Refatoring

This commit is contained in:
Changhua 2024-07-02 21:12:21 +08:00
parent db08382e56
commit 81c8a3b135
5 changed files with 137 additions and 84 deletions

View File

@ -3,15 +3,17 @@
#include <vector> #include <vector>
#include "chatroom_mgmt.h" #include "chatroom_mgmt.h"
#include "load_calls.h"
#include "log.h" #include "log.h"
#include "util.h" #include "util.h"
using namespace std; using namespace std;
extern WxCalls_t g_WxCalls;
extern QWORD g_WeChatWinDllAddr; extern QWORD g_WeChatWinDllAddr;
#define OS_GET_CHATROOM_MGR 0x1C4E200
#define OS_ADD_MEMBERS 0x221B8A0
#define OS_DELETE_MEMBERS 0x221BEE0
#define OS_INVITE_MEMBERS 0x221B280
typedef QWORD (*GetChatRoomMgr_t)(); typedef QWORD (*GetChatRoomMgr_t)();
typedef QWORD (*AddMemberToChatRoom_t)(QWORD, QWORD, QWORD, QWORD); typedef QWORD (*AddMemberToChatRoom_t)(QWORD, QWORD, QWORD, QWORD);
typedef QWORD (*DelMemberFromChatRoom_t)(QWORD, QWORD, QWORD); typedef QWORD (*DelMemberFromChatRoom_t)(QWORD, QWORD, QWORD);
@ -26,8 +28,8 @@ int AddChatroomMember(string roomid, string wxids)
return status; return status;
} }
GetChatRoomMgr_t GetChatRoomMgr = (GetChatRoomMgr_t)(g_WeChatWinDllAddr + g_WxCalls.arm.call1); GetChatRoomMgr_t GetChatRoomMgr = (GetChatRoomMgr_t)(g_WeChatWinDllAddr + OS_GET_CHATROOM_MGR);
AddMemberToChatRoom_t AddMembers = (AddMemberToChatRoom_t)(g_WeChatWinDllAddr + g_WxCalls.arm.call2); AddMemberToChatRoom_t AddMembers = (AddMemberToChatRoom_t)(g_WeChatWinDllAddr + OS_ADD_MEMBERS);
vector<wstring> vMembers; vector<wstring> vMembers;
vector<WxString> vWxMembers; vector<WxString> vWxMembers;
@ -58,8 +60,8 @@ int DelChatroomMember(string roomid, string wxids)
return status; return status;
} }
GetChatRoomMgr_t GetChatRoomMgr = (GetChatRoomMgr_t)(g_WeChatWinDllAddr + g_WxCalls.drm.call1); GetChatRoomMgr_t GetChatRoomMgr = (GetChatRoomMgr_t)(g_WeChatWinDllAddr + OS_GET_CHATROOM_MGR);
DelMemberFromChatRoom_t DelMembers = (DelMemberFromChatRoom_t)(g_WeChatWinDllAddr + g_WxCalls.drm.call2); DelMemberFromChatRoom_t DelMembers = (DelMemberFromChatRoom_t)(g_WeChatWinDllAddr + OS_DELETE_MEMBERS);
vector<wstring> vMembers; vector<wstring> vMembers;
vector<WxString> vWxMembers; vector<WxString> vWxMembers;
@ -89,7 +91,7 @@ int InviteChatroomMember(string roomid, string wxids)
return status; return status;
} }
InviteMemberToChatRoom_t InviteMembers = (InviteMemberToChatRoom_t)(g_WeChatWinDllAddr + g_WxCalls.irm.call1); InviteMemberToChatRoom_t InviteMembers = (InviteMemberToChatRoom_t)(g_WeChatWinDllAddr + OS_INVITE_MEMBERS);
vector<wstring> vMembers; vector<wstring> vMembers;
vector<WxString> vWxMembers; vector<WxString> vWxMembers;

View File

@ -1,14 +1,23 @@
#pragma execution_character_set("utf-8") #pragma execution_character_set("utf-8")
#include "contact_mgmt.h" #include "contact_mgmt.h"
#include "load_calls.h"
#include "log.h" #include "log.h"
