diff --git a/Program/get_wx_info.py b/Program/get_wx_info.py index 1de925e..96060ad 100644 --- a/Program/get_wx_info.py +++ b/Program/get_wx_info.py @@ -11,85 +11,26 @@ import ctypes import win32api import psutil - -def get_name(pid, base_address, n_size=100): - array = (ctypes.c_byte * n_size)() - if ctypes.windll.kernel32.ReadProcessMemory(ctypes.c_void_p(pid), ctypes.c_void_p(base_address), array, n_size, - 0) == 0: - return "" - null_index = n_size - for i in range(n_size): - if array[i] == 0: - null_index = i - break - text = ctypes.string_at(ctypes.byref(array), null_index).decode('utf-8', errors='ignore') - - return text +ReadProcessMemory = ctypes.windll.kernel32.ReadProcessMemory +void_p = ctypes.c_void_p -def get_account(pid, base_address, n_size=100): - array = (ctypes.c_byte * n_size)() - - if ctypes.windll.kernel32.ReadProcessMemory(ctypes.c_void_p(pid), ctypes.c_void_p(base_address), array, n_size, - 0) == 0: - return "" - - null_index = n_size - for i in range(n_size): - if array[i] == 0: - null_index = i - break - text = ctypes.string_at(ctypes.byref(array), null_index).decode('utf-8', errors='ignore') - return text +def get_info_without_key(pid, address, n_size=64): + array = ctypes.create_string_buffer(n_size) + if ReadProcessMemory(void_p(pid), void_p(address), array, n_size, 0) == 0: return "None" + array = bytes(array).split(b"\x00")[0] if b"\x00" in array else bytes(array) + text = array.decode('utf-8', errors='ignore') + return text.strip() if text.strip() != "" else "None" -def get_mobile(pid, base_address, n_size=100): - array = (ctypes.c_byte * n_size)() - - if ctypes.windll.kernel32.ReadProcessMemory(ctypes.c_void_p(pid), ctypes.c_void_p(base_address), array, n_size, - 0) == 0: - return "" - - null_index = n_size - for i in range(n_size): - if array[i] == 0: - null_index = i - break - text = ctypes.string_at(ctypes.byref(array), null_index).decode('utf-8', errors='ignore') - - return text - - -def get_mail(pid, base_address, n_size=100): - array = (ctypes.c_byte * n_size)() - - if ctypes.windll.kernel32.ReadProcessMemory(ctypes.c_void_p(pid), ctypes.c_void_p(base_address), array, n_size, - 0) == 0: - return "" - - null_index = n_size - for i in range(n_size): - if array[i] == 0: - null_index = i - break - text = ctypes.string_at(ctypes.byref(array), null_index).decode('utf-8', errors='ignore') - - return text - - -def get_hex(h_process, lp_base_address): +def get_key(h_process, address): array = ctypes.create_string_buffer(8) - if ctypes.windll.kernel32.ReadProcessMemory(h_process, ctypes.c_void_p(lp_base_address), array, 8, 0) == 0: - return "" - - num = 32 - array2 = (ctypes.c_ubyte * num)() - lp_base_address2 = int.from_bytes(array, byteorder='little') # 逆序转换为int地址(key地址) - if ctypes.windll.kernel32.ReadProcessMemory(h_process, ctypes.c_void_p(lp_base_address2), ctypes.byref(array2), num, - 0) == 0: - return "" - hex_string = binascii.hexlify(bytes(array2)) - return hex_string.decode('utf-8') + if ReadProcessMemory(h_process, void_p(address), array, 8, 0) == 0: return "None" + key = ctypes.create_string_buffer(32) + address = int.from_bytes(array, byteorder='little') # 逆序转换为int地址(key地址) + if ReadProcessMemory(h_process, void_p(address), key, 32, 0) == 0: return "None" + key_string = bytes(key).hex() + return key_string def get_file_version(file_path): @@ -97,88 +38,64 @@ def get_file_version(file_path): ms = info['FileVersionMS'] ls = info['FileVersionLS'] file_version = f"{win32api.HIWORD(ms)}.{win32api.LOWORD(ms)}.{win32api.HIWORD(ls)}.