Skip to content

C
ComWeChatRobot

honey05917 / ComWeChatRobot
与 Fork 源项目一致

从无法访问的项目Fork

通知 1
Star 0
Fork 0
C
ComWeChatRobot

前往新版Gitcode,体验更适合开发者的 AI 搜索 >>

未验证 提交 569c5948 编写于 作者: J Jack Li 提交者: GitHub
浏览文件
操作

Merge pull request #67 from ljc545w/solve_conflict 

Solve conflict
上级 f40e2afd 14e355f1
展开全部 隐藏空白更改
内联 并排
Showing with 1117 addition and 2266 deletion
CWeChatRobot/AddBrandContact.cpp
浏览文件 @ 569c5948
#include "pch.h"
BOOL AddBrandContact(DWORD pid,wchar_t* PublicId) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
WeChatProcess hp(pid);
if (!hp.m_init) return 1;
DWORD AddBrandContactAddr = hp.GetProcAddr(AddBrandContactRemote);
if (AddBrandContactAddr == 0)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
WeChatData<wchar_t*> r_publicid(hp.GetHandle(), PublicId, TEXTLENGTH(PublicId));
if (r_publicid.GetAddr() == 0)
return 1;
}
DWORD dwId = 0;
DWORD dwWriteSize = 0;
DWORD dwRet = 1;
LPVOID PublicIdaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
if (!PublicIdaddr) {
CloseHandle(hProcess);
return 1;
}
WriteProcessMemory(hProcess, PublicIdaddr, PublicId, wcslen(PublicId) * 2 + 2, &dwWriteSize);
DWORD AddBrandContactAddr = WeChatRobotBase + AddBrandContactRemoteOffset;
HANDLE hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)AddBrandContactAddr, (LPVOID)PublicIdaddr, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
GetExitCodeThread(hThread, &dwRet);
CloseHandle(hThread);
}
VirtualFreeEx(hProcess, PublicIdaddr, 0, MEM_RELEASE);
CloseHandle(hProcess);
return dwRet == 0;
DWORD ret = CallRemoteFunction(hp.GetHandle(), AddBrandContactAddr, r_publicid.GetAddr());
return ret == 0;
}
\ No newline at end of file
CWeChatRobot/AddChatRoomMember.cpp
浏览文件 @ 569c5948
......@@ -7,66 +7,26 @@ struct AddChatRoomMemberStruct
DWORD length;
};
BOOL AddChatRoomMember(DWORD pid,wchar_t* chatroomid, wchar_t* wxid) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
BOOL AddChatRoomMember(DWORD pid, wchar_t* chatroomid, wchar_t* wxid) {
WeChatProcess hp(pid);
if (!hp.m_init) return 1;
DWORD AddChatRoomMemberRemoteAddr = hp.GetProcAddr(AddChatRoomMemberRemote);
if (AddChatRoomMemberRemoteAddr == 0)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
DWORD dwId = 0;
DWORD dwWriteSize = 0;
DWORD dwRet = 0;
AddChatRoomMemberStruct params;
ZeroMemory(&params, sizeof(params));
LPVOID chatroomidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
LPVOID wxidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
AddChatRoomMemberStruct* paramAndFunc = (AddChatRoomMemberStruct*)::VirtualAllocEx(hProcess, 0, sizeof(AddChatRoomMemberStruct), MEM_COMMIT, PAGE_READWRITE);
if (!chatroomidaddr || !wxidaddr || !paramAndFunc) {
CloseHandle(hProcess);
return 1;
}
DWORD dwTId = 0;
if (chatroomidaddr)
WriteProcessMemory(hProcess, chatroomidaddr, chatroomid, wcslen(chatroomid) * 2 + 2, &dwWriteSize);
if (wxidaddr)
WriteProcessMemory(hProcess, wxidaddr, wxid, wcslen(wxid) * 2 + 2, &dwWriteSize);
params.chatroomid = (DWORD)chatroomidaddr;
params.wxids = (DWORD)wxidaddr;
WeChatData<wchar_t*> r_chatroomid(hp.GetHandle(), chatroomid, TEXTLENGTH(chatroomid));
WeChatData<wchar_t*> r_wxid(hp.GetHandle(), wxid, TEXTLENGTH(wxid));
AddChatRoomMemberStruct params = { 0 };
params.chatroomid = (DWORD)r_chatroomid.GetAddr();
params.wxids = (DWORD)r_wxid.GetAddr();
params.length = 1;
if (paramAndFunc) {
WriteProcessMemory(hProcess, paramAndFunc, &params, sizeof(AddChatRoomMemberStruct), &dwTId);
}
else {
CloseHandle(hProcess);
return 1;
}
DWORD AddChatRoomMemberAddr = WeChatRobotBase + AddChatRoomMemberRemoteOffset;
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)AddChatRoomMemberAddr, (LPVOID)paramAndFunc, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
GetExitCodeThread(hThread, &dwRet);
CloseHandle(hThread);
}
else {
CloseHandle(hProcess);
WeChatData<AddChatRoomMemberStruct*> r_params(hp.GetHandle(), &params, sizeof(params));
if (r_chatroomid.GetAddr() == 0 || r_wxid.GetAddr() == 0 || r_params.GetAddr() == 0)
return 1;
}
VirtualFreeEx(hProcess, chatroomidaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, wxidaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, paramAndFunc, 0, MEM_RELEASE);
CloseHandle(hProcess);
return dwRet == 0;
DWORD ret = CallRemoteFunction(hp.GetHandle(), AddChatRoomMemberRemoteAddr, r_params.GetAddr());
return ret == 0;
}
BOOL AddChatRoomMember(DWORD pid,wchar_t* chatroomid, SAFEARRAY* psaValue) {
BOOL AddChatRoomMember(DWORD pid, wchar_t* chatroomid, SAFEARRAY* psaValue) {
VARIANT rgvar;
rgvar.vt = VT_BSTR;
HRESULT hr = S_OK;
......@@ -76,69 +36,36 @@ BOOL AddChatRoomMember(DWORD pid,wchar_t* chatroomid, SAFEARRAY* psaValue) {
VariantInit(&rgvar);
long pIndex = 0;
hr = SafeArrayGetElement(psaValue, &pIndex, &rgvar);
return AddChatRoomMember(pid,chatroomid, rgvar.bstrVal);
return DelChatRoomMember(pid, chatroomid, rgvar.bstrVal);
}
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
vector<void*> wxidptrs;
DWORD dwWriteSize = 0;
DWORD dwTId = 0; DWORD dwId = 0; DWORD dwRet = 0;
AddChatRoomMemberStruct params = { 0 };
LPVOID chatroomidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
LPVOID wxidptrsaddr = VirtualAllocEx(hProcess, NULL, sizeof(void*) * cElements, MEM_COMMIT, PAGE_READWRITE);
AddChatRoomMemberStruct* paramAndFunc = (AddChatRoomMemberStruct*)::VirtualAllocEx(hProcess, 0, sizeof(AddChatRoomMemberStruct), MEM_COMMIT, PAGE_READWRITE);
if (!chatroomidaddr || !wxidptrsaddr || !paramAndFunc) {
CloseHandle(hProcess);
WeChatProcess hp(pid);
if (!hp.m_init) return 1;
DWORD AddChatRoomMemberRemoteAddr = hp.GetProcAddr(AddChatRoomMemberRemote);
if (AddChatRoomMemberRemoteAddr == 0)
return 1;
}
WeChatData<wchar_t*> r_chatroomid(hp.GetHandle(), chatroomid, TEXTLENGTH(chatroomid));
vector<void*> wxidptrs;
for (long i = lLbound; i < lLbound + cElements; i++) {
VariantInit(&rgvar);
hr = SafeArrayGetElement(psaValue, &i, &rgvar);
LPVOID wxidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
LPVOID wxidaddr = VirtualAllocEx(hp.GetHandle(), NULL, 1, MEM_COMMIT, PAGE_READWRITE);
if (wxidaddr) {
WriteProcessMemory(hProcess, wxidaddr, rgvar.bstrVal, wcslen(rgvar.bstrVal) * 2 + 2, &dwWriteSize);
WriteProcessMemory(hp.GetHandle(), wxidaddr, rgvar.bstrVal, wcslen(rgvar.bstrVal) * 2 + 2, &dwWriteSize);
wxidptrs.push_back(wxidaddr);
}
}
if (chatroomidaddr)
WriteProcessMemory(hProcess, chatroomidaddr, chatroomid, wcslen(chatroomid) * 2 + 2, &dwWriteSize);
if (wxidptrsaddr)
WriteProcessMemory(hProcess, wxidptrsaddr, &wxidptrs[0], wxidptrs.size() * sizeof(void*), &dwWriteSize);
params.chatroomid = (DWORD)chatroomidaddr;
params.wxids = (DWORD)wxidptrsaddr;
WeChatData<void**> r_wxids(hp.GetHandle(), &wxidptrs[0], wxidptrs.size() * sizeof(void*));
AddChatRoomMemberStruct params = { 0 };
params.chatroomid = (DWORD)r_chatroomid.GetAddr();
params.wxids = (DWORD)r_wxids.GetAddr();
params.length = wxidptrs.size();
if (paramAndFunc) {
WriteProcessMemory(hProcess, paramAndFunc, &params, sizeof(AddChatRoomMemberStruct), &dwTId);
}
else {
CloseHandle(hProcess);
WeChatData<AddChatRoomMemberStruct*> r_params(hp.GetHandle(), &params, sizeof(params));
if (r_chatroomid.GetAddr() == 0 || r_wxids.GetAddr() == 0 || r_params.GetAddr() == 0)
return 1;
}
DWORD AddChatRoomMemberAddr = WeChatRobotBase + AddChatRoomMemberRemoteOffset;
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)AddChatRoomMemberAddr, (LPVOID)paramAndFunc, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
GetExitCodeThread(hThread, &dwRet);
CloseHandle(hThread);
}
else {
CloseHandle(hProcess);
return 1;
}
DWORD ret = CallRemoteFunction(hp.GetHandle(), AddChatRoomMemberRemoteAddr, r_params.GetAddr());
for (unsigned int i = 0; i < wxidptrs.size(); i++) {
VirtualFreeEx(hProcess, wxidptrs[i], 0, MEM_RELEASE);
VirtualFreeEx(hp.GetHandle(), wxidptrs[i], 0, MEM_RELEASE);
}
VirtualFreeEx(hProcess, chatroomidaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, wxidptrsaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, paramAndFunc, 0, MEM_RELEASE);
CloseHandle(hProcess);
return dwRet == 0;
return ret == 0;
}
\ No newline at end of file
CWeChatRobot/AddFriendByV3.cpp
浏览文件 @ 569c5948
......@@ -7,45 +7,20 @@ struct AddFriendByV3Struct {
};
BOOL AddFriendByV3(DWORD pid,wchar_t* v3, wchar_t* message,int AddType) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
WeChatProcess hp(pid);
if (!hp.m_init) return 1;
DWORD AddFriendByV3RemoteAddr = hp.GetProcAddr(AddFriendByV3Remote);
if (AddFriendByV3RemoteAddr == 0)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
DWORD dwId = 0;
DWORD dwWriteSize = 0;
DWORD dwRet = 1;
LPVOID v3addr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
LPVOID messageaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
AddFriendByV3Struct* paramAndFunc = (AddFriendByV3Struct*)VirtualAllocEx(hProcess, 0, sizeof(AddFriendByV3Struct), MEM_COMMIT, PAGE_READWRITE);
if (!v3addr || !messageaddr || !paramAndFunc) {
CloseHandle(hProcess);
return 1;
}
WriteProcessMemory(hProcess, v3addr, v3, wcslen(v3) * 2 + 2, &dwWriteSize);
if(message)
WriteProcessMemory(hProcess, messageaddr, message, wcslen(message) * 2 + 2, &dwWriteSize);
WeChatData<wchar_t*> r_v3(hp.GetHandle(), v3, TEXTLENGTH(v3));
WeChatData<wchar_t*> r_message(hp.GetHandle(), message, TEXTLENGTH(message));
AddFriendByV3Struct params = { 0 };
params.v3 = (DWORD)v3addr;
params.message = message ? (DWORD)messageaddr : 0;
params.v3 = (DWORD)r_v3.GetAddr();
params.message = (DWORD)r_message.GetAddr();
params.AddType = AddType;
WriteProcessMemory(hProcess, paramAndFunc, &params, sizeof(params), &dwWriteSize);
DWORD AddFriendByV3Addr = WeChatRobotBase + AddFriendByV3RemoteOffset;
HANDLE hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)AddFriendByV3Addr, (LPVOID)paramAndFunc, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
GetExitCodeThread(hThread, &dwRet);
CloseHandle(hThread);
}
VirtualFreeEx(hProcess, v3addr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, messageaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, paramAndFunc, 0, MEM_RELEASE);
CloseHandle(hProcess);
return dwRet == 0;
WeChatData<AddFriendByV3Struct*> r_params(hp.GetHandle(), &params, sizeof(params));
if (r_v3.GetAddr() == 0 || r_params.GetAddr() == 0)
return 1;
DWORD ret = CallRemoteFunction(hp.GetHandle(), AddFriendByV3RemoteAddr, r_params.GetAddr());
return ret == 0;
}
\ No newline at end of file
CWeChatRobot/AddFriendByWxid.cpp
浏览文件 @ 569c5948
......@@ -6,44 +6,19 @@ struct AddFriendByWxidStruct {
};
BOOL AddFriendByWxid(DWORD pid,wchar_t* wxid,wchar_t* message) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
WeChatProcess hp(pid);
if (!hp.m_init) return 1;
DWORD AddFriendByWxidRemoteAddr = hp.GetProcAddr(AddFriendByWxidRemote);
if (AddFriendByWxidRemoteAddr == 0)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
DWORD dwId = 0;
DWORD dwWriteSize = 0;
DWORD dwRet = 1;
LPVOID wxidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
LPVOID messageaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
AddFriendByWxidStruct* paramAndFunc = (AddFriendByWxidStruct*)VirtualAllocEx(hProcess, 0, sizeof(AddFriendByWxidStruct), MEM_COMMIT, PAGE_READWRITE);
if (!wxidaddr || !messageaddr || !paramAndFunc) {
CloseHandle(hProcess);
return 1;
}
WriteProcessMemory(hProcess, wxidaddr, wxid, wcslen(wxid) * 2 + 2, &dwWriteSize);
if(message)
WriteProcessMemory(hProcess, messageaddr, message, wcslen(message) * 2 + 2, &dwWriteSize);
WeChatData<wchar_t*> r_wxid(hp.GetHandle(), wxid, TEXTLENGTH(wxid));
WeChatData<wchar_t*> r_message(hp.GetHandle(), message, TEXTLENGTH(message));
AddFriendByWxidStruct params = { 0 };
params.wxid = (DWORD)wxidaddr;
params.message = message ? (DWORD)messageaddr : 0;
WriteProcessMemory(hProcess, paramAndFunc, &params, sizeof(params), &dwWriteSize);
DWORD AddFriendByWxidAddr = WeChatRobotBase + AddFriendByWxidRemoteOffset;
HANDLE hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)AddFriendByWxidAddr, (LPVOID)paramAndFunc, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
GetExitCodeThread(hThread, &dwRet);
CloseHandle(hThread);
}
VirtualFreeEx(hProcess, wxidaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, messageaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, paramAndFunc, 0, MEM_RELEASE);
CloseHandle(hProcess);
return dwRet == 0;
params.wxid = (DWORD)r_wxid.GetAddr();
params.message = (DWORD)r_message.GetAddr();
WeChatData<AddFriendByWxidStruct*> r_params(hp.GetHandle(), &params, sizeof(params));
if (r_wxid.GetAddr() == 0 || r_params.GetAddr() == 0)
return 1;
DWORD ret = CallRemoteFunction(hp.GetHandle(), AddFriendByWxidRemoteAddr, r_params.GetAddr());
return ret == 0;
}
\ No newline at end of file
CWeChatRobot/CheckFriendStatus.cpp
浏览文件 @ 569c5948
#include "pch.h"
DWORD CheckFriendStatus(DWORD pid,wchar_t* wxid) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
WeChatProcess hp(pid);
if (!hp.m_init) return 1;
DWORD CheckFriendStatusRemoteAddr = hp.GetProcAddr(CheckFriendStatusRemote);
if (CheckFriendStatusRemoteAddr == 0)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
WeChatData<wchar_t*> r_wxid(hp.GetHandle(), wxid, TEXTLENGTH(wxid));
if (r_wxid.GetAddr() == 0)
return 1;
}
DWORD dwId = 0;
DWORD dwWriteSize = 0;
DWORD dwStatus = 0;
LPVOID wxidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
if (!wxidaddr) {
CloseHandle(hProcess);
return 1;
}
WriteProcessMemory(hProcess, wxidaddr, wxid, wcslen(wxid) * 2 + 2, &dwWriteSize);
DWORD CheckFriendStatusRemoteAddr = WeChatRobotBase + CheckFriendStatusRemoteOffset;
HANDLE hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)CheckFriendStatusRemoteAddr, (LPVOID)wxidaddr, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
GetExitCodeThread(hThread, &dwStatus);
CloseHandle(hThread);
}
VirtualFreeEx(hProcess, wxidaddr, 0, MEM_RELEASE);
CloseHandle(hProcess);
return dwStatus;
DWORD ret = CallRemoteFunction(hp.GetHandle(), CheckFriendStatusRemoteAddr, r_wxid.GetAddr());
return ret;
}
\ No newline at end of file
CWeChatRobot/DbBackup.cpp
浏览文件 @ 569c5948
......@@ -7,46 +7,19 @@ struct BackupParams {
};
BOOL BackupSQLiteDB(DWORD pid,DWORD DbHandle, BSTR savepath) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
WeChatProcess hp(pid);
if (!hp.m_init) return 1;
DWORD BackupSQLiteDBRemoteAddr = hp.GetProcAddr(BackupSQLiteDBRemote);
if (BackupSQLiteDBRemoteAddr == 0)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
DWORD dwHandle = 0x0;
DWORD dwId = 0x0;
DWORD dwWriteSize = 0x0;
LPVOID savepathAddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
BackupParams* paramAndFunc = (BackupParams*)::VirtualAllocEx(hProcess, 0, sizeof(BackupParams), MEM_COMMIT, PAGE_READWRITE);
if (!savepathAddr || !paramAndFunc) {
CloseHandle(hProcess);
return 1;
}
char* a_savepath = _com_util::ConvertBSTRToString(savepath);
if (savepathAddr)
WriteProcessMemory(hProcess, savepathAddr, a_savepath, strlen(a_savepath) + 1, &dwWriteSize);
BackupParams param = { 0 };
param.ptrDb = DbHandle;
param.savepath = (DWORD)savepathAddr;
if (paramAndFunc)
WriteProcessMemory(hProcess, paramAndFunc, &param, sizeof(BackupParams), &dwWriteSize);
DWORD BackupSQLiteDBRemoteAddr = WeChatRobotBase + BackupSQLiteDBRemoteOffset;
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)BackupSQLiteDBRemoteAddr, (LPVOID)paramAndFunc, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
GetExitCodeThread(hThread, &dwHandle);
CloseHandle(hThread);
}
else {
CloseHandle(hProcess);
WeChatData<char*> r_savepath(hp.GetHandle(), a_savepath, TEXTLENGTHA(a_savepath));
BackupParams params = { 0 };
params.ptrDb = DbHandle;
params.savepath = (DWORD)r_savepath.GetAddr();