#include "util.h" #include "util.h"
using namespace std; using namespace std;
extern WxCalls_t g_WxCalls;
extern QWORD g_WeChatWinDllAddr; extern QWORD g_WeChatWinDllAddr;
#define OS_GET_CONTACT_MGR 0x1C0BDE0
#define OS_GET_CONTACT_LIST 0x2265540
#define OS_CONTACT_BIN 0x200
#define OS_CONTACT_BIN_LEN 0x208
#define OS_CONTACT_WXID 0x10
#define OS_CONTACT_CODE 0x30
#define OS_CONTACT_REMARK 0x80
#define OS_CONTACT_NAME 0xA0
#define OS_CONTACT_GENDER 0x0E
#define OS_CONTACT_STEP 0x6A8
typedef QWORD (*GetContactMgr_t)(); typedef QWORD (*GetContactMgr_t)();
typedef QWORD (*GetContactList_t)(QWORD, QWORD); typedef QWORD (*GetContactList_t)(QWORD, QWORD);
@ -48,8 +57,8 @@ static string GetCntString(QWORD start, QWORD end, const uint8_t *feat, size_t l
vector<RpcContact_t> GetContacts() vector<RpcContact_t> GetContacts()
{ {
vector<RpcContact_t> contacts; vector<RpcContact_t> contacts;
GetContactMgr_t funcGetContactMgr = (GetContactMgr_t)(g_WeChatWinDllAddr + 0x1C0BDE0); GetContactMgr_t funcGetContactMgr = (GetContactMgr_t)(g_WeChatWinDllAddr + OS_GET_CONTACT_MGR);
GetContactList_t funcGetContactList = (GetContactList_t)(g_WeChatWinDllAddr + 0x2265540); GetContactList_t funcGetContactList = (GetContactList_t)(g_WeChatWinDllAddr + OS_GET_CONTACT_LIST);
QWORD mgr = funcGetContactMgr(); QWORD mgr = funcGetContactMgr();
QWORD addr[3] = { 0 }; QWORD addr[3] = { 0 };
@ -62,13 +71,13 @@ vector<RpcContact_t> GetContacts()
QWORD pend = (QWORD)addr[2]; QWORD pend = (QWORD)addr[2];
while (pstart < pend) { while (pstart < pend) {
RpcContact_t cnt; RpcContact_t cnt;
QWORD pbin = GET_QWORD(pstart + 0x200); QWORD pbin = GET_QWORD(pstart + OS_CONTACT_BIN);
QWORD lenbin = GET_DWORD(pstart + 0x208); QWORD lenbin = GET_DWORD(pstart + OS_CONTACT_BIN_LEN);
cnt.wxid = GetStringByWstrAddr(pstart + g_WxCalls.contact.wxId); // 0x10 cnt.wxid = GetStringByWstrAddr(pstart + OS_CONTACT_WXID);
cnt.code = GetStringByWstrAddr(pstart + g_WxCalls.contact.wxCode); // 0x30 cnt.code = GetStringByWstrAddr(pstart + OS_CONTACT_CODE);
cnt.remark = GetStringByWstrAddr(pstart + g_WxCalls.contact.wxRemark); // 0x80 cnt.remark = GetStringByWstrAddr(pstart + OS_CONTACT_REMARK);
cnt.name = GetStringByWstrAddr(pstart + g_WxCalls.contact.wxName); // 0xA0 cnt.name = GetStringByWstrAddr(pstart + OS_CONTACT_NAME);
cnt.country = GetCntString(pbin, pbin + lenbin, FEAT_COUNTRY, FEAT_LEN); cnt.country = GetCntString(pbin, pbin + lenbin, FEAT_COUNTRY, FEAT_LEN);
cnt.province = GetCntString(pbin, pbin + lenbin, FEAT_PROVINCE, FEAT_LEN); cnt.province = GetCntString(pbin, pbin + lenbin, FEAT_PROVINCE, FEAT_LEN);
@ -77,11 +86,11 @@ vector<RpcContact_t> GetContacts()
if (pbin == 0) { if (pbin == 0) {
cnt.gender = 0; cnt.gender = 0;
} else { } else {
cnt.gender = (DWORD) * (uint8_t *)(pbin + g_WxCalls.contact.wxGender); // 0x0E cnt.gender = (DWORD) * (uint8_t *)(pbin + OS_CONTACT_GENDER);
} }
