From 919b17391437e4c5cafa609ae0afb4523cf6dc4c Mon Sep 17 00:00:00 2001
From: Knine <nothing@qq.com>
Date: Sat, 16 Mar 2024 23:27:31 +0800
Subject: [PATCH] =?UTF-8?q?=E3=80=90=E5=A4=B1=E8=B4=A5=E3=80=91=E5=85=B3?=
 =?UTF-8?q?=E4=BA=8E=E5=BE=AE=E4=BF=A1=E7=9A=84=E9=80=86=E5=90=91=EF=BC=88?=
 =?UTF-8?q?=E6=9C=89hook=E6=A3=80=E6=9F=A5=EF=BC=8C=E6=9A=82=E6=9C=AA?=
 =?UTF-8?q?=E5=88=86=E6=9E=90=EF=BC=89?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../wechat-devtools/Core/AddressSource.end    |   5 +
 .../wechat-devtools/Core/AddressSource.head   |   1 +
 .../wechat-devtools/WeChatAppEx.exe.js        |  77 ++++++++
 .../wechat-devtools/WeChatWin.dll.js          |  37 ++++
 .../03_frida-node/wechat-devtools/all.bat     |   5 +
 .../wechat-devtools/cpp-hook/test/test.sln    |  31 ++++
 .../test/wechat-devtools/common/EZDetour.cpp  |  64 +++++++
 .../test/wechat-devtools/common/EZDetour.h    |  37 ++++
 .../cpp-hook/test/wechat-devtools/dllmain.cpp |  19 ++
 .../cpp-hook/test/wechat-devtools/framework.h |   5 +
 .../cpp-hook/test/wechat-devtools/pch.cpp     |   5 +
 .../cpp-hook/test/wechat-devtools/pch.h       |  13 ++
 .../wechat-devtools/wechat-devtools.vcxproj   | 171 ++++++++++++++++++
 .../wechat-devtools.vcxproj.filters           |  42 +++++
 14 files changed, 512 insertions(+)
 create mode 100644 course/frida/03_frida-node/wechat-devtools/Core/AddressSource.end
 create mode 100644 course/frida/03_frida-node/wechat-devtools/Core/AddressSource.head
 create mode 100644 course/frida/03_frida-node/wechat-devtools/WeChatAppEx.exe.js
 create mode 100644 course/frida/03_frida-node/wechat-devtools/WeChatWin.dll.js
 create mode 100644 course/frida/03_frida-node/wechat-devtools/all.bat
 create mode 100644 course/frida/03_frida-node/wechat-devtools/cpp-hook/test/test.sln
 create mode 100644 course/frida/03_frida-node/wechat-devtools/cpp-hook/test/wechat-devtools/common/EZDetour.cpp
 create mode 100644 course/frida/03_frida-node/wechat-devtools/cpp-hook/test/wechat-devtools/common/EZDetour.h
 create mode 100644 course/frida/03_frida-node/wechat-devtools/cpp-hook/test/wechat-devtools/dllmain.cpp
 create mode 100644 course/frida/03_frida-node/wechat-devtools/cpp-hook/test/wechat-devtools/framework.h
 create mode 100644 course/frida/03_frida-node/wechat-devtools/cpp-hook/test/wechat-devtools/pch.cpp
 create mode 100644 course/frida/03_frida-node/wechat-devtools/cpp-hook/test/wechat-devtools/pch.h
 create mode 100644 course/frida/03_frida-node/wechat-devtools/cpp-hook/test/wechat-devtools/wechat-devtools.vcxproj
 create mode 100644 course/frida/03_frida-node/wechat-devtools/cpp-hook/test/wechat-devtools/wechat-devtools.vcxproj.filters

diff --git a/course/frida/03_frida-node/wechat-devtools/Core/AddressSource.end b/course/frida/03_frida-node/wechat-devtools/Core/AddressSource.end
new file mode 100644
index 0000000..c9aff85
--- /dev/null
+++ b/course/frida/03_frida-node/wechat-devtools/Core/AddressSource.end
@@ -0,0 +1,5 @@
+;
+for(var addressname in address){
+    address[addressname] = parseInt(address[addressname]);
+};
+
diff --git a/course/frida/03_frida-node/wechat-devtools/Core/AddressSource.head b/course/frida/03_frida-node/wechat-devtools/Core/AddressSource.head
new file mode 100644
index 0000000..948e637
--- /dev/null
+++ b/course/frida/03_frida-node/wechat-devtools/Core/AddressSource.head
@@ -0,0 +1 @@
+var address = 
\ No newline at end of file
diff --git a/course/frida/03_frida-node/wechat-devtools/WeChatAppEx.exe.js b/course/frida/03_frida-node/wechat-devtools/WeChatAppEx.exe.js
new file mode 100644
index 0000000..ceb2c2f
--- /dev/null
+++ b/course/frida/03_frida-node/wechat-devtools/WeChatAppEx.exe.js
@@ -0,0 +1,77 @@
+// node main.js   9079   x64
+
+import frida from "frida";
+// var frida = require("frida");
+import fs from 'fs';
+import path from 'path';
+import { fileURLToPath } from 'url';
+
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+
+function onMessage(message, data) {
+  if (message.type === 'send') {
+      console.log(message.payload);
+  } else if (message.type === 'error') {
+      console.error(message.stack);
+  }
+}
+
+function init() {
+  let addressSource = '';
+  let version = process.argv[2] || "8447";
+  let bit = process.argv[3] || "x64";
+
+  try {
+    let addressSourceHeadFilePath = path.join(__dirname, `/Core/AddressSource.head`);
+    let addressSourceEndFilePath = path.join(__dirname, `/Core/AddressSource.end`);
+    
+    let addressFilePath = path.join(__dirname, `/Core/WeChatAppEx.exe/address_${version}_${bit}.json`);
+    let hookFilePath = path.join(__dirname, `/Core/WeChatAppEx.exe/hook.js`);
+
+    fs.accessSync(addressFilePath);
+    addressSource += fs.readFileSync(addressSourceHeadFilePath);
+    addressSource += fs.readFileSync(addressFilePath);
+    addressSource += fs.readFileSync(addressSourceEndFilePath);
+    addressSource += fs.readFileSync(hookFilePath);
+  } catch (error) {
+    console.log(`æš‚ä¸æ”¯æŒ ${version}_${bit} çš„ç‰ˆæœ¬!`, error)
+    return '';
+  }
+
+  console.log("HOOKæ–‡ä»¶ç»„è£…æˆåŠŸ!")
