From a8bb5c975cfb4e367871498ce8a9ae81bdb154db Mon Sep 17 00:00:00 2001 From: xaoyaoo Date: Mon, 29 Jan 2024 11:46:39 +0800 Subject: [PATCH] =?UTF-8?q?=E6=B7=BB=E5=8A=A0=E5=BE=AE=E4=BF=A1=E6=95=B0?= =?UTF-8?q?=E6=8D=AE=E6=96=87=E4=BB=B6=E8=B7=AF=E5=BE=84=E9=80=9A=E8=BF=87?= =?UTF-8?q?=E8=AF=BB=E5=8F=96=E5=86=85=E5=AD=98=E6=96=B9=E5=BC=8F=E8=8E=B7?= =?UTF-8?q?=E5=8F=96?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- pywxdump_mini/simplify_wx_info.py | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/pywxdump_mini/simplify_wx_info.py b/pywxdump_mini/simplify_wx_info.py index 25ebb10..08c9948 100644 --- a/pywxdump_mini/simplify_wx_info.py +++ b/pywxdump_mini/simplify_wx_info.py @@ -92,6 +92,21 @@ def get_info_wxid(h_process): return wxid +def get_info_filePath_base_wxid(h_process, wxid=""): + find_num = 10 + addrs = pattern_scan_all(h_process, wxid.encode() + br'\\Msg\\FTSContact', return_multiple=True, find_num=find_num) + filePath = [] + for addr in addrs: + win_addr_len = 260 + array = ctypes.create_string_buffer(win_addr_len) + if ReadProcessMemory(h_process, void_p(addr - win_addr_len + 50), array, win_addr_len, 0) == 0: return "None" + array = bytes(array).split(b"\\Msg")[0] + array = array.split(b"\00")[-1] + filePath.append(array.decode('utf-8', errors='ignore')) + filePath = max(filePath, key=filePath.count) if filePath else "None" + return filePath + + def get_info_filePath(wxid="all"): if not wxid: return "None" @@ -231,7 +246,9 @@ def read_info(is_logging=False, is_save=False): addrLen = get_exe_bit(process.exe()) // 8 tmp_rd['wxid'] = get_info_wxid(Handle) - tmp_rd['filePath'] = get_info_filePath(tmp_rd['wxid']) if tmp_rd['wxid'] != "None" else "None" + tmp_rd['filePath'] = get_info_filePath_base_wxid(Handle, tmp_rd['wxid']) if tmp_rd['wxid'] != "None" else "None" + tmp_rd['filePath'] = get_info_filePath(tmp_rd['wxid']) if tmp_rd['wxid'] != "None" and tmp_rd[ + 'filePath'] == "None" else tmp_rd['filePath'] tmp_rd['key'] = get_key(tmp_rd['pid'], tmp_rd['filePath'], addrLen) if tmp_rd['filePath'] != "None" else "None" result.append(tmp_rd)