contacts.push_back(cnt); contacts.push_back(cnt);
pstart += 0x6A8; // 0x6A8 pstart += OS_CONTACT_STEP;
} }
return contacts; return contacts;

View File

@ -11,6 +11,12 @@
#include "spy_types.h" #include "spy_types.h"
#include "util.h" #include "util.h"
using namespace std;
namespace fs = std::filesystem;
extern bool gIsListeningPyq;
extern QWORD g_WeChatWinDllAddr;
#define HEADER_PNG1 0x89 #define HEADER_PNG1 0x89
#define HEADER_PNG2 0x50 #define HEADER_PNG2 0x50
#define HEADER_JPG1 0xFF #define HEADER_JPG1 0xFF
@ -18,12 +24,16 @@
#define HEADER_GIF1 0x47 #define HEADER_GIF1 0x47
#define HEADER_GIF2 0x49 #define HEADER_GIF2 0x49
using namespace std; #define OS_GET_SNS_DATA_MGR 0x22A91C0
namespace fs = std::filesystem; #define OS_GET_SNS_FIRST_PAGE 0x2ED9080
#define OS_GET_SNS_TIMELINE_MGR 0x2E6B110
extern bool gIsListeningPyq; #define OS_GET_SNS_NEXT_PAGE 0x2EFEC00
extern WxCalls_t g_WxCalls; #define OS_NEW_CHAT_MSG 0x1C28800
extern QWORD g_WeChatWinDllAddr; #define OS_FREE_CHAT_MSG 0x1C1FF10
#define OS_GET_CHAT_MGR 0x1C51CF0
#define OS_GET_MGR_BY_PREFIX_LOCAL_ID 0x2206280
#define OS_GET_PRE_DOWNLOAD_MGR 0x1CD87E0
#define OS_PUSH_ATTACH_TASK 0x1DA69C0
typedef QWORD (*GetSNSDataMgr_t)(); typedef QWORD (*GetSNSDataMgr_t)();
typedef QWORD (*GetSnsTimeLineMgr_t)(); typedef QWORD (*GetSnsTimeLineMgr_t)();
@ -131,8 +141,8 @@ static int GetFirstPage()
{ {
int status = -1; int status = -1;
GetSNSDataMgr_t GetSNSDataMgr = (GetSNSDataMgr_t)(g_WeChatWinDllAddr + 0x22A91C0); GetSNSDataMgr_t GetSNSDataMgr = (GetSNSDataMgr_t)(g_WeChatWinDllAddr + OS_GET_SNS_DATA_MGR);
GetSNSFirstPage_t GetSNSFirstPage = (GetSNSFirstPage_t)(g_WeChatWinDllAddr + 0x2ED9080); GetSNSFirstPage_t GetSNSFirstPage = (GetSNSFirstPage_t)(g_WeChatWinDllAddr + OS_GET_SNS_FIRST_PAGE);
QWORD buff[16] = { 0 }; QWORD buff[16] = { 0 };
QWORD mgr = GetSNSDataMgr(); QWORD mgr = GetSNSDataMgr();
@ -145,8 +155,8 @@ static int GetNextPage(QWORD id)
{ {
int status = -1; int status = -1;
GetSnsTimeLineMgr_t GetSnsTimeLineMgr = (GetSnsTimeLineMgr_t)(g_WeChatWinDllAddr + 0x2E6B110); GetSnsTimeLineMgr_t GetSnsTimeLineMgr = (GetSnsTimeLineMgr_t)(g_WeChatWinDllAddr + OS_GET_SNS_TIMELINE_MGR);
GetSNSNextPageScene_t GetSNSNextPageScene = (GetSNSNextPageScene_t)(g_WeChatWinDllAddr + 0x2EFEC00); GetSNSNextPageScene_t GetSNSNextPageScene = (GetSNSNextPageScene_t)(g_WeChatWinDllAddr + OS_GET_SNS_NEXT_PAGE);
QWORD mgr = GetSnsTimeLineMgr(); QWORD mgr = GetSnsTimeLineMgr();
status = (int)GetSNSNextPageScene(mgr, id); status = (int)GetSNSNextPageScene(mgr, id);
@ -191,12 +201,13 @@ int DownloadAttach(QWORD id, string thumb, string extra)
return status; return status;
} }
NewChatMsg_t NewChatMsg = (NewChatMsg_t)(g_WeChatWinDllAddr + 0x1C28800); NewChatMsg_t NewChatMsg = (NewChatMsg_t)(g_WeChatWinDllAddr + OS_NEW_CHAT_MSG);