{win32api.LOWORD(ls)}" - # version = parse(file_version) return file_version def read_info(version_list): support_list = None - wechat_process = None - - rd = [] + wechat_process = [] + result = [] for process in psutil.process_iter(['name', 'exe', 'pid', 'cmdline']): if process.name() == 'WeChat.exe': - tmp_rd = {} - wechat_process = process - tmp_rd['pid'] = wechat_process.pid - # print("[+] WeChatProcessPID: " + str(wechat_process.info['pid'])) - wechat_win_base_address = 0 - for module in wechat_process.memory_maps(grouped=False): - if module.path and 'WeChatWin.dll' in module.path: - wechat_win_base_address = module.addr - wechat_win_base_address = int(wechat_win_base_address, 16) - file_version = get_file_version(module.path) - file_version_str = str(file_version) + wechat_process.append(process) - tmp_rd['version'] = file_version_str - - if file_version_str not in version_list: - return "[-] WeChat Current Version Is: " + file_version_str + " Not Supported" - else: - support_list = version_list[file_version_str] - support_list = list(support_list) - break - Handle = ctypes.windll.kernel32.OpenProcess(0x1F0FFF, False, wechat_process.pid) - if support_list is None: - return "[-] WeChat Base Address Get Failed" - else: - wechat_key = wechat_win_base_address + support_list[4] - - hex_key = get_hex(Handle, wechat_key) - tmp_rd['key'] = hex_key.strip() - - if hex_key.strip() == "": - return "[-] WeChat Is Running, But Maybe Not Logged In" - else: - wechat_name = wechat_win_base_address + support_list[0] - tmp_rd['name'] = get_name(Handle, wechat_name, 100).strip() - - wechat_account = wechat_win_base_address + support_list[1] - account = get_account(Handle, wechat_account, 100).strip() - if account.strip() == "": - tmp_rd['account'] = "None" - else: - tmp_rd['account'] = account - - wechat_mobile = wechat_win_base_address + support_list[2] - mobile = get_mobile(Handle, wechat_mobile, 100).strip() - if mobile.strip() == "": - tmp_rd['mobile'] = "None" - else: - tmp_rd['mobile'] = mobile - - wechat_mail = wechat_win_base_address + support_list[3] - mail = get_mail(Handle, wechat_mail, 100).strip() - if mail.strip() != "": - tmp_rd['mail'] = mail - else: - tmp_rd['mail'] = "None" - - rd.append(tmp_rd) - - if wechat_process is None: + if len(wechat_process) == 0: return "[-] WeChat No Run" - return rd + + for process in wechat_process: + tmp_rd = {} + tmp_rd['pid'] = process.pid + + wechat_base_address = 0 + for module in process.memory_maps(grouped=False): + if module.path and 'WeChatWin.dll' in module.path: + wechat_base_address = int(module.addr, 16) + tmp_rd['version'] = get_file_version(module.path) + support_list = version_list.get(tmp_rd['version'], None) + break + + if wechat_base_address == 0: + return f"[-] WeChat WeChatWin.dll Not Found" + if not isinstance(support_list, list): + return f"[-] WeChat Current Version {tmp_rd['version']} Is Not Supported" + + Handle = ctypes.windll.kernel32.OpenProcess(0x1F0FFF, False, process.pid) + + name_baseaddr = wechat_base_address + support_list[0] + account__baseaddr = wechat_base_address + support_list[1] + mobile_baseaddr = wechat_base_address + support_list[2] + mail_baseaddr = wechat_base_address + support_list[3] + key_baseaddr = wechat_base_address + support_list[4] + + tmp_rd['account'] = get_info_without_key(Handle, account__baseaddr, 32) + tmp_rd['mobile'] = get_info_without_key(Handle, mobile_baseaddr, 64) + tmp_rd['name'] = get_info_without_key(Handle, name_baseaddr, 64) + tmp_rd['mail'] = get_info_without_key(Handle, mail_baseaddr, 64) if support_list[3] != 0 else "None" + tmp_rd['key'] = get_key(Handle, key_baseaddr) + result.append(tmp_rd) + + return result if __name__ == "__main__": version_list = json.load(open("version_list.json", "r", encoding="utf-8")) - rd = read_info(version_list) - if isinstance(rd, str): - print(rd) + result = read_info(version_list) + if isinstance(result, str): + print(result) else: - for i in rd: + print("=" * 32) + for i in result: for k, v in i.items(): - print(f"[+] {k}: {v}") - print("=====================================") + print(f"[+] {k:>7}: {v}") + print("=" * 32)