Shikong/WeChatMsg
1
0
Fork 0
mirror of https://github.com/LC044/WeChatMsg synced 2025-02-22 19:02:17 +08:00
Code Issues Packages Projects Releases Wiki Activity

修复无法查找wxid的bug

Browse Source
This commit is contained in:
shuaikangzhou 2023-11-15 19:01:44 +08:00
parent 11d5b6415b
commit a1266585c6
2 changed files with 60 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
.idea/workspace.xml
View File

@ -4,13 +4,10 @@
<option name="autoReloadType" value="SELECTIVE" /> <option name="autoReloadType" value="SELECTIVE" />
</component> </component>
<component name="ChangeListManager"> <component name="ChangeListManager">
<list default="true" id="84e65474-7da9-466d-baf3-cc88dde3ffdd" name="变更" comment="update readme"> <list default="true" id="84e65474-7da9-466d-baf3-cc88dde3ffdd" name="变更" comment="删除多余的Word文件">
<change beforePath="$PROJECT_DIR$/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/workspace.xml" afterDir="false" /> <change beforePath="$PROJECT_DIR$/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/workspace.xml" afterDir="false" />
<change beforePath="$PROJECT_DIR$/app/Ui/mainview.py" beforeDir="false" afterPath="$PROJECT_DIR$/app/Ui/mainview.py" afterDir="false" />
<change beforePath="$PROJECT_DIR$/app/Ui/pc_decrypt/decryptUi.py" beforeDir="false" afterPath="$PROJECT_DIR$/app/Ui/pc_decrypt/decryptUi.py" afterDir="false" />
<change beforePath="$PROJECT_DIR$/app/Ui/pc_decrypt/decryptUi.ui" beforeDir="false" afterPath="$PROJECT_DIR$/app/Ui/pc_decrypt/decryptUi.ui" afterDir="false" />
<change beforePath="$PROJECT_DIR$/app/Ui/pc_decrypt/pc_decrypt.py" beforeDir="false" afterPath="$PROJECT_DIR$/app/Ui/pc_decrypt/pc_decrypt.py" afterDir="false" />
<change beforePath="$PROJECT_DIR$/app/decrypt/get_wx_info.py" beforeDir="false" afterPath="$PROJECT_DIR$/app/decrypt/get_wx_info.py" afterDir="false" /> <change beforePath="$PROJECT_DIR$/app/decrypt/get_wx_info.py" beforeDir="false" afterPath="$PROJECT_DIR$/app/decrypt/get_wx_info.py" afterDir="false" />
<change beforePath="$PROJECT_DIR$/app/log/logger.py" beforeDir="false" afterPath="$PROJECT_DIR$/app/log/logger.py" afterDir="false" />
</list> </list>
<option name="SHOW_DIALOG" value="false" /> <option name="SHOW_DIALOG" value="false" />
<option name="HIGHLIGHT_CONFLICTS" value="true" /> <option name="HIGHLIGHT_CONFLICTS" value="true" />
@ -76,7 +73,7 @@
<recent name="D:\Project\PythonProject\WeChatMsg\app\Ui" /> <recent name="D:\Project\PythonProject\WeChatMsg\app\Ui" />
</key> </key>
</component> </component>
<component name="RunManager" selected="Python.main"> <component name="RunManager" selected="Python.decrypt_window">
<configuration name="decrypt" type="PythonConfigurationType" factoryName="Python" temporary="true" nameIsGenerated="true"> <configuration name="decrypt" type="PythonConfigurationType" factoryName="Python" temporary="true" nameIsGenerated="true">
<module name="WeChatMsg" /> <module name="WeChatMsg" />
<option name="INTERPRETER_OPTIONS" value="" /> <option name="INTERPRETER_OPTIONS" value="" />
@ -205,8 +202,8 @@
</configuration> </configuration>
<recent_temporary> <recent_temporary>
<list> <list>
<item itemvalue="Python.main" />
<item itemvalue="Python.decrypt_window" /> <item itemvalue="Python.decrypt_window" />
<item itemvalue="Python.main" />
<item itemvalue="Python.decrypt" /> <item itemvalue="Python.decrypt" />
