From b6a7c5df11ea864eb2996bc9bb135af4a5a343d0 Mon Sep 17 00:00:00 2001
From: xaoyo <xaoyaoo@qq.com>
Date: Mon, 9 Oct 2023 12:04:44 +0800
Subject: [PATCH] =?UTF-8?q?=E7=BC=A9=E7=9F=AD=E4=BD=BF=E7=94=A8db=5Fpath?=
 =?UTF-8?q?=E7=9A=84=E8=BF=90=E8=A1=8C=E6=97=B6=E9=97=B4?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Program/get_base_addr.py | 48 ++++++++++++++++++++++++----------------
 1 file changed, 29 insertions(+), 19 deletions(-)

diff --git a/Program/get_base_addr.py b/Program/get_base_addr.py
index 0f5d155..bdc895c 100644
--- a/Program/get_base_addr.py
+++ b/Program/get_base_addr.py
@@ -120,26 +120,11 @@ class BaseAddr:
         result = self.search_memory_value(key, self.module_name)
         return result
 
-    def get_key_bias(self, wx_db_path):
+    def get_key_bias(self, wx_db_path, account_bias=0):
         wx_db_path = os.path.join(wx_db_path, "Msg", "MicroMsg.db")
         if not os.path.exists(wx_db_path):
             return False
 
-        module_name = "WeChatWin.dll"
-        pm = self.pm
-        module = pymem.process.module_from_name(pm.process_handle, module_name)
-        start_addr = module.lpBaseOfDll
-        size = module.SizeOfImage
-        mem_data = pm.read_bytes(start_addr, size)
-
-        min_addr = 0xffffffffffffffffffffffff
-        max_addr = 0
-        for module1 in pm.list_modules():
-            if module1.lpBaseOfDll < min_addr:
-                min_addr = module1.lpBaseOfDll
-            if module1.lpBaseOfDll > max_addr:
-                max_addr = module1.lpBaseOfDll
-
         def read_key(addr):
             key = ctypes.create_string_buffer(35)
             if ReadProcessMemory(pm.process_handle, void_p(addr - 1), key, 35, 0) == 0:
@@ -180,7 +165,31 @@ class BaseAddr:
                         return keys[i]
                 return b"", 0
 
-        maybe_key = get_maybe_key(mem_data)
+        module_name = "WeChatWin.dll"
+        pm = self.pm
+        module = pymem.process.module_from_name(pm.process_handle, module_name)
+        start_addr = module.lpBaseOfDll
+        size = module.SizeOfImage
+
+        min_addr = 0xffffffffffffffffffffffff
+        max_addr = 0
+        for module1 in pm.list_modules():
+            if module1.lpBaseOfDll < min_addr:
+                min_addr = module1.lpBaseOfDll
+            if module1.lpBaseOfDll > max_addr:
+                max_addr = module1.lpBaseOfDll
+
+        if account_bias > 1:
+            maybe_key = []
+            for i in [0x24, 0x40]:
+                addr = start_addr + account_bias - i
+                mem_data = pm.read_bytes(addr, 8)
+                key = read_key(int.from_bytes(mem_data, byteorder='little'))
+                if key != b"":
+                    maybe_key.append([key, addr - start_addr])
+        else:
+            mem_data = pm.read_bytes(start_addr, size)
+            maybe_key = get_maybe_key(mem_data)
         key, bais = verify_key(maybe_key, wx_db_path)
         return bais
 
@@ -194,7 +203,7 @@ class BaseAddr:
         if self.key:
             key_bias = self.search_key(self.key)
         elif self.db_path:
-            key_bias = self.get_key_bias(self.db_path)
+            key_bias = self.get_key_bias(self.db_path, account_bias)
         else:
             key_bias = 0
         return {self.version: [name_bias, account_bias, mobile_bias, 0, key_bias]}
@@ -224,9 +233,10 @@ if __name__ == '__main__':
     key = args.key
     db_path = args.db_path
 
+    st = time.time()
     # 调用 run 函数，并传入参数
     rdata = BaseAddr(account, mobile, name, key, db_path).run()
-
+    print(f"耗时：{time.time() - st}")
     print(rdata)
 
     # 添加到version_list.json