wechat-multi-0.1.0 is not a library.
Mac 微信多开
自动在 main
函数中找到下面的代码
cmp QWORD PTR [rbp-0x30],0x2
jb loc_00000012345678
并将 jb
修改为 jmp
TLDR
# 改权限
sudo chown -R $(whoami) /Applications/WeChat.app
# 备份
cp /Applications/WeChat.app/Contents/MacOS/WeChat /Applications/WeChat.app/Contents/MacOS/WeChat.bak
# https://keith.github.io/xcode-man-pages/codesign.1.html
codesign --remove-signature /Applications/WeChat.app/Contents/MacOS/WeChat
cargo install --git https://github.com/hangj/wechat-multi.git
wechat-multi /Applications/WeChat.app/Contents/MacOS/WeChat
echo 'done'
================================================================
先找到 architecture 的偏移
otool -f /Applications/WeChat.app/Contents/MacOS/WeChat
Fat headers
fat_magic 0xcafebabe
nfat_arch 2
architecture 0
cputype 16777223
cpusubtype 3
capabilities 0x0
offset 16384
size 103002112
align 2^14 (16384)
architecture 1
cputype 16777228
cpusubtype 0
capabilities 0x0
offset 103022592
size 88922496
align 2^14 (16384)
第一个 architecture 就是 X86_64, 它的 offset 是 16384
找到 X86_64 对应的 MachO Header
xxd -s 16384 -l 32 /Applications/WeChat.app/Contents/MacOS/WeChat
00004000: cffa edfe 0700 0001 0300 0000 0200 0000 ................
00004010: 6b00 0000 d82e 0000 8580 a100 0000 0000 k...............
可以看到前 4 个字节就是 MachO Header
的 magic number
0x6b 是 number of load commands, 转换成十进制就是 107
遍历 load_command 找到 entry_point_command
结构体
// https://opensource.apple.com/source/xnu/xnu-4570.41.2/EXTERNAL_HEADERS/mach-o/fat.h.auto.html
// big-endian order
;
// big-endian order
;
// https://opensource.apple.com/source/xnu/xnu-4570.41.2/EXTERNAL_HEADERS/mach-o/loader.h.auto.html
;
;
;
;
参考链接
https://zhuanlan.zhihu.com/p/24858664
https://opensource.apple.com/source/xnu/xnu-4570.41.2/EXTERNAL_HEADERS/mach-o/fat.h.auto.html