cyonjan/WeChatFerry
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Reformat

Browse Source
This commit is contained in:
Changhua 2024-10-31 22:53:01 +08:00
parent 44afafd5d7
commit 86c0920445
6 changed files with 54 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
WeChatFerry/spy/chatroom_mgmt.cpp
View File

@ -9,10 +9,10 @@
using namespace std; using namespace std;
extern QWORD g_WeChatWinDllAddr; extern QWORD g_WeChatWinDllAddr;
#define OS_GET_CHATROOM_MGR 0x1b83bd0 #define OS_GET_CHATROOM_MGR 0x1B83BD0
#define OS_ADD_MEMBERS 0x2155100 #define OS_ADD_MEMBERS 0x2155100
#define OS_DELETE_MEMBERS 0x2155740 #define OS_DELETE_MEMBERS 0x2155740
#define OS_INVITE_MEMBERS 0x2154ae0 #define OS_INVITE_MEMBERS 0x2154AE0
typedef QWORD (*GetChatRoomMgr_t)(); typedef QWORD (*GetChatRoomMgr_t)();
typedef QWORD (*AddMemberToChatRoom_t)(QWORD, QWORD, QWORD, QWORD); typedef QWORD (*AddMemberToChatRoom_t)(QWORD, QWORD, QWORD, QWORD);

10
WeChatFerry/spy/exec_sql.cpp
View File

@ -6,13 +6,13 @@
#include "util.h" #include "util.h"
#define OFFSET_DB_INSTANCE 0x5902000 #define OFFSET_DB_INSTANCE 0x5902000
#define OFFSET_DB_MICROMSG 0xb8 #define OFFSET_DB_MICROMSG 0xB8
#define OFFSET_DB_CHAT_MSG 0x2c8 #define OFFSET_DB_CHAT_MSG 0x2C8
#define OFFSET_DB_MISC 0x5f0 #define OFFSET_DB_MISC 0x5F0
#define OFFSET_DB_EMOTION 0x15f0 #define OFFSET_DB_EMOTION 0x15F0
#define OFFSET_DB_MEDIA 0xF48 #define OFFSET_DB_MEDIA 0xF48
#define OFFSET_DB_BIZCHAT_MSG 0x1A70 #define OFFSET_DB_BIZCHAT_MSG 0x1A70
#define OFFSET_DB_FUNCTION_MSG 0x1b98 #define OFFSET_DB_FUNCTION_MSG 0x1B98
#define OFFSET_DB_NAME 0x28 #define OFFSET_DB_NAME 0x28
#define OFFSET_DB_MSG_MGR 0x595F900 #define OFFSET_DB_MSG_MGR 0x595F900

4
WeChatFerry/spy/receive_msg.cpp
View File

@ -38,8 +38,8 @@ extern QWORD g_WeChatWinDllAddr;
#define OS_PYQ_MSG_XML 0x9B8 #define OS_PYQ_MSG_XML 0x9B8
#define OS_PYQ_MSG_SENDER 0x18 #define OS_PYQ_MSG_SENDER 0x18
#define OS_PYQ_MSG_CONTENT 0x48 #define OS_PYQ_MSG_CONTENT 0x48
#define OS_PYQ_MSG_CALL 0x2e42c90 #define OS_PYQ_MSG_CALL 0x2E42C90
#define OS_WXLOG 0x2613d20 #define OS_WXLOG 0x2613D20
typedef QWORD (*RecvMsg_t)(QWORD, QWORD); typedef QWORD (*RecvMsg_t)(QWORD, QWORD);
typedef QWORD (*WxLog_t)(QWORD, QWORD, QWORD, QWORD, QWORD, QWORD, QWORD, QWORD, QWORD, QWORD, QWORD, QWORD); typedef QWORD (*WxLog_t)(QWORD, QWORD, QWORD, QWORD, QWORD, QWORD, QWORD, QWORD, QWORD, QWORD, QWORD, QWORD);

