diff --git a/WeChatFerry/spy/chatroom_mgmt.cpp b/WeChatFerry/spy/chatroom_mgmt.cpp index 23d5d8b..f26e351 100644 --- a/WeChatFerry/spy/chatroom_mgmt.cpp +++ b/WeChatFerry/spy/chatroom_mgmt.cpp @@ -3,15 +3,17 @@ #include #include "chatroom_mgmt.h" -#include "load_calls.h" #include "log.h" #include "util.h" using namespace std; - -extern WxCalls_t g_WxCalls; extern QWORD g_WeChatWinDllAddr; +#define OS_GET_CHATROOM_MGR 0x1C4E200 +#define OS_ADD_MEMBERS 0x221B8A0 +#define OS_DELETE_MEMBERS 0x221BEE0 +#define OS_INVITE_MEMBERS 0x221B280 + typedef QWORD (*GetChatRoomMgr_t)(); typedef QWORD (*AddMemberToChatRoom_t)(QWORD, QWORD, QWORD, QWORD); typedef QWORD (*DelMemberFromChatRoom_t)(QWORD, QWORD, QWORD); @@ -26,8 +28,8 @@ int AddChatroomMember(string roomid, string wxids) return status; } - GetChatRoomMgr_t GetChatRoomMgr = (GetChatRoomMgr_t)(g_WeChatWinDllAddr + g_WxCalls.arm.call1); - AddMemberToChatRoom_t AddMembers = (AddMemberToChatRoom_t)(g_WeChatWinDllAddr + g_WxCalls.arm.call2); + GetChatRoomMgr_t GetChatRoomMgr = (GetChatRoomMgr_t)(g_WeChatWinDllAddr + OS_GET_CHATROOM_MGR); + AddMemberToChatRoom_t AddMembers = (AddMemberToChatRoom_t)(g_WeChatWinDllAddr + OS_ADD_MEMBERS); vector vMembers; vector vWxMembers; @@ -58,8 +60,8 @@ int DelChatroomMember(string roomid, string wxids) return status; } - GetChatRoomMgr_t GetChatRoomMgr = (GetChatRoomMgr_t)(g_WeChatWinDllAddr + g_WxCalls.drm.call1); - DelMemberFromChatRoom_t DelMembers = (DelMemberFromChatRoom_t)(g_WeChatWinDllAddr + g_WxCalls.drm.call2); + GetChatRoomMgr_t GetChatRoomMgr = (GetChatRoomMgr_t)(g_WeChatWinDllAddr + OS_GET_CHATROOM_MGR); + DelMemberFromChatRoom_t DelMembers = (DelMemberFromChatRoom_t)(g_WeChatWinDllAddr + OS_DELETE_MEMBERS); vector vMembers; vector vWxMembers; @@ -89,7 +91,7 @@ int InviteChatroomMember(string roomid, string wxids) return status; } - InviteMemberToChatRoom_t InviteMembers = (InviteMemberToChatRoom_t)(g_WeChatWinDllAddr + g_WxCalls.irm.call1); + InviteMemberToChatRoom_t InviteMembers = (InviteMemberToChatRoom_t)(g_WeChatWinDllAddr + OS_INVITE_MEMBERS); vector vMembers; vector vWxMembers; diff --git a/WeChatFerry/spy/contact_mgmt.cpp b/WeChatFerry/spy/contact_mgmt.cpp index 7873507..3b7b559 100644 --- a/WeChatFerry/spy/contact_mgmt.cpp +++ b/WeChatFerry/spy/contact_mgmt.cpp @@ -1,14 +1,23 @@ #pragma execution_character_set("utf-8") #include "contact_mgmt.h" -#include "load_calls.h" #include "log.h" #include "util.h" using namespace std; -extern WxCalls_t g_WxCalls; extern QWORD g_WeChatWinDllAddr; +#define OS_GET_CONTACT_MGR 0x1C0BDE0 +#define OS_GET_CONTACT_LIST 0x2265540 +#define OS_CONTACT_BIN 0x200 +#define OS_CONTACT_BIN_LEN 0x208 +#define OS_CONTACT_WXID 0x10 +#define OS_CONTACT_CODE 0x30 +#define OS_CONTACT_REMARK 0x80 +#define OS_CONTACT_NAME 0xA0 +#define OS_CONTACT_GENDER 0x0E +#define OS_CONTACT_STEP 0x6A8 + typedef QWORD (*GetContactMgr_t)(); typedef QWORD (*GetContactList_t)(QWORD, QWORD); @@ -48,8 +57,8 @@ static string GetCntString(QWORD start, QWORD end, const uint8_t *feat, size_t l vector GetContacts() { vector contacts; - GetContactMgr_t funcGetContactMgr = (GetContactMgr_t)(g_WeChatWinDllAddr + 0x1C0BDE0); - GetContactList_t funcGetContactList = (GetContactList_t)(g_WeChatWinDllAddr + 0x2265540); + GetContactMgr_t funcGetContactMgr = (GetContactMgr_t)(g_WeChatWinDllAddr + OS_GET_CONTACT_MGR); + GetContactList_t funcGetContactList = (GetContactList_t)(g_WeChatWinDllAddr + OS_GET_CONTACT_LIST); QWORD mgr = funcGetContactMgr(); QWORD addr[3] = { 0 }; @@ -62,13 +71,13 @@ vector GetContacts() QWORD pend = (QWORD)addr[2]; while (pstart < pend) { RpcContact_t cnt; - QWORD pbin = GET_QWORD(pstart + 0x200); - QWORD lenbin = GET_DWORD(pstart + 0x208); + QWORD pbin = GET_QWORD(pstart + OS_CONTACT_BIN); + QWORD lenbin = GET_DWORD(pstart + OS_CONTACT_BIN_LEN); - cnt.wxid = GetStringByWstrAddr(pstart + g_WxCalls.contact.wxId); // 0x10 - cnt.code = GetStringByWstrAddr(pstart + g_WxCalls.contact.wxCode); // 0x30 - cnt.remark = GetStringByWstrAddr(pstart + g_WxCalls.contact.wxRemark); // 0x80 - cnt.name = GetStringByWstrAddr(pstart + g_WxCalls.contact.wxName); // 0xA0 + cnt.wxid = GetStringByWstrAddr(pstart + OS_CONTACT_WXID); + cnt.code = GetStringByWstrAddr(pstart + OS_CONTACT_CODE); + cnt.remark = GetStringByWstrAddr(pstart + OS_CONTACT_REMARK); + cnt.name = GetStringByWstrAddr(pstart + OS_CONTACT_NAME); cnt.country = GetCntString(pbin, pbin + lenbin, FEAT_COUNTRY, FEAT_LEN); cnt.province = GetCntString(pbin, pbin + lenbin, FEAT_PROVINCE, FEAT_LEN); @@ -77,11 +86,11 @@ vector GetContacts() if (pbin == 0) { cnt.gender = 0; } else { - cnt.gender = (DWORD) * (uint8_t *)(pbin + g_WxCalls.contact.wxGender); // 0x0E + cnt.gender = (DWORD) * (uint8_t *)(pbin + OS_CONTACT_GENDER); } contacts.push_back(cnt); - pstart += 0x6A8; // 0x6A8 + pstart += OS_CONTACT_STEP; } return contacts; diff --git a/WeChatFerry/spy/funcs.cpp b/WeChatFerry/spy/funcs.cpp index 0c0f4cf..8266b76 100644 --- a/WeChatFerry/spy/funcs.cpp +++ b/WeChatFerry/spy/funcs.cpp @@ -11,6 +11,12 @@ #include "spy_types.h" #include "util.h" +using namespace std; +namespace fs = std::filesystem; + +extern bool gIsListeningPyq; +extern QWORD g_WeChatWinDllAddr; + #define HEADER_PNG1 0x89 #define HEADER_PNG2 0x50 #define HEADER_JPG1 0xFF @@ -18,12 +24,16 @@ #define HEADER_GIF1 0x47 #define HEADER_GIF2 0x49 -using namespace std; -namespace fs = std::filesystem; - -extern bool gIsListeningPyq; -extern WxCalls_t g_WxCalls; -extern QWORD g_WeChatWinDllAddr; +#define OS_GET_SNS_DATA_MGR 0x22A91C0 +#define OS_GET_SNS_FIRST_PAGE 0x2ED9080 +#define OS_GET_SNS_TIMELINE_MGR 0x2E6B110 +#define OS_GET_SNS_NEXT_PAGE 0x2EFEC00 +#define OS_NEW_CHAT_MSG 0x1C28800 +#define OS_FREE_CHAT_MSG 0x1C1FF10 +#define OS_GET_CHAT_MGR 0x1C51CF0 +#define OS_GET_MGR_BY_PREFIX_LOCAL_ID 0x2206280 +#define OS_GET_PRE_DOWNLOAD_MGR 0x1CD87E0 +#define OS_PUSH_ATTACH_TASK 0x1DA69C0 typedef QWORD (*GetSNSDataMgr_t)(); typedef QWORD (*GetSnsTimeLineMgr_t)(); @@ -131,8 +141,8 @@ static int GetFirstPage() { int status = -1; - GetSNSDataMgr_t GetSNSDataMgr = (GetSNSDataMgr_t)(g_WeChatWinDllAddr + 0x22A91C0); - GetSNSFirstPage_t GetSNSFirstPage = (GetSNSFirstPage_t)(g_WeChatWinDllAddr + 0x2ED9080); + GetSNSDataMgr_t GetSNSDataMgr = (GetSNSDataMgr_t)(g_WeChatWinDllAddr + OS_GET_SNS_DATA_MGR); + GetSNSFirstPage_t GetSNSFirstPage = (GetSNSFirstPage_t)(g_WeChatWinDllAddr + OS_GET_SNS_FIRST_PAGE); QWORD buff[16] = { 0 }; QWORD mgr = GetSNSDataMgr(); @@ -145,8 +155,8 @@ static int GetNextPage(QWORD id) { int status = -1; - GetSnsTimeLineMgr_t GetSnsTimeLineMgr = (GetSnsTimeLineMgr_t)(g_WeChatWinDllAddr + 0x2E6B110); - GetSNSNextPageScene_t GetSNSNextPageScene = (GetSNSNextPageScene_t)(g_WeChatWinDllAddr + 0x2EFEC00); + GetSnsTimeLineMgr_t GetSnsTimeLineMgr = (GetSnsTimeLineMgr_t)(g_WeChatWinDllAddr + OS_GET_SNS_TIMELINE_MGR); + GetSNSNextPageScene_t GetSNSNextPageScene = (GetSNSNextPageScene_t)(g_WeChatWinDllAddr + OS_GET_SNS_NEXT_PAGE); QWORD mgr = GetSnsTimeLineMgr(); status = (int)GetSNSNextPageScene(mgr, id); @@ -191,12 +201,13 @@ int DownloadAttach(QWORD id, string thumb, string extra) return status; } - NewChatMsg_t NewChatMsg = (NewChatMsg_t)(g_WeChatWinDllAddr + 0x1C28800); - FreeChatMsg_t FreeChatMsg = (FreeChatMsg_t)(g_WeChatWinDllAddr + 0x1C1FF10); - GetChatMgr_t GetChatMgr = (GetChatMgr_t)(g_WeChatWinDllAddr + 0x1C51CF0); - GetMgrByPrefixLocalId_t GetMgrByPrefixLocalId = (GetMgrByPrefixLocalId_t)(g_WeChatWinDllAddr + 0x2206280); - GetPreDownLoadMgr_t GetPreDownLoadMgr = (GetPreDownLoadMgr_t)(g_WeChatWinDllAddr + 0x1CD87E0); - PushAttachTask_t PushAttachTask = (PushAttachTask_t)(g_WeChatWinDllAddr + 0x1DA69C0); + NewChatMsg_t NewChatMsg = (NewChatMsg_t)(g_WeChatWinDllAddr + OS_NEW_CHAT_MSG); + FreeChatMsg_t FreeChatMsg = (FreeChatMsg_t)(g_WeChatWinDllAddr + OS_FREE_CHAT_MSG); + GetChatMgr_t GetChatMgr = (GetChatMgr_t)(g_WeChatWinDllAddr + OS_GET_CHAT_MGR); + GetPreDownLoadMgr_t GetPreDownLoadMgr = (GetPreDownLoadMgr_t)(g_WeChatWinDllAddr + OS_GET_PRE_DOWNLOAD_MGR); + PushAttachTask_t PushAttachTask = (PushAttachTask_t)(g_WeChatWinDllAddr + OS_PUSH_ATTACH_TASK); + GetMgrByPrefixLocalId_t GetMgrByPrefixLocalId + = (GetMgrByPrefixLocalId_t)(g_WeChatWinDllAddr + OS_GET_MGR_BY_PREFIX_LOCAL_ID); LARGE_INTEGER l; l.HighPart = dbIdx; diff --git a/WeChatFerry/spy/receive_msg.cpp b/WeChatFerry/spy/receive_msg.cpp index 3963303..a1834fb 100644 --- a/WeChatFerry/spy/receive_msg.cpp +++ b/WeChatFerry/spy/receive_msg.cpp @@ -6,7 +6,6 @@ #include #include -#include "load_calls.h" #include "log.h" #include "receive_msg.h" #include "user_info.h" @@ -19,9 +18,29 @@ extern condition_variable gCV; extern queue gMsgQueue; // Defined in spy.cpp -extern WxCalls_t g_WxCalls; extern QWORD g_WeChatWinDllAddr; +#define OS_RECV_MSG_ID 0x30 +#define OS_RECV_MSG_TYPE 0x38 +#define OS_RECV_MSG_SELF 0x3C +#define OS_RECV_MSG_TS 0x44 +#define OS_RECV_MSG_ROOMID 0x48 +#define OS_RECV_MSG_CONTENT 0x88 +#define OS_RECV_MSG_WXID 0x240 +#define OS_RECV_MSG_SIGN 0x260 +#define OS_RECV_MSG_THUMB 0x280 +#define OS_RECV_MSG_EXTRA 0x2A0 +#define OS_RECV_MSG_XML 0x308 +#define OS_RECV_MSG_CALL 0x2205510 +#define OS_PYQ_MSG_START 0x30 +#define OS_PYQ_MSG_END 0x38 +#define OS_PYQ_MSG_TS 0x38 +#define OS_PYQ_MSG_XML 0x9B8 +#define OS_PYQ_MSG_SENDER 0x18 +#define OS_PYQ_MSG_CONTENT 0x48 +#define OS_PYQ_MSG_CALL 0x2EFAA10 +#define OS_WXLOG 0x26DA2D0 + typedef QWORD (*RecvMsg_t)(QWORD, QWORD); typedef QWORD (*WxLog_t)(QWORD, QWORD, QWORD, QWORD, QWORD, QWORD, QWORD, QWORD, QWORD, QWORD, QWORD, QWORD); typedef QWORD (*RecvPyq_t)(QWORD, QWORD, QWORD); @@ -79,22 +98,22 @@ static QWORD DispatchMsg(QWORD arg1, QWORD arg2) { WxMsg_t wxMsg = { 0 }; try { - wxMsg.id = GET_QWORD(arg2 + g_WxCalls.recvMsg.msgId); - wxMsg.type = GET_DWORD(arg2 + g_WxCalls.recvMsg.type); - wxMsg.is_self = GET_DWORD(arg2 + g_WxCalls.recvMsg.isSelf); - wxMsg.ts = GET_DWORD(arg2 + g_WxCalls.recvMsg.ts); - wxMsg.content = GetStringByWstrAddr(arg2 + g_WxCalls.recvMsg.content); - wxMsg.sign = GetStringByWstrAddr(arg2 + g_WxCalls.recvMsg.sign); - wxMsg.xml = GetStringByWstrAddr(arg2 + g_WxCalls.recvMsg.msgXml); + wxMsg.id = GET_QWORD(arg2 + OS_RECV_MSG_ID); + wxMsg.type = GET_DWORD(arg2 + OS_RECV_MSG_TYPE); + wxMsg.is_self = GET_DWORD(arg2 + OS_RECV_MSG_SELF); + wxMsg.ts = GET_DWORD(arg2 + OS_RECV_MSG_TS); + wxMsg.content = GetStringByWstrAddr(arg2 + OS_RECV_MSG_CONTENT); + wxMsg.sign = GetStringByWstrAddr(arg2 + OS_RECV_MSG_SIGN); + wxMsg.xml = GetStringByWstrAddr(arg2 + OS_RECV_MSG_XML); - string roomid = GetStringByWstrAddr(arg2 + g_WxCalls.recvMsg.roomId); + string roomid = GetStringByWstrAddr(arg2 + OS_RECV_MSG_ROOMID); wxMsg.roomid = roomid; if (roomid.find("@chatroom") != string::npos) { // 群 ID 的格式为 xxxxxxxxxxx@chatroom wxMsg.is_group = true; if (wxMsg.is_self) { wxMsg.sender = GetSelfWxid(); } else { - wxMsg.sender = GetStringByWstrAddr(arg2 + g_WxCalls.recvMsg.wxid); + wxMsg.sender = GetStringByWstrAddr(arg2 + OS_RECV_MSG_WXID); } } else { wxMsg.is_group = false; @@ -105,13 +124,13 @@ static QWORD