From ecfd402dbd5a382b15e948b6bc6b1806a719ff18 Mon Sep 17 00:00:00 2001
From: Changhua <lichanghua0821@gmail.com>
Date: Mon, 13 Mar 2023 00:09:32 +0800
Subject: [PATCH] Impl SendEmotionMessage

---
 python/wcferry/client.py | 15 +++++++--
 rpc/proto/wcf.proto      |  1 +
 spy/load_calls.cpp       |  3 +-
 spy/rpc_server.cpp       | 28 ++++++++++++++++
 spy/send_msg.cpp         | 70 ++++++++++++++++++++++++++++++++++++++--
 spy/send_msg.h           |  1 +
 spy/spy_types.h          |  1 +
 7 files changed, 113 insertions(+), 6 deletions(-)

diff --git a/python/wcferry/client.py b/python/wcferry/client.py
index 4fb4e5f..e4dc62b 100644
--- a/python/wcferry/client.py
+++ b/python/wcferry/client.py
@@ -261,6 +261,15 @@ class Wcf():
         rsp = self._send_request(req)
         return rsp.status
 
+    def send_emotion(self, path: str, receiver: str) -> int:
+        """发送表情"""
+        req = wcf_pb2.Request()
+        req.func = wcf_pb2.FUNC_SEND_EMOTION  # FUNC_SEND_EMOTION
+        req.file.path = path
+        req.file.receiver = receiver
+        rsp = self._send_request(req)
+        return rsp.status
+
     def get_msg(self, block=True) -> WxMsg:
         return self.msgQ.get(block, timeout=1)
 
@@ -384,9 +393,9 @@ class Wcf():
         friends = []
         for cnt in self.get_contacts():
             if (cnt["wxid"].endswith("@chatroom")      # 群聊
-                or cnt["wxid"].startswith("gh_")       # 公众号
-                or cnt["wxid"] in not_friends.keys()   # 其他杂号
-                ):
+                    or cnt["wxid"].startswith("gh_")       # 公众号
+                    or cnt["wxid"] in not_friends.keys()   # 其他杂号
+                    ):
                 continue
             friends.append(cnt)
 
diff --git a/rpc/proto/wcf.proto b/rpc/proto/wcf.proto
index 8204025..91049dc 100644
--- a/rpc/proto/wcf.proto
+++ b/rpc/proto/wcf.proto
@@ -32,6 +32,7 @@ enum Functions {
     FUNC_SEND_IMG         = 0x21;
     FUNC_SEND_FILE        = 0x22;
     FUNC_SEND_XML         = 0x23;
+    FUNC_SEND_EMOTION     = 0x24;
     FUNC_ENABLE_RECV_TXT  = 0x30;
     FUNC_DISABLE_RECV_TXT = 0x40;
     FUNC_EXEC_DB_QUERY    = 0x50;
diff --git a/spy/load_calls.cpp b/spy/load_calls.cpp
index 529c237..7fb7742 100644
--- a/spy/load_calls.cpp
+++ b/spy/load_calls.cpp
@@ -13,7 +13,8 @@ WxCalls_t wxCalls = {
     { 0x550F4C, 0xA96350, 0x38, 0x3C, 0x184, 0x1EC, 0x48, 0x170, 0x70 },
     { 0xBD780, 0x771980, 0x521640 },                      // Send Image Message
     { 0xC3B70, 0x771980, 0x3ED8C0 },                      // Send File Message
-    { 0xB8A70, 0x3ED5E0, 0x107F00, 0x3ED7B0, 0x2386FE4 }, // Send xml message
+    { 0xB8A70, 0x3ED5E0, 0x107F00, 0x3ED7B0, 0x2386FE4 }, // Send xml Message
+    { 0x771980, 0x4777E0, 0x239E888 },                    // Send Emotion Message
     /* Get Contacts:
           Base,  head, wxId, Code, Name, Gender, Country, Province, City*/
     { 0x23668F4, 0x4C, 0x30, 0x44, 0x8C, 0x184, 0x1D0, 0x1E4, 0x1F8 },
diff --git a/spy/rpc_server.cpp b/spy/rpc_server.cpp
index 431ccb9..2aceb95 100644
--- a/spy/rpc_server.cpp
+++ b/spy/rpc_server.cpp
@@ -262,6 +262,29 @@ bool func_send_xml(XmlMsg xml, uint8_t *out, size_t *len)
     return true;
 }
 