<item itemvalue="Python.get_wx_info" /> <item itemvalue="Python.get_wx_info" />
<item itemvalue="Python.micro_msg (1)" /> <item itemvalue="Python.micro_msg (1)" />
@ -225,20 +222,6 @@
<option name="presentableId" value="Default" /> <option name="presentableId" value="Default" />
<updated>1672848140146</updated> <updated>1672848140146</updated>
</task> </task>
<task id="LOCAL-00007" summary="导出word文档">
<created>1674438387238</created>
<option name="number" value="00007" />
<option name="presentableId" value="LOCAL-00007" />
<option name="project" value="LOCAL" />
<updated>1674438387238</updated>
</task>
<task id="LOCAL-00008" summary="导出word文档">
<created>1674438462964</created>
<option name="number" value="00008" />
<option name="presentableId" value="LOCAL-00008" />
<option name="project" value="LOCAL" />
<updated>1674438462964</updated>
</task>
<task id="LOCAL-00009" summary="聊天统计"> <task id="LOCAL-00009" summary="聊天统计">
<created>1675168912759</created> <created>1675168912759</created>
<option name="number" value="00009" /> <option name="number" value="00009" />
@ -568,7 +551,21 @@
<option name="project" value="LOCAL" /> <option name="project" value="LOCAL" />
<updated>1699884085863</updated> <updated>1699884085863</updated>
</task> </task>
<option name="localTasksCounter" value="56" /> <task id="LOCAL-00056" summary="增加PC端微信解密条件的判断">
<created>1699973547832</created>
<option name="number" value="00056" />
<option name="presentableId" value="LOCAL-00056" />
<option name="project" value="LOCAL" />
<updated>1699973547833</updated>
</task>
<task id="LOCAL-00057" summary="删除多余的Word文件">
<created>1699973865386</created>
<option name="number" value="00057" />
<option name="presentableId" value="LOCAL-00057" />
<option name="project" value="LOCAL" />
<updated>1699973865386</updated>
</task>
<option name="localTasksCounter" value="58" />
<servers /> <servers />
</component> </component>
<component name="UnknownFeatures"> <component name="UnknownFeatures">
@ -604,8 +601,6 @@
</option> </option>
</component> </component>
<component name="VcsManagerConfiguration"> <component name="VcsManagerConfiguration">
<MESSAGE value="窗口切换使用stackedWidget" />
<MESSAGE value="修复了Webengine横向小的问题" />
<MESSAGE value="新增聊天报告" /> <MESSAGE value="新增聊天报告" />
<MESSAGE value="readme" /> <MESSAGE value="readme" />
<MESSAGE value="mainwindows文件修正" /> <MESSAGE value="mainwindows文件修正" />
@ -629,7 +624,9 @@
<MESSAGE value="main首次加载解密界面" /> <MESSAGE value="main首次加载解密界面" />
<MESSAGE value="增加日志模块" /> <MESSAGE value="增加日志模块" />
<MESSAGE value="update readme" /> <MESSAGE value="update readme" />
<option name="LAST_COMMIT_MESSAGE" value="update readme" /> <MESSAGE value="增加PC端微信解密条件的判断" />
<MESSAGE value="删除多余的Word文件" />
<option name="LAST_COMMIT_MESSAGE" value="删除多余的Word文件" />
<option name="OPTIMIZE_IMPORTS_BEFORE_PROJECT_COMMIT" value="true" /> <option name="OPTIMIZE_IMPORTS_BEFORE_PROJECT_COMMIT" value="true" />
<option name="REFORMAT_BEFORE_PROJECT_COMMIT" value="true" /> <option name="REFORMAT_BEFORE_PROJECT_COMMIT" value="true" />
</component> </component>
@ -638,7 +635,7 @@
<breakpoints> <breakpoints>
<line-breakpoint enabled="true" suspend="THREAD" type="python-line"> <line-breakpoint enabled="true" suspend="THREAD" type="python-line">
<url>file://$PROJECT_DIR$/app/DataBase/output.py</url> <url>file://$PROJECT_DIR$/app/DataBase/output.py</url>
