From e0b891d6988486493434b191fd0bd6b8f41d24ba Mon Sep 17 00:00:00 2001
From: xaoyaoo <xaoyaoo@163.com>
Date: Wed, 11 Sep 2024 12:14:55 +0800
Subject: [PATCH] add wx 3.9.12.15

---
 pywxdump/WX_OFFS.json             |  7 ++++++
 pywxdump/api/local_server.py      |  2 +-
 pywxdump/wx_core/__init__.py      |  2 +-
 pywxdump/wx_core/get_bias_addr.py | 41 +++++++++++++++++++++++++++----
 4 files changed, 45 insertions(+), 7 deletions(-)

diff --git a/pywxdump/WX_OFFS.json b/pywxdump/WX_OFFS.json
index b00ab3b..0eb6e5e 100644
--- a/pywxdump/WX_OFFS.json
+++ b/pywxdump/WX_OFFS.json
@@ -411,5 +411,12 @@
     93700888,
     0,
     93702352
+  ],
+  "3.9.12.15": [
+    93813544,
+    93814880,
+    93813352,
+    0,
+    93814816
   ]
 }
diff --git a/pywxdump/api/local_server.py b/pywxdump/api/local_server.py
index 16713c0..94f31a1 100644
--- a/pywxdump/api/local_server.py
+++ b/pywxdump/api/local_server.py
@@ -259,7 +259,7 @@ def get_biasaddr(request: BiasAddrRequest):
     mobile = request.mobile
     name = request.name
     account = request.account
-    key = request.json.key
+    key = request.key
     wxdbPath = request.wxdbPath
     if not mobile or not name or not account:
         return ReJson(1002)
diff --git a/pywxdump/wx_core/__init__.py b/pywxdump/wx_core/__init__.py
index d153bc5..68ae8ec 100644
--- a/pywxdump/wx_core/__init__.py
+++ b/pywxdump/wx_core/__init__.py
@@ -8,4 +8,4 @@
 from .wx_info import get_wx_info, get_wx_db, get_core_db
 from .get_bias_addr import BiasAddr
 from .decryption import batch_decrypt, decrypt
-from .merge_db import  merge_db, decrypt_merge, merge_real_time_db,  all_merge_real_time_db
+from .merge_db import merge_db, decrypt_merge, merge_real_time_db, all_merge_real_time_db
diff --git a/pywxdump/wx_core/get_bias_addr.py b/pywxdump/wx_core/get_bias_addr.py
index 84c8816..1a4a56b 100644
--- a/pywxdump/wx_core/get_bias_addr.py
+++ b/pywxdump/wx_core/get_bias_addr.py
@@ -10,14 +10,31 @@ import json
 import os
 import re
 import sys
+from ctypes import wintypes
+
 import psutil
 import pymem
 
 from .utils import get_exe_version, get_exe_bit, verify_key
+from .utils import get_process_list, get_memory_maps, get_process_exe_path, get_file_version_info
+from .utils import search_memory
 
 ReadProcessMemory = ctypes.windll.kernel32.ReadProcessMemory if sys.platform == "win32" else None
 void_p = ctypes.c_void_p
 
+# 定义常量
+PROCESS_QUERY_INFORMATION = 0x0400
+PROCESS_VM_READ = 0x0010
+
+kernel32 = ctypes.WinDLL('kernel32', use_last_error=True)
+OpenProcess = kernel32.OpenProcess
+OpenProcess.restype = wintypes.HANDLE
+OpenProcess.argtypes = [wintypes.DWORD, wintypes.BOOL, wintypes.DWORD]
+
+CloseHandle = kernel32.CloseHandle
+CloseHandle.restype = wintypes.BOOL
+CloseHandle.argtypes = [wintypes.HANDLE]
+
 
 class BiasAddr:
     def __init__(self, account, mobile, name, key, db_path):
@@ -61,10 +78,25 @@ class BiasAddr:
             return False, "[-] WeChat No Run"
 
     def search_memory_value(self, value: bytes, module_name="WeChatWin.dll"):
-        # 创建 Pymem 对象
-        module = pymem.process.module_from_name(self.pm.process_handle, module_name)
-        ret = self.pm.pattern_scan_module(value, module, return_multiple=True)
-        ret = ret[-1] - module.lpBaseOfDll if len(ret) > 0 else 0
+        start_adress = 0x7FFFFFFFFFFFFFFF
+        end_adress = 0
+
+        memory_maps = get_memory_maps(self.pid)
+        for module in memory_maps:
+            if module.FileName and module_name in module.FileName:
+                s = module.BaseAddress
+                e = module.BaseAddress + module.RegionSize
+                start_adress = s if s < start_adress else start_adress
+                end_adress = e if e > end_adress else end_adress
+        hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, False, self.pid)
+        ret = search_memory(hProcess, value, max_num=3, start_address=start_adress,
+                                    end_address=end_adress)
+        ret = ret[-1] - start_adress if len(ret) > 0 else 0
+
+        # # 创建 Pymem 对象
+        # module = pymem.process.module_from_name(self.pm.process_handle, module_name)
+        # ret = self.pm.pattern_scan_module(value, module, return_multiple=True)
+        # ret = ret[-1] - module.lpBaseOfDll if len(ret) > 0 else 0
         return ret
 
     def get_key_bias1(self):
@@ -81,7 +113,6 @@ class BiasAddr:
             module = pymem.process.module_from_name(self.process_handle, self.module_name)
             keyBytes = b'-----BEGIN PUBLIC KEY-----\n...'
             publicKeyList = pymem.pattern.pattern_scan_all(self.process_handle, keyBytes, return_multiple=True)
-
             keyaddrs = []
             for addr in publicKeyList:
                 keyBytes = addr.to_bytes(byteLen, byteorder="little", signed=True)  # 低位在前