WeChatData<BackupParams*> r_params(hp.GetHandle(), &params, sizeof(params));
if (r_savepath.GetAddr() == 0 || r_params.GetAddr() == 0)
return 1;
}
VirtualFreeEx(hProcess, savepathAddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, paramAndFunc, 0, MEM_RELEASE);
CloseHandle(hProcess);
return dwHandle;
DWORD ret = CallRemoteFunction(hp.GetHandle(), BackupSQLiteDBRemoteAddr, r_params.GetAddr());
return ret == 0;
}
\ No newline at end of file
CWeChatRobot/DbExecuteSql.cpp
浏览文件 @ 569c5948
......@@ -147,54 +147,23 @@ VOID ReadSQLResultFromWeChatProcess(HANDLE hProcess,DWORD dwHandle) {
}
SAFEARRAY* ExecuteSQL(DWORD pid,DWORD DbHandle,BSTR sql) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return NULL;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return NULL;
}
WeChatProcess hp(pid);
if (!hp.m_init) return NULL;
ClearResultArray();
DWORD dwHandle = 0x0;
DWORD dwId = 0x0;
DWORD dwWriteSize = 0x0;
LPVOID sqlAddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
executeParams* paramAndFunc = (executeParams*)::VirtualAllocEx(hProcess, 0, sizeof(executeParams), MEM_COMMIT, PAGE_READWRITE);
if (!sqlAddr || !paramAndFunc) {
CloseHandle(hProcess);
// DWORD ExecuteSQLRemoteAddr = hp.GetProcAddr(ExecuteSQLRemote);
DWORD ExecuteSQLRemoteAddr = hp.GetProcAddr(SelectDataRemote);
if (ExecuteSQLRemoteAddr == 0)
return NULL;
}
char* a_sql = _com_util::ConvertBSTRToString(sql);
if(sqlAddr)
WriteProcessMemory(hProcess, sqlAddr, a_sql, strlen(a_sql) + 1, &dwWriteSize);
executeParams param = { 0 };
param.ptrDb = DbHandle;
param.ptrSql = (DWORD)sqlAddr;
if(paramAndFunc)
WriteProcessMemory(hProcess, paramAndFunc, &param, sizeof(executeParams), &dwWriteSize);
// DWORD ExecuteSQLRemoteAddr = WeChatRobotBase + ExecuteSQLRemoteOffset;
DWORD SelectDataRemoteAddr = WeChatRobotBase + SelectDataRemoteOffset;
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)SelectDataRemoteAddr, (LPVOID)paramAndFunc, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
GetExitCodeThread(hThread, &dwHandle);
CloseHandle(hThread);
}
else {
CloseHandle(hProcess);
WeChatData<char*> r_sql(hp.GetHandle(), a_sql, TEXTLENGTHA(a_sql));
executeParams params = { 0 };
params.ptrDb = DbHandle;
params.ptrSql = (DWORD)r_sql.GetAddr();
WeChatData<executeParams*> r_params(hp.GetHandle(), &params, sizeof(params));
if (r_sql.GetAddr() == 0 || r_params.GetAddr() == 0)
return NULL;
}
if (!dwHandle) {
CloseHandle(hProcess);
return NULL;
}
ReadSQLResultFromWeChatProcess(hProcess,dwHandle);
DWORD ret = CallRemoteFunction(hp.GetHandle(), ExecuteSQLRemoteAddr, r_params.GetAddr());
ReadSQLResultFromWeChatProcess(hp.GetHandle(),ret);
SAFEARRAY* psaValue = CreateSQLResultSafeArray();
VirtualFreeEx(hProcess, sqlAddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, paramAndFunc, 0, MEM_RELEASE);
CloseHandle(hProcess);
return psaValue;
}
\ No newline at end of file
CWeChatRobot/DelChatRoomMember.cpp
浏览文件 @ 569c5948
......@@ -8,62 +8,22 @@ struct DelChatRoomMemberStruct
};
BOOL DelChatRoomMember(DWORD pid,wchar_t* chatroomid, wchar_t* wxid) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
WeChatProcess hp(pid);
if (!hp.m_init) return 1;
DWORD DelChatRoomMemberRemoteAddr = hp.GetProcAddr(DelChatRoomMemberRemote);
if (DelChatRoomMemberRemoteAddr == 0)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
DWORD dwId = 0;
DWORD dwWriteSize = 0;
DWORD dwRet = 0;
DelChatRoomMemberStruct params;
ZeroMemory(&params, sizeof(params));
LPVOID chatroomidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
LPVOID wxidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
DelChatRoomMemberStruct* paramAndFunc = (DelChatRoomMemberStruct*)::VirtualAllocEx(hProcess, 0, sizeof(DelChatRoomMemberStruct), MEM_COMMIT, PAGE_READWRITE);
if (!chatroomidaddr || !wxidaddr || !paramAndFunc) {
CloseHandle(hProcess);
return 1;
}
DWORD dwTId = 0;
if (chatroomidaddr)
WriteProcessMemory(hProcess, chatroomidaddr, chatroomid, wcslen(chatroomid) * 2 + 2, &dwWriteSize);
if (wxidaddr)
WriteProcessMemory(hProcess, wxidaddr, wxid, wcslen(wxid) * 2 + 2, &dwWriteSize);
params.chatroomid = (DWORD)chatroomidaddr;
params.wxids = (DWORD)wxidaddr;
WeChatData<wchar_t*> r_chatroomid(hp.GetHandle(), chatroomid, TEXTLENGTH(chatroomid));
WeChatData<wchar_t*> r_wxid(hp.GetHandle(), wxid, TEXTLENGTH(wxid));
DelChatRoomMemberStruct params = { 0 };
params.chatroomid = (DWORD)r_chatroomid.GetAddr();
params.wxids = (DWORD)r_wxid.GetAddr();
params.length = 1;
if (paramAndFunc) {
WriteProcessMemory(hProcess, paramAndFunc, &params, sizeof(DelChatRoomMemberStruct), &dwTId);
}
else {
CloseHandle(hProcess);
return 1;
}
DWORD DelChatRoomMemberAddr = WeChatRobotBase + DelChatRoomMemberRemoteOffset;
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)DelChatRoomMemberAddr, (LPVOID)paramAndFunc, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
GetExitCodeThread(hThread, &dwRet);
CloseHandle(hThread);
}
else {
CloseHandle(hProcess);
WeChatData<DelChatRoomMemberStruct*> r_params(hp.GetHandle(), &params, sizeof(params));
if (r_chatroomid.GetAddr() == 0 || r_wxid.GetAddr() == 0 || r_params.GetAddr() == 0)
return 1;
}
VirtualFreeEx(hProcess, chatroomidaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, wxidaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, paramAndFunc, 0, MEM_RELEASE);
CloseHandle(hProcess);
return dwRet == 0;
DWORD ret = CallRemoteFunction(hp.GetHandle(), DelChatRoomMemberRemoteAddr, r_params.GetAddr());
return ret == 0;
}
BOOL DelChatRoomMember(DWORD pid,wchar_t* chatroomid, SAFEARRAY* psaValue) {
......@@ -78,67 +38,34 @@ BOOL DelChatRoomMember(DWORD pid,wchar_t* chatroomid, SAFEARRAY* psaValue) {
hr = SafeArrayGetElement(psaValue, &pIndex, &rgvar);
return DelChatRoomMember(pid,chatroomid, rgvar.bstrVal);
}
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
vector<void*> wxidptrs;
DWORD dwWriteSize = 0;
DWORD dwTId = 0; DWORD dwId = 0; DWORD dwRet = 0;
DelChatRoomMemberStruct params = { 0 };
LPVOID chatroomidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
LPVOID wxidptrsaddr = VirtualAllocEx(hProcess, NULL, sizeof(void*) * cElements, MEM_COMMIT, PAGE_READWRITE);
DelChatRoomMemberStruct* paramAndFunc = (DelChatRoomMemberStruct*)::VirtualAllocEx(hProcess, 0, sizeof(DelChatRoomMemberStruct), MEM_COMMIT, PAGE_READWRITE);
if (!chatroomidaddr || !wxidptrsaddr || !paramAndFunc) {
CloseHandle(hProcess);
WeChatProcess hp(pid);
if (!hp.m_init) return 1;
DWORD DelChatRoomMemberRemoteAddr = hp.GetProcAddr(DelChatRoomMemberRemote);
if (DelChatRoomMemberRemoteAddr == 0)
return 1;
}
WeChatData<wchar_t*> r_chatroomid(hp.GetHandle(), chatroomid, TEXTLENGTH(chatroomid));
vector<void*> wxidptrs;
for (long i = lLbound; i < lLbound + cElements; i++) {
VariantInit(&rgvar);
hr = SafeArrayGetElement(psaValue, &i, &rgvar);
LPVOID wxidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
LPVOID wxidaddr = VirtualAllocEx(hp.GetHandle(), NULL, 1, MEM_COMMIT, PAGE_READWRITE);
if (wxidaddr) {
WriteProcessMemory(hProcess, wxidaddr, rgvar.bstrVal, wcslen(rgvar.bstrVal) * 2 + 2, &dwWriteSize);
WriteProcessMemory(hp.GetHandle(), wxidaddr, rgvar.bstrVal, wcslen(rgvar.bstrVal) * 2 + 2, &dwWriteSize);
wxidptrs.push_back(wxidaddr);
}
}
if (chatroomidaddr)
WriteProcessMemory(hProcess, chatroomidaddr, chatroomid, wcslen(chatroomid) * 2 + 2, &dwWriteSize);
if (wxidptrsaddr)
WriteProcessMemory(hProcess, wxidptrsaddr, &wxidptrs[0], wxidptrs.size() * sizeof(void*), &dwWriteSize);
params.chatroomid = (DWORD)chatroomidaddr;
params.wxids = (DWORD)wxidptrsaddr;
WeChatData<void**> r_wxids(hp.GetHandle(), &wxidptrs[0], wxidptrs.size() * sizeof(void*));
DelChatRoomMemberStruct params = { 0 };
params.chatroomid = (DWORD)r_chatroomid.GetAddr();
params.wxids = (DWORD)r_wxids.GetAddr();
params.length = wxidptrs.size();
if (paramAndFunc) {
WriteProcessMemory(hProcess, paramAndFunc, &params, sizeof(DelChatRoomMemberStruct), &dwTId);
}
else {
CloseHandle(hProcess);
WeChatData<DelChatRoomMemberStruct*> r_params(hp.GetHandle(), &params, sizeof(params));
if (r_chatroomid.GetAddr() == 0 || r_wxids.GetAddr() == 0 || r_params.GetAddr() == 0)
return 1;
}
DWORD DelChatRoomMemberAddr = WeChatRobotBase + DelChatRoomMemberRemoteOffset;
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)DelChatRoomMemberAddr, (LPVOID)paramAndFunc, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
GetExitCodeThread(hThread, &dwRet);
CloseHandle(hThread);
}
else {
CloseHandle(hProcess);
return 1;
}
DWORD ret = CallRemoteFunction(hp.GetHandle(), DelChatRoomMemberRemoteAddr, r_params.GetAddr());
for (unsigned int i = 0; i < wxidptrs.size(); i++) {
VirtualFreeEx(hProcess, wxidptrs[i], 0, MEM_RELEASE);
VirtualFreeEx(hp.GetHandle(), wxidptrs[i], 0, MEM_RELEASE);
}
VirtualFreeEx(hProcess, chatroomidaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, wxidptrsaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, paramAndFunc, 0, MEM_RELEASE);
CloseHandle(hProcess);
return dwRet == 0;
return ret == 0;
}
\ No newline at end of file
CWeChatRobot/DeleteUser.cpp
浏览文件 @ 569c5948
#include "pch.h"
BOOL DeleteUser(DWORD pid,wchar_t* wxid) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
DWORD DeleteUserRemoteAddr = WeChatRobotBase + DeleteUserRemoteOffset;
LPVOID wxidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
DWORD dwWriteSize = 0;
DWORD dwId = 0;
DWORD dwRet = 0;
if (!wxidaddr) {
CloseHandle(hProcess);
return 1;
}
WriteProcessMemory(hProcess, wxidaddr, wxid, wcslen(wxid) * 2 + 2, &dwWriteSize);
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)DeleteUserRemoteAddr, wxidaddr, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
GetExitCodeThread(hThread, &dwRet);
CloseHandle(hThread);
}
VirtualFreeEx(hProcess, wxidaddr, 0, MEM_RELEASE);
CloseHandle(hProcess);
return dwRet == 0;
WeChatProcess hp(pid);
if (!hp.m_init) return 1;
DWORD DeleteUserRemoteAddr = hp.GetProcAddr(DeleteUserRemote);
if (DeleteUserRemoteAddr == 0)
return 1;
WeChatData<wchar_t*> r_wxid(hp.GetHandle(), wxid, TEXTLENGTH(wxid));
if (r_wxid.GetAddr() == 0)
return 1;
DWORD ret = CallRemoteFunction(hp.GetHandle(), DeleteUserRemoteAddr, r_wxid.GetAddr());
return ret == 0;
}
\ No newline at end of file
CWeChatRobot/EditRemark.cpp
浏览文件 @ 569c5948
......@@ -6,44 +6,19 @@ struct EditRemarkStruct {
};
BOOL EditRemark(DWORD pid,wchar_t* wxid, wchar_t* remark) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
WeChatProcess hp(pid);
if (!hp.m_init) return 1;
DWORD EditRemarkRemoteAddr = hp.GetProcAddr(EditRemarkRemote);
if (EditRemarkRemoteAddr == 0)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
DWORD dwId = 0;
DWORD dwWriteSize = 0;
DWORD dwRet = 1;
LPVOID wxidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
LPVOID remarkaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
EditRemarkStruct* paramAndFunc = (EditRemarkStruct*)VirtualAllocEx(hProcess, 0, sizeof(EditRemarkStruct), MEM_COMMIT, PAGE_READWRITE);
if (!wxidaddr || !remarkaddr || !paramAndFunc) {
CloseHandle(hProcess);
return 1;
}
WriteProcessMemory(hProcess, wxidaddr, wxid, wcslen(wxid) * 2 + 2, &dwWriteSize);
if (remark)
WriteProcessMemory(hProcess, remarkaddr, remark, wcslen(remark) * 2 + 2, &dwWriteSize);
WeChatData<wchar_t*> r_wxid(hp.GetHandle(), wxid, TEXTLENGTH(wxid));
WeChatData<wchar_t*> r_remark(hp.GetHandle(), remark, TEXTLENGTH(remark));
EditRemarkStruct params = { 0 };
params.wxid = (DWORD)wxidaddr;
params.remark = remark ? (DWORD)remarkaddr : 0;
WriteProcessMemory(hProcess, paramAndFunc, &params, sizeof(params), &dwWriteSize);
DWORD EditRemarkAddr = WeChatRobotBase + EditRemarkRemoteOffset;
HANDLE hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)EditRemarkAddr, (LPVOID)paramAndFunc, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
GetExitCodeThread(hThread, &dwRet);
CloseHandle(hThread);
}
VirtualFreeEx(hProcess, wxidaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, remarkaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, paramAndFunc, 0, MEM_RELEASE);
CloseHandle(hProcess);
return dwRet == 0;
params.wxid = (DWORD)r_wxid.GetAddr();
params.remark = (DWORD)r_remark.GetAddr();
WeChatData<EditRemarkStruct*> r_params(hp.GetHandle(), &params, sizeof(params));
if (r_wxid.GetAddr() == 0 || r_params.GetAddr() == 0)
return 1;
DWORD ret = CallRemoteFunction(hp.GetHandle(), EditRemarkRemoteAddr, r_params.GetAddr());
return ret == 0;
}
\ No newline at end of file
CWeChatRobot/FriendList.cpp
浏览文件 @ 569c5948
......@@ -120,120 +120,72 @@ SAFEARRAY* CreateFriendArray(int FriendCount) {
}
SAFEARRAY* GetFriendList(DWORD pid) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
WeChatProcess hp(pid);
if (!hp.m_init) return NULL;
DWORD GetFriendListInitAddr = hp.GetProcAddr(GetFriendListInit);
DWORD GetFriendListRemoteAddr = hp.GetProcAddr(GetFriendListRemote);
DWORD GetFriendListFinishAddr = hp.GetProcAddr(GetFriendListFinish);
if (GetFriendListInitAddr == 0 || GetFriendListRemoteAddr == 0 || GetFriendListFinishAddr == 0)
return NULL;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return NULL;
}
DWORD GetFriendListInitAddr = WeChatRobotBase + GetFriendListInitOffset;
DWORD GetFriendListRemoteAddr = WeChatRobotBase + GetFriendListRemoteOffset;
DWORD GetFriendListFinishAddr = WeChatRobotBase + GetFriendListFinishOffset;
DWORD FriendCount = 0;
DWORD dwId, dwHandle = 0;
DWORD dwHandle = 0;
// 获取好友列表的长度
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)GetFriendListInitAddr, NULL, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
GetExitCodeThread(hThread, &FriendCount);
CloseHandle(hThread);
}
FriendCount = CallRemoteFunction(hp.GetHandle(), GetFriendListInitAddr, NULL);
// 获取保存第一个好友的数据指针的结构体首地址
hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)GetFriendListRemoteAddr, NULL, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
GetExitCodeThread(hThread, &dwHandle);
CloseHandle(hThread);
}
dwHandle = CallRemoteFunction(hp.GetHandle(), GetFriendListRemoteAddr, NULL);
WxFriendAddrStruct WxFriendAddr = { 0 };
// 根据好友数量初始化全局变量
WxFriendList = new WxFriendStruct[FriendCount];
if (dwHandle) {
for (unsigned int i = 0; i < FriendCount; i++) {
WxFriendList[i] = { 0 };
ZeroMemory(&WxFriendAddr, sizeof(WxFriendAddrStruct));
ReadProcessMemory(hProcess, (LPCVOID)dwHandle, &WxFriendAddr, sizeof(WxFriendAddrStruct), 0);
ReadFriendMessageByAddress(hProcess,&WxFriendAddr, &WxFriendList[i]);
// 保存下一个好友数据的结构体
dwHandle += sizeof(WxFriendAddrStruct);
}
}
else {
CloseHandle(hProcess);
if (dwHandle == 0)
return NULL;
for (unsigned int i = 0; i < FriendCount; i++) {
WxFriendList[i] = { 0 };
ZeroMemory(&WxFriendAddr, sizeof(WxFriendAddrStruct));
ReadProcessMemory(hp.GetHandle(), (LPCVOID)dwHandle, &WxFriendAddr, sizeof(WxFriendAddrStruct), 0);
ReadFriendMessageByAddress(hp.GetHandle(),&WxFriendAddr, &WxFriendList[i]);
// 保存下一个好友数据的结构体
dwHandle += sizeof(WxFriendAddrStruct);
}
// 清除微信进程空间中的缓存
hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)GetFriendListFinishAddr, NULL, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
CloseHandle(hThread);
}
CallRemoteFunction(hp.GetHandle(), GetFriendListFinishAddr, NULL);
SAFEARRAY* psaValue = CreateFriendArray(FriendCount);
for (unsigned int i = 0; i < FriendCount; i++) {
FreeWxFriend(i);
}
delete[] WxFriendList;
WxFriendList = NULL;
CloseHandle(hProcess);
return psaValue;
}
std::wstring GetFriendListString(DWORD pid) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return L"[]";
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return L"[]";
}
DWORD GetFriendListInitAddr = WeChatRobotBase + GetFriendListInitOffset;
DWORD GetFriendListRemoteAddr = WeChatRobotBase + GetFriendListRemoteOffset;
