diff --git a/WeChatFerry/WeChatFerry.sln b/WeChatFerry/WeChatFerry.sln
index 4573c46..2122ba1 100644
--- a/WeChatFerry/WeChatFerry.sln
+++ b/WeChatFerry/WeChatFerry.sln
@@ -10,11 +10,6 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "sdk", "sdk\sdk.vcxproj", "{
{4DE80B82-5F6A-4C4C-9D16-1574308110FA} = {4DE80B82-5F6A-4C4C-9D16-1574308110FA}
EndProjectSection
EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "wcf", "wcf\wcf.vcxproj", "{02747CE0-AD9F-4812-B019-FCF9867F7514}"
- ProjectSection(ProjectDependencies) = postProject
- {4DE80B82-5F6A-4C4C-9D16-1574308110FA} = {4DE80B82-5F6A-4C4C-9D16-1574308110FA}
- EndProjectSection
-EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|x64 = Debug|x64
@@ -28,9 +23,6 @@ Global
{ABFCB647-137F-478B-A73E-F0B1E3ADC215}.Debug|x64.ActiveCfg = Debug|x64
{ABFCB647-137F-478B-A73E-F0B1E3ADC215}.Release|x64.ActiveCfg = Release|x64
{ABFCB647-137F-478B-A73E-F0B1E3ADC215}.Release|x64.Build.0 = Release|x64
- {02747CE0-AD9F-4812-B019-FCF9867F7514}.Debug|x64.ActiveCfg = Debug|x64
- {02747CE0-AD9F-4812-B019-FCF9867F7514}.Release|x64.ActiveCfg = Release|x64
- {02747CE0-AD9F-4812-B019-FCF9867F7514}.Release|x64.Build.0 = Release|x64
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
diff --git a/WeChatFerry/spy/log.cpp b/WeChatFerry/com/log.cpp
similarity index 94%
rename from WeChatFerry/spy/log.cpp
rename to WeChatFerry/com/log.cpp
index 6242800..e06c0e9 100644
--- a/WeChatFerry/spy/log.cpp
+++ b/WeChatFerry/com/log.cpp
@@ -40,7 +40,7 @@ static char buf[BUF_SIZE] = { 0 };
void log_buffer(uint8_t *buffer, size_t len)
{
- size_t j = sprintf_s(buf, BUF_SIZE, "BUF@%08X[%ld]: ", (uint32_t)buffer, len);
+ size_t j = sprintf_s(buf, BUF_SIZE, "BUF@%p[%zd]: ", buffer, len);
for (size_t i = 0; i < len; i++) {
j += sprintf_s(buf + j, BUF_SIZE, "%02X ", buffer[i]);
if (j > BUF_SIZE - 3) {
diff --git a/WeChatFerry/spy/log.h b/WeChatFerry/com/log.h
similarity index 100%
rename from WeChatFerry/spy/log.h
rename to WeChatFerry/com/log.h
diff --git a/WeChatFerry/spy/util.cpp b/WeChatFerry/com/util.cpp
similarity index 100%
rename from WeChatFerry/spy/util.cpp
rename to WeChatFerry/com/util.cpp
diff --git a/WeChatFerry/spy/util.h b/WeChatFerry/com/util.h
similarity index 100%
rename from WeChatFerry/spy/util.h
rename to WeChatFerry/com/util.h
diff --git a/WeChatFerry/sdk/SDK.vcxproj b/WeChatFerry/sdk/SDK.vcxproj
index b8bd869..be6bfb4 100644
--- a/WeChatFerry/sdk/SDK.vcxproj
+++ b/WeChatFerry/sdk/SDK.vcxproj
@@ -164,7 +164,7 @@
stdcpp17
- $(SolutionDir)spy;C:\Tools\vcpkg\installed\x64-windows-static\include
