Refactoring

WeChatFerry/spy/load_calls.cpp

@@ -24,7 +24,10 @@ WxCalls_t wxCalls = {
     { 0xA17D50, 0xF59E40, 0xA18BD0, 0xA17E70 }, // Accept New Friend application
     { 0x78CF20, 0xF59E40, 0xBD1DC0 },           // Add chatroom members
     { 0x78CF20, 0xF59E40, 0xBD22A0 },           // Delete chatroom members
-    { 0x7B2E60, 0x15E2C20, 0x79C250 }           // Receive transfer
+    { 0x7B2E60, 0x15E2C20, 0x79C250 },          // Receive transfer
+    /* Receive PYQ
+        hook,    call,     call1,    call2,    call3,      start, end,  ts,  wxid, content, xml, step*/
+    { 0x14F9E15, 0x14FA0A0, 0xC39680, 0x14E2140, 0x14E21E0, 0x20, 0x24, 0x2C, 0x18, 0x3C, 0x384, 0xB48 }
 };
 
 int LoadCalls(const wchar_t *version, WxCalls_t *calls)

WeChatFerry/spy/pyq.cpp

@@ -17,8 +17,8 @@ typedef struct RawVector {
 static int GetFirstPage()
 {
     int rv         = -1;
-    DWORD pyqCall1 = g_WeChatWinDllAddr + 0xC39680;
+    DWORD pyqCall1 = g_WeChatWinDllAddr + g_WxCalls.pyq.call1;
-    DWORD pyqCall2 = g_WeChatWinDllAddr + 0x14E2140;
+    DWORD pyqCall2 = g_WeChatWinDllAddr + g_WxCalls.pyq.call2;
 
     char buf[0xB44] = { 0 };
     __asm {
@@ -39,8 +39,8 @@ static int GetFirstPage()
 static int GetNextPage(uint64_t id)
 {
     int rv         = -1;
-    DWORD pyqCall1 = g_WeChatWinDllAddr + 0xC39680;
+    DWORD pyqCall1 = g_WeChatWinDllAddr + g_WxCalls.pyq.call1;
-    DWORD pyqCall3 = g_WeChatWinDllAddr + 0x14E21E0;
+    DWORD pyqCall3 = g_WeChatWinDllAddr + g_WxCalls.pyq.call3;
 
     RawVector_t tmp = { 0 };
 

WeChatFerry/spy/receive_msg.cpp

@@ -184,8 +184,8 @@ void UnListenMessage()
 
 void DispatchPyq(DWORD reg)
 {
-    DWORD startAddr = *(DWORD *)(reg + 0x20);
+    DWORD startAddr = *(DWORD *)(reg + g_WxCalls.pyq.start);
-    DWORD endAddr   = *(DWORD *)(reg + 0x24);
+    DWORD endAddr   = *(DWORD *)(reg + g_WxCalls.pyq.end);
 
     if (startAddr == 0) {
         return;
@@ -197,10 +197,10 @@ void DispatchPyq(DWORD reg)
         wxMsg.type    = 0x00; // 朋友圈消息
         wxMsg.is_self = 0x00;
         wxMsg.id      = GET_QWORD(startAddr);
-        wxMsg.ts      = GET_DWORD(startAddr + 0x2C);
+        wxMsg.ts      = GET_DWORD(startAddr + g_WxCalls.pyq.ts);
-        wxMsg.xml     = GetStringByWstrAddr(startAddr + 0x384);
+        wxMsg.xml     = GetStringByWstrAddr(startAddr + g_WxCalls.pyq.xml);
-        wxMsg.sender  = GetStringByWstrAddr(startAddr + 0x18);
+        wxMsg.sender  = GetStringByWstrAddr(startAddr + g_WxCalls.pyq.wxid);
-        wxMsg.content = GetStringByWstrAddr(startAddr + 0x3C);
+        wxMsg.content = GetStringByWstrAddr(startAddr + g_WxCalls.pyq.content);
 
         {
             unique_lock<mutex> lock(gMutex);
@@ -209,7 +209,7 @@ void DispatchPyq(DWORD reg)
 
         gCV.notify_all(); // 通知各方消息就绪
 
-        startAddr += 0xB48;
+        startAddr += g_WxCalls.pyq.step;
     }
 }
 
@@ -234,8 +234,8 @@ void ListenPyq()
         return;
     }
 
-    recvPyqHookAddr     = g_WeChatWinDllAddr + 0x14F9E15;
+    recvPyqHookAddr     = g_WeChatWinDllAddr + g_WxCalls.pyq.hook;
-    recvPyqCallAddr     = g_WeChatWinDllAddr + 0x14FA0A0;
+    recvPyqCallAddr     = g_WeChatWinDllAddr + g_WxCalls.pyq.call;
     recvPyqJumpBackAddr = recvPyqHookAddr + 5;
 
     HookAddress(recvPyqHookAddr, RecievePyqFunc, recvPyqBackupCode);

WeChatFerry/spy/spy_types.h

@@ -87,6 +87,21 @@ typedef struct TF {
     DWORD call3;
 } TF_t;
 
+typedef struct Pyq {
+    DWORD hook;
+    DWORD call;
+    DWORD call1;
+    DWORD call2;
+    DWORD call3;
+    DWORD start;
+    DWORD end;
+    DWORD ts;
+    DWORD wxid;
+    DWORD content;
+    DWORD xml;
+    DWORD step;
+} Pyq_t;
+
 typedef struct WxCalls {
     DWORD login;         // 登录状态
     UserInfoCall_t ui;   // 用户信息
@@ -102,6 +117,7 @@ typedef struct WxCalls {
     RoomMember_t arm;    // 添加群成员
     RoomMember_t drm;    // 删除群成员
     TF_t tf;             // 接收转账
+    Pyq_t pyq;           // 接收朋友圈消息
 } WxCalls_t;
 
 typedef struct WxString {