74
WeChatFerry/spy/send_msg.cpp
View File

@ -14,20 +14,20 @@ extern string GetSelfWxid(); // Defined in spy.cpp
#define SRTM_SIZE 0x3F0 #define SRTM_SIZE 0x3F0
#define OS_NEW 0x1b5e140 #define OS_NEW 0x1B5E140
#define OS_FREE 0x1b55850 #define OS_FREE 0x1B55850
#define OS_SEND_MSG_MGR 0x1ca4f70 #define OS_SEND_MSG_MGR 0x1CA4F70
#define OS_SEND_TEXT 0x22c6b60 #define OS_SEND_TEXT 0x22C6B60
#define OS_SEND_IMAGE 0x22bc2f0 #define OS_SEND_IMAGE 0x22BC2F0
#define OS_GET_APP_MSG_MGR 0x1b557d0 #define OS_GET_APP_MSG_MGR 0x1B557D0
#define OS_SEND_FILE 0x20d0230 #define OS_SEND_FILE 0x20D0230
#define OS_RTM_NEW 0x1b5d690 #define OS_RTM_NEW 0x1B5D690
#define OS_RTM_FREE 0x1b5ca60 #define OS_RTM_FREE 0x1B5CA60
#define OS_SEND_RICH_TEXT 0x20da210 #define OS_SEND_RICH_TEXT 0x20DA210
#define OS_SEND_PAT_MSG 0x2caec00 #define OS_SEND_PAT_MSG 0x2CAEC00
#define OS_FORWARD_MSG 0x22C60E0 #define OS_FORWARD_MSG 0x22C60E0
#define OS_GET_EMOTION_MGR 0x1bcef10 #define OS_GET_EMOTION_MGR 0x1BCEF10
#define OS_SEND_EMOTION 0x21b52d5 #define OS_SEND_EMOTION 0x21B52D5
#define OS_XML_BUGSIGN 0x24F0D70 #define OS_XML_BUGSIGN 0x24F0D70
#define OS_SEND_XML 0x20CF360 #define OS_SEND_XML 0x20CF360
@ -45,9 +45,8 @@ typedef QWORD (*ForwardMsg_t)(QWORD, QWORD, QWORD, QWORD);
typedef QWORD (*GetEmotionMgr_t)(); typedef QWORD (*GetEmotionMgr_t)();
typedef QWORD (*SendEmotion_t)(QWORD, QWORD, QWORD, QWORD, QWORD, QWORD, QWORD, QWORD); typedef QWORD (*SendEmotion_t)(QWORD, QWORD, QWORD, QWORD, QWORD, QWORD, QWORD, QWORD);
typedef QWORD (*__XmlBufSignFunc)(QWORD, QWORD, QWORD);
typedef QWORD(*__XmlBufSignFunc)(QWORD, QWORD, QWORD); typedef QWORD (*__SendXmlMsgFunc)(QWORD, QWORD, QWORD, QWORD, QWORD, QWORD, QWORD, QWORD, QWORD, QWORD);
typedef QWORD(*__SendXmlMsgFunc)(QWORD, QWORD, QWORD, QWORD, QWORD, QWORD, QWORD, QWORD, QWORD, QWORD);
void SendTextMessage(string wxid, string msg, string atWxids) void SendTextMessage(string wxid, string msg, string atWxids)
{ {
@ -234,51 +233,42 @@ void SendEmotionMessage(string wxid, string path)
SendEmotion(mgr, (QWORD)pWxPath, (QWORD)buff, (QWORD)pWxWxid, 2, (QWORD)buff, 0, (QWORD)buff); SendEmotion(mgr, (QWORD)pWxPath, (QWORD)buff, (QWORD)pWxWxid, 2, (QWORD)buff, 0, (QWORD)buff);
} }
void SendXmlMessage(string receiver, string xml, string path, QWORD type) void SendXmlMessage(string receiver, string xml, string path, QWORD type)
{ {
if (g_WeChatWinDllAddr == 0) { if (g_WeChatWinDllAddr == 0) {
return; return;
} }
New_t funcNew = (New_t)(g_WeChatWinDllAddr + OS_NEW);
New_t funcNew = (New_t)(g_WeChatWinDllAddr + OS_NEW);
Free_t funcFree = (Free_t)(g_WeChatWinDllAddr + OS_FREE); Free_t funcFree = (Free_t)(g_WeChatWinDllAddr + OS_FREE);
DWORD xmlBufSign = g_WeChatWinDllAddr + OS_XML_BUGSIGN; DWORD xmlBufSign = g_WeChatWinDllAddr + OS_XML_BUGSIGN;
DWORD sendXmlMsg = g_WeChatWinDllAddr + OS_SEND_XML; DWORD sendXmlMsg = g_WeChatWinDllAddr + OS_SEND_XML;
__XmlBufSignFunc xmlBufSignFunc = (__XmlBufSignFunc)xmlBufSign; __XmlBufSignFunc xmlBufSignFunc = (__XmlBufSignFunc)xmlBufSign;
__SendXmlMsgFunc sendXmlMsgFunc = (__SendXmlMsgFunc)sendXmlMsg; __SendXmlMsgFunc sendXmlMsgFunc = (__SendXmlMsgFunc)sendXmlMsg;
char buff[0x500] = { 0 };
char buff[0x500] = { 0 }; char buff2[0x500] = { 0 };
char buff2[0x500] = { 0 };
char nullBuf[0x1C] = { 0 }; char nullBuf[0x1C] = { 0 };
DWORD pBuf = reinterpret_cast<DWORD>(&buff); DWORD pBuf = (DWORD)(&buff);
DWORD pBuf2 = reinterpret_cast<DWORD>(&buff2); DWORD pBuf2 = (DWORD)(&buff2);
funcNew(pBuf); funcNew(pBuf);
funcNew(pBuf2); funcNew(pBuf2);
DWORD sbuf[4] = { 0,0,0, 0 }; DWORD sbuf[4] = { 0, 0, 0, 0 };
DWORD sign = xmlBufSignFunc(pBuf2, reinterpret_cast<DWORD>(&sbuf), 0x1); DWORD sign = xmlBufSignFunc(pBuf2, (DWORD)(&sbuf), 0x1);
WxString *pReceiver = NewWxStringFromStr(receiver);
WxString *pXml = NewWxStringFromStr(xml);
WxString *pPath = NewWxStringFromStr(path);
WxString *pSender = NewWxStringFromStr(GetSelfWxid());
WxString* pReceiver = NewWxStringFromStr(receiver); sendXmlMsgFunc(pBuf, (QWORD)pSender, (QWORD)pReceiver, (QWORD)pXml, (QWORD)pPath, (QWORD)(&nullBuf), type, 0x4,
WxString* pXml = NewWxStringFromStr(xml); sign, pBuf2);
WxString* pPath = NewWxStringFromStr(path);
WxString* pSender = NewWxStringFromStr(GetSelfWxid()); funcFree((QWORD)&buff));
funcFree((QWORD)&buff2));
//sendXmlMsgFunc(pBuf, pSender, pReceiver, pXml, pPath, reinterpret_cast<DWORD>(&nullBuf), pType, 0x4, sign, pBuf2);
sendXmlMsgFunc(pBuf, reinterpret_cast<UINT64>(pSender), reinterpret_cast<UINT64>(pReceiver), reinterpret_cast<UINT64>(pXml), reinterpret_cast<UINT64>(pPath), reinterpret_cast<UINT64>(&nullBuf), type, 0x4, sign, pBuf2);
funcFree(reinterpret_cast<UINT64>(&buff));
funcFree(reinterpret_cast<UINT64>(&buff2));
} }

