优化代码
This commit is contained in:
xaoyo
parent
96677f0c07
commit
ba4500867f
@ -17,7 +17,8 @@ import winreg
|
|||||||
import threading
|
import threading
|
||||||
|
|
||||||
import psutil
|
import psutil
|
||||||
import win32api
|
# import win32api
|
||||||
|
from win32com.client import Dispatch
|
||||||
from pymem import Pymem
|
from pymem import Pymem
|
||||||
import pymem
|
import pymem
|
||||||
import hmac
|
import hmac
|
||||||
@ -66,12 +67,9 @@ class BaseAddr:
|
|||||||
return [base_addr + m.start() for m in re.finditer(re.escape(c), string)]
|
return [base_addr + m.start() for m in re.finditer(re.escape(c), string)]
|
||||||
|
|
||||||
def get_file_version(self, process_name):
|
def get_file_version(self, process_name):
|
||||||
for process in psutil.process_iter(['name', 'exe', 'pid', 'cmdline']):
|
for process in psutil.process_iter(['pid', 'name', 'exe']):
|
||||||
if process.name() == process_name:
|
if process.name() == process_name:
|
||||||
file_path = process.exe()
|
file_version = Dispatch("Scripting.FileSystemObject").GetFileVersion(process.exe())
|
||||||
info = win32api.GetFileVersionInfo(file_path, "\\")
|
|
||||||
ms, ls = info['FileVersionMS'], info['FileVersionLS']
|
|
||||||
file_version = f"{win32api.HIWORD(ms)}.{win32api.LOWORD(ms)}.{win32api.HIWORD(ls)}.{win32api.LOWORD(ls)}"
|
|
||||||
return file_version
|
return file_version
|
||||||
self.islogin = False
|
self.islogin = False
|
||||||
|
|
||||||
@ -125,18 +123,6 @@ class BaseAddr:
|
|||||||
if not os.path.exists(wx_db_path):
|
if not os.path.exists(wx_db_path):
|
||||||
return False
|
return False
|
||||||
|
|
||||||
def read_key(addr):
|
|
||||||
key = ctypes.create_string_buffer(35)
|
|
||||||
if ReadProcessMemory(pm.process_handle, void_p(addr - 1), key, 35, 0) == 0:
|
|
||||||
return b""
|
|
||||||
|
|
||||||
if b"\x00\x00" in key.raw[1:33]:
|
|
||||||
return b""
|
|
||||||
|
|
||||||
if b"\x00\x00" == key.raw[33:35] and b"\x90" == key.raw[0:1]:
|
|
||||||
return key.raw[1:33]
|
|
||||||
return b""
|
|
||||||
|
|
||||||
def get_maybe_key(mem_data):
|
def get_maybe_key(mem_data):
|
||||||
maybe_key = []
|
maybe_key = []
|
||||||
for i in range(0, len(mem_data), 8):
|
for i in range(0, len(mem_data), 8):
|
||||||
@ -150,6 +136,18 @@ class BaseAddr:
|
|||||||
maybe_key.append([key, i])
|
maybe_key.append([key, i])
|
||||||
return maybe_key
|
return maybe_key
|
||||||
|
|
||||||
|
def read_key(addr):
|
||||||
|
key = ctypes.create_string_buffer(35)
|
||||||
|
if ReadProcessMemory(pm.process_handle, void_p(addr - 1), key, 35, 0) == 0:
|
||||||
|
return b""
|
||||||
|
|
||||||
|
if b"\x00\x00" in key.raw[1:33]:
|
||||||
|
return b""
|
||||||
|
|
||||||
|
if b"\x00\x00" == key.raw[33:35] and b"\x90" == key.raw[0:1]:
|
||||||
|
return key.raw[1:33]
|
||||||
|
return b""
|
||||||
|
|
||||||
def verify_key(keys, wx_db_path):
|
def verify_key(keys, wx_db_path):
|
||||||
with open(wx_db_path, "rb") as file:
|
with open(wx_db_path, "rb") as file:
|
||||||
