cyonjan/PyWxDump
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

优化get_wx_info代码

Browse Source
This commit is contained in:
xaoyo 2023-10-08 23:05:04 +08:00
parent 75c790079f
commit 983a82d3a1
1 changed files with 60 additions and 143 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

203
Program/get_wx_info.py
View File

@ -11,85 +11,26 @@ import ctypes
import win32api
import psutil
def get_name(pid, base_address, n_size=100):
array = (ctypes.c_byte * n_size)()
if ctypes.windll.kernel32.ReadProcessMemory(ctypes.c_void_p(pid), ctypes.c_void_p(base_address), array, n_size,
0) == 0:
return ""
null_index = n_size
for i in range(n_size):
if array[i] == 0:
null_index = i
break
text = ctypes.string_at(ctypes.byref(array), null_index).decode('utf-8', errors='ignore')
return text
ReadProcessMemory = ctypes.windll.kernel32.ReadProcessMemory
void_p = ctypes.c_void_p
def get_account(pid, base_address, n_size=100):
array = (ctypes.c_byte * n_size)()
if ctypes.windll.kernel32.ReadProcessMemory(ctypes.c_void_p(pid), ctypes.c_void_p(base_address), array, n_size,
0) == 0:
return ""
null_index = n_size
for i in range(n_size):
if array[i] == 0:
null_index = i
break
text = ctypes.string_at(ctypes.byref(array), null_index).decode('utf-8', errors='ignore')
return text
def get_info_without_key(pid, address, n_size=64):
array = ctypes.create_string_buffer(n_size)
if ReadProcessMemory(void_p(pid), void_p(address), array, n_size, 0) == 0: return "None"
array = bytes(array).split(b"\x00")[0] if b"\x00" in array else bytes(array)
text = array.decode('utf-8', errors='ignore')
return text.strip() if text.strip() != "" else "None"
def get_mobile(pid, base_address, n_size=100):
array = (ctypes.c_byte * n_size)()
if ctypes.windll.kernel32.ReadProcessMemory(ctypes.c_void_p(pid), ctypes.c_void_p(base_address), array, n_size,
0) == 0:
return ""
null_index = n_size
for i in range(n_size):
if array[i] == 0:
null_index = i
break
text = ctypes.string_at(ctypes.byref(array), null_index).decode('utf-8', errors='ignore')
return text
def get_mail(pid, base_address, n_size=100):
array = (ctypes.c_byte * n_size)()
if ctypes.windll.kernel32.ReadProcessMemory(ctypes.c_void_p(pid), ctypes.c_void_p(base_address), array, n_size,
0) == 0:
return ""
null_index = n_size
for i in range(n_size):
if array[i] == 0:
null_index = i
break
text = ctypes.string_at(ctypes.byref(array), null_index).decode('utf-8', errors='ignore')
return text
def get_hex(h_process, lp_base_address):
def get_key(h_process, address):
array = ctypes.create_string_buffer(8)
if ctypes.windll.kernel32.ReadProcessMemory(h_process, ctypes.c_void_p(lp_base_address), array, 8, 0) == 0:
return ""
num = 32
array2 = (ctypes.c_ubyte * num)()
lp_base_address2 = int.from_bytes(array, byteorder='little') # 逆序转换为int地址key地址
if ctypes.windll.kernel32.ReadProcessMemory(h_process, ctypes.c_void_p(lp_base_address2), ctypes.byref(array2), num,
0) == 0:
return ""
hex_string = binascii.hexlify(bytes(array2))
return hex_string.decode('utf-8')
if ReadProcessMemory(h_process, void_p(address), array, 8, 0) == 0: return "None"
key = ctypes.create_string_buffer(32)
address = int.from_bytes(array, byteorder='little') # 逆序转换为int地址key地址
if ReadProcessMemory(h_process, void_p(address), key, 32, 0) == 0: return "None"
key_string = bytes(key).hex()
return key_string
def get_file_version(file_path):
@ -97,88 +38,64 @@ def get_file_version(file_path):
ms = info['FileVersionMS']
ls = info['FileVersionLS']
file_version = f"{win32api.HIWORD(ms)}.{win32api.LOWORD(ms)}.{win32api.HIWORD(ls)}.{win32api.LOWORD(ls)}"
# version = parse(file_version)
return file_version
def read_info(version_list):
support_list = None
wechat_process = None
rd = []
wechat_process = []
result = []
