python调用微信发送消息,用python发微信消息

2022-08-27 13:15:55 分类:python 阅读()

  python调用微信发送消息,用python发微信消息

  可以用Python实现微信消息发送功能。如何才能实现?你一定觉得很复杂,但是python的好处是很多人已经把接口打包好了,只需要调用就可以了。今天给大家分享一下用Python发微信的思想代码。让我们看一看。

  00-1010前言二次优化三次优化

  

目录

  之前说了如何把机器码写入内存,然后调用。现在说说怎么优化。

  用Python给朋友发微信

  

前言

  再看看C语言的代码。

  void send text(wchar _ t * wsTextMsg){

  //发送好友,filehelper是文件传输助手。

  wchar _ t wsw xid[0x 10]=L file helper ;

  wxbase struct wxw xid(wsw xid);

  //发送的消息的内容

  wxbase struct wxTextMsg(wsTextMsg);

  wchar _ t * * pwx msg=wxtextmsg . buffer;

  char buffer[0x3b 0]={ 0 };

  char wxNull[0x 100]={ 0 };

  DWORD dll base address=(DWORD)GetModuleHandleA( we chatwin . dll );

  //发送消息的函数的调用地址

  DWORD callAddress=dll base address0x 521d 30;

  _ _组件{

  lea eax,wxNull

  推0x1

  推eax

  mov edi,pWxmsg

  推送edi

  lea edx,wxWxid

  lea ecx,缓冲;

  调用callAddress

  添加esp,0xC

  }

  }

  上面的代码真的是向asm中的代码发送消息,之前的C代码都是在组装内存数据。能不能用Python来组装数据,只说下面的组装转换成机器码来写内存调用,这样就少了无用的机器码。

  修改后的SendText函数如下

  wchar _ t wsw xid[0x 10]=L file helper ;

  wchar _ t wsTextMsg[0x 100]=L test ;

  wxbase struct wxw xid(wsw xid);

  wxbase struct wxTextMsg(wsTextMsg);

  wchar _ t * * pwx msg=wxtextmsg . buffer;

  char buffer[0x3b 0]={ 0 };

  char wxNull[0x 100]={ 0 };

  DWORD dll base address=(DWORD)GetModuleHandleA( we chatwin . dll );

  DWORD callAddress=dll base address0x 521d 30;

  void SendText() {

  _ _组件{

  lea eax,wxNull

  推0x1

  推eax

  mov edi,pWxmsg

  推送edi

  lea edx,wxWxid

  lea ecx,缓冲;

  调用callAddress

  添加esp,0xC

  }

  }

  装配代码:

  lign:center">

  []里面包含的类型和变量名其实就是地址,只需要将地址改成用Python构造的地址就可以了

  完整代码如下:

  