<line>416</line> <line>417</line>
<option name="timeStamp" value="7" /> <option name="timeStamp" value="7" />
</line-breakpoint> </line-breakpoint>
<line-breakpoint enabled="true" suspend="THREAD" type="python-line"> <line-breakpoint enabled="true" suspend="THREAD" type="python-line">

65
app/decrypt/get_wx_info.py
View File

@ -5,11 +5,11 @@
# Author: xaoyaoo # Author: xaoyaoo
# Date: 2023/08/21 # Date: 2023/08/21
# ------------------------------------------------------------------------------- # -------------------------------------------------------------------------------
import argparse
import ctypes import ctypes
import json import json
import psutil import psutil
import pymem
from win32com.client import Dispatch from win32com.client import Dispatch
from app.log import log from app.log import log
@ -27,13 +27,15 @@ def get_info_without_key(h_process, address, n_size=64):
return text.strip() if text.strip() != "" else "None" return text.strip() if text.strip() != "" else "None"
def get_info_wxid(h_process, address, n_size=32, address_len=8): def get_info_wxid(h_process, n_size=64):
array = ctypes.create_string_buffer(address_len) pm = pymem.Pymem("WeChat.exe")
if ReadProcessMemory(h_process, void_p(address), array, address_len, 0) == 0: return "None" addrs = pymem.pattern.pattern_scan_all(pm.process_handle, b'wxid_', return_multiple=True)
address = int.from_bytes(array, byteorder='little') # 逆序转换为int地址key地址 for addr in addrs:
wxid = get_info_without_key(h_process, address, n_size) wxidtmp = get_info_without_key(h_process, addr, n_size)
# if not wxid.startswith("wxid_"): wxid = "None" if r'\FileStorage\MsgAttach' in wxidtmp:
return wxid wxid = wxidtmp.split(r'\FileStorage\MsgAttach')[0]
return wxid
return "None"
# 读取内存中的key # 读取内存中的key
@ -48,17 +50,18 @@ def get_key(h_process, address, address_len=8):
# 读取微信信息(account,mobile,name,mail,wxid,key) # 读取微信信息(account,mobile,name,mail,wxid,key)
@log def read_info(version_list, is_logging=False):
def read_info(version_list):
wechat_process = [] wechat_process = []
result = [] result = []
error = ""
for process in psutil.process_iter(['name', 'exe', 'pid', 'cmdline']): for process in psutil.process_iter(['name', 'exe', 'pid', 'cmdline']):
if process.name() == 'WeChat.exe': if process.name() == 'WeChat.exe':
wechat_process.append(process) wechat_process.append(process)
if len(wechat_process) == 0: if len(wechat_process) == 0:
return -1 error = "[-] WeChat No Run"
if is_logging: print(error)
return error
for process in wechat_process: for process in wechat_process:
tmp_rd = {} tmp_rd = {}
@ -68,7 +71,9 @@ def read_info(version_list):
bias_list = version_list.get(tmp_rd['version'], None) bias_list = version_list.get(tmp_rd['version'], None)
if not isinstance(bias_list, list): if not isinstance(bias_list, list):
return -2 error = f"[-] WeChat Current Version {tmp_rd['version']} Is Not Supported"
if is_logging: print(error)
return error
wechat_base_address = 0 wechat_base_address = 0
for module in process.memory_maps(grouped=False): for module in process.memory_maps(grouped=False):
@ -76,7 +81,9 @@ def read_info(version_list):
wechat_base_address = int(module.addr, 16) wechat_base_address = int(module.addr, 16)
break break
if wechat_base_address == 0: if wechat_base_address == 0:
