cyonjan/WeChatFerry
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactoring

Browse Source
This commit is contained in:
Changhua 2023-07-16 19:08:38 +08:00
parent 4a60e3b5f1
commit 85a31e21e4
4 changed files with 33 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
WeChatFerry/spy/load_calls.cpp
View File

@ -24,7 +24,10 @@ WxCalls_t wxCalls = {
{ 0xA17D50, 0xF59E40, 0xA18BD0, 0xA17E70 }, // Accept New Friend application
{ 0x78CF20, 0xF59E40, 0xBD1DC0 }, // Add chatroom members
{ 0x78CF20, 0xF59E40, 0xBD22A0 }, // Delete chatroom members
{ 0x7B2E60, 0x15E2C20, 0x79C250 } // Receive transfer
{ 0x7B2E60, 0x15E2C20, 0x79C250 }, // Receive transfer
/* Receive PYQ
hook, call, call1, call2, call3, start, end, ts, wxid, content, xml, step*/
{ 0x14F9E15, 0x14FA0A0, 0xC39680, 0x14E2140, 0x14E21E0, 0x20, 0x24, 0x2C, 0x18, 0x3C, 0x384, 0xB48 }
};
int LoadCalls(const wchar_t *version, WxCalls_t *calls)

8
WeChatFerry/spy/pyq.cpp
View File

@ -17,8 +17,8 @@ typedef struct RawVector {
static int GetFirstPage()
{
int rv = -1;
DWORD pyqCall1 = g_WeChatWinDllAddr + 0xC39680;
DWORD pyqCall2 = g_WeChatWinDllAddr + 0x14E2140;
DWORD pyqCall1 = g_WeChatWinDllAddr + g_WxCalls.pyq.call1;
DWORD pyqCall2 = g_WeChatWinDllAddr + g_WxCalls.pyq.call2;
char buf[0xB44] = { 0 };
__asm {
@ -39,8 +39,8 @@ static int GetFirstPage()
static int GetNextPage(uint64_t id)
{
int rv = -1;
DWORD pyqCall1 = g_WeChatWinDllAddr + 0xC39680;
DWORD pyqCall3 = g_WeChatWinDllAddr + 0x14E21E0;
DWORD pyqCall1 = g_WeChatWinDllAddr + g_WxCalls.pyq.call1;
DWORD pyqCall3 = g_WeChatWinDllAddr + g_WxCalls.pyq.call3;
RawVector_t tmp = { 0 };

18
WeChatFerry/spy/receive_msg.cpp
View File

@ -184,8 +184,8 @@ void UnListenMessage()
void DispatchPyq(DWORD reg)
{
DWORD startAddr = *(DWORD *)(reg + 0x20);
DWORD endAddr = *(DWORD *)(reg + 0x24);
DWORD startAddr = *(DWORD *)(reg + g_WxCalls.pyq.start);
DWORD endAddr = *(DWORD *)(reg + g_WxCalls.pyq.end);
if (startAddr == 0) {
return;
@ -197,10 +197,10 @@ void DispatchPyq(DWORD reg)
wxMsg.type = 0x00; // 朋友圈消息
wxMsg.is_self = 0x00;
wxMsg.id = GET_QWORD(startAddr);
wxMsg.ts = GET_DWORD(startAddr + 0x2C);
wxMsg.xml = GetStringByWstrAddr(startAddr + 0x384);
wxMsg.sender = GetStringByWstrAddr(startAddr + 0x18);
wxMsg.content = GetStringByWstrAddr(startAddr + 0x3C);
wxMsg.ts = GET_DWORD(startAddr + g_WxCalls.pyq.ts);
wxMsg.xml = GetStringByWstrAddr(startAddr + g_WxCalls.pyq.xml);
wxMsg.sender = GetStringByWstrAddr(startAddr + g_WxCalls.pyq.wxid);
wxMsg.content = GetStringByWstrAddr(startAddr + g_WxCalls.pyq.content);
{
unique_lock<mutex> lock(gMutex);
@ -209,7 +209,7 @@ void DispatchPyq(DWORD reg)
gCV.notify_all(); // 通知各方消息就绪
startAddr += 0xB48;
startAddr += g_WxCalls.pyq.step;
}
}
@ -234,8 +234,8 @@ void ListenPyq()
return;
}
recvPyqHookAddr = g_WeChatWinDllAddr + 0x14F9E15;
recvPyqCallAddr = g_WeChatWinDllAddr + 0x14FA0A0;
recvPyqHookAddr = g_WeChatWinDllAddr + g_WxCalls.pyq.hook;
recvPyqCallAddr = g_WeChatWinDllAddr + g_WxCalls.pyq.call;
recvPyqJumpBackAddr = recvPyqHookAddr + 5;
HookAddress(recvPyqHookAddr, RecievePyqFunc, recvPyqBackupCode);

16
WeChatFerry/spy/spy_types.h
View File

@ -87,6 +87,21 @@ typedef struct TF {
DWORD call3;
} TF_t;
typedef struct Pyq {
DWORD hook;
DWORD call;
DWORD call1;
DWORD call2;
DWORD call3;
DWORD start;
DWORD end;
DWORD ts;
DWORD wxid;
DWORD content;
DWORD xml;
DWORD step;
} Pyq_t;
typedef struct WxCalls {
DWORD login; // 登录状态
UserInfoCall_t ui; // 用户信息
@ -102,6 +117,7 @@ typedef struct WxCalls {
RoomMember_t arm; // 添加群成员
RoomMember_t drm; // 删除群成员
TF_t tf; // 接收转账
Pyq_t pyq; // 接收朋友圈消息
} WxCalls_t;
typedef struct WxString {