+ $(SolutionDir)com;$(SolutionDir)spy;C:\Tools\vcpkg\installed\x64-windows-static\include
true
MultiThreaded
@@ -185,15 +185,15 @@
-
-
+
+
-
-
+
+
diff --git a/WeChatFerry/sdk/SDK.vcxproj.filters b/WeChatFerry/sdk/SDK.vcxproj.filters
index 8f8a4a5..f38f11a 100644
--- a/WeChatFerry/sdk/SDK.vcxproj.filters
+++ b/WeChatFerry/sdk/SDK.vcxproj.filters
@@ -21,32 +21,32 @@
头文件
-
- 头文件
-
-
- 头文件
-
头文件
+
+ 头文件
+
+
+ 头文件
+
源文件
-
- 源文件
-
-
- 源文件
-
源文件
源文件
+
+ 源文件
+
+
+ 源文件
+
diff --git a/WeChatFerry/sdk/injector.cpp b/WeChatFerry/sdk/injector.cpp
index 9146f49..fa67e55 100644
--- a/WeChatFerry/sdk/injector.cpp
+++ b/WeChatFerry/sdk/injector.cpp
@@ -1,22 +1,5 @@
#include "injector.h"
-typedef BOOL(WINAPI *LPFN_ISWOW64PROCESS)(HANDLE, PBOOL);
-
-static void ShowErrorMessage(DWORD dwError, HANDLE hProcess)
-{
- BOOL bIsWow64 = FALSE;
- WCHAR szErrorMessage[256] = { 0 };
- LPFN_ISWOW64PROCESS fnIsWow64Process
- = (LPFN_ISWOW64PROCESS)GetProcAddress(GetModuleHandle(TEXT("kernel32")), "IsWow64Process");
- if (fnIsWow64Process != NULL && fnIsWow64Process(hProcess, &bIsWow64)) {
- if (bIsWow64) {
- wsprintf(szErrorMessage, L"LoadLibrary 调用失败,请检查应用版本/位数。错误码: %lu", dwError);
- }
- }
- wsprintf(szErrorMessage, L"LoadLibrary 调用失败。错误码: %lu", dwError);
- MessageBox(NULL, szErrorMessage, L"InjectDll", 0);
-}
-
HANDLE InjectDll(DWORD pid, LPCWSTR dllPath, HMODULE *injectedBase)
{
HANDLE hThread;
@@ -39,9 +22,20 @@ HANDLE InjectDll(DWORD pid, LPCWSTR dllPath, HMODULE *injectedBase)
WriteProcessMemory(hProcess, pRemoteAddress, dllPath, cszDLL, NULL);
// 3. 创建一个远程线程,让目标进程调用 LoadLibrary
- hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)LoadLibrary, pRemoteAddress, 0, NULL);
+ HMODULE k32 = GetModuleHandle(L"kernel32.dll");
+ if (k32 == NULL) {
+ MessageBox(NULL, L"获取 kernel32 失败", L"InjectDll", 0);
+ return NULL;
+ }
+
+ FARPROC libAddr = GetProcAddress(k32, "LoadLibraryW");
+ if (!libAddr) {
+ MessageBox(NULL, L"获取 LoadLibrary 失败", L"InjectDll", 0);
+ return NULL;
+ }
+
+ hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)libAddr, pRemoteAddress, 0, NULL);
if (hThread == NULL) {
- ShowErrorMessage(GetLastError(), hProcess);
VirtualFreeEx(hProcess, pRemoteAddress, 0, MEM_RELEASE);
CloseHandle(hProcess);
@@ -49,7 +43,7 @@ HANDLE InjectDll(DWORD pid, LPCWSTR dllPath, HMODULE *injectedBase)
}
WaitForSingleObject(hThread, -1);
- GetExitCodeThread(hThread, (LPDWORD)injectedBase);
+ // GetExitCodeThread(hThread, (LPDWORD)injectedBase);
CloseHandle(hThread);
VirtualFreeEx(hProcess, pRemoteAddress, 0, MEM_RELEASE);