20
WeChatFerry/spy/sqlite3.h
View File

@ -159,22 +159,22 @@
typedef int (*Sqlite3_callback)(void *, int, char **, char **); typedef int (*Sqlite3_callback)(void *, int, char **, char **);
typedef int(__cdecl *Sqlite3_exec)(QWORD, /* An open database */ typedef int(__cdecl *Sqlite3_exec)(QWORD, /* An open database */
const char *sql, /* SQL to be evaluated */ const char *sql, /* SQL to be evaluated */
Sqlite3_callback, /* Callback function */ Sqlite3_callback, /* Callback function */
void *, /* 1st argument to callback */ void *, /* 1st argument to callback */
char **errmsg /* Error msg written here */ char **errmsg /* Error msg written here */
); );
typedef QWORD(__cdecl *Sqlite3_backup_init)(QWORD *pDest, /* Destination database handle */ typedef QWORD(__cdecl *Sqlite3_backup_init)(QWORD *pDest, /* Destination database handle */
const char *zDestName, /* Destination database name */ const char *zDestName, /* Destination database name */
QWORD *pSource, /* Source database handle */ QWORD *pSource, /* Source database handle */
const char *zSourceName /* Source database name */ const char *zSourceName /* Source database name */
); );
typedef int(__cdecl *Sqlite3_prepare)(QWORD db, /* Database handle */ typedef int(__cdecl *Sqlite3_prepare)(QWORD db, /* Database handle */
const char *zSql, /* SQL statement, UTF-8 encoded */ const char *zSql, /* SQL statement, UTF-8 encoded */
int nByte, /* Maximum length of zSql in bytes. */ int nByte, /* Maximum length of zSql in bytes. */
QWORD **ppStmt, /* OUT: Statement handle */ QWORD **ppStmt, /* OUT: Statement handle */
const char **pzTail /* OUT: Pointer to unused portion of zSql */ const char **pzTail /* OUT: Pointer to unused portion of zSql */
); );
typedef int(__cdecl *Sqlite3_open)(const char *filename, QWORD **ppDb); typedef int(__cdecl *Sqlite3_open)(const char *filename, QWORD **ppDb);
typedef int(__cdecl *Sqlite3_backup_step)(QWORD *p, int nPage); typedef int(__cdecl *Sqlite3_backup_step)(QWORD *p, int nPage);

6
WeChatFerry/spy/user_info.cpp
View File

@ -5,9 +5,9 @@
extern UINT64 g_WeChatWinDllAddr; extern UINT64 g_WeChatWinDllAddr;
#define OS_USER_HOME 0x5932770 #define OS_USER_HOME 0x5932770
#define OS_USER_WXID 0x595c270 #define OS_USER_WXID 0x595C270
#define OS_USER_NAME 0x595c3d8 #define OS_USER_NAME 0x595C3D8
#define OS_USER_MOBILE 0x595c318 #define OS_USER_MOBILE 0x595C318
static char home[MAX_PATH] = { 0 }; static char home[MAX_PATH] = { 0 };