[原创] 微信低版本的分析

a1辅助网提供[原创] 微信低版本的分析的下载地址,长期提供破解软件,各种线报福利等,62510是一个很好的福利资源网站

邪恶海盗 发表于 2021-3-24 13:00
球球是咋整的,有的号登陆提示版本低

微信提示版本低,不能登录时,还要更简单的处理方式:
二步就OK啦。
1、用微信高版本登录,让微信记住 本设备信息。
2、再卸载高版本,重新安装低版本,然后登录就OK啦。

注意:只能用一个微信号登录。

看不懂哈哈哈[原创] 微信低版本的分析
狗日马化腾要银行卡号才能用微信

微信过低版本分析

1.微信是如何计算版本号的

    微信的显示的版本取决于WeChatWin.dll文件.     获取文件信息GetFileVersionInfoSizeW->GetFileVersionInfoW->VerQueryValueW     打开OD 拖入WeChat.exe     对GetFileVersionInfoSizeW函数下断     一直F9直到发现有 WeChatWin.dll的路径出现     
[Asm] 纯文本查看 复制代码
005CE9C4   5C517F09  /CALL 到 GetFileVersionInfoSizeW 来自 WeChatWi.5C517F03     005CE9C8   00B031C0  |FileName = "G:xxxxxxWeChatWeChatWin.dll"     005CE9CC   005CEA00  pHandle = 005CEA00      

