From dd02c4b6ff8628cfe88acb5341481fd205ed9b35 Mon Sep 17 00:00:00 2001 From: Changhua Date: Sat, 8 Apr 2023 18:58:10 +0800 Subject: [PATCH] Make url configurable --- launcher/Launcher.h | 2 +- sdk/injector.cpp | 4 ++-- sdk/injector.h | 2 +- sdk/sdk.cpp | 18 ++++++++++++++---- sdk/sdk.h | 2 +- spy/rpc_server.cpp | 13 ++++++------- spy/rpc_server.h | 2 +- spy/spy.cpp | 5 +++-- wcf/main.cpp | 8 ++++---- 9 files changed, 33 insertions(+), 23 deletions(-) diff --git a/launcher/Launcher.h b/launcher/Launcher.h index 32b6d0e..e697682 100644 --- a/launcher/Launcher.h +++ b/launcher/Launcher.h @@ -107,7 +107,7 @@ namespace launcher { private: System::Void Start_Click(System::Object^ sender, System::EventArgs^ e) { this->Start->Enabled = false; this->Stop->Enabled = true; - WxInitSDK(true); + WxInitSDK(true, "tcp://0.0.0.0:10086"); } private: System::Void Stop_Click(System::Object^ sender, System::EventArgs^ e) { this->Stop->Enabled = false; diff --git a/sdk/injector.cpp b/sdk/injector.cpp index 80a0751..38e5f97 100644 --- a/sdk/injector.cpp +++ b/sdk/injector.cpp @@ -69,14 +69,14 @@ static void *GetFuncAddr(LPCWSTR dllPath, HMODULE dllBase, LPCSTR funcName) return (void *)((DWORD)dllBase + offset); } -bool CallDllFunc(HANDLE process, LPCWSTR dllPath, HMODULE dllBase, LPCSTR funcName, DWORD *ret) +bool CallDllFunc(HANDLE process, LPCWSTR dllPath, HMODULE dllBase, LPCSTR funcName, LPVOID parameter, DWORD *ret) { void *pFunc = GetFuncAddr(dllPath, dllBase, funcName); if (pFunc == NULL) { return false; } - HANDLE hThread = CreateRemoteThread(process, NULL, 0, (LPTHREAD_START_ROUTINE)pFunc, NULL, 0, NULL); + HANDLE hThread = CreateRemoteThread(process, NULL, 0, (LPTHREAD_START_ROUTINE)pFunc, parameter, 0, NULL); if (hThread == NULL) { return false; } diff --git a/sdk/injector.h b/sdk/injector.h index 4f0f900..67d33a5 100644 --- a/sdk/injector.h +++ b/sdk/injector.h @@ -4,4 +4,4 @@ HANDLE InjectDll(DWORD pid, LPCWSTR dllPath, HMODULE *injectedBase); bool EjectDll(HANDLE process, HMODULE dllBase); -bool CallDllFunc(HANDLE process, LPCWSTR dllPath, HMODULE dllBase, LPCSTR funcName, DWORD *ret); +bool CallDllFunc(HANDLE process, LPCWSTR dllPath, HMODULE dllBase, LPCSTR funcName, LPVOID parameter, DWORD *ret); diff --git a/sdk/sdk.cpp b/sdk/sdk.cpp index 5a7d51c..9a96747 100644 --- a/sdk/sdk.cpp +++ b/sdk/sdk.cpp @@ -34,8 +34,12 @@ static int GetDllPath(bool debug, wchar_t *dllPath) return 0; } -int WxInitSDK(bool debug) +int WxInitSDK(bool debug, const char *url) { + if (url == NULL) { + return -1; + } + int status = 0; DWORD wcPid = 0; @@ -56,8 +60,15 @@ int WxInitSDK(bool debug) LOG_ERROR("Failed to Inject DLL into WeChat."); return -1; } + size_t urlLen = strlen(url) + 1; + LPVOID urlAddr = VirtualAllocEx(wcProcess, NULL, urlLen, MEM_COMMIT, PAGE_READWRITE); + if (urlAddr == NULL) { + LOG_ERROR("Failed to Alloc Memory."); + return NULL; + } + WriteProcessMemory(wcProcess, urlAddr, url, urlLen, NULL); - if (!CallDllFunc(wcProcess, spyDllPath, spyBase, "InitSpy", NULL)) { + if (!CallDllFunc(wcProcess, spyDllPath, spyBase, "InitSpy", urlAddr, NULL)) { LOG_ERROR("Failed to InitSpy."); return -1; } @@ -73,7 +84,6 @@ int WxInitSDK(bool debug) fclose(fd); #endif debugMode = debug; - LOG_INFO("WxInitSDK done."); return 0; } @@ -111,7 +121,7 @@ int WxDestroySDK() return