cyonjan/WeChatFerry
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update partial offset for 3.9.12.45

Browse Source
This commit is contained in:
liotherm 2025-03-02 22:17:23 +08:00
parent 65670b4ea7
commit ffe55bbbc4
10 changed files with 107 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
WeChatFerry/spy/chatroom_mgmt.cpp
View File

@ -3,16 +3,16 @@
#include <vector>
#include "chatroom_mgmt.h"
#include "log.hpp"
#include "log.h"
#include "util.h"
using namespace std;
extern QWORD g_WeChatWinDllAddr;
#define OS_GET_CHATROOM_MGR 0x1B83BD0
#define OS_ADD_MEMBERS 0x2155100
#define OS_DELETE_MEMBERS 0x2155740
#define OS_INVITE_MEMBERS 0x2154AE0
#define OS_GET_CHATROOM_MGR 0x1B894E0
#define OS_ADD_MEMBERS 0x215A820
#define OS_DELETE_MEMBERS 0x215AE60
#define OS_INVITE_MEMBERS 0x215A200
typedef QWORD (*GetChatRoomMgr_t)();
typedef QWORD (*AddMemberToChatRoom_t)(QWORD, QWORD, QWORD, QWORD);

6
WeChatFerry/spy/contact_mgmt.cpp
View File

@ -1,14 +1,14 @@
#pragma execution_character_set("utf-8")
#include "contact_mgmt.h"
#include "log.hpp"
#include "log.h"
#include "util.h"
using namespace std;
extern QWORD g_WeChatWinDllAddr;
#define OS_GET_CONTACT_MGR 0x1B417A0
#define OS_GET_CONTACT_LIST 0x219ED10
#define OS_GET_CONTACT_MGR 0x1B470B0
#define OS_GET_CONTACT_LIST 0x21A49D0
#define OS_CONTACT_BIN 0x200
#define OS_CONTACT_BIN_LEN 0x208
#define OS_CONTACT_WXID 0x10

6
WeChatFerry/spy/exec_sql.cpp
View File

@ -1,11 +1,11 @@
#include <iterator>
#include "exec_sql.h"
#include "log.hpp"
#include "log.h"
#include "sqlite3.h"
#include "util.h"
#define OFFSET_DB_INSTANCE 0x5902000
#define OFFSET_DB_INSTANCE 0x59C5B48
#define OFFSET_DB_MICROMSG 0xB8
#define OFFSET_DB_CHAT_MSG 0x2C8
#define OFFSET_DB_MISC 0x5F0
@ -14,7 +14,7 @@
#define OFFSET_DB_BIZCHAT_MSG 0x1A70
#define OFFSET_DB_FUNCTION_MSG 0x1B98
#define OFFSET_DB_NAME 0x28
#define OFFSET_DB_MSG_MGR 0x595F900
#define OFFSET_DB_MSG_MGR 0x5A23888
extern UINT64 g_WeChatWinDllAddr;

