Impl Receive Message
This commit is contained in:
Changhua
parent
1028150f1f
commit
5f3ba38d87
@ -56,10 +56,10 @@ int main()
|
||||
if (status != 0) {
|
||||
return 0;
|
||||
}
|
||||
#if 0
|
||||
|
||||
wcout << L"Message: 接收通知中......" << endl;
|
||||
WxSetTextMsgCb(onTextMsg);
|
||||
|
||||
#if 0
|
||||
// 测试消息发送
|
||||
WxSendTextMsg(wxid, at_wxid, content);
|
||||
// 发送照片
|
||||
|
||||
@ -6,11 +6,11 @@
|
||||
#define SUPPORT_VERSION L"3.7.0.29"
|
||||
WxCalls_t wxCalls = {
|
||||
0x23631D0, // Login Status
|
||||
{ 0x1DDF4BC, 0x1DDF534, 0x1DDF568 }, // User Info: wxid, nickname, mobile
|
||||
{ 0x236307C, 0x23630F4, 0x2363128 }, // User Info: wxid, nickname, mobile
|
||||
0x3E3B80, // Send Message
|
||||
/* Receive Message:
|
||||
Hook, call, type, self, id, msgXml, roomId, wxId, content */
|
||||
{ 0x3C0D70, 0x3C0FA0, 0x38, 0x3C, 0x184, 0x1D8, 0x48, 0x170, 0x70 },
|
||||
{ 0x550F4C, 0xA94A50, 0x38, 0x3C, 0x184, 0x1EC, 0x48, 0x170, 0x70 },
|
||||
{ 0x5CCB50, 0x6F5C0, 0x3E3490 } // Send Image Message
|
||||
};
|
||||
|
||||
|
||||
@ -8,7 +8,6 @@
|
||||
|
||||
HANDLE g_hEvent = NULL;
|
||||
WxCalls_t g_WxCalls = { 0 };
|
||||
RpcMessage_t *g_pMsg = NULL; // Find a palce to free
|
||||
DWORD g_WeChatWinDllAddr = 0;
|
||||
|
||||
int InitDLL(void)
|
||||
@ -31,7 +30,6 @@ int InitDLL(void)
|
||||
return -3;
|
||||
}
|
||||
|
||||
g_pMsg = new RpcMessage_t;
|
||||
g_hEvent = CreateEvent(NULL, TRUE, FALSE, NULL);
|
||||
|
||||
return 0;
|
||||
@ -39,7 +37,7 @@ int InitDLL(void)
|
||||
|
||||
DWORD WINAPI Monitor(HMODULE hModule)
|
||||
{
|
||||
//ListenMessage();
|
||||
ListenMessage();
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
@ -14,39 +14,37 @@ MsgQueue_t g_MsgQueue;
|
||||
DWORD reg_buffer = 0;
|
||||
DWORD recvMsgCallAddr = 0;
|
||||
DWORD recvMsgJumpBackAddr = 0;
|
||||
RpcMessage_t *pMsg = NULL; // Find a palce to free
|
||||
|
||||
void DispatchMsg(DWORD reg)
|
||||
{
|
||||
DWORD **p = (DWORD **)reg; //消息结构基址
|
||||
DWORD *p = (DWORD *)reg; //消息结构基址
|
||||
|
||||
memset(g_pMsg, 0, sizeof(RpcMessage_t));
|
||||
memset(pMsg, 0, sizeof(RpcMessage_t));
|
||||
|
||||
g_pMsg->type = GET_DWORD(**p + g_WxCalls.recvMsg.type);
|
||||
g_pMsg->self = GET_DWORD(**p + g_WxCalls.recvMsg.isSelf);
|
||||
pMsg->type = GET_DWORD(*p + g_WxCalls.recvMsg.type);
|
||||
pMsg->self = GET_DWORD(*p + g_WxCalls.recvMsg.isSelf);