DWORD GetFriendListFinishAddr = WeChatRobotBase + GetFriendListFinishOffset;
WeChatProcess hp(pid);
if (!hp.m_init) return L"[]";
DWORD GetFriendListInitAddr = hp.GetProcAddr(GetFriendListInit);
DWORD GetFriendListRemoteAddr = hp.GetProcAddr(GetFriendListRemote);
DWORD GetFriendListFinishAddr = hp.GetProcAddr(GetFriendListFinish);
DWORD FriendCount = 0;
DWORD dwId, dwHandle = 0;
DWORD dwHandle = 0;
// 获取好友列表的长度
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)GetFriendListInitAddr, NULL, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
GetExitCodeThread(hThread, &FriendCount);
CloseHandle(hThread);
}
FriendCount = CallRemoteFunction(hp.GetHandle(), GetFriendListInitAddr, NULL);
// 获取保存第一个好友的数据指针的结构体首地址
hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)GetFriendListRemoteAddr, NULL, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
GetExitCodeThread(hThread, &dwHandle);
CloseHandle(hThread);
}
dwHandle = CallRemoteFunction(hp.GetHandle(), GetFriendListRemoteAddr, NULL);
WxFriendAddrStruct WxFriendAddr = { 0 };
// 根据好友数量初始化全局变量
WxFriendList = new WxFriendStruct[FriendCount];
if (dwHandle) {
for (unsigned int i = 0; i < FriendCount; i++) {
WxFriendList[i] = { 0 };
ZeroMemory(&WxFriendAddr, sizeof(WxFriendAddrStruct));
ReadProcessMemory(hProcess, (LPCVOID)dwHandle, &WxFriendAddr, sizeof(WxFriendAddrStruct), 0);
ReadFriendMessageByAddress(hProcess,&WxFriendAddr, &WxFriendList[i]);
// 保存下一个好友数据的结构体
dwHandle += sizeof(WxFriendAddrStruct);
}
}
else {
CloseHandle(hProcess);
if (dwHandle == 0)
return L"[]";
for (unsigned int i = 0; i < FriendCount; i++) {
WxFriendList[i] = { 0 };
ZeroMemory(&WxFriendAddr, sizeof(WxFriendAddrStruct));
ReadProcessMemory(hp.GetHandle(), (LPCVOID)dwHandle, &WxFriendAddr, sizeof(WxFriendAddrStruct), 0);
ReadFriendMessageByAddress(hp.GetHandle(),&WxFriendAddr, &WxFriendList[i]);
// 保存下一个好友数据的结构体
dwHandle += sizeof(WxFriendAddrStruct);
}
// 清除微信进程空间中的缓存
hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)GetFriendListFinishAddr, NULL, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
CloseHandle(hThread);
}
CallRemoteFunction(hp.GetHandle(), GetFriendListFinishAddr, NULL);
wstring message = L"[";
// 构造结构化的数据
......@@ -250,6 +202,5 @@ std::wstring GetFriendListString(DWORD pid) {
// 释放全局变量
delete[] WxFriendList;
WxFriendList = NULL;
CloseHandle(hProcess);
return message;
}
\ No newline at end of file
CWeChatRobot/GetChatRoomMemberNickname.cpp
浏览文件 @ 569c5948
......@@ -8,66 +8,24 @@ struct ChatRoomMemberNicknameStruct
};
wstring GetChatRoomMemberNickname(DWORD pid,wchar_t* chatroomid, wchar_t* wxid) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
wchar_t buffer[33] = { 0 };
WeChatProcess hp(pid);
if (!hp.m_init) return L"";
DWORD GetChatRoomMemberNicknameRemoteAddr = hp.GetProcAddr(GetChatRoomMemberNicknameRemote);
if (GetChatRoomMemberNicknameRemoteAddr == 0)
return L"";
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
WeChatData<wchar_t*> r_chatroomid(hp.GetHandle(), chatroomid, TEXTLENGTH(chatroomid));
WeChatData<wchar_t*> r_wxid(hp.GetHandle(), wxid, TEXTLENGTH(wxid));
WeChatData<wchar_t*> r_nickname(hp.GetHandle(), buffer, 33 * 2);
ChatRoomMemberNicknameStruct params = { 0 };
params.chatroomid = (DWORD)r_chatroomid.GetAddr();
params.wxid = (DWORD)r_wxid.GetAddr();
params.nickname = (DWORD)r_nickname.GetAddr();
WeChatData<ChatRoomMemberNicknameStruct*> r_params(hp.GetHandle(), &params, sizeof(params));
if (r_chatroomid.GetAddr() == 0 || r_wxid.GetAddr() == 0 || r_params.GetAddr() == 0 || r_nickname.GetAddr() == 0)
return L"";
}
DWORD dwId = 0;
DWORD dwWriteSize = 0;
DWORD dwRet = 0;
ChatRoomMemberNicknameStruct params;
ZeroMemory(&params, sizeof(params));
LPVOID chatroomidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
LPVOID wxidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
LPVOID nicknameaddr = VirtualAllocEx(hProcess, NULL, 33 * 2, MEM_COMMIT, PAGE_READWRITE);
ChatRoomMemberNicknameStruct* paramAndFunc = (ChatRoomMemberNicknameStruct*)::VirtualAllocEx(hProcess, 0, sizeof(ChatRoomMemberNicknameStruct), MEM_COMMIT, PAGE_READWRITE);
if (!chatroomidaddr || !wxidaddr || !nicknameaddr || !paramAndFunc) {
CloseHandle(hProcess);
return L"";
}
DWORD dwTId = 0;
if (chatroomidaddr)
WriteProcessMemory(hProcess, chatroomidaddr, chatroomid, wcslen(chatroomid) * 2 + 2, &dwWriteSize);
if (wxidaddr)
WriteProcessMemory(hProcess, wxidaddr, wxid, wcslen(wxid) * 2 + 2, &dwWriteSize);
params.chatroomid = (DWORD)chatroomidaddr;
params.wxid = (DWORD)wxidaddr;
params.nickname = (DWORD)nicknameaddr;
if (paramAndFunc) {
WriteProcessMemory(hProcess, paramAndFunc, &params, sizeof(params), &dwTId);
}
else {
CloseHandle(hProcess);
return L"";
}
DWORD GetChatRoomMemberNicknameAddr = WeChatRobotBase + GetChatRoomMemberNicknameRemoteOffset;
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)GetChatRoomMemberNicknameAddr, (LPVOID)paramAndFunc, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
GetExitCodeThread(hThread, &dwRet);
CloseHandle(hThread);
}
else {
CloseHandle(hProcess);
return L"";
}
wchar_t* buffer = new wchar_t[33];
ZeroMemory(buffer, 33 * 2);
ReadProcessMemory(hProcess, nicknameaddr, buffer, 32 * 2, 0);
DWORD ret = CallRemoteFunction(hp.GetHandle(), GetChatRoomMemberNicknameRemoteAddr, r_params.GetAddr());
ReadProcessMemory(hp.GetHandle(), r_nickname.GetAddr(), buffer, 32 * 2, 0);
wstring nickname(buffer);
delete[] buffer;
VirtualFreeEx(hProcess, chatroomidaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, nicknameaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, paramAndFunc, 0, MEM_RELEASE);
CloseHandle(hProcess);
return nickname;
}
\ No newline at end of file
CWeChatRobot/GetChatRoomMembers.cpp
浏览文件 @ 569c5948
......@@ -6,47 +6,25 @@ struct ChatRoomInfoStruct {
};
SAFEARRAY* GetChatRoomMembers(DWORD pid,wchar_t* chatroomid) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return NULL;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return NULL;
}
DWORD dwId = 0;
DWORD dwWriteSize = 0;
DWORD dwHandle = 0;
HRESULT hr = S_OK;
ChatRoomInfoStruct chatroominfo = { 0 };
LPVOID chatroomidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
if (!chatroomidaddr || !WeChatRobotBase) {
CloseHandle(hProcess);
WeChatProcess hp(pid);
if (!hp.m_init) return NULL;
DWORD GetChatRoomMembersRemoteAddr = hp.GetProcAddr(GetChatRoomMembersRemote);
if (GetChatRoomMembersRemoteAddr == 0)
return NULL;
}
else {
WriteProcessMemory(hProcess, chatroomidaddr, chatroomid, wcslen(chatroomid) * 2 + 2, &dwWriteSize);
}
DWORD GetChatRoomMembersRemoteAddr = WeChatRobotBase + GetChatRoomMembersRemoteOffset;
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)GetChatRoomMembersRemoteAddr, (LPVOID)chatroomidaddr, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
GetExitCodeThread(hThread, &dwHandle);
}
else {
CloseHandle(hProcess);
WeChatData<wchar_t*> r_chatroomid(hp.GetHandle(), chatroomid, TEXTLENGTH(chatroomid));
if (r_chatroomid.GetAddr() == 0)
return NULL;
}
if (!dwHandle) {
CloseHandle(hProcess);
DWORD ret = CallRemoteFunction(hp.GetHandle(), GetChatRoomMembersRemoteAddr, r_chatroomid.GetAddr());
if (ret == 0) {
return NULL;
}
ReadProcessMemory(hProcess,(LPCVOID)dwHandle,&chatroominfo,sizeof(ChatRoomInfoStruct),0);
ChatRoomInfoStruct chatroominfo = { 0 };
ReadProcessMemory(hp.GetHandle(),(LPCVOID)ret,&chatroominfo,sizeof(ChatRoomInfoStruct),0);
wchar_t* members = new wchar_t[chatroominfo.length + 1];
ZeroMemory(members, (chatroominfo.length + 1) * 2);
ReadProcessMemory(hProcess, (LPCVOID)chatroominfo.members, members, chatroominfo.length * 2, 0);
cout << members << endl;
ReadProcessMemory(hp.GetHandle(), (LPCVOID)chatroominfo.members, members, chatroominfo.length * 2, 0);
SAFEARRAYBOUND rgsaBound[2] = { {2,0},{2,0} };
SAFEARRAY* psaValue = SafeArrayCreate(VT_VARIANT, 2, rgsaBound);
long keyIndex[2] = { 0,0 };
......@@ -60,6 +38,5 @@ SAFEARRAY* GetChatRoomMembers(DWORD pid,wchar_t* chatroomid) {
hr = SafeArrayPutElement(psaValue, keyIndex, &(_variant_t)members);
delete[] members;
members = NULL;
CloseHandle(hProcess);
return psaValue;
}
\ No newline at end of file
CWeChatRobot/GetDbHandles.cpp
浏览文件 @ 569c5948
......@@ -86,61 +86,42 @@ SAFEARRAY* CreateDbInfoSafeArray() {
}
SAFEARRAY* GetDbHandles(DWORD pid) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
dbs.clear();
WeChatProcess hp(pid);
if (!hp.m_init) return NULL;
DWORD GetDbHandlesRemoteAddr = hp.GetProcAddr(GetDbHandlesRemote);
if (GetDbHandlesRemoteAddr == 0)
return NULL;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return NULL;
}
DWORD dwHandle = 0x0;
DWORD dwId = 0x0;
DWORD GetDbHandlesRemoteAddr = WeChatRobotBase + GetDbHandlesRemoteOffset;
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)GetDbHandlesRemoteAddr, NULL, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
GetExitCodeThread(hThread, &dwHandle);
CloseHandle(hThread);
}
else {
CloseHandle(hProcess);
return NULL;
}
if (!dwHandle) {
CloseHandle(hProcess);
return NULL;
}
DWORD ret = CallRemoteFunction(hp.GetHandle(), GetDbHandlesRemoteAddr, NULL);
while (1) {
DbInfoAddrStruct dbaddr = { 0 };
ReadProcessMemory(hProcess, (LPCVOID)dwHandle, &dbaddr, sizeof(DbInfoAddrStruct), 0);
ReadProcessMemory(hp.GetHandle(), (LPCVOID)ret, &dbaddr, sizeof(DbInfoAddrStruct), 0);
if (dbaddr.handle == 0)
break;
DbInfoStruct db = { 0 };
db.handle = dbaddr.handle;
db.count = dbaddr.count;
db.dbname = new wchar_t[dbaddr.l_dbname + 1];
ReadProcessMemory(hProcess, (LPCVOID)dbaddr.dbname, db.dbname, sizeof(wchar_t) * (dbaddr.l_dbname + 1), 0);
ReadProcessMemory(hp.GetHandle(), (LPCVOID)dbaddr.dbname, db.dbname, sizeof(wchar_t) * (dbaddr.l_dbname + 1), 0);
DWORD db_table_start_addr = dbaddr.v_data;
while (db_table_start_addr < dbaddr.v_end1) {
TableInfoAddrStruct tbaddr = { 0 };
TableInfoStruct tb = { 0 };
ReadProcessMemory(hProcess, (LPCVOID)db_table_start_addr, &tbaddr, sizeof(TableInfoAddrStruct), 0);
ReadProcessMemory(hp.GetHandle(), (LPCVOID)db_table_start_addr, &tbaddr, sizeof(TableInfoAddrStruct), 0);
tb.name = new char[tbaddr.l_name + 1];
ReadProcessMemory(hProcess, (LPCVOID)tbaddr.name, tb.name, tbaddr.l_name + 1, 0);
ReadProcessMemory(hp.GetHandle(), (LPCVOID)tbaddr.name, tb.name, tbaddr.l_name + 1, 0);
tb.tbl_name = new char[tbaddr.l_tbl_name + 1];
ReadProcessMemory(hProcess, (LPCVOID)tbaddr.tbl_name, tb.tbl_name, tbaddr.l_tbl_name + 1, 0);
ReadProcessMemory(hp.GetHandle(), (LPCVOID)tbaddr.tbl_name, tb.tbl_name, tbaddr.l_tbl_name + 1, 0);
tb.rootpage = new char[tbaddr.l_rootpage + 1];
ReadProcessMemory(hProcess, (LPCVOID)tbaddr.rootpage, tb.rootpage, tbaddr.l_rootpage + 1, 0);
ReadProcessMemory(hp.GetHandle(), (LPCVOID)tbaddr.rootpage, tb.rootpage, tbaddr.l_rootpage + 1, 0);
tb.sql = new char[tbaddr.l_sql + 1];
ReadProcessMemory(hProcess, (LPCVOID)tbaddr.sql, tb.sql, tbaddr.l_sql + 1, 0);
ReadProcessMemory(hp.GetHandle(), (LPCVOID)tbaddr.sql, tb.sql, tbaddr.l_sql + 1, 0);
db.tables.push_back(tb);
db_table_start_addr += sizeof(TableInfoAddrStruct);
}
dbs.push_back(db);
dwHandle += sizeof(DbInfoAddrStruct);
ret += sizeof(DbInfoAddrStruct);
}
SAFEARRAY* psaValue = CreateDbInfoSafeArray();
CloseHandle(hProcess);
return psaValue;
}
\ No newline at end of file
CWeChatRobot/HookImageMessage.cpp
浏览文件 @ 569c5948
#include "pch.h"
BOOL HookImageMsg(DWORD pid,wchar_t* savepath) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
WeChatProcess hp(pid);
if (!hp.m_init) return 1;
DWORD HookImageMsgRemoteAddr = hp.GetProcAddr(HookImageMsgRemote);
if (HookImageMsgRemoteAddr == 0)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
WeChatData<wchar_t*> r_savepath(hp.GetHandle(), savepath, TEXTLENGTH(savepath));
if (r_savepath.GetAddr() == 0)
return 1;
}
DWORD dwId = 0;
DWORD dwRet = 0x0;
LPVOID savepathaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
DWORD dwWriteSize = 0;
if (!savepathaddr) {
CloseHandle(hProcess);
return 1;
}
WriteProcessMemory(hProcess, savepathaddr, savepath, wcslen(savepath) * 2 + 2, &dwWriteSize);
DWORD HookImageMsgRemoteAddr = WeChatRobotBase + HookImageMsgRemoteOffset;
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)HookImageMsgRemoteAddr, savepathaddr, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
GetExitCodeThread(hThread, &dwRet);
CloseHandle(hThread);
}
VirtualFreeEx(hProcess, savepathaddr, 0, MEM_RELEASE);
CloseHandle(hProcess);
return dwRet == 0;
DWORD ret = CallRemoteFunction(hp.GetHandle(), HookImageMsgRemoteAddr, r_savepath.GetAddr());
return ret == 0;
}
void UnHookImageMsg(DWORD pid) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
WeChatProcess hp(pid);
if (!hp.m_init) return;
DWORD UnHookImageMsgRemoteAddr = hp.GetProcAddr(UnHookImageMsgRemote);
if (UnHookImageMsgRemoteAddr == 0)
return;
}
DWORD dwId = 0x0;
DWORD UnHookImageMsgRemoteAddr = WeChatRobotBase + UnHookImageMsgRemoteOffset;
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)UnHookImageMsgRemoteAddr, NULL, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
CloseHandle(hThread);
}
CloseHandle(hProcess);
CallRemoteFunction(hp.GetHandle(), UnHookImageMsgRemoteAddr, NULL);
}
\ No newline at end of file
CWeChatRobot/HookVoiceMessage.cpp
浏览文件 @ 569c5948
#include "pch.h"
BOOL HookVoiceMsg(DWORD pid,wchar_t* savepath) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
WeChatProcess hp(pid);
if (!hp.m_init) return 1;
DWORD HookVoiceMsgRemoteAddr = hp.GetProcAddr(HookVoiceMsgRemote);
if (HookVoiceMsgRemoteAddr == 0)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
WeChatData<wchar_t*> r_savepath(hp.GetHandle(), savepath, TEXTLENGTH(savepath));
if (r_savepath.GetAddr() == 0)
return 1;
}
DWORD dwId = 0;
DWORD dwRet = 0x0;
LPVOID savepathaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
DWORD dwWriteSize = 0;
if (!savepathaddr) {
CloseHandle(hProcess);
return 1;
}
WriteProcessMemory(hProcess, savepathaddr, savepath, wcslen(savepath) * 2 + 2, &dwWriteSize);
DWORD HookVoiceMsgRemoteAddr = WeChatRobotBase + HookVoiceMsgRemoteOffset;
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)HookVoiceMsgRemoteAddr, savepathaddr, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
GetExitCodeThread(hThread, &dwRet);
CloseHandle(hThread);
}
VirtualFreeEx(hProcess, savepathaddr, 0, MEM_RELEASE);
CloseHandle(hProcess);
return dwRet == 0;
DWORD ret = CallRemoteFunction(hp.GetHandle(), HookVoiceMsgRemoteAddr, r_savepath.GetAddr());
return ret == 0;
}
void UnHookVoiceMsg(DWORD pid) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
WeChatProcess hp(pid);
if (!hp.m_init) return;
DWORD UnHookVoiceMsgRemoteAddr = hp.GetProcAddr(UnHookVoiceMsgRemote);
if (UnHookVoiceMsgRemoteAddr == 0)
return;
}
DWORD dwId = 0x0;
DWORD UnHookVoiceMsgRemoteAddr = WeChatRobotBase + UnHookVoiceMsgRemoteOffset;
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)UnHookVoiceMsgRemoteAddr, NULL, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
CloseHandle(hThread);
}
CloseHandle(hProcess);
CallRemoteFunction(hp.GetHandle(), UnHookVoiceMsgRemoteAddr, NULL);
}
\ No newline at end of file
CWeChatRobot/InjectDll.cpp
浏览文件 @ 569c5948
#include "pch.h"
bool InjectDll(DWORD dwId, WCHAR* szPath)//参数1:目标进程PID 参数2:DLL路径
bool InjectDll(DWORD dwId, WCHAR* szPath)
{
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwId);
if (!hProcess)
WeChatProcess hp(dwId);
if (!hp.m_init) return 1;
if (hp.WeChatRobotBase() != 0) return 0;
WeChatData<wchar_t*> r_dllpath(hp.GetHandle(), szPath, TEXTLENGTH(szPath));
if (r_dllpath.GetAddr() == 0)
return 1;
if (GetWeChatRobotBase(dwId) != 0) {
CloseHandle(hProcess);
return 0;
}
LPVOID pRemoteAddress = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