    返回到  WeChatWi.5C517F03

[Asm] 纯文本查看 复制代码
5C517E80           /$  55            PUSH EBP 5C517E81           |.  8BEC          MOV EBP, ESP 5C517E83           |.  A1 987D405D   MOV EAX, DWORD PTR DS:[zxsq-anti-bbcode-0x5D407D98] 5C517E88           |.  83EC 2C       SUB ESP, 0x2C 5C517E8B           |.  53            PUSH EBX 5C517E8C           |.  56            PUSH ESI 5C517E8D           |.  57            PUSH EDI 5C517E8E           |.  85C0          TEST EAX, EAX 5C517E90           |.  75 2B         JNZ SHORT 5C517EBD 5C517E92           |.  68 04010000   PUSH 0x104                               ; /BufSize = 104 (260.) 5C517E97           |.  68 B8C6415D   PUSH 5D41C6B8                            ; |PathBuffer = WeChatWi.5D41C6B8 5C517E9C           |.  50            PUSH EAX                                 ; |hModule = 00B031C0 5C517E9D           |.  FF15 4C22055D CALL DWORD PTR DS:[<&KERNEL32.GetModuleF>; GetModuleFileNameW 5C517EA3           |.  68 B8C6415D   PUSH 5D41C6B8                            ; /Path = "G:xxxxxxWeChat" 5C517EA8           |.  FF15 6C26055D CALL DWORD PTR DS:[<&SHLWAPI.PathRemoveF>; PathRemoveFileSpecW 5C517EAE           |.  C705 987D405D>MOV DWORD PTR DS:[zxsq-anti-bbcode-0x5D407D98], 5D41C6B8  ;  UNICODE "G:xxxxxxWeChat" 5C517EB8           |.  B8 B8C6415D   MOV EAX, 5D41C6B8                        ;  UNICODE "G:xxxxxxWeChat" 5C517EBD           |>  6A FF         PUSH -0x1 5C517EBF           |.  0F57C0        XORPS XMM0, XMM0 5C517EC2           |.  C745 E8 00000>MOV [LOCAL.6], 0x0 5C517EC9           |.  50            PUSH EAX 5C517ECA           |.  8D4D D8       LEA ECX, [LOCAL.10] 5C517ECD           |.  0F1145 D8     MOVUPS DQWORD PTR SS:[EBP-0x28], XMM0 5C517ED1           |.  E8 3AC9FFFF   CALL 5C514810 5C517ED6           |.  68 C44F215D   PUSH 5D214FC4                            ;  UNICODE "WeChatWin.dll" 5C517EDB           |.  8D4D D8       LEA ECX, [LOCAL.10] 5C517EDE           |.  E8 ADCAFFFF   CALL 5C514990 5C517EE3           |.  8B75 D8       MOV ESI, [LOCAL.10] 5C517EE6           |.  C745 F8 00000>MOV [LOCAL.2], 0x0 5C517EED           |.  85F6          TEST ESI, ESI 5C517EEF           |.  74 08         JE SHORT 5C517EF9 5C517EF1           |.  66:833E 00    CMP WORD PTR DS:[zxsq-anti-bbcode-ESI], 0x0 5C517EF5           |.  8BC6          MOV EAX, ESI 5C517EF7           |.  75 05         JNZ SHORT 5C517EFE 5C517EF9           |>  B8 10D3165D   MOV EAX, 5D16D310 5C517EFE           |>  8D4D F8       LEA ECX, [LOCAL.2] 5C517F01           |.  51            PUSH ECX                                 ; /pHandle = 005CEA00 5C517F02           |.  50            PUSH EAX                                 ; |FileName = "G:xxxxxxWeChatWeChatWin.dll" 5C517F03           |.  FF15 7429055D CALL DWORD PTR DS:[<&VERSION.GetFileVers>; GetFileVersionInfoSizeW 5C517F09           |.  8BD8          MOV EBX, EAX 5C517F0B           |.  C745 EC 00000>MOV [LOCAL.5], 0x0 5C517F12           |.  C745 F0 00000>MOV [LOCAL.4], 0x0 5C517F19           |.  8D0C5D 020000>LEA ECX, DWORD PTR DS:[EBX*2+0x2] 5C517F20           |.  51            PUSH ECX 5C517F21           |.  8D4D EC       LEA ECX, [LOCAL.5] 5C517F24           |.  E8 07AEFFFF   CALL 5C512D30 5C517F29           |.  85F6          TEST ESI, ESI 5C517F2B           |.  74 08         JE SHORT 5C517F35 5C517F2D           |.  66:833E 00    CMP WORD PTR DS:[zxsq-anti-bbcode-ESI], 0x0 5C517F31           |.  8BC6          MOV EAX, ESI 5C517F33           |.  75 05         JNZ SHORT 5C517F3A 5C517F35           |>  B8 10D3165D   MOV EAX, 5D16D310 5C517F3A           |>  8B7D EC       MOV EDI, [LOCAL.5]                       ;  WeChatWi.5D406B00 5C517F3D           |.  57            PUSH EDI                                 ; /Buffer = 0000035D 5C517F3E           |.  53            PUSH EBX                                 ; |BufSize = 5D1 (1489.) 5C517F3F           |.  6A 00         PUSH 0x0                                 ; |Reserved = 0x0 5C517F41           |.  50            PUSH EAX                                 ; |FileName = "G:xxxxxxWeChatWeChatWin.dll" 5C517F42           |.  FF15 7029055D CALL DWORD PTR DS:[<&VERSION.GetFileVers>; GetFileVersionInfoW 5C517F48           |.  85C0          TEST EAX, EAX 5C517F4A           |.  74 2F         JE SHORT 5C517F7B 5C517F4C           |.  8D45 F4       LEA EAX, [LOCAL.3] 5C517F4F           |.  C745 F4 00000>MOV [LOCAL.3], 0x0 5C517F56           |.  50            PUSH EAX                                 ; /pValueSize = 00B031C0 5C517F57           |.  8D45 FC       LEA EAX, [LOCAL.1]                       ; | 5C517F5A           |.  C745 FC 00000>MOV [LOCAL.1], 0x0                       ; | 5C517F61           |.  50            PUSH EAX                                 ; |ppValue = 00B031C0 5C517F62           |.  68 E801175D   PUSH 5D1701E8                            ; |pSubBlock = "" 5C517F67           |.  57            PUSH EDI                                 ; |pBlock = 0000035D 5C517F68           |.  FF15 6C29055D CALL DWORD PTR DS:[<&VERSION.VerQueryVal>; VerQueryValueW 5C517F6E           |.  8B45 FC       MOV EAX, [LOCAL.1] 5C517F71           |.  85C0          TEST EAX, EAX 5C517F73           |.  74 06         JE SHORT 5C517F7B 5C517F75           |.  0FB758 0C     MOVZX EBX, WORD PTR DS:[EAX+0xC] 5C517F79           |.  EB 02         JMP SHORT 5C517F7D 5C517F7B           |>  33DB          XOR EBX, EBX 5C517F7D           |>  85FF          TEST EDI, EDI 5C517F7F           |.  74 09         JE SHORT 5C517F8A 5C517F81           |.  57            PUSH EDI 5C517F82           |.  E8 B42CA400   CALL 5CF5AC3B 5C517F87           |.  83C4 04       ADD ESP, 0x4 5C517F8A           |>  85F6          TEST ESI, ESI 5C517F8C           |.  74 09         JE SHORT 5C517F97 5C517F8E           |.  56            PUSH ESI 5C517F8F           |.  E8 A72CA400   CALL 5CF5AC3B 5C517F94           |.  83C4 04       ADD ESP, 0x4 5C517F97           |>  8B45 E4       MOV EAX, [LOCAL.7] 5C517F9A           |.  85C0          TEST EAX, EAX 5C517F9C           |.  74 09         JE SHORT 5C517FA7 5C517F9E           |.  50            PUSH EAX 5C517F9F           |.  E8 972CA400   CALL 5CF5AC3B 5C517FA4           |.  83C4 04       ADD ESP, 0x4 5C517FA7           |>  5F            POP EDI                                  ;  WeChatWi.5C517F09 5C517FA8           |.  5E            POP ESI                                  ;  WeChatWi.5C517F09 5C517FA9           |.  8BC3          MOV EAX, EBX 5C517FAB           |.  5B            POP EBX                                  ;  WeChatWi.5C517F09 5C517FAC           |.  8BE5          MOV ESP, EBP 5C517FAE           |.  5D            POP EBP                                  ;  WeChatWi.5C517F09 5C517FAF           .  C3            RETN