// CloseHandle(hProcess); // Close when exit
@@ -62,7 +56,18 @@ bool EjectDll(HANDLE process, HMODULE dllBase)
HANDLE hThread = NULL;
// 使目标进程调用 FreeLibrary,卸载 DLL
- hThread = CreateRemoteThread(process, NULL, 0, (LPTHREAD_START_ROUTINE)FreeLibrary, (LPVOID)dllBase, 0, NULL);
+ HMODULE k32 = GetModuleHandle(L"kernel32.dll");
+ if (k32 == NULL) {
+ MessageBox(NULL, L"获取 kernel32 失败", L"InjectDll", 0);
+ return NULL;
+ }
+
+ FARPROC libAddr = GetProcAddress(k32, "FreeLibrary");
+ if (!libAddr) {
+ MessageBox(NULL, L"获取 FreeLibrary 失败", L"InjectDll", 0);
+ return NULL;
+ }
+ hThread = CreateRemoteThread(process, NULL, 0, (LPTHREAD_START_ROUTINE)libAddr, (LPVOID)dllBase, 0, NULL);
if (hThread == NULL) {
MessageBox(NULL, L"FreeLibrary 调用失败!", L"EjectDll", 0);
return false;
@@ -81,8 +86,8 @@ static void *GetFuncAddr(LPCWSTR dllPath, HMODULE dllBase, LPCSTR funcName)
return NULL;
}
- void *absAddr = GetProcAddress(hLoaded, funcName);
- DWORD offset = (DWORD)absAddr - (DWORD)hLoaded;
+ void *absAddr = GetProcAddress(hLoaded, funcName);
+ DWORD offset = (DWORD)absAddr - (DWORD)hLoaded;
FreeLibrary(hLoaded);
@@ -102,7 +107,7 @@ bool CallDllFunc(HANDLE process, LPCWSTR dllPath, HMODULE dllBase, LPCSTR funcNa
}
WaitForSingleObject(hThread, INFINITE);
if (ret != NULL) {
- GetExitCodeThread(hThread, ret);
+ GetExitCodeThread(hThread, (LPDWORD)ret);
}
CloseHandle(hThread);
@@ -134,7 +139,7 @@ bool CallDllFuncEx(HANDLE process, LPCWSTR dllPath, HMODULE dllBase, LPCSTR func
WaitForSingleObject(hThread, INFINITE);
VirtualFree(pRemoteAddress, 0, MEM_RELEASE);
if (ret != NULL) {
- GetExitCodeThread(hThread, ret);
+ GetExitCodeThread(hThread, (LPDWORD)ret);
}
CloseHandle(hThread);
diff --git a/WeChatFerry/sdk/sdk.cpp b/WeChatFerry/sdk/sdk.cpp
index 0b996bc..b657403 100644
--- a/WeChatFerry/sdk/sdk.cpp
+++ b/WeChatFerry/sdk/sdk.cpp
@@ -17,16 +17,16 @@ static WCHAR spyDllPath[MAX_PATH] = { 0 };
static int GetDllPath(bool debug, wchar_t *dllPath)
{
- GetModuleFileName(GetModuleHandle(WECHATSDKDLL), spyDllPath, MAX_PATH);
- PathRemoveFileSpec(spyDllPath);
+ GetModuleFileName(GetModuleHandle(WECHATSDKDLL), dllPath, MAX_PATH);
+ PathRemoveFileSpec(dllPath);
if (debug) {
- PathAppend(spyDllPath, WECHATINJECTDLL_DEBUG);
+ PathAppend(dllPath, WECHATINJECTDLL_DEBUG);
} else {
- PathAppend(spyDllPath, WECHATINJECTDLL);
+ PathAppend(dllPath, WECHATINJECTDLL);
}
- if (!PathFileExists(spyDllPath)) {
- MessageBox(NULL, spyDllPath, L"文件不存在", 0);
+ if (!PathFileExists(dllPath)) {
+ MessageBox(NULL, dllPath, L"文件不存在", 0);
return ERROR_FILE_NOT_FOUND;
}
