#include "framework.h" #include #include "spy_types.h" extern HANDLE g_hEvent; extern WxCalls_t g_WxCalls; extern RpcMessage_t *g_pMsg; extern DWORD g_WeChatWinDllAddr; using namespace std; void SendTextMessage(const wchar_t *wxid, const wchar_t *at_wxid, const wchar_t *msg) { if (g_WeChatWinDllAddr == 0) { return; } char buffer[0x5F0] = { 0 }; TextStruct_t txtWxid = { 0 }; TextStruct_t txtAtWxid = { 0 }; TextStruct_t txtMsg = { 0 }; wstring wsWxid = wxid; wstring wsAtWxid = at_wxid; wstring wsMsg = msg; // 发送消息Call地址 = 微信基址 + 偏移 DWORD sendCallAddress = g_WeChatWinDllAddr + g_WxCalls.sendTextMsg; txtWxid.text = (wchar_t *)wsWxid.c_str(); txtWxid.size = wsWxid.size(); txtWxid.capacity = wsWxid.capacity(); txtMsg.text = (wchar_t *)wsMsg.c_str(); txtMsg.size = wsMsg.size(); txtMsg.capacity = wsMsg.capacity(); __asm { lea edx, txtWxid lea edi, txtAtWxid lea ebx, txtMsg push 0x01 push edi push ebx lea ecx, buffer; call sendCallAddress add esp, 0xC } } void SendImageMessage(const wchar_t *wxid, const wchar_t *path) { if (g_WeChatWinDllAddr == 0) { return; } char buf1[0x20] = { 0 }; char buf2[0x378] = { 0 }; TextStruct_t imgWxid = { 0 }; TextStruct_t imgPath = { 0 }; wstring wsWxid = wxid; wstring wsPath = path; imgWxid.text = (wchar_t *)wsWxid.c_str(); imgWxid.size = wsWxid.size(); imgWxid.capacity = wsWxid.capacity(); imgPath.text = (wchar_t *)wsPath.c_str(); imgPath.size = wsPath.size(); imgPath.capacity = wsPath.capacity(); // 发送图片Call地址 = 微信基址 + 偏移 DWORD sendCall1 = g_WeChatWinDllAddr + g_WxCalls.sendImg.call1; DWORD sendCall2 = g_WeChatWinDllAddr + g_WxCalls.sendImg.call2; DWORD sendCall3 = g_WeChatWinDllAddr + g_WxCalls.sendImg.call3; __asm { pushad sub esp, 0x14 lea eax, buf1 mov ecx, esp push eax call sendCall1 lea ebx, imgPath push ebx lea eax, imgWxid push eax lea eax, buf2 push eax call sendCall2 mov ecx, eax call sendCall3 } }