From dc51b7b5a79db4f8e64b0249bc9fd5521d2866e5 Mon Sep 17 00:00:00 2001 From: Changhua Date: Tue, 4 Feb 2025 17:27:35 +0800 Subject: [PATCH] Refactoring --- WeChatFerry/com/util.cpp | 141 +++++++++++++++++------------- WeChatFerry/com/util.h | 30 ++++--- WeChatFerry/spy/chatroom_mgmt.cpp | 14 +-- WeChatFerry/spy/contact_mgmt.cpp | 8 +- WeChatFerry/spy/exec_sql.cpp | 40 ++++----- WeChatFerry/spy/funcs.cpp | 20 ++--- WeChatFerry/spy/funcs.h | 4 +- WeChatFerry/spy/receive_msg.cpp | 12 +-- WeChatFerry/spy/receive_msg.h | 2 +- WeChatFerry/spy/spy.cpp | 2 +- WeChatFerry/spy/user_info.cpp | 6 +- 11 files changed, 152 insertions(+), 127 deletions(-) diff --git a/WeChatFerry/com/util.cpp b/WeChatFerry/com/util.cpp index 21b0039..7d13348 100644 --- a/WeChatFerry/com/util.cpp +++ b/WeChatFerry/com/util.cpp @@ -2,14 +2,13 @@ #include #include -#include -#include +#include #include -#include -#include #include #include "framework.h" +#include +#include #include "log.hpp" @@ -61,7 +60,7 @@ DWORD get_wechat_pid() PROCESSENTRY32 pe32 = { sizeof(PROCESSENTRY32) }; while (Process32Next(hSnapshot, &pe32)) { - if (std::wstring(pe32.szExeFile) == WECHATEXE) { + if (w2s(pe32.szExeFile) == WECHATEXE) { pid = pe32.th32ProcessID; break; } @@ -70,100 +69,125 @@ DWORD get_wechat_pid() return pid; } -int open_wechat(DWORD *pid) +int open_wechat(DWORD &pid) { - *pid = get_wechat_pid(); - if (*pid) return ERROR_SUCCESS; + pid = get_wechat_pid(); + if (pid != 0) { + return ERROR_SUCCESS; + } - WCHAR path[MAX_PATH] = { 0 }; - if (GetModuleFileNameW(nullptr, path, MAX_PATH) == 0) { - return GetLastError(); + auto wechat_path = util::get_wechat_path(); + if (!wechat_path) { + LOG_ERROR("获取 WeChat 安装路径失败"); + return ERROR_FILE_NOT_FOUND; } STARTUPINFO si = { sizeof(si) }; - PROCESS_INFORMATION pi = { 0 }; - - if (!CreateProcessW(nullptr, path, nullptr, nullptr, FALSE, CREATE_NEW_CONSOLE, nullptr, nullptr, &si, &pi)) { + PROCESS_INFORMATION pi = {}; + if (!CreateProcessA(wechat_path->c_str(), nullptr, nullptr, nullptr, FALSE, CREATE_NEW_CONSOLE, nullptr, nullptr, + &si, &pi)) { return GetLastError(); } CloseHandle(pi.hThread); CloseHandle(pi.hProcess); - *pid = pi.dwProcessId; + pid = pi.dwProcessId; return ERROR_SUCCESS; } -static std::optional get_wechat_win_dll_path() +std::optional get_wechat_path() { - char path[MAX_PATH] = { 0 }; - if (GetWeChatPath(path) != ERROR_SUCCESS) { + HKEY hKey; + if (RegOpenKeyExA(HKEY_CURRENT_USER, "Software\\Tencent\\WeChat", 0, KEY_READ, &hKey) != ERROR_SUCCESS) { + LOG_ERROR("无法打开注册表项"); return std::nullopt; } - PathRemoveFileSpecA(path); - PathAppendA(path, WECHATWINDLL); - - if (!PathFileExistsA(path)) { - // 微信 3.7+ 版本增加了一层目录 - PathRemoveFileSpecA(path); - _finddata_t findData; - std::string dir = std::string(path) + "\\[*.