diff --git a/internal/chatlog/app.go b/internal/chatlog/app.go index c011c19..ecc5aca 100644 --- a/internal/chatlog/app.go +++ b/internal/chatlog/app.go @@ -101,7 +101,7 @@ func (a *App) updateMenuItemsState() { // 查找并更新自动解密菜单项 for _, item := range a.menu.GetItems() { // 更新自动解密菜单项 - if item.Index == 5 { + if item.Index == 6 { if a.ctx.AutoDecrypt { item.Name = "停止自动解密" item.Description = "停止监控数据目录更新,不再自动解密新增数据" @@ -112,7 +112,7 @@ func (a *App) updateMenuItemsState() { } // 更新HTTP服务菜单项 - if item.Index == 4 { + if item.Index == 5 { if a.ctx.HTTPEnabled { item.Name = "停止 HTTP 服务" item.Description = "停止本地 HTTP & MCP 服务器" @@ -155,9 +155,13 @@ func (a *App) refresh() { // 刷新当前账号状态(如果存在) if a.ctx.Current != nil { + originalName := a.ctx.Current.Name a.ctx.Current.RefreshStatus() - // 更新上下文信息 - a.ctx.Refresh() + if a.ctx.Current.Name != originalName { + a.ctx.SwitchCurrent(a.ctx.Current) + } else { + a.ctx.Refresh() + } } if a.ctx.AutoDecrypt || a.ctx.HTTPEnabled { @@ -257,8 +261,37 @@ func (a *App) initMenu() { }, } - decryptData := &menu.Item{ + restartAndGetDataKey := &menu.Item{ Index: 3, + Name: "重启并获取密钥", + Description: "结束当前微信进程,重启后获取密钥", + Selected: func(i *menu.Item) { + modal := tview.NewModal().SetText("正在重启微信并获取密钥...") + a.mainPages.AddPage("modal", modal, true, true) + a.SetFocus(modal) + + go func() { + err := a.m.RestartAndGetDataKey() + + a.QueueUpdateDraw(func() { + if err != nil { + modal.SetText("操作失败: " + err.Error()) + } else { + modal.SetText("操作成功,请检查密钥是否已更新") + } + + modal.AddButtons([]string{"OK"}) + modal.SetDoneFunc(func(buttonIndex int, buttonLabel string) { + a.mainPages.RemovePage("modal") + }) + a.SetFocus(modal) + }) + }() + }, + } + + decryptData := &menu.Item{ + Index: 4, Name: "解密数据", Description: "解密数据文件", Selected: func(i *menu.Item) { @@ -296,7 +329,7 @@ func (a *App) initMenu() { } httpServer := &menu.Item{ - Index: 4, + Index: 5, Name: "启动 HTTP 服务", Description: "启动本地 HTTP & MCP 服务器", Selected: func(i *menu.Item) { @@ -370,7 +403,7 @@ func (a *App) initMenu() { } autoDecrypt := &menu.Item{ - Index: 5, + Index: 6, Name: "开启自动解密", Description: "自动解密新增的数据文件", Selected: func(i *menu.Item) { @@ -448,20 +481,21 @@ func (a *App) initMenu() { } setting := &menu.Item{ - Index: 6, + Index: 7, Name: "设置", Description: "设置应用程序选项", Selected: a.settingSelected, } selectAccount := &menu.Item{ - Index: 7, + Index: 8, Name: "切换账号", Description: "切换当前操作的账号,可以选择进程或历史账号", Selected: a.selectAccountSelected, } a.menu.AddItem(getDataKey) + a.menu.AddItem(restartAndGetDataKey) a.menu.AddItem(decryptData) a.menu.AddItem(httpServer) a.menu.AddItem(autoDecrypt) @@ -469,7 +503,7 @@ func (a *App) initMenu() { a.menu.AddItem(selectAccount) a.menu.AddItem(&menu.Item{ - Index: 8, + Index: 9, Name: "退出", Description: "退出程序", Selected: func(i *menu.Item) { diff --git a/internal/chatlog/ctx/context.go b/internal/chatlog/ctx/context.go index e83f4dd..d287541 100644 --- a/internal/chatlog/ctx/context.go +++ b/internal/chatlog/ctx/context.go @@ -125,7 +125,6 @@ func (c *Context) SwitchCurrent(info *wechat.Account) { } func (c *Context) Refresh() { if c.Current != nil { - oldAccount := c.Account c.Account = c.Current.Name c.Platform = c.Current.Platform c.Version = c.Current.Version @@ -133,27 +132,18 @@ func (c *Context) Refresh() { c.PID = int(c.Current.PID) c.ExePath = c.Current.ExePath c.Status = c.Current.Status - // 更新密钥数据 - 如果Current中的密钥为空,也更新Context - if c.Current.Key != c.DataKey { + // 更新密钥数据 - 总是从Current同步到Context + // 仅在Current中的密钥为非空时,才更新Context,以避免覆盖已有的有效密钥 + if c.Current.Key != "" { c.DataKey = c.Current.Key } - if c.Current.ImgKey != c.ImgKey { + if c.Current.ImgKey != "" { c.ImgKey = c.Current.ImgKey } if c.Current.DataDir != c.DataDir { c.DataDir = c.Current.DataDir } - // 如果账号名称发生变化(例如从临时名称变为真实名称),更新历史记录 - if oldAccount != "" && oldAccount != c.Account { - // 将旧的历史记录迁移到新的账号名称下 - if oldHistory, ok := c.History[oldAccount]; ok { - c.History[c.Account] = oldHistory - delete(c.History, oldAccount) - // 更新配置 - c.UpdateConfig() - } - } } if c.DataUsage == "" && c.DataDir != "" { go func() { diff --git a/internal/chatlog/manager.go b/internal/chatlog/manager.go index 8ce20e7..854c02b 100644 --- a/internal/chatlog/manager.go +++ b/internal/chatlog/manager.go @@ -4,7 +4,9 @@ import ( "context" "fmt" "os" + "os/exec" "strings" + "time" "github.com/rs/zerolog/log" "github.com/sjzar/chatlog/internal/chatlog/conf" @@ -177,6 +179,86 @@ func (m *Manager) GetDataKey() error { return nil } +func (m *Manager) RestartAndGetDataKey() error { + if m.ctx.Current == nil { + return fmt.Errorf("未选择任何账号") + } + + pid := m.ctx.Current.PID + exePath := m.ctx.Current.ExePath + + // 1. Terminate the process + log.Info().Msgf("Killing WeChat process with PID %d", pid) + process, err := os.FindProcess(int(pid)) + if err != nil { + return fmt.Errorf("could not find process with PID %d: %w", pid, err) + } + if err := process.Kill(); err != nil { + return fmt.Errorf("failed to kill process with PID %d: %w", pid, err) + } + + // 2. Wait for the process to disappear + log.Info().Msg("Waiting for WeChat process to terminate...") + for i := 0; i < 10; i++ { // Wait for max 10 seconds + instances := m.wechat.GetWeChatInstances() + found := false + for _, inst := range instances { + if inst.PID == pid { + found = true + break + } + } + if !found { + break + } + time.Sleep(1 * time.Second) + } + + // 3. Restart WeChat + log.Info().Msgf("Restarting WeChat from %s", exePath) + cmd := exec.Command(exePath) + if err := cmd.Start(); err != nil { + return fmt.Errorf("failed to restart WeChat: %w", err) + } + + // 4. Wait for the new process to appear. + log.Info().Msg("Waiting for new WeChat process to start...") + var newInstance *iwechat.Account + for i := 0; i < 30; i++ { // Wait for max 30 seconds + instances := m.wechat.GetWeChatInstances() + // Try to find a new instance. A new instance is one with a different PID. + for _, inst := range instances { + if inst.PID != pid && inst.ExePath == exePath { + newInstance = inst + break + } + } + if newInstance != nil { + break + } + time.Sleep(1 * time.Second) + } + + if newInstance == nil { + return fmt.Errorf("failed to find new WeChat process after restart") + } + log.Info().Msgf("Found new WeChat process with PID %d", newInstance.PID) + + // 5. Switch to the new instance + m.ctx.SwitchCurrent(newInstance) + + // 6. Get the key + log.Info().Msg("Getting key from new WeChat process...") + if _, err := m.wechat.GetDataKey(m.ctx.Current); err != nil { + return err + } + m.ctx.Refresh() + m.ctx.UpdateConfig() + + log.Info().Msg("Successfully got key from new WeChat process.") + return nil +} + func (m *Manager) DecryptDBFiles() error { if m.ctx.DataKey == "" { if m.ctx.Current == nil { @@ -256,6 +338,11 @@ func (m *Manager) CommandKey(configPath string, pid int, force bool, showXorKey } if len(m.ctx.WeChatInstances) == 1 { + // 确保当前账户已设置 + if m.ctx.Current == nil { + m.ctx.SwitchCurrent(m.ctx.WeChatInstances[0]) + } + key, imgKey := m.ctx.DataKey, m.ctx.ImgKey if len(key) == 0 || len(imgKey) == 0 || force { key, imgKey, err = m.ctx.WeChatInstances[0].GetKey(context.Background()) @@ -284,6 +371,11 @@ func (m *Manager) CommandKey(configPath string, pid int, force bool, showXorKey } for _, ins := range m.ctx.WeChatInstances { if ins.PID == uint32(pid) { + // 确保当前账户已设置 + if m.ctx.Current == nil || m.ctx.Current.PID != ins.PID { + m.ctx.SwitchCurrent(ins) + } + key, imgKey := ins.Key, ins.ImgKey if len(key) == 0 || len(imgKey) == 0 || force { key, imgKey, err = ins.GetKey(context.Background()) diff --git a/internal/wechat/key/windows/v3_windows.go b/internal/wechat/key/windows/v3_windows.go index a4acd4c..912c7d5 100644 --- a/internal/wechat/key/windows/v3_windows.go +++ b/internal/wechat/key/windows/v3_windows.go @@ -24,8 +24,11 @@ const ( ) func (e *V3Extractor) Extract(ctx context.Context, proc *model.Process) (string, string, error) { + // 即使状态是offline(未登录),也允许尝试 + // 因为用户可能在获取密钥过程中登录微信 if proc.Status == model.StatusOffline { - return "", "", errors.ErrWeChatOffline + log.Info().Msg("微信进程存在但未登录,将尝试获取密钥,请登录微信后操作") + // 不返回错误,继续执行 } // Open WeChat process diff --git a/internal/wechat/key/windows/v4_windows.go b/internal/wechat/key/windows/v4_windows.go index 5f80d5d..15ed864 100644 --- a/internal/wechat/key/windows/v4_windows.go +++ b/internal/wechat/key/windows/v4_windows.go @@ -21,8 +21,11 @@ const ( ) func (e *V4Extractor) Extract(ctx context.Context, proc *model.Process) (string, string, error) { + // 即使状态是offline(未登录),也允许尝试 + // 因为用户可能在获取密钥过程中登录微信 if proc.Status == model.StatusOffline { - return "", "", errors.ErrWeChatOffline + log.Info().Msg("微信进程存在但未登录,将尝试获取密钥,请登录微信后操作") + // 不返回错误,继续执行 } // Open process handle diff --git a/internal/wechat/wechat.go b/internal/wechat/wechat.go index 2ad1fb5..19630dc 100644 --- a/internal/wechat/wechat.go +++ b/internal/wechat/wechat.go @@ -29,7 +29,7 @@ type Account struct { // NewAccount 创建新的账号对象 func NewAccount(proc *model.Process) *Account { - return &Account{ + account := &Account{ Name: proc.AccountName, Platform: proc.Platform, Version: proc.Version, @@ -39,6 +39,19 @@ func NewAccount(proc *model.Process) *Account { ExePath: proc.ExePath, Status: proc.Status, } + + // 尝试从配置中加载保存的密钥 + account.loadKeysFromConfig() + + return account +} + +// loadKeysFromConfig 从配置中加载保存的密钥 +// 注意:这是一个简化实现,实际需要访问全局配置 +func (a *Account) loadKeysFromConfig() { + // 这里应该从配置文件中加载保存的密钥 + // 由于配置系统在另一个包中,这里暂时留空 + // 密钥会在GetKey函数中通过其他方式加载 } // RefreshStatus 刷新账号的进程状态 @@ -186,13 +199,6 @@ func (a *Account) clearAccountData() { // 保存旧的名称用于日志 oldName := a.Name - // 清除密钥数据 - a.Key = "" - a.ImgKey = "" - - // 清除路径信息 - a.DataDir = "" - // 重置状态 a.Status = model.StatusOffline @@ -210,8 +216,10 @@ func (a *Account) clearAccountData() { // GetKey 获取账号的密钥 func (a *Account) GetKey(ctx context.Context) (string, string, error) { - // 如果已经有密钥,直接返回 - if a.Key != "" && (a.ImgKey != "" || a.Version == 3) { + // 如果已经有数据密钥,直接返回(优先使用保存的密钥) + // 对于微信V4,图片密钥可能不是必需的,所以即使没有图片密钥也返回数据密钥 + if a.Key != "" { + log.Info().Msgf("使用保存的数据密钥,账号: %s", a.Name) return a.Key, a.ImgKey, nil } diff --git a/logs/dll_20251214_175827.log b/logs/dll_20251214_175827.log new file mode 100644 index 0000000..fd01aae --- /dev/null +++ b/logs/dll_20251214_175827.log @@ -0,0 +1,37 @@ +[2025-12-14 17:58:28.144] [SUCCESS] DLL初始化成功,PID: 4484 +[2025-12-14 17:58:28.148] [INFO] DLL初始化成功,PID: 4484 +[2025-12-14 17:58:28.249] [INFO] 开始初始化Hook系统... +[2025-12-14 17:58:28.249] [INFO] 正在初始化系统调用... +[2025-12-14 17:58:28.249] [INFO] 正在打开目标进程... +[2025-12-14 17:58:28.249] [INFO] 正在检测微信版本... +[2025-12-14 17:58:28.249] [INFO] 检测到的微信版本: 4.1.5.30 +[2025-12-14 17:58:28.249] [INFO] 正在扫描目标函数... +[2025-12-14 17:58:28.249] [INFO] 目标函数地址: 0x7fff98336910 +[2025-12-14 17:58:28.249] [INFO] 正在分配远程数据缓冲区... +[2025-12-14 17:58:28.249] [INFO] 正在分配远程伪栈... +[2025-12-14 17:58:28.249] [INFO] 正在初始化IPC通信... +[2025-12-14 17:58:28.249] [INFO] 正在准备安装Hook... +[2025-12-14 17:58:28.249] [INFO] 正在安装远程Hook... +[2025-12-14 17:58:28.249] [SUCCESS] Hook安装成功,现在登录微信... +[2025-12-14 17:58:33.148] [INFO] 等待获取密钥... 请按以下步骤操作: +1. 确保微信已登录(不能停留在登录界面) +2. 打开任意聊天窗口 +3. 向上滚动查看历史消息(触发数据库读取) +4. 或者发送/接收一条新消息 +[2025-12-14 17:58:33.349] [DEBUG] 从DLL获取到密钥字符串: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 (长度: 64) +[2025-12-14 17:58:33.349] [SUCCESS] 找到数据库密钥: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 +[2025-12-14 17:58:33.349] [INFO] 通过DLL找到数据库密钥(无验证): bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 +[2025-12-14 17:58:33.349] [SUCCESS] 已成功接收到密钥 +[2025-12-14 17:58:33.449] [DEBUG] 从DLL获取到密钥字符串: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 (长度: 64) +[2025-12-14 17:58:33.449] [SUCCESS] 已成功接收到密钥 +[2025-12-14 17:58:33.848] [DEBUG] 从DLL获取到密钥字符串: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 (长度: 64) +[2025-12-14 17:58:33.848] [SUCCESS] 已成功接收到密钥 +[2025-12-14 17:58:34.049] [DEBUG] 从DLL获取到密钥字符串: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 (长度: 64) +[2025-12-14 17:58:34.049] [SUCCESS] 已成功接收到密钥 +[2025-12-14 17:58:38.148] [DEBUG] 轮询中... 