From 479827789da0def4d171af9e90bb1d5d960ce258 Mon Sep 17 00:00:00 2001 From: Changhua Date: Sat, 3 Jun 2023 18:13:18 +0800 Subject: [PATCH] Impl Functions_FUNC_SEND_IMG --- spy/load_calls.cpp | 2 +- spy/rpc_server.cpp | 2 +- spy/send_msg.cpp | 45 +++++++++++++++++++++++++-------------------- spy/spy_types.h | 1 + 4 files changed, 28 insertions(+), 22 deletions(-) diff --git a/spy/load_calls.cpp b/spy/load_calls.cpp index 1164c98..606811d 100644 --- a/spy/load_calls.cpp +++ b/spy/load_calls.cpp @@ -11,7 +11,7 @@ WxCalls_t wxCalls = { /* Receive Message: Hook, call, type, self, id, msgXml, roomId, wxId, content, thumb, extra */ { 0x550F4C, 0xA96350, 0x38, 0x3C, 0x184, 0x1EC, 0x48, 0x170, 0x70, 0x198, 0x1AC }, - { 0xBD780, 0x771980, 0x521640 }, // Send Image Message + { 0x768140, 0XF59E40, 0XCE6640, 0x756960 }, // Send Image Message { 0xC3B70, 0x771980, 0x3ED8C0 }, // Send File Message { 0xB8A70, 0x3ED5E0, 0x107F00, 0x3ED7B0, 0x2386FE4 }, // Send xml Message { 0x771980, 0x4777E0, 0x239E888 }, // Send Emotion Message diff --git a/spy/rpc_server.cpp b/spy/rpc_server.cpp index 3d76804..5aa0c48 100644 --- a/spy/rpc_server.cpp +++ b/spy/rpc_server.cpp @@ -584,12 +584,12 @@ static bool dispatcher(uint8_t *in, size_t in_len, uint8_t *out, size_t *out_len ret = func_send_txt(req.msg.txt, out, out_len); break; } -#if 0 case Functions_FUNC_SEND_IMG: { LOG_DEBUG("[Functions_FUNC_SEND_IMG]"); ret = func_send_img(req.msg.file.path, req.msg.file.receiver, out, out_len); break; } +#if 0 case Functions_FUNC_SEND_FILE: { LOG_DEBUG("[Functions_FUNC_SEND_FILE]"); ret = func_send_file(req.msg.file.path, req.msg.file.receiver, out, out_len); diff --git a/spy/send_msg.cpp b/spy/send_msg.cpp index d26ca62..737280b 100644 --- a/spy/send_msg.cpp +++ b/spy/send_msg.cpp @@ -13,7 +13,7 @@ extern string GetSelfWxid(); // Defined in spy.cpp void SendTextMessage(string wxid, string msg, string atWxids) { - int success = 0; + int success = 0; char buffer[0x2D8] = { 0 }; WxString_t wxMsg = { 0 }; WxString_t wxWxid = { 0 }; @@ -78,11 +78,12 @@ void SendImageMessage(string wxid, string path) if (g_WeChatWinDllAddr == 0) { return; } + int success = 0; DWORD tmpEAX = 0; - char buf1[0x48] = { 0 }; - char buf2[0x3B0] = { 0 }; + char buf[0x2D8] = { 0 }; WxString_t imgWxid = { 0 }; WxString_t imgPath = { 0 }; + WxString_t unkObj = { 0 }; wstring wsWxid = String2Wstring(wxid); wstring wspath = String2Wstring(path); @@ -99,25 +100,29 @@ void SendImageMessage(string wxid, string path) DWORD sendCall1 = g_WeChatWinDllAddr + g_WxCalls.sendImg.call1; DWORD sendCall2 = g_WeChatWinDllAddr + g_WxCalls.sendImg.call2; DWORD sendCall3 = g_WeChatWinDllAddr + g_WxCalls.sendImg.call3; + DWORD sendCall4 = g_WeChatWinDllAddr + g_WxCalls.sendImg.call4; __asm { - pushad - call sendCall1 - sub esp, 0x14 - mov tmpEAX, eax - lea eax, buf1 - mov ecx, esp - lea edi, imgPath - push eax - call sendCall2 - mov ecx, dword ptr[tmpEAX] - lea eax, imgWxid - push edi - push eax - lea eax, buf2 - push eax - call sendCall3 - popad + pushad; + call sendCall1; + sub esp,0x14; + mov tmpEAX,eax; + lea eax,unkObj; + mov ecx,esp; + lea edi,imgPath; + push eax; + call sendCall2; + mov ecx,dword ptr [tmpEAX]; + lea eax,imgWxid; + push edi; + push eax; + lea eax,buf; + push eax; + call sendCall3; + mov success,eax; + lea ecx,buf; + call sendCall4; + popad; } } diff --git a/spy/spy_types.h b/spy/spy_types.h index baf71bc..d4ed35b 100644 --- a/spy/spy_types.h +++ b/spy/spy_types.h @@ -33,6 +33,7 @@ typedef struct Sendfile { DWORD call1; DWORD call2; DWORD call3; + DWORD call4; } Sendfile_t; typedef struct Contact {