status; } - if (!CallDllFunc(wcProcess, spyDllPath, spyBase, "CleanupSpy", NULL)) { + if (!CallDllFunc(wcProcess, spyDllPath, spyBase, "CleanupSpy", NULL, NULL)) { LOG_ERROR("Failed to CleanupSpy."); return -1; } diff --git a/sdk/sdk.h b/sdk/sdk.h index 1f5eacf..640914e 100644 --- a/sdk/sdk.h +++ b/sdk/sdk.h @@ -1,4 +1,4 @@ #pragma once -int WxInitSDK(bool debug); +int WxInitSDK(bool debug, const char *url); int WxDestroySDK(); diff --git a/spy/rpc_server.cpp b/spy/rpc_server.cpp index 2aceb95..22b5c09 100644 --- a/spy/rpc_server.cpp +++ b/spy/rpc_server.cpp @@ -560,21 +560,20 @@ static bool dispatcher(uint8_t *in, size_t in_len, uint8_t *out, size_t *out_len return ret; } -static int RunServer() +static int RunServer(LPVOID url) { - int rv = 0; - char *url = (char *)CMD_URL; + int rv = 0; if ((rv = nng_pair1_open(&sock)) != 0) { LOG_ERROR("nng_pair0_open error {}", nng_strerror(rv)); return rv; } - if ((rv = nng_listen(sock, url, NULL, 0)) != 0) { + if ((rv = nng_listen(sock, (char *)url, NULL, 0)) != 0) { LOG_ERROR("nng_listen error {}", nng_strerror(rv)); return rv; } - LOG_INFO("CMD Server listening on {}", url); + LOG_INFO("CMD Server listening on {}", (char *)url); if ((rv = nng_setopt_ms(sock, NNG_OPT_SENDTIMEO, 1000)) != 0) { LOG_ERROR("nng_setopt_ms error: {}", nng_strerror(rv)); return rv; @@ -613,13 +612,13 @@ static int RunServer() return rv; } -int RpcStartServer() +int RpcStartServer(const char *url) { if (lIsRunning) { return 0; } - HANDLE rpcThread = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)RunServer, NULL, NULL, &lThreadId); + HANDLE rpcThread = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)RunServer, (LPVOID)url, NULL, &lThreadId); if (rpcThread != 0) { CloseHandle(rpcThread); } diff --git a/spy/rpc_server.h b/spy/rpc_server.h index 32a2126..028c8de 100644 --- a/spy/rpc_server.h +++ b/spy/rpc_server.h @@ -6,5 +6,5 @@ #define SPY_API __declspec(dllimport) #endif -int RpcStartServer(); +int RpcStartServer(const char *url); int RpcStopServer(); diff --git a/spy/spy.cpp b/spy/spy.cpp index eeca874..f1571c9 100644 --- a/spy/spy.cpp +++ b/spy/spy.cpp @@ -7,7 +7,7 @@ WxCalls_t g_WxCalls = { 0 }; DWORD g_WeChatWinDllAddr = 0; -void InitSpy() +void InitSpy(const char *url) { wchar_t version[16] = { 0 }; InitLogger(); @@ -24,10 +24,11 @@ void InitSpy() LOG_DEBUG("WeChat version: {}", Wstring2String(version).c_str()); if (LoadCalls(version, &g_WxCalls) != 0) { // 加载微信版本对应的Call地址 LOG_ERROR("不支持当前版本"); + MessageBox(NULL, L"不支持当前版本", L"错误", 0); return; } - RpcStartServer(); + RpcStartServer(url); } void CleanupSpy() diff --git a/wcf/main.cpp b/wcf/main.cpp index 5e1bb25..2c9df45 100644 --- a/wcf/main.cpp +++ b/wcf/main.cpp @@ -6,21 +6,21 @@ #include "log.h" #include "sdk.h" -void help() { LOG_INFO("Usage: wcf.exe start|stop [debug]\n"); } +void help() { LOG_INFO("Usage: \n启动: wcf.exe start url [debug]\n关闭: wcf.exe stop"); } int main(int argc, char *argv[]) { int ret = -1; bool debug = false; - if ((argc < 2) || (argc > 3)) { + if ((argc < 2) || (argc > 4)) { help(); - } else if (argc == 3) { + } else if (argc == 4) { debug = (strcmp(argv[2], "debug") == 0); } if (strcmp(argv[1], "start") == 0) { - ret = WxInitSDK(debug); + ret = WxInitSDK(debug, argv[2]); } else if (strcmp(argv[1], "stop") == 0) { ret = WxDestroySDK(); } else {