@@ -56,14 +56,17 @@ int WxInitSDK(bool debug, int port)
return -1;
}
+ return 0;
+
PortPath_t pp = { 0 };
pp.port = port;
sprintf_s(pp.path, MAX_PATH, "%s", std::filesystem::current_path().string().c_str());
- if (!CallDllFuncEx(wcProcess, spyDllPath, spyBase, "InitSpy", (LPVOID)&pp, sizeof(PortPath_t), NULL)) {
- MessageBox(NULL, L"初始化失败", L"WxInitSDK", 0);
- return -1;
- }
+ MessageBoxA(NULL, pp.path, "WxInitSDK", 0);
+ // if (!CallDllFuncEx(wcProcess, spyDllPath, spyBase, "InitSpy", (LPVOID)&pp, sizeof(PortPath_t), NULL)) {
+ // MessageBox(NULL, L"初始化失败", L"WxInitSDK", 0);
+ // return -1;
+ // }
#ifdef WCF
FILE *fd = fopen(WCF_LOCK, "wb");
diff --git a/WeChatFerry/spy/Spy.vcxproj b/WeChatFerry/spy/Spy.vcxproj
index 4c1d724..c81c7d0 100644
--- a/WeChatFerry/spy/Spy.vcxproj
+++ b/WeChatFerry/spy/Spy.vcxproj
@@ -83,6 +83,7 @@
true
+ $(ProjectName)_debug
false
@@ -203,7 +204,7 @@ $(SolutionDir)rpc\tool\protoc --nanopb_out=. wcf.proto
stdcpp17
- $(SolutionDir)rpc;$(SolutionDir)rpc\nanopb;$(SolutionDir)rpc\proto;$(SolutionDir)smc;$(SolutionDir)spy;C:\Tools\vcpkg\installed\x64-windows-static\include
+ $(SolutionDir)com;$(SolutionDir)rpc;$(SolutionDir)rpc\nanopb;$(SolutionDir)rpc\proto;$(SolutionDir)smc;$(SolutionDir)spy;C:\Tools\vcpkg\installed\x64-windows-static\include
true
false
MultiThreadedDebug
@@ -253,7 +254,7 @@ xcopy /y $(OutDir)$(TargetFileName) $(SolutionDir)..\clients\python\wcferry
stdcpp17
- $(SolutionDir)rpc;$(SolutionDir)rpc\nanopb;$(SolutionDir)rpc\proto;$(SolutionDir)smc;$(SolutionDir)spy;C:\Tools\vcpkg\installed\x64-windows-static\include
+ $(SolutionDir)com;$(SolutionDir)rpc;$(SolutionDir)rpc\nanopb;$(SolutionDir)rpc\proto;$(SolutionDir)smc;$(SolutionDir)spy;C:\Tools\vcpkg\installed\x64-windows-static\include
false
4251;4731;4819
@@ -271,8 +272,24 @@ xcopy /y $(OutDir)$(TargetFileName) $(SolutionDir)..\clients\python\wcferryiphlpapi.lib;wsock32.lib;ws2_32.lib;crypt32.lib;Codec.lib;%(AdditionalDependencies)
/ignore:4099 %(AdditionalOptions)
+
+ Generating PB files
+ cd $(SolutionDir)rpc\proto
+$(SolutionDir)rpc\tool\protoc --nanopb_out=. wcf.proto
+
+
+ Copy spy.dll
+ if not exist $(SolutionDir)Out md $(SolutionDir)Out
+xcopy /y $(OutDir)$(TargetFileName) $(SolutionDir)Out
+xcopy /y $(OutDir)$(TargetName).exp $(SolutionDir)Out
+xcopy /y $(OutDir)$(TargetName).lib $(SolutionDir)Out
+xcopy /y $(OutDir)$(TargetName).pdb $(SolutionDir)Out
+xcopy /y $(OutDir)$(TargetFileName) $(SolutionDir)..\clients\python\wcferry
+
+
+
@@ -287,7 +304,6 @@ xcopy /y $(OutDir)$(TargetFileName) $(SolutionDir)..\clients\python\wcferry