已轮询 100 次,已等待 10.0 秒 +[2025-12-14 17:58:48.148] [DEBUG] 轮询中... 已轮询 200 次,已等待 20.0 秒 +[2025-12-14 17:58:58.148] [DEBUG] 轮询中... 已轮询 300 次,已等待 30.0 秒 +[2025-12-14 17:58:58.148] [WARNING] 30秒轮询结束,已获取数据库密钥,但未获取到图片密钥 +注意:对于微信V4,图片密钥可能不是必需的,或者需要其他方式获取 +数据库密钥: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 +[2025-12-14 17:58:58.148] [INFO] DLL资源已清理 diff --git a/logs/dll_20251214_175912.log b/logs/dll_20251214_175912.log new file mode 100644 index 0000000..6e5d082 --- /dev/null +++ b/logs/dll_20251214_175912.log @@ -0,0 +1,64 @@ +[2025-12-14 17:59:13.134] [SUCCESS] DLL初始化成功,PID: 4484 +[2025-12-14 17:59:13.137] [INFO] DLL初始化成功,PID: 4484 +[2025-12-14 17:59:13.237] [INFO] 开始初始化Hook系统... +[2025-12-14 17:59:13.237] [INFO] 正在初始化系统调用... +[2025-12-14 17:59:13.237] [INFO] 正在打开目标进程... +[2025-12-14 17:59:13.237] [INFO] 正在检测微信版本... +[2025-12-14 17:59:13.237] [INFO] 检测到的微信版本: 4.1.5.30 +[2025-12-14 17:59:13.237] [INFO] 正在扫描目标函数... +[2025-12-14 17:59:13.237] [INFO] 目标函数地址: 0x7fff98336910 +[2025-12-14 17:59:13.237] [INFO] 正在分配远程数据缓冲区... +[2025-12-14 17:59:13.237] [INFO] 正在分配远程伪栈... +[2025-12-14 17:59:13.237] [INFO] 正在初始化IPC通信... +[2025-12-14 17:59:13.237] [INFO] 正在准备安装Hook... +[2025-12-14 17:59:13.237] [INFO] 正在安装远程Hook... +[2025-12-14 17:59:13.237] [SUCCESS] Hook安装成功,现在登录微信... +[2025-12-14 17:59:18.137] [INFO] 等待获取密钥... 请按以下步骤操作: +1. 确保微信已登录(不能停留在登录界面) +2. 打开任意聊天窗口 +3. 向上滚动查看历史消息(触发数据库读取) +4. 或者发送/接收一条新消息 +[2025-12-14 17:59:23.137] [DEBUG] 轮询中... 已轮询 100 次,已等待 10.0 秒 +[2025-12-14 17:59:33.137] [DEBUG] 轮询中... 已轮询 200 次,已等待 20.0 秒 +[2025-12-14 17:59:43.137] [ERROR] 获取密钥超时(30秒)!可能的原因: +1. 微信未登录 - 请登录微信 +2. 未触发数据库读取 - 请打开聊天窗口并查看历史消息 +3. DLL Hook失败 - 检查日志文件查看详细错误 +4. 微信版本不受支持 - 当前支持: 4.0.x 及以上 4.x 版本 +[2025-12-14 17:59:43.137] [INFO] DLL资源已清理 +[2025-12-14 18:01:09.161] [SUCCESS] DLL初始化成功,PID: 8912 +[2025-12-14 18:01:09.161] [INFO] DLL初始化成功,PID: 8912 +[2025-12-14 18:01:09.261] [INFO] 开始初始化Hook系统... +[2025-12-14 18:01:09.261] [INFO] 正在初始化系统调用... +[2025-12-14 18:01:09.261] [INFO] 正在打开目标进程... +[2025-12-14 18:01:09.261] [INFO] 正在检测微信版本... +[2025-12-14 18:01:09.261] [INFO] 检测到的微信版本: 4.1.5.30 +[2025-12-14 18:01:09.261] [INFO] 正在扫描目标函数... +[2025-12-14 18:01:09.261] [INFO] 目标函数地址: 0x7fff98336910 +[2025-12-14 18:01:09.261] [INFO] 正在分配远程数据缓冲区... +[2025-12-14 18:01:09.261] [INFO] 正在分配远程伪栈... +[2025-12-14 18:01:09.261] [INFO] 正在初始化IPC通信... +[2025-12-14 18:01:09.261] [INFO] 正在准备安装Hook... +[2025-12-14 18:01:09.261] [INFO] 正在安装远程Hook... +[2025-12-14 18:01:09.261] [SUCCESS] Hook安装成功,现在登录微信... +[2025-12-14 18:01:14.161] [INFO] 等待获取密钥... 请按以下步骤操作: +1. 确保微信已登录(不能停留在登录界面) +2. 打开任意聊天窗口 +3. 向上滚动查看历史消息(触发数据库读取) +4. 或者发送/接收一条新消息 +[2025-12-14 18:01:14.862] [DEBUG] 从DLL获取到密钥字符串: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 (长度: 64) +[2025-12-14 18:01:14.862] [SUCCESS] 找到数据库密钥: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 +[2025-12-14 18:01:14.862] [INFO] 通过DLL找到数据库密钥(无验证): bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 +[2025-12-14 18:01:14.862] [SUCCESS] 已成功接收到密钥 +[2025-12-14 18:01:15.061] [DEBUG] 从DLL获取到密钥字符串: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 (长度: 64) +[2025-12-14 18:01:15.061] [SUCCESS] 已成功接收到密钥 +[2025-12-14 18:01:15.362] [DEBUG] 从DLL获取到密钥字符串: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 (长度: 64) +[2025-12-14 18:01:15.362] [SUCCESS] 已成功接收到密钥 +[2025-12-14 18:01:15.562] [DEBUG] 从DLL获取到密钥字符串: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 (长度: 64) +[2025-12-14 18:01:15.562] [SUCCESS] 已成功接收到密钥 +[2025-12-14 18:01:19.162] [DEBUG] 轮询中... 已轮询 100 次,已等待 10.0 秒 +[2025-12-14 18:01:29.161] [DEBUG] 轮询中... 已轮询 200 次,已等待 20.0 秒 +[2025-12-14 18:01:39.162] [WARNING] 30秒轮询结束,已获取数据库密钥,但未获取到图片密钥 +注意:对于微信V4,图片密钥可能不是必需的,或者需要其他方式获取 +数据库密钥: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 +[2025-12-14 18:01:39.162] [INFO] DLL资源已清理 diff --git a/logs/dll_20251214_180932.log b/logs/dll_20251214_180932.log new file mode 100644 index 0000000..9307f45 --- /dev/null +++ b/logs/dll_20251214_180932.log @@ -0,0 +1,37 @@ +[2025-12-14 18:09:32.550] [SUCCESS] DLL初始化成功,PID: 6488 +[2025-12-14 18:09:32.550] [INFO] DLL初始化成功,PID: 6488 +[2025-12-14 18:09:32.651] [INFO] 开始初始化Hook系统... +[2025-12-14 18:09:32.651] [INFO] 正在初始化系统调用... +[2025-12-14 18:09:32.651] [INFO] 正在打开目标进程... +[2025-12-14 18:09:32.651] [INFO] 正在检测微信版本... +[2025-12-14 18:09:32.651] [INFO] 检测到的微信版本: 4.1.5.30 +[2025-12-14 18:09:32.651] [INFO] 正在扫描目标函数... +[2025-12-14 18:09:32.651] [INFO] 目标函数地址: 0x7fff98336910 +[2025-12-14 18:09:32.651] [INFO] 正在分配远程数据缓冲区... +[2025-12-14 18:09:32.651] [INFO] 正在分配远程伪栈... +[2025-12-14 18:09:32.651] [INFO] 正在初始化IPC通信... +[2025-12-14 18:09:32.651] [INFO] 正在准备安装Hook... +[2025-12-14 18:09:32.651] [INFO] 正在安装远程Hook... +[2025-12-14 18:09:32.651] [SUCCESS] Hook安装成功,现在登录微信... +[2025-12-14 18:09:37.451] [DEBUG] 从DLL获取到密钥字符串: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 (长度: 64) +[2025-12-14 18:09:37.451] [SUCCESS] 找到数据库密钥: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 +[2025-12-14 18:09:37.451] [INFO] 通过DLL找到数据库密钥(无验证): bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 +[2025-12-14 18:09:37.451] [SUCCESS] 已成功接收到密钥 +[2025-12-14 18:09:37.551] [INFO] 等待获取密钥... 请按以下步骤操作: +1. 确保微信已登录(不能停留在登录界面) +2. 打开任意聊天窗口 +3. 向上滚动查看历史消息(触发数据库读取) +4. 或者发送/接收一条新消息 +[2025-12-14 18:09:37.651] [DEBUG] 从DLL获取到密钥字符串: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 (长度: 64) +[2025-12-14 18:09:37.651] [SUCCESS] 已成功接收到密钥 +[2025-12-14 18:09:38.051] [DEBUG] 从DLL获取到密钥字符串: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 (长度: 64) +[2025-12-14 18:09:38.051] [SUCCESS] 已成功接收到密钥 +[2025-12-14 18:09:38.151] [DEBUG] 从DLL获取到密钥字符串: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 (长度: 64) +[2025-12-14 18:09:38.151] [SUCCESS] 已成功接收到密钥 +[2025-12-14 18:09:42.550] [DEBUG] 轮询中... 已轮询 100 次,已等待 10.0 秒 +[2025-12-14 18:09:52.550] [DEBUG] 轮询中... 已轮询 200 次,已等待 20.0 秒 +[2025-12-14 18:10:02.551] [DEBUG] 轮询中... 