Skip to content

Commit

Permalink
Update hook.js
Browse files Browse the repository at this point in the history
  • Loading branch information
JaveleyQAQ authored Feb 17, 2024
1 parent cbc94ba commit 5b40f56
Showing 1 changed file with 24 additions and 15 deletions.
39 changes: 24 additions & 15 deletions scripts/hook.js
Original file line number Diff line number Diff line change
@@ -1,17 +1,13 @@
;;
for(var addressname in address){
address[addressname] = parseInt(address[addressname]);
// console.log(address[addressname])
};

;
//获取WeChatAppEx.exe的基址
var base = Process.findModuleByName("WeChatAppEx.exe").base
address.LaunchAppletBegin = base.add(address.LaunchAppletBegin);
address.WechatAppHtml = base.add(address.WechatAppHtml);
address.WechatWebHtml = base.add(address.WechatWebHtml);


function readStdString(s) {
for (let key in address) {
address[key] = base.add(address[key]);
}

function readStdString(s) {
var flag = s.add(23).readU8()
if (flag == 0x80) {
// 从堆中读取
Expand Down Expand Up @@ -42,29 +38,42 @@ function writeStdString(s, content) {
}
}

//HOOK 启动配置
//过新版8555检测
if(address.MenuItemDevToolsString){
var menuItemDevToolsStringCr = new Uint8Array(address.MenuItemDevToolsString.readByteArray(7));
var intptr_ = (menuItemDevToolsStringCr[3] & 0xFF) | ((menuItemDevToolsStringCr[4] & 0xFF) << 8) | ((menuItemDevToolsStringCr[5] & 0xFF) << 16) | ((menuItemDevToolsStringCr[6] & 0xFF) << 24);
var menuItemDevToolsStringPtrData = address.MenuItemDevToolsString.add(intptr_+7);
Memory.protect(menuItemDevToolsStringPtrData, 8, 'rw-')
menuItemDevToolsStringPtrData.writeUtf8String("DevTools");
}


Interceptor.attach(address.LaunchAppletBegin, {
onEnter(args) {
send("[+] HOOK到小程序加载! " + readStdString(args[1]))
for (var i = 0; i < 0x1000; i+=8) {
try {
var s = readStdString(args[2].add(i))
var s1 = s.replaceAll("md5", "md6").replaceAll('"enable_vconsole":false', '"enable_vconsole": true')

var s1 = s.replaceAll("md5", "md6")
.replaceAll('"enable_vconsole":false', '"enable_vconsole": true')
.replaceAll('"frameset":false', '"frameset": true')
//"frameset":false
if (s !== s1) {
//send(s1)
writeStdString(args[2].add(i), s1)
}
} catch (a) {
}
}
}
})
//HOOK F12配置 替换原本内容


Interceptor.attach(address.WechatAppHtml, {
onEnter(args) {
this.context.rdx = address.WechatWebHtml;
send("[+] 已还原完整F12")
}
})

send("[+] WeChatAppEx.exe 注入成功!")

0 comments on commit 5b40f56

Please sign in to comment.