import os
  import pymem
  import ctypes
  import time
  def convert_addr(addr):
   if isinstance(addr, int):
   addr = hex(addr)
   if addr.startswith("0x") or addr.startswith("0X"):
   addr = addr[2:]
   if len(addr) < 8:
   addr = (8-len(addr))*0 + addr
   tmp = []
   for i in range(0, 8, 2):
   tmp.append(addr[i:i+2])
   tmp.reverse()
   return .join(tmp)
  def WxBaseStruct(process_handle, content):
   struct_address = pymem.memory.allocate_memory(process_handle, 20)
   bcontent = content.encode(utf-16le)
   content_address = pymem.memory.allocate_memory(process_handle, len(bcontent)+16)
   pymem.ressources.kernel32.WriteProcessMemory(process_handle, content_address, bcontent, len(bcontent), None)
   pymem.memory.write_int(process_handle, struct_address, content_address)
   pymem.memory.write_int(process_handle, struct_address+0x4, len(content))
   pymem.memory.write_int(process_handle, struct_address+0x8, len(content)*2)
   pymem.memory.write_int(process_handle, struct_address+0xC, 0)
   pymem.memory.write_int(process_handle, struct_address+0x10, 0)
   return struct_address, content_address
  def start_thread(process_handle, address, params=None):
   params = params or 0
   NULL_SECURITY_ATTRIBUTES = ctypes.cast(0, pymem.ressources.structure.LPSECURITY_ATTRIBUTES)
   thread_h = pymem.ressources.kernel32.CreateRemoteThread(
   process_handle,
   NULL_SECURITY_ATTRIBUTES,
   0,
   address,
   params,
   0,
   ctypes.byref(ctypes.c_ulong(0))
   )
   last_error = ctypes.windll.kernel32.GetLastError()
   if last_error:
   pymem.logger.warning(Got an error in start thread, code: %s % last_error)
   pymem.ressources.kernel32.WaitForSingleObject(thread_h, -1)
   return thread_h
  def main(wxpid, wxid, msg):
   process_handle = pymem.process.open(wxpid)
   wxNull_address = pymem.memory.allocate_memory(process_handle, 0x100)
   buffer_address = pymem.memory.allocate_memory(process_handle, 0x3B0)
   wxid_struct_address, wxid_address = WxBaseStruct(process_handle, wxid)
   msg_struct_address, msg_address = WxBaseStruct(process_handle, msg)
   process_WeChatWin_handle = pymem.process.module_from_name(process_handle, "WeChatWin.dll")
   call_address = process_WeChatWin_handle.lpBaseOfDll + 0x521D30
   call_p_address = pymem.memory.allocate_memory(process_handle, 4)
   pymem.memory.write_int(process_handle, call_p_address, call_address)
   format_code = 
   57
   8D05 {wxNull}
   6A 01
   50
   8D3D {wxTextMsg}
   57
   8D15 {wxWxid}
   8D0D {buffer}
   FF15 {callAddress}
   83C4 0C
   5F
   C3
   shellcode = format_code.format(wxNull=convert_addr(wxNull_address), 
   wxTextMsg=convert_addr(msg_struct_address),
   wxWxid=convert_addr(wxid_struct_address),
   buffer=convert_addr(buffer_address),
   callAddress=convert_addr(call_p_address))
   shellcode = bytes.fromhex(shellcode.replace( , ).replace(\n, ))
   shellcode_address = pymem.memory.allocate_memory(process_handle, len(shellcode)+5)
   pymem.ressources.kernel32.WriteProcessMemory(process_handle, shellcode_address, shellcode, len(shellcode), None)
   thread_h = start_thread(process_handle, shellcode_address)
   time.sleep(0.5)
   pymem.memory.free_memory(process_handle, wxNull_address)
   pymem.memory.free_memory(process_handle, buffer_address)
   pymem.memory.free_memory(process_handle, wxid_struct_address)
   pymem.memory.free_memory(process_handle, wxid_address)
   pymem.memory.free_memory(process_handle, msg_struct_address)
   pymem.memory.free_memory(process_handle, msg_address)
   pymem.memory.free_memory(process_handle, call_p_address)
   pymem.memory.free_memory(process_handle, shellcode_address)
   pymem.process.close_handle(process_handle)
  if __name__ == "__main__":
   wxpid = 16892
   wxid = "filehelper"
   msg = "python test"
   main(wxpid, wxid, msg)

  

  

第三次优化

  直接在Python里写汇编,然后自动转机器码写入内存。使用的是Python的keystone库

  