FreeChatMsg_t FreeChatMsg = (FreeChatMsg_t)(g_WeChatWinDllAddr + 0x1C1FF10); FreeChatMsg_t FreeChatMsg = (FreeChatMsg_t)(g_WeChatWinDllAddr + OS_FREE_CHAT_MSG);
GetChatMgr_t GetChatMgr = (GetChatMgr_t)(g_WeChatWinDllAddr + 0x1C51CF0); GetChatMgr_t GetChatMgr = (GetChatMgr_t)(g_WeChatWinDllAddr + OS_GET_CHAT_MGR);
GetMgrByPrefixLocalId_t GetMgrByPrefixLocalId = (GetMgrByPrefixLocalId_t)(g_WeChatWinDllAddr + 0x2206280); GetPreDownLoadMgr_t GetPreDownLoadMgr = (GetPreDownLoadMgr_t)(g_WeChatWinDllAddr + OS_GET_PRE_DOWNLOAD_MGR);
GetPreDownLoadMgr_t GetPreDownLoadMgr = (GetPreDownLoadMgr_t)(g_WeChatWinDllAddr + 0x1CD87E0); PushAttachTask_t PushAttachTask = (PushAttachTask_t)(g_WeChatWinDllAddr + OS_PUSH_ATTACH_TASK);
PushAttachTask_t PushAttachTask = (PushAttachTask_t)(g_WeChatWinDllAddr + 0x1DA69C0); GetMgrByPrefixLocalId_t GetMgrByPrefixLocalId
= (GetMgrByPrefixLocalId_t)(g_WeChatWinDllAddr + OS_GET_MGR_BY_PREFIX_LOCAL_ID);
LARGE_INTEGER l; LARGE_INTEGER l;
l.HighPart = dbIdx; l.HighPart = dbIdx;

View File

@ -6,7 +6,6 @@
#include <mutex> #include <mutex>
#include <queue> #include <queue>
#include "load_calls.h"
#include "log.h" #include "log.h"
#include "receive_msg.h" #include "receive_msg.h"
#include "user_info.h" #include "user_info.h"
@ -19,9 +18,29 @@ extern condition_variable gCV;
extern queue<WxMsg_t> gMsgQueue; extern queue<WxMsg_t> gMsgQueue;
// Defined in spy.cpp // Defined in spy.cpp
extern WxCalls_t g_WxCalls;
extern QWORD g_WeChatWinDllAddr; extern QWORD g_WeChatWinDllAddr;
#define OS_RECV_MSG_ID 0x30
#define OS_RECV_MSG_TYPE 0x38
#define OS_RECV_MSG_SELF 0x3C
#define OS_RECV_MSG_TS 0x44
#define OS_RECV_MSG_ROOMID 0x48
#define OS_RECV_MSG_CONTENT 0x88
#define OS_RECV_MSG_WXID 0x240
#define OS_RECV_MSG_SIGN 0x260
#define OS_RECV_MSG_THUMB 0x280
#define OS_RECV_MSG_EXTRA 0x2A0
#define OS_RECV_MSG_XML 0x308
#define OS_RECV_MSG_CALL 0x2205510
#define OS_PYQ_MSG_START 0x30
#define OS_PYQ_MSG_END 0x38
#define OS_PYQ_MSG_TS 0x38
#define OS_PYQ_MSG_XML 0x9B8
#define OS_PYQ_MSG_SENDER 0x18
#define OS_PYQ_MSG_CONTENT 0x48
#define OS_PYQ_MSG_CALL 0x2EFAA10
#define OS_WXLOG 0x26DA2D0
typedef QWORD (*RecvMsg_t)(QWORD, QWORD); typedef QWORD (*RecvMsg_t)(QWORD, QWORD);
typedef QWORD (*WxLog_t)(QWORD, QWORD, QWORD, QWORD, QWORD, QWORD, QWORD, QWORD, QWORD, QWORD, QWORD, QWORD); typedef QWORD (*WxLog_t)(QWORD, QWORD, QWORD, QWORD, QWORD, QWORD, QWORD, QWORD, QWORD, QWORD, QWORD, QWORD);
typedef QWORD (*RecvPyq_t)(QWORD, QWORD, QWORD); typedef QWORD (*RecvPyq_t)(QWORD, QWORD, QWORD);
@ -79,22 +98,22 @@ static QWORD DispatchMsg(QWORD arg1, QWORD arg2)
{ {
WxMsg_t wxMsg = { 0 }; WxMsg_t wxMsg = { 0 };
try { try {
wxMsg.id = GET_QWORD(arg2 + g_WxCalls.recvMsg.msgId); wxMsg.id = GET_QWORD(arg2 + OS_RECV_MSG_ID);
wxMsg.type = GET_DWORD(arg2 + g_WxCalls.recvMsg.type); wxMsg.type = GET_DWORD(arg2 + OS_RECV_MSG_TYPE);
wxMsg.is_self = GET_DWORD(arg2 + g_WxCalls.recvMsg.isSelf); wxMsg.is_self = GET_DWORD(arg2 + OS_RECV_MSG_SELF);
wxMsg.ts = GET_DWORD(arg2 + g_WxCalls.recvMsg.ts); wxMsg.ts = GET_DWORD(arg2 + OS_RECV_MSG_TS);
wxMsg.content = GetStringByWstrAddr(arg2 + g_WxCalls.recvMsg.content); wxMsg.content = GetStringByWstrAddr(arg2 + OS_RECV_MSG_CONTENT);
wxMsg.sign = GetStringByWstrAddr(arg2 + g_WxCalls.recvMsg.sign); wxMsg.sign = GetStringByWstrAddr(arg2 + OS_RECV_MSG_SIGN);
wxMsg.xml = GetStringByWstrAddr(arg2 + g_WxCalls.recvMsg.msgXml); wxMsg.xml = GetStringByWstrAddr(arg2 + OS_RECV_MSG_XML);
string roomid = GetStringByWstrAddr(arg2 + g_WxCalls.recvMsg.roomId); string roomid = GetStringByWstrAddr(arg2 + OS_RECV_MSG_ROOMID);
wxMsg.roomid = roomid; wxMsg.roomid = roomid;
if (roomid.find("@chatroom") != string::npos) { // 群 ID 的格式为 xxxxxxxxxxx@chatroom if (roomid.find("@chatroom") != string::npos) { // 群 ID 的格式为 xxxxxxxxxxx@chatroom
wxMsg.is_group = true; wxMsg.is_group = true;
if (wxMsg.is_self) { if (wxMsg.is_self) {
wxMsg.sender = GetSelfWxid(); wxMsg.sender = GetSelfWxid();
} else { } else {
wxMsg.sender = GetStringByWstrAddr(arg2 + g_WxCalls.recvMsg.wxid); wxMsg.sender = GetStringByWstrAddr(arg2 + OS_RECV_MSG_WXID);
} }
} else { } else {
wxMsg.is_group = false; wxMsg.is_group = false;
@ -105,13 +124,13 @@ static QWORD DispatchMsg(QWORD arg1, QWORD arg2)
} }
} }
wxMsg.thumb = GetStringByWstrAddr(arg2 + g_WxCalls.recvMsg.thumb); wxMsg.thumb = GetStringByWstrAddr(arg2 + OS_RECV_MSG_THUMB);
if (!wxMsg.thumb.empty()) { if (!wxMsg.thumb.empty()) {
wxMsg.thumb = GetHomePath() + wxMsg.thumb; wxMsg.thumb = GetHomePath() + wxMsg.thumb;
replace(wxMsg.thumb.begin(), wxMsg.thumb.end(), '\\', '/'); replace(wxMsg.thumb.begin(), wxMsg.thumb.end(), '\\', '/');
} }
wxMsg.extra = GetStringByWstrAddr(arg2 + g_WxCalls.recvMsg.extra); wxMsg.extra = GetStringByWstrAddr(arg2 + OS_RECV_MSG_EXTRA);
if (!wxMsg.extra.empty()) { if (!wxMsg.extra.empty()) {
wxMsg.extra = GetHomePath() + wxMsg.extra; wxMsg.extra = GetHomePath() + wxMsg.extra;
replace(wxMsg.extra.begin(), wxMsg.extra.end(), '\\', '/'); replace(wxMsg.extra.begin(), wxMsg.extra.end(), '\\', '/');
@ -146,8 +165,8 @@ static QWORD PrintWxLog(QWORD a1, QWORD a2, QWORD a3, QWORD a4, QWORD a5, QWORD
static void DispatchPyq(QWORD arg1, QWORD arg2, QWORD arg3) static void DispatchPyq(QWORD arg1, QWORD arg2, QWORD arg3)
{ {
QWORD startAddr = *(QWORD *)(arg2 + 0x30); QWORD startAddr = *(QWORD *)(arg2 + OS_PYQ_MSG_START);
QWORD endAddr = *(QWORD *)(arg2 + 0x38); QWORD endAddr = *(QWORD *)(arg2 + OS_PYQ_MSG_END);
if (startAddr == 0) { if (startAddr == 0) {
return; return;
@ -160,10 +179,10 @@ static void DispatchPyq(QWORD arg1, QWORD arg2, QWORD arg3)
wxMsg.is_self = false; wxMsg.is_self = false;
wxMsg.is_group = false; wxMsg.is_group = false;
wxMsg.id = GET_QWORD(startAddr); wxMsg.id = GET_QWORD(startAddr);
wxMsg.ts = GET_DWORD(startAddr + 0x38); wxMsg.ts = GET_DWORD(startAddr + OS_PYQ_MSG_TS);