|
||||
|
||||
GetWstringByAddress(**p + g_WxCalls.recvMsg.msgId, g_pMsg->id, MSG_SIZE_MSG_ID);
|
||||
GetWstringByAddress(**p + g_WxCalls.recvMsg.msgXml, g_pMsg->xml, MSG_SIZE_MSG_XML);
|
||||
GetWstringByAddress(*p + g_WxCalls.recvMsg.msgId, pMsg->id, MSG_SIZE_MSG_ID);
|
||||
GetWstringByAddress(*p + g_WxCalls.recvMsg.msgXml, pMsg->xml, MSG_SIZE_MSG_XML);
|
||||
|
||||
if (wcsstr(g_pMsg->xml, L"<membercount>") == NULL) {
|
||||
// g_pMsg.roomId = {0};
|
||||
GetWstringByAddress(**p + g_WxCalls.recvMsg.roomId, g_pMsg->wxId, MSG_SIZE_WXID);
|
||||
if (wcsstr(pMsg->xml, L"<membercount>") == NULL) {
|
||||
// pMsg.roomId = {0};
|
||||
GetWstringByAddress(*p + g_WxCalls.recvMsg.roomId, pMsg->wxId, MSG_SIZE_WXID);
|
||||
} else {
|
||||
g_pMsg->source = 1;
|
||||
GetWstringByAddress(**p + g_WxCalls.recvMsg.roomId, g_pMsg->roomId, MSG_SIZE_ROOMID);
|
||||
GetWstringByAddress(**p + g_WxCalls.recvMsg.wxId, g_pMsg->wxId, MSG_SIZE_WXID);
|
||||
pMsg->source = 1;
|
||||
GetWstringByAddress(*p + g_WxCalls.recvMsg.roomId, pMsg->roomId, MSG_SIZE_ROOMID);
|
||||
GetWstringByAddress(*p + g_WxCalls.recvMsg.wxId, pMsg->wxId, MSG_SIZE_WXID);
|
||||
}
|
||||
GetWstringByAddress(**p + g_WxCalls.recvMsg.content, g_pMsg->content, MSG_SIZE_CONTENT);
|
||||
g_MsgQueue.push(*g_pMsg); // 发送消息
|
||||
SetEvent(g_hEvent); // 发送消息通知
|
||||
GetWstringByAddress(*p + g_WxCalls.recvMsg.content, pMsg->content, MSG_SIZE_CONTENT);
|
||||
g_MsgQueue.push(*pMsg); // 发送消息
|
||||
SetEvent(g_hEvent); // 发送消息通知
|
||||
}
|
||||
|
||||
__declspec(naked) void RecieveMsgHook()
|
||||
{
|
||||
__asm {
|
||||
push ebp // 保护现场
|
||||
add ebp, 0x3C // 地址为 ebp + 0x3C
|
||||
mov reg_buffer, ebp //把值复制出来
|
||||
pop ebp // 还原现场
|
||||
mov reg_buffer, edi //把值复制出来
|
||||
}
|
||||
|
||||
DispatchMsg(reg_buffer);
|
||||
@ -65,6 +63,7 @@ void ListenMessage()
|
||||
return;
|
||||
}
|
||||
|
||||
pMsg = new RpcMessage_t;
|
||||
DWORD hookAddress = g_WeChatWinDllAddr + g_WxCalls.recvMsg.hook;
|
||||
recvMsgCallAddr = g_WeChatWinDllAddr + g_WxCalls.recvMsg.call;
|
||||
recvMsgJumpBackAddr = hookAddress + 5;
|
||||
@ -76,4 +75,4 @@ void ListenMessage()
|
||||
|
||||
// 6FB6A350 E8 4B020000 call WeChatWi .6FB6A5A0;
|
||||
WriteProcessMemory(GetCurrentProcess(), (LPVOID)hookAddress, jmpCode, 5, 0);
|
||||
}
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user