blist = file.read(5000)
|
blist = file.read(5000)
|
||||||
@ -171,14 +169,6 @@ class BaseAddr:
|
|||||||
start_addr = module.lpBaseOfDll
|
start_addr = module.lpBaseOfDll
|
||||||
size = module.SizeOfImage
|
size = module.SizeOfImage
|
||||||
|
|
||||||
min_addr = 0xffffffffffffffffffffffff
|
|
||||||
max_addr = 0
|
|
||||||
for module1 in pm.list_modules():
|
|
||||||
if module1.lpBaseOfDll < min_addr:
|
|
||||||
min_addr = module1.lpBaseOfDll
|
|
||||||
if module1.lpBaseOfDll > max_addr:
|
|
||||||
max_addr = module1.lpBaseOfDll
|
|
||||||
|
|
||||||
if account_bias > 1:
|
if account_bias > 1:
|
||||||
maybe_key = []
|
maybe_key = []
|
||||||
for i in [0x24, 0x40]:
|
for i in [0x24, 0x40]:
|
||||||
@ -187,7 +177,18 @@ class BaseAddr:
|
|||||||
key = read_key(int.from_bytes(mem_data, byteorder='little'))
|
key = read_key(int.from_bytes(mem_data, byteorder='little'))
|
||||||
if key != b"":
|
if key != b"":
|
||||||
maybe_key.append([key, addr - start_addr])
|
maybe_key.append([key, addr - start_addr])
|
||||||
else:
|
key, bais = verify_key(maybe_key, wx_db_path)
|
||||||
|
if bais != 0:
|
||||||
|
return bais
|
||||||
|
|
||||||
|
min_addr = 0xffffffffffffffffffffffff
|
||||||
|
max_addr = 0
|
||||||
|
for module1 in pm.list_modules():
|
||||||
|
if module1.lpBaseOfDll < min_addr:
|
||||||
|
min_addr = module1.lpBaseOfDll
|
||||||
|
if module1.lpBaseOfDll > max_addr:
|
||||||
|
max_addr = module1.lpBaseOfDll + module1.SizeOfImage
|
||||||
|
|
||||||
mem_data = pm.read_bytes(start_addr, size)
|
mem_data = pm.read_bytes(start_addr, size)
|
||||||
maybe_key = get_maybe_key(mem_data)
|
maybe_key = get_maybe_key(mem_data)
|
||||||
key, bais = verify_key(maybe_key, wx_db_path)
|
key, bais = verify_key(maybe_key, wx_db_path)
|
||||||
@ -200,13 +201,14 @@ class BaseAddr:
|
|||||||
mobile_bias = self.search_memory_value(self.mobile)
|
mobile_bias = self.search_memory_value(self.mobile)
|
||||||
name_bias = self.search_memory_value(self.name)
|
name_bias = self.search_memory_value(self.name)
|
||||||
account_bias = self.search_memory_value(self.account)
|
account_bias = self.search_memory_value(self.account)
|
||||||
|
version_bias = self.search_memory_value(self.version.encode("utf-8"))
|
||||||
if self.key:
|
if self.key:
|
||||||
key_bias = self.search_key(self.key)
|
key_bias = self.search_key(self.key)
|
||||||
elif self.db_path:
|
elif self.db_path:
|
||||||
key_bias = self.get_key_bias(self.db_path, account_bias)
|
key_bias = self.get_key_bias(self.db_path, account_bias)
|
||||||
else:
|
else:
|
||||||
key_bias = 0
|
key_bias = 0
|
||||||
return {self.version: [name_bias, account_bias, mobile_bias, 0, key_bias]}
|
return {self.version: [name_bias, account_bias, mobile_bias, 0, key_bias, version_bias]}
|
||||||
|
|
||||||
|
|
||||||
if __name__ == '__main__':
|
if __name__ == '__main__':
|
||||||
@ -230,13 +232,11 @@ if __name__ == '__main__':
|
|||||||
mobile = args.mobile
|
mobile = args.mobile
|
||||||
name = args.name
|
name = args.name
|
||||||