*"; - intptr_t handle = _findfirst(dir.c_str(), &findData); - if (handle == -1) { - return std::nullopt; - } - _findclose(handle); - - std::string dllPath = std::string(path) + "\\" + findData.name + "\\" + WECHATWINDLL; - return dllPath; + char path[MAX_PATH] = { 0 }; + DWORD type = REG_SZ; + DWORD size = sizeof(path); + if (RegQueryValueExA(hKey, "InstallPath", nullptr, &type, reinterpret_cast(path), &size) != ERROR_SUCCESS) { + RegCloseKey(hKey); + LOG_ERROR("无法读取注册表中的 InstallPath"); + return std::nullopt; } + RegCloseKey(hKey); + PathAppendA(path, WECHATEXE); return std::string(path); } -static std::optional get_file_version(const std::string &filePath) +std::optional get_wechat_win_dll_path() { - if (filePath.empty() || !PathFileExistsA(filePath.c_str())) { + auto wechat_path = get_wechat_path(); + if (!wechat_path) { return std::nullopt; } - DWORD handle = 0; - DWORD size = GetFileVersionInfoSizeA(filePath.c_str(), &handle); + std::string dll_path = *wechat_path; + PathRemoveFileSpecA(dll_path.data()); + PathAppendA(dll_path.data(), WECHATWINDLL); + + if (PathFileExistsA(dll_path.c_str())) { + return dll_path; + } + + // 微信从(大约)3.7开始,增加了一层版本目录: [3.7.0.29] + PathRemoveFileSpecA(dll_path.data()); + WIN32_FIND_DATAA find_data; + HANDLE hFind = FindFirstFileA((dll_path + "\\*.*").c_str(), &find_data); + if (hFind == INVALID_HANDLE_VALUE) { + return std::nullopt; + } + FindClose(hFind); + + std::string versioned_path = dll_path + "\\" + find_data.cFileName + WECHATWINDLL; + return PathFileExistsA(versioned_path.c_str()) ? std::optional(versioned_path) : std::nullopt; +} + +std::optional get_file_version(const std::string &file_path) +{ + if (!PathFileExistsA(file_path.c_str())) { + return std::nullopt; + } + + DWORD dummy = 0; + DWORD size = GetFileVersionInfoSizeA(file_path.c_str(), &dummy); if (size == 0) { return std::nullopt; } - std::vector data(size); - if (!GetFileVersionInfoA(filePath.c_str(), 0, size, data.data())) { + std::vector buffer(size); + if (!GetFileVersionInfoA(file_path.c_str(), 0, size, buffer.data())) { return std::nullopt; } - VS_FIXEDFILEINFO *verInfo = nullptr; - UINT len = 0; - if (!VerQueryValueA(data.data(), "\\", reinterpret_cast(&verInfo), &len) || len == 0) { + VS_FIXEDFILEINFO *ver_info = nullptr; + UINT ver_size = 0; + if (!VerQueryValueA(buffer.data(), "\\", reinterpret_cast(&ver_info), &ver_size)) { return std::nullopt; } - char version[32]; - StringCbPrintfA(version, sizeof(version), "%d.%d.%d.%d", HIWORD(verInfo->dwFileVersionMS), - LOWORD(verInfo->dwFileVersionMS), HIWORD(verInfo->dwFileVersionLS), - LOWORD(verInfo->dwFileVersionLS)); - - return std::string(version); + return fmt::format("{}.{}.{}.