cyonjan/WeChatFerry
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Impl SendXmlMessage

Browse Source
This commit is contained in:
Changhua 2023-03-01 04:03:53 +08:00
parent 902d7caa76
commit 2af5ad0253
8 changed files with 167 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
python/demo.py
View File

@ -3,6 +3,7 @@
import logging
from threading import Thread
from time import sleep
from wcferry import Wcf
@ -26,6 +27,7 @@ def main():
wcf = Wcf(debug=True) # 默认连接本地服务
# wcf = Wcf("tcp://127.0.0.1:10086") # 连接远端服务
sleep(5) # 等微信加载好,以免信息显示异常
LOG.info(f"已经登录: {True if wcf.is_login() else False}")
LOG.info(f"wxid: {wcf.get_self_wxid()}")
@ -58,6 +60,10 @@ def main():
# ret = wcf.add_chatroom_members("chatroom id", "wxid1,wxid2,wxid3,...")
# LOG.info(f"add_chatroom_members: {ret}")
xml = '<?xml version="1.0"?><msg><appmsg appid="" sdkver="0"><title>叮当药房24小时服务28分钟送药到家</title><des>叮当快药首家承诺范围内28分钟送药到家叮当快药核心区域内7*24小时全天候服务送药上门叮当快药官网为您提供快捷便利正品低价安全放心的购药、送药服务体验。</des><action>view</action><type>33</type><showtype>0</showtype><content /><url>https://mp.weixin.qq.com/mp/waerrpage?appid=wxc2edadc87077fa2a&amp;type=upgrade&amp;upgradetype=3#wechat_redirect</url><dataurl /><lowurl /><lowdataurl /><recorditem /><thumburl /><messageaction /><md5>7f6f49d301ebf47100199b8a4fcf4de4</md5><extinfo /><sourceusername>gh_c2b88a38c424@app</sourceusername><sourcedisplayname>叮当快药 药店送药到家夜间买药</sourcedisplayname><commenturl /><appattach><totallen>0</totallen><attachid /><emoticonmd5></emoticonmd5><fileext>jpg</fileext><filekey>da0e08f5c7259d03da150d5e7ca6d950</filekey><cdnthumburl>3057020100044b30490201000204e4c0232702032f4ef20204a6bace6f02046401f62d042430326337303430352d333734332d343362652d623335322d6233333566623266376334620204012400030201000405004c537600</cdnthumburl><aeskey>0db26456caf243fbd4efb99058a01d66</aeskey><cdnthumbaeskey>0db26456caf243fbd4efb99058a01d66</cdnthumbaeskey><encryver>1</encryver><cdnthumblength>61558</cdnthumblength><cdnthumbheight>100</cdnthumbheight><cdnthumbwidth>100</cdnthumbwidth></appattach><weappinfo><pagepath>pages/index/index.html</pagepath><username>gh_c2b88a38c424@app</username><appid>wxc2edadc87077fa2a</appid><version>197</version><type>2</type><weappiconurl>http://wx.qlogo.cn/mmhead/Q3auHgzwzM4727n0NQ0ZIPQPlfp15m1WLsnrXbo1kLhFGcolgLyc0A/96</weappiconurl><appservicetype>0</appservicetype><shareId>1_wxc2edadc87077fa2a_29177e9a9b918cb9e75964f80bb8f32e_1677849476_0</shareId></weappinfo><websearch /></appmsg><fromusername>wxid_eob5qfcrv4zd22</fromusername><scene>0</scene><appinfo><version>1</version><appname /></appinfo><commenturl /></msg>'
ret = wcf.send_xml("filehelper", xml, 0x21)
LOG.info(f"send_xml: {ret}")
# 一直运行
wcf.keep_running()

16
python/wcferry/client.py
View File

@ -227,6 +227,18 @@ class Wcf():
rsp = self._send_request(req)
return rsp.status
def send_xml(self, receiver: str, xml: str, type: int, path: str = None) -> int:
"""发送文件"""
req = wcf_pb2.Request()
req.func = wcf_pb2.FUNC_SEND_XML # FUNC_SEND_XML
req.xml.receiver = receiver
req.xml.content = xml
req.xml.type = type
if path:
req.xml.path = path
rsp = self._send_request(req)
return rsp.status
def get_msg(self, block=True) -> WxMsg:
return self.msgQ.get(block, timeout=1)
@ -351,8 +363,8 @@ class Wcf():
friends = []
for cnt in self.get_contacts():
if (cnt.wxid.endswith("@chatroom") # 群聊
or cnt.wxid.startswith("gh_") # 公众号
or cnt.wxid in not_friends.keys() # 其他杂号
or cnt.wxid.startswith("gh_") # 公众号
or cnt.wxid in not_friends.keys() # 其他杂号
):
continue
friends.append(cnt)