for process in psutil.process_iter(['name', 'exe', 'pid', 'cmdline']):
if process.name() == 'WeChat.exe':
tmp_rd = {}
wechat_process = process
tmp_rd['pid'] = wechat_process.pid
# print("[+] WeChatProcessPID: " + str(wechat_process.info['pid']))
wechat_win_base_address = 0
for module in wechat_process.memory_maps(grouped=False):
if module.path and 'WeChatWin.dll' in module.path:
wechat_win_base_address = module.addr
wechat_win_base_address = int(wechat_win_base_address, 16)
file_version = get_file_version(module.path)
file_version_str = str(file_version)
wechat_process.append(process)
tmp_rd['version'] = file_version_str
if file_version_str not in version_list:
return "[-] WeChat Current Version Is: " + file_version_str + " Not Supported"
else:
support_list = version_list[file_version_str]
support_list = list(support_list)
break
Handle = ctypes.windll.kernel32.OpenProcess(0x1F0FFF, False, wechat_process.pid)
if support_list is None:
return "[-] WeChat Base Address Get Failed"
else:
wechat_key = wechat_win_base_address + support_list[4]
hex_key = get_hex(Handle, wechat_key)
tmp_rd['key'] = hex_key.strip()
if hex_key.strip() == "":
return "[-] WeChat Is Running, But Maybe Not Logged In"
else:
wechat_name = wechat_win_base_address + support_list[0]
tmp_rd['name'] = get_name(Handle, wechat_name, 100).strip()
wechat_account = wechat_win_base_address + support_list[1]
account = get_account(Handle, wechat_account, 100).strip()
if account.strip() == "":
tmp_rd['account'] = "None"
else:
tmp_rd['account'] = account
wechat_mobile = wechat_win_base_address + support_list[2]
mobile = get_mobile(Handle, wechat_mobile, 100).strip()
if mobile.strip() == "":
tmp_rd['mobile'] = "None"
else:
tmp_rd['mobile'] = mobile
wechat_mail = wechat_win_base_address + support_list[3]
mail = get_mail(Handle, wechat_mail, 100).strip()
if mail.strip() != "":
tmp_rd['mail'] = mail
else:
tmp_rd['mail'] = "None"
rd.append(tmp_rd)
if wechat_process is None:
if len(wechat_process) == 0:
return "[-] WeChat No Run"
return rd
for process in wechat_process:
tmp_rd = {}
tmp_rd['pid'] = process.pid
wechat_base_address = 0
for module in process.memory_maps(grouped=False):
if module.path and 'WeChatWin.dll' in module.path:
wechat_base_address = int(module.addr, 16)
tmp_rd['version'] = get_file_version(module.path)
support_list = version_list.get(tmp_rd['version'], None)
break
if wechat_base_address == 0:
return f"[-] WeChat WeChatWin.dll Not Found"
if not isinstance(support_list, list):
return f"[-] WeChat Current Version {tmp_rd['version']} Is Not Supported"
Handle = ctypes.windll.kernel32.OpenProcess(0x1F0FFF, False, process.pid)
name_baseaddr = wechat_base_address + support_list[0]
account__baseaddr = wechat_base_address + support_list[1]
mobile_baseaddr = wechat_base_address + support_list[2]
mail_baseaddr = wechat_base_address + support_list[3]
key_baseaddr = wechat_base_address + support_list[4]
tmp_rd['account'] = get_info_without_key(Handle, account__baseaddr, 32)
tmp_rd['mobile'] = get_info_without_key(Handle, mobile_baseaddr, 64)
tmp_rd['name'] = get_info_without_key(Handle, name_baseaddr, 64)
tmp_rd['mail'] = get_info_without_key(Handle, mail_baseaddr, 64) if support_list[3] != 0 else "None"
tmp_rd['key'] = get_key(Handle, key_baseaddr)
result.append(tmp_rd)
return result
if __name__ == "__main__":
version_list = json.load(open("version_list.json", "r", encoding="utf-8"))
rd = read_info(version_list)
if isinstance(rd, str):
print(rd)
result = read_info(version_list)
if isinstance(result, str):
print(result)
else:
for i in rd:
print("=" * 32)
for i in result:
for k, v in i.items():
print(f"[+] {k}: {v}")
print("=====================================")
print(f"[+] {k:>7}: {v}")
print("=" * 32)