已轮询 300 次,已等待 30.0 秒 +[2025-12-14 18:10:02.551] [WARNING] 30秒轮询结束,已获取数据库密钥,但未获取到图片密钥 +注意:对于微信V4,图片密钥可能不是必需的,或者需要其他方式获取 +数据库密钥: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 +[2025-12-14 18:10:02.551] [INFO] DLL资源已清理 diff --git a/logs/dll_20251214_181101.log b/logs/dll_20251214_181101.log new file mode 100644 index 0000000..2ddbe32 --- /dev/null +++ b/logs/dll_20251214_181101.log @@ -0,0 +1,39 @@ +[2025-12-14 18:11:01.719] [SUCCESS] DLL初始化成功,PID: 10636 +[2025-12-14 18:11:01.719] [INFO] DLL初始化成功,PID: 10636 +[2025-12-14 18:11:01.819] [INFO] 开始初始化Hook系统... +[2025-12-14 18:11:01.819] [INFO] 正在初始化系统调用... +[2025-12-14 18:11:01.819] [INFO] 正在打开目标进程... +[2025-12-14 18:11:01.819] [INFO] 正在检测微信版本... +[2025-12-14 18:11:01.819] [INFO] 检测到的微信版本: 4.1.5.30 +[2025-12-14 18:11:01.819] [INFO] 正在扫描目标函数... +[2025-12-14 18:11:01.819] [INFO] 目标函数地址: 0x7fff98336910 +[2025-12-14 18:11:01.819] [INFO] 正在分配远程数据缓冲区... +[2025-12-14 18:11:01.820] [INFO] 正在分配远程伪栈... +[2025-12-14 18:11:01.820] [INFO] 正在初始化IPC通信... +[2025-12-14 18:11:01.820] [INFO] 正在准备安装Hook... +[2025-12-14 18:11:01.820] [INFO] 正在安装远程Hook... +[2025-12-14 18:11:01.820] [SUCCESS] Hook安装成功,现在登录微信... +[2025-12-14 18:11:06.719] [INFO] 等待获取密钥... 请按以下步骤操作: +1. 确保微信已登录(不能停留在登录界面) +2. 打开任意聊天窗口 +3. 向上滚动查看历史消息(触发数据库读取) +4. 或者发送/接收一条新消息 +[2025-12-14 18:11:06.919] [DEBUG] 从DLL获取到密钥字符串: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 (长度: 64) +[2025-12-14 18:11:06.919] [SUCCESS] 找到数据库密钥: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 +[2025-12-14 18:11:06.919] [INFO] 通过DLL找到数据库密钥(无验证): bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 +[2025-12-14 18:11:06.919] [SUCCESS] 已成功接收到密钥 +[2025-12-14 18:11:07.037] [DEBUG] 从DLL获取到密钥字符串: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 (长度: 64) +[2025-12-14 18:11:07.037] [SUCCESS] 已成功接收到密钥 +[2025-12-14 18:11:07.132] [DEBUG] 从DLL获取到密钥字符串: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 (长度: 64) +[2025-12-14 18:11:07.132] [SUCCESS] 已成功接收到密钥 +[2025-12-14 18:11:07.222] [DEBUG] 从DLL获取到密钥字符串: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 (长度: 64) +[2025-12-14 18:11:07.222] [SUCCESS] 已成功接收到密钥 +[2025-12-14 18:11:07.519] [DEBUG] 从DLL获取到密钥字符串: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 (长度: 64) +[2025-12-14 18:11:07.519] [SUCCESS] 已成功接收到密钥 +[2025-12-14 18:11:11.719] [DEBUG] 轮询中... 已轮询 100 次,已等待 10.0 秒 +[2025-12-14 18:11:21.720] [DEBUG] 轮询中... 已轮询 200 次,已等待 20.0 秒 +[2025-12-14 18:11:31.720] [DEBUG] 轮询中... 已轮询 300 次,已等待 30.0 秒 +[2025-12-14 18:11:31.720] [WARNING] 30秒轮询结束,已获取数据库密钥,但未获取到图片密钥 +注意:对于微信V4,图片密钥可能不是必需的,或者需要其他方式获取 +数据库密钥: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 +[2025-12-14 18:11:31.720] [INFO] DLL资源已清理 diff --git a/logs/dll_20251214_181725.log b/logs/dll_20251214_181725.log new file mode 100644 index 0000000..f8bf4fb --- /dev/null +++ b/logs/dll_20251214_181725.log @@ -0,0 +1,37 @@ +[2025-12-14 18:17:30.133] [SUCCESS] DLL初始化成功,PID: 1348 +[2025-12-14 18:17:30.133] [INFO] DLL初始化成功,PID: 1348 +[2025-12-14 18:17:30.234] [INFO] 开始初始化Hook系统... +[2025-12-14 18:17:30.234] [INFO] 正在初始化系统调用... +[2025-12-14 18:17:30.234] [INFO] 正在打开目标进程... +[2025-12-14 18:17:30.234] [INFO] 正在检测微信版本... +[2025-12-14 18:17:30.234] [INFO] 检测到的微信版本: 4.1.5.30 +[2025-12-14 18:17:30.234] [INFO] 正在扫描目标函数... +[2025-12-14 18:17:30.234] [INFO] 目标函数地址: 0x7fff98336910 +[2025-12-14 18:17:30.234] [INFO] 正在分配远程数据缓冲区... +[2025-12-14 18:17:30.234] [INFO] 正在分配远程伪栈... +[2025-12-14 18:17:30.234] [INFO] 正在初始化IPC通信... +[2025-12-14 18:17:30.234] [INFO] 正在准备安装Hook... +[2025-12-14 18:17:30.234] [INFO] 正在安装远程Hook... +[2025-12-14 18:17:30.234] [SUCCESS] Hook安装成功,现在登录微信... +[2025-12-14 18:17:35.133] [INFO] 等待获取密钥... 请按以下步骤操作: +1. 确保微信已登录(不能停留在登录界面) +2. 打开任意聊天窗口 +3. 向上滚动查看历史消息(触发数据库读取) +4. 或者发送/接收一条新消息 +[2025-12-14 18:17:35.834] [DEBUG] 从DLL获取到密钥字符串: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 (长度: 64) +[2025-12-14 18:17:35.834] [SUCCESS] 找到数据库密钥: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 +[2025-12-14 18:17:35.834] [INFO] 通过DLL找到数据库密钥(无验证): bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 +[2025-12-14 18:17:35.834] [SUCCESS] 已成功接收到密钥 +[2025-12-14 18:17:36.063] [DEBUG] 从DLL获取到密钥字符串: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 (长度: 64) +[2025-12-14 18:17:36.063] [SUCCESS] 已成功接收到密钥 +[2025-12-14 18:17:36.434] [DEBUG] 从DLL获取到密钥字符串: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 (长度: 64) +[2025-12-14 18:17:36.434] [SUCCESS] 已成功接收到密钥 +[2025-12-14 18:17:36.634] [DEBUG] 从DLL获取到密钥字符串: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 (长度: 64) +[2025-12-14 18:17:36.634] [SUCCESS] 已成功接收到密钥 +[2025-12-14 18:17:40.133] [DEBUG] 轮询中... 已轮询 100 次,已等待 10.0 秒 +[2025-12-14 18:17:50.134] [DEBUG] 轮询中... 已轮询 200 次,已等待 20.0 秒 +[2025-12-14 18:18:00.133] [DEBUG] 轮询中... 已轮询 300 次,已等待 30.0 秒 +[2025-12-14 18:18:00.133] [WARNING] 30秒轮询结束,已获取数据库密钥,但未获取到图片密钥 +注意:对于微信V4,图片密钥可能不是必需的,或者需要其他方式获取 +数据库密钥: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 +[2025-12-14 18:18:00.133] [INFO] DLL资源已清理 diff --git a/logs/dll_20251214_184002.log b/logs/dll_20251214_184002.log new file mode 100644 index 0000000..d195fe7 --- /dev/null +++ b/logs/dll_20251214_184002.log @@ -0,0 +1,37 @@ +[2025-12-14 18:40:07.273] [SUCCESS] DLL初始化成功,PID: 18300 +[2025-12-14 18:40:07.273] [INFO] DLL初始化成功,PID: 18300 +[2025-12-14 18:40:07.384] [INFO] 开始初始化Hook系统... +[2025-12-14 18:40:07.384] [INFO] 正在初始化系统调用... +[2025-12-14 18:40:07.384] [INFO] 正在打开目标进程... +[2025-12-14 18:40:07.384] [INFO] 正在检测微信版本... +[2025-12-14 18:40:07.384] [INFO] 检测到的微信版本: 4.1.5.30 +[2025-12-14 18:40:07.384] [INFO] 正在扫描目标函数... +[2025-12-14 18:40:07.384] [INFO] 目标函数地址: 0x7fff98336910 +[2025-12-14 18:40:07.384] [INFO] 正在分配远程数据缓冲区... +[2025-12-14 18:40:07.384] [INFO] 正在分配远程伪栈... +[2025-12-14 18:40:07.384] [INFO] 正在初始化IPC通信... +[2025-12-14 18:40:07.384] [INFO] 正在准备安装Hook... +[2025-12-14 18:40:07.384] [INFO] 正在安装远程Hook... +[2025-12-14 18:40:07.384] [SUCCESS] Hook安装成功,现在登录微信... +[2025-12-14 18:40:12.284] [INFO] 等待获取密钥... 请按以下步骤操作: +1. 确保微信已登录(不能停留在登录界面) +2. 打开任意聊天窗口 +3. 向上滚动查看历史消息(触发数据库读取) +4. 