[Python] 纯文本查看 复制代码 import codecs
import frida
def main(target_process):
session = frida.attach(target_process)
with codecs.open('39633binary_tree.js', 'r', 'utf-8') as f:
source = f.read()
script = session.create_script(source)
script.load()
session.detach()
if __name__ == '__main__':
main('wechat.exe')
JS代码
[JavaScript] 纯文本查看 复制代码 function get_friend(l_add, r_add) {
var wxid = Memory.readUtf16String(Memory.readPointer(l_add.add("0x40")));
var wx_num = Memory.readUtf16String(Memory.readPointer(l_add.add("0x60")));
var v3 = Memory.readUtf16String(Memory.readPointer(l_add.add("0x80")));
var remark = Memory.readUtf16String(Memory.readPointer(l_add.add("0xB0")));
var nick = Memory.readUtf16String(Memory.readPointer(l_add.add("0xD0")));
var head_url = Memory.readUtf16String(Memory.readPointer(l_add.add("0x11C")));
//var friend_type = Memory.readU8(l_add.add("0x74"));// 如果类型为24的话是公众号 0则为好友
//send({ friend, wxid, wx_num, remark, nick, v3 });
console.log(friend, wxid, wx_num, remark, nick, v3);
console.log("----------------------------------------------------------------------------------------------\n")
var left_add1 = Memory.readPointer(l_add);
if (left_add1 != r_add) {
friend = friend + 1;
get_friend(left_add1, r_add);
} else {
return
}
}
var friend = 1
var wechatWinAddress = Process.findModuleByName('WeChatWin.dll');
var binary_tree_base = wechatWinAddress.base.add('0x3ACA288'); //二叉树基址
var rukou = Memory.readPointer(Memory.readPointer(binary_tree_base).add("0xC8"))
console.log("rukou :" + rukou.toString(16));
var left_add = Memory.readPointer(rukou);
console.log("left_add :" + left_add.toString(16));
var right_add = Memory.readPointer(rukou.add("8"));
console.log("right_add :" + right_add.toString(16));
get_friend(left_add, right_add);
声明 代码仅供学习交流 勿用作其他用途 自行承担法律后果 与作者无关
| 
[复制链接]
发表于 2023-7-26 09:43
