Update hook.js

JaveleyQAQ · web-flow · commit 0019bfcd6287 · 2024-03-31T00:18:21.000+08:00
diff --git a/scripts/hook.js b/scripts/hook.js
@@ -1,6 +1,10 @@
 ;
 //获取WeChatAppEx.exe的基址
-var base = Process.findModuleByName("WeChatAppEx.exe").base
+var module = Process.findModuleByName("WeChatAppEx.exe")
+var base = module.base
+// console.log("模块名称:",module.name);
+// console.log("模块地址:",module.base);
+// console.log("大小:",module.size);
 
 
 for (let key in address) {
@@ -56,6 +60,7 @@ Interceptor.attach(address.LaunchAppletBegin, {
         for (var i = 0; i < 0x1000; i+=8) {
             try {
                 var s = readStdString(args[2].add(i))
+                // console.log(s)
                 var s1 = s.replaceAll("md5", "md6")
                     .replaceAll('"enable_vconsole":false', '"enable_vconsole": true')
                     .replaceAll('"frameset":false', '"frameset": true')
@@ -70,6 +75,9 @@ Interceptor.attach(address.LaunchAppletBegin, {
     }
 })
 
+
+
+
 if(address.WechatVersionSwitch){
 
 	Interceptor.attach(address.WechatVersionSwitch, {
@@ -81,21 +89,34 @@ if(address.WechatVersionSwitch){
 	})
 
 }else{
-	
 	Interceptor.attach(address.WechatAppHtml, {
-    
-        onEnter(args) {
-            try {
-                var _adr = ptr("0x00007FF7920CE5BE");
-                const newData = [0x77, 0x65, 0x62];
-                Memory.protect(_adr, 3, 'rwx');
-                Memory.writeByteArray(_adr, newData);
-                Memory.readByteArray(_adr, 3); 
-                send("[+] 已还原完整F12")
-            } catch (error) {
-                send("发生错误: " + error.message);
-            }
-        
-    }
-})
+	    
+	    onEnter(args) {
+	            const webhtml= "68 74 74 70 73 3A 2F 2F 61 70 70 6C 65 74 2D 64 65 62 75 67 2E 63 6F 6D 2F 64 65 76 74 6F 6F 6C 73 2F 77 65 63 68 61 74 5F 77 65 62 2E 68 74 6D 6C";
+	            var  data;
+	            Process.enumerateModules({
+	                onMatch: function(module){
+	                    var ranges = module.enumerateRanges('r--');
+	                    for (var i = 0; i < ranges.length; i++) {
+	                            
+	                        var range = ranges[i];
+	                        var scanResults = Memory.scanSync(range.base, range.size, webhtml);
+	                        if (scanResults.length > 0){
+	                            data = scanResults[0].address
+	                            // console.log('Memory.scanSync() result for range ' + range.base + '-' + range.size + ':\n' + JSON.stringify(scanResults));
+	                            }
+	                        }
+	        
+	                },
+	                onComplete: function(){
+	     
+	                }
+	
+	            });
+	
+	            this.context.rdx = data
+	
+	
+	}
+	})
 }