66
WeChatFerry/spy/funcs.cpp
View File

@ -3,11 +3,13 @@
#include "framework.h"
#include <filesystem>
#include <fstream>
#include <io.h>
#include <direct.h>
#include "codec.h"
#include "exec_sql.h"
#include "funcs.h"
#include "log.hpp"
#include "log.h"
#include "spy_types.h"
#include "util.h"
@ -24,18 +26,18 @@ extern QWORD g_WeChatWinDllAddr;
#define HEADER_GIF1 0x47
#define HEADER_GIF2 0x49
#define OS_LOGIN_STATUS 0x595C9E8
#define OS_GET_SNS_DATA_MGR 0x21E2200
#define OS_GET_SNS_FIRST_PAGE 0x2E212D0
#define OS_GET_SNS_TIMELINE_MGR 0x2DB3390
#define OS_GET_SNS_NEXT_PAGE 0x2EC8970
#define OS_NEW_CHAT_MSG 0x1B5E140
#define OS_FREE_CHAT_MSG 0x1B55850
#define OS_GET_CHAT_MGR 0x1B876C0
#define OS_GET_MGR_BY_PREFIX_LOCAL_ID 0x213FB00
#define OS_GET_PRE_DOWNLOAD_MGR 0x1C0EE70
#define OS_PUSH_ATTACH_TASK 0x1CDF4E0
#define OS_LOGIN_QR_CODE 0x59620D8
#define OS_LOGIN_STATUS 0x5A20978
#define OS_GET_SNS_DATA_MGR 0x21E7EC0
#define OS_GET_SNS_FIRST_PAGE 0x2E37960
#define OS_GET_SNS_TIMELINE_MGR 0x2DC9470
#define OS_GET_SNS_NEXT_PAGE 0x2EDF4D0
#define OS_NEW_CHAT_MSG 0x1B63A50
#define OS_FREE_CHAT_MSG 0x1B5B160
#define OS_GET_CHAT_MGR 0x1B8CFD0
#define OS_GET_MGR_BY_PREFIX_LOCAL_ID 0x2145220
#define OS_GET_PRE_DOWNLOAD_MGR 0x1C14930
#define OS_PUSH_ATTACH_TASK 0x1CE57B0
#define OS_LOGIN_QR_CODE 0x5A26440
typedef QWORD (*GetSNSDataMgr_t)();
typedef QWORD (*GetSnsTimeLineMgr_t)();
@ -75,6 +77,37 @@ static string get_key(uint8_t header1, uint8_t header2, uint8_t *key)
return ""; // 错误
}
// 创建多级目录
bool CreateDir(const char* dir)
{
int m = 0, n;
string str1, str2;
str1 = dir;
str2 = str1.substr(0, 2);
str1 = str1.substr(3, str1.size());
while (m >= 0)
{
m = str1.find('/');
str2 += '/' + str1.substr(0, m);
//判断该目录是否存在
n = _access(str2.c_str(), 0);
if (n == -1)
{
//创建目录文件
int flag = _mkdir(str2.c_str());
if (flag != 0) { //创建失败
LOG_ERROR("Failed to CreateDir:{}", dir);
return false;
}
}
str1 = str1.substr(m + 1, str1.size());
}
LOG_DEBUG("CreateDir {} success.", dir);
return true;
}
string DecryptImage(string src, string dir)
{
if (!fs::exists(src)) {
@ -116,10 +149,11 @@ string DecryptImage(string src, string dir)
dst = fs::path(src).replace_extension(ext).string();
} else {
dst = (dir.back() == '\\' || dir.back() == '/') ? dir : (dir + "/");
replace(dst.begin(), dst.end(), '\\', '/');
// 判断dir文件夹是否存在若不存在则创建否则将无法创建出文件
if (!fs::exists(dst)) {//判断该文件夹是否存在
bool success = fs::create_directories(dst); //Windows创建文件夹
if (_access(dst.c_str(), 0) == -1) {//判断该文件夹是否存在
bool success = CreateDir(dst.c_str()); //Windows创建文件夹
if (!success) { //创建失败
LOG_ERROR("Failed to mkdir:{}", dst);
return "";

8
WeChatFerry/spy/receive_msg.cpp
View File

@ -6,7 +6,7 @@
#include <mutex>
#include <queue>
#include "log.hpp"
#include "log.h"
#include "receive_msg.h"
#include "user_info.h"
#include "util.h"
@ -31,15 +31,15 @@ extern QWORD g_WeChatWinDllAddr;
#define OS_RECV_MSG_THUMB 0x280
#define OS_RECV_MSG_EXTRA 0x2A0
#define OS_RECV_MSG_XML 0x308
#define OS_RECV_MSG_CALL 0x213ED90
#define OS_RECV_MSG_CALL 0x21444B0
#define OS_PYQ_MSG_START 0x30
#define OS_PYQ_MSG_END 0x38
#define OS_PYQ_MSG_TS 0x38
#define OS_PYQ_MSG_XML 0x9B8
#define OS_PYQ_MSG_SENDER 0x18
#define OS_PYQ_MSG_CONTENT 0x48
#define OS_PYQ_MSG_CALL 0x2E42C90
#define OS_WXLOG 0x2613D20
#define OS_PYQ_MSG_CALL 0x2E59320
#define OS_WXLOG 0x261E760
typedef QWORD (*RecvMsg_t)(QWORD, QWORD);
typedef QWORD (*WxLog_t)(QWORD, QWORD, QWORD, QWORD, QWORD, QWORD, QWORD, QWORD, QWORD, QWORD, QWORD, QWORD);