+bool func_send_emotion(char *path, char *receiver, uint8_t *out, size_t *len)
+{
+    Response rsp   = Response_init_default;
+    rsp.func       = Functions_FUNC_SEND_EMOTION;
+    rsp.which_msg  = Response_status_tag;
+    rsp.msg.status = 0;
+
+    if ((path == NULL) || (receiver == NULL)) {
+        rsp.msg.status = -1;
+    } else {
+        SendEmotionMessage(receiver, path);
+    }
+
+    pb_ostream_t stream = pb_ostream_from_buffer(out, *len);
+    if (!pb_encode(&stream, Response_fields, &rsp)) {
+        LOG_ERROR("Encoding failed: {}", PB_GET_ERROR(&stream));
+        return false;
+    }
+    *len = stream.bytes_written;
+
+    return true;
+}
+
 static void PushMessage()
 {
     static nng_socket msg_sock;
@@ -498,6 +521,11 @@ static bool dispatcher(uint8_t *in, size_t in_len, uint8_t *out, size_t *out_len
             ret = func_send_xml(req.msg.xml, out, out_len);
             break;
         }
+        case Functions_FUNC_SEND_EMOTION: {
+            LOG_DEBUG("[Functions_FUNC_SEND_EMOTION]");
+            ret = func_send_emotion(req.msg.file.path, req.msg.file.receiver, out, out_len);
+            break;
+        }
         case Functions_FUNC_ENABLE_RECV_TXT: {
             LOG_DEBUG("[Functions_FUNC_ENABLE_RECV_TXT]");
             ret = func_enable_recv_txt(out, out_len);
diff --git a/spy/send_msg.cpp b/spy/send_msg.cpp
index 08b2849..7c93e5e 100644
--- a/spy/send_msg.cpp
+++ b/spy/send_msg.cpp
@@ -14,8 +14,8 @@ extern string GetSelfWxid(); // Defined in spy.cpp
 void SendTextMessage(string wxid, string msg, string atWxids)
 {
     char buffer[0x3B0] = { 0 };
-    WxString_t wxMsg  = { 0 };
-    WxString_t wxWxid = { 0 };
+    WxString_t wxMsg   = { 0 };
+    WxString_t wxWxid  = { 0 };
 
     // 发送消息Call地址 = 微信基址 + 偏移
     DWORD sendCallAddress = g_WeChatWinDllAddr + g_WxCalls.sendTextMsg;
@@ -253,3 +253,69 @@ void SendXmlMessage(string receiver, string xml, string path, int type)
 		popad;
     }
 }
+
+void SendEmotionMessage(string wxid, string path)
+{
+    if (g_WeChatWinDllAddr == 0) {
+        return;
+    }
+
+    char buffer[0x1C]    = { 0 };
+    WxString_t emoWxid    = { 0 };
+    WxString_t emoPath    = { 0 };
+    WxString_t nullbuffer = { 0 };
+
+    wstring wsWxid = String2Wstring(wxid);
+    wstring wspath = String2Wstring(path);
+
+    emoWxid.text     = (wchar_t *)wsWxid.c_str();
+    emoWxid.size     = wsWxid.size();
+    emoWxid.capacity = wsWxid.capacity();
+
+    emoPath.text     = (wchar_t *)wspath.c_str();
+    emoPath.size     = wspath.size();
+    emoPath.capacity = wspath.capacity();
+
+    // 发送文件Call地址 = 微信基址 + 偏移
+    DWORD sendCall1 = g_WeChatWinDllAddr + g_WxCalls.sendEmo.call1;
+    DWORD sendCall2 = g_WeChatWinDllAddr + g_WxCalls.sendEmo.call2;
+    DWORD sendCall3 = g_WeChatWinDllAddr + g_WxCalls.sendEmo.call3;
+
+    __asm {
+        pushad;
+        pushfd;
+        mov ebx, dword ptr[sendCall3];
+        lea eax, buffer;
+        push eax;
+        push 0x0;
+        sub esp, 0x14;
+        mov esi, esp;
+        mov dword ptr [esi], 0x0;
+        mov dword ptr [esi+0x4], 0x0;
+        mov dword ptr [esi+0x8], 0x0;
+        mov dword ptr [esi+0xC], 0x0;
+        mov dword ptr [esi+0x10], 0x0;
+        push 0x2;
+        lea eax, emoWxid;
+        sub esp, 0x14;
+        mov ecx, esp;
+        push eax;
+        call sendCall1;
+        sub esp, 0x14;
+        mov esi, esp;
+        mov dword ptr [esi], 0x0;
+        mov dword ptr [esi+0x4], 0x0;
+        mov dword ptr [esi+0x8], 0x0;
+        mov dword ptr [esi+0xC], 0x0;
+        mov dword ptr [esi+0x10], 0x0;
+        sub esp, 0x14;
+        mov ecx, esp;
+        lea eax, emoPath;
+        push eax;
+        call sendCall1;
+        mov ecx, ebx;
+        call sendCall2;
+        popfd;
+        popad;
+    }
+}
diff --git a/spy/send_msg.h b/spy/send_msg.h
index 6706e10..95039f6 100644
--- a/spy/send_msg.h
+++ b/spy/send_msg.h
@@ -8,3 +8,4 @@ void SendTextMessage(string wxid, string msg, string atWxids);
 void SendImageMessage(string wxid, string path);
 void SendFileMessage(string wxid, string path);
 void SendXmlMessage(string receiver, string xml, string path, int type);
+void SendEmotionMessage(string wxid, string path);
diff --git a/spy/spy_types.h b/spy/spy_types.h
index 162180a..25100ca 100644
--- a/spy/spy_types.h
+++ b/spy/spy_types.h
@@ -75,6 +75,7 @@ typedef struct WxCalls {
     Sendfile_t sendImg;  // 发送图片
     Sendfile_t sendFile; // 发送文件
     Xml_t sendXml;       // 发送XML
+    Sendfile_t sendEmo;  // 发送表情
     Contact_t contact;   // 获取联系人
     Sql_t sql;           // 执行 SQL
     NewFriend_t anf;     // 通过好友申请