1)浣跨敤FindWindow API鍑芥暟銆?
閫氳繃鏌ユ壘紿楀彛鏍囬(鎴?鍜岀被鍚?鏉ュ垽鏂▼搴忔槸鍚︽鍦ㄨ繍琛屻傚鏋滄壘鍒頒簡錛岃〃鏄庣▼搴忔鍦ㄨ繍琛岋紝榪欐椂鍙鍑虹▼搴忥紝杈懼埌涓嶉噸澶嶈繍琛岀殑鏁堟灉錛涘弽涔嬭〃鏄庣▼搴忔槸絎竴嬈¤繍琛屻?
榪欑鏂規硶涓嶉傜敤浜庝互涓嬫儏鍐碉紝紼嬪簭鐨勬爣棰樻槸鍔ㄦ佸彉鍖栫殑銆佺郴緇熶腑榪愯浜嗙浉鍚屾爣棰橈紙鎴?鍜岀被鍚嶏級鐨勭▼搴?/p>
2)Mutex/Event/Semaphore
閫氳繃浜掓枼瀵硅薄/淇″彿閲?浜嬩歡絳夌嚎紼嬪悓姝ュ璞℃潵紜畾紼嬪簭鏄惁宸茬粡榪愯銆傛渶甯哥敤鐨勫嚱鏁板錛欳reateMutexA錛堟敞鎰忥細QQ鍫傘丵Q娓告垙澶у巺灝辨槸閲囩敤榪欐牱鏂規硶鏉ラ檺鍒剁▼搴忓寮鐨勶級
3)鍐呭瓨鏄犲皠鏂囦歡(File Mapping)
閫氳繃鎶婄▼搴忓疄渚嬩俊鎭斁鍒拌法榪涚▼鐨勫唴瀛樻槧灝勬枃浠朵腑錛屼篃鍙互鎺у埗紼嬪簭澶氬紑銆?/p>
4)DLL鍏ㄥ眬鍏變韓鍖?
DLL鍏ㄥ眬鍏變韓鍖哄湪鏄犲皠鍒板悇涓繘紼嬬殑鍦板潃絀洪棿鏃朵粎琚垵濮嬪寲涓嬈★紝涓旀槸鍦ㄧ涓嬈¤windows鍔犺澆鏃訛紝鎵浠ュ埄鐢ㄨ鍖烘暟鎹氨鑳藉紼嬪簭榪涜澶氬紑闄愬埗銆?/p>
5)鍏ㄥ眬Atom
灝嗘煇涓壒瀹氬瓧絎︿覆閫氳繃GlobalAddAtom鍔犲叆鍏ㄥ眬鍘熷瓙琛?Global Atom Table)錛岀▼搴忚繍琛屾椂媯鏌ヨ涓叉槸鍚﹀瓨鍦ㄦ潵闄愬埗紼嬪簭澶氬紑銆?璇tom涓嶄細鑷姩閲婃斁錛岀▼搴忛鍑哄墠蹇呴』璋冪敤GlobalDeleteAtom鏉ラ噴鏀続tom)
6)媯鏌ョ獥鍙e睘鎬?
灝嗘煇浜涙暟鎹氳繃SetProp鍔犲叆鍒版寚瀹氱獥鍙g殑property list錛岀▼搴忚繍琛屾椂鏋氫婦紿楀彛騫舵鏌ヨ繖浜涙暟鎹槸鍚﹀瓨鍦ㄦ潵闄愬埗澶氬紑銆?/p>
浠ヤ笂鍙垪涓句簡鏈甯歌鐨勫嚑縐嶆柟娉曪紝鍏蜂綋搴旂敤涓彲浠ユ湁n縐嶉夋嫨錛屾垨緇煎悎榪愮敤澶氱鏂規硶鏉ラ檺鍒躲?/p>
涓婇潰璇磋繃錛孮QT閲囩敤CreateMutex鍑芥暟鏉ラ檺鍒跺寮錛岄偅涔堟垜鎬庝箞鐭ラ亾鏄嬌鐢ㄨ繖涓嚱鏁版潵闄愬埗鐨勫憿錛?
絳旀灝辨槸璺熻釜紼嬪簭錛屾煡鎵劇▼搴忔槸浣跨敤鍝鏂規硶鏉ラ檺鍒剁殑銆傛瘮濡傚厛鐪嬬湅鏄惁浣跨敤CreateMutex鏉ラ檺鍒訛紝濡傛灉涓嶆槸錛屽啀鐪嬬湅鏄笉鏄嬌鐢‵indWindow錛屼互姝ょ被鎺紝鐩村埌鎵懼埌鏂規硶涓烘銆傚綋鐒訛紝鏈変簺紼嬪簭涔熶細緇煎悎浣跨敤澶氱鏂規硶鏉ラ檺鍒跺寮錛屾柟娉曚篃鏄竴鏍風殑錛屽彧鏄夯鐑︾偣鑰屽凡銆?/p>
涓嬮潰璁蹭竴璁蹭嬌鐢–reateMutex鍑芥暟鏉ラ檺鍒跺寮鐨勬柟娉曪細
CreateMutex鍑芥暟澹版槑濡備笅錛堝叿浣撹鏌ラ槄鐩稿叧璧勬枡錛屽MSDN錛?
HANDLE CreateMutex(
LPSECURITY_ATTRIBUTES lpMutexAttributes,// pointer to security attributes
BOOL bInitialOwner, // flag for initial ownership
LPCTSTR lpName// pointer to mutex-object name
);
浠ヤ笅鏄嬌鐢–reateMutex鍑芥暟鏉ラ檺鍒跺寮鐨勫吀鍨媎elphi浠g爜
hMutex:=CreateMutex(nil,TRUE,'qqtang');//寤虹珛浜掓枼閲?
