cyonjan/PyWxDump
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

格式化代码

Browse Source
This commit is contained in:
xaoyaoo 2024-07-21 09:12:05 +08:00
parent ab587e3bc7
commit ad7c65e253
4 changed files with 19 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
pywxdump/wx_info/ctypes_utils.py
View File

@ -44,6 +44,24 @@ class PROCESSENTRY32(ctypes.Structure):
("szExeFile", ctypes.c_char * MAX_PATH)] ("szExeFile", ctypes.c_char * MAX_PATH)]
class VS_FIXEDFILEINFO(ctypes.Structure):
_fields_ = [
('dwSignature', ctypes.wintypes.DWORD),
('dwStrucVersion', ctypes.wintypes.DWORD),
('dwFileVersionMS', ctypes.wintypes.DWORD),
('dwFileVersionLS', ctypes.wintypes.DWORD),
('dwProductVersionMS', ctypes.wintypes.DWORD),
('dwProductVersionLS', ctypes.wintypes.DWORD),
('dwFileFlagsMask', ctypes.wintypes.DWORD),
('dwFileFlags', ctypes.wintypes.DWORD),
('dwFileOS', ctypes.wintypes.DWORD),
('dwFileType', ctypes.wintypes.DWORD),
('dwFileSubtype', ctypes.wintypes.DWORD),
('dwFileDateMS', ctypes.wintypes.DWORD),
('dwFileDateLS', ctypes.wintypes.DWORD),
]
# 加载dll # 加载dll
kernel32 = ctypes.WinDLL('kernel32', use_last_error=True) kernel32 = ctypes.WinDLL('kernel32', use_last_error=True)
psapi = ctypes.WinDLL('psapi', use_last_error=True) psapi = ctypes.WinDLL('psapi', use_last_error=True)
@ -214,24 +232,6 @@ def get_file_version_info(file_path):
return f"{version[0]}.{version[1]}.{version[2]}.{version[3]}" return f"{version[0]}.{version[1]}.{version[2]}.{version[3]}"
class VS_FIXEDFILEINFO(ctypes.Structure):
_fields_ = [
('dwSignature', ctypes.wintypes.DWORD),
('dwStrucVersion', ctypes.wintypes.DWORD),
('dwFileVersionMS', ctypes.wintypes.DWORD),
('dwFileVersionLS', ctypes.wintypes.DWORD),
('dwProductVersionMS', ctypes.wintypes.DWORD),
('dwProductVersionLS', ctypes.wintypes.DWORD),
('dwFileFlagsMask', ctypes.wintypes.DWORD),
('dwFileFlags', ctypes.wintypes.DWORD),
('dwFileOS', ctypes.wintypes.DWORD),
('dwFileType', ctypes.wintypes.DWORD),
('dwFileSubtype', ctypes.wintypes.DWORD),
('dwFileDateMS', ctypes.wintypes.DWORD),
('dwFileDateLS', ctypes.wintypes.DWORD),
]
def get_process_list(): def get_process_list():
h_process_snap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0) h_process_snap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0)
if h_process_snap == ctypes.wintypes.HANDLE(-1).value: if h_process_snap == ctypes.wintypes.HANDLE(-1).value:
@ -257,8 +257,6 @@ def get_process_list():
return process_list return process_list
bias_list = []
if __name__ == "__main__": if __name__ == "__main__":
processes = get_process_list() processes = get_process_list()
for pid, name in processes: for pid, name in processes:

2
pywxdump/wx_info/get_wx_info.py
View File

@ -11,7 +11,7 @@ import os
import re import re
import winreg import winreg
from typing import List, Union from typing import List, Union
from .utils import pattern_scan_all, verify_key, get_exe_version, get_exe_bit, info_error from .utils import verify_key, get_exe_version, get_exe_bit, info_error
from .ctypes_utils import get_process_list, get_info_with_key, get_memory_maps, get_process_exe_path, \ from .ctypes_utils import get_process_list, get_info_with_key, get_memory_maps, get_process_exe_path, \
get_file_version_info get_file_version_info
from .memory_search import search_memory from .memory_search import search_memory

1
pywxdump/wx_info/memory_search.py
View File

@ -1,7 +1,6 @@
import ctypes import ctypes
import ctypes.wintypes as wintypes import ctypes.wintypes as wintypes
import logging import logging
from ctypes.wintypes import HANDLE
import re import re
import sys import sys

35
pywxdump/wx_info/utils.py
View File

@ -7,11 +7,8 @@
# ------------------------------------------------------------------------------- # -------------------------------------------------------------------------------
import os import os
import re import re
import sys
import hmac import hmac
import traceback import traceback
import pymem
import hashlib import hashlib
from win32com.client import Dispatch from win32com.client import Dispatch
@ -22,7 +19,6 @@ def info_error(func):
:param func: :param func:
:return: :return:
""" """
def wrapper(*args, **kwargs): def wrapper(*args, **kwargs):
try: try:
return func(*args, **kwargs) return func(*args, **kwargs)
@ -31,7 +27,6 @@ def info_error(func):
rdata = f"{traceback_data}" rdata = f"{traceback_data}"
print(f"info_error: \n{rdata}") print(f"info_error: \n{rdata}")
return "None" return "None"
return wrapper return wrapper
@ -112,33 +107,3 @@ def get_exe_bit(file_path):
print('get exe bit error: File not found or cannot be opened') print('get exe bit error: File not found or cannot be opened')
return 64 return 64
def pattern_scan_all(handle, pattern, *, return_multiple=False, find_num=100):
"""
扫描内存中所有匹配的模式
:param handle: 进程句柄
:param pattern: 模式
:param return_multiple: 是否返回所有匹配
:param find_num: 最多查找数量
"""
next_region = 0
found = []
user_space_limit = 0x7FFFFFFF0000 if sys.maxsize > 2 ** 32 else 0x7fff0000
while next_region < user_space_limit:
try:
next_region, page_found = pymem.pattern.scan_pattern_page(
handle,
next_region,
pattern,
return_multiple=return_multiple
)
except Exception as e:
print(e)
break
if not return_multiple and page_found:
return page_found
if page_found:
found += page_found
if len(found) > find_num:
break
return found