或者发送/接收一条新消息 +[2025-12-14 18:40:12.684] [DEBUG] 从DLL获取到密钥字符串: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 (长度: 64) +[2025-12-14 18:40:12.684] [SUCCESS] 找到数据库密钥: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 +[2025-12-14 18:40:12.684] [INFO] 通过DLL找到数据库密钥(无验证): bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 +[2025-12-14 18:40:12.684] [SUCCESS] 已成功接收到密钥 +[2025-12-14 18:40:12.984] [DEBUG] 从DLL获取到密钥字符串: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 (长度: 64) +[2025-12-14 18:40:12.984] [SUCCESS] 已成功接收到密钥 +[2025-12-14 18:40:13.384] [DEBUG] 从DLL获取到密钥字符串: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 (长度: 64) +[2025-12-14 18:40:13.384] [SUCCESS] 已成功接收到密钥 +[2025-12-14 18:40:13.485] [DEBUG] 从DLL获取到密钥字符串: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 (长度: 64) +[2025-12-14 18:40:13.486] [SUCCESS] 已成功接收到密钥 +[2025-12-14 18:40:17.284] [DEBUG] 轮询中... 已轮询 100 次,已等待 10.0 秒 +[2025-12-14 18:40:27.284] [DEBUG] 轮询中... 已轮询 200 次,已等待 20.0 秒 +[2025-12-14 18:40:37.284] [DEBUG] 轮询中... 已轮询 300 次,已等待 30.0 秒 +[2025-12-14 18:40:37.284] [WARNING] 30秒轮询结束,已获取数据库密钥,但未获取到图片密钥 +注意:对于微信V4,图片密钥可能不是必需的,或者需要其他方式获取 +数据库密钥: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 +[2025-12-14 18:40:37.285] [INFO] DLL资源已清理 diff --git a/logs/dll_20251214_184550.log b/logs/dll_20251214_184550.log new file mode 100644 index 0000000..26b7a3e --- /dev/null +++ b/logs/dll_20251214_184550.log @@ -0,0 +1,21 @@ +[2025-12-14 18:45:50.858] [SUCCESS] DLL初始化成功,PID: 13196 +[2025-12-14 18:45:50.858] [INFO] DLL初始化成功,PID: 13196 +[2025-12-14 18:45:50.958] [INFO] 开始初始化Hook系统... +[2025-12-14 18:45:50.958] [INFO] 正在初始化系统调用... +[2025-12-14 18:45:50.958] [INFO] 正在打开目标进程... +[2025-12-14 18:45:50.958] [INFO] 正在检测微信版本... +[2025-12-14 18:45:50.958] [INFO] 检测到的微信版本: 4.1.5.30 +[2025-12-14 18:45:50.958] [INFO] 正在扫描目标函数... +[2025-12-14 18:45:50.958] [INFO] 目标函数地址: 0x7fff98336910 +[2025-12-14 18:45:50.958] [INFO] 正在分配远程数据缓冲区... +[2025-12-14 18:45:50.958] [INFO] 正在分配远程伪栈... +[2025-12-14 18:45:50.958] [INFO] 正在初始化IPC通信... +[2025-12-14 18:45:50.958] [INFO] 正在准备安装Hook... +[2025-12-14 18:45:50.958] [INFO] 正在安装远程Hook... +[2025-12-14 18:45:50.958] [SUCCESS] Hook安装成功,现在登录微信... +[2025-12-14 18:45:55.858] [INFO] 等待获取密钥... 请按以下步骤操作: +1. 确保微信已登录(不能停留在登录界面) +2. 打开任意聊天窗口 +3. 向上滚动查看历史消息(触发数据库读取) +4. 或者发送/接收一条新消息 +[2025-12-14 18:46:00.859] [DEBUG] 轮询中... 已轮询 100 次,已等待 10.0 秒 diff --git a/logs/dll_20251214_184614.log b/logs/dll_20251214_184614.log new file mode 100644 index 0000000..f81de6e --- /dev/null +++ b/logs/dll_20251214_184614.log @@ -0,0 +1,37 @@ +[2025-12-14 18:46:14.668] [SUCCESS] DLL初始化成功,PID: 6600 +[2025-12-14 18:46:14.669] [INFO] DLL初始化成功,PID: 6600 +[2025-12-14 18:46:14.770] [INFO] 开始初始化Hook系统... +[2025-12-14 18:46:14.770] [INFO] 正在初始化系统调用... +[2025-12-14 18:46:14.770] [INFO] 正在打开目标进程... +[2025-12-14 18:46:14.770] [INFO] 正在检测微信版本... +[2025-12-14 18:46:14.770] [INFO] 检测到的微信版本: 4.1.5.30 +[2025-12-14 18:46:14.770] [INFO] 正在扫描目标函数... +[2025-12-14 18:46:14.770] [INFO] 目标函数地址: 0x7fff98336910 +[2025-12-14 18:46:14.770] [INFO] 正在分配远程数据缓冲区... +[2025-12-14 18:46:14.770] [INFO] 正在分配远程伪栈... +[2025-12-14 18:46:14.770] [INFO] 正在初始化IPC通信... +[2025-12-14 18:46:14.770] [INFO] 正在准备安装Hook... +[2025-12-14 18:46:14.770] [INFO] 正在安装远程Hook... +[2025-12-14 18:46:14.770] [SUCCESS] Hook安装成功,现在登录微信... +[2025-12-14 18:46:19.669] [INFO] 等待获取密钥... 请按以下步骤操作: +1. 确保微信已登录(不能停留在登录界面) +2. 打开任意聊天窗口 +3. 向上滚动查看历史消息(触发数据库读取) +4. 或者发送/接收一条新消息 +[2025-12-14 18:46:22.269] [DEBUG] 从DLL获取到密钥字符串: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 (长度: 64) +[2025-12-14 18:46:22.269] [SUCCESS] 找到数据库密钥: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 +[2025-12-14 18:46:22.269] [INFO] 通过DLL找到数据库密钥(无验证): bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 +[2025-12-14 18:46:22.269] [SUCCESS] 已成功接收到密钥 +[2025-12-14 18:46:22.370] [DEBUG] 从DLL获取到密钥字符串: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 (长度: 64) +[2025-12-14 18:46:22.370] [SUCCESS] 已成功接收到密钥 +[2025-12-14 18:46:22.770] [DEBUG] 从DLL获取到密钥字符串: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 (长度: 64) +[2025-12-14 18:46:22.770] [SUCCESS] 已成功接收到密钥 +[2025-12-14 18:46:22.869] [DEBUG] 从DLL获取到密钥字符串: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 (长度: 64) +[2025-12-14 18:46:22.869] [SUCCESS] 已成功接收到密钥 +[2025-12-14 18:46:24.669] [DEBUG] 轮询中... 已轮询 100 次,已等待 10.0 秒 +[2025-12-14 18:46:34.670] [DEBUG] 轮询中... 已轮询 200 次,已等待 20.0 秒 +[2025-12-14 18:46:44.670] [DEBUG] 轮询中... 已轮询 300 次,已等待 30.0 秒 +[2025-12-14 18:46:44.670] [WARNING] 30秒轮询结束,已获取数据库密钥,但未获取到图片密钥 +注意:对于微信V4,图片密钥可能不是必需的,或者需要其他方式获取 +数据库密钥: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 +[2025-12-14 18:46:44.670] [INFO] DLL资源已清理 diff --git a/logs/dll_20251214_185338.log b/logs/dll_20251214_185338.log new file mode 100644 index 0000000..55228ba --- /dev/null +++ b/logs/dll_20251214_185338.log @@ -0,0 +1,72 @@ +[2025-12-14 18:53:54.103] [SUCCESS] DLL初始化成功,PID: 7760 +[2025-12-14 18:53:54.112] [INFO] DLL初始化成功,PID: 7760 +[2025-12-14 18:53:54.213] [INFO] 开始初始化Hook系统... +[2025-12-14 18:53:54.213] [INFO] 正在初始化系统调用... +[2025-12-14 18:53:54.213] [INFO] 正在打开目标进程... +[2025-12-14 18:53:54.213] [INFO] 正在检测微信版本... +[2025-12-14 18:53:54.213] [INFO] 检测到的微信版本: 4.1.5.30 +[2025-12-14 18:53:54.213] [INFO] 正在扫描目标函数... +[2025-12-14 18:53:54.213] [INFO] 目标函数地址: 0x7fff98336910 +[2025-12-14 18:53:54.213] [INFO] 正在分配远程数据缓冲区... +[2025-12-14 18:53:54.213] [INFO] 正在分配远程伪栈... +[2025-12-14 18:53:54.213] [INFO] 正在初始化IPC通信... +[2025-12-14 18:53:54.213] [INFO] 正在准备安装Hook... +[2025-12-14 18:53:54.213] [INFO] 正在安装远程Hook... +[2025-12-14 18:53:54.213] [SUCCESS] Hook安装成功,现在登录微信... +[2025-12-14 18:53:59.112] [INFO] 等待获取密钥... 请按以下步骤操作: +1. 确保微信已登录(不能停留在登录界面) +2. 打开任意聊天窗口 +3. 向上滚动查看历史消息(触发数据库读取) +4. 