diff --git a/WeChatFerry/spy/load_calls.cpp b/WeChatFerry/spy/load_calls.cpp index 014b951..b2551ad 100644 --- a/WeChatFerry/spy/load_calls.cpp +++ b/WeChatFerry/spy/load_calls.cpp @@ -24,7 +24,10 @@ WxCalls_t wxCalls = { { 0xA17D50, 0xF59E40, 0xA18BD0, 0xA17E70 }, // Accept New Friend application { 0x78CF20, 0xF59E40, 0xBD1DC0 }, // Add chatroom members { 0x78CF20, 0xF59E40, 0xBD22A0 }, // Delete chatroom members - { 0x7B2E60, 0x15E2C20, 0x79C250 } // Receive transfer + { 0x7B2E60, 0x15E2C20, 0x79C250 }, // Receive transfer + /* Receive PYQ + hook, call, call1, call2, call3, start, end, ts, wxid, content, xml, step*/ + { 0x14F9E15, 0x14FA0A0, 0xC39680, 0x14E2140, 0x14E21E0, 0x20, 0x24, 0x2C, 0x18, 0x3C, 0x384, 0xB48 } }; int LoadCalls(const wchar_t *version, WxCalls_t *calls) diff --git a/WeChatFerry/spy/pyq.cpp b/WeChatFerry/spy/pyq.cpp index 45c9d5a..7172318 100644 --- a/WeChatFerry/spy/pyq.cpp +++ b/WeChatFerry/spy/pyq.cpp @@ -17,8 +17,8 @@ typedef struct RawVector { static int GetFirstPage() { int rv = -1; - DWORD pyqCall1 = g_WeChatWinDllAddr + 0xC39680; - DWORD pyqCall2 = g_WeChatWinDllAddr + 0x14E2140; + DWORD pyqCall1 = g_WeChatWinDllAddr + g_WxCalls.pyq.call1; + DWORD pyqCall2 = g_WeChatWinDllAddr + g_WxCalls.pyq.call2; char buf[0xB44] = { 0 }; __asm { @@ -39,8 +39,8 @@ static int GetFirstPage() static int GetNextPage(uint64_t id) { int rv = -1; - DWORD pyqCall1 = g_WeChatWinDllAddr + 0xC39680; - DWORD pyqCall3 = g_WeChatWinDllAddr + 0x14E21E0; + DWORD pyqCall1 = g_WeChatWinDllAddr + g_WxCalls.pyq.call1; + DWORD pyqCall3 = g_WeChatWinDllAddr + g_WxCalls.pyq.call3; RawVector_t tmp = { 0 }; diff --git a/WeChatFerry/spy/receive_msg.cpp b/WeChatFerry/spy/receive_msg.cpp index 48bf5d4..aa49ad1 100644 --- a/WeChatFerry/spy/receive_msg.cpp +++ b/WeChatFerry/spy/receive_msg.cpp @@ -184,8 +184,8 @@ void UnListenMessage() void DispatchPyq(DWORD reg) { - DWORD startAddr = *(DWORD *)(reg + 0x20); - DWORD endAddr = *(DWORD *)(reg + 0x24); + DWORD startAddr = *(DWORD *)(reg + g_WxCalls.pyq.start); + DWORD endAddr = *(DWORD *)(reg + g_WxCalls.pyq.end); if (startAddr == 0) { return; @@ -197,10 +197,10 @@ void DispatchPyq(DWORD reg) wxMsg.type = 0x00; // 朋友圈消息 wxMsg.is_self = 0x00; wxMsg.id = GET_QWORD(startAddr); - wxMsg.ts = GET_DWORD(startAddr + 0x2C); - wxMsg.xml = GetStringByWstrAddr(startAddr + 0x384); - wxMsg.sender = GetStringByWstrAddr(startAddr + 0x18); - wxMsg.content = GetStringByWstrAddr(startAddr + 0x3C); + wxMsg.ts = GET_DWORD(startAddr + g_WxCalls.pyq.ts); + wxMsg.xml = GetStringByWstrAddr(startAddr + g_WxCalls.pyq.xml); + wxMsg.sender = GetStringByWstrAddr(startAddr + g_WxCalls.pyq.wxid); + wxMsg.content = GetStringByWstrAddr(startAddr + g_WxCalls.pyq.content); { unique_lock lock(gMutex); @@ -209,7 +209,7 @@ void DispatchPyq(DWORD reg) gCV.notify_all(); // 通知各方消息就绪 - startAddr += 0xB48; + startAddr += g_WxCalls.pyq.step; } } @@ -234,8 +234,8 @@ void ListenPyq() return; } - recvPyqHookAddr = g_WeChatWinDllAddr + 0x14F9E15; - recvPyqCallAddr = g_WeChatWinDllAddr + 0x14FA0A0; + recvPyqHookAddr = g_WeChatWinDllAddr + g_WxCalls.pyq.hook; + recvPyqCallAddr = g_WeChatWinDllAddr + g_WxCalls.pyq.call; recvPyqJumpBackAddr = recvPyqHookAddr + 5; HookAddress(recvPyqHookAddr, RecievePyqFunc, recvPyqBackupCode); diff --git a/WeChatFerry/spy/spy_types.h b/WeChatFerry/spy/spy_types.h index bd495f7..a279714 100644 --- a/WeChatFerry/spy/spy_types.h +++ b/WeChatFerry/spy/spy_types.h @@ -87,6 +87,21 @@ typedef struct TF { DWORD call3; } TF_t; +typedef struct Pyq { + DWORD hook; + DWORD call; + DWORD call1; + DWORD call2; + DWORD call3; + DWORD start; + DWORD end; + DWORD ts; + DWORD wxid; + DWORD content; + DWORD xml; + DWORD step; +} Pyq_t; + typedef struct WxCalls { DWORD login; // 登录状态 UserInfoCall_t ui; // 用户信息 @@ -102,6 +117,7 @@ typedef struct WxCalls { RoomMember_t arm; // 添加群成员 RoomMember_t drm; // 删除群成员 TF_t tf; // 接收转账 + Pyq_t pyq; // 接收朋友圈消息 } WxCalls_t; typedef struct WxString {