wxMsg.xml = GetStringByWstrAddr(startAddr + 0x9B8); wxMsg.xml = GetStringByWstrAddr(startAddr + OS_PYQ_MSG_XML);
wxMsg.sender = GetStringByWstrAddr(startAddr + 0x18); wxMsg.sender = GetStringByWstrAddr(startAddr + OS_PYQ_MSG_SENDER);
wxMsg.content = GetStringByWstrAddr(startAddr + 0x48); wxMsg.content = GetStringByWstrAddr(startAddr + OS_PYQ_MSG_CONTENT);
{ {
unique_lock<mutex> lock(gMutex); unique_lock<mutex> lock(gMutex);
@ -179,11 +198,11 @@ static void DispatchPyq(QWORD arg1, QWORD arg2, QWORD arg3)
void EnableLog() void EnableLog()
{ {
MH_STATUS status = MH_UNKNOWN; MH_STATUS status = MH_UNKNOWN;
if (g_WeChatWinDllAddr == 0) { if (gIsLogging) {
LOG_WARN("g_WeChatWinDllAddr == 0"); LOG_WARN("gIsLogging");
return; return;
} }
WxLog_t funcWxLog = (WxLog_t)(g_WeChatWinDllAddr + 0x26DA2D0); WxLog_t funcWxLog = (WxLog_t)(g_WeChatWinDllAddr + OS_WXLOG);
if (!isMH_Initialized) { if (!isMH_Initialized) {
status = MH_Initialize(); status = MH_Initialize();
@ -234,11 +253,11 @@ void DisableLog()
void ListenMessage() void ListenMessage()
{ {
MH_STATUS status = MH_UNKNOWN; MH_STATUS status = MH_UNKNOWN;
if (gIsListening || (g_WeChatWinDllAddr == 0)) { if (gIsListening) {
LOG_WARN("gIsListening || (g_WeChatWinDllAddr == 0)"); LOG_WARN("gIsListening");
return; return;
} }
funcRecvMsg = (RecvMsg_t)(g_WeChatWinDllAddr + g_WxCalls.recvMsg.call); funcRecvMsg = (RecvMsg_t)(g_WeChatWinDllAddr + OS_RECV_MSG_CALL);
if (!isMH_Initialized) { if (!isMH_Initialized) {
status = MH_Initialize(); status = MH_Initialize();
@ -296,11 +315,11 @@ void UnListenMessage()
void ListenPyq() void ListenPyq()
{ {
MH_STATUS status = MH_UNKNOWN; MH_STATUS status = MH_UNKNOWN;
if (gIsListeningPyq || (g_WeChatWinDllAddr == 0)) { if (gIsListeningPyq) {
LOG_WARN("gIsListeningPyq || (g_WeChatWinDllAddr == 0)"); LOG_WARN("gIsListeningPyq");
return; return;
} }
funcRecvPyq = (RecvPyq_t)(g_WeChatWinDllAddr + 0x2EFAA10); funcRecvPyq = (RecvPyq_t)(g_WeChatWinDllAddr + OS_PYQ_MSG_CALL);
if (!isMH_Initialized) { if (!isMH_Initialized) {
status = MH_Initialize(); status = MH_Initialize();

View File

@ -9,15 +9,28 @@
#include "util.h" #include "util.h"
extern HANDLE g_hEvent; extern HANDLE g_hEvent;
extern WxCalls_t g_WxCalls;
extern QWORD g_WeChatWinDllAddr; extern QWORD g_WeChatWinDllAddr;
extern string GetSelfWxid(); // Defined in spy.cpp extern string GetSelfWxid(); // Defined in spy.cpp
#define SRTM_SIZE 0x3F0
#define OS_NEW 0x1C28800
#define OS_FREE 0x1C1FF10
#define OS_SEND_MSG_MGR 0x1C1E690
#define OS_SEND_TEXT 0x238DDD0
#define OS_SEND_IMAGE 0x2383560
#define OS_GET_APP_MSG_MGR 0x1C23630
#define OS_SEND_FILE 0x21969E0
#define OS_RTM_NEW 0x1C27D50
#define OS_RTM_FREE 0x1C27120
#define OS_SEND_RICH_TEXT 0x21A09C0
#define OS_SEND_PAT_MSG 0x2D669B0
#define OS_FORWARD_MSG 0x238D350
typedef QWORD (*New_t)(QWORD); typedef QWORD (*New_t)(QWORD);