# -*- coding: utf-8 -*-
  import os
  import pymem
  import ctypes
  import time
  from keystone import Ks, KS_ARCH_X86, KS_MODE_32
  def asm2code(asm_code, syntax=0):
   ks = Ks(KS_ARCH_X86, KS_MODE_32)
   bytes_code, _ = ks.asm(asm_code, as_bytes=True)
   return bytes_code
  def WxBaseStruct(process_handle, content):
   struct_address = pymem.memory.allocate_memory(process_handle, 20)
   bcontent = content.encode(utf-16le)
   content_address = pymem.memory.allocate_memory(process_handle, len(bcontent)+16)
   pymem.ressources.kernel32.WriteProcessMemory(process_handle, content_address, bcontent, len(bcontent), None)
   pymem.memory.write_int(process_handle, struct_address, content_address)
   pymem.memory.write_int(process_handle, struct_address+0x4, len(content))
   pymem.memory.write_int(process_handle, struct_address+0x8, len(content)*2)
   pymem.memory.write_int(process_handle, struct_address+0xC, 0)
   pymem.memory.write_int(process_handle, struct_address+0x10, 0)
   return struct_address, content_address
  def start_thread(process_handle, address, params=None):
   params = params or 0
   NULL_SECURITY_ATTRIBUTES = ctypes.cast(0, pymem.ressources.structure.LPSECURITY_ATTRIBUTES)
   thread_h = pymem.ressources.kernel32.CreateRemoteThread(
   process_handle,
   NULL_SECURITY_ATTRIBUTES,
   0,
   address,
   params,
   0,
   ctypes.byref(ctypes.c_ulong(0))
   )
   last_error = ctypes.windll.kernel32.GetLastError()
   if last_error:
   pymem.logger.warning(Got an error in start thread, code: %s % last_error)
   pymem.ressources.kernel32.WaitForSingleObject(thread_h, -1)
   return thread_h
  def main(wxpid, wxid, msg):
   process_handle = pymem.process.open(wxpid)
   wxNull_address = pymem.memory.allocate_memory(process_handle, 0x100)
   buffer_address = pymem.memory.allocate_memory(process_handle, 0x3B0)
   wxid_struct_address, wxid_address = WxBaseStruct(process_handle, wxid)
   msg_struct_address, msg_address = WxBaseStruct(process_handle, msg)
   process_WeChatWin_handle = pymem.process.module_from_name(process_handle, "WeChatWin.dll")
   call_address = process_WeChatWin_handle.lpBaseOfDll + 0x521D30
   call_p_address = pymem.memory.allocate_memory(process_handle, 4)
   pymem.memory.write_int(process_handle, call_p_address, call_address)
   format_asm_code = 
   push edi;
   lea eax,dword ptr ds:[{wxNull:#02x}];
   push 0x1;
   push eax;
   lea edi,dword ptr ds:[{wxTextMsg:#02x}];
   push edi;
   lea edx,dword ptr ds:[{wxWxid:#02x}];
   lea ecx,dword ptr ds:[{buffer:#02x}];
   call dword ptr ds:[{callAddress:#02x}];
   add esp, 0xC;
   pop edi;
   ret;
   asm_code = format_asm_code.format(wxNull=wxNull_address, 
   wxTextMsg=msg_struct_address,
   wxWxid=wxid_struct_address,
   buffer=buffer_address,
   callAddress=call_p_address)
   shellcode = asm2code(asm_code.encode())
   shellcode_address = pymem.memory.allocate_memory(process_handle, len(shellcode)+5)
   pymem.ressources.kernel32.WriteProcessMemory(process_handle, shellcode_address, shellcode, len(shellcode), None)
   thread_h = start_thread(process_handle, shellcode_address)
   time.sleep(0.5)
   pymem.memory.free_memory(process_handle, wxNull_address)
   pymem.memory.free_memory(process_handle, buffer_address)
   pymem.memory.free_memory(process_handle, wxid_struct_address)
   pymem.memory.free_memory(process_handle, wxid_address)
   pymem.memory.free_memory(process_handle, msg_struct_address)
   pymem.memory.free_memory(process_handle, msg_address)
   pymem.memory.free_memory(process_handle, call_p_address)
   pymem.memory.free_memory(process_handle, shellcode_address)
   pymem.process.close_handle(process_handle)
  if __name__ == "__main__":
   wxpid = 18604
   wxid = "filehelper"
   msg = "python test msg"
   main(wxpid, wxid, msg)

  到此这篇关于Python实现向好友发送微信消息优化篇的文章就介绍到这了,更多相关Python微信消息内容请搜索盛行IT软件开发工作室以前的文章或继续浏览下面的相关文章希望大家以后多多支持盛行IT软件开发工作室!

郑重声明:本文由网友发布,不代表盛行IT的观点,版权归原作者所有,仅为传播更多信息之目的,如有侵权请联系,我们将第一时间修改或删除,多谢。

标签: python

相关文章阅读

  • 微信读书做笔记主页有显示吗,微信读书做笔记赚钱
  • 微信如何建群详细步骤,怎么建群微信怎么建群呢
  • 微信拍一拍怎么拍肩膀好看,微信如何拍一拍肩膀
  • 微信如何转发给qq,怎么从QQ转发到微信
  • 微信表情含义图解大全2022吃西瓜,微信表情含义图解大全2020高清
  • 微信网页版文件传输助手的文件在哪里,微信文件传输助手怎么批量保存
  • ,,详解微信小程序开发之formId使用(模板消息)
  • ,,最详细的ASP.NET微信JS-SDK支付代码
  • ,,微信小程序视图容器(swiper)组件创建轮播图
  • ,,微信小程序自定义toast弹窗效果的实现代码
  • ,,微信小程序的WXSS和全局、页面配置详细讲解
  • ,,微信小程序左右滚动公告栏效果代码实例
  • ,,微信小程序实现简易table表格
  • ,,微信小程序实现二维码签到考勤系统
  • ,,微信小程序中wxs文件的一些妙用分享
    • 留言与评论(共有 条评论)
       
    验证码: