Giter VIP home page Giter VIP logo

wechat-dump-rs's People

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar

Forkers

skybky searubber mas0nshi sec-fork unt7 crackercat kyraxx zhanglei test1213145 ttstormxx ukonwho h1d3r nyx2022 tomfansdwdf wyf2008 sunhanaix laris nonu11 npc2000 enomothem kenyon-wong weik1 guapier jn7163 icodebug0 howardlau1999 clmagic var618 weifeng2333 sealter hyeongo dollyn cd9e zaxk countree103103 robinlzw wanttobeno ytx222 goujibax wanghaisheng agelovito qidianbox linlynm xiaoxiaozhu5 vincentlin7

wechat-dump-rs's Issues

file is not exsit

我修改过我的微信路径,目前为G:\WeChat Files
执行wechat-dump-rs.exe报错:G:\WeChat Files\wxid_4bwa1yvxxxxx\Msg\ChatRoomUser.db G:\WeChat Files\wxid_4bwa1yvxxxxx\Msg\Misc.db is not exsit: Error { kind: InvalidInput, message: "strings passed to WinAPI cannot contain NULs" },我确保文件是存在的,我不清楚为什么会报这样的错误
微信版本:3.9.10.27
Release:V1.0.6

程序找不到用户名

系统: win11
微信版本: 3.9.7.29

可以找得到登陆方式 iphone,但是在找用户名的过程中出问题了。

[src\main.rs:234] format!("{:#02x}", & phone_type_string_addr) = "0x7ffbc187c1b0"

image

我看了一下 iphone 这个串的内存地址是正确的。

报错

确认包含Misc.db文件,并且存在多个Misc.db(qq也存在Misc.db文件)
报错:
┌──(Tom💀TEST)-[/Downloads] 0ms ✓
└─# .\wechat-dump-rs.exe
[+] wechat version is 3.9.7.29
thread 'main' panicked at 'called Result::unwrap() on an Err value: Utf8Error { valid_up_to: 27, error_len: Some(1) }', src\procmem\mod.rs:44:96
note: run with RUST_BACKTRACE=1 environment variable to display a backtrace
NativeCommandExitException: Program "wechat-dump-rs.exe" ended with non-zero exit code: 101.
┌──(Tom💀TEST)-[/Downloads] 356ms ⨯
└─# .\wechat-dump-rs.exe -a
[+] wechat version is 3.9.7.29
thread 'main' panicked at 'called Result::unwrap() on an Err value: Utf8Error { valid_up_to: 27, error_len: Some(1) }', src\procmem\mod.rs:44:96
note: run with RUST_BACKTRACE=1 environment variable to display a backtrace
NativeCommandExitException: Program "wechat-dump-rs.exe" ended with non-zero exit code: 101.
┌──(Tom💀TEST)-[~/Downloads] 63ms ⨯
└─# .\wechat-dump-rs.exe -p 14644
[+] wechat version is 3.9.7.29
thread 'main' panicked at 'called Result::unwrap() on an Err value: Utf8Error { valid_up_to: 27, error_len: Some(1) }', src\procmem\mod.rs:44:96
note: run with RUST_BACKTRACE=1 environment variable to display a backtrace
NativeCommandExitException: Program "wechat-dump-rs.exe" ended with non-zero exit code: 101.

database disk image is malformed

可以正常打开但是,有的数据页会受损

(base) PS C:\my_program\Asahngdan\WeChatMsg> sqlite3 "C:\my_program\Asahngdan\WeChatMsg\app\DataBase\wechat_14756\MediaMSG0.db" "PRAGMA integrity_check;"
*** in database main ***
Page 6564: btreeInitPage() returns error code 11
Page 6560 is never used
Page 6561 is never used
Page 6562 is never used
Page 6563 is never used
Error: stepping, database disk image is malformed (11)

导出缺少表 ContactLabel

微信版本 3.9.10.19
dump出来的数据库缺少表 ContactLabel
中间切换过微信,不知道是不是跟切换授权微信有关系。
另外一种情况,是不是没有缓存到 标签数据,本地就不会有表 ContactLabel

yara 匹配 Data Dir 错误

部分微信(比如说我)数据库目录不为 wxid_* 可能是 C:\Users\test\Documents\WeChat Files\abc02030405

简单了解了下,个人用户存在两种情况

  • 申请账号时使用的微信号(早期注册,长度及命名规则为 [0-9a-zA-Z-_]{6,20}
  • wxid_[0-9a-zA-Z]{14} (过去某个版本起,为系统自动生成)

wechat-dump-rs/src/main.rs

Lines 39 to 46 in 7cb6014

rule GetDataDir
{
strings:
$a = /[a-zA-Z]:\\Users\\.{0,50}\\Documents\\WeChat Files\\wxid_[0-9a-zA-Z]{14}/
condition:
$a
}

执行出错

C:\secure\wechat-dump-rs-main>wechat-dump-rs.exe
thread 'main' panicked at 'called Result::unwrap() on an Err value: FromUtf8Error { bytes: [211, 239, 200, 184, 46, 101, 120, 101], error: Utf8Error { valid_up_to: 0, error_len: Some(1) } }', C:\Users\thin0.cargo\registry\src\index.crates.io-6f17d22bba15001f\tasklist-0.2.12\src\lib.rs:217:54
note: run with RUST_BACKTRACE=1 environment variable to display a backtrace

微信 3.9.7.29版本提示not found key

d:\tmp1>wechat-dump-rs.exe
[+] wechat version is 3.9.7.29
[+] login phone type is android
[+] wechat data dir is C:\Users\deans\Documents\WeChat Files\sunxxx
[+] account name is sunxxx
thread 'main' panicked at src\main.rs:352:9:
not found key
stack backtrace:
0: 0x7ff741a5a5a3 -
1: 0x7ff7419db97b -
2: 0x7ff741a4e021 -
3: 0x7ff741a5caf4 -
4: 0x7ff741a5c7a3 -
5: 0x7ff741a5cfd0 -
6: 0x7ff741a5cc53 -
7: 0x7ff741a5cbd9 -
8: 0x7ff741a5cbc4 -
9: 0x7ff741aa0365 -
10: 0x7ff741978020 -
11: 0x7ff7419814fb -
12: 0x7ff741972411 -
13: 0x7ff741982f25 -
14: 0x7ff741a9f11c -
15: 0x7fffb50f7344 - BaseThreadInitThunk
16: 0x7fffb54026b1 - RtlUserThreadStart

未知错误note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

微信文件路径设置在D盘的英文路径下:D:\Program Files\Tencent\WeChat Files\WeChat Files\wxid_b5efm05dybi121

thread 'main' panicked at C:\Users\runneradmin\.cargo\registry\src\index.crates.io-6f17d22bba15001f\tasklist-0.2.13\src\lib.rs:217:54:
called `Result::unwrap()` on an `Err` value: FromUtf8Error { bytes: [77, 101, 115, 115, 97, 103, 101, 84, 111, 111, 108, 115, 32, 213, 253, 202, 189, 176, 230, 32, 50, 46, 55, 46, 101, 120, 101], error: Utf8Error { valid_up_to: 13, error_len: Some(1) } }
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.