account = args.account
|
account = args.account
|
||||||
key = args.key
|
key = None # args.key
|
||||||
db_path = args.db_path
|
db_path = args.db_path
|
||||||
|
|
||||||
st = time.time()
|
|
||||||
# 调用 run 函数,并传入参数
|
# 调用 run 函数,并传入参数
|
||||||
rdata = BaseAddr(account, mobile, name, key, db_path).run()
|
rdata = BaseAddr(account, mobile, name, key, db_path).run()
|
||||||
print(f"耗时:{time.time() - st}")
|
|
||||||
print(rdata)
|
print(rdata)
|
||||||
|
|
||||||
# 添加到version_list.json
|
# 添加到version_list.json
|
||||||
|
|||||||
@ -5,10 +5,9 @@
|
|||||||
# Author: xaoyaoo
|
# Author: xaoyaoo
|
||||||
# Date: 2023/08/21
|
# Date: 2023/08/21
|
||||||
# -------------------------------------------------------------------------------
|
# -------------------------------------------------------------------------------
|
||||||
import binascii
|
|
||||||
import json
|
import json
|
||||||
import ctypes
|
import ctypes
|
||||||
import win32api
|
from win32com.client import Dispatch
|
||||||
import psutil
|
import psutil
|
||||||
|
|
||||||
ReadProcessMemory = ctypes.windll.kernel32.ReadProcessMemory
|
ReadProcessMemory = ctypes.windll.kernel32.ReadProcessMemory
|
||||||
@ -30,19 +29,12 @@ def get_key(h_process, address):
|
|||||||
if ReadProcessMemory(h_process, void_p(address), array, 8, 0) == 0: return "None"
|
if ReadProcessMemory(h_process, void_p(address), array, 8, 0) == 0: return "None"
|
||||||
key = ctypes.create_string_buffer(32)
|
key = ctypes.create_string_buffer(32)
|
||||||
address = int.from_bytes(array, byteorder='little') # 逆序转换为int地址(key地址)
|
address = int.from_bytes(array, byteorder='little') # 逆序转换为int地址(key地址)
|
||||||
|
print(hex(address))
|
||||||
if ReadProcessMemory(h_process, void_p(address), key, 32, 0) == 0: return "None"
|
if ReadProcessMemory(h_process, void_p(address), key, 32, 0) == 0: return "None"
|
||||||
key_string = bytes(key).hex()
|
key_string = bytes(key).hex()
|
||||||
return key_string
|
return key_string
|
||||||
|
|
||||||
|
|
||||||
# 读取文件版本
|
|
||||||
def get_file_version(file_path):
|
|
||||||
info = win32api.GetFileVersionInfo(file_path, "\\")
|
|
||||||
ms, ls = info['FileVersionMS'], info['FileVersionLS']
|
|
||||||
file_version = f"{win32api.HIWORD(ms)}.{win32api.LOWORD(ms)}.{win32api.HIWORD(ls)}.{win32api.LOWORD(ls)}"
|
|
||||||
return file_version
|
|
||||||
|
|
||||||
|
|
||||||
# 读取微信信息(key, name, account, mobile, mail)
|
# 读取微信信息(key, name, account, mobile, mail)
|
||||||
def read_info(version_list):
|
def read_info(version_list):
|
||||||
wechat_process = []
|
wechat_process = []
|
||||||
@ -57,21 +49,21 @@ def read_info(version_list):
|
|||||||
|
|
||||||
for process in wechat_process:
|
for process in wechat_process:
|
||||||
tmp_rd = {}
|
tmp_rd = {}
|
||||||
support_list = None
|
|
||||||
|
|
||||||
tmp_rd['pid'] = process.pid
|
tmp_rd['pid'] = process.pid
|
||||||
|
tmp_rd['version'] = Dispatch("Scripting.FileSystemObject").GetFileVersion(process.exe())
|
||||||
|
|
||||||
|