{}", HIWORD(ver_info->dwFileVersionMS), LOWORD(ver_info->dwFileVersionMS), + HIWORD(ver_info->dwFileVersionLS), LOWORD(ver_info->dwFileVersionLS)); } std::string get_wechat_version() { - std::string version = ""; - - auto dllPath = get_wechat_win_dll_path(); - if (!dllPath) { - return version; + auto dll_path = get_wechat_win_dll_path(); + if (!dll_path) { + LOG_ERROR("无法获取 WeChatWin.dll 路径"); + return ""; } - version = get_file_version(*dllPath); - return version ? version : ""; + auto version = get_file_version(*dll_path); + if (!version) { + LOG_ERROR("无法获取 WeChat 版本信息"); + return ""; + } + + return *version; } uint32_t get_memory_int_by_address(HANDLE hProcess, uint64_t addr) @@ -171,10 +195,7 @@ uint32_t get_memory_int_by_address(HANDLE hProcess, uint64_t addr) uint32_t value = 0; if (!addr || !hProcess) return value; - unsigned char data[4] = { 0 }; - if (ReadProcessMemory(hProcess, reinterpret_cast(addr), data, sizeof(data), nullptr)) { - value = data[0] | (data[1] << 8) | (data[2] << 16) | (data[3] << 24); - } + ReadProcessMemory(hProcess, reinterpret_cast(addr), &value, sizeof(value), nullptr); return value; } diff --git a/WeChatFerry/com/util.h b/WeChatFerry/com/util.h index 9169ddd..71d0bd7 100644 --- a/WeChatFerry/com/util.h +++ b/WeChatFerry/com/util.h @@ -1,15 +1,17 @@ #pragma once #include +#include #include +#include #include "spy_types.h" namespace util { -inline constexpr wchar_t WECHATEXE[] = L"WeChat.exe"; -inline constexpr wchar_t WECHATWINDLL[] = L"WeChatWin.dll"; +inline constexpr char WECHATEXE[] = "WeChat.exe"; +inline constexpr char WECHATWINDLL[] = "WeChatWin.dll"; inline constexpr wchar_t WCFSDKDLL[] = L"sdk.dll"; inline constexpr wchar_t WCFSPYDLL[] = L"spy.dll"; inline constexpr wchar_t WCFSPYDLL_DEBUG[] = L"spy_debug.dll"; @@ -19,6 +21,16 @@ struct PortPath { char path[MAX_PATH]; }; +DWORD get_wechat_pid(); +int open_wechat(DWORD *pid); +std::string get_wechat_version(); +uint32_t get_memory_int_by_address(HANDLE hProcess, uint64_t addr); +std::wstring get_unicode_info_by_address(HANDLE hProcess, uint64_t addr); +std::wstring s2w(const std::string &s); +std::string w2s(const std::wstring &ws); +std::string gb2312_to_utf8(const char *gb2312); +void dbg_msg(const char *format, ...); + inline DWORD get_dword(uint64_t addr) { return addr ? *reinterpret_cast(addr) : 0; } inline QWORD get_qword(uint64_t addr) { return addr ? *reinterpret_cast(addr) : 0; } inline uint64_t get_uint64(uint64_t addr) { return addr ? *reinterpret_cast(addr) : 0; } @@ -47,12 +59,12 @@ inline std::wstring get_pp_wstring(uint64_t addr) if (!addr) return L""; const wchar_t *ptr = *reinterpret_cast(addr); - return (ptr && *ptr) ? std::wstring(ptr) : ""; + return (ptr && *ptr) ? std::wstring(ptr) : L""; } inline std::string get_pp_len_string(uint64_t addr) { size_t len = get_dword(addr + 8); - return (addr && len) ? std::string(*reinterpret_cast(addr), len) : L""; + return (addr && len) ? std::string(*reinterpret_cast(addr), len) : ""; } inline std::wstring get_pp_len_wstring(uint64_t addr) { @@ -61,16 +73,6 @@ inline std::wstring get_pp_len_wstring(uint64_t addr) } inline std::string get_str_by_wstr_addr(uint64_t addr) { return w2s(get_pp_len_wstring(addr)); } -DWORD get_wechat_pid(); -int open_wechat(DWORD *pid); -std::string