cyonjan/PyWxDump
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
75c790079f
PyWxDump/Program/get_wx_info.py
xaoyo 75c790079f 更换更高效的key地址计算方式
2023-10-08 21:46:16 +08:00

185 lines
6.6 KiB
Python
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# -*- coding: utf-8 -*-#
# -------------------------------------------------------------------------------
# Name: getwxinfo.py
# Description:
# Author: xaoyaoo
# Date: 2023/08/21
# -------------------------------------------------------------------------------
import binascii
import json
import ctypes
import win32api
import psutil
def get_name(pid, base_address, n_size=100):
array = (ctypes.c_byte * n_size)()
if ctypes.windll.kernel32.ReadProcessMemory(ctypes.c_void_p(pid), ctypes.c_void_p(base_address), array, n_size,
0) == 0:
return ""
null_index = n_size
for i in range(n_size):
if array[i] == 0:
null_index = i
break
text = ctypes.string_at(ctypes.byref(array), null_index).decode('utf-8', errors='ignore')
return text
def get_account(pid, base_address, n_size=100):
array = (ctypes.c_byte * n_size)()
if ctypes.windll.kernel32.ReadProcessMemory(ctypes.c_void_p(pid), ctypes.c_void_p(base_address), array, n_size,
0) == 0:
return ""
null_index = n_size
for i in range(n_size):
if array[i] == 0:
null_index = i
break
text = ctypes.string_at(ctypes.byref(array), null_index).decode('utf-8', errors='ignore')
return text
def get_mobile(pid, base_address, n_size=100):
array = (ctypes.c_byte * n_size)()
if ctypes.windll.kernel32.ReadProcessMemory(ctypes.c_void_p(pid), ctypes.c_void_p(base_address), array, n_size,
0) == 0:
return ""
null_index = n_size
for i in range(n_size):
if array[i] == 0:
null_index = i
break
text = ctypes.string_at(ctypes.byref(array), null_index).decode('utf-8', errors='ignore')
return text
def get_mail(pid, base_address, n_size=100):
array = (ctypes.c_byte * n_size)()
if ctypes.windll.kernel32.ReadProcessMemory(ctypes.c_void_p(pid), ctypes.c_void_p(base_address), array, n_size,
0) == 0:
return ""
null_index = n_size
for i in range(n_size):
if array[i] == 0:
null_index = i
break
text = ctypes.string_at(ctypes.byref(array), null_index).decode('utf-8', errors='ignore')
return text
def get_hex(h_process, lp_base_address):
array = ctypes.create_string_buffer(8)
if ctypes.windll.kernel32.ReadProcessMemory(h_process, ctypes.c_void_p(lp_base_address), array, 8, 0) == 0:
return ""
num = 32
array2 = (ctypes.c_ubyte * num)()
lp_base_address2 = int.from_bytes(array, byteorder='little') # 逆序转换为int地址key地址
if ctypes.windll.kernel32.ReadProcessMemory(h_process, ctypes.c_void_p(lp_base_address2), ctypes.byref(array2), num,
0) == 0:
return ""
hex_string = binascii.hexlify(bytes(array2))
return hex_string.decode('utf-8')
def get_file_version(file_path):
info = win32api.GetFileVersionInfo(file_path, "\\")
ms = info['FileVersionMS']
ls = info['FileVersionLS']
file_version = f"{win32api.HIWORD(ms)}.{win32api.LOWORD(ms)}.{win32api.HIWORD(ls)}.{win32api.LOWORD(ls)}"
# version = parse(file_version)
return file_version
def read_info(version_list):
support_list = None
wechat_process = None
rd = []
for process in psutil.process_iter(['name', 'exe', 'pid', 'cmdline']):
if process.name() == 'WeChat.exe':
tmp_rd = {}
wechat_process = process
tmp_rd['pid'] = wechat_process.pid
# print("[+] WeChatProcessPID: " + str(wechat_process.info['pid']))
wechat_win_base_address = 0
for module in wechat_process.memory_maps(grouped=False):
if module.path and 'WeChatWin.dll' in module.path:
wechat_win_base_address = module.addr
wechat_win_base_address = int(wechat_win_base_address, 16)
file_version = get_file_version(module.path)
file_version_str = str(file_version)
tmp_rd['version'] = file_version_str
if file_version_str not in version_list:
return "[-] WeChat Current Version Is: " + file_version_str + " Not Supported"
else:
support_list = version_list[file_version_str]
support_list = list(support_list)
break
Handle = ctypes.windll.kernel32.OpenProcess(0x1F0FFF, False, wechat_process.pid)
if support_list is None:
return "[-] WeChat Base Address Get Failed"
else:
wechat_key = wechat_win_base_address + support_list[4]
hex_key = get_hex(Handle, wechat_key)
tmp_rd['key'] = hex_key.strip()
if hex_key.strip() == "":
return "[-] WeChat Is Running, But Maybe Not Logged In"
else:
wechat_name = wechat_win_base_address + support_list[0]
tmp_rd['name'] = get_name(Handle, wechat_name, 100).strip()
wechat_account = wechat_win_base_address + support_list[1]
account = get_account(Handle, wechat_account, 100).strip()
if account.strip() == "":
tmp_rd['account'] = "None"
else:
tmp_rd['account'] = account
wechat_mobile = wechat_win_base_address + support_list[2]
mobile = get_mobile(Handle, wechat_mobile, 100).strip()
if mobile.strip() == "":
tmp_rd['mobile'] = "None"
else:
tmp_rd['mobile'] = mobile
wechat_mail = wechat_win_base_address + support_list[3]
mail = get_mail(Handle, wechat_mail, 100).strip()
if mail.strip() != "":
tmp_rd['mail'] = mail
else:
tmp_rd['mail'] = "None"
rd.append(tmp_rd)
if wechat_process is None:
return "[-] WeChat No Run"
return rd
if __name__ == "__main__":
version_list = json.load(open("version_list.json", "r", encoding="utf-8"))
rd = read_info(version_list)
if isinstance(rd, str):
print(rd)
else:
for i in rd:
for k, v in i.items():
print(f"[+] {k}: {v}")
print("=====================================")
Reference in New Issue View Git Blame Copy Permalink