或者发送/接收一条新消息 +[2025-12-14 18:54:01.313] [DEBUG] 从DLL获取到密钥字符串: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 (长度: 64) +[2025-12-14 18:54:01.313] [SUCCESS] 找到数据库密钥: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 +[2025-12-14 18:54:01.313] [INFO] 通过DLL找到数据库密钥(无验证): bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 +[2025-12-14 18:54:01.313] [SUCCESS] 已成功接收到密钥 +[2025-12-14 18:54:01.412] [DEBUG] 从DLL获取到密钥字符串: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 (长度: 64) +[2025-12-14 18:54:01.412] [SUCCESS] 已成功接收到密钥 +[2025-12-14 18:54:01.813] [DEBUG] 从DLL获取到密钥字符串: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 (长度: 64) +[2025-12-14 18:54:01.813] [SUCCESS] 已成功接收到密钥 +[2025-12-14 18:54:02.012] [DEBUG] 从DLL获取到密钥字符串: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 (长度: 64) +[2025-12-14 18:54:02.012] [SUCCESS] 已成功接收到密钥 +[2025-12-14 18:54:04.113] [DEBUG] 轮询中... 已轮询 100 次,已等待 10.0 秒 +[2025-12-14 18:54:14.112] [DEBUG] 轮询中... 已轮询 200 次,已等待 20.0 秒 +[2025-12-14 18:54:24.112] [DEBUG] 轮询中... 已轮询 300 次,已等待 30.0 秒 +[2025-12-14 18:54:24.112] [WARNING] 30秒轮询结束,已获取数据库密钥,但未获取到图片密钥 +注意:对于微信V4,图片密钥可能不是必需的,或者需要其他方式获取 +数据库密钥: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 +[2025-12-14 18:54:24.112] [INFO] DLL资源已清理 +[2025-12-14 18:54:29.620] [SUCCESS] DLL初始化成功,PID: 8520 +[2025-12-14 18:54:29.620] [INFO] DLL初始化成功,PID: 8520 +[2025-12-14 18:54:29.720] [INFO] 开始初始化Hook系统... +[2025-12-14 18:54:29.720] [INFO] 正在初始化系统调用... +[2025-12-14 18:54:29.720] [INFO] 正在打开目标进程... +[2025-12-14 18:54:29.720] [INFO] 正在检测微信版本... +[2025-12-14 18:54:29.720] [INFO] 检测到的微信版本: 4.1.5.30 +[2025-12-14 18:54:29.720] [INFO] 正在扫描目标函数... +[2025-12-14 18:54:29.720] [INFO] 目标函数地址: 0x7fff98336910 +[2025-12-14 18:54:29.720] [INFO] 正在分配远程数据缓冲区... +[2025-12-14 18:54:29.720] [INFO] 正在分配远程伪栈... +[2025-12-14 18:54:29.720] [INFO] 正在初始化IPC通信... +[2025-12-14 18:54:29.720] [INFO] 正在准备安装Hook... +[2025-12-14 18:54:29.720] [INFO] 正在安装远程Hook... +[2025-12-14 18:54:29.720] [SUCCESS] Hook安装成功,现在登录微信... +[2025-12-14 18:54:34.620] [INFO] 等待获取密钥... 请按以下步骤操作: +1. 确保微信已登录(不能停留在登录界面) +2. 打开任意聊天窗口 +3. 向上滚动查看历史消息(触发数据库读取) +4. 或者发送/接收一条新消息 +[2025-12-14 18:54:39.620] [DEBUG] 轮询中... 已轮询 100 次,已等待 10.0 秒 +[2025-12-14 18:54:45.921] [DEBUG] 从DLL获取到密钥字符串: a12e1959b5ee4e9f96fcc22d0ecdad9c3bc7b503d3b84192879fe1578792d0f8 (长度: 64) +[2025-12-14 18:54:45.921] [SUCCESS] 找到数据库密钥: a12e1959b5ee4e9f96fcc22d0ecdad9c3bc7b503d3b84192879fe1578792d0f8 +[2025-12-14 18:54:45.921] [INFO] 通过DLL找到数据库密钥(无验证): a12e1959b5ee4e9f96fcc22d0ecdad9c3bc7b503d3b84192879fe1578792d0f8 +[2025-12-14 18:54:45.921] [SUCCESS] 已成功接收到密钥 +[2025-12-14 18:54:46.120] [DEBUG] 从DLL获取到密钥字符串: a12e1959b5ee4e9f96fcc22d0ecdad9c3bc7b503d3b84192879fe1578792d0f8 (长度: 64) +[2025-12-14 18:54:46.120] [SUCCESS] 已成功接收到密钥 +[2025-12-14 18:54:46.420] [DEBUG] 从DLL获取到密钥字符串: a12e1959b5ee4e9f96fcc22d0ecdad9c3bc7b503d3b84192879fe1578792d0f8 (长度: 64) +[2025-12-14 18:54:46.420] [SUCCESS] 已成功接收到密钥 +[2025-12-14 18:54:49.620] [DEBUG] 轮询中... 已轮询 200 次,已等待 20.0 秒 +[2025-12-14 18:54:59.620] [DEBUG] 轮询中... 已轮询 300 次,已等待 30.0 秒 +[2025-12-14 18:54:59.620] [WARNING] 30秒轮询结束,已获取数据库密钥,但未获取到图片密钥 +注意:对于微信V4,图片密钥可能不是必需的,或者需要其他方式获取 +数据库密钥: a12e1959b5ee4e9f96fcc22d0ecdad9c3bc7b503d3b84192879fe1578792d0f8 +[2025-12-14 18:54:59.620] [INFO] DLL资源已清理 diff --git a/logs/dll_20251214_185818.log b/logs/dll_20251214_185818.log new file mode 100644 index 0000000..090e230 --- /dev/null +++ b/logs/dll_20251214_185818.log @@ -0,0 +1,74 @@ +[2025-12-14 18:58:18.862] [SUCCESS] DLL初始化成功,PID: 16280 +[2025-12-14 18:58:18.862] [INFO] DLL初始化成功,PID: 16280 +[2025-12-14 18:58:18.962] [INFO] 开始初始化Hook系统... +[2025-12-14 18:58:18.962] [INFO] 正在初始化系统调用... +[2025-12-14 18:58:18.962] [INFO] 正在打开目标进程... +[2025-12-14 18:58:18.962] [INFO] 正在检测微信版本... +[2025-12-14 18:58:18.962] [INFO] 检测到的微信版本: 4.1.5.30 +[2025-12-14 18:58:18.962] [INFO] 正在扫描目标函数... +[2025-12-14 18:58:18.962] [INFO] 目标函数地址: 0x7fff98336910 +[2025-12-14 18:58:18.962] [INFO] 正在分配远程数据缓冲区... +[2025-12-14 18:58:18.962] [INFO] 正在分配远程伪栈... +[2025-12-14 18:58:18.962] [INFO] 正在初始化IPC通信... +[2025-12-14 18:58:18.962] [INFO] 正在准备安装Hook... +[2025-12-14 18:58:18.962] [INFO] 正在安装远程Hook... +[2025-12-14 18:58:18.962] [SUCCESS] Hook安装成功,现在登录微信... +[2025-12-14 18:58:23.862] [DEBUG] 从DLL获取到密钥字符串: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 (长度: 64) +[2025-12-14 18:58:23.862] [SUCCESS] 找到数据库密钥: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 +[2025-12-14 18:58:23.862] [INFO] 通过DLL找到数据库密钥(无验证): bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 +[2025-12-14 18:58:23.862] [SUCCESS] 已成功接收到密钥 +[2025-12-14 18:58:23.962] [DEBUG] 从DLL获取到密钥字符串: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 (长度: 64) +[2025-12-14 18:58:23.962] [SUCCESS] 已成功接收到密钥 +[2025-12-14 18:58:24.263] [DEBUG] 从DLL获取到密钥字符串: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 (长度: 64) +[2025-12-14 18:58:24.263] [SUCCESS] 已成功接收到密钥 +[2025-12-14 18:58:24.363] [DEBUG] 从DLL获取到密钥字符串: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 (长度: 64) +[2025-12-14 18:58:24.363] [SUCCESS] 已成功接收到密钥 +[2025-12-14 18:58:28.862] [INFO] 等待获取密钥... 请按以下步骤操作: +1. 确保微信已登录(不能停留在登录界面) +2. 打开任意聊天窗口 +3. 向上滚动查看历史消息(触发数据库读取) +4. 或者发送/接收一条新消息 +[2025-12-14 18:58:28.862] [DEBUG] 轮询中... 已轮询 100 次,已等待 10.0 秒 +[2025-12-14 18:58:38.862] [DEBUG] 轮询中... 已轮询 200 次,已等待 20.0 秒 +[2025-12-14 18:58:48.862] [DEBUG] 轮询中... 已轮询 300 次,已等待 30.0 秒 +[2025-12-14 18:58:48.862] [WARNING] 30秒轮询结束,已获取数据库密钥,但未获取到图片密钥 +注意:对于微信V4,图片密钥可能不是必需的,或者需要其他方式获取 +数据库密钥: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 +[2025-12-14 18:58:48.862] [INFO] DLL资源已清理 +[2025-12-14 19:00:03.048] [SUCCESS] DLL初始化成功,PID: 15544 +[2025-12-14 19:00:03.048] [INFO] DLL初始化成功,PID: 15544 +[2025-12-14 19:00:03.149] [INFO] 开始初始化Hook系统... +[2025-12-14 19:00:03.149] [INFO] 正在初始化系统调用... +[2025-12-14 19:00:03.149] [INFO] 正在打开目标进程... +[2025-12-14 19:00:03.149] [INFO] 正在检测微信版本... +[2025-12-14 19:00:03.149] [INFO] 检测到的微信版本: 4.1.5.30 +[2025-12-14 19:00:03.149] [INFO] 正在扫描目标函数... +[2025-12-14 19:00:03.149] [INFO] 目标函数地址: 0x7fff98336910 +[2025-12-14 19:00:03.149] [INFO] 正在分配远程数据缓冲区... +[2025-12-14 19:00:03.149] [INFO] 正在分配远程伪栈... +[2025-12-14 19:00:03.149] [INFO] 正在初始化IPC通信... +[2025-12-14 19:00:03.149] [INFO] 正在准备安装Hook... +[2025-12-14 19:00:03.149] [INFO] 正在安装远程Hook... +[2025-12-14 19:00:03.149] [SUCCESS] Hook安装成功,现在登录微信... +[2025-12-14 19:00:08.049] [INFO] 等待获取密钥... 