34
WeChatFerry/spy/send_msg.cpp
View File

@ -4,7 +4,7 @@
#include <vector>
#include "exec_sql.h"
#include "log.hpp"
#include "log.h"
#include "send_msg.h"
#include "spy_types.h"
#include "util.h"
@ -15,22 +15,22 @@ extern string GetSelfWxid(); // Defined in spy.cpp
#define SRTM_SIZE 0x3F0
#define OS_NEW 0x1B5E140
#define OS_FREE 0x1B55850
#define OS_SEND_MSG_MGR 0x1B53FD0
#define OS_SEND_TEXT 0x22C6B60
#define OS_SEND_IMAGE 0x22BC2F0
#define OS_GET_APP_MSG_MGR 0x1B58F70
#define OS_SEND_FILE 0x20D0230
#define OS_RTM_NEW 0x1B5D690
#define OS_RTM_FREE 0x1B5CA60
#define OS_SEND_RICH_TEXT 0x20DA210
#define OS_SEND_PAT_MSG 0x2CAEC00
#define OS_FORWARD_MSG 0x22C60E0
#define OS_GET_EMOTION_MGR 0x1BCEF10
#define OS_SEND_EMOTION 0x21B52D5
#define OS_XML_BUFSIGN 0x24F0D70
#define OS_SEND_XML 0x20CF360
#define OS_NEW 0x1B63A50
#define OS_FREE 0x1B5B160
#define OS_SEND_MSG_MGR 0x1B598E0
#define OS_SEND_TEXT 0x22CC660
#define OS_SEND_IMAGE 0x22C1E70
#define OS_GET_APP_MSG_MGR 0x1B5E880
#define OS_SEND_FILE 0x20D5FF0
#define OS_RTM_NEW 0x1B62FA0
#define OS_RTM_FREE 0x1B62370
#define OS_SEND_RICH_TEXT 0x20DFFD0
#define OS_SEND_PAT_MSG 0x2CC4F10
#define OS_FORWARD_MSG 0x22CBBE0
#define OS_GET_EMOTION_MGR 0x1BD49A0
#define OS_SEND_EMOTION 0x21BACD0
#define OS_XML_BUFSIGN 0x24FB330
#define OS_SEND_XML 0x20D5120
typedef QWORD (*New_t)(QWORD);
typedef QWORD (*Free_t)(QWORD);

4
WeChatFerry/spy/spy.cpp
View File

@ -1,6 +1,6 @@
#include <filesystem>
#include "log.hpp"
#include "log.h"
#include "rpc_server.h"
#include "spy.h"
#include "util.h"
@ -21,7 +21,7 @@ void InitSpy(LPVOID args)
wchar_t version[16] = { 0 };
PortPath_t *pp = (PortPath_t *)args;
Log::InitLogger(pp->path);
InitLogger(pp->path);
g_WeChatWinDllAddr = (UINT64)GetModuleHandle(L"WeChatWin.dll"); // 获取wechatWin模块地址
if (g_WeChatWinDllAddr == 0) {
LOG_ERROR("获取 wechatWin.dll 模块地址失败");

2
WeChatFerry/spy/spy.h
View File

@ -2,7 +2,7 @@
#include "framework.h"
#define SUPPORT_VERSION L"3.9.11.25"
#define SUPPORT_VERSION L"3.9.12.45"
void InitSpy(int port);
void CleanupSpy();