DWORD dwWriteSize = 0;
if (pRemoteAddress)
{
WriteProcessMemory(hProcess, pRemoteAddress, szPath, wcslen(szPath) * 2 + 2, &dwWriteSize);
}
else {
CloseHandle(hProcess);
return 1;
}
HANDLE hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)LoadLibrary, pRemoteAddress, NULL, NULL);
if (hThread) {
WaitForSingleObject(hThread, -1);
}
else {
CloseHandle(hProcess);
return 1;
}
CloseHandle(hThread);
VirtualFreeEx(hProcess, pRemoteAddress, 0, MEM_RELEASE);
CloseHandle(hProcess);
CallRemoteFunction(hp.GetHandle(), LoadLibraryW, r_dllpath.GetAddr());
return 0;
}
......@@ -52,36 +29,12 @@ bool Inject(DWORD dwPid,wchar_t* workPath) {
}
BOOL RemoveDll(DWORD dwId) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwId);
if (!hProcess)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase(dwId);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return 0;
}
DWORD dwWriteSize = 0;
HANDLE hThread = NULL;
DWORD dwID = 0;
hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)FreeConsole, NULL, 0, &dwID);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
CloseHandle(hThread);
}
else {
CloseHandle(hProcess);
return 1;
}
hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)FreeLibrary, (LPVOID)WeChatRobotBase, 0, &dwID);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
CloseHandle(hThread);
}
else {
CloseHandle(hProcess);
return 1;
}
CloseHandle(hProcess);
WeChatProcess hp(dwId);
if (!hp.m_init) return 1;
DWORD WeChatRobotBase = hp.WeChatRobotBase();
if (WeChatRobotBase == 0) return 0;
CallRemoteFunction(hp.GetHandle(), FreeConsole, NULL);
CallRemoteFunction(hp.GetHandle(), FreeLibrary, WeChatRobotBase);
return 0;
}
CWeChatRobot/ReceiveMessage.cpp
浏览文件 @ 569c5948
#include "pch.h"
BOOL StartReceiveMessage(DWORD pid,int port) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
WeChatProcess hp(pid);
if (!hp.m_init) return 1;
DWORD StartReceiveMessageRemoteAddr = hp.GetProcAddr(HookReceiveMessageRemote);
if (StartReceiveMessageRemoteAddr == 0)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
DWORD dwId = 0;
DWORD HookReceiveMessageAddr = WeChatRobotBase + HookReceiveMessageRemoteOffset;
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)HookReceiveMessageAddr, (LPVOID)port, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
}
else {
CloseHandle(hProcess);
return 1;
}
CloseHandle(hThread);
CloseHandle(hProcess);
CallRemoteFunction(hp.GetHandle(), StartReceiveMessageRemoteAddr, port);
return 0;
}
BOOL StopReceiveMessage(DWORD pid) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess) {
return 1;
}
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
DWORD dwId = 0;
DWORD UnHookReceiveMessageAddr = WeChatRobotBase + UnHookReceiveMessageRemoteOffset;
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)UnHookReceiveMessageAddr, NULL, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
}
else {
CloseHandle(hProcess);
WeChatProcess hp(pid);
if (!hp.m_init) return 1;
DWORD UnHookReceiveMsgRemoteAddr = hp.GetProcAddr(UnHookReceiveMessageRemote);
if (UnHookReceiveMsgRemoteAddr == 0)
return 1;
}
CloseHandle(hThread);
CloseHandle(hProcess);
CallRemoteFunction(hp.GetHandle(), UnHookReceiveMsgRemoteAddr, NULL);
return 0;
}
\ No newline at end of file
CWeChatRobot/SearchContactByCache.cpp
浏览文件 @ 569c5948
......@@ -5,63 +5,32 @@ struct GetUserInfoStruct {
DWORD length;
};
VOID DeleteUserInfoCache(DWORD pid,HANDLE hProcess) {
DWORD dwId = 0;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return;
}
DWORD DeleteUserInfoCacheProcAddr = WeChatRobotBase + DeleteUserInfoCacheOffset;
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)DeleteUserInfoCacheProcAddr, NULL, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
CloseHandle(hThread);
}
}
std::wstring GetWxUserInfo(DWORD pid,wchar_t* wxid) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
DWORD dwReadSize = 0;
wstring info = L"";
WeChatProcess hp(pid);
if (!hp.m_init) return L"{}";
DWORD GetWxUserInfoRemoteAddr = hp.GetProcAddr(GetWxUserInfoRemote);
DWORD DeleteUserInfoCacheProcAddr = hp.GetProcAddr(DeleteUserInfoCacheRemote);
if (GetWxUserInfoRemoteAddr == 0)
return L"{}";
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
WeChatData<wchar_t*> r_wxid(hp.GetHandle(), wxid, TEXTLENGTH(wxid));
if (r_wxid.GetAddr() == 0)
return L"{}";
}
wstring WString = L"";
DWORD GetUserInfoProcAddr = WeChatRobotBase + GetWxUserInfoOffset;
LPVOID wxidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
DWORD dwWriteSize = 0;
DWORD dwId = 0;
DWORD dwHandle = 0;
GetUserInfoStruct userinfo = { 0 };
if (!wxidaddr) {
CloseHandle(hProcess);
DWORD ret = CallRemoteFunction(hp.GetHandle(), GetWxUserInfoRemoteAddr, r_wxid.GetAddr());
if (ret == 0)
return L"{}";
}
WriteProcessMemory(hProcess, wxidaddr, wxid, wcslen(wxid) * 2 + 2, &dwWriteSize);
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)GetUserInfoProcAddr, wxidaddr, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
GetExitCodeThread(hThread, &dwHandle);
CloseHandle(hThread);
}
if(dwHandle)
ReadProcessMemory(hProcess, (LPCVOID)dwHandle, &userinfo, sizeof(GetUserInfoStruct), &dwWriteSize);
GetUserInfoStruct userinfo = { 0 };
ReadProcessMemory(hp.GetHandle(), (LPVOID)ret, &userinfo, sizeof(GetUserInfoStruct), &dwReadSize);
if (userinfo.length) {
wchar_t* wmessage = new wchar_t[userinfo.length + 1];
ZeroMemory(wmessage, (userinfo.length + 1) * 2);
ReadProcessMemory(hProcess, (LPCVOID)userinfo.message, wmessage, userinfo.length * 2, &dwWriteSize);
WString += wmessage;
ReadProcessMemory(hp.GetHandle(), (LPVOID)userinfo.message, wmessage, userinfo.length * 2, &dwReadSize);
info = (wstring)wmessage;
delete[] wmessage;
wmessage = NULL;
}
VirtualFreeEx(hProcess, wxidaddr, 0, MEM_RELEASE);
DeleteUserInfoCache(pid,hProcess);
CloseHandle(hProcess);
return WString;
CallRemoteFunction(hp.GetHandle(), DeleteUserInfoCacheProcAddr, NULL);
return info;
}
CWeChatRobot/SearchContactByNet.cpp
浏览文件 @ 569c5948
......@@ -134,41 +134,24 @@ static void ReadUserInfoFromMemory(HANDLE hProcess) {
}
SAFEARRAY* SearchContactByNet(DWORD pid,wchar_t* keyword) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
DWORD dwReadSize = 0;
WeChatProcess hp(pid);
if (!hp.m_init) return NULL;
DWORD SearchContactByNetRemoteAddr = hp.GetProcAddr(SearchContactByNetRemote);
if (SearchContactByNetRemoteAddr == 0)
return NULL;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
WeChatData<wchar_t*> r_keyword(hp.GetHandle(), keyword, TEXTLENGTH(keyword));
if (r_keyword.GetAddr() == 0)
return NULL;
}
ClearUserInfoCache();
DWORD SearchContactByNetRemoteAddr = WeChatRobotBase + SearchContactByNetRemoteOffset;
LPVOID keywordaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
DWORD dwWriteSize = 0;
DWORD dwId = 0;
DWORD dwHandle = 0;
if (!keywordaddr) {
CloseHandle(hProcess);
return NULL;
}
WriteProcessMemory(hProcess, keywordaddr, keyword, wcslen(keyword) * 2 + 2, &dwWriteSize);
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)SearchContactByNetRemoteAddr, keywordaddr, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
GetExitCodeThread(hThread, &dwHandle);
CloseHandle(hThread);
}
VirtualFreeEx(hProcess, keywordaddr, 0, MEM_RELEASE);
if (!dwHandle)
DWORD ret = CallRemoteFunction(hp.GetHandle(), SearchContactByNetRemoteAddr, r_keyword.GetAddr());
if (ret == 0)
return NULL;
ReadProcessMemory(hProcess, (LPCVOID)dwHandle, &userinfoaddr, sizeof(UserInfoAddr), &dwWriteSize);
ReadProcessMemory(hp.GetHandle(), (LPCVOID)ret, &userinfoaddr, sizeof(UserInfoAddr), &dwReadSize);
if (userinfoaddr.errcode == 0) {
ReadUserInfoFromMemory(hProcess);
ReadUserInfoFromMemory(hp.GetHandle());
SAFEARRAY* psa = CreateUserInfoArray();
CloseHandle(hProcess);
return psa;
}
CloseHandle(hProcess);
return NULL;
}
\ No newline at end of file
CWeChatRobot/SelfInfo.cpp
浏览文件 @ 569c5948
......@@ -5,77 +5,38 @@ struct GetSelfInfoStruct {
DWORD length;
};
VOID DeleteSelfInfoCache(DWORD pid,HANDLE hProcess) {
DWORD dwId = 0;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
return;
}
DWORD DeleteSelfInfoCacheProcAddr = WeChatRobotBase + DeleteSelfInfoCacheOffset;
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)DeleteSelfInfoCacheProcAddr, NULL, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
CloseHandle(hThread);
}
}
std::wstring GetSelfInfo(DWORD pid) {
if (PidToSelfInfoString.count(pid)!=0)
{
return PidToSelfInfoString[pid];
}
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
wstring SelfInfoString = L"";
DWORD dwReadSize = 0;
WeChatProcess hp(pid);
if (!hp.m_init) return L"{}";
DWORD GetSelfInfoRemoteAddr = hp.GetProcAddr(GetSelfInfoRemote);
DWORD DeleteSelfInfoCacheRemoteAddr = hp.GetProcAddr(DeleteSelfInfoCacheRemote);
if (GetSelfInfoRemoteAddr == 0)
return L"{}";
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
DWORD ret = CallRemoteFunction(hp.GetHandle(), GetSelfInfoRemoteAddr, NULL);
if (ret == 0)
return L"{}";
}
DWORD GetSelfInfoProcAddr = WeChatRobotBase + GetSelfInfoOffset;
DWORD dwWriteSize = 0;
DWORD dwId = 0;
DWORD dwHandle = 0;
GetSelfInfoStruct selfinfo = { 0 };
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)GetSelfInfoProcAddr, NULL, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
GetExitCodeThread(hThread, &dwHandle);
CloseHandle(hThread);
}
if (dwHandle)
ReadProcessMemory(hProcess, (LPCVOID)dwHandle, &selfinfo, sizeof(GetSelfInfoStruct), &dwWriteSize);
ReadProcessMemory(hp.GetHandle(), (LPCVOID)ret, &selfinfo, sizeof(GetSelfInfoStruct), &dwReadSize);
if (selfinfo.length) {
wchar_t* wmessage = new wchar_t[selfinfo.length + 1];
ZeroMemory(wmessage, (selfinfo.length + 1) * 2);
ReadProcessMemory(hProcess, (LPCVOID)selfinfo.message, wmessage, selfinfo.length * 2, &dwWriteSize);
PidToSelfInfoString[pid] = wmessage;
ReadProcessMemory(hp.GetHandle(), (LPCVOID)selfinfo.message, wmessage, selfinfo.length * 2, &dwReadSize);
SelfInfoString = (wstring)wmessage;
delete[] wmessage;
wmessage = NULL;
}
DeleteSelfInfoCache(pid,hProcess);
CloseHandle(hProcess);
return PidToSelfInfoString[pid];
CallRemoteFunction(hp.GetHandle(), DeleteSelfInfoCacheRemoteAddr, NULL);
return SelfInfoString;
}
BOOL isWxLogin(DWORD pid) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return false;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return false;
}
DWORD isWxLoginAddr = WeChatRobotBase + isWxLoginOffset;
DWORD dwId, dwRet = 0;
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)isWxLoginAddr, NULL, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
GetExitCodeThread(hThread, &dwRet);
CloseHandle(hThread);
}
CloseHandle(hProcess);
return dwRet == 1;
WeChatProcess hp(pid);
if (!hp.m_init) return 1;
DWORD isWxLoginRemoteAddr = hp.GetProcAddr(isWxLoginRemote);
if (isWxLoginRemoteAddr == 0)
return 1;
DWORD ret = CallRemoteFunction(hp.GetHandle(), isWxLoginRemoteAddr, NULL);
return ret == 1;
}
\ No newline at end of file
CWeChatRobot/SendAppMsg.cpp
浏览文件 @ 569c5948
......@@ -7,50 +7,22 @@ struct SendAppMsgStruct
};
BOOL SendAppMsg(DWORD pid,wchar_t* wxid, wchar_t* appid) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
DWORD dwId = 0;
DWORD dwWriteSize = 0;
DWORD dwRet = 0x0;
SendAppMsgStruct params;
ZeroMemory(&params, sizeof(params));
LPVOID wxidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
LPVOID appidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
SendAppMsgStruct* paramAndFunc = (SendAppMsgStruct*)::VirtualAllocEx(hProcess, 0, sizeof(SendAppMsgStruct), MEM_COMMIT, PAGE_READWRITE);
if (!wxidaddr || !appidaddr || !paramAndFunc || !WeChatRobotBase) {
CloseHandle(hProcess);
WeChatProcess hp(pid);
if (!hp.m_init) return 1;
DWORD SendAppMsgRemoteAddr = hp.GetProcAddr(SendAppMsgRemote);
if (SendAppMsgRemoteAddr == 0) {
return 1;
}
SendAppMsgStruct params = { 0 };
WeChatData<wchar_t*> r_wxid(hp.GetHandle(), wxid, TEXTLENGTH(wxid));
WeChatData<wchar_t*> r_appid(hp.GetHandle(), appid, TEXTLENGTH(appid));
if (wxidaddr)
WriteProcessMemory(hProcess, wxidaddr, wxid, wcslen(wxid) * 2 + 2, &dwWriteSize);
if (appidaddr)
WriteProcessMemory(hProcess, appidaddr, appid, wcslen(appid) * 2 + 2, &dwWriteSize);
params.wxid = (DWORD)wxidaddr;
params.appid = (DWORD)appidaddr;
if (paramAndFunc)
WriteProcessMemory(hProcess, paramAndFunc, &params, sizeof(params), &dwWriteSize);
DWORD SendAppMsgRemoteAddr = WeChatRobotBase + SendAppMsgRemoteOffset;
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)SendAppMsgRemoteAddr, (LPVOID)paramAndFunc, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
GetExitCodeThread(hThread, &dwRet);
CloseHandle(hThread);
params.wxid = (DWORD)r_wxid.GetAddr();
params.appid = (DWORD)r_appid.GetAddr();
WeChatData<SendAppMsgStruct*> r_params(hp.GetHandle(), &params, sizeof(params));
if (!params.wxid || !params.appid || !r_params.GetAddr()) {
return 1;
}
VirtualFreeEx(hProcess, wxidaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, appidaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, paramAndFunc, 0, MEM_RELEASE);
CloseHandle(hProcess);
DWORD dwRet = CallRemoteFunction(hp.GetHandle(), SendAppMsgRemoteAddr, r_params.GetAddr());
return dwRet == 0;
}
\ No newline at end of file
CWeChatRobot/SendArticle.cpp
浏览文件 @ 569c5948
......@@ -9,61 +9,27 @@ struct SendArticleStruct {
};
BOOL SendArticle(DWORD pid,wchar_t* wxid, wchar_t* title, wchar_t* abstract, wchar_t* url, wchar_t* imgpath) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
DWORD dwId = 0;
DWORD dwWriteSize = 0;
SendArticleStruct params;
ZeroMemory(&params, sizeof(params));
DWORD SendArticleProcAddr = WeChatRobotBase + SendArticleOffset;
LPVOID wxidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
LPVOID titleaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
LPVOID abstractaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
LPVOID urladdr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
LPVOID imgaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
SendArticleStruct* paramAndFunc = (SendArticleStruct*)::VirtualAllocEx(hProcess, 0, sizeof(SendArticleStruct), MEM_COMMIT, PAGE_READWRITE);
if (!wxidaddr || !titleaddr || !abstractaddr || !urladdr || !imgaddr ||
!paramAndFunc || !WeChatRobotBase)
{
CloseHandle(hProcess);
return 1;
}
if (wxidaddr)
WriteProcessMemory(hProcess, wxidaddr, wxid, wcslen(wxid) * 2 + 2, &dwWriteSize);
if (titleaddr)
WriteProcessMemory(hProcess, titleaddr, title, wcslen(title) * 2 + 2, &dwWriteSize);
if (abstractaddr)
WriteProcessMemory(hProcess, abstractaddr, abstract, wcslen(abstract) * 2 + 2, &dwWriteSize);
if (urladdr)
WriteProcessMemory(hProcess, urladdr, url, wcslen(url) * 2 + 2, &dwWriteSize);
if (imgpath && imgaddr)
WriteProcessMemory(hProcess, imgaddr, imgpath, wcslen(imgpath) * 2 + 2, &dwWriteSize);
params.wxid = (DWORD)wxidaddr;
params.title = (DWORD)titleaddr;
params.abstract = (DWORD)abstractaddr;
params.url = (DWORD)urladdr;
params.imgpath = imgpath ? (DWORD)imgaddr : 0;
if (paramAndFunc)
WriteProcessMemory(hProcess, paramAndFunc, &params, sizeof(params), &dwId);
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)SendArticleProcAddr, (LPVOID)paramAndFunc, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
CloseHandle(hThread);
}
VirtualFreeEx(hProcess, wxidaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, titleaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, abstractaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, urladdr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, imgaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, paramAndFunc, 0, MEM_RELEASE);
CloseHandle(hProcess);
WeChatProcess hp(pid);
if (!hp.m_init) return 1;
DWORD SendArticleRemoteAddr = hp.GetProcAddr(SendArticleRemote);