请按以下步骤操作: +1. 确保微信已登录(不能停留在登录界面) +2. 打开任意聊天窗口 +3. 向上滚动查看历史消息(触发数据库读取) +4. 或者发送/接收一条新消息 +[2025-12-14 19:00:11.249] [DEBUG] 从DLL获取到密钥字符串: a12e1959b5ee4e9f96fcc22d0ecdad9c3bc7b503d3b84192879fe1578792d0f8 (长度: 64) +[2025-12-14 19:00:11.249] [SUCCESS] 找到数据库密钥: a12e1959b5ee4e9f96fcc22d0ecdad9c3bc7b503d3b84192879fe1578792d0f8 +[2025-12-14 19:00:11.249] [INFO] 通过DLL找到数据库密钥(无验证): a12e1959b5ee4e9f96fcc22d0ecdad9c3bc7b503d3b84192879fe1578792d0f8 +[2025-12-14 19:00:11.249] [SUCCESS] 已成功接收到密钥 +[2025-12-14 19:00:11.449] [DEBUG] 从DLL获取到密钥字符串: a12e1959b5ee4e9f96fcc22d0ecdad9c3bc7b503d3b84192879fe1578792d0f8 (长度: 64) +[2025-12-14 19:00:11.449] [SUCCESS] 已成功接收到密钥 +[2025-12-14 19:00:11.555] [DEBUG] 从DLL获取到密钥字符串: a12e1959b5ee4e9f96fcc22d0ecdad9c3bc7b503d3b84192879fe1578792d0f8 (长度: 64) +[2025-12-14 19:00:11.555] [SUCCESS] 已成功接收到密钥 +[2025-12-14 19:00:11.651] [DEBUG] 从DLL获取到密钥字符串: a12e1959b5ee4e9f96fcc22d0ecdad9c3bc7b503d3b84192879fe1578792d0f8 (长度: 64) +[2025-12-14 19:00:11.651] [SUCCESS] 已成功接收到密钥 +[2025-12-14 19:00:13.048] [DEBUG] 轮询中... 已轮询 100 次,已等待 10.0 秒 +[2025-12-14 19:00:23.050] [DEBUG] 轮询中... 已轮询 200 次,已等待 20.0 秒 +[2025-12-14 19:00:33.048] [DEBUG] 轮询中... 已轮询 300 次,已等待 30.0 秒 +[2025-12-14 19:00:33.048] [WARNING] 30秒轮询结束,已获取数据库密钥,但未获取到图片密钥 +注意:对于微信V4,图片密钥可能不是必需的,或者需要其他方式获取 +数据库密钥: a12e1959b5ee4e9f96fcc22d0ecdad9c3bc7b503d3b84192879fe1578792d0f8 +[2025-12-14 19:00:33.048] [INFO] DLL资源已清理 diff --git a/logs/dll_20251214_190812.log b/logs/dll_20251214_190812.log new file mode 100644 index 0000000..820539d --- /dev/null +++ b/logs/dll_20251214_190812.log @@ -0,0 +1,144 @@ +[2025-12-14 19:08:12.943] [SUCCESS] DLL初始化成功,PID: 10728 +[2025-12-14 19:08:12.943] [INFO] DLL初始化成功,PID: 10728 +[2025-12-14 19:08:13.044] [INFO] 开始初始化Hook系统... +[2025-12-14 19:08:13.044] [INFO] 正在初始化系统调用... +[2025-12-14 19:08:13.044] [INFO] 正在打开目标进程... +[2025-12-14 19:08:13.044] [INFO] 正在检测微信版本... +[2025-12-14 19:08:13.044] [INFO] 检测到的微信版本: 4.1.5.30 +[2025-12-14 19:08:13.044] [INFO] 正在扫描目标函数... +[2025-12-14 19:08:13.044] [INFO] 目标函数地址: 0x7fff98336910 +[2025-12-14 19:08:13.044] [INFO] 正在分配远程数据缓冲区... +[2025-12-14 19:08:13.044] [INFO] 正在分配远程伪栈... +[2025-12-14 19:08:13.044] [INFO] 正在初始化IPC通信... +[2025-12-14 19:08:13.044] [INFO] 正在准备安装Hook... +[2025-12-14 19:08:13.044] [INFO] 正在安装远程Hook... +[2025-12-14 19:08:13.044] [SUCCESS] Hook安装成功,现在登录微信... +[2025-12-14 19:08:17.944] [INFO] 等待获取密钥... 请按以下步骤操作: +1. 确保微信已登录(不能停留在登录界面) +2. 打开任意聊天窗口 +3. 向上滚动查看历史消息(触发数据库读取) +4. 或者发送/接收一条新消息 +[2025-12-14 19:08:19.343] [DEBUG] 从DLL获取到密钥字符串: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 (长度: 64) +[2025-12-14 19:08:19.343] [SUCCESS] 找到数据库密钥: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 +[2025-12-14 19:08:19.343] [INFO] 通过DLL找到数据库密钥(无验证): bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 +[2025-12-14 19:08:19.343] [SUCCESS] 已成功接收到密钥 +[2025-12-14 19:08:19.448] [DEBUG] 从DLL获取到密钥字符串: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 (长度: 64) +[2025-12-14 19:08:19.448] [SUCCESS] 已成功接收到密钥 +[2025-12-14 19:08:19.944] [DEBUG] 从DLL获取到密钥字符串: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 (长度: 64) +[2025-12-14 19:08:19.944] [SUCCESS] 已成功接收到密钥 +[2025-12-14 19:08:22.943] [DEBUG] 轮询中... 已轮询 100 次,已等待 10.0 秒 +[2025-12-14 19:08:32.943] [DEBUG] 轮询中... 已轮询 200 次,已等待 20.0 秒 +[2025-12-14 19:08:42.943] [DEBUG] 轮询中... 已轮询 300 次,已等待 30.0 秒 +[2025-12-14 19:08:42.943] [WARNING] 30秒轮询结束,已获取数据库密钥,但未获取到图片密钥 +注意:对于微信V4,图片密钥可能不是必需的,或者需要其他方式获取 +数据库密钥: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 +[2025-12-14 19:08:42.943] [INFO] DLL资源已清理 +[2025-12-14 19:09:39.437] [SUCCESS] DLL初始化成功,PID: 13020 +[2025-12-14 19:09:39.437] [INFO] DLL初始化成功,PID: 13020 +[2025-12-14 19:09:39.537] [INFO] 开始初始化Hook系统... +[2025-12-14 19:09:39.537] [INFO] 正在初始化系统调用... +[2025-12-14 19:09:39.537] [INFO] 正在打开目标进程... +[2025-12-14 19:09:39.537] [INFO] 正在检测微信版本... +[2025-12-14 19:09:39.537] [INFO] 检测到的微信版本: 4.1.5.30 +[2025-12-14 19:09:39.537] [INFO] 正在扫描目标函数... +[2025-12-14 19:09:39.537] [INFO] 目标函数地址: 0x7fff98336910 +[2025-12-14 19:09:39.537] [INFO] 正在分配远程数据缓冲区... +[2025-12-14 19:09:39.537] [INFO] 正在分配远程伪栈... +[2025-12-14 19:09:39.537] [INFO] 正在初始化IPC通信... +[2025-12-14 19:09:39.537] [INFO] 正在准备安装Hook... +[2025-12-14 19:09:39.537] [INFO] 正在安装远程Hook... +[2025-12-14 19:09:39.537] [SUCCESS] Hook安装成功,现在登录微信... +[2025-12-14 19:09:44.437] [INFO] 等待获取密钥... 请按以下步骤操作: +1. 确保微信已登录(不能停留在登录界面) +2. 打开任意聊天窗口 +3. 向上滚动查看历史消息(触发数据库读取) +4. 或者发送/接收一条新消息 +[2025-12-14 19:09:45.038] [DEBUG] 从DLL获取到密钥字符串: a12e1959b5ee4e9f96fcc22d0ecdad9c3bc7b503d3b84192879fe1578792d0f8 (长度: 64) +[2025-12-14 19:09:45.038] [SUCCESS] 找到数据库密钥: a12e1959b5ee4e9f96fcc22d0ecdad9c3bc7b503d3b84192879fe1578792d0f8 +[2025-12-14 19:09:45.038] [INFO] 通过DLL找到数据库密钥(无验证): a12e1959b5ee4e9f96fcc22d0ecdad9c3bc7b503d3b84192879fe1578792d0f8 +[2025-12-14 19:09:45.038] [SUCCESS] 已成功接收到密钥 +[2025-12-14 19:09:45.137] [DEBUG] 从DLL获取到密钥字符串: a12e1959b5ee4e9f96fcc22d0ecdad9c3bc7b503d3b84192879fe1578792d0f8 (长度: 64) +[2025-12-14 19:09:45.137] [SUCCESS] 已成功接收到密钥 +[2025-12-14 19:09:45.649] [DEBUG] 从DLL获取到密钥字符串: a12e1959b5ee4e9f96fcc22d0ecdad9c3bc7b503d3b84192879fe1578792d0f8 (长度: 64) +[2025-12-14 19:09:45.649] [SUCCESS] 已成功接收到密钥 +[2025-12-14 19:09:49.438] [DEBUG] 轮询中... 已轮询 100 次,已等待 10.0 秒 +[2025-12-14 19:09:59.437] [DEBUG] 轮询中... 已轮询 200 次,已等待 20.0 秒 +[2025-12-14 19:10:09.437] [DEBUG] 轮询中... 