return f"[-] WeChat WeChatWin.dll Not Found" error = f"[-] WeChat WeChatWin.dll Not Found"
if is_logging: print(error)
return error
Handle = ctypes.windll.kernel32.OpenProcess(0x1F0FFF, False, process.pid) Handle = ctypes.windll.kernel32.OpenProcess(0x1F0FFF, False, process.pid)
@ -85,7 +92,6 @@ def read_info(version_list):
mobile_baseaddr = wechat_base_address + bias_list[2] mobile_baseaddr = wechat_base_address + bias_list[2]
mail_baseaddr = wechat_base_address + bias_list[3] mail_baseaddr = wechat_base_address + bias_list[3]
key_baseaddr = wechat_base_address + bias_list[4] key_baseaddr = wechat_base_address + bias_list[4]
wxid_baseaddr = wechat_base_address + bias_list[5]
addrLen = 4 if tmp_rd['version'] in ["3.9.2.23", "3.9.2.26"] else 8 addrLen = 4 if tmp_rd['version'] in ["3.9.2.23", "3.9.2.26"] else 8
@ -93,10 +99,21 @@ def read_info(version_list):
tmp_rd['mobile'] = get_info_without_key(Handle, mobile_baseaddr, 64) if bias_list[2] != 0 else "None" tmp_rd['mobile'] = get_info_without_key(Handle, mobile_baseaddr, 64) if bias_list[2] != 0 else "None"
tmp_rd['name'] = get_info_without_key(Handle, name_baseaddr, 64) if bias_list[0] != 0 else "None" tmp_rd['name'] = get_info_without_key(Handle, name_baseaddr, 64) if bias_list[0] != 0 else "None"
tmp_rd['mail'] = get_info_without_key(Handle, mail_baseaddr, 64) if bias_list[3] != 0 else "None" tmp_rd['mail'] = get_info_without_key(Handle, mail_baseaddr, 64) if bias_list[3] != 0 else "None"
tmp_rd['wxid'] = get_info_wxid(Handle, wxid_baseaddr, 24, addrLen) if bias_list[5] != 0 else "None" tmp_rd['wxid'] = get_info_wxid(Handle, 64)
tmp_rd['key'] = get_key(Handle, key_baseaddr, addrLen) if bias_list[4] != 0 else "None" tmp_rd['key'] = get_key(Handle, key_baseaddr, addrLen) if bias_list[4] != 0 else "None"
result.append(tmp_rd) result.append(tmp_rd)
if is_logging:
print("=" * 32)
if isinstance(result, str): # 输出报错
print(result)
else: # 输出结果
for i, rlt in enumerate(result):
for k, v in rlt.items():
print(f"[+] {k:>7}: {v}")
print(end="-" * 32 + "\n" if i != len(result) - 1 else "")
print("=" * 32)
return result return result
@ -112,6 +129,8 @@ def get_info():
if __name__ == "__main__": if __name__ == "__main__":
import argparse
parser = argparse.ArgumentParser() parser = argparse.ArgumentParser()
parser.add_argument("--vlfile", type=str, help="手机号", required=False) parser.add_argument("--vlfile", type=str, help="手机号", required=False)
parser.add_argument("--vldict", type=str, help="微信昵称", required=False) parser.add_argument("--vldict", type=str, help="微信昵称", required=False)
@ -127,19 +146,9 @@ if __name__ == "__main__":
VERSION_LIST = json.loads(args.vldict) VERSION_LIST = json.loads(args.vldict)
if not args.vlfile and not args.vldict: if not args.vlfile and not args.vldict:
VERSION_LIST_PATH = "./version_list.json" VERSION_LIST_PATH = "../version_list.json"
with open(VERSION_LIST_PATH, "r", encoding="utf-8") as f: with open(VERSION_LIST_PATH, "r", encoding="utf-8") as f:
VERSION_LIST = json.load(f) VERSION_LIST = json.load(f)
result = read_info(VERSION_LIST) # 读取微信信息 result = read_info(VERSION_LIST, True) # 读取微信信息
print("=" * 32)
if isinstance(result, str): # 输出报错
print(result)
else: # 输出结果
for i, rlt in enumerate(result):
for k, v in rlt.items():
print(f"[+] {k:>7}: {v}")
print(end="-" * 32 + "\n" if i != len(result) - 1 else "")
print("=" * 32)