typedef QWORD (*Free_t)(QWORD); typedef QWORD (*Free_t)(QWORD);
typedef QWORD (*SendMsgMgr_t)(); typedef QWORD (*SendMsgMgr_t)();
typedef QWORD (*GetAppMsgMgr_t)(); typedef QWORD (*GetAppMsgMgr_t)();
typedef QWORD (*SendTextMsg_t)(QWORD, QWORD, QWORD, QWORD, QWORD, QWORD, QWORD, QWORD); typedef QWORD (*SendTextMsg_t)(QWORD, QWORD, QWORD, QWORD, QWORD, QWORD, QWORD, QWORD);
typedef QWORD (*SendImageMsg_t)(QWORD, QWORD, QWORD, QWORD, QWORD); typedef QWORD (*SendImageMsg_t)(QWORD, QWORD, QWORD, QWORD, QWORD);
typedef QWORD (*SendFileMsg_t)(QWORD, QWORD, QWORD, QWORD, QWORD, QWORD *, QWORD, QWORD *, QWORD, QWORD *, QWORD, typedef QWORD (*SendFileMsg_t)(QWORD, QWORD, QWORD, QWORD, QWORD, QWORD *, QWORD, QWORD *, QWORD, QWORD *, QWORD,
@ -53,9 +66,9 @@ void SendTextMessage(string wxid, string msg, string atWxids)
QWORD wxAters = (QWORD) & ((RawVector_t *)&vWxAtWxids)->start; QWORD wxAters = (QWORD) & ((RawVector_t *)&vWxAtWxids)->start;
char buffer[0x460] = { 0 }; char buffer[0x460] = { 0 };
SendMsgMgr_t funcSendMsgMgr = (SendMsgMgr_t)(g_WeChatWinDllAddr + g_WxCalls.sendText.call1); SendMsgMgr_t funcSendMsgMgr = (SendMsgMgr_t)(g_WeChatWinDllAddr + OS_SEND_MSG_MGR);
SendTextMsg_t funcSendTextMsg = (SendTextMsg_t)(g_WeChatWinDllAddr + g_WxCalls.sendText.call2); SendTextMsg_t funcSendTextMsg = (SendTextMsg_t)(g_WeChatWinDllAddr + OS_SEND_TEXT);
Free_t funcFree = (Free_t)(g_WeChatWinDllAddr + g_WxCalls.sendText.call3); Free_t funcFree = (Free_t)(g_WeChatWinDllAddr + OS_FREE);
funcSendMsgMgr(); funcSendMsgMgr();
success = funcSendTextMsg((QWORD)(&buffer), (QWORD)(&wxWxid), (QWORD)(&wxMsg), wxAters, 1, 1, 0, 0); success = funcSendTextMsg((QWORD)(&buffer), (QWORD)(&wxWxid), (QWORD)(&wxMsg), wxAters, 1, 1, 0, 0);
funcFree((QWORD)(&buffer)); funcFree((QWORD)(&buffer));
@ -69,10 +82,10 @@ void SendImageMessage(string wxid, string path)
WxString wxWxid(wsWxid); WxString wxWxid(wsWxid);
WxString wxPath(wsPath); WxString wxPath(wsPath);
New_t funcNew = (New_t)(g_WeChatWinDllAddr + g_WxCalls.sendImg.call1); New_t funcNew = (New_t)(g_WeChatWinDllAddr + OS_NEW);
Free_t funcFree = (Free_t)(g_WeChatWinDllAddr + g_WxCalls.sendImg.call2); Free_t funcFree = (Free_t)(g_WeChatWinDllAddr + OS_FREE);
SendMsgMgr_t funcSendMsgMgr = (SendMsgMgr_t)(g_WeChatWinDllAddr + g_WxCalls.sendImg.call3); SendMsgMgr_t funcSendMsgMgr = (SendMsgMgr_t)(g_WeChatWinDllAddr + OS_SEND_MSG_MGR);
SendImageMsg_t funcSendImage = (SendImageMsg_t)(g_WeChatWinDllAddr + g_WxCalls.sendImg.call4); SendImageMsg_t funcSendImage = (SendImageMsg_t)(g_WeChatWinDllAddr + OS_SEND_IMAGE);
char msg[0x460] = { 0 }; char msg[0x460] = { 0 };
char msgTmp[0x460] = { 0 }; char msgTmp[0x460] = { 0 };
@ -99,10 +112,10 @@ void SendFileMessage(string wxid, string path)
WxString wxWxid(wsWxid); WxString wxWxid(wsWxid);
WxString wxPath(wsPath); WxString wxPath(wsPath);