get_wechat_version(); -uint32_t get_memory_int_by_address(HANDLE hProcess, uint64_t addr); -std::wstring get_unicode_info_by_address(HANDLE hProcess, uint64_t addr); -std::wstring s2w(const std::string &s); -std::string w2s(const std::wstring &ws); -std::string gb2312_to_utf8(const char *gb2312); -void dbg_msg(const char *format, ...); - std::unique_ptr new_wx_string(const char *str); std::unique_ptr new_wx_string(const wchar_t *wstr); std::unique_ptr new_wx_string(const std::string &str); diff --git a/WeChatFerry/spy/chatroom_mgmt.cpp b/WeChatFerry/spy/chatroom_mgmt.cpp index 589fd52..5cef8df 100644 --- a/WeChatFerry/spy/chatroom_mgmt.cpp +++ b/WeChatFerry/spy/chatroom_mgmt.cpp @@ -45,10 +45,10 @@ int add_chatroom_member(const string &roomid, const string &wxids) = reinterpret_cast(g_WeChatWinDllAddr + OS_ADD_MEMBERS); vector wx_members = parse_wxids(wxids); - WxString *p_wx_roomid = NewWxStringFromStr(roomid); + auto wx_roomid = util::new_wx_string(roomid); QWORD p_members = reinterpret_cast(&wx_members.front()); - return static_cast(add_members(get_chatroom_mgr(), p_members, reinterpret_cast(p_wx_roomid), 0)); + return static_cast(add_members(get_chatroom_mgr(), p_members, reinterpret_cast(wx_roomid.get()), 0)); } int del_chatroom_member(const string &roomid, const string &wxids) @@ -64,10 +64,10 @@ int del_chatroom_member(const string &roomid, const string &wxids) = reinterpret_cast(g_WeChatWinDllAddr + OS_DELETE_MEMBERS); vector wx_members = parse_wxids(wxids); - WxString *p_wx_roomid = NewWxStringFromStr(roomid); + auto wx_roomid = util::new_wx_string(roomid); QWORD p_members = reinterpret_cast(&wx_members.front()); - return static_cast(del_members(get_chatroom_mgr(), p_members, reinterpret_cast(p_wx_roomid))); + return static_cast(del_members(get_chatroom_mgr(), p_members, reinterpret_cast(wx_roomid.get()))); } int invite_chatroom_member(const string &roomid, const string &wxids) @@ -81,11 +81,11 @@ int invite_chatroom_member(const string &roomid, const string &wxids) = reinterpret_cast(g_WeChatWinDllAddr + OS_INVITE_MEMBERS); vector wx_members = parse_wxids(wxids); - WxString *p_wx_roomid = NewWxStringFromStr(roomid); + auto wx_roomid = util::new_wx_string(roomid); QWORD p_members = reinterpret_cast(&wx_members.front()); - return static_cast(invite_members(reinterpret_cast(p_wx_roomid->wptr), p_members, - reinterpret_cast(p_wx_roomid), 0)); + return static_cast(invite_members(reinterpret_cast(wx_roomid.get()->wptr), p_members, + reinterpret_cast(wx_roomid.get()), 0)); } bool rpc_add_chatroom_member(const string &roomid, const string &wxids, uint8_t *out, size_t *len) diff --git a/WeChatFerry/spy/contact_mgmt.cpp b/WeChatFerry/spy/contact_mgmt.cpp index 85c5740..6c6c631 100644 --- a/WeChatFerry/spy/contact_mgmt.cpp +++ b/WeChatFerry/spy/contact_mgmt.cpp @@ -51,7 +51,7 @@ static string get_cnt_string(QWORD start, QWORD end, const uint8_t *feat, size_t return ""; } - DWORD