10
rpc/proto/wcf.proto
View File

@ -31,6 +31,7 @@ enum Functions {
FUNC_SEND_TXT = 0x20;
FUNC_SEND_IMG = 0x21;
FUNC_SEND_FILE = 0x22;
FUNC_SEND_XML = 0x23;
FUNC_ENABLE_RECV_TXT = 0x30;
FUNC_DISABLE_RECV_TXT = 0x40;
FUNC_EXEC_DB_QUERY = 0x50;
@ -50,6 +51,7 @@ message Request
DbQuery query = 6;
Verification v = 7;
AddMembers m = 8;
XmlMsg xml = 9;
}
}
@ -96,6 +98,14 @@ message PathMsg
string receiver = 2; //
}
message XmlMsg
{
string receiver = 1; //
string content = 2; // xml
string path = 3; //
int32 type = 4; //
}
message MsgTypes { map<int32, string> types = 1; }
message RpcContact

5
spy/load_calls.cpp
View File

@ -11,8 +11,9 @@ WxCalls_t wxCalls = {
/* Receive Message:
Hook, call, type, self, id, msgXml, roomId, wxId, content */
{ 0x550F4C, 0xA96350, 0x38, 0x3C, 0x184, 0x1EC, 0x48, 0x170, 0x70 },
{ 0xBD780, 0x771980, 0x521640 }, // Send Image Message
{ 0xC3B70, 0x771980, 0x3ED8C0 }, // Send File Message
{ 0xBD780, 0x771980, 0x521640 }, // Send Image Message
{ 0xC3B70, 0x771980, 0x3ED8C0 }, // Send File Message
{ 0xB8A70, 0x3ED5E0, 0x107F00, 0x3ED7B0, 0x2386FE4 }, // Send xml message
/* Get Contacts:
Base, head, wxId, Code, Name, Gender, Country, Province, City*/
{ 0x23668F4, 0x4C, 0x30, 0x44, 0x8C, 0x184, 0x1D0, 0x1E4, 0x1F8 },

36
spy/rpc_server.cpp
View File

@ -234,6 +234,33 @@ bool func_send_file(char *path, char *receiver, uint8_t *out, size_t *len)
return true;
}
bool func_send_xml(XmlMsg xml, uint8_t *out, size_t *len)
{
Response rsp = Response_init_default;
rsp.func = Functions_FUNC_SEND_XML;
rsp.which_msg = Response_status_tag;
rsp.msg.status = 0;
if ((xml.content == NULL) || (xml.receiver == NULL)) {
rsp.msg.status = -1;
} else {
string receiver(xml.receiver);
string content(xml.content);
string path(xml.path ? xml.path : "");
uint32_t type = (uint32_t)xml.type;
SendXmlMessage(receiver, content, path, type);
}
pb_ostream_t stream = pb_ostream_from_buffer(out, *len);
if (!pb_encode(&stream, Response_fields, &rsp)) {
LOG_ERROR("Encoding failed: {}", PB_GET_ERROR(&stream));
return false;
}
*len = stream.bytes_written;
return true;
}
static void PushMessage()
{
static nng_socket msg_sock;
@ -417,7 +444,7 @@ static bool dispatcher(uint8_t *in, size_t in_len, uint8_t *out, size_t *out_len
return false;
}
LOG_DEBUG("Func: {}", (uint8_t)req.func);
LOG_DEBUG("Func: {:#x} Data: {}", (uint8_t)req.func, in_len);
switch (req.func) {
case Functions_FUNC_IS_LOGIN: {
LOG_DEBUG("[Functions_FUNC_IS_LOGIN]");
@ -464,6 +491,11 @@ static bool dispatcher(uint8_t *in, size_t in_len, uint8_t *out, size_t *out_len
ret = func_send_file(req.msg.file.path, req.msg.file.receiver, out, out_len);
break;
}
case Functions_FUNC_SEND_XML: {
LOG_DEBUG("[Functions_FUNC_SEND_XML]");
ret = func_send_xml(req.msg.xml, out, out_len);
break;
}
case Functions_FUNC_ENABLE_RECV_TXT: {
LOG_DEBUG("[Functions_FUNC_ENABLE_RECV_TXT]");
ret = func_enable_recv_txt(out, out_len);
@ -527,7 +559,7 @@ static int RunServer()
break;
}
LOG_BUFFER(in, in_len);
// LOG_BUFFER(in, in_len);
if (dispatcher(in, in_len, gBuffer, &out_len)) {
LOG_DEBUG("Send data length {}", out_len);
// LOG_BUFFER(gBuffer, out_len);

