
pb.setStr (“1A.2A-34.0A”, "C:\WINDOWS\SYSTEM32\netutils.dll")
pb.setStr (“1A.2A-35.0A”, "C:\WINDOWS\SYSTEM32\WKSCLI.DLL")
pb.setStr (“1A.2A-36.0A”, "D:\Program Files (x86)\360\360Safe\safemon\iNetSafe.dll")
pb.setStr (“1A.2A-37.0A”, "C:\WINDOWS\SYSTEM32\MPR.dll")
pb.setStr (“1A.2A-38.0A”, "C:\WINDOWS\SYSTEM32\windows.storage.dll")
pb.setStr (“1A.2A-39.0A”, "C:\WINDOWS\SYSTEM32\Wldp.dll")
pb.setStr (“1A.2A-40.0A”, "C:\WINDOWS\SYSTEM32\profapi.dll")
pb.setStr (“1A.2A-41.0A”, "C:\WINDOWS\SYSTEM32\kernel.appcore.dll")
pb.setStr (“1A.2A-42.0A”, "C:\WINDOWS\System32\bcryptPrimitives.dll")
pb.setStr (“1A.2A-43.0A”, "C:\WINDOWS\system32\uxtheme.dll")
pb.setStr (“1A.2A-44.0A”, "C:\WINDOWS\System32\CFGMGR32.dll")
pb.setStr (“1A.2A-45.0A”, "C:\WINDOWS\System32\clbcatq.dll")
pb.setStr (“1A.2A-46.0A”, "C:\WINDOWS\system32\propsys.dll")
pb.setStr (“1A.2A-47.0A”, "E:\WeChat\WeChatWin.dll")
pb.setStr (“1A.2A-48.0A”, "C:\WINDOWS\System32\SETUPAPI.dll")
pb.setStr (“1A.2A-49.0A”, "C:\WINDOWS\System32\bcrypt.dll")
pb.setStr (“1A.2A-50.0A”, "C:\WINDOWS\System32\COMDLG32.dll")
pb.setStr (“1A.2A-51.0A”, "C:\WINDOWS\System32\WLDAP32.dll")
pb.setStr (“1A.2A-52.0A”, "C:\WINDOWS\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984\COMCTL32.dll")
pb.setStr (“1A.2A-53.0A”, "C:\WINDOWS\System32\CRYPT32.dll")
pb.setStr (“1A.2A-54.0A”, "C:\WINDOWS\SYSTEM32\WINMM.dll")
pb.setStr (“1A.2A-55.0A”, "C:\WINDOWS\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.1645_none_d94fdd3fe105c111\gdiplus.dll")
pb.setStr (“1A.2A-56.0A”, "C:\WINDOWS\SYSTEM32\DDRAW.dll")
pb.setStr (“1A.2A-57.0A”, "C:\WINDOWS\SYSTEM32\WINHTTP.dll")
pb.setStr (“1A.2A-58.0A”, "C:\WINDOWS\SYSTEM32\MSIMG32.dll")
pb.setStr (“1A.2A-59.0A”, "E:\WeChat\VoipEngine.dll")
pb.setStr (“1A.2A-60.0A”, "E:\WeChat\dbghelp.dll")
pb.setStr (“1A.2A-61.0A”, "C:\WINDOWS\SYSTEM32\USERENV.dll")
pb.setStr (“1A.2A-62.0A”, "C:\WINDOWS\SYSTEM32\WININET.dll")
pb.setStr (“1A.2A-63.0A”, "C:\WINDOWS\SYSTEM32\WSOCK32.dll")
pb.setStr (“1A.2A-64.0A”, "C:\WINDOWS\SYSTEM32\dxgi.dll")
pb.setStr (“1A.2A-65.0A”, "E:\WeChat\andromeda.dll")
pb.setStr (“1A.2A-66.0A”, "C:\WINDOWS\SYSTEM32\DCIMAN32.dll")
pb.setStr (“1A.2A-67.0A”, "C:\WINDOWS\SYSTEM32\CRYPTBASE.DLL")
pb.setStr (“1A.2A-68.0A”, "E:\WeChat\libFFmpeg.dll")
pb.setStr (“1A.2A-69.0A”, "C:\WINDOWS\SYSTEM32\Secur32.dll")
pb.setStr (“1A.2A-70.0A”, "C:\WINDOWS\SYSTEM32\SSPICLI.DLL")
pb.setStr (“1A.2A-71.0A”, "C:\WINDOWS\system32\Riched20.dll")
pb.setStr (“1A.2A-72.0A”, "C:\WINDOWS\SYSTEM32\USP10.dll")
pb.setStr (“1A.2A-73.0A”, "C:\WINDOWS\SYSTEM32\msls31.dll")
pb.setStr (“1A.2A-74.0A”, "E:\WeChat\WeChatResource.dll")
pb.setStr (“1A.2A-75.0A”, "C:\WINDOWS\System32\MSCTF.dll")
pb.setStr (“1A.2A-76.0A”, "C:\WINDOWS\SYSTEM32\CRYPTSP.dll")
pb.setStr (“1A.2A-77.0A”, "C:\WINDOWS\system32\rsaenh.dll")
pb.setStr (“1A.2A-78.0A”, "C:\WINDOWS\SYSTEM32\ondemandconnroutehelper.dll")
pb.setStr (“1A.2A-79.0A”, "C:\WINDOWS\System32\NSI.dll")
pb.setStr (“1A.2A-80.0A”, "C:\WINDOWS\system32\mswsock.dll")
pb.setStr (“1A.2A-81.0A”, "C:\WINDOWS\SYSTEM32\WINNSI.DLL")
pb.setStr (“1A.2A-82.0A”, "C:\WINDOWS\SYSTEM32\dhcpcsvc6.DLL")
pb.setStr (“1A.2A-83.0A”, "C:\WINDOWS\SYSTEM32\dhcpcsvc.DLL")
pb.setStr (“1A.2A-84.0A”, "C:\WINDOWS\SYSTEM32\DNSAPI.dll")
pb.setStr (“1A.2A-85.0A”, "E:\WeChat\wcprobe.dll")
pb.setStr (“1A.2A-86.0A”, "C:\WINDOWS\SYSTEM32\WTSAPI32.dll")
pb.setStr (“1A.2A-87.0A”, "E:\WeChat\WeUIResource.dll")
pb.setStr (“1A.2A-88.0A”, "C:\WINDOWS\SYSTEM32\textinputframework.dll")
pb.setStr (“1A.2A-89.0A”, "C:\WINDOWS\System32\CoreUIComponents.dll")
pb.setStr (“1A.2A-90.0A”, "C:\WINDOWS\System32\CoreMessaging.dll")
pb.setStr (“1A.2A-91.0A”, "C:\WINDOWS\SYSTEM32\wintypes.dll")
pb.setStr (“1A.2A-92.0A”, "C:\WINDOWS\SYSTEM32\ntmarta.dll")可以看到 在win10调试状态下 上报的信息还是很多的 包括你的主程序 OD
我们HOOK的时候如果不去替换这个数据 或者协议不了解这个算法 封号的风险是非常非常非常大的!!!!!!!!!!