DispatchMsg(QWORD arg1, QWORD arg2) } } - wxMsg.thumb = GetStringByWstrAddr(arg2 + g_WxCalls.recvMsg.thumb); + wxMsg.thumb = GetStringByWstrAddr(arg2 + OS_RECV_MSG_THUMB); if (!wxMsg.thumb.empty()) { wxMsg.thumb = GetHomePath() + wxMsg.thumb; replace(wxMsg.thumb.begin(), wxMsg.thumb.end(), '\\', '/'); } - wxMsg.extra = GetStringByWstrAddr(arg2 + g_WxCalls.recvMsg.extra); + wxMsg.extra = GetStringByWstrAddr(arg2 + OS_RECV_MSG_EXTRA); if (!wxMsg.extra.empty()) { wxMsg.extra = GetHomePath() + wxMsg.extra; replace(wxMsg.extra.begin(), wxMsg.extra.end(), '\\', '/'); @@ -146,8 +165,8 @@ static QWORD PrintWxLog(QWORD a1, QWORD a2, QWORD a3, QWORD a4, QWORD a5, QWORD static void DispatchPyq(QWORD arg1, QWORD arg2, QWORD arg3) { - QWORD startAddr = *(QWORD *)(arg2 + 0x30); - QWORD endAddr = *(QWORD *)(arg2 + 0x38); + QWORD startAddr = *(QWORD *)(arg2 + OS_PYQ_MSG_START); + QWORD endAddr = *(QWORD *)(arg2 + OS_PYQ_MSG_END); if (startAddr == 0) { return; @@ -160,10 +179,10 @@ static void DispatchPyq(QWORD arg1, QWORD arg2, QWORD arg3) wxMsg.is_self = false; wxMsg.is_group = false; wxMsg.id = GET_QWORD(startAddr); - wxMsg.ts = GET_DWORD(startAddr + 0x38); - wxMsg.xml = GetStringByWstrAddr(startAddr + 0x9B8); - wxMsg.sender = GetStringByWstrAddr(startAddr + 0x18); - wxMsg.content = GetStringByWstrAddr(startAddr + 0x48); + wxMsg.ts = GET_DWORD(startAddr + OS_PYQ_MSG_TS); + wxMsg.xml = GetStringByWstrAddr(startAddr + OS_PYQ_MSG_XML); + wxMsg.sender = GetStringByWstrAddr(startAddr + OS_PYQ_MSG_SENDER); + wxMsg.content = GetStringByWstrAddr(startAddr + OS_PYQ_MSG_CONTENT); { unique_lock lock(gMutex); @@ -179,11 +198,11 @@ static void DispatchPyq(QWORD arg1, QWORD arg2, QWORD arg3) void EnableLog() { MH_STATUS status = MH_UNKNOWN; - if (g_WeChatWinDllAddr == 0) { - LOG_WARN("g_WeChatWinDllAddr == 0"); + if (gIsLogging) { + LOG_WARN("gIsLogging"); return; } - WxLog_t funcWxLog = (WxLog_t)(g_WeChatWinDllAddr + 0x26DA2D0); + WxLog_t funcWxLog = (WxLog_t)(g_WeChatWinDllAddr + OS_WXLOG); if (!isMH_Initialized) { status = MH_Initialize(); @@ -234,11 +253,11 @@ void DisableLog() void ListenMessage() { MH_STATUS status = MH_UNKNOWN; - if (gIsListening || (g_WeChatWinDllAddr == 0)) { - LOG_WARN("gIsListening || (g_WeChatWinDllAddr == 0)"); + if (gIsListening) { + LOG_WARN("gIsListening"); return; } - funcRecvMsg = (RecvMsg_t)(g_WeChatWinDllAddr + g_WxCalls.recvMsg.call); + funcRecvMsg = (RecvMsg_t)(g_WeChatWinDllAddr + OS_RECV_MSG_CALL); if (!isMH_Initialized) { status = MH_Initialize(); @@ -296,11 +315,11 @@ void UnListenMessage() void ListenPyq() { MH_STATUS status = MH_UNKNOWN; - if (gIsListeningPyq || (g_WeChatWinDllAddr == 0)) { - LOG_WARN("gIsListeningPyq || (g_WeChatWinDllAddr == 0)"); + if (gIsListeningPyq) { + LOG_WARN("gIsListeningPyq"); return; } - funcRecvPyq = (RecvPyq_t)(g_WeChatWinDllAddr + 0x2EFAA10); + funcRecvPyq = (RecvPyq_t)(g_WeChatWinDllAddr + OS_PYQ_MSG_CALL); if (!isMH_Initialized) { status = MH_Initialize(); diff --git a/WeChatFerry/spy/send_msg.cpp b/WeChatFerry/spy/send_msg.cpp index 7511c1b..af8a56e 100644 --- a/WeChatFerry/spy/send_msg.cpp +++ b/WeChatFerry/spy/send_msg.cpp @@ -9,15 +9,28 @@ #include "util.h" extern HANDLE g_hEvent; -extern WxCalls_t g_WxCalls; extern QWORD g_WeChatWinDllAddr; extern string GetSelfWxid(); // Defined in spy.cpp +#define SRTM_SIZE 0x3F0 + +#define OS_NEW 0x1C28800 +#define OS_FREE 0x1C1FF10 +#define OS_SEND_MSG_MGR 0x1C1E690 +#define OS_SEND_TEXT 0x238DDD0 +#define OS_SEND_IMAGE 0x2383560 +#define OS_GET_APP_MSG_MGR 0x1C23630 +#define OS_SEND_FILE 0x21969E0 +#define OS_RTM_NEW 0x1C27D50 +#define OS_RTM_FREE 0x1C27120 +#define OS_SEND_RICH_TEXT 0x21A09C0 +#define OS_SEND_PAT_MSG 0x2D669B0 +#define OS_FORWARD_MSG 0x238D350 + typedef QWORD (*New_t)(QWORD); typedef QWORD (*Free_t)(QWORD); typedef QWORD (*SendMsgMgr_t)(); typedef QWORD (*GetAppMsgMgr_t)(); - typedef QWORD (*SendTextMsg_t)(QWORD, QWORD, QWORD, QWORD, QWORD, QWORD, QWORD, QWORD); typedef QWORD (*SendImageMsg_t)(QWORD, QWORD, QWORD, QWORD, QWORD); typedef QWORD (*SendFileMsg_t)(QWORD, QWORD, QWORD, QWORD, QWORD, QWORD *, QWORD, QWORD *, QWORD, QWORD *, QWORD, @@ -53,9 +66,9 @@ void SendTextMessage(string wxid, string msg, string atWxids) QWORD wxAters = (QWORD) & ((RawVector_t *)&vWxAtWxids)->start; char buffer[0x460] = { 0 }; - SendMsgMgr_t funcSendMsgMgr = (SendMsgMgr_t)(g_WeChatWinDllAddr + g_WxCalls.sendText.call1); - SendTextMsg_t funcSendTextMsg = (SendTextMsg_t)(g_WeChatWinDllAddr + g_WxCalls.sendText.call2); - Free_t funcFree = (Free_t)(g_WeChatWinDllAddr + g_WxCalls.sendText.call3); + SendMsgMgr_t funcSendMsgMgr = (SendMsgMgr_t)(g_WeChatWinDllAddr + OS_SEND_MSG_MGR); + SendTextMsg_t funcSendTextMsg = (SendTextMsg_t)(g_WeChatWinDllAddr + OS_SEND_TEXT); + Free_t funcFree = (Free_t)(g_WeChatWinDllAddr + OS_FREE); funcSendMsgMgr(); success = funcSendTextMsg((QWORD)(&buffer), (QWORD)(&wxWxid), (QWORD)(&wxMsg), wxAters, 1, 1, 0, 0); funcFree((QWORD)(&buffer)); @@ -69,10 +82,10 @@ void SendImageMessage(string wxid, string path) WxString wxWxid(wsWxid); WxString wxPath(wsPath); - New_t funcNew = (New_t)(g_WeChatWinDllAddr + g_WxCalls.sendImg.call1); - Free_t funcFree = (Free_t)(g_WeChatWinDllAddr + g_WxCalls.sendImg.call2); - SendMsgMgr_t funcSendMsgMgr = (SendMsgMgr_t)(g_WeChatWinDllAddr + g_WxCalls.sendImg.call3); - SendImageMsg_t funcSendImage = (SendImageMsg_t)(g_WeChatWinDllAddr + g_WxCalls.sendImg.call4); + New_t funcNew = (New_t)(g_WeChatWinDllAddr + OS_NEW); + Free_t funcFree = (Free_t)(g_WeChatWinDllAddr + OS_FREE); + SendMsgMgr_t