if (SendArticleRemoteAddr == 0) {
return 1;
}
SendArticleStruct params = { 0 };
WeChatData<wchar_t*> r_wxid(hp.GetHandle(), wxid, TEXTLENGTH(wxid));
WeChatData<wchar_t*> r_title(hp.GetHandle(), title, TEXTLENGTH(title));
WeChatData<wchar_t*> r_abstract(hp.GetHandle(), abstract, TEXTLENGTH(abstract));
WeChatData<wchar_t*> r_url(hp.GetHandle(), url, TEXTLENGTH(url));
WeChatData<wchar_t*> r_imgpath(hp.GetHandle(), imgpath, TEXTLENGTH(imgpath));
params.wxid = (DWORD)r_wxid.GetAddr();
params.title = (DWORD)r_title.GetAddr();
params.abstract = (DWORD)r_abstract.GetAddr();
params.url = (DWORD)r_url.GetAddr();
params.imgpath = (DWORD)r_imgpath.GetAddr();
WeChatData<SendArticleStruct*> r_params(hp.GetHandle(), &params, sizeof(params));
if (!r_wxid.GetAddr() || !r_title.GetAddr() || !r_abstract.GetAddr() || !r_url.GetAddr() || !r_params.GetAddr()) {
return 1;
}
DWORD dwRet = CallRemoteFunction(hp.GetHandle(), SendArticleRemoteAddr, r_params.GetAddr());
return 0;
}
\ No newline at end of file
CWeChatRobot/SendAtText.cpp
浏览文件 @ 569c5948
......@@ -10,66 +10,26 @@ struct SendAtTextStruct
};
int SendAtText(DWORD pid,wchar_t* chatroomid, wchar_t* wxid, wchar_t* wxmsg,BOOL AutoNickName) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
DWORD dwId = 0;
DWORD dwWriteSize = 0;
SendAtTextStruct params;
ZeroMemory(&params, sizeof(params));
LPVOID chatroomidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
LPVOID wxidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
LPVOID wxmsgaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
SendAtTextStruct* paramAndFunc = (SendAtTextStruct*)::VirtualAllocEx(hProcess, 0, sizeof(SendAtTextStruct), MEM_COMMIT, PAGE_READWRITE);
if (!chatroomidaddr || !wxidaddr || !wxmsgaddr || !paramAndFunc || !WeChatRobotBase) {
CloseHandle(hProcess);
WeChatProcess hp(pid);
if (!hp.m_init) return 1;
DWORD SendAtTextRemoteAddr = hp.GetProcAddr(SendAtTextRemote);
if (SendAtTextRemoteAddr == 0) {
return 1;
}
DWORD dwTId = 0;
if (chatroomidaddr)
WriteProcessMemory(hProcess, chatroomidaddr, chatroomid, wcslen(chatroomid) * 2 + 2, &dwWriteSize);
if (wxidaddr)
WriteProcessMemory(hProcess, wxidaddr, wxid, wcslen(wxid) * 2 + 2, &dwWriteSize);
if (wxmsgaddr)
WriteProcessMemory(hProcess, wxmsgaddr, wxmsg, wcslen(wxmsg) * 2 + 2, &dwWriteSize);
params.chatroomid = (DWORD)chatroomidaddr;
params.wxid = (DWORD)wxidaddr;
params.wxmsg = (DWORD)wxmsgaddr;
params.length = 1;
SendAtTextStruct params = { 0 };
WeChatData<wchar_t*> r_wxid(hp.GetHandle(), wxid, TEXTLENGTH(wxid));
WeChatData<wchar_t*> r_chatroomid(hp.GetHandle(), chatroomid, TEXTLENGTH(chatroomid));
WeChatData<wchar_t*> r_wxmsg(hp.GetHandle(), wxmsg, TEXTLENGTH(wxmsg));
params.wxid = (DWORD)r_wxid.GetAddr();
params.wxmsg = (DWORD)r_wxmsg.GetAddr();
params.chatroomid = (DWORD)r_chatroomid.GetAddr();
params.AutoNickName = AutoNickName;
if (paramAndFunc) {
WriteProcessMemory(hProcess, paramAndFunc, &params, sizeof(SendAtTextStruct), &dwTId);
}
else {
CloseHandle(hProcess);
return 1;
}
DWORD SendAtTextRemoteAddr = WeChatRobotBase + SendAtTextOffset;
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)SendAtTextRemoteAddr, (LPVOID)paramAndFunc, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
}
else {
CloseHandle(hProcess);
params.length = 1;
WeChatData<SendAtTextStruct*> r_params(hp.GetHandle(), &params, sizeof(params));
if (!params.wxid || !params.wxmsg || !r_params.GetAddr()) {
return 1;
}
CloseHandle(hThread);
VirtualFreeEx(hProcess, chatroomidaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, wxidaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, wxmsgaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, paramAndFunc, 0, MEM_RELEASE);
CloseHandle(hProcess);
DWORD dwRet = CallRemoteFunction(hp.GetHandle(), SendAtTextRemoteAddr, r_params.GetAddr());
return 0;
}
......@@ -85,73 +45,37 @@ BOOL SendAtText(DWORD pid,wchar_t* chatroomid, SAFEARRAY* psaValue, wchar_t* wxm
hr = SafeArrayGetElement(psaValue, &pIndex, &rgvar);
return SendAtText(pid,chatroomid, rgvar.bstrVal, wxmsg,AutoNickName);
}
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
WeChatProcess hp(pid);
if (!hp.m_init) return 1;
DWORD SendAtTextRemoteAddr = hp.GetProcAddr(SendAtTextRemote);
if (SendAtTextRemoteAddr == 0) {
return 1;
}
vector<void*> wxidptrs;
DWORD dwWriteSize = 0;
DWORD dwTId = 0; DWORD dwId = 0;
SendAtTextStruct params = { 0 };
LPVOID chatroomidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
LPVOID wxidptrsaddr = VirtualAllocEx(hProcess, NULL, sizeof(void*) * cElements, MEM_COMMIT, PAGE_READWRITE);
LPVOID wxmsgaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
SendAtTextStruct* paramAndFunc = (SendAtTextStruct*)::VirtualAllocEx(hProcess, 0, sizeof(SendAtTextStruct), MEM_COMMIT, PAGE_READWRITE);
if (!chatroomidaddr || !wxidptrsaddr || !wxmsgaddr || !paramAndFunc || !WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
WeChatData<wchar_t*> r_chatroomid(hp.GetHandle(), chatroomid, TEXTLENGTH(chatroomid));
WeChatData<wchar_t*> r_wxmsg(hp.GetHandle(), wxmsg, TEXTLENGTH(wxmsg));
params.wxmsg = (DWORD)r_wxmsg.GetAddr();
params.chatroomid = (DWORD)r_chatroomid.GetAddr();
params.AutoNickName = AutoNickName;
for (long i = lLbound; i < lLbound + cElements; i++) {
VariantInit(&rgvar);
hr = SafeArrayGetElement(psaValue, &i, &rgvar);
LPVOID wxidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
LPVOID wxidaddr = WriteWeChatMemory(hp.GetHandle(), rgvar.bstrVal, TEXTLENGTH(rgvar.bstrVal));
if (wxidaddr) {
WriteProcessMemory(hProcess, wxidaddr, rgvar.bstrVal, wcslen(rgvar.bstrVal) * 2 + 2, &dwWriteSize);
wxidptrs.push_back(wxidaddr);
}
}
if (chatroomidaddr)
WriteProcessMemory(hProcess, chatroomidaddr, chatroomid, wcslen(chatroomid) * 2 + 2, &dwWriteSize);
if (wxidptrsaddr)
WriteProcessMemory(hProcess, wxidptrsaddr, &wxidptrs[0], wxidptrs.size() * sizeof(void*), &dwWriteSize);
if (wxmsgaddr)
WriteProcessMemory(hProcess, wxmsgaddr, wxmsg, wcslen(wxmsg) * 2 + 2, &dwWriteSize);
params.chatroomid = (DWORD)chatroomidaddr;
params.wxid = (DWORD)wxidptrsaddr;
params.wxmsg = (DWORD)wxmsgaddr;
WeChatData<void**> r_wxids(hp.GetHandle(), &wxidptrs[0], wxidptrs.size() * sizeof(void*));
params.wxid = (DWORD)r_wxids.GetAddr();
params.length = wxidptrs.size();
params.AutoNickName = AutoNickName;
if (paramAndFunc) {
WriteProcessMemory(hProcess, paramAndFunc, &params, sizeof(SendAtTextStruct), &dwTId);
}
else {
CloseHandle(hProcess);
return 1;
}
DWORD SendAtTextRemoteAddr = WeChatRobotBase + SendAtTextOffset;
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)SendAtTextRemoteAddr, (LPVOID)paramAndFunc, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
}
else {
CloseHandle(hProcess);
WeChatData<SendAtTextStruct*> r_params(hp.GetHandle(), &params, sizeof(params));
if (!params.chatroomid || !params.wxid || !params.wxmsg || !r_params.GetAddr()) {
return 1;
}
CloseHandle(hThread);
DWORD dwRet = CallRemoteFunction(hp.GetHandle(), SendAtTextRemoteAddr, r_params.GetAddr());
for (unsigned int i = 0; i < wxidptrs.size(); i++) {
VirtualFreeEx(hProcess, wxidptrs[i], 0, MEM_RELEASE);
VirtualFreeEx(hp.GetHandle(), wxidptrs[i], 0, MEM_RELEASE);
}
VirtualFreeEx(hProcess, chatroomidaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, wxmsgaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, wxidptrsaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, paramAndFunc, 0, MEM_RELEASE);
CloseHandle(hProcess);
return 0;
}
\ No newline at end of file
CWeChatRobot/SendCard.cpp
浏览文件 @ 569c5948
......@@ -7,50 +7,23 @@ struct SendCardStruct {
};
BOOL SendCard(DWORD pid,wchar_t* receiver, wchar_t* sharedwxid, wchar_t* nickname) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
DWORD dwId = 0;
DWORD dwWriteSize = 0;
SendCardStruct params;
ZeroMemory(&params, sizeof(params));
DWORD SendCardProcAddr = WeChatRobotBase + SendCardOffset;
LPVOID receiveraddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
LPVOID sharedwxidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
LPVOID nicknameaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
SendCardStruct* paramAndFunc = (SendCardStruct*)::VirtualAllocEx(hProcess, 0, sizeof(SendCardStruct), MEM_COMMIT, PAGE_READWRITE);
if (!receiveraddr || !sharedwxidaddr || !nicknameaddr ||
!paramAndFunc || !WeChatRobotBase)
{
CloseHandle(hProcess);
return 1;
}
if (receiveraddr)
WriteProcessMemory(hProcess, receiveraddr, receiver, wcslen(receiver) * 2 + 2, &dwWriteSize);
if (sharedwxidaddr)
WriteProcessMemory(hProcess, sharedwxidaddr, sharedwxid, wcslen(sharedwxid) * 2 + 2, &dwWriteSize);
if (nicknameaddr)
WriteProcessMemory(hProcess, nicknameaddr, nickname, wcslen(nickname) * 2 + 2, &dwWriteSize);
params.receiver = (DWORD)receiveraddr;
params.sharedwxid = (DWORD)sharedwxidaddr;
params.nickname = (DWORD)nicknameaddr;
if (paramAndFunc)
WriteProcessMemory(hProcess, paramAndFunc, &params, sizeof(params), &dwId);
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)SendCardProcAddr, (LPVOID)paramAndFunc, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
CloseHandle(hThread);
}
VirtualFreeEx(hProcess, receiveraddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, sharedwxidaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, nicknameaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, paramAndFunc, 0, MEM_RELEASE);
CloseHandle(hProcess);
return 0;
WeChatProcess hp(pid);
if (!hp.m_init) return 1;
DWORD SendCardRemoteAddr = hp.GetProcAddr(SendCardRemote);
if (SendCardRemoteAddr == 0) {
return 1;
}
SendCardStruct params = { 0 };
WeChatData<wchar_t*> r_receiver(hp.GetHandle(), receiver, TEXTLENGTH(receiver));
WeChatData<wchar_t*> r_sharedwxid(hp.GetHandle(), sharedwxid, TEXTLENGTH(sharedwxid));
WeChatData<wchar_t*> r_nickname(hp.GetHandle(), nickname, TEXTLENGTH(nickname));
params.receiver = (DWORD)r_receiver.GetAddr();
params.sharedwxid = (DWORD)r_sharedwxid.GetAddr();
params.nickname = (DWORD)r_nickname.GetAddr();
WeChatData<SendCardStruct*> r_params(hp.GetHandle(), &params, sizeof(params));
if (!params.receiver || !params.sharedwxid || !params.nickname || !r_params.GetAddr()) {
return 1;
}
DWORD dwRet = CallRemoteFunction(hp.GetHandle(), SendCardRemoteAddr, r_params.GetAddr());
return 0;
}
\ No newline at end of file
CWeChatRobot/SendFile.cpp
浏览文件 @ 569c5948
......@@ -6,57 +6,22 @@ struct FileParamStruct {
};
int SendFile(DWORD pid,wchar_t* wxid, wchar_t* filepath) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
DWORD dwId = 0;
DWORD dwWriteSize = 0;
FileParamStruct params;
ZeroMemory(&params, sizeof(params));
LPVOID wxidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
LPVOID filepathaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
FileParamStruct* paramAndFunc = (FileParamStruct*)::VirtualAllocEx(hProcess, 0, sizeof(FileParamStruct), MEM_COMMIT, PAGE_READWRITE);
if (!wxidaddr || !filepathaddr || !paramAndFunc || !WeChatRobotBase) {
CloseHandle(hProcess);
WeChatProcess hp(pid);
if (!hp.m_init) return 1;
DWORD SendFileRemoteAddr = hp.GetProcAddr(SendFileRemote);
if (SendFileRemoteAddr == 0) {
return 1;
}
DWORD dwTId = 0;
if (wxidaddr)
WriteProcessMemory(hProcess, wxidaddr, wxid, wcslen(wxid) * 2 + 2, &dwWriteSize);
if (filepathaddr)
WriteProcessMemory(hProcess, filepathaddr, filepath, wcslen(filepath) * 2 + 2, &dwWriteSize);
params.wxid = (DWORD)wxidaddr;
params.filepath = (DWORD)filepathaddr;
FileParamStruct params = { 0 };
WeChatData<wchar_t*> r_wxid(hp.GetHandle(), wxid, TEXTLENGTH(wxid));
WeChatData<wchar_t*> r_filepath(hp.GetHandle(), filepath, TEXTLENGTH(filepath));
if (paramAndFunc) {
WriteProcessMemory(hProcess, paramAndFunc, &params, sizeof(params), &dwTId);
}
else {
CloseHandle(hProcess);
return 1;
}
DWORD SendFileRemoteAddr = WeChatRobotBase + SendFileOffset;
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)SendFileRemoteAddr, (LPVOID)paramAndFunc, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
}
else {
CloseHandle(hProcess);
params.wxid = (DWORD)r_wxid.GetAddr();
params.filepath = (DWORD)r_filepath.GetAddr();
WeChatData<FileParamStruct*> r_params(hp.GetHandle(), &params, sizeof(params));
if (!params.wxid || !params.filepath || !r_params.GetAddr()) {
return 1;
}
CloseHandle(hThread);
VirtualFreeEx(hProcess, wxidaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, filepathaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, paramAndFunc, 0, MEM_RELEASE);
CloseHandle(hProcess);
DWORD dwRet = CallRemoteFunction(hp.GetHandle(), SendFileRemoteAddr, r_params.GetAddr());
return 0;
}
CWeChatRobot/SendImage.cpp
浏览文件 @ 569c5948
......@@ -6,57 +6,22 @@ struct ImageParamStruct {
};
int SendImage(DWORD pid,wchar_t* wxid, wchar_t* imagepath) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
DWORD dwId = 0;
DWORD dwWriteSize = 0;
ImageParamStruct params;
ZeroMemory(&params, sizeof(params));
LPVOID wxidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
LPVOID imagepathaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
ImageParamStruct* paramAndFunc = (ImageParamStruct*)::VirtualAllocEx(hProcess, 0, sizeof(ImageParamStruct), MEM_COMMIT, PAGE_READWRITE);
if (!wxidaddr || !imagepathaddr || !paramAndFunc || !WeChatRobotBase) {
CloseHandle(hProcess);
WeChatProcess hp(pid);
if (!hp.m_init) return 1;
DWORD SendImageRemoteAddr = hp.GetProcAddr(SendImageRemote);
if (SendImageRemoteAddr == 0) {
return 1;
}
DWORD dwTId = 0;
if (wxidaddr)
WriteProcessMemory(hProcess, wxidaddr, wxid, wcslen(wxid) * 2 + 2, &dwWriteSize);
if (imagepathaddr)
WriteProcessMemory(hProcess, imagepathaddr, imagepath, wcslen(imagepath) * 2 + 2, &dwWriteSize);
params.wxid = (DWORD)wxidaddr;
params.imagepath = (DWORD)imagepathaddr;
ImageParamStruct params = { 0 };
WeChatData<wchar_t*> r_wxid(hp.GetHandle(), wxid, TEXTLENGTH(wxid));
WeChatData<wchar_t*> r_imagepath(hp.GetHandle(), imagepath, TEXTLENGTH(imagepath));
if (paramAndFunc) {
WriteProcessMemory(hProcess, paramAndFunc, &params, sizeof(params), &dwTId);
}
else {
CloseHandle(hProcess);
return 1;
}
DWORD SendImageRemoteAddr = WeChatRobotBase + SendImageOffset;
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)SendImageRemoteAddr, (LPVOID)paramAndFunc, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
}
else {
CloseHandle(hProcess);
params.wxid = (DWORD)r_wxid.GetAddr();
params.imagepath = (DWORD)r_imagepath.GetAddr();
WeChatData<ImageParamStruct*> r_params(hp.GetHandle(), &params, sizeof(params));
if (!params.wxid || !params.imagepath || !r_params.GetAddr()) {
return 1;
}
CloseHandle(hThread);
VirtualFreeEx(hProcess, wxidaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, imagepathaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, paramAndFunc, 0, MEM_RELEASE);
CloseHandle(hProcess);
DWORD dwRet = CallRemoteFunction(hp.GetHandle(), SendImageRemoteAddr, r_params.GetAddr());
return 0;
}
CWeChatRobot/SendText.cpp
浏览文件 @ 569c5948
......@@ -7,57 +7,21 @@ struct SendTextStruct
};
int SendText(DWORD pid,wchar_t* wxid, wchar_t* wxmsg) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
WeChatProcess hp(pid);
if (!hp.m_init) return 1;
DWORD SendTextRemoteAddr = hp.GetProcAddr(SendTextRemote);
if (SendTextRemoteAddr == 0) {
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
DWORD dwId = 0;
DWORD dwWriteSize = 0;
SendTextStruct params;
ZeroMemory(&params, sizeof(params));
LPVOID wxidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
LPVOID wxmsgaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
SendTextStruct* paramAndFunc = (SendTextStruct*)::VirtualAllocEx(hProcess, 0, sizeof(SendTextStruct), MEM_COMMIT, PAGE_READWRITE);