谈谈wxHOOK为什么会限制相关推荐
- 反arp攻击软件_谈谈电子欺骗中的ARP欺骗
ARP欺骗是一种非常古老的电子欺骗攻击,虽然从诞生到现在已经过去了二十多年,但在很多网络中仍然有效.之前写的 沈传宁:谈谈TCP/IP协议的学习zhuanlan.zhihu.com 文章中也提到,我 ...
- mysql注入实例获取答案_本文实例讲述了MySQL解决SQL注入的另类方法。分享给大家供大家参考,具体如下:问题解读我觉得,这个问题每年带来的成本可以高达数十亿美元了。本文就来谈谈,...
本文实例讲述了MySQL解决SQL注入的另类方法.分享给大家供大家参考,具体如下: 问题解读 我觉得,这个问题每年带来的成本可以高达数十亿美元了.本文就来谈谈,假定我们有如下 SQL 模板语句: se ...
- 谈谈C#中类成员的执行顺序.
今天我们来谈谈C#中子类和父类中静态成员以及构造函数的执行顺序,这个地方向来是初学C#的人比较迷惑的地方,也是各大公司最喜欢拿来出面试题的地方. 下面我们分情况来分析. 1. 普通构造函数和静态构造函 ...
- 谈谈UI架构设计的演化
谈谈UI架构设计的演化 经典MVC 在1979年,经典MVC模式被提出. 在当时,人们一直试图将纯粹描述思维中的对象与跟计算机环境打交道的代码隔离开来,而Trygve Reenskaug在跟一些人的讨 ...
- 谈谈Python那些不为人知的冷知识(二)
本文转载自Python的编程时光(ID:Python-Time) 小明在日常Code中遇到一些好玩,冷门的事情,通常都会记录下来. 从上一篇的分享来看,仍然有不少 Pythoner 对这些冷知识存在盲 ...
- 谈谈 Java 类加载机制
点击上方"方志朋",选择"置顶或者星标" 你的关注意义重大! 来源:Rainstorm , github.com/c-rainstorm/blog/blob/m ...
- 13个Offer,8家SSP,谈谈我的秋招经验
前言 大家好,我是卖萌屋的小Q,是夕小瑶学姐的同实验室师弟(2020届).在学姐的建(bian)议(ce)下写了本文,希望能够给21届的师弟师妹提供一些启发,秋招之路能够更加顺利~ 往昔的回忆使我们激 ...
- 谈谈你对集成学习的见解与认识,描述一下它们的优势所在?
[每日一问]谈谈你对集成学习的见解与认识,描述一下它们的优势所在? Datawhale优秀回答者:HipHopMan 集成方法有很多种,一种叫做bagging,bagging的思想是,我把我的数据做一 ...
- 谈谈Java程序员进阶的那些知识和方向
谈谈Java程序员进阶的那些知识和方向 记得前段时间看过一篇文章谈到一种程序员叫野生程序员,战斗力极强,可以搞定一切问题,但是通常看问题抓不到本质,或者说是google/baidu/stackover ...
最新文章
- OSChina 周四乱弹 —— 春天在哪里,春天在哪里?
- 【IM】关于迁移学习的理解
- Kafka 可视化客户端工具(Kafka Tool)的基本使用
- oracle11g nid,Oracle工具之nid命令的使用
- Mapgis与Arcgis数据互转中出现的问题
- 垃圾回收机制GC知识再总结兼谈如何用好GC(转)
- 7-2 换硬币 (20 分)
- 超全的 Python 可视化教程,收藏
- 微信支付开发:当前URL未注册
- bada开发——简单介绍
- 操作无法完成,因为其中的文件夹或文件已在另一程序中打开
- 汇率兑换Python
- 一生要看的50部经典电影
- 文件夹中的文件在另一程序被打开
- Facebook一季报解读:未来十年要打造一个怎样的世界?
- 闪光网-彭亮《学后感——彭亮总结》
- chrome运行 Android,告诉你如何在Chrome上运行Android应用!
- Android项目gen目下没有R.class文…
- 小鸟云产品/服务初体验
- 消防人员实操训练模拟培训虚拟仿真实训系统软件