New_t funcNew = (New_t)(g_WeChatWinDllAddr + g_WxCalls.sendFile.call1); New_t funcNew = (New_t)(g_WeChatWinDllAddr + OS_NEW);
Free_t funcFree = (Free_t)(g_WeChatWinDllAddr + g_WxCalls.sendFile.call2); Free_t funcFree = (Free_t)(g_WeChatWinDllAddr + OS_FREE);
GetAppMsgMgr_t funcGetAppMsgMgr = (GetAppMsgMgr_t)(g_WeChatWinDllAddr + g_WxCalls.sendFile.call3); GetAppMsgMgr_t funcGetAppMsgMgr = (GetAppMsgMgr_t)(g_WeChatWinDllAddr + OS_GET_APP_MSG_MGR);
SendFileMsg_t funcSendFile = (SendFileMsg_t)(g_WeChatWinDllAddr + g_WxCalls.sendFile.call4); SendFileMsg_t funcSendFile = (SendFileMsg_t)(g_WeChatWinDllAddr + OS_SEND_FILE);
char msg[0x460] = { 0 }; char msg[0x460] = { 0 };
QWORD tmp1[4] = { 0 }; QWORD tmp1[4] = { 0 };
@ -117,13 +130,12 @@ void SendFileMessage(string wxid, string path)
int SendRichTextMessage(RichText_t &rt) int SendRichTextMessage(RichText_t &rt)
{ // TODO: Fix memory leak { // TODO: Fix memory leak
#define SRTM_SIZE 0x3F0
QWORD status = -1; QWORD status = -1;
New_t funcNew = (New_t)(g_WeChatWinDllAddr + g_WxCalls.rt.call1); New_t funcNew = (New_t)(g_WeChatWinDllAddr + OS_RTM_NEW);
Free_t funcFree = (Free_t)(g_WeChatWinDllAddr + g_WxCalls.rt.call2); Free_t funcFree = (Free_t)(g_WeChatWinDllAddr + OS_RTM_FREE);
GetAppMsgMgr_t funcGetAppMsgMgr = (GetAppMsgMgr_t)(g_WeChatWinDllAddr + g_WxCalls.rt.call3); GetAppMsgMgr_t funcGetAppMsgMgr = (GetAppMsgMgr_t)(g_WeChatWinDllAddr + OS_GET_APP_MSG_MGR);
SendRichTextMsg_t funcForwordPublicMsg = (SendRichTextMsg_t)(g_WeChatWinDllAddr + g_WxCalls.rt.call4); SendRichTextMsg_t funcForwordPublicMsg = (SendRichTextMsg_t)(g_WeChatWinDllAddr + OS_SEND_RICH_TEXT);
char *buff = (char *)HeapAlloc(GetProcessHeap(), 0, SRTM_SIZE); char *buff = (char *)HeapAlloc(GetProcessHeap(), 0, SRTM_SIZE);
if (buff == NULL) { if (buff == NULL) {
@ -164,7 +176,7 @@ int SendPatMessage(string roomid, string wxid)
WxString wxRoomid(wsRoomid); WxString wxRoomid(wsRoomid);
WxString wxWxid(wsWxid); WxString wxWxid(wsWxid);
SendPatMsg_t funcSendPatMsg = (SendPatMsg_t)(g_WeChatWinDllAddr + g_WxCalls.pm.call1); SendPatMsg_t funcSendPatMsg = (SendPatMsg_t)(g_WeChatWinDllAddr + OS_SEND_PAT_MSG);
status = funcSendPatMsg((QWORD)(&wxRoomid), (QWORD)(&wxWxid)); status = funcSendPatMsg((QWORD)(&wxRoomid), (QWORD)(&wxWxid));
return (int)status; return (int)status;
@ -176,7 +188,7 @@ int ForwardMessage(QWORD msgid, string receiver)
uint32_t dbIdx = 0; uint32_t dbIdx = 0;
QWORD localId = 0; QWORD localId = 0;
ForwardMsg_t funcForwardMsg = (ForwardMsg_t)(g_WeChatWinDllAddr + g_WxCalls.fm.call1); ForwardMsg_t funcForwardMsg = (ForwardMsg_t)(g_WeChatWinDllAddr + OS_FORWARD_MSG);
if (GetLocalIdandDbidx(msgid, &localId, &dbIdx) != 0) { if (GetLocalIdandDbidx(msgid, &localId, &dbIdx) != 0) {
LOG_ERROR("Failed to get localId, Please check id: {}", to_string(msgid)); LOG_ERROR("Failed to get localId, Please check id: {}", to_string(msgid));
return status; return status;