if (!wxidaddr || !wxmsgaddr || !paramAndFunc || !WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
DWORD dwTId = 0;
if (wxidaddr)
WriteProcessMemory(hProcess, wxidaddr, wxid, wcslen(wxid) * 2 + 2, &dwWriteSize);
if (wxmsgaddr)
WriteProcessMemory(hProcess, wxmsgaddr, wxmsg, wcslen(wxmsg) * 2 + 2, &dwWriteSize);
params.wxid = (DWORD)wxidaddr;
params.wxmsg = (DWORD)wxmsgaddr;
if (paramAndFunc) {
WriteProcessMemory(hProcess, paramAndFunc, &params, sizeof(params), &dwTId);
}
else {
CloseHandle(hProcess);
return 1;
}
DWORD SendTextRemoteAddr = WeChatRobotBase + SendTextOffset;
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)SendTextRemoteAddr, (LPVOID)paramAndFunc, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
}
else {
CloseHandle(hProcess);
SendTextStruct params = { 0 };
WeChatData<wchar_t*> r_wxid(hp.GetHandle(),wxid,TEXTLENGTH(wxid));
WeChatData<wchar_t*> r_wxmsg(hp.GetHandle(), wxmsg, TEXTLENGTH(wxmsg));
params.wxid = (DWORD)r_wxid.GetAddr();
params.wxmsg = (DWORD)r_wxmsg.GetAddr();
WeChatData<SendTextStruct*> r_params(hp.GetHandle(), &params, sizeof(params));
if (!params.wxid || !params.wxmsg || !r_params.GetAddr()) {
return 1;
}
CloseHandle(hThread);
VirtualFreeEx(hProcess, wxidaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, wxmsgaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, paramAndFunc, 0, MEM_RELEASE);
CloseHandle(hProcess);
DWORD dwRet = CallRemoteFunction(hp.GetHandle(), SendTextRemoteAddr, r_params.GetAddr());
return 0;
}
\ No newline at end of file
CWeChatRobot/SetChatRoomAnnouncement.cpp
浏览文件 @ 569c5948
......@@ -7,59 +7,19 @@ struct ChatRoomAnnouncementStruct
};
BOOL SetChatRoomAnnouncement(DWORD pid,wchar_t* chatroomid, wchar_t* announcement) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
WeChatProcess hp(pid);
if (!hp.m_init) return 1;
DWORD SetChatRoomAnnouncementRemoteAddr = hp.GetProcAddr(SetChatRoomAnnouncementRemote);
if (SetChatRoomAnnouncementRemoteAddr == 0)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
WeChatData<wchar_t*> r_chatroomid(hp.GetHandle(), chatroomid, TEXTLENGTH(chatroomid));
WeChatData<wchar_t*> r_announcement(hp.GetHandle(), announcement, TEXTLENGTH(announcement));
ChatRoomAnnouncementStruct params = { 0 };
params.chatroomid = (DWORD)r_chatroomid.GetAddr();
params.announcement = (DWORD)r_announcement.GetAddr();
WeChatData<ChatRoomAnnouncementStruct*> r_params(hp.GetHandle(), &params, sizeof(params));
if (r_chatroomid.GetAddr() == 0 || r_params.GetAddr() == 0)
return 1;
}
DWORD dwId = 0;
DWORD dwWriteSize = 0;
DWORD dwRet = 0;
ChatRoomAnnouncementStruct params;
ZeroMemory(&params, sizeof(params));
LPVOID chatroomidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
LPVOID announcementaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
ChatRoomAnnouncementStruct* paramAndFunc = (ChatRoomAnnouncementStruct*)::VirtualAllocEx(hProcess, 0, sizeof(ChatRoomAnnouncementStruct), MEM_COMMIT, PAGE_READWRITE);
if (!chatroomidaddr || !announcementaddr || !paramAndFunc) {
CloseHandle(hProcess);
return 1;
}
DWORD dwTId = 0;
if (chatroomidaddr)
WriteProcessMemory(hProcess, chatroomidaddr, chatroomid, wcslen(chatroomid) * 2 + 2, &dwWriteSize);
if (announcement && announcementaddr)
WriteProcessMemory(hProcess, announcementaddr, announcement, wcslen(announcement) * 2 + 2, &dwWriteSize);
params.chatroomid = (DWORD)chatroomidaddr;
params.announcement = announcement ? (DWORD)announcementaddr : 0;
if (paramAndFunc) {
WriteProcessMemory(hProcess, paramAndFunc, &params, sizeof(params), &dwTId);
}
else {
CloseHandle(hProcess);
return 1;
}
DWORD SetChatRoomAnnouncementAddr = WeChatRobotBase + SetChatRoomAnnouncementRemoteOffset;
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)SetChatRoomAnnouncementAddr, (LPVOID)paramAndFunc, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
GetExitCodeThread(hThread, &dwRet);
CloseHandle(hThread);
}
else {
CloseHandle(hProcess);
return 1;
}
VirtualFreeEx(hProcess, chatroomidaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, announcementaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, paramAndFunc, 0, MEM_RELEASE);
CloseHandle(hProcess);
return dwRet == 0;
DWORD ret = CallRemoteFunction(hp.GetHandle(), SetChatRoomAnnouncementRemoteAddr, r_params.GetAddr());
return ret == 0;
}
\ No newline at end of file
CWeChatRobot/SetChatRoomName.cpp
浏览文件 @ 569c5948
......@@ -7,59 +7,19 @@ struct ChatRoomNameStruct
};
BOOL SetChatRoomName(DWORD pid,wchar_t* chatroomid, wchar_t* name) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
WeChatProcess hp(pid);
if (!hp.m_init) return 1;
DWORD SetChatRoomNameRemoteAddr = hp.GetProcAddr(SetChatRoomNameRemote);
if (SetChatRoomNameRemoteAddr == 0)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
WeChatData<wchar_t*> r_chatroomid(hp.GetHandle(), chatroomid, TEXTLENGTH(chatroomid));
WeChatData<wchar_t*> r_name(hp.GetHandle(), name, TEXTLENGTH(name));
ChatRoomNameStruct params = { 0 };
params.chatroomid = (DWORD)r_chatroomid.GetAddr();
params.name = (DWORD)r_name.GetAddr();
WeChatData<ChatRoomNameStruct*> r_params(hp.GetHandle(), &params, sizeof(params));
if (r_chatroomid.GetAddr() == 0 || r_params.GetAddr() == 0)
return 1;
}
DWORD dwId = 0;
DWORD dwWriteSize = 0;
DWORD dwRet = 0;
ChatRoomNameStruct params;
ZeroMemory(&params, sizeof(params));
LPVOID chatroomidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
LPVOID nameaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
ChatRoomNameStruct* paramAndFunc = (ChatRoomNameStruct*)::VirtualAllocEx(hProcess, 0, sizeof(ChatRoomNameStruct), MEM_COMMIT, PAGE_READWRITE);
if (!chatroomidaddr || !nameaddr || !paramAndFunc) {
CloseHandle(hProcess);
return 1;
}
DWORD dwTId = 0;
if (chatroomidaddr)
WriteProcessMemory(hProcess, chatroomidaddr, chatroomid, wcslen(chatroomid) * 2 + 2, &dwWriteSize);
if (nameaddr)
WriteProcessMemory(hProcess, nameaddr, name, wcslen(name) * 2 + 2, &dwWriteSize);
params.chatroomid = (DWORD)chatroomidaddr;
params.name = (DWORD)nameaddr;
if (paramAndFunc) {
WriteProcessMemory(hProcess, paramAndFunc, &params, sizeof(params), &dwTId);
}
else {
CloseHandle(hProcess);
return 1;
}
DWORD SetChatRoomNameAddr = WeChatRobotBase + SetChatRoomNameRemoteOffset;
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)SetChatRoomNameAddr, (LPVOID)paramAndFunc, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
GetExitCodeThread(hThread, &dwRet);
CloseHandle(hThread);
}
else {
CloseHandle(hProcess);
return 1;
}
VirtualFreeEx(hProcess, chatroomidaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, nameaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, paramAndFunc, 0, MEM_RELEASE);
CloseHandle(hProcess);
return dwRet == 0;
DWORD ret = CallRemoteFunction(hp.GetHandle(), SetChatRoomNameRemoteAddr, r_params.GetAddr());
return ret == 0;
}
\ No newline at end of file
CWeChatRobot/SetChatRoomSelfNickname.cpp
浏览文件 @ 569c5948
......@@ -7,59 +7,19 @@ struct ChatRoomSelfNicknameStruct
};
BOOL SetChatRoomSelfNickname(DWORD pid,wchar_t* chatroomid, wchar_t* nickname) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
WeChatProcess hp(pid);
if (!hp.m_init) return 1;
DWORD SetChatRoomSelfNicknameRemoteAddr = hp.GetProcAddr(SetChatRoomSelfNicknameRemote);
if (SetChatRoomSelfNicknameRemoteAddr == 0)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
WeChatData<wchar_t*> r_chatroomid(hp.GetHandle(), chatroomid, TEXTLENGTH(chatroomid));
WeChatData<wchar_t*> r_nickname(hp.GetHandle(), nickname, TEXTLENGTH(nickname));
ChatRoomSelfNicknameStruct params = { 0 };
params.chatroomid = (DWORD)r_chatroomid.GetAddr();
params.nickname = (DWORD)r_nickname.GetAddr();
WeChatData<ChatRoomSelfNicknameStruct*> r_params(hp.GetHandle(), &params, sizeof(params));
if (r_chatroomid.GetAddr() == 0 || r_params.GetAddr() == 0)
return 1;
}
DWORD dwId = 0;
DWORD dwWriteSize = 0;
DWORD dwRet = 0;
ChatRoomSelfNicknameStruct params;
ZeroMemory(&params, sizeof(params));
LPVOID chatroomidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
LPVOID nicknameaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
ChatRoomSelfNicknameStruct* paramAndFunc = (ChatRoomSelfNicknameStruct*)::VirtualAllocEx(hProcess, 0, sizeof(ChatRoomSelfNicknameStruct), MEM_COMMIT, PAGE_READWRITE);
if (!chatroomidaddr || !nicknameaddr || !paramAndFunc) {
CloseHandle(hProcess);
return 1;
}
DWORD dwTId = 0;
if (chatroomidaddr)
WriteProcessMemory(hProcess, chatroomidaddr, chatroomid, wcslen(chatroomid) * 2 + 2, &dwWriteSize);
if (nicknameaddr)
WriteProcessMemory(hProcess, nicknameaddr, nickname, wcslen(nickname) * 2 + 2, &dwWriteSize);
params.chatroomid = (DWORD)chatroomidaddr;
params.nickname = (DWORD)nicknameaddr;
if (paramAndFunc) {
WriteProcessMemory(hProcess, paramAndFunc, &params, sizeof(params), &dwTId);
}
else {
CloseHandle(hProcess);
return 1;
}
DWORD SetChatRoomSelfNicknameAddr = WeChatRobotBase + SetChatRoomSelfNicknameRemoteOffset;
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)SetChatRoomSelfNicknameAddr, (LPVOID)paramAndFunc, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
GetExitCodeThread(hThread, &dwRet);
CloseHandle(hThread);
}
else {
CloseHandle(hProcess);
return 1;
}
VirtualFreeEx(hProcess, chatroomidaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, nicknameaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, paramAndFunc, 0, MEM_RELEASE);
CloseHandle(hProcess);
return dwRet == 0;
DWORD ret = CallRemoteFunction(hp.GetHandle(), SetChatRoomSelfNicknameRemoteAddr, r_params.GetAddr());
return ret == 0;
}
\ No newline at end of file
CWeChatRobot/VerifyFriendApply.cpp
浏览文件 @ 569c5948
......@@ -6,47 +6,19 @@ struct VerifyFriendApplyStruct {
};
BOOL VerifyFriendApply(DWORD pid,wchar_t* v3,wchar_t* v4) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
DWORD VerifyFriendApplyProcAddr = WeChatRobotBase + VerifyFriendApplyOffset;
LPVOID v3addr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
LPVOID v4addr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
DWORD dwWriteSize = 0;
DWORD dwId = 0;
DWORD dwHandle = 0;
VerifyFriendApplyStruct apply_data = { 0 };
if (!v3addr || !v4addr) {
CloseHandle(hProcess);
return 1;
}
WriteProcessMemory(hProcess, v3addr, v3, wcslen(v3) * 2 + 2, &dwWriteSize);
WriteProcessMemory(hProcess, v4addr, v4, wcslen(v4) * 2 + 2, &dwWriteSize);
VerifyFriendApplyStruct* paramAndFunc = (VerifyFriendApplyStruct*)::VirtualAllocEx(hProcess, 0, sizeof(VerifyFriendApplyStruct), MEM_COMMIT, PAGE_READWRITE);
apply_data.v3 = (DWORD)v3addr;
apply_data.v4 = (DWORD)v4addr;
if (paramAndFunc)
WriteProcessMemory(hProcess, paramAndFunc, &apply_data, sizeof(apply_data), &dwId);
else {
CloseHandle(hProcess);
return 1;
}
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)VerifyFriendApplyProcAddr, paramAndFunc, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
GetExitCodeThread(hThread, &dwHandle);
CloseHandle(hThread);
}
VirtualFreeEx(hProcess, v3addr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, v4addr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, paramAndFunc, 0, MEM_RELEASE);
CloseHandle(hProcess);
return dwHandle == 0;
WeChatProcess hp(pid);
if (!hp.m_init) return 1;
DWORD VerifyFriendApplyRemoteAddr = hp.GetProcAddr(VerifyFriendApplyRemote);
if (VerifyFriendApplyRemoteAddr == 0)
return 1;
WeChatData<wchar_t*> r_v3(hp.GetHandle(), v3, TEXTLENGTH(v3));
WeChatData<wchar_t*> r_v4(hp.GetHandle(), v4, TEXTLENGTH(v4));
VerifyFriendApplyStruct params = { 0 };
params.v3 = (DWORD)r_v3.GetAddr();
params.v4 = (DWORD)r_v4.GetAddr();
WeChatData<VerifyFriendApplyStruct*> r_params(hp.GetHandle(), &params, sizeof(params));
if (r_v3.GetAddr() == 0 || r_v4.GetAddr() == 0 || r_params.GetAddr() == 0)
return 1;
DWORD ret = CallRemoteFunction(hp.GetHandle(), VerifyFriendApplyRemoteAddr, r_params.GetAddr());
return ret == 0;
}
\ No newline at end of file
CWeChatRobot/WeChatRobot.cpp
浏览文件 @ 569c5948
......@@ -120,8 +120,8 @@ STDMETHODIMP CWeChatRobot::CGetFriendList(DWORD pid, VARIANT* __result) {
(考虑到从SAFEARRAY转换到适当变量可能较为繁琐,故保留此接口)
*/
STDMETHODIMP CWeChatRobot::CGetFriendListString(DWORD pid, BSTR* __result) {
string smessage = _com_util::ConvertBSTRToString((BSTR)(GetFriendListString(pid).c_str()));
*__result = _com_util::ConvertStringToBSTR(smessage.c_str());
wstring info = GetFriendListString(pid);
*__result = (_bstr_t)info.c_str();
return S_OK;
}
......@@ -131,8 +131,8 @@ STDMETHODIMP CWeChatRobot::CGetFriendListString(DWORD pid, BSTR* __result) {
* 参数2:预返回的值,调用时无需提供
*/
STDMETHODIMP CWeChatRobot::CGetWxUserInfo(DWORD pid, BSTR wxid,BSTR* __result) {
string smessage = _com_util::ConvertBSTRToString((BSTR)(GetWxUserInfo(pid, wxid).c_str()));
*__result = _com_util::ConvertStringToBSTR(smessage.c_str());
wstring info = GetWxUserInfo(pid, wxid);
*__result = (_bstr_t)info.c_str();
return S_OK;
}
......@@ -141,8 +141,8 @@ STDMETHODIMP CWeChatRobot::CGetWxUserInfo(DWORD pid, BSTR wxid,BSTR* __result) {
* 参数1:预返回的值,调用时无需提供
*/
STDMETHODIMP CWeChatRobot::CGetSelfInfo(DWORD pid, BSTR* __result) {
string smessage = _com_util::ConvertBSTRToString((BSTR)(GetSelfInfo(pid).c_str()));
*__result = _com_util::ConvertStringToBSTR(smessage.c_str());
wstring info = GetSelfInfo(pid);
*__result = (_bstr_t)info.c_str();
return S_OK;
}
......@@ -160,8 +160,8 @@ STDMETHODIMP CWeChatRobot::CCheckFriendStatus(DWORD pid, BSTR wxid,int* __result
* 参数1:预返回的值,调用时无需提供
*/
STDMETHODIMP CWeChatRobot::CGetComWorkPath(BSTR* __result) {
string path = _com_util::ConvertBSTRToString((BSTR)(GetComWorkPath().c_str()));
*__result = _com_util::ConvertStringToBSTR(path.c_str());
wstring path = GetComWorkPath();
*__result = (_bstr_t)path.c_str();
return S_OK;
}
......@@ -272,8 +272,8 @@ STDMETHODIMP CWeChatRobot::CAddFriendByV3(DWORD pid, BSTR v3, BSTR message,int A
* 参数1:预返回的值,调用时无需提供
*/
STDMETHODIMP CWeChatRobot::CGetWeChatVer(BSTR* __result) {
string path = _com_util::ConvertBSTRToString((BSTR)(GetWeChatVerStr().c_str()));
*__result = _com_util::ConvertStringToBSTR(path.c_str());
wstring path = GetWeChatVerStr();
*__result = (_bstr_t)path.c_str();
return S_OK;
}
......
CWeChatRobot/WeChatRobotCOM.vcxproj
浏览文件 @ 569c5948
......@@ -244,6 +244,7 @@
<ClInclude Include="SetChatRoomSelfNickname.h" />
<ClInclude Include="targetver.h" />
<ClInclude Include="SearchContact.h" />
<ClInclude Include="templatefunc.h" />
<ClInclude Include="VerifyFriendApply.h" />
<ClInclude Include="WeChatRobot.h" />
<ClInclude Include="WeChatRobotCOM_i.h" />
......@@ -291,6 +292,7 @@
<ClCompile Include="SetChatRoomAnnouncement.cpp" />
<ClCompile Include="SetChatRoomName.cpp" />
<ClCompile Include="SetChatRoomSelfNickname.cpp" />
<ClCompile Include="templatefunc.cpp" />
<ClCompile Include="VerifyFriendApply.cpp" />
<ClCompile Include="WeChatRobot.cpp" />
<ClCompile Include="WeChatRobotCOM.cpp" />
......
CWeChatRobot/WeChatRobotCOM.vcxproj.filters
浏览文件 @ 569c5948
......@@ -113,6 +113,9 @@
<Filter Include="群相关\获取群成员列表">
<UniqueIdentifier>{dce4ab67-7d14-41b1-8e89-cbf9a8315a3a}</UniqueIdentifier>
</Filter>
<Filter Include="template">
<UniqueIdentifier>{fdd967bf-e9c0-4793-80a1-dcb87b061fc6}</UniqueIdentifier>
</Filter>
</ItemGroup>
<ItemGroup>
<ClInclude Include="framework.h">
......@@ -232,6 +235,9 @@
<ClInclude Include="ntapi.h">
<Filter>头文件</Filter>
</ClInclude>
<ClInclude Include="templatefunc.h">
<Filter>template</Filter>
</ClInclude>
</ItemGroup>
<ItemGroup>
<ClCompile Include="WeChatRobotCOM.cpp">
......@@ -354,6 +360,9 @@
<ClCompile Include="ntapi.cpp">
<Filter>源文件</Filter>
</ClCompile>
<ClCompile Include="templatefunc.cpp">
<Filter>template</Filter>
</ClCompile>
</ItemGroup>
<ItemGroup>
<ResourceCompile Include="WeChatRobotCOM.rc">
......