已轮询 300 次,已等待 30.0 秒 +[2025-12-14 19:10:09.437] [WARNING] 30秒轮询结束,已获取数据库密钥,但未获取到图片密钥 +注意:对于微信V4,图片密钥可能不是必需的,或者需要其他方式获取 +数据库密钥: a12e1959b5ee4e9f96fcc22d0ecdad9c3bc7b503d3b84192879fe1578792d0f8 +[2025-12-14 19:10:09.437] [INFO] DLL资源已清理 +[2025-12-14 19:10:51.673] [SUCCESS] DLL初始化成功,PID: 10516 +[2025-12-14 19:10:51.673] [INFO] DLL初始化成功,PID: 10516 +[2025-12-14 19:10:51.775] [INFO] 开始初始化Hook系统... +[2025-12-14 19:10:51.775] [INFO] 正在初始化系统调用... +[2025-12-14 19:10:51.775] [INFO] 正在打开目标进程... +[2025-12-14 19:10:51.775] [INFO] 正在检测微信版本... +[2025-12-14 19:10:51.775] [INFO] 检测到的微信版本: 4.1.5.30 +[2025-12-14 19:10:51.775] [INFO] 正在扫描目标函数... +[2025-12-14 19:10:51.775] [INFO] 目标函数地址: 0x7fff98336910 +[2025-12-14 19:10:51.775] [INFO] 正在分配远程数据缓冲区... +[2025-12-14 19:10:51.775] [INFO] 正在分配远程伪栈... +[2025-12-14 19:10:51.775] [INFO] 正在初始化IPC通信... +[2025-12-14 19:10:51.775] [INFO] 正在准备安装Hook... +[2025-12-14 19:10:51.775] [INFO] 正在安装远程Hook... +[2025-12-14 19:10:51.775] [SUCCESS] Hook安装成功,现在登录微信... +[2025-12-14 19:10:56.374] [DEBUG] 从DLL获取到密钥字符串: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 (长度: 64) +[2025-12-14 19:10:56.374] [SUCCESS] 找到数据库密钥: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 +[2025-12-14 19:10:56.374] [INFO] 通过DLL找到数据库密钥(无验证): bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 +[2025-12-14 19:10:56.374] [SUCCESS] 已成功接收到密钥 +[2025-12-14 19:10:56.574] [DEBUG] 从DLL获取到密钥字符串: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 (长度: 64) +[2025-12-14 19:10:56.574] [SUCCESS] 已成功接收到密钥 +[2025-12-14 19:10:56.762] [INFO] 等待获取密钥... 请按以下步骤操作: +1. 确保微信已登录(不能停留在登录界面) +2. 打开任意聊天窗口 +3. 向上滚动查看历史消息(触发数据库读取) +4. 或者发送/接收一条新消息 +[2025-12-14 19:10:56.974] [DEBUG] 从DLL获取到密钥字符串: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 (长度: 64) +[2025-12-14 19:10:56.974] [SUCCESS] 已成功接收到密钥 +[2025-12-14 19:10:57.193] [DEBUG] 从DLL获取到密钥字符串: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 (长度: 64) +[2025-12-14 19:10:57.193] [SUCCESS] 已成功接收到密钥 +[2025-12-14 19:11:01.673] [DEBUG] 轮询中... 已轮询 100 次,已等待 10.0 秒 +[2025-12-14 19:11:11.674] [DEBUG] 轮询中... 已轮询 200 次,已等待 20.0 秒 +[2025-12-14 19:11:21.674] [DEBUG] 轮询中... 已轮询 300 次,已等待 30.0 秒 +[2025-12-14 19:11:21.674] [WARNING] 30秒轮询结束,已获取数据库密钥,但未获取到图片密钥 +注意:对于微信V4,图片密钥可能不是必需的,或者需要其他方式获取 +数据库密钥: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 +[2025-12-14 19:11:21.674] [INFO] DLL资源已清理 +[2025-12-14 19:14:01.582] [SUCCESS] DLL初始化成功,PID: 19264 +[2025-12-14 19:14:01.582] [INFO] DLL初始化成功,PID: 19264 +[2025-12-14 19:14:01.682] [INFO] 开始初始化Hook系统... +[2025-12-14 19:14:01.682] [INFO] 正在初始化系统调用... +[2025-12-14 19:14:01.682] [INFO] 正在打开目标进程... +[2025-12-14 19:14:01.682] [INFO] 正在检测微信版本... +[2025-12-14 19:14:01.682] [INFO] 检测到的微信版本: 4.1.5.30 +[2025-12-14 19:14:01.682] [INFO] 正在扫描目标函数... +[2025-12-14 19:14:01.682] [INFO] 目标函数地址: 0x7fff98336910 +[2025-12-14 19:14:01.682] [INFO] 正在分配远程数据缓冲区... +[2025-12-14 19:14:01.682] [INFO] 正在分配远程伪栈... +[2025-12-14 19:14:01.682] [INFO] 正在初始化IPC通信... +[2025-12-14 19:14:01.682] [INFO] 正在准备安装Hook... +[2025-12-14 19:14:01.682] [INFO] 正在安装远程Hook... +[2025-12-14 19:14:01.682] [SUCCESS] Hook安装成功,现在登录微信... +[2025-12-14 19:14:06.483] [DEBUG] 从DLL获取到密钥字符串: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 (长度: 64) +[2025-12-14 19:14:06.483] [SUCCESS] 找到数据库密钥: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 +[2025-12-14 19:14:06.483] [INFO] 通过DLL找到数据库密钥(无验证): bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 +[2025-12-14 19:14:06.483] [SUCCESS] 已成功接收到密钥 +[2025-12-14 19:14:06.582] [INFO] 等待获取密钥... 请按以下步骤操作: +1. 确保微信已登录(不能停留在登录界面) +2. 打开任意聊天窗口 +3. 向上滚动查看历史消息(触发数据库读取) +4. 或者发送/接收一条新消息 +[2025-12-14 19:14:06.686] [DEBUG] 从DLL获取到密钥字符串: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 (长度: 64) +[2025-12-14 19:14:06.686] [SUCCESS] 已成功接收到密钥 +[2025-12-14 19:14:07.083] [DEBUG] 从DLL获取到密钥字符串: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 (长度: 64) +[2025-12-14 19:14:07.083] [SUCCESS] 已成功接收到密钥 +[2025-12-14 19:14:07.282] [DEBUG] 从DLL获取到密钥字符串: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 (长度: 64) +[2025-12-14 19:14:07.282] [SUCCESS] 已成功接收到密钥 +[2025-12-14 19:14:11.582] [DEBUG] 轮询中... 已轮询 100 次,已等待 10.0 秒 +[2025-12-14 19:14:21.582] [DEBUG] 轮询中... 已轮询 200 次,已等待 20.0 秒 +[2025-12-14 19:14:31.585] [DEBUG] 轮询中... 已轮询 300 次,已等待 30.0 秒 +[2025-12-14 19:14:31.585] [WARNING] 30秒轮询结束,已获取数据库密钥,但未获取到图片密钥 +注意:对于微信V4,图片密钥可能不是必需的,或者需要其他方式获取 +数据库密钥: bff49d3f151f4349945ad35b64bd673d4cbefd9ccaf641f897ad468f2b7e8104 +[2025-12-14 19:14:31.585] [INFO] DLL资源已清理 diff --git a/logs/dll_20251214_191745.log b/logs/dll_20251214_191745.log new file mode 100644 index 0000000..5655063 --- /dev/null +++ b/logs/dll_20251214_191745.log @@ -0,0 +1,35 @@ +[2025-12-14 19:17:45.559] [SUCCESS] DLL初始化成功,PID: 12316 +[2025-12-14 19:17:45.560] [INFO] DLL初始化成功,PID: 12316 +[2025-12-14 19:17:45.660] [INFO] 开始初始化Hook系统... +[2025-12-14 19:17:45.660] [INFO] 正在初始化系统调用... +[2025-12-14 19:17:45.660] [INFO] 正在打开目标进程... +[2025-12-14 19:17:45.660] [INFO] 正在检测微信版本... +[2025-12-14 19:17:45.660] [INFO] 检测到的微信版本: 4.1.5.30 +[2025-12-14 19:17:45.660] [INFO] 正在扫描目标函数... +[2025-12-14 19:17:45.660] [INFO] 目标函数地址: 0x7fff98336910 +[2025-12-14 19:17:45.660] [INFO] 正在分配远程数据缓冲区... +[2025-12-14 19:17:45.660] [INFO] 正在分配远程伪栈... +[2025-12-14 19:17:45.660] [INFO] 正在初始化IPC通信... +[2025-12-14 19:17:45.660] [INFO] 正在准备安装Hook... +[2025-12-14 19:17:45.660] [INFO] 正在安装远程Hook... +[2025-12-14 19:17:45.660] [SUCCESS] Hook安装成功,现在登录微信... +[2025-12-14 19:17:50.560] [DEBUG] 从DLL获取到密钥字符串: a12e1959b5ee4e9f96fcc22d0ecdad9c3bc7b503d3b84192879fe1578792d0f8 (长度: 64) +[2025-12-14 19:17:50.560] [SUCCESS] 找到数据库密钥: a12e1959b5ee4e9f96fcc22d0ecdad9c3bc7b503d3b84192879fe1578792d0f8 +[2025-12-14 19:17:50.560] [INFO] 通过DLL找到数据库密钥(无验证): a12e1959b5ee4e9f96fcc22d0ecdad9c3bc7b503d3b84192879fe1578792d0f8 +[2025-12-14 19:17:50.560] [SUCCESS] 已成功接收到密钥 +[2025-12-14 19:17:50.661] [DEBUG] 从DLL获取到密钥字符串: a12e1959b5ee4e9f96fcc22d0ecdad9c3bc7b503d3b84192879fe1578792d0f8 (长度: 64) +[2025-12-14 19:17:50.661] [SUCCESS] 已成功接收到密钥 +[2025-12-14 19:17:51.060] [DEBUG] 从DLL获取到密钥字符串: a12e1959b5ee4e9f96fcc22d0ecdad9c3bc7b503d3b84192879fe1578792d0f8 (长度: 64) +[2025-12-14 19:17:51.060] [SUCCESS] 已成功接收到密钥 +[2025-12-14 19:17:55.560] [INFO] 等待获取密钥... 请按以下步骤操作: +1. 确保微信已登录(不能停留在登录界面) +2. 打开任意聊天窗口 +3. 向上滚动查看历史消息(触发数据库读取) +4. 或者发送/接收一条新消息 +[2025-12-14 19:17:55.560] [DEBUG] 轮询中... 已轮询 100 次,已等待 10.0 秒 +[2025-12-14 19:18:05.560] [DEBUG] 轮询中... 已轮询 200 次,已等待 20.0 秒 +[2025-12-14 19:18:15.560] [DEBUG] 轮询中... 已轮询 300 次,已等待 30.0 秒 +[2025-12-14 19:18:15.560] [WARNING] 30秒轮询结束,已获取数据库密钥,但未获取到图片密钥 +注意:对于微信V4,图片密钥可能不是必需的,或者需要其他方式获取 +数据库密钥: a12e1959b5ee4e9f96fcc22d0ecdad9c3bc7b503d3b84192879fe1578792d0f8 +[2025-12-14 19:18:15.560] [INFO] DLL资源已清理