-
@@ -297,9 +313,10 @@ xcopy /y $(OutDir)$(TargetFileName) $(SolutionDir)..\clients\python\wcferry
-
+
+
@@ -311,14 +328,12 @@ xcopy /y $(OutDir)$(TargetFileName) $(SolutionDir)..\clients\python\wcferry
-
-
diff --git a/WeChatFerry/spy/Spy.vcxproj.filters b/WeChatFerry/spy/Spy.vcxproj.filters
index 1574f30..8bd6b31 100644
--- a/WeChatFerry/spy/Spy.vcxproj.filters
+++ b/WeChatFerry/spy/Spy.vcxproj.filters
@@ -24,9 +24,6 @@
头文件
-
- 头文件
-
头文件
@@ -48,9 +45,6 @@
头文件
-
- 头文件
-
nnrpc
@@ -93,6 +87,12 @@
头文件
+
+ 头文件
+
+
+ 头文件
+
@@ -101,9 +101,6 @@
源文件
-
- 源文件
-
源文件
@@ -122,9 +119,6 @@
源文件
-
- 源文件
-
nnrpc
@@ -152,6 +146,12 @@
源文件
+
+ 源文件
+
+
+ 源文件
+
diff --git a/WeChatFerry/spy/spy.cpp b/WeChatFerry/spy/spy.cpp
index 55c98ba..ffabb53 100644
--- a/WeChatFerry/spy/spy.cpp
+++ b/WeChatFerry/spy/spy.cpp
@@ -11,6 +11,8 @@ DWORD g_WeChatWinDllAddr = 0;
void InitSpy(LPVOID args)
{
+ MessageBox(NULL, L"InitSpy", L"InitSpy", 0);
+#if 0
wchar_t version[16] = { 0 };
PortPath_t *pp = (PortPath_t *)args;
int port = pp->port;
@@ -35,8 +37,9 @@ void InitSpy(LPVOID args)
}
RpcStartServer(port);
+#endif
}
-void CleanupSpy() { RpcStopServer(); }
+void CleanupSpy() { /*RpcStopServer();*/ }
int IsLogin(void) { return (int)GET_DWORD(g_WeChatWinDllAddr + g_WxCalls.login); }
diff --git a/WeChatFerry/spy/spy_types.h b/WeChatFerry/spy/spy_types.h
index 08fa4ae..2bb396a 100644
--- a/WeChatFerry/spy/spy_types.h
+++ b/WeChatFerry/spy/spy_types.h
@@ -206,8 +206,8 @@ struct WxString {
WxString(std::wstring &ws)
{
wptr = ws.c_str();
- size = ws.size();
- capacity = ws.capacity();
+ size = (DWORD)ws.size();
+ capacity = (DWORD)ws.capacity();
ptr = NULL;
clen = 0;
}
diff --git a/WeChatFerry/wcf/main.cpp b/WeChatFerry/wcf/main.cpp
deleted file mode 100644
index 43d797b..0000000
--- a/WeChatFerry/wcf/main.cpp
+++ /dev/null
@@ -1,34 +0,0 @@
-#include
-#include
-#include
-
-#include "sdk.h"
-
-void help()
-{
- printf("\nUsage: \n启动: wcf.exe start port [debug]\n关闭: wcf.exe stop\nport: 命令端口, 消息端口为命令端口+1\n");
-}
-
-int main(int argc, char *argv[])
-{
- int ret = -1;
- bool debug = false;
-
- if ((argc < 2) || (argc > 4)) {
- help();
- } else if (argc == 4) {
- debug = (strcmp(argv[3], "debug") == 0);
- }
-
- if (strcmp(argv[1], "start") == 0) {
- int port = strtol(argv[2], NULL, 10);
-
- ret = WxInitSDK(debug, port);
- } else if (strcmp(argv[1], "stop") == 0) {
- ret = WxDestroySDK();
- } else {
- help();
- }
-
- return ret;
-}
diff --git a/WeChatFerry/wcf/wcf.vcxproj b/WeChatFerry/wcf/wcf.vcxproj
deleted file mode 100644
index f156940..0000000