CWeChatRobot/pch.cpp
浏览文件 @ 569c5948
// pch.cpp: 与预编译标头对应的源文件
// pch.cpp: 与预编译标头对应的源文件
#include "pch.h"
// 当使用预编译的头时,需要使用此源文件,编译才能成功。
DWORD SendImageOffset = 0x0;
DWORD SendTextOffset = 0x0;
DWORD SendFileOffset = 0x0;
DWORD SendArticleOffset = 0x0;
DWORD SendCardOffset = 0x0;
DWORD SendAtTextOffset = 0x0;
DWORD SendAppMsgRemoteOffset = 0x0;
DWORD GetFriendListInitOffset = 0x0;
DWORD GetFriendListRemoteOffset = 0x0;
DWORD GetFriendListFinishOffset = 0x0;
DWORD EditRemarkRemoteOffset = 0x0;
DWORD GetWxUserInfoOffset = 0x0;
DWORD DeleteUserInfoCacheOffset = 0x0;
DWORD GetSelfInfoOffset = 0x0;
DWORD DeleteSelfInfoCacheOffset = 0x0;
DWORD SearchContactByNetRemoteOffset = 0x0;
DWORD isWxLoginOffset = 0;
DWORD VerifyFriendApplyOffset = 0x0;
DWORD CheckFriendStatusRemoteOffset = 0x0;
DWORD HookReceiveMessageRemoteOffset = 0x0;
DWORD UnHookReceiveMessageRemoteOffset = 0x0;
DWORD GetChatRoomMemberNicknameRemoteOffset = 0x0;
DWORD GetChatRoomMembersRemoteOffset = 0x0;
DWORD DelChatRoomMemberRemoteOffset = 0x0;
DWORD AddChatRoomMemberRemoteOffset = 0x0;
DWORD SetChatRoomAnnouncementRemoteOffset = 0x0;
DWORD SetChatRoomNameRemoteOffset = 0x0;
DWORD SetChatRoomSelfNicknameRemoteOffset = 0x0;
DWORD GetDbHandlesRemoteOffset = 0x0;
DWORD ExecuteSQLRemoteOffset = 0x0;
DWORD SelectDataRemoteOffset = 0x0;
DWORD BackupSQLiteDBRemoteOffset = 0x0;
DWORD AddFriendByWxidRemoteOffset = 0x0;
DWORD AddFriendByV3RemoteOffset = 0x0;
DWORD DeleteUserRemoteOffset = 0x0;
DWORD AddBrandContactRemoteOffset = 0x0;
DWORD HookImageMsgRemoteOffset = 0x0;
DWORD UnHookImageMsgRemoteOffset = 0x0;
DWORD HookVoiceMsgRemoteOffset = 0x0;
DWORD UnHookVoiceMsgRemoteOffset = 0x0;
DWORD ChangeWeChatVerRemoteOffset = 0x0;
map<DWORD, wstring> PidToSelfInfoString;
// 当使用预编译的头时,需要使用此源文件,编译才能成功。
BOOL isFileExists_stat(string& name) {
struct stat buffer;
......@@ -77,176 +23,32 @@ BOOL CreateConsole() {
}
DWORD GetWeChatRobotBase(DWORD pid) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
WeChatProcess hp(pid);
if (!hp.m_init) return 0;
WeChatData<wchar_t*> r_dllname(hp.GetHandle(), dllname, TEXTLENGTH(dllname));
if (r_dllname.GetAddr() == 0)
return 0;
DWORD dwWriteSize = 0;
LPVOID pRemoteAddress = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
if (pRemoteAddress)
WriteProcessMemory(hProcess, pRemoteAddress, dllname, wcslen(dllname) * 2 + 2, &dwWriteSize);
else
return 0;
DWORD dwHandle, dwID;
HANDLE hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)GetModuleHandleW, pRemoteAddress, 0, &dwID);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
GetExitCodeThread(hThread, &dwHandle);
}
else {
return 0;
}
CloseHandle(hThread);
VirtualFreeEx(hProcess, pRemoteAddress, 0, MEM_RELEASE);
CloseHandle(hProcess);
return dwHandle;
DWORD ret = CallRemoteFunction(hp.GetHandle(), GetModuleHandleW, r_dllname.GetAddr());
return ret;
}
DWORD GetWeChatWinBase(DWORD pid) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return 0;
DWORD dwWriteSize = 0;
LPVOID pRemoteAddress = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
if (pRemoteAddress)
WriteProcessMemory(hProcess, pRemoteAddress, L"WeChatWin.dll", wcslen(L"WeChatWin.dll") * 2 + 2, &dwWriteSize);
else
return 0;
DWORD dwHandle, dwID;
HANDLE hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)GetModuleHandleW, pRemoteAddress, 0, &dwID);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
GetExitCodeThread(hThread, &dwHandle);
}
else {
return 0;
}
CloseHandle(hThread);
VirtualFreeEx(hProcess, pRemoteAddress, 0, MEM_RELEASE);
CloseHandle(hProcess);
return dwHandle;
}
BOOL GetProcOffset(wchar_t* workPath) {
wchar_t* dllpath = new wchar_t[MAX_PATH];
memset(dllpath, 0, MAX_PATH * 2);
swprintf_s(dllpath, MAX_PATH, L"%ws%ws%ws", workPath, L"\\", dllname);
string name = _com_util::ConvertBSTRToString((BSTR)dllpath);
if (!isFileExists_stat(name)) {
MessageBoxA(NULL, name.c_str(), "文件不存在", MB_ICONWARNING);
return 0;
}
HMODULE hd = LoadLibrary(dllpath);
if (!hd) {
wchar_t* WeChatWin = L"WeChatWin.dll";
WeChatProcess hp(pid);
if (!hp.m_init) return 0;
WeChatData<wchar_t*> r_dllname(hp.GetHandle(), WeChatWin, TEXTLENGTH(WeChatWin));
if (r_dllname.GetAddr() == 0)
return 0;
}
DWORD WeChatBase = (DWORD)GetModuleHandleW(dllname);
DWORD SendImageProcAddr = (DWORD)GetProcAddress(hd, SendImageRemote);
SendImageOffset = SendImageProcAddr - WeChatBase;
DWORD SendTextProcAddr = (DWORD)GetProcAddress(hd, SendTextRemote);
SendTextOffset = SendTextProcAddr - WeChatBase;
DWORD SendFileProcAddr = (DWORD)GetProcAddress(hd, SendFileRemote);
SendFileOffset = SendFileProcAddr - WeChatBase;
DWORD SendArticleProcAddr = (DWORD)GetProcAddress(hd, SendArticleRemote);
SendArticleOffset = SendArticleProcAddr - WeChatBase;
DWORD SendCardProcAddr = (DWORD)GetProcAddress(hd, SendCardRemote);
SendCardOffset = SendCardProcAddr - WeChatBase;
DWORD SendAtTextProcAddr = (DWORD)GetProcAddress(hd, SendAtTextRemote);
SendAtTextOffset = SendAtTextProcAddr - WeChatBase;
DWORD SendAppMsgProcAddr = (DWORD)GetProcAddress(hd, SendAppMsgRemote);
SendAppMsgRemoteOffset = SendAppMsgProcAddr - WeChatBase;
DWORD GetFriendListInitProcAddr = (DWORD)GetProcAddress(hd, GetFriendListInit);
GetFriendListInitOffset = GetFriendListInitProcAddr - WeChatBase;
DWORD GetFriendListRemoteProcAddr = (DWORD)GetProcAddress(hd, GetFriendListRemote);
GetFriendListRemoteOffset = GetFriendListRemoteProcAddr - WeChatBase;
DWORD GetFriendListFinishProcAddr = (DWORD)GetProcAddress(hd, GetFriendListFinish);
GetFriendListFinishOffset = GetFriendListFinishProcAddr - WeChatBase;
DWORD EditRemarkRemoteAddr = (DWORD)GetProcAddress(hd, EditRemarkRemote);
EditRemarkRemoteOffset = EditRemarkRemoteAddr - WeChatBase;
DWORD GetWxUserInfoProcAddr = (DWORD)GetProcAddress(hd, GetWxUserInfoRemote);
GetWxUserInfoOffset = GetWxUserInfoProcAddr - WeChatBase;
DWORD DeleteUserInfoCacheProcAddr = (DWORD)GetProcAddress(hd, DeleteUserInfoCacheRemote);
DeleteUserInfoCacheOffset = DeleteUserInfoCacheProcAddr - WeChatBase;
DWORD VerifyFriendApplyProcAddr = (DWORD)GetProcAddress(hd, VerifyFriendApplyRemote);
VerifyFriendApplyOffset = VerifyFriendApplyProcAddr - WeChatBase;
DWORD GetSelfInfoProcAddr = (DWORD)GetProcAddress(hd, GetSelfInfoRemote);
GetSelfInfoOffset = GetSelfInfoProcAddr - WeChatBase;
DWORD DeleteSelfInfoCacheProcAddr = (DWORD)GetProcAddress(hd, DeleteSelfInfoCacheRemote);
DeleteSelfInfoCacheOffset = DeleteSelfInfoCacheProcAddr - WeChatBase;
DWORD SearchContactByNetRemoteAddr = (DWORD)GetProcAddress(hd, SearchContactByNetRemote);
SearchContactByNetRemoteOffset = SearchContactByNetRemoteAddr - WeChatBase;
DWORD isWxLoginAddr = (DWORD)GetProcAddress(hd, isWxLoginRemote);
isWxLoginOffset = isWxLoginAddr - WeChatBase;
DWORD CheckFriendStatusRemoteAddr = (DWORD)GetProcAddress(hd, CheckFriendStatusRemote);
CheckFriendStatusRemoteOffset = CheckFriendStatusRemoteAddr - WeChatBase;
DWORD HookReceiveMessageRemoteAddr = (DWORD)GetProcAddress(hd, HookReceiveMessageRemote);
HookReceiveMessageRemoteOffset = HookReceiveMessageRemoteAddr - WeChatBase;
DWORD UnHookReceiveMessageRemoteAddr = (DWORD)GetProcAddress(hd, UnHookReceiveMessageRemote);
UnHookReceiveMessageRemoteOffset = UnHookReceiveMessageRemoteAddr - WeChatBase;
DWORD GetChatRoomMemberNicknameRemoteAddr = (DWORD)GetProcAddress(hd, GetChatRoomMemberNicknameRemote);
GetChatRoomMemberNicknameRemoteOffset = GetChatRoomMemberNicknameRemoteAddr - WeChatBase;
DWORD GetChatRoomMembersRemoteAddr = (DWORD)GetProcAddress(hd, GetChatRoomMembersRemote);
GetChatRoomMembersRemoteOffset = GetChatRoomMembersRemoteAddr - WeChatBase;
DWORD DelChatRoomMemberRemoteAddr = (DWORD)GetProcAddress(hd, DelChatRoomMemberRemote);
DelChatRoomMemberRemoteOffset = DelChatRoomMemberRemoteAddr - WeChatBase;
DWORD AddChatRoomMemberRemoteAddr = (DWORD)GetProcAddress(hd, AddChatRoomMemberRemote);
AddChatRoomMemberRemoteOffset = AddChatRoomMemberRemoteAddr - WeChatBase;
DWORD SetChatRoomAnnouncementRemoteAddr = (DWORD)GetProcAddress(hd, SetChatRoomAnnouncementRemote);
SetChatRoomAnnouncementRemoteOffset = SetChatRoomAnnouncementRemoteAddr - WeChatBase;
DWORD SetChatRoomNameRemoteAddr = (DWORD)GetProcAddress(hd, SetChatRoomNameRemote);
SetChatRoomNameRemoteOffset = SetChatRoomNameRemoteAddr - WeChatBase;
DWORD SetChatRoomSelfNicknameRemoteAddr = (DWORD)GetProcAddress(hd, SetChatRoomSelfNicknameRemote);
SetChatRoomSelfNicknameRemoteOffset = SetChatRoomSelfNicknameRemoteAddr - WeChatBase;
DWORD GetDbHandlesRemoteAddr = (DWORD)GetProcAddress(hd, GetDbHandlesRemote);
GetDbHandlesRemoteOffset = GetDbHandlesRemoteAddr - WeChatBase;
DWORD ExecuteSQLRemoteAddr = (DWORD)GetProcAddress(hd, ExecuteSQLRemote);
ExecuteSQLRemoteOffset = ExecuteSQLRemoteAddr - WeChatBase;
DWORD SelectDataRemoteAddr = (DWORD)GetProcAddress(hd, SelectDataRemote);
SelectDataRemoteOffset = SelectDataRemoteAddr - WeChatBase;
DWORD BackupSQLiteDBRemoteAddr = (DWORD)GetProcAddress(hd, BackupSQLiteDBRemote);
BackupSQLiteDBRemoteOffset = BackupSQLiteDBRemoteAddr - WeChatBase;
DWORD AddFriendByWxidRemoteAddr = (DWORD)GetProcAddress(hd, AddFriendByWxidRemote);
AddFriendByWxidRemoteOffset = AddFriendByWxidRemoteAddr - WeChatBase;
DWORD AddFriendByV3RemoteAddr = (DWORD)GetProcAddress(hd, AddFriendByV3Remote);
AddFriendByV3RemoteOffset = AddFriendByV3RemoteAddr - WeChatBase;
DWORD DeleteUserRemoteAddr = (DWORD)GetProcAddress(hd, DeleteUserRemote);
DeleteUserRemoteOffset = DeleteUserRemoteAddr - WeChatBase;
DWORD AddBrandContactRemoteAddr = (DWORD)GetProcAddress(hd, AddBrandContactRemote);
AddBrandContactRemoteOffset = AddBrandContactRemoteAddr - WeChatBase;
DWORD HookImageMsgRemoteAddr = (DWORD)GetProcAddress(hd, HookImageMsgRemote);
HookImageMsgRemoteOffset = HookImageMsgRemoteAddr - WeChatBase;
DWORD UnHookImageMsgAddr = (DWORD)GetProcAddress(hd, UnHookImageMsgRemote);
UnHookImageMsgRemoteOffset = UnHookImageMsgAddr - WeChatBase;
DWORD HookVoiceMsgRemoteAddr = (DWORD)GetProcAddress(hd, HookVoiceMsgRemote);
HookVoiceMsgRemoteOffset = HookVoiceMsgRemoteAddr - WeChatBase;
DWORD UnHookVoiceMsgAddr = (DWORD)GetProcAddress(hd, UnHookVoiceMsgRemote);
UnHookVoiceMsgRemoteOffset = UnHookVoiceMsgAddr - WeChatBase;
DWORD ChangeWeChatVerRemoteAddr = (DWORD)GetProcAddress(hd, ChangeWeChatVerRemote);
ChangeWeChatVerRemoteOffset = ChangeWeChatVerRemoteAddr - WeChatBase;
FreeLibrary(hd);
delete[] dllpath;
dllpath = NULL;
return 1;
DWORD ret = CallRemoteFunction(hp.GetHandle(), GetModuleHandleW, r_dllname.GetAddr());
return ret;
}
DWORD GetWeChatPid() {
HWND hCalc = FindWindow(NULL, L"微信");
HWND hCalc = FindWindow(NULL, L"微信");
DWORD wxPid = 0;
GetWindowThreadProcessId(hCalc, &wxPid);
if (wxPid == 0) {
hCalc = FindWindow(NULL, L"微信测试版");
hCalc = FindWindow(NULL, L"微信测试版");
GetWindowThreadProcessId(hCalc, &wxPid);
}
return wxPid;
......@@ -255,12 +57,6 @@ DWORD GetWeChatPid() {
DWORD StartRobotService(DWORD pid) {
wstring wworkPath = GetComWorkPath();
wchar_t* workPath = (wchar_t*)wworkPath.c_str();
if (!GetProcOffset(workPath)) {
wchar_t info[200] = { 0 };
swprintf_s(info, 200, L"COM无法加载位于%ws的%ws!", workPath, dllname);
MessageBox(NULL, info, L"致命错误!", MB_ICONWARNING);
return 1;
};
bool status = Inject(pid, workPath);
return status;
}
......@@ -270,7 +66,6 @@ DWORD StopRobotService(DWORD pid) {
if (pid == 0)
return cpid;
RemoveDll(pid);
PidToSelfInfoString.erase(pid);
return 0;
}
......@@ -279,7 +74,7 @@ wstring GetComWorkPath() {
GetModuleFileName(NULL, szFilePath, MAX_PATH);
wstring wpath = szFilePath;
int pos = wpath.find_last_of(L"\\");
wpath = wpath.substr(0, pos);
wpath = wpath.substr(0,pos);
return wpath;
}
......@@ -324,7 +119,7 @@ tstring GetWeChatVerStr() {
return verStr;
}
static bool CloseAllWxProcessMutexHandle()
static bool CloseAllWxProcessMutexHandle()
{
HANDLE hsnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (hsnapshot == INVALID_HANDLE_VALUE)
......@@ -370,4 +165,57 @@ DWORD StartWeChat()
Sleep(500);
}
return procStruct.dwProcessId;
}
DWORD GetRemoteProcAddr(DWORD pid, LPWSTR modulename, LPSTR procname) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
DWORD dwId = 0, dwProcAddr = 0;
unsigned char getremoteprocasmcode[] = {
0x55, // push ebp;
0x8B,0xEC, // mov ebp, esp;
0x83,0xEC,0x40, // sub esp, 0x40;
0x57, // push edi;
0x51, // push ecx;
0x8B,0x7D,0x08, // mov edi, dword ptr[ebp + 0x8];
0x8B,0x07, // mov eax,dword ptr[edi];
0x50, // push eax;
0xE8,0x00,0x00,0x00,0x00, // call GetModuleHandleW;
0x83,0xC4,0x04, // add esp,0x4;
0x83,0xC7,0x04, // add edi,0x4;
0x8B,0x0F, // mov ecx, dword ptr[edi];
0x51, // push ecx;
0x50, // push eax;
0xE8,0x00,0x00,0x00,0x00, // call GetProcAddress;
0x83,0xC4,0x08, // add esp, 0x8;
0x59, // pop ecx;
0x5F, // pop edi;
0x8B,0xE5, // mov esp, ebp;
0x5D, // pop ebp;
0xC3 // retn;
};
DWORD pGetModuleHandleW = (DWORD)GetModuleHandleW;
DWORD pGetProcAddress = (DWORD)GetProcAddress;
PVOID call1 = (PVOID)&getremoteprocasmcode[15];
PVOID call2 = (PVOID)&getremoteprocasmcode[30];
LPVOID pRemoteAddress = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_EXECUTE);
if (!pRemoteAddress)
return 0;
*(DWORD*)call1 = pGetModuleHandleW - (DWORD)pRemoteAddress - 14 - 5;
*(DWORD*)call2 = pGetProcAddress - (DWORD)pRemoteAddress - 29 - 5;
SIZE_T dwWriteSize;
WriteProcessMemory(hProcess, pRemoteAddress, getremoteprocasmcode, sizeof(getremoteprocasmcode), &dwWriteSize);
struct GetProcAddrStruct {
DWORD hModuleNameAddr;
DWORD funcnameAddr;
} params;
WeChatData<wchar_t*> r_modulename(hProcess, modulename, TEXTLENGTH(modulename));
WeChatData<char*> r_procname(hProcess, procname, TEXTLENGTHA(procname));
params.funcnameAddr = (DWORD)r_procname.GetAddr();
params.hModuleNameAddr = (DWORD)r_modulename.GetAddr();
WeChatData<GetProcAddrStruct*> r_params(hProcess, &params, sizeof(params));
if (r_modulename.GetAddr() == 0 || r_procname.GetAddr() == 0 || r_params.GetAddr() == 0)
return 0;
DWORD ret = CallRemoteFunction(hProcess, pRemoteAddress, r_params.GetAddr());
VirtualFreeEx(hProcess, pRemoteAddress, 0, MEM_RELEASE);
return ret;
}
\ No newline at end of file
CWeChatRobot/pch.h
浏览文件 @ 569c5948
......@@ -15,26 +15,31 @@
#include "stdlib.h"
#include <tchar.h>
#include <stdio.h>
#include <Windows.h>
#include <windows.h>
#include <TlHelp32.h>
#include <atlconv.h>
#include <tchar.h>
#include <sys/stat.h>
#include <direct.h>
#include <vector>
#include <map>
#include <comutil.h>
#pragma comment(lib, "comsuppw.lib")
#include "robotdata.h"
#include "templatefunc.h"
using namespace std;
#define TEXTLENGTHW(buffer) buffer ? (wcslen(buffer) * 2 + 2) : 0
#define TEXTLENGTHA(buffer) buffer ? (strlen(buffer) + 1) : 0
#ifdef _UNICODE
#define tstring std::wstring
#define TEXTLENGTH TEXTLENGTHW
#else
#define tstring std::string
#define TEXTLENGTH TEXTLENGTHW
#endif
BOOL isFileExists_stat(string& name);
......@@ -51,4 +56,5 @@ tstring GetWeChatInstallDir();
DWORD GetWeChatVerInt();
tstring GetWeChatVerStr();
DWORD StartWeChat();
BOOL CloseProcessHandle(DWORD pid, wchar_t* handlename);
\ No newline at end of file
BOOL CloseProcessHandle(DWORD pid, wchar_t* handlename);
DWORD GetRemoteProcAddr(DWORD pid, LPWSTR modulename, LPSTR procname);
\ No newline at end of file
CWeChatRobot/robotdata.h
浏览文件 @ 569c5948
......@@ -28,62 +28,6 @@
#include "DelChatRoomMember.h"
#include "AddChatRoomMember.h"
// extern HANDLE hProcess;
extern DWORD SendImageOffset;
extern DWORD SendTextOffset;
extern DWORD SendFileOffset;
extern DWORD SendArticleOffset;
extern DWORD SendCardOffset;
extern DWORD SendAtTextOffset;
extern DWORD SendAppMsgRemoteOffset;
extern DWORD GetFriendListInitOffset;
extern DWORD GetFriendListRemoteOffset;
extern DWORD GetFriendListFinishOffset;
extern DWORD EditRemarkRemoteOffset;
extern DWORD GetWxUserInfoOffset;
extern DWORD DeleteUserInfoCacheOffset;
extern DWORD SearchContactByNetRemoteOffset;
extern DWORD VerifyFriendApplyOffset;
extern DWORD GetSelfInfoOffset;
extern DWORD DeleteSelfInfoCacheOffset;
extern map<DWORD, wstring> PidToSelfInfoString;
extern DWORD isWxLoginOffset;
extern DWORD CheckFriendStatusRemoteOffset;
extern DWORD HookReceiveMessageRemoteOffset;
extern DWORD UnHookReceiveMessageRemoteOffset;
extern DWORD GetChatRoomMemberNicknameRemoteOffset;
extern DWORD GetChatRoomMembersRemoteOffset;
extern DWORD DelChatRoomMemberRemoteOffset;
extern DWORD AddChatRoomMemberRemoteOffset;
extern DWORD SetChatRoomAnnouncementRemoteOffset;
extern DWORD SetChatRoomNameRemoteOffset;
extern DWORD SetChatRoomSelfNicknameRemoteOffset;
extern DWORD GetDbHandlesRemoteOffset;
extern DWORD ExecuteSQLRemoteOffset;
extern DWORD SelectDataRemoteOffset;
extern DWORD BackupSQLiteDBRemoteOffset;
extern DWORD AddFriendByWxidRemoteOffset;
extern DWORD AddFriendByV3RemoteOffset;
extern DWORD DeleteUserRemoteOffset;
extern DWORD AddBrandContactRemoteOffset;
extern DWORD HookImageMsgRemoteOffset;
extern DWORD UnHookImageMsgRemoteOffset;
extern DWORD HookVoiceMsgRemoteOffset;
extern DWORD UnHookVoiceMsgRemoteOffset;
extern DWORD ChangeWeChatVerRemoteOffset;
#define dllname L"DWeChatRobot.dll"
#define SendTextRemote "SendTextRemote"
......