support_list = version_list.get(tmp_rd['version'], None)
|
||||||
|
if not isinstance(support_list, list):
|
||||||
|
return f"[-] WeChat Current Version {tmp_rd['version']} Is Not Supported"
|
||||||
|
|
||||||
wechat_base_address = 0
|
wechat_base_address = 0
|
||||||
for module in process.memory_maps(grouped=False):
|
for module in process.memory_maps(grouped=False):
|
||||||
if module.path and 'WeChatWin.dll' in module.path:
|
if module.path and 'WeChatWin.dll' in module.path:
|
||||||
wechat_base_address = int(module.addr, 16)
|
wechat_base_address = int(module.addr, 16)
|
||||||
tmp_rd['version'] = get_file_version(module.path)
|
|
||||||
support_list = version_list.get(tmp_rd['version'], None)
|
|
||||||
break
|
break
|
||||||
|
|
||||||
if wechat_base_address == 0:
|
if wechat_base_address == 0:
|
||||||
return f"[-] WeChat WeChatWin.dll Not Found"
|
return f"[-] WeChat WeChatWin.dll Not Found"
|
||||||
if not isinstance(support_list, list):
|
|
||||||
return f"[-] WeChat Current Version {tmp_rd['version']} Is Not Supported"
|
|
||||||
|
|
||||||
Handle = ctypes.windll.kernel32.OpenProcess(0x1F0FFF, False, process.pid)
|
Handle = ctypes.windll.kernel32.OpenProcess(0x1F0FFF, False, process.pid)
|
||||||
|
|
||||||
|
|||||||
@ -319,6 +319,7 @@
|
|||||||
63488320,
|
63488320,
|
||||||
63486792,
|
63486792,
|
||||||
0,
|
0,
|
||||||
63488256
|
63488256,
|
||||||
|
56006136
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
@ -2,7 +2,7 @@
|
|||||||
|
|
||||||
* 更新日志(发现[version_list.json](./Program/version_list.json)
|
* 更新日志(发现[version_list.json](./Program/version_list.json)
|
||||||
缺失或错误,请提交[issues](https://github.com/xaoyaoo/PyWxDump/issues)):
|
缺失或错误,请提交[issues](https://github.com/xaoyaoo/PyWxDump/issues)):
|
||||||
* 2023.10.11 添加"3.9.5.81"版本的偏移地址 感谢@**[sv3nbeast](https://github.com/sv3nbeast)**
|
* 2023.10.11 添加"3.9.5.81"版本的偏移地址[#10](https://github.com/xaoyaoo/PyWxDump/issues/10), 感谢@**[sv3nbeast](https://github.com/sv3nbeast)**
|
||||||
* 2023.10.09 获取key基址偏移可以根据微信文件夹获取,不需要输入key
|
* 2023.10.09 获取key基址偏移可以根据微信文件夹获取,不需要输入key
|
||||||
* 2023.10.09 优化代码,删减没必要代码,重新修改获取基址代码,加快运行速度(需要安装新的库 pymem)
|
* 2023.10.09 优化代码,删减没必要代码,重新修改获取基址代码,加快运行速度(需要安装新的库 pymem)
|
||||||
* 2023.10.07 修改获取基址内存搜索方式,防止进入死循环
|
* 2023.10.07 修改获取基址内存搜索方式,防止进入死循环
|
||||||
@ -133,9 +133,9 @@ python get_base_addr.py --mobile 152***** --name **** --account *** --key *****
|
|||||||
db_path = "****\WeChat Files\wxid_******"
|
db_path = "****\WeChat Files\wxid_******"
|
||||||
# 微信文件夹,通过微信客户端,设置-文件管理-微信文件的默认保存位置获取
|
# 微信文件夹,通过微信客户端,设置-文件管理-微信文件的默认保存位置获取
|
||||||
|
|
||||||
return:{'3.9.7.29': [63486984, 63488320, 63486792, 0, 63488256]}
|
return:{'3.9.7.29': [63486984, 63488320, 63486792, 0, 63488256, 56006136]}
|
||||||
|
|
||||||
(十进制)按顺序代表:微信昵称、微信账号、微信手机号、微信邮箱(默认0)、微信KEY
|
(十进制)按顺序代表:微信昵称、微信账号、微信手机号、微信邮箱(默认0)、微信KEY、版本信息
|
||||||
|
|
||||||
[注]:如果参数错误,得到的对应地址偏移为0,邮箱高版本失效,默认为0
|
[注]:如果参数错误,得到的对应地址偏移为0,邮箱高版本失效,默认为0
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user