From f76aed268e96dd6936cead08ad59424a01942285 Mon Sep 17 00:00:00 2001 From: Changhua Date: Thu, 4 Jul 2024 18:40:58 +0800 Subject: [PATCH] Impl send gif --- WeChatFerry/spy/rpc_server.cpp | 56 +++++++++++------------ WeChatFerry/spy/send_msg.cpp | 81 ++++++++++------------------------ 2 files changed, 51 insertions(+), 86 deletions(-) diff --git a/WeChatFerry/spy/rpc_server.cpp b/WeChatFerry/spy/rpc_server.cpp index 37b096a..679d38f 100644 --- a/WeChatFerry/spy/rpc_server.cpp +++ b/WeChatFerry/spy/rpc_server.cpp @@ -297,6 +297,30 @@ bool func_send_file(char *path, char *receiver, uint8_t *out, size_t *len) return true; } +bool func_send_emotion(char *path, char *receiver, uint8_t *out, size_t *len) +{ + Response rsp = Response_init_default; + rsp.func = Functions_FUNC_SEND_EMOTION; + rsp.which_msg = Response_status_tag; + + if ((path == NULL) || (receiver == NULL)) { + LOG_ERROR("Empty path or receiver."); + rsp.msg.status = -1; + } else { + SendEmotionMessage(receiver, path); + rsp.msg.status = 0; + } + + pb_ostream_t stream = pb_ostream_from_buffer(out, *len); + if (!pb_encode(&stream, Response_fields, &rsp)) { + LOG_ERROR("Encoding failed: {}", PB_GET_ERROR(&stream)); + return false; + } + *len = stream.bytes_written; + + return true; +} + #if 0 bool func_send_xml(XmlMsg xml, uint8_t *out, size_t *len) { @@ -325,30 +349,6 @@ bool func_send_xml(XmlMsg xml, uint8_t *out, size_t *len) return true; } - -bool func_send_emotion(char *path, char *receiver, uint8_t *out, size_t *len) -{ - Response rsp = Response_init_default; - rsp.func = Functions_FUNC_SEND_EMOTION; - rsp.which_msg = Response_status_tag; - - if ((path == NULL) || (receiver == NULL)) { - LOG_ERROR("Empty path or receiver."); - rsp.msg.status = -1; - } else { - SendEmotionMessage(receiver, path); - rsp.msg.status = 0; - } - - pb_ostream_t stream = pb_ostream_from_buffer(out, *len); - if (!pb_encode(&stream, Response_fields, &rsp)) { - LOG_ERROR("Encoding failed: {}", PB_GET_ERROR(&stream)); - return false; - } - *len = stream.bytes_written; - - return true; -} #endif bool func_send_rich_txt(RichText rt, uint8_t *out, size_t *len) @@ -910,15 +910,15 @@ static bool dispatcher(uint8_t *in, size_t in_len, uint8_t *out, size_t *out_len ret = func_forward_msg(req.msg.fm.id, req.msg.fm.receiver, out, out_len); break; } + case Functions_FUNC_SEND_EMOTION: { + ret = func_send_emotion(req.msg.file.path, req.msg.file.receiver, out, out_len); + break; + } #if 0 case Functions_FUNC_SEND_XML: { ret = func_send_xml(req.msg.xml, out, out_len); break; } - case Functions_FUNC_SEND_EMOTION: { - ret = func_send_emotion(req.msg.file.path, req.msg.file.receiver, out, out_len); - break; - } #endif case Functions_FUNC_ENABLE_RECV_TXT: { ret = func_enable_recv_txt(req.msg.flag, out, out_len); diff --git a/WeChatFerry/spy/send_msg.cpp b/WeChatFerry/spy/send_msg.cpp index af8a56e..70b0900 100644 --- a/WeChatFerry/spy/send_msg.cpp +++ b/WeChatFerry/spy/send_msg.cpp @@ -26,6 +26,8 @@ extern string GetSelfWxid(); // Defined in spy.cpp #define OS_SEND_RICH_TEXT 0x21A09C0 #define OS_SEND_PAT_MSG 0x2D669B0 #define OS_FORWARD_MSG 0x238D350 +#define OS_GET_EMOTION_MGR 0x1C988D0 +#define OS_SEND_EMOTION 0x227B9E0 typedef QWORD (*New_t)(QWORD); typedef QWORD (*Free_t)(QWORD); @@ -38,6 +40,8 @@ typedef QWORD (*SendFileMsg_t)(QWORD, QWORD, QWORD, QWORD, QWORD, QWORD *, QWORD typedef QWORD (*SendRichTextMsg_t)(QWORD, QWORD, QWORD); typedef QWORD (*SendPatMsg_t)(QWORD, QWORD); typedef QWORD (*ForwardMsg_t)(QWORD, QWORD, QWORD, QWORD); +typedef QWORD (*GetEmotionMgr_t)(); +typedef QWORD (*SendEmotion_t)(QWORD, QWORD, QWORD, QWORD, QWORD, QWORD, QWORD, QWORD); void SendTextMessage(string wxid, string msg, string atWxids) { @@ -205,6 +209,25 @@ int ForwardMessage(QWORD msgid, string receiver) return status; } +void SendEmotionMessage(string wxid, string path) +{ + GetEmotionMgr_t GetEmotionMgr = (GetEmotionMgr_t)(g_WeChatWinDllAddr + OS_GET_EMOTION_MGR); + SendEmotion_t SendEmotion = (SendEmotion_t)(g_WeChatWinDllAddr + OS_SEND_EMOTION); + + WxString *pWxPath = NewWxStringFromStr(path); + WxString *pWxWxid = NewWxStringFromStr(wxid); + + QWORD *buff = (QWORD *)HeapAlloc(GetProcessHeap(), 0, 0x20); + if (buff == NULL) { + LOG_ERROR("Out of Memory..."); + return; + } + + memset(buff, 0, 0x20); + QWORD mgr = GetEmotionMgr(); + SendEmotion(mgr, (QWORD)pWxPath, (QWORD)buff, (QWORD)pWxWxid, 2, (QWORD)buff, 0, (QWORD)buff); +} + #if 0 void SendXmlMessage(string receiver, string xml, string path, int type) { @@ -271,62 +294,4 @@ void SendXmlMessage(string receiver, string xml, string path, int type) popad; } } - -void SendEmotionMessage(string wxid, string path) -{ - if (g_WeChatWinDllAddr == 0) { - return; - } - - char buffer[0x1C] = { 0 }; - wstring wsWxid = String2Wstring(wxid); - wstring wsPath = String2Wstring(path); - - WxString wxWxid(wsWxid); - WxString wxPath(wsPath); - WxString nullbuffer; - - // 发送文件Call地址 = 微信基址 + 偏移 - DWORD sendCall1 = g_WeChatWinDllAddr + g_WxCalls.sendEmo.call1; - DWORD sendCall2 = g_WeChatWinDllAddr + g_WxCalls.sendEmo.call2; - DWORD sendCall3 = g_WeChatWinDllAddr + g_WxCalls.sendEmo.call3; - - __asm { - pushad; - pushfd; - mov ebx, dword ptr[sendCall3]; - lea eax, buffer; - push eax; - push 0x0; - sub esp, 0x14; - mov esi, esp; - mov dword ptr [esi], 0x0; - mov dword ptr [esi+0x4], 0x0; - mov dword ptr [esi+0x8], 0x0; - mov dword ptr [esi+0xC], 0x0; - mov dword ptr [esi+0x10], 0x0; - push 0x2; - lea eax, wxWxid; - sub esp, 0x14; - mov ecx, esp; - push eax; - call sendCall1; - sub esp, 0x14; - mov esi, esp; - mov dword ptr [esi], 0x0; - mov dword ptr [esi+0x4], 0x0; - mov dword ptr [esi+0x8], 0x0; - mov dword ptr [esi+0xC], 0x0; - mov dword ptr [esi+0x10], 0x0; - sub esp, 0x14; - mov ecx, esp; - lea eax, wxPath; - push eax; - call sendCall1; - mov ecx, ebx; - call sendCall2; - popfd; - popad; - } -} #endif