CWeChatRobot/templatefunc.cpp 0 → 100644
浏览文件 @ 569c5948
#include "pch.h"
static unsigned char GetProcAsmCode[] = {
0x55, // push ebp;
0x8B,0xEC, // mov ebp, esp;
0x83,0xEC,0x40, // sub esp, 0x40;
0x57, // push edi;
0x51, // push ecx;
0x8B,0x7D,0x08, // mov edi, dword ptr[ebp + 0x8];
0x8B,0x07, // mov eax,dword ptr[edi];
0x50, // push eax;
0xE8,0x00,0x00,0x00,0x00, // call GetModuleHandleW;
0x83,0xC4,0x04, // add esp,0x4;
0x83,0xC7,0x04, // add edi,0x4;
0x8B,0x0F, // mov ecx, dword ptr[edi];
0x51, // push ecx;
0x50, // push eax;
0xE8,0x00,0x00,0x00,0x00, // call GetProcAddress;
0x83,0xC4,0x08, // add esp, 0x8;
0x59, // pop ecx;
0x5F, // pop edi;
0x8B,0xE5, // mov esp, ebp;
0x5D, // pop ebp;
0xC3 // retn;
};
LPVOID WeChatProcess::GetAsmFunAddr() {
DWORD pGetModuleHandleW = (DWORD)GetModuleHandleW;
DWORD pGetProcAddress = (DWORD)GetProcAddress;
PVOID call1 = (PVOID)&GetProcAsmCode[15];
PVOID call2 = (PVOID)&GetProcAsmCode[30];
LPVOID pAsmFuncAddr = VirtualAllocEx(handle, NULL, 1, MEM_COMMIT, PAGE_EXECUTE);
if (!pAsmFuncAddr)
return 0;
*(DWORD*)call1 = pGetModuleHandleW - (DWORD)pAsmFuncAddr - 14 - 5;
*(DWORD*)call2 = pGetProcAddress - (DWORD)pAsmFuncAddr - 29 - 5;
SIZE_T dwWriteSize;
WriteProcessMemory(handle, pAsmFuncAddr, GetProcAsmCode, sizeof(GetProcAsmCode), &dwWriteSize);
return pAsmFuncAddr;
}
DWORD WeChatProcess::GetProcAddr(LPSTR functionname) {
if (!AsmProcAddr || !handle)
return 0;
WeChatData<wchar_t*> r_modulename(handle, dllname, TEXTLENGTH(dllname));
WeChatData<LPSTR> r_functionname(handle, functionname, TEXTLENGTHA(functionname));
DWORD params[2] = { 0 };
params[0] = (DWORD)r_modulename.GetAddr();
params[1] = (DWORD)r_functionname.GetAddr();
WeChatData<DWORD*> r_params(handle, &params[0], sizeof(params));
DWORD dwProcAddr = CallRemoteFunction(handle, AsmProcAddr, r_params.GetAddr());
return dwProcAddr;
}
DWORD WeChatProcess::WeChatRobotBase() {
if (!handle)
return 0;
WeChatData<wchar_t*> r_dllname(handle, dllname, TEXTLENGTH(dllname));
if (r_dllname.GetAddr() == 0)
return 0;
DWORD ret = CallRemoteFunction(handle, GetModuleHandleW, r_dllname.GetAddr());
return ret;
}
\ No newline at end of file
CWeChatRobot/templatefunc.h 0 → 100644
浏览文件 @ 569c5948
#pragma once
#include<windows.h>
#include<iostream>
template <typename T1, typename T2, typename T3>
T2 WriteWeChatMemory(T1 hProcess, T2 ptrvalue, T3 size) {
if (!hProcess)
return NULL;
DWORD dwWriteSize;
T2 addr = (T2)VirtualAllocEx(hProcess, NULL, size, MEM_COMMIT, PAGE_READWRITE);
if (addr)
WriteProcessMemory(hProcess, (LPVOID)addr, ptrvalue, size, &dwWriteSize);
return addr;
}
template<typename T1,typename T2,typename T3>
DWORD CallRemoteFunction(T1 hProcess,T2 FunctionAddr,T3 params)
{
DWORD dwRet = 0;
DWORD dwThreadId = 0;
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)FunctionAddr, (LPVOID)params, 0, &dwThreadId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
GetExitCodeThread(hThread, &dwRet);
CloseHandle(hThread);
}
else {
return 0;
}
return dwRet;
}
template <typename T>
class WeChatData {
public:
WeChatData(HANDLE hProcess,T data,int size) {
this->hProcess = hProcess;
this->size = size;
if (size == 0)
this->addr = data;
else
this->addr = WriteWeChatMemory(hProcess, data, size);
}
~WeChatData() {
if(this->size)
VirtualFreeEx(this->hProcess, this->addr, 0, MEM_RELEASE);
}
T GetAddr() {
return this->addr;
}
private:
T addr;
int size;
HANDLE hProcess;
};
class WeChatProcess {
public:
WeChatProcess(DWORD pid) {
this->handle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!this->handle)
m_init = FALSE;
else {
AsmProcAddr = this->GetAsmFunAddr();
m_init = AsmProcAddr != 0 ? TRUE : FALSE;
}
}
~WeChatProcess() {
if (AsmProcAddr)
VirtualFreeEx(handle, AsmProcAddr, 0, MEM_RELEASE);
if(handle)
CloseHandle(handle);
AsmProcAddr = NULL;
handle = NULL;
}
HANDLE GetHandle() {
return this->handle;
}
DWORD GetProcAddr(LPSTR functionname);
DWORD WeChatRobotBase();
BOOL m_init = FALSE;
private:
HANDLE handle;
LPVOID AsmProcAddr = NULL;
virtual LPVOID GetAsmFunAddr();
};
CWeChatRobot/wechatver.cpp
浏览文件 @ 569c5948
#include "pch.h"
BOOL ChangeWeChatVer(DWORD pid,wchar_t* verStr) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
WeChatProcess hp(pid);
if (!hp.m_init) return 1;
DWORD ChangeWeChatVerRemoteAddr = hp.GetProcAddr(ChangeWeChatVerRemote);
if (ChangeWeChatVerRemoteAddr == 0)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
WeChatData<wchar_t*> r_version(hp.GetHandle(), verStr, TEXTLENGTH(verStr));
if (r_version.GetAddr() == 0)
return 1;
}
DWORD dwId = 0;
DWORD dwRet = 0x0;
LPVOID verStraddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
DWORD dwWriteSize = 0;
if (!verStraddr) {
CloseHandle(hProcess);
return 1;
}
WriteProcessMemory(hProcess, verStraddr, verStr, wcslen(verStr) * 2 + 2, &dwWriteSize);
DWORD ChangeWeChatVerRemoteAddr = WeChatRobotBase + ChangeWeChatVerRemoteOffset;
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)ChangeWeChatVerRemoteAddr, verStraddr, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
GetExitCodeThread(hThread, &dwRet);
CloseHandle(hThread);
}
VirtualFreeEx(hProcess, verStraddr, 0, MEM_RELEASE);
CloseHandle(hProcess);
return dwRet == 0;
DWORD ret = CallRemoteFunction(hp.GetHandle(), ChangeWeChatVerRemoteAddr, r_version.GetAddr());
return ret == 0;
}
\ No newline at end of file
DWeChatRobot/LogMsgInfo.cpp
浏览文件 @ 569c5948
......@@ -45,14 +45,8 @@ VOID PrintMsg(DWORD msg) {
char* message = new char[c_size + 1];
memset(message, 0, c_size + 1);
WideCharToMultiByte(CP_ACP, 0, wmessage, -1, message, c_size, 0, 0);
#ifndef USE_SOCKET
HANDLE hThread = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)SendLogToComServer, wmessage, NULL, &dwId);
if (hThread)
CloseHandle(hThread);
#else
delete[] wmessage;
wmessage = NULL;
#endif
#ifdef _DEBUG
cout << message;
#endif
......
Python/test.py
浏览文件 @ 569c5948
......@@ -2,87 +2,91 @@
"""
Created on Sat Apr 16 14:06:24 2022
@author: lijinchao-002
@author: ljc545w
"""
import time
import os
import wxRobot
from wxRobot import WeChatRobot
def test_SendText(wx):
def test_send_text(instance):
path = os.path.split(os.path.realpath(__file__))[0]
# image full path
imgpath = os.path.join(path,'test\\测试图片.png')
img_path = os.path.join(path, 'test\\测试图片.png')
# file full path
filepath = os.path.join(path,'test\\测试文件')
myinfo = wx.GetSelfInfo()
chatwith = wx.GetFriendByWxNickName("文件传输助手")
session = wx.GetChatSession(chatwith.get('wxid'))
filehelper = wx.GetWxUserInfo(chatwith.get('wxid'))
session.SendText('个人信息:{}'.format(str(myinfo.get('wxNickName'))))
filepath = os.path.join(path, 'test\\测试文件')
self_info = instance.GetSelfInfo()
chat_with = instance.GetFriendByWxNickName("文件传输助手")
session = instance.GetChatSession(chat_with.get('wxid'))
filehelper = instance.GetWxUserInfo(chat_with.get('wxid'))
session.SendText('个人信息:{}'.format(str(self_info.get('wxNickName'))))
session.SendText('好友信息:{}'.format(str(filehelper.get('wxNickName'))))
if os.path.exists(imgpath): session.SendImage(imgpath)
if os.path.exists(filepath): session.SendFile(filepath)
session.SendArticle("天气预报","点击查看","http://www.baidu.com")
shared = wx.GetFriendByWxNickName("码农翻身")
if shared: session.SendCard(shared.get('wxid'),shared.get('wxNickName'))
def test_FriendStatus(wx):
f = open('Friendstatus.txt','wt',encoding = 'utf-8')
FriendList = wx.GetFriendList()
index = "\t".join(['微信号','昵称','备注','状态','\n'])
if os.path.exists(img_path):
session.SendImage(img_path)
if os.path.exists(filepath):
session.SendFile(filepath)
session.SendArticle("天气预报", "点击查看", "http://www.baidu.com")
shared = instance.GetFriendByWxNickName("码农翻身")
if shared:
session.SendCard(shared.get('wxid'), shared.get('wxNickName'))
def test_friend_status(instance):
f = open('friend_status.txt', 'wt', encoding='utf-8')
friend_list = instance.GetFriendList()
index = "\t".join(['微信号', '昵称', '备注', '状态', '\n'])
f.writelines(index)
for Friend in FriendList:
for Friend in friend_list:
result = '\t'.join(
[Friend.get('wxNumber'),Friend.get('wxNickName'),Friend.get('wxRemark'),
wx.CheckFriendStatus(Friend.get('wxid'))])
[Friend.get('wxNumber'), Friend.get('wxNickName'), Friend.get('wxRemark'),
instance.CheckFriendStatus(Friend.get('wxid'))])
print(result)
result += '\n'
f.writelines(result)
time.sleep(1)
break
f.close()
def test_ExecuteSQL(wx):
def test_execute_sql(instance):
try:
dbs = wx.GetDbHandles()
dbs = instance.GetDbHandles()
dbname = 'MicroMsg.db'
handle = dbs.get(dbname).get('Handle')
sql = 'select a.UserName as `wxID`,a.Alias as `微信号`,a.EncryptUserName as `V3数据`,\
a.Type as `联系人类型`,a.VerifyFlag as `添加方式`,a.Remark as `备注`,a.NickName as `昵称`,b.bigHeadImgUrl as `头像`,\
a.ExtraBuf as `扩展数据` \
from Contact a inner join ContactHeadImgUrl b where a.UserName=b.usrName and a.Type=3 limit 10'
result = wx.ExecuteSQL(handle,sql)
result = instance.ExecuteSQL(handle, sql)
print(result)
except Exception as e:
print(e)
pass
def test_BackupDb(wx):
def test_BackupDb(instance):
try:
dbs = wx.GetDbHandles()
dbs = instance.GetDbHandles()
dbname = 'MicroMsg.db'
handle = dbs.get(dbname).get('Handle')
rc = wx.BackupSQLiteDB(handle,'D:\\WeChatBackup\\{}'.format(dbname))
rc = instance.BackupSQLiteDB(handle, 'D:\\WeChatBackup\\{}'.format(dbname))
print(rc)
except:
pass
except Exception as e:
print(e)
def show_interfaces():
robot = wxRobot._WeChatRobotClient.instance().robot
robot = wxRobot.WeChatRobot(0).robot
print(robot.CGetWeChatVer())
interfaces = [i for i in dir(robot) if '_' not in i and i[0] == 'C']
for interface in interfaces:
print(interface)
if __name__ == '__main__':
pids = wxRobot.GetWeChatPids()
wx_list = [WeChatRobot(pid) for pid in pids]
if len(wx_list) < 1:
wx_list = wx_list + [wxRobot.StartWeChat()] * (1 - len(wx_list))
for wx in wx_list:
wx.StartService()
wx.StartReceiveMessage()
wxRobot.StartSocketServer()
for wx in wx_list:
wx.StopService()
\ No newline at end of file
pid_list = wxRobot.get_wechat_pid_list()
wx = WeChatRobot(pid_list[0])
wx.StartService()
wx.StartReceiveMessage()
wxRobot.register_msg_event()
wx.StopService()
Python/wxRobot.py
浏览文件 @ 569c5948
此差异已折叠。
README.md
浏览文件 @ 569c5948
......@@ -7,19 +7,15 @@ PC微信机器人,实现以下功能:
5. 检测好友状态(是否好友、被删除、被拉黑)
6. 接收各类消息,可写回调函数进行处理
7. 封装COM接口,方便使用自己喜欢的语言进行调用
8. 群管理
9. 微信多开
# 用途
1. 淘客发单
2. 无痕清粉
3. 微信公众号采集
4. 聊天记录备份
5. 其他你能想到的用途
# tips
1、当前分支是兼容多开的Beta版本,可通过pid进行多开管理
2、`CStartWeChat`接口可打开一个新的微信实例并返回该进程的pid,但仍然需要用户手动调用`CStartRobotService`进行注入
3、已经重新整理python socket server和连接点,可以实现多微信消息聚合
4、另外一个小小的诉求,如果您所在的公司有C++或Python岗位空缺,并且办公地点在北京、深圳,希望能提供内推机会给我,可以通过ljc545w@qq.com联系到我,不胜感激~
5. 其他你能想到的用途
# 可用版本
微信电脑版**3.5.0.46**
......@@ -60,7 +56,7 @@ CWeChatRobot.exe /unregserver
参考[ESDK](/ESDK),感谢@lovezm 的贡献
# 更多功能
后续计划功能:
1. 修改好友备注
1. 实现http调用
有空的时候会按照上述顺序进行开发,不过嘛,计划只是计划,如果未实现也请见谅
**也欢迎您提交PR**
......@@ -115,7 +111,13 @@ CWeChatRobot.exe /unregserver
1. 已适配3.7.0.30版本
## 2022.07.19
1. 新增修改备注接口
1. 新增群管理功能,包括添加成员、删除成员、设置公告、修改群名称、设置群内个人昵称、获取群成员昵称
2. 新增群管理功能,包括添加成员、删除成员、设置公告、修改群名称、设置群内个人昵称、获取群成员昵称
## 2022.07.24
1. 添加多开管理
## 2022.07.28
1. 解决部分已知问题,优化多开管理
2. 重构COM中的部分实现
# 打赏作者
请给作者一个star,感谢感谢
# 免责声明
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册