--- a/WeChatFerry/wcf/wcf.vcxproj
+++ /dev/null
@@ -1,188 +0,0 @@
-
-
-
-
- Debug
- Win32
-
-
- Release
- Win32
-
-
- Debug
- x64
-
-
- Release
- x64
-
-
-
- 16.0
- Win32Proj
- {02747ce0-ad9f-4812-b019-fcf9867f7514}
- wcf
- 10.0
-
-
-
- Application
- true
- v142
- Unicode
-
-
- Application
- false
- v142
- true
- Unicode
-
-
- Application
- true
- v142
- Unicode
-
-
- Application
- false
- v142
- true
- Unicode
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- true
-
-
- false
-
-
- true
-
-
- false
-
-
- true
- x86-windows-static
-
-
- true
- x64-windows-static
-
-
-
- Level3
- true
- WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)
- true
-
-
- Console
- true
-
-
-
-
- Level3
- true
- true
- true
- WIN32;NDEBUG;_CONSOLE;WCF;%(PreprocessorDefinitions)
- true
- $(SolutionDir)sdk;$(SolutionDir)spy;C:\Tools\vcpkg\installed\x86-windows-static\include
- MultiThreaded
- stdcpp17
- 4996
-
-
- Console
- true
- true
- true
-
-
- xcopy /y $(OutDir)$(TargetFileName) $(SolutionDir)Out
-xcopy /y $(OutDir)$(TargetFileName) $(SolutionDir)..\clients\python\wcferry
-
-
- Copy files
-
-
-
-
- Level3
- true
- _DEBUG;_CONSOLE;%(PreprocessorDefinitions)
- true
-
-
- Console
- true
-
-
-
-
- Level3
- true
- true
- true
- WIN32;NDEBUG;_CONSOLE;WCF;%(PreprocessorDefinitions)
- true
- stdcpp17
- $(SolutionDir)sdk;$(SolutionDir)spy;C:\Tools\vcpkg\installed\x64-windows-static\include
- MultiThreaded
- 4996
-
-
- Console
- true
- true
- false
-
-
- xcopy /y $(OutDir)$(TargetFileName) $(SolutionDir)Out
-xcopy /y $(OutDir)$(TargetFileName) $(SolutionDir)..\clients\python\wcferry
-
-
- Copy files
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/WeChatFerry/wcf/wcf.vcxproj.filters b/WeChatFerry/wcf/wcf.vcxproj.filters
deleted file mode 100644
index aee99f2..0000000
--- a/WeChatFerry/wcf/wcf.vcxproj.filters
+++ /dev/null
@@ -1,51 +0,0 @@
-
-
-
-
- {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
- cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx
-
-
- {93995380-89BD-4b04-88EB-625FBE52EBFB}
- h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd
-
-
- {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
- rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
-
-
-
-
- 头文件
-
-
- 头文件
-
-
- 头文件
-
-
- 头文件
-
-
- 头文件
-
-
-
-
- 源文件
-
-
- 源文件
-
-
- 源文件
-
-
- 源文件
-
-
- 源文件
-
-
-
\ No newline at end of file
diff --git a/WeChatFerry/wcf/wcf.vcxproj.user b/WeChatFerry/wcf/wcf.vcxproj.user
deleted file mode 100644
index 88a5509..0000000
--- a/WeChatFerry/wcf/wcf.vcxproj.user
+++ /dev/null
@@ -1,4 +0,0 @@
-
-
-
-
\ No newline at end of file