retn下断
等结果 看eax 0x58=88,我们用的是2.7.1.88 刚好是尾数

[Asm] 纯文本查看 复制代码
 EAX 00000058 ECX 00AE0000 EDX 00AE0000 EBX 000005D1 ESP 005CEA0C UNICODE "医尊" EBP 005CEA1C ESI 5D053D00 WeChatWi.5D053D00 EDI 0000035D EIP 5C517FAF WeChatWi.5C517FAF C 0  ES 002B 32 位 0(FFFFFFFF) P 1  CS 0023 32 位 0(FFFFFFFF) A 0  SS 002B 32 位 0(FFFFFFFF) Z 1  DS 002B 32 位 0(FFFFFFFF) S 0  FS 0053 32 位 96D000(FFF) T 0  GS 002B 32 位 0(FFFFFFFF) D 0 O 0  LastErr ERROR_SUCCESS (00000000) EFL 00000246 (NO,NB,E,BE,NS,PE,GE,LE) ST0 empty 0.0 ST1 empty 0.0 ST2 empty 0.0 ST3 empty 0.0 ST4 empty 0.0 ST5 empty 1.0000000000000000000 ST6 empty 1.0000000000000000000 ST7 empty 1.0000000000000000000 3 2 1 0      E S P U O Z D I FST 4000  Cond 1 0 0 0  Err 0 0 0 0 0 0 0 0  (EQ) FCW 027F  Prec NEAR,53  Mask    1 1 1 1 1 1 

F8下一步看到如下代码

[Asm] 纯文本查看 复制代码
 5C0A91AB           |.  0FB6C0        MOVZX EAX, AL 5C0A91AE           |.  0D 00010762   OR EAX, 0x62070100 5C0A91B3           |>  A3 B885405D   MOV DWORD PTR DS:[zxsq-anti-bbcode-0x5D4085B8], EAX 5C0A91B8           |>  A3 68F5405D   MOV DWORD PTR DS:[zxsq-anti-bbcode-0x5D40F568], EAX 5C0A91BD           |.  8BE5          MOV ESP, EBP 5C0A91BF           |.  5D            POP EBP 5C0A91C0           .  C3            RETN

取得到的版本号和0x62070100位或得到结果  0x62070158

分别赋值给 0x5D4085B8 和 0x5D40F568 这2个肯定是读取的.先记录一下

0x62070100是怎么来的呢,从代码看,很像是固定的.

2.7.1.00  => 转换一下0x02070100
0x62070100 => 0x60000000+0x02070100
我们来计算1个,假如版本号是 3.3.3.33
0x03030300+0x60000000=0x63030300 or 0x21 => 0x63030321
修改eax的值 0x63030321
F9放行
原来是
后面确实改成功了

版本的算法 可以自己编写出来

2.如何过掉低版本

重新运行微信 打开CE 附加搜索 0x62070158 版本号计算的结果          写入最新的版本 或者更高版本即可 

我写入的是 3.3.3.33
点击登陆即可

部分文章来自互联网,侵权删除www.a1fz.com/

www.a1fz.com A1fz网专注于福利分享,各种破解软件学习资料,视频教程等等,如有侵权告知管理员删除
A1fz.com,福利吧,宅男福利,宅男,福利社,福利,有福利 » [原创] 微信低版本的分析

发表评论