From db5bca7d9f0e30a7538d2e8b631331d5b455ce0b Mon Sep 17 00:00:00 2001 From: xaoyaoo Date: Fri, 26 Jan 2024 17:30:34 +0800 Subject: [PATCH] =?UTF-8?q?=E6=9B=B4=E6=96=B0=E5=81=8F=E7=A7=BB=E5=9C=B0?= =?UTF-8?q?=E5=9D=80=E8=8E=B7=E5=8F=96=E5=87=BD=E6=95=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- pywxdump/wx_info/get_bias_addr.py | 25 +++++++++++++++++-------- 1 file changed, 17 insertions(+), 8 deletions(-) diff --git a/pywxdump/wx_info/get_bias_addr.py b/pywxdump/wx_info/get_bias_addr.py index 9fe62af..1a33840 100644 --- a/pywxdump/wx_info/get_bias_addr.py +++ b/pywxdump/wx_info/get_bias_addr.py @@ -68,6 +68,10 @@ class BiasAddr: return ret def get_key_bias1(self): + """ + 2024.01.26 wx version:3.9.9.35 失效 + :return: + """ try: byteLen = self.address_len # 4 if self.bits == 32 else 8 # 4字节或8字节 @@ -119,20 +123,25 @@ class BiasAddr: phone_type2 = "android\x00" phone_type3 = "ipad\x00" - pm = pymem.Pymem("WeChat.exe") + pm = pymem.Pymem(self.pid) module_name = "WeChatWin.dll" MicroMsg_path = os.path.join(db_path, "MSG", "MicroMsg.db") + type1_addrs = pm.pattern_scan_module(phone_type1.encode(), module_name, return_multiple=True) + type2_addrs = pm.pattern_scan_module(phone_type2.encode(), module_name, return_multiple=True) + type3_addrs = pm.pattern_scan_module(phone_type3.encode(), module_name, return_multiple=True) + + type_addrs = [] + if len(type1_addrs) >= 2: type_addrs += type1_addrs + if len(type2_addrs) >= 2: type_addrs += type2_addrs + if len(type3_addrs) >= 2: type_addrs += type3_addrs + if len(type_addrs) == 0: return "None" + + type_addrs.sort() # 从小到大排序 + module = pymem.process.module_from_name(pm.process_handle, module_name) - type1_addrs = pm.pattern_scan_module(phone_type1.encode(), module, return_multiple=True) - type2_addrs = pm.pattern_scan_module(phone_type2.encode(), module, return_multiple=True) - type3_addrs = pm.pattern_scan_module(phone_type3.encode(), module, return_multiple=True) - type_addrs = type1_addrs if len(type1_addrs) >= 2 else type2_addrs if len( - type2_addrs) >= 2 else type3_addrs if len(type3_addrs) >= 2 else "None" - if type_addrs == "None": - return 0 for i in type_addrs[::-1]: for j in range(i, i - 2000, -addr_len): key_bytes = read_key_bytes(pm.process_handle, j, addr_len)