lfeat = GET_DWORD(pfeat + len); + DWORD lfeat = util::get_dword(pfeat + len); if (lfeat <= 2) { return ""; } @@ -78,8 +78,8 @@ vector get_contacts() QWORD pend = addr[2]; while (pstart < pend) { RpcContact_t cnt; - QWORD pbin = GET_QWORD(pstart + OS_CONTACT_BIN); - QWORD lenbin = GET_DWORD(pstart + OS_CONTACT_BIN_LEN); + QWORD pbin = util::get_qword(pstart + OS_CONTACT_BIN); + QWORD lenbin = util::get_dword(pstart + OS_CONTACT_BIN_LEN); cnt.wxid = util::get_str_by_wstr_addr(pstart + OS_CONTACT_WXID); cnt.code = util::get_str_by_wstr_addr(pstart + OS_CONTACT_CODE); @@ -180,7 +180,7 @@ RpcContact_t get_contact_by_wxid(const string &wxid) contact.code = util::get_str_by_wstr_addr(reinterpret_cast(buff) + g_WxCalls.contact.wxCode); contact.remark = util::get_str_by_wstr_addr(reinterpret_cast(buff) + g_WxCalls.contact.wxRemark); contact.name = util::get_str_by_wstr_addr(reinterpret_cast(buff) + g_WxCalls.contact.wxName); - contact.gender = GET_DWORD(reinterpret_cast(buff) + 0x148); + contact.gender = util::get_dword(reinterpret_cast(buff) + 0x148); __asm { PUSHAD diff --git a/WeChatFerry/spy/exec_sql.cpp b/WeChatFerry/spy/exec_sql.cpp index 89678c1..1993ecd 100644 --- a/WeChatFerry/spy/exec_sql.cpp +++ b/WeChatFerry/spy/exec_sql.cpp @@ -31,24 +31,24 @@ static void get_db_handle(QWORD base, QWORD offset) { auto *wsp = reinterpret_cast(*(QWORD *)(base + offset + OFFSET_DB_NAME)); std::string dbname = util::w2s(std::wstring(wsp)); - db_map[dbname] = GET_QWORD(base + offset); + db_map[dbname] = util::get_qword(base + offset); } static void get_msg_db_handle(QWORD msg_mgr_addr) { - QWORD db_index = GET_QWORD(msg_mgr_addr + 0x68); - QWORD p_start = GET_QWORD(msg_mgr_addr + 0x50); + QWORD db_index = util::get_qword(msg_mgr_addr + 0x68); + QWORD p_start = util::get_qword(msg_mgr_addr + 0x50); for (uint32_t i = 0; i < db_index; i++) { - QWORD db_addr = GET_QWORD(p_start + i * 0x08); + QWORD db_addr = util::get_qword(p_start + i * 0x08); if (db_addr) { // MSGi.db - std::string dbname = util::w2s(get_pp_wstring(db_addr)); - db_map[dbname] = GET_QWORD(db_addr + 0x78); + std::string dbname = util::w2s(util::get_pp_wstring(db_addr)); + db_map[dbname] = util::get_qword(db_addr + 0x78); // MediaMsgi.db - QWORD mmdb_addr = GET_QWORD(db_addr + 0x20); - std::string mmdbname = util::w2s(get_pp_wstring(mmdb_addr + 0x78)); - db_map[mmdbname] = GET_QWORD(mmdb_addr + 0x50); + QWORD mmdb_addr = util::get_qword(db_addr + 0x20); + std::string mmdbname = util::w2s(util::get_pp_wstring(mmdb_addr + 0x78)); + db_map[mmdbname] = util::get_qword(mmdb_addr + 0x50); } } } @@ -56,7 +56,7 @@ static void get_msg_db_handle(QWORD msg_mgr_addr) db_map_t get_db_handles() { db_map.clear(); - QWORD db_instance_addr = GET_QWORD(g_WeChatWinDllAddr + OFFSET_DB_INSTANCE); + QWORD db_instance_addr = util::get_qword(g_WeChatWinDllAddr + OFFSET_DB_INSTANCE); get_db_handle(db_instance_addr, OFFSET_DB_MICROMSG); // MicroMsg.db