微信防撤回补丁脚本

之前用od手动patch的微信防撤回补丁&＃xff0c;自从微信更新后&＃xff0c;就失效了&＃xff01;这次写了个python脚本&＃xff0c;一键patch&＃xff0c;再也不怕微信更新了&＃xff01;

特征码&＃xff1a;

8B 06 8B CE FF 50 18 85 C0 0F 84 31 FF FF FF 68 ?? ?? ?? ?? 8B C8 E8 1F AC 58 00 8B F0 85 F6 0F 84 1B FF FF FF 68 ?? ?? ?? ?? 8B CE E8 09 AC 58 00 85 C0 74 7B 8B C8 E8 8E B4 58 00 85 C0 75 62 0F 10 05 ?? ?? ?? ?? 83 EC 10


由于其中一个参数是重定位的全局变量&＃xff0c;所以需要在patch代码里加上 add esp, 4
patch后&＃xff1a;

使用下面py脚本&＃xff0c;会生成一个WeChatWin_patched.dll版本&＃xff0c;将这个文件改名并替换微信安装目录下的WeChatWin.dll即可&＃xff1a;

# -*- coding: utf-8 -*-# crucial opcode in WeChatWin.dll
crucial_opcode &＃61; b"\x8B\x06\x8B\xCE\xFF\x50\x18\x85\xC0\x0F\x84\x31\xFF\xFF\xFF\x68"
patch_opcode &＃61; b"\x83\xC4\x04\x90\x90\x90\x90"# main
if __name__ &＃61;&＃61; "__main__":with open("WeChatWin.dll", "rb") as fs:byte_buf &＃61; bytes(fs.read())position &＃61; byte_buf.find(crucial_opcode)if position &＃61;&＃61; -1:print "[-] can not find crucial code in WeChatWin.dll"else:print "[&＃43;] find the crucial code offset at {}".format(hex(position))precise_pos &＃61; position &＃43; len(crucial_opcode) &＃43; 4print "[&＃43;] after adjusting offset of crucial code {}".format(hex(precise_pos))print "[&＃43;] modifying crucial code with {} NOP&＃39;s".format(len(patch_opcode))print "[&＃43;] generating patched file named WeChatWin_patched.dll"with open("WeChatWin_patched.dll", "wb") as wfs:wfs.write(byte_buf[0:precise_pos])wfs.write(patch_opcode)wfs.write(byte_buf[precise_pos &＃43; len(patch_opcode):])wfs.close()print "[&＃43;] Please rename the patched file according to WeChatWin.dll in WeChat installation directory"fs.close()