拼多多获取工作台Token代码
原理就是 读取内存并且搜索 PASS_ID=windows_开头字符串,并且提取之后108个字符 判断是否为可打印字符对结果进行一个去重复处理.
我把结果保存到了out.txt 自己修改吧,注意 运行这个脚本需要管理员权限.运行测试图如下 :
import ctypes
import ctypes.wintypes as wintypes
import re
# 定义常量
PROCESS_ALL_ACCESS = 0x1F0FFF
MEM_COMMIT = 0x1000
PAGE_READWRITE = 0x04
# 定义结构体
class MEMORY_BASIC_INFORMATION(ctypes.Structure):
_fields_ = [
("BaseAddress", ctypes.c_void_p),
("AllocationBase", ctypes.c_void_p),
("AllocationProtect", wintypes.DWORD),
("RegionSize", ctypes.c_size_t),
("State", wintypes.DWORD),
("Protect", wintypes.DWORD),
("Type", wintypes.DWORD),
]
# 打开进程
def open_process(pid):
return ctypes.windll.kernel32.OpenProcess(PROCESS_ALL_ACCESS, False, pid)
# 获取内存信息
def get_memory_info(process_handle):
address = 0
memory_info = MEMORY_BASIC_INFORMATION()
while ctypes.windll.kernel32.VirtualQueryEx(process_handle, ctypes.c_void_p(address), ctypes.byref(memory_info), ctypes.sizeof(memory_info)):
if memory_info.State == MEM_COMMIT and memory_info.Protect == PAGE_READWRITE:
yield memory_info
address += memory_info.RegionSize
# 读取内存
def read_memory(process_handle, address, size):
buffer = ctypes.create_string_buffer(size)
bytes_read = ctypes.c_size_t()
ctypes.windll.kernel32.ReadProcessMemory(process_handle, ctypes.c_void_p(address), buffer, size, ctypes.byref(bytes_read))
return buffer.raw
#判断是否为可打印字符
def is_printable(s):
return all(c.isprintable() for c in s)
# 搜索内存并保存到文件
def search_memory(process_handle, output_file):
unique_results = set()
with open(output_file, 'w', encoding='utf-8') as f:
for memory_info in get_memory_info(process_handle):
memory_content = read_memory(process_handle, memory_info.BaseAddress, memory_info.RegionSize)
pattern = b'PASS_ID=windows_'
for match in re.finditer(pattern, memory_content):
start = match.end()
end = start + 108
content = memory_content[start:end].decode('utf-8', errors='ignore')
if is_printable(content) and content not in unique_results:
unique_results.add(content)
f.write('PASS_ID=windows_' + content + '\n')
# 获取进程ID
def get_pid_by_name(process_name):
import psutil
for proc in psutil.process_iter(['pid', 'name']):
if proc.info['name'] == process_name:
return proc.info['pid']
return None
# 主函数
def main():
process_name = "PddWorkbench.exe"
output_file = "output.txt"
pid = get_pid_by_name(process_name)
if pid is None:
print(f"进程 {process_name} 未找到")
return
process_handle = open_process(pid)
if not process_handle:
print(f"无法打开进程 {process_name}")
return
search_memory(process_handle, output_file)
ctypes.windll.kernel32.CloseHandle(process_handle)
print(f"信息已保存到 {output_file}")
if __name__ == "__main__":
main()
空空如也!