Tested on 2.9.2.23
特征码:
74 0A BE 03 00 00 00 E9 27 06 00 00 83 EC 08 8B C4 56 57
使用下面py脚本,会生成一个WeChatWin_patched.dll版本,将这个文件改名并替换微信安装目录下的WeChatWin.dll即可:
# -*- coding: utf-8 -*-
# crucial opcode in WeChatWin.dll
crucial_opcode = b"\x74\x0A\xBE\x03\x00\x00\x00\xE9\x27\x06\x00\x00\x83\xEC\x08\x8B\xC4\x56\x57"
patch_opcode = b"\x90\x90"
# main
if __name__ == "__main__":
with open("WeChatWin.dll", "rb") as fs:
byte_buf = bytes(fs.read())
position = byte_buf.find(crucial_opcode)
if position == -1:
print "[-] can not find crucial code in WeChatWin.dll"
else:
print "[+] find the crucial code offset at {}".format(hex(position))
print "[+] after adjusting offset of crucial code {}".format(hex(position))
print "[+] modifying crucial code with {} NOP's".format(len(patch_opcode))
print "[+] generating patched file named WeChatWin_patched.dll"
with open("WeChatWin_patched.dll", "wb") as wfs:
wfs.write(byte_buf[0:position])
wfs.write(patch_opcode)
wfs.write(byte_buf[position + len(patch_opcode):])
wfs.close()
print "[+] Please rename the patched file according to WeChatWin.dll in WeChat installation directory"
fs.close()