funcSendMsgMgr = (SendMsgMgr_t)(g_WeChatWinDllAddr + OS_SEND_MSG_MGR); + SendImageMsg_t funcSendImage = (SendImageMsg_t)(g_WeChatWinDllAddr + OS_SEND_IMAGE); char msg[0x460] = { 0 }; char msgTmp[0x460] = { 0 }; @@ -99,10 +112,10 @@ void SendFileMessage(string wxid, string path) WxString wxWxid(wsWxid); WxString wxPath(wsPath); - New_t funcNew = (New_t)(g_WeChatWinDllAddr + g_WxCalls.sendFile.call1); - Free_t funcFree = (Free_t)(g_WeChatWinDllAddr + g_WxCalls.sendFile.call2); - GetAppMsgMgr_t funcGetAppMsgMgr = (GetAppMsgMgr_t)(g_WeChatWinDllAddr + g_WxCalls.sendFile.call3); - SendFileMsg_t funcSendFile = (SendFileMsg_t)(g_WeChatWinDllAddr + g_WxCalls.sendFile.call4); + New_t funcNew = (New_t)(g_WeChatWinDllAddr + OS_NEW); + Free_t funcFree = (Free_t)(g_WeChatWinDllAddr + OS_FREE); + GetAppMsgMgr_t funcGetAppMsgMgr = (GetAppMsgMgr_t)(g_WeChatWinDllAddr + OS_GET_APP_MSG_MGR); + SendFileMsg_t funcSendFile = (SendFileMsg_t)(g_WeChatWinDllAddr + OS_SEND_FILE); char msg[0x460] = { 0 }; QWORD tmp1[4] = { 0 }; @@ -117,13 +130,12 @@ void SendFileMessage(string wxid, string path) int SendRichTextMessage(RichText_t &rt) { // TODO: Fix memory leak -#define SRTM_SIZE 0x3F0 QWORD status = -1; - New_t funcNew = (New_t)(g_WeChatWinDllAddr + g_WxCalls.rt.call1); - Free_t funcFree = (Free_t)(g_WeChatWinDllAddr + g_WxCalls.rt.call2); - GetAppMsgMgr_t funcGetAppMsgMgr = (GetAppMsgMgr_t)(g_WeChatWinDllAddr + g_WxCalls.rt.call3); - SendRichTextMsg_t funcForwordPublicMsg = (SendRichTextMsg_t)(g_WeChatWinDllAddr + g_WxCalls.rt.call4); + New_t funcNew = (New_t)(g_WeChatWinDllAddr + OS_RTM_NEW); + Free_t funcFree = (Free_t)(g_WeChatWinDllAddr + OS_RTM_FREE); + GetAppMsgMgr_t funcGetAppMsgMgr = (GetAppMsgMgr_t)(g_WeChatWinDllAddr + OS_GET_APP_MSG_MGR); + SendRichTextMsg_t funcForwordPublicMsg = (SendRichTextMsg_t)(g_WeChatWinDllAddr + OS_SEND_RICH_TEXT); char *buff = (char *)HeapAlloc(GetProcessHeap(), 0, SRTM_SIZE); if (buff == NULL) { @@ -164,7 +176,7 @@ int SendPatMessage(string roomid, string wxid) WxString wxRoomid(wsRoomid); WxString wxWxid(wsWxid); - SendPatMsg_t funcSendPatMsg = (SendPatMsg_t)(g_WeChatWinDllAddr + g_WxCalls.pm.call1); + SendPatMsg_t funcSendPatMsg = (SendPatMsg_t)(g_WeChatWinDllAddr + OS_SEND_PAT_MSG); status = funcSendPatMsg((QWORD)(&wxRoomid), (QWORD)(&wxWxid)); return (int)status; @@ -176,7 +188,7 @@ int ForwardMessage(QWORD msgid, string receiver) uint32_t dbIdx = 0; QWORD localId = 0; - ForwardMsg_t funcForwardMsg = (ForwardMsg_t)(g_WeChatWinDllAddr + g_WxCalls.fm.call1); + ForwardMsg_t funcForwardMsg = (ForwardMsg_t)(g_WeChatWinDllAddr + OS_FORWARD_MSG); if (GetLocalIdandDbidx(msgid, &localId, &dbIdx) != 0) { LOG_ERROR("Failed to get localId, Please check id: {}", to_string(msgid)); return status;