From a1266585c62a769fbddbe10cd65c3be549bdd7c5 Mon Sep 17 00:00:00 2001
From: shuaikangzhou <863909694@qq.com>
Date: Wed, 15 Nov 2023 19:01:44 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E6=97=A0=E6=B3=95=E6=9F=A5?=
=?UTF-8?q?=E6=89=BEwxid=E7=9A=84bug?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
.idea/workspace.xml | 49 ++++++++++++++--------------
app/decrypt/get_wx_info.py | 65 ++++++++++++++++++++++----------------
2 files changed, 60 insertions(+), 54 deletions(-)
diff --git a/.idea/workspace.xml b/.idea/workspace.xml
index af09bb9..bc75c5a 100644
--- a/.idea/workspace.xml
+++ b/.idea/workspace.xml
@@ -4,13 +4,10 @@
-
+
-
-
-
-
+
@@ -76,7 +73,7 @@
-
+
@@ -205,8 +202,8 @@
-
@@ -604,8 +601,6 @@
-
-
@@ -629,7 +624,9 @@
-
+
+
+
@@ -638,7 +635,7 @@
file://$PROJECT_DIR$/app/DataBase/output.py
- 416
+ 417
diff --git a/app/decrypt/get_wx_info.py b/app/decrypt/get_wx_info.py
index 5b1a561..84b72e1 100644
--- a/app/decrypt/get_wx_info.py
+++ b/app/decrypt/get_wx_info.py
@@ -5,11 +5,11 @@
# Author: xaoyaoo
# Date: 2023/08/21
# -------------------------------------------------------------------------------
-import argparse
import ctypes
import json
import psutil
+import pymem
from win32com.client import Dispatch
from app.log import log
@@ -27,13 +27,15 @@ def get_info_without_key(h_process, address, n_size=64):
return text.strip() if text.strip() != "" else "None"
-def get_info_wxid(h_process, address, n_size=32, address_len=8):
- array = ctypes.create_string_buffer(address_len)
- if ReadProcessMemory(h_process, void_p(address), array, address_len, 0) == 0: return "None"
- address = int.from_bytes(array, byteorder='little') # 逆序转换为int地址(key地址)
- wxid = get_info_without_key(h_process, address, n_size)
- # if not wxid.startswith("wxid_"): wxid = "None"
- return wxid
+def get_info_wxid(h_process, n_size=64):
+ pm = pymem.Pymem("WeChat.exe")
+ addrs = pymem.pattern.pattern_scan_all(pm.process_handle, b'wxid_', return_multiple=True)
+ for addr in addrs:
+ wxidtmp = get_info_without_key(h_process, addr, n_size)
+ if r'\FileStorage\MsgAttach' in wxidtmp:
+ wxid = wxidtmp.split(r'\FileStorage\MsgAttach')[0]
+ return wxid
+ return "None"
# 读取内存中的key
@@ -48,17 +50,18 @@ def get_key(h_process, address, address_len=8):
# 读取微信信息(account,mobile,name,mail,wxid,key)
-@log
-def read_info(version_list):
+def read_info(version_list, is_logging=False):
wechat_process = []
result = []
-
+ error = ""
for process in psutil.process_iter(['name', 'exe', 'pid', 'cmdline']):
if process.name() == 'WeChat.exe':
wechat_process.append(process)
if len(wechat_process) == 0:
- return -1
+ error = "[-] WeChat No Run"
+ if is_logging: print(error)
+ return error
for process in wechat_process:
tmp_rd = {}
@@ -68,7 +71,9 @@ def read_info(version_list):
bias_list = version_list.get(tmp_rd['version'], None)
if not isinstance(bias_list, list):
- return -2
+ error = f"[-] WeChat Current Version {tmp_rd['version']} Is Not Supported"
+ if is_logging: print(error)
+ return error
wechat_base_address = 0
for module in process.memory_maps(grouped=False):
@@ -76,7 +81,9 @@ def read_info(version_list):
wechat_base_address = int(module.addr, 16)
break
if wechat_base_address == 0:
- return f"[-] WeChat WeChatWin.dll Not Found"
+ error = f"[-] WeChat WeChatWin.dll Not Found"
+ if is_logging: print(error)
+ return error
Handle = ctypes.windll.kernel32.OpenProcess(0x1F0FFF, False, process.pid)
@@ -85,7 +92,6 @@ def read_info(version_list):
mobile_baseaddr = wechat_base_address + bias_list[2]
mail_baseaddr = wechat_base_address + bias_list[3]
key_baseaddr = wechat_base_address + bias_list[4]
- wxid_baseaddr = wechat_base_address + bias_list[5]
addrLen = 4 if tmp_rd['version'] in ["3.9.2.23", "3.9.2.26"] else 8
@@ -93,10 +99,21 @@ def read_info(version_list):
tmp_rd['mobile'] = get_info_without_key(Handle, mobile_baseaddr, 64) if bias_list[2] != 0 else "None"
tmp_rd['name'] = get_info_without_key(Handle, name_baseaddr, 64) if bias_list[0] != 0 else "None"
tmp_rd['mail'] = get_info_without_key(Handle, mail_baseaddr, 64) if bias_list[3] != 0 else "None"
- tmp_rd['wxid'] = get_info_wxid(Handle, wxid_baseaddr, 24, addrLen) if bias_list[5] != 0 else "None"
+ tmp_rd['wxid'] = get_info_wxid(Handle, 64)
tmp_rd['key'] = get_key(Handle, key_baseaddr, addrLen) if bias_list[4] != 0 else "None"
result.append(tmp_rd)
+ if is_logging:
+ print("=" * 32)
+ if isinstance(result, str): # 输出报错
+ print(result)
+ else: # 输出结果
+ for i, rlt in enumerate(result):
+ for k, v in rlt.items():
+ print(f"[+] {k:>7}: {v}")
+ print(end="-" * 32 + "\n" if i != len(result) - 1 else "")
+ print("=" * 32)
+
return result
@@ -112,6 +129,8 @@ def get_info():
if __name__ == "__main__":
+ import argparse
+
parser = argparse.ArgumentParser()
parser.add_argument("--vlfile", type=str, help="手机号", required=False)
parser.add_argument("--vldict", type=str, help="微信昵称", required=False)
@@ -127,19 +146,9 @@ if __name__ == "__main__":
VERSION_LIST = json.loads(args.vldict)
if not args.vlfile and not args.vldict:
- VERSION_LIST_PATH = "./version_list.json"
+ VERSION_LIST_PATH = "../version_list.json"
with open(VERSION_LIST_PATH, "r", encoding="utf-8") as f:
VERSION_LIST = json.load(f)
- result = read_info(VERSION_LIST) # 读取微信信息
-
- print("=" * 32)
- if isinstance(result, str): # 输出报错
- print(result)
- else: # 输出结果
- for i, rlt in enumerate(result):
- for k, v in rlt.items():
- print(f"[+] {k:>7}: {v}")
- print(end="-" * 32 + "\n" if i != len(result) - 1 else "")
- print("=" * 32)
+ result = read_info(VERSION_LIST, True) # 读取微信信息