get_db_handle(db_instance_addr, OFFSET_DB_CHAT_MSG); // ChatMsg.db @@ -65,7 +65,7 @@ db_map_t get_db_handles() get_db_handle(db_instance_addr, OFFSET_DB_MEDIA); // Media.db get_db_handle(db_instance_addr, OFFSET_DB_FUNCTION_MSG); // Function.db - get_msg_db_handle(GET_QWORD(g_WeChatWinDllAddr + OFFSET_DB_MSG_MGR)); // MSGi.db & MediaMsgi.db + get_msg_db_handle(util::get_qword(g_WeChatWinDllAddr + OFFSET_DB_MSG_MGR)); // MSGi.db & MediaMsgi.db return db_map; } @@ -189,19 +189,19 @@ int get_local_id_and_dbidx(uint64_t id, uint64_t *local_id, uint32_t *db_idx) return -1; } - QWORD msg_mgr_addr = GET_QWORD(g_WeChatWinDllAddr + OFFSET_DB_MSG_MGR); - int db_index = static_cast(GET_QWORD(msg_mgr_addr + 0x68)); // 总不能 int 还不够吧? - QWORD p_start = GET_QWORD(msg_mgr_addr + 0x50); + QWORD msg_mgr_addr = util::get_qword(g_WeChatWinDllAddr + OFFSET_DB_MSG_MGR); + int db_index = static_cast(util::get_qword(msg_mgr_addr + 0x68)); // 总不能 int 还不够吧? + QWORD p_start = util::get_qword(msg_mgr_addr + 0x50); *db_idx = 0; for (int i = db_index - 1; i >= 0; i--) { // 从后往前遍历 - QWORD db_addr = GET_QWORD(p_start + i * 0x08); + QWORD db_addr = util::get_qword(p_start + i * 0x08); if (!db_addr) { continue; } - std::string dbname = util::w2s(get_pp_wstring(db_addr)); - db_map[dbname] = GET_QWORD(db_addr + 0x78); + std::string dbname = util::w2s(util::get_pp_wstring(db_addr)); + db_map[dbname] = util::get_qword(db_addr + 0x78); std::string sql = "SELECT localId FROM MSG WHERE MsgSvrID=" + std::to_string(id) + ";"; DbRows_t rows = exec_db_query(dbname, sql); @@ -223,7 +223,7 @@ int get_local_id_and_dbidx(uint64_t id, uint64_t *local_id, uint32_t *db_idx) continue; } - *db_idx = static_cast(GET_QWORD(GET_QWORD(db_addr + 0x28) + 0x1E8) >> 32); + *db_idx = static_cast(util::get_qword(util::get_qword(db_addr + 0x28) + 0x1E8) >> 32); return 0; } @@ -232,8 +232,8 @@ int get_local_id_and_dbidx(uint64_t id, uint64_t *local_id, uint32_t *db_idx) std::vector get_audio_data(uint64_t id) { - QWORD msg_mgr_addr = GET_QWORD(g_WeChatWinDllAddr + OFFSET_DB_MSG_MGR); - int db_index = static_cast(GET_QWORD(msg_mgr_addr + 0x68)); + QWORD msg_mgr_addr = util::get_qword(g_WeChatWinDllAddr + OFFSET_DB_MSG_MGR); + int db_index = static_cast(util::get_qword(msg_mgr_addr + 0x68)); std::string sql = "SELECT Buf FROM Media WHERE Reserved0=" + std::to_string(id) + ";"; for (int i = db_index - 1; i >= 0; i--) { diff --git a/WeChatFerry/spy/funcs.cpp b/WeChatFerry/spy/funcs.cpp index 94b8b64..b27642d 100644 --- a/WeChatFerry/spy/funcs.cpp +++ b/WeChatFerry/spy/funcs.cpp @@ -51,7 +51,7 @@ typedef QWORD (*PushAttachTask_t)(QWORD, QWORD, QWORD, QWORD); typedef QWORD (*GetOCRManager_t)(); typedef QWORD (*DoOCRTask_t)(QWORD, QWORD, QWORD, QWORD, QWORD, QWORD); -int IsLogin(void) { return (int)GET_QWORD(g_WeChatWinDllAddr + OS_LOGIN_STATUS); } +int IsLogin(void) { return (int)util::get_qword(g_WeChatWinDllAddr + OS_LOGIN_STATUS); } static string get_key(uint8_t header1, uint8_t header2, uint8_t *key) { @@ -230,7 +230,7 @@ int DownloadAttach(QWORD id, string thumb, string extra) GetChatMgr(); GetMgrByPrefixLocalId(l.QuadPart, pChatMsg); - QWORD type = GET_QWORD(buff + 0x38); + QWORD type = util::get_qword(reinterpret_cast(buff) + 0x38); string save_path = ""; string thumb_path = ""; @@ -262,12 +262,12 @@ int DownloadAttach(QWORD id, string thumb, string extra) // 创建父目录,由于路径来源于微信,不做检查 fs::create_directory(fs::path(save_path).parent_path().string()); - int temp = 1; - WxString *pSavePath = NewWxStringFromStr(save_path); - WxString *pThumbPath = NewWxStringFromStr(thumb_path); + int temp = 1; + auto wx_save_path = util::new_wx_string(save_path); + auto wx_thumb_path = util::new_wx_string(thumb_path); - memcpy(&buff[0x280], pThumbPath, sizeof(WxString)); - memcpy(&buff[0x2A0], pSavePath, sizeof(WxString)); + memcpy(&buff[0x280], wx_thumb_path.get(), sizeof(WxString)); + memcpy(&buff[0x2A0], wx_save_path.get(), sizeof(WxString)); memcpy(&buff[0x40C], &temp, sizeof(temp)); QWORD mgr = GetPreDownLoadMgr(); @@ -354,11 +354,11 @@ OcrResult_t GetOcrResult(string path) QWORD mgr = GetOCRManager(); ret.status = (int)DoOCRTask(mgr, (QWORD)&wxPath, unused, (QWORD)buff, (QWORD)&pUnk1, (QWORD)&pUnk2); - QWORD count = GET_QWORD(buff + 0x8); + QWORD count = util::get_qword(buff + 0x8); if (count > 0) { - QWORD header = GET_QWORD(buff); + QWORD header = util::get_qword(buff); for (QWORD i = 0; i < count; i++) { - QWORD content = GET_QWORD(header); + QWORD content = util::get_qword(header); ret.result += util::w2s(get_pp_wstring(content + 0x28)); ret.result += "\n"; header = content; diff --git a/WeChatFerry/spy/funcs.h b/WeChatFerry/spy/funcs.h index cc0f89d..c25f076 100644 --- a/WeChatFerry/spy/funcs.h +++ b/WeChatFerry/spy/funcs.h @@ -3,6 +3,8 @@ #include "stdint.h" #include +#include "pb_types.h" + int IsLogin(void); std::string GetAudio(uint64_t id, std::string dir); std::string GetPCMAudio(uint64_t id, std::string dir, int32_t sr); @@ -11,5 +13,5 @@ int RefreshPyq(uint64_t id); int DownloadAttach(uint64_t id, std::string thumb, std::string extra); int RevokeMsg(uint64_t id); OcrResult_t GetOcrResult(std::string path); -string GetLoginUrl(); +std::string GetLoginUrl(); int ReceiveTransfer(std::string wxid, std::string transferid, std::string transactionid); diff --git a/WeChatFerry/spy/receive_msg.cpp b/WeChatFerry/spy/receive_msg.cpp index 6ce84a2..ceab7dc 100644 --- a/WeChatFerry/spy/receive_msg.cpp +++ b/WeChatFerry/spy/receive_msg.cpp @@ -38,10 +38,10 @@ QWORD MessageHandler::DispatchMsg(QWORD arg1, QWORD arg2) auto &handler = getInstance(); WxMsg_t wxMsg = {}; try { - wxMsg.id = GET_QWORD(arg2 + OS_RECV_MSG_ID); - wxMsg.type = GET_DWORD(arg2 + OS_RECV_MSG_TYPE); - wxMsg.is_self = GET_DWORD(arg2 + OS_RECV_MSG_SELF); - wxMsg.ts = GET_DWORD(arg2 + OS_RECV_MSG_TS); + wxMsg.id = util::get_qword(arg2 + OS_RECV_MSG_ID); + wxMsg.type = util::get_dword(arg2 + OS_RECV_MSG_TYPE); + wxMsg.is_self = util::get_dword(arg2 + OS_RECV_MSG_SELF); + wxMsg.ts = util::get_dword(arg2 + OS_RECV_MSG_TS); wxMsg.content = util::get_str_by_wstr_addr(arg2 + OS_RECV_MSG_CONTENT); wxMsg.sign = util::get_str_by_wstr_addr(arg2 + OS_RECV_MSG_SIGN); wxMsg.xml = util::get_str_by_wstr_addr(arg2 + OS_RECV_MSG_XML); @@ -98,8 +98,8 @@ void MessageHandler::DispatchPyq(QWORD arg1, QWORD arg2, QWORD arg3) wxMsg.type = 0x00; wxMsg.is_self = false; wxMsg.is_group = false; - wxMsg.id = GET_QWORD(startAddr); - wxMsg.ts = GET_DWORD(startAddr + OS_PYQ_MSG_TS); + wxMsg.id = util::get_qword(startAddr); + wxMsg.ts = util::get_dword(startAddr + OS_PYQ_MSG_TS); wxMsg.xml = util::get_str_by_wstr_addr(startAddr + OS_PYQ_MSG_XML); wxMsg.sender = util::get_str_by_wstr_addr(startAddr + OS_PYQ_MSG_SENDER); wxMsg.content = util::get_str_by_wstr_addr(startAddr + OS_PYQ_MSG_CONTENT); diff --git a/WeChatFerry/spy/receive_msg.h b/WeChatFerry/spy/receive_msg.h index 0e2f314..a2559ef 100644 --- a/WeChatFerry/spy/receive_msg.h +++ b/WeChatFerry/spy/receive_msg.h @@ -5,11 +5,11 @@ #include #include #include -#include #include "MinHook.h" #include "pb_types.h" +#include "spy_types.h" class MessageHandler { diff --git a/WeChatFerry/spy/spy.cpp b/WeChatFerry/spy/spy.cpp index f78b65d..5fbe07f 100644 --- a/WeChatFerry/spy/spy.cpp +++ b/WeChatFerry/spy/spy.cpp @@ -13,7 +13,7 @@ UINT64 g_WeChatWinDllAddr = 0; void InitSpy(LPVOID args) { - auto *pp = static_cast(args); + auto *pp = static_cast(args); Log::InitLogger(pp->path); if (auto dll_addr = GetModuleHandle(L"WeChatWin.dll")) { diff --git a/WeChatFerry/spy/user_info.cpp b/WeChatFerry/spy/user_info.cpp index 2515d44..48ad23e 100644 --- a/WeChatFerry/spy/user_info.cpp +++ b/WeChatFerry/spy/user_info.cpp @@ -22,7 +22,7 @@ std::string get_home_path() static std::string home_path; std::call_once(flag, [] { - std::string path = util::w2s(get_pp_wstring(g_WeChatWinDllAddr + OS_USER_HOME)) + "\\WeChat Files\\"; + std::string path = util::w2s(util::get_pp_wstring(g_WeChatWinDllAddr + OS_USER_HOME)) + "\\WeChat Files\\"; home_path = std::filesystem::absolute(path).string(); }); @@ -37,7 +37,7 @@ std::string get_self_wxid() std::call_once(flag, [] { UINT64 wxid_type = 0; try { - wxid_type = GET_UINT64(g_WeChatWinDllAddr + OS_USER_WXID + 0x18); + wxid_type = util::get_qword(g_WeChatWinDllAddr + OS_USER_WXID + 0x18); if (wxid_type == 0xF) { wxid = util::get_p_string(g_WeChatWinDllAddr + OS_USER_WXID); } else { @@ -58,7 +58,7 @@ UserInfo_t get_user_info() UserInfo_t ui; ui.wxid = get_self_wxid(); - UINT64 name_type = GET_UINT64(g_WeChatWinDllAddr + OS_USER_NAME + 0x18); + UINT64 name_type = util::get_qword(g_WeChatWinDllAddr + OS_USER_NAME + 0x18); ui.name = (name_type == 0xF) ? util::get_p_string(g_WeChatWinDllAddr + OS_USER_NAME) : util::get_pp_string(g_WeChatWinDllAddr + OS_USER_NAME);