36
WeChatFerry/spy/sqlite3.h
View File

@ -138,24 +138,24 @@
#define SQLITE_NULL 5
#define SQLITE_TEXT 3
#define SQLITE3_EXEC_OFFSET 0x3A5EDA0
#define SQLITE3_BACKUP_INIT_OFFSET 0x3A18EA0
#define SQLITE3_PREPARE_OFFSET 0x3A66A20
#define SQLITE3_OPEN_OFFSET 0x3A9E210
#define SQLITE3_BACKUP_STEP_OFFSET 0x3A193F0
#define SQLITE3_BACKUP_REMAINING_OFFSET 0x1B26EB0
#define SQLITE3_BACKUP_PAGECOUNT_OFFSET 0x1B26EE0
#define SQLITE3_BACKUP_FINISH_OFFSET 0x3A19AF0
#define SQLITE3_SLEEP_OFFSET 0x3A9EE70
#define SQLITE3_ERRCODE_OFFSET 0x3A9CB10
#define SQLITE3_CLOSE_OFFSET 0x3A9AC70
#define SQLITE3_STEP_OFFSET 0x3A22DA0
#define SQLITE3_COLUMN_COUNT_OFFSET 0x3A235C0
#define SQLITE3_COLUMN_NAME_OFFSET 0x3A23FC0
#define SQLITE3_COLUMN_TYPE_OFFSET 0x3A23E10
#define SQLITE3_COLUMN_BLOB_OFFSET 0x3A235F0
#define SQLITE3_COLUMN_BYTES_OFFSET 0x3A236E0
#define SQLITE3_FINALIZE_OFFSET 0x3A21E50
#define SQLITE3_EXEC_OFFSET 0x3A791F0
#define SQLITE3_BACKUP_INIT_OFFSET 0x3A332F0
#define SQLITE3_PREPARE_OFFSET 0x3A80E70
#define SQLITE3_OPEN_OFFSET 0x3AB8660
#define SQLITE3_BACKUP_STEP_OFFSET 0x3A33840
#define SQLITE3_BACKUP_REMAINING_OFFSET 0x1B2C480
#define SQLITE3_BACKUP_PAGECOUNT_OFFSET 0x1B2C4C0
#define SQLITE3_BACKUP_FINISH_OFFSET 0x3A33F40
#define SQLITE3_SLEEP_OFFSET 0x3AB92C0
#define SQLITE3_ERRCODE_OFFSET 0x3AB6F60
#define SQLITE3_CLOSE_OFFSET 0x3AB50C0
#define SQLITE3_STEP_OFFSET 0x3A3D1F0
#define SQLITE3_COLUMN_COUNT_OFFSET 0x3A3DA10
#define SQLITE3_COLUMN_NAME_OFFSET 0x3A3E410
#define SQLITE3_COLUMN_TYPE_OFFSET 0x3A3E260
#define SQLITE3_COLUMN_BLOB_OFFSET 0x3A3DA40
#define SQLITE3_COLUMN_BYTES_OFFSET 0x3A3DB30
#define SQLITE3_FINALIZE_OFFSET 0x3A3C2A0
typedef int (*Sqlite3_callback)(void *, int, char **, char **);

8
WeChatFerry/spy/user_info.cpp
View File

@ -1,12 +1,12 @@
#include "user_info.h"
#include "log.hpp"
#include "log.h"
#include "util.h"
extern UINT64 g_WeChatWinDllAddr;
#define OS_USER_HOME 0x5932770
#define OS_USER_WXID 0x595C270
#define OS_USER_NAME 0x595C3D8
#define OS_USER_HOME 0x59F6330
#define OS_USER_WXID 0x5A20200
#define OS_USER_NAME 0x5A20368
#define OS_USER_MOBILE 0x595C318
static char home[MAX_PATH] = { 0 };