add wx 3.9.12.15

xaoyaoo · Sep 11, 2024 · e0b891d · e0b891d
1 parent 4a61cda
commit e0b891d
Show file tree

Hide file tree

Showing 4 changed files with 45 additions and 7 deletions.
diff --git a/pywxdump/WX_OFFS.json b/pywxdump/WX_OFFS.json
@@ -411,5 +411,12 @@
  93700888,
  0,
  93702352
+ ],
+ "3.9.12.15": [
+ 93813544,
+ 93814880,
+ 93813352,
+ 0,
+ 93814816
  ]
 }
diff --git a/pywxdump/api/local_server.py b/pywxdump/api/local_server.py
@@ -259,7 +259,7 @@ def get_biasaddr(request: BiasAddrRequest):
  mobile = request.mobile
  name = request.name
  account = request.account
- key = request.json.key
+ key = request.key
  wxdbPath = request.wxdbPath
  if not mobile or not name or not account:
  return ReJson(1002)

diff --git a/pywxdump/wx_core/__init__.py b/pywxdump/wx_core/__init__.py
@@ -8,4 +8,4 @@
 from .wx_info import get_wx_info, get_wx_db, get_core_db
 from .get_bias_addr import BiasAddr
 from .decryption import batch_decrypt, decrypt
-from .merge_db import  merge_db, decrypt_merge, merge_real_time_db,  all_merge_real_time_db
+from .merge_db import merge_db, decrypt_merge, merge_real_time_db, all_merge_real_time_db
diff --git a/pywxdump/wx_core/get_bias_addr.py b/pywxdump/wx_core/get_bias_addr.py
@@ -10,14 +10,31 @@
 import os
 import re
 import sys
+from ctypes import wintypes
+
 import psutil
 import pymem
 
 from .utils import get_exe_version, get_exe_bit, verify_key
+from .utils import get_process_list, get_memory_maps, get_process_exe_path, get_file_version_info
+from .utils import search_memory
 
 ReadProcessMemory = ctypes.windll.kernel32.ReadProcessMemory if sys.platform == "win32" else None
 void_p = ctypes.c_void_p
 
+# 定义常量
+PROCESS_QUERY_INFORMATION = 0x0400
+PROCESS_VM_READ = 0x0010
+
+kernel32 = ctypes.WinDLL('kernel32', use_last_error=True)
+OpenProcess = kernel32.OpenProcess
+OpenProcess.restype = wintypes.HANDLE
+OpenProcess.argtypes = [wintypes.DWORD, wintypes.BOOL, wintypes.DWORD]
+
+CloseHandle = kernel32.CloseHandle
+CloseHandle.restype = wintypes.BOOL
+CloseHandle.argtypes = [wintypes.HANDLE]
+
 
 class BiasAddr:
  def __init__(self, account, mobile, name, key, db_path):
@@ -61,10 +78,25 @@ def get_process_handle(self):
  return False, "[-] WeChat No Run"
 
  def search_memory_value(self, value: bytes, module_name="WeChatWin.dll"):
- # 创建 Pymem 对象
- module = pymem.process.module_from_name(self.pm.process_handle, module_name)
- ret = self.pm.pattern_scan_module(value, module, return_multiple=True)
- ret = ret[-1] - module.lpBaseOfDll if len(ret) > 0 else 0
+ start_adress = 0x7FFFFFFFFFFFFFFF
+ end_adress = 0
+
+ memory_maps = get_memory_maps(self.pid)
+ for module in memory_maps:
+ if module.FileName and module_name in module.FileName:
+ s = module.BaseAddress
+ e = module.BaseAddress + module.RegionSize
+ start_adress = s if s < start_adress else start_adress
+ end_adress = e if e > end_adress else end_adress
+ hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, False, self.pid)
+ ret = search_memory(hProcess, value, max_num=3, start_address=start_adress,
+ end_address=end_adress)
+ ret = ret[-1] - start_adress if len(ret) > 0 else 0
+
+ # # 创建 Pymem 对象
+ # module = pymem.process.module_from_name(self.pm.process_handle, module_name)
+ # ret = self.pm.pattern_scan_module(value, module, return_multiple=True)
+ # ret = ret[-1] - module.lpBaseOfDll if len(ret) > 0 else 0
  return ret
 
  def get_key_bias1(self):
@@ -81,7 +113,6 @@ def get_key_bias1(self):
  module = pymem.process.module_from_name(self.process_handle, self.module_name)
  keyBytes = b'-----BEGIN PUBLIC KEY-----\n...'
  publicKeyList = pymem.pattern.pattern_scan_all(self.process_handle, keyBytes, return_multiple=True)
-
  keyaddrs = []
  for addr in publicKeyList:
  keyBytes = addr.to_bytes(byteLen, byteorder="little", signed=True) # 低位在前