// 璋冪敤澶辮觸? 宸茬粡瀛樺湪?
if(hMutex=0) or (GetLastError=ERROR_ALREADY_EXISTS)then
begin
//紼嬪簭絎簩(鎴栦互涓?嬈¤繍琛屾椂錛孏etLastError浼氳繑鍥濫RROR_ALREADY_EXISTS錛岃〃鏄庝簰鏂ラ噺宸插瓨鍦?
//鍙互鍦ㄨ繖閲岀紪鍐欓鍑轟唬鐮?
end;
璇ユ浠g爜棣栧厛璋冪敤CreateMutex鍑芥暟鍒涘緩涓鍚嶄負 qqtang 鐨勪簰鏂ュ璞★紝濡傛灉璋冪敤CreateMutex鍑芥暟澶辮觸錛坔Mutex=nil錛夋垨浜掓枼瀵硅薄鏃╁凡瀛樺湪錛圙etLastError=ERROR_ALREADY_EXISTS錛夛紝鍒欓鍑虹▼搴忋?/p>
濂戒簡錛屾槑鐧戒笂闈㈢殑鍐呭鍚庯紝鎴戜滑榪涘叆淇敼瀹炴垬錛?
涓嬭澆OllyDbg V1.1錛岃В鍘嬪埌浠諱綍鐩綍鍗沖彲浣跨敤銆?
鍚姩OllyDbg錛屾墦寮QQT鐩綍涓嬬殑Core.dll鏂囦歡錛屾寜[鏄痌杞藉叆DLL鏂囦歡銆?
鎸塁trl+N鎵撳紑API璋冪敤鍒楄〃錛屾壘鍒癈reateMutexA鍚庢寜鍥炶濺錛屽湪寮瑰嚭鐨勭獥鍙i噷鍙屽嚮絎竴琛屾潵鍒癈PU紿楀彛錛屽弽姹囩紪浠g爜濡備笅錛?/p>
10002FB9 . 51 push ecx ; /MutexName = "qqtang"
10002FBA . 6A 01 push 1 ; |InitialOwner = TRUE
10002FBC . 6A 00 push 0 ; |pSecurity = NULL
10002FBE . FF15 60E40010 call dword ptr [<&KERNEL32.CreateMutexA>] ; \CreateMutexA 寤虹珛浜掓枼閲?
10002FC4 . 8B95 D4FEFFFF mov edx,dword ptr [ebp-12C]
10002FCA . 8902 mov dword ptr [edx],eax
10002FCC . 8B85 D4FEFFFF mov eax,dword ptr [ebp-12C]
10002FD2 . 8338 00 cmp dword ptr [eax],0 ; 媯鏌reateMutexA鍑芥暟鏄惁璋冪敤澶辮觸
10002FD5 . 0F84 CD000000 je Core.100030A8 ; 鎶妀e鏀逛負jmp鍗沖彲
10002FDB . FF15 5CE40010 call dword ptr [<&KERNEL32.GetLastError>] ; [GetLastError
10002FE1 . 3D B7000000 cmp eax,0B7 ; 媯鏌ュ璞℃槸鍚﹀凡瀛樺湪
10002FE6 . 0F85 BC000000 jnz Core.100030A8 ; (涔熷彲浠ュ湪榪欓噷鎶妀nz鏀逛負jmp)
10002FEC . 8B8D D4FEFFFF mov ecx,dword ptr [ebp-12C]
10002FF2 . C701 00000000 mov dword ptr [ecx],0
10002FF8 . 6A 00 push 0 ; /Title = NULL
10002FFA . 68 5CC60010 push Core.1000C65C ; |Class = "QQTangWinClass"
10002FFF . 6A 00 push 0 ; |hAfterWnd = NULL
10003001 . 6A 00 push 0 ; |hParent = NULL
10003003 . FF15 40E70010 call dword ptr [<&USER32.FindWindowExA>] ; \FindWindowExA 鏌ユ壘QQT紿楀彛
閫変腑榪欒錛?
10002FD5 . 0F84 CD000000 je Core.100030A8
鐒跺悗鎸夌┖鏍鹼紝鍦ㄥ脊鍑虹殑紿楀彛涓妸“je 100030A8”淇敼涓?#8220;jmp 100030A8”錛屾寜[姹囩紪]銆?
鍙抽敭鍗曞嚮CPU紿楀彛錛屽湪寮瑰嚭鑿滃崟涓?#8220;澶嶅埗鍒板彲鎵ц鏂囦歡”-銆?#8220;鎵鏈夋敼鍔?#8221;錛岄塠鍏ㄩ儴澶嶅埗]銆傚彸閿崟鍑誨脊鍑虹殑紿楀彛錛岄?#8220;淇濆瓨鏂囦歡”淇濆瓨鍗沖彲銆?/p>
鏄惁瑙夊緱涓婇潰鐨勪慨鏀規瘮杈冮夯鐑﹀憿錛熷懙鍛碉紝鎺堜漢浜庨奔涓嶅鎺堜漢浜庢笖錛屼笂闈㈡槸鍛婅瘔浣犱負浠涔堣榪欐牱淇敼錛屼慨鏀圭殑鍘熺悊鏄粈涔堬紝浣犳槑鐧戒慨鏀瑰師鐞嗗悗錛屾湁鏂扮増鏈椂浣犲氨鍙互鑷繁淇敼浜嗐?/p>