Yesterday, I accidentally learned from my good friend Xiao Lin (WeChat public account: Xiao Lin Coding) that his computer can actually log in to two WeChat IDs at the same time.
Open WeChat on mobile phones. I know that mobile phone systems such as Huawei and Xiaomi have supported this. However, how to start two WeChat on a computer running Windows system? This really aroused my concern. curious.
Xiao Lin told me that he did this and wrote a batch process:
<code>start D:\WeChat\WeChat.exe<br>start D:\WeChat\WeChat.exe</code>
Then he directly double-clicked the batch file to start two WeChat processes.
I tried it, and it was indeed the case!
Then I added another line, and I was able to start 3 more:
Then I searched on the Internet and found out that this trick had been used by others a long time ago. It seemed like I was on Mars. But why can I open more doors in this way? I really want to know the mystery.
TIPS: If you are not interested in the technical analysis part, you can skip and go directly to the truth part at the end.
Under normal circumstances, you can directly double-click the WeChat icon to start. The process started later will perform a global singleton mode check. If it is found that a WeChat process already exists, it will directly Activate the WeChat window of the corresponding process, position it at the front of the desktop, and then exit.
But why can we start both using the above method? Let’s find out.
First, let’s analyze how the single instance of WeChat described above is implemented.
Friends who have done Windows platform application development may be familiar with this. Generally, a mutex with a globally unique name is created after the process is started. If the creation is successful, it will start normally. If the creation fails, it will be judged whether the mutex is the same. The repeller already exists. If it already exists, it means that the corresponding program has been started before.
With this conjecture, use the tool procexp to check all the kernel objects opened by the WeChat process and find the mutex part:
Sure enough, there is a mutex named _WeChat_App_Instance_Identity_Mutex_Name. From this name, we can guess that this is definitely related to WeChat’s singleton mode.
Next, start the artifact APIMonitor, which can help you monitor the API calls of the specified process, and check the two Windows API functions CreateMutex and GetLastError. When WeChat is already running, use this tool to start another WeChat process and take a look at the function calls:
You can see that after creating the mutex with this name, the GetLastError function was subsequently called and 0x000000b7 was returned. Check the manual for its meaning:
means it already exists.
Let’s take a look at the stack of this CreateMutex call and see where the code is creating this global mutex:
It can be seen from the stack that the call comes from a dynamic library WeChatWin.dll in the WeChat directory. The specific location is the previous instruction at offset 0x8e271b.
Next, we will introduce the artifact among artifacts, the famous disassembly software IDA. This guy supports x86, x64, ARM, MIPS and other processor architectures as well as Windows, Linux, Android, MacOS, JVM Program analysis on various system platforms.
Open the WeChatWin.dll file with IDA and locate the offset 0x8e271b:
##As shown in the figure above, the action of creating a mutex, Occurs in function sub_108e26d0. The upper layer is the sub_108e2660 function calling it: The above picture reflects the judgment logic after creating the mutex:如果sub_108e26d0的返回值不为0,表示出现了错误,则依次判断 WeChatMainWndForPC和 WeChatLoginWndForPC两个窗口是否存在,如果存在则使用 BringWindowToTop函数将其置顶弹出。这两个窗口分别代表的是微信的主界面窗口和登陆界面窗口,如果一个微信实例已经存在,则势必处于这两种状态之一。
问题就出在上面这个判断中,汇编代码看起来有点辣眼睛,咱们F5来还原一下C代码(还原效果只能凑合看,能看清楚逻辑就行):
上面图片的注解已经说明了,函数sub_108e2660的返回值将决定是否启动微信实例进程,还是直接退出。
事情到这里就真相大白了,来总结一下。
微信判断是否启动的2个条件:
如果能成功创建互斥体对象,则启动微信
如果不能创建互斥体:
如果找到对应窗口,则置顶之,自己退出
如果没有找到,则启动微信
用伪代码来表示一下:
<code>if (CreateMutex() == SUCCESS) {<br> 启动微信<br>} else {<br> if (FindWindow() == SUCCESS) {<br> 将已有窗口置顶<br> } else {<br> 启动微信<br> }<br>}</code>
而直接使用脚本启动的多个进程,虽然操作系统内核层面保证了互斥体的唯一,但由于启动速度相差不大,相应的窗口还没有来得及创建出来,导致走入上面的第二个启动逻辑,从而可以启动多个实例。
在分析的过程中,发现了一个有趣的事情:
在WeChatWin.dll中,上面的创建互斥体再上一级函数名字叫StartWaChat,也是作为导出函数被该DLL导出:
The above is the detailed content of How to use Java to open multiple accounts on WeChat PC?. For more information, please follow other related articles on the PHP Chinese website!