// pch.cpp: 与预编译标头对应的源文件 #include "pch.h" // 当使用预编译的头时,需要使用此源文件,编译才能成功。 DWORD SendImageOffset = 0x0; DWORD SendTextOffset = 0x0; DWORD SendFileOffset = 0x0; DWORD SendArticleOffset = 0x0; DWORD SendCardOffset = 0x0; DWORD SendAtTextOffset = 0x0; DWORD GetFriendListInitOffset = 0x0; DWORD GetFriendListRemoteOffset = 0x0; DWORD GetFriendListFinishOffset = 0x0; DWORD GetWxUserInfoOffset = 0x0; DWORD DeleteUserInfoCacheOffset = 0x0; DWORD GetSelfInfoOffset = 0x0; DWORD DeleteSelfInfoCacheOffset = 0x0; DWORD VerifyFriendApplyOffset = 0x0; DWORD CheckFriendStatusInitRemoteOffset = 0x0; DWORD CheckFriendStatusRemoteOffset = 0x0; DWORD CheckFriendStatusFinishRemoteOffset = 0x0; DWORD HookReceiveMessageRemoteOffset = 0x0; DWORD UnHookReceiveMessageRemoteOffset = 0x0; DWORD GetHeadMessageRemoteOffset = 0x0; DWORD PopHeadMessageRemoteOffset = 0x0; DWORD GetChatRoomMembersRemoteOffset = 0x0; DWORD GetDbHandlesRemoteOffset = 0x0; DWORD ExecuteSQLRemoteOffset = 0x0; DWORD BackupSQLiteDBRemoteOffset = 0x0; DWORD AddFriendByWxidRemoteOffset = 0x0; DWORD AddFriendByV3RemoteOffset = 0x0; wstring SelfInfoString = L""; HANDLE hProcess = NULL; bool isFileExists_stat(string& name) { struct stat buffer; return (stat(name.c_str(), &buffer) == 0); } BOOL CreateConsole() { if (AllocConsole()) { AttachConsole(GetCurrentProcessId()); FILE* retStream; freopen_s(&retStream, "CONOUT$", "w", stdout); if (!retStream) throw std::runtime_error("Stdout redirection failed."); freopen_s(&retStream, "CONOUT$", "w", stderr); if (!retStream) throw std::runtime_error("Stderr redirection failed."); return 0; } return 1; } DWORD GetWeChatRobotBase() { if (!hProcess) return 0; DWORD dwWriteSize = 0; LPVOID pRemoteAddress = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE); if (pRemoteAddress) WriteProcessMemory(hProcess, pRemoteAddress, dllname, wcslen(dllname) * 2 + 2, &dwWriteSize); else return 0; DWORD dwHandle, dwID; LPVOID pFunc = GetModuleHandleW; HANDLE hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)pFunc, pRemoteAddress, 0, &dwID); if (hThread) { WaitForSingleObject(hThread, INFINITE); GetExitCodeThread(hThread, &dwHandle); } else { return 0; } CloseHandle(hThread); VirtualFreeEx(hProcess, pRemoteAddress, 0, MEM_RELEASE); return dwHandle; } BOOL GetProcOffset(wchar_t* workPath) { wchar_t* dllpath = new wchar_t[MAX_PATH]; memset(dllpath, 0, MAX_PATH * 2); swprintf_s(dllpath, MAX_PATH, L"%ws%ws%ws", workPath, L"\\", dllname); string name = _com_util::ConvertBSTRToString((BSTR)dllpath); if (!isFileExists_stat(name)) { MessageBoxA(NULL, name.c_str(), "文件不存在", MB_ICONWARNING); return 0; } HMODULE hd = LoadLibrary(dllpath); if (!hd) { return 0; } DWORD WeChatBase = (DWORD)GetModuleHandleW(dllname); DWORD SendImageProcAddr = (DWORD)GetProcAddress(hd, SendImageRemote); SendImageOffset = SendImageProcAddr - WeChatBase; DWORD SendTextProcAddr = (DWORD)GetProcAddress(hd, SendTextRemote); SendTextOffset = SendTextProcAddr - WeChatBase; DWORD SendFileProcAddr = (DWORD)GetProcAddress(hd, SendFileRemote); SendFileOffset = SendFileProcAddr - WeChatBase; DWORD SendArticleProcAddr = (DWORD)GetProcAddress(hd, SendArticleRemote); SendArticleOffset = SendArticleProcAddr - WeChatBase; DWORD SendCardProcAddr = (DWORD)GetProcAddress(hd, SendCardRemote); SendCardOffset = SendCardProcAddr - WeChatBase; DWORD SendAtTextProcAddr = (DWORD)GetProcAddress(hd, SendAtTextRemote); SendAtTextOffset = SendAtTextProcAddr - WeChatBase; DWORD GetFriendListInitProcAddr = (DWORD)GetProcAddress(hd, GetFriendListInit); GetFriendListInitOffset = GetFriendListInitProcAddr - WeChatBase; DWORD GetFriendListRemoteProcAddr = (DWORD)GetProcAddress(hd, GetFriendListRemote); GetFriendListRemoteOffset = GetFriendListRemoteProcAddr - WeChatBase; DWORD GetFriendListFinishProcAddr = (DWORD)GetProcAddress(hd, GetFriendListFinish); GetFriendListFinishOffset = GetFriendListFinishProcAddr - WeChatBase; DWORD GetWxUserInfoProcAddr = (DWORD)GetProcAddress(hd, GetWxUserInfoRemote); GetWxUserInfoOffset = GetWxUserInfoProcAddr - WeChatBase; DWORD DeleteUserInfoCacheProcAddr = (DWORD)GetProcAddress(hd, DeleteUserInfoCacheRemote); DeleteUserInfoCacheOffset = DeleteUserInfoCacheProcAddr - WeChatBase; DWORD VerifyFriendApplyProcAddr = (DWORD)GetProcAddress(hd, VerifyFriendApplyRemote); VerifyFriendApplyOffset = VerifyFriendApplyProcAddr - WeChatBase; DWORD GetSelfInfoProcAddr = (DWORD)GetProcAddress(hd, GetSelfInfoRemote); GetSelfInfoOffset = GetSelfInfoProcAddr - WeChatBase; DWORD DeleteSelfInfoCacheProcAddr = (DWORD)GetProcAddress(hd, DeleteSelfInfoCacheRemote); DeleteSelfInfoCacheOffset = DeleteSelfInfoCacheProcAddr - WeChatBase; DWORD CheckFriendStatusInitRemoteAddr = (DWORD)GetProcAddress(hd, CheckFriendStatusInitRemote); CheckFriendStatusInitRemoteOffset = CheckFriendStatusInitRemoteAddr - WeChatBase; DWORD CheckFriendStatusRemoteAddr = (DWORD)GetProcAddress(hd, CheckFriendStatusRemote); CheckFriendStatusRemoteOffset = CheckFriendStatusRemoteAddr - WeChatBase; DWORD CheckFriendStatusFinishRemoteAddr = (DWORD)GetProcAddress(hd, CheckFriendStatusFinishRemote); CheckFriendStatusFinishRemoteOffset = CheckFriendStatusFinishRemoteAddr - WeChatBase; DWORD HookReceiveMessageRemoteAddr = (DWORD)GetProcAddress(hd, HookReceiveMessageRemote); HookReceiveMessageRemoteOffset = HookReceiveMessageRemoteAddr - WeChatBase; DWORD UnHookReceiveMessageRemoteAddr = (DWORD)GetProcAddress(hd, UnHookReceiveMessageRemote); UnHookReceiveMessageRemoteOffset = UnHookReceiveMessageRemoteAddr - WeChatBase; DWORD GetHeadMessageRemoteAddr = (DWORD)GetProcAddress(hd, GetHeadMessageRemote); GetHeadMessageRemoteOffset = GetHeadMessageRemoteAddr - WeChatBase; DWORD PopHeadMessageRemoteAddr = (DWORD)GetProcAddress(hd, PopHeadMessageRemote); PopHeadMessageRemoteOffset = PopHeadMessageRemoteAddr - WeChatBase; DWORD GetChatRoomMembersRemoteAddr = (DWORD)GetProcAddress(hd, GetChatRoomMembersRemote); GetChatRoomMembersRemoteOffset = GetChatRoomMembersRemoteAddr - WeChatBase; DWORD GetDbHandlesRemoteAddr = (DWORD)GetProcAddress(hd, GetDbHandlesRemote); GetDbHandlesRemoteOffset = GetDbHandlesRemoteAddr - WeChatBase; DWORD ExecuteSQLRemoteAddr = (DWORD)GetProcAddress(hd, ExecuteSQLRemote); ExecuteSQLRemoteOffset = ExecuteSQLRemoteAddr - WeChatBase; DWORD BackupSQLiteDBRemoteAddr = (DWORD)GetProcAddress(hd, BackupSQLiteDBRemote); BackupSQLiteDBRemoteOffset = BackupSQLiteDBRemoteAddr - WeChatBase; DWORD AddFriendByWxidRemoteAddr = (DWORD)GetProcAddress(hd, AddFriendByWxidRemote); AddFriendByWxidRemoteOffset = AddFriendByWxidRemoteAddr - WeChatBase; DWORD AddFriendByV3RemoteAddr = (DWORD)GetProcAddress(hd, AddFriendByV3Remote); AddFriendByV3RemoteOffset = AddFriendByV3RemoteAddr - WeChatBase; FreeLibrary(hd); delete[] dllpath; dllpath = NULL; return 1; } DWORD GetWeChatPid() { HWND hCalc = FindWindow(NULL, L"微信"); DWORD wxPid = 0; GetWindowThreadProcessId(hCalc, &wxPid); if (wxPid == 0) { hCalc = FindWindow(NULL, L"微信测试版"); GetWindowThreadProcessId(hCalc, &wxPid); } return wxPid; } DWORD StartRobotService() { DWORD wxPid = GetWeChatPid(); if (!wxPid) { MessageBoxA(NULL, "请先启动目标程序", "提示", MB_ICONWARNING); return 1; } wstring wworkPath = GetComWorkPath(); wchar_t* workPath = (wchar_t*)wworkPath.c_str(); if (!GetProcOffset(workPath)) { wchar_t info[200] = { 0 }; swprintf_s(info, 200, L"COM无法加载位于%ws的%ws!", workPath, dllname); MessageBox(NULL, info, L"致命错误!", MB_ICONWARNING); return 1; }; if(!hProcess) hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, wxPid); bool status = Injert(wxPid, workPath); if (status == 1) { CloseHandle(hProcess); return status; } return status; } DWORD StopRobotService() { DWORD cpid = GetCurrentProcessId(); DWORD wxPid = GetWeChatPid(); if (!wxPid) return cpid; if (!hProcess) hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, wxPid); RemoveDll(wxPid); ZeroMemory((wchar_t*)SelfInfoString.c_str(), SelfInfoString.length() * 2 + 2); CloseHandle(hProcess); StopReceiveMessage(); return cpid; } wstring GetComWorkPath() { wchar_t szFilePath[MAX_PATH + 1] = { 0 }; GetModuleFileName(NULL, szFilePath, MAX_PATH); wstring wpath = szFilePath; int pos = wpath.find_last_of(L"\\"); wpath = wpath.substr(0,pos); return wpath; }