100
spy/send_msg.cpp
View File

@ -9,12 +9,13 @@
extern HANDLE g_hEvent;
extern WxCalls_t g_WxCalls;
extern DWORD g_WeChatWinDllAddr;
extern string GetSelfWxid(); // Defined in spy.cpp
void SendTextMessage(string wxid, string msg, string atWxids)
{
char buffer[0x3B0] = { 0 };
WxString_t txtMsg = { 0 };
WxString_t txtWxid = { 0 };
WxString_t wxMsg = { 0 };
WxString_t wxWxid = { 0 };
// 发送消息Call地址 = 微信基址 + 偏移
DWORD sendCallAddress = g_WeChatWinDllAddr + g_WxCalls.sendTextMsg;
@ -22,13 +23,13 @@ void SendTextMessage(string wxid, string msg, string atWxids)
wstring wsWxid = String2Wstring(wxid);
wstring wsMsg = String2Wstring(msg);
txtMsg.text = (wchar_t *)wsMsg.c_str();
txtMsg.size = wsMsg.size();
txtMsg.capacity = wsMsg.capacity();
wxMsg.text = (wchar_t *)wsMsg.c_str();
wxMsg.size = wsMsg.size();
wxMsg.capacity = wsMsg.capacity();
txtWxid.text = (wchar_t *)wsWxid.c_str();
txtWxid.size = wsWxid.size();
txtWxid.capacity = wsWxid.capacity();
wxWxid.text = (wchar_t *)wsWxid.c_str();
wxWxid.size = wsWxid.size();
wxWxid.capacity = wsWxid.capacity();
vector<WxString_t> vTxtAtWxids;
if (!atWxids.empty()) {
@ -51,9 +52,9 @@ void SendTextMessage(string wxid, string msg, string atWxids)
lea eax, vTxtAtWxids;
push 0x01;
push eax;
lea edi, txtMsg;
lea edi, wxMsg;
push edi;
lea edx, txtWxid;
lea edx, wxWxid;
lea ecx, buffer;
call sendCallAddress;
add esp, 0xC;
@ -173,3 +174,82 @@ void SendFileMessage(string wxid, string path)
popad;
}
}
void SendXmlMessage(string receiver, string xml, string path, int type)
{
if (g_WeChatWinDllAddr == 0) {
return;
}
// 发送消息Call地址 = 微信基址 + 偏移
DWORD sendXmlCall1 = g_WeChatWinDllAddr + g_WxCalls.sendXml.call1;
DWORD sendXmlCall2 = g_WeChatWinDllAddr + g_WxCalls.sendXml.call2;
DWORD sendXmlCall3 = g_WeChatWinDllAddr + g_WxCalls.sendXml.call3;
DWORD sendXmlCall4 = g_WeChatWinDllAddr + g_WxCalls.sendXml.call4;
DWORD sendXmlParam = g_WeChatWinDllAddr + g_WxCalls.sendXml.param;
char buffer[0xFF0] = { 0 };
char nullBuf[0x1C] = { 0 };
WxString_t wxReceiver = { 0 };
WxString_t wxXml = { 0 };
WxString_t wxPath = { 0 };
WxString_t wxNull = { 0 };
WxString_t wxSender = { 0 };
wstring wsSender = String2Wstring(GetSelfWxid());
wstring wsReceiver = String2Wstring(receiver);
wstring wsXml = String2Wstring(xml);
wxReceiver.text = (wchar_t *)wsReceiver.c_str();
wxReceiver.size = wsReceiver.size();
wxReceiver.capacity = wsReceiver.capacity();
wxXml.text = (wchar_t *)wsXml.c_str();
wxXml.size = wsXml.size();
wxXml.capacity = wsXml.capacity();
wxSender.text = (wchar_t *)wsSender.c_str();
wxSender.size = wsSender.size();
wxSender.capacity = wsSender.capacity();
if (!path.empty()) {
wstring wsPath = String2Wstring(path);
wxPath.text = (wchar_t *)wsPath.c_str();
wxPath.size = wsPath.size();
wxPath.capacity = wsPath.capacity();
}
DWORD sendtype = type;
__asm {
pushad;
pushfd;
lea ecx, buffer;
call sendXmlCall1;
mov eax, [sendtype];
push eax;
lea eax, nullBuf;
lea edx, wxSender;
push eax;
lea eax, wxPath;
push eax;
lea eax, wxXml;
push eax;
lea edi, wxReceiver;
push edi;
lea ecx, buffer;
call sendXmlCall2;
add esp, 0x14;
lea eax, wxNull;
push eax;
lea ecx, buffer;
call sendXmlCall3;
mov dl, 0x0;
lea ecx, buffer;
push sendXmlParam;
push sendXmlParam;
call sendXmlCall4;
add esp, 0x8;
popfd;
popad;
}
}

1
spy/send_msg.h
View File

@ -7,3 +7,4 @@ using namespace std;
void SendTextMessage(string wxid, string msg, string atWxids);
void SendImageMessage(string wxid, string path);
void SendFileMessage(string wxid, string path);
void SendXmlMessage(string receiver, string xml, string path, int type);

9
spy/spy_types.h
View File

@ -59,6 +59,14 @@ typedef struct RoomMember {
DWORD call3;
} RoomMember_t;
typedef struct Xml {
DWORD call1;
DWORD call2;
DWORD call3;
DWORD call4;
DWORD param;
} Xml_t;
typedef struct WxCalls {
DWORD login; // 登录状态
UserInfoCall_t ui; // 用户信息
@ -66,6 +74,7 @@ typedef struct WxCalls {
RecvMsg_t recvMsg; // 接收消息
Sendfile_t sendImg; // 发送图片
Sendfile_t sendFile; // 发送文件
Xml_t sendXml; // 发送XML
Contact_t contact; // 获取联系人
Sql_t sql; // 执行 SQL
NewFriend_t anf; // 通过好友申请