+  return addressSource;
+}
+
+(async () => {
+  let addressSource = init();
+  if (!addressSource) return;
+
+  var device = await frida.getLocalDevice();
+  var processes = await device.enumerateProcesses();
+  var pid = -1;
+  processes.forEach(async (p_) => {
+    if (p_.name == "WeChatAppEx.exe") {
+      console.log(p_.name, p_.pid, p_);
+      // let commandLine = cmdline.getCmdline(p_.pid);
+      // if(commandLine.indexOf("--type=") == -1){
+      //     pid = p_.pid;
+      // }
+
+      // ç¬¬ä¸€ä¸ªå°±æ˜¯
+      if (pid == -1) {
+        pid = p_.pid;
+      }
+    }
+  });
+  console.log("WeChatAppEx.exe ä¸»è¿›ç¨‹ pid = " + pid);
+  if (pid == -1) {
+    return;
+  }
+
+  let session = await frida.attach(pid);
+  let script = await session.createScript(addressSource);
+  script.message.connect(onMessage);
+  await script.load();
+})().catch((error) => {
+  console.error(error.stack);
+});
diff --git a/course/frida/03_frida-node/wechat-devtools/WeChatWin.dll.js b/course/frida/03_frida-node/wechat-devtools/WeChatWin.dll.js
new file mode 100644
index 0000000..edaa763
--- /dev/null
+++ b/course/frida/03_frida-node/wechat-devtools/WeChatWin.dll.js
@@ -0,0 +1,37 @@
+
+let version = (process.argv[2] + "").toLowerCase();
+let bit = (process.argv[3] + "").toLowerCase();
+let exePath = (process.argv[4] + "").toLowerCase();
+
+const fs = require('fs');
+const path = require('path');
+try {
+    fs.accessSync(path.join(exePath, "/WeChatWin_old.dll"));
+    console.log(`å·²ç»æ˜¯æ›¿æ¢åŽçš„WeChatWin.dll! è¯·å‹¿é‡å¤è¿è¡Œ`)
+    return;
+} catch {
+    
+}
+
+
+let addressFilePath =path.join(__dirname, `/Core/WeChatWin.dll/address_${version}_${bit}.json`);
+let address = null;
+try {
+    fs.accessSync(addressFilePath);
+    address = JSON.parse(fs.readFileSync(addressFilePath));
+} catch (error) {
+    console.log(`æš‚ä¸æ”¯æŒ ${version}_${bit} çš„ç‰ˆæœ¬!`)
+    return;
+}
+try {
+    address.XwebEnableInspect = parseInt(address.XwebEnableInspect) + 1;
+    fs.copyFileSync(path.join(exePath, "/WeChatWin.dll"), path.join(exePath, "/WeChatWin_old.dll"));
+    console.log("WeChatWin.dllå·²å¤‡ä»½!", path.join(exePath, "/WeChatWin_old.dll"))
+    let fd = fs.openSync(path.join(exePath, "/WeChatWin.dll"), "r+");
+    let buf = Buffer.alloc(1);
+    buf.hexWrite("85");  //JZ 84   JNZ 85
+    fs.writeSync(fd, buf, 0, 1, address.XwebEnableInspect)
+    console.log("å®Œæˆè¦†ç›–!")
+} catch (error) {
+    console.log(error)
+}
diff --git a/course/frida/03_frida-node/wechat-devtools/all.bat b/course/frida/03_frida-node/wechat-devtools/all.bat
new file mode 100644
index 0000000..8f3a02e
--- /dev/null
+++ b/course/frida/03_frida-node/wechat-devtools/all.bat
@@ -0,0 +1,5 @@
+node WeChatWin.dll.js
+ping 127.0.0.1 -n 3
+
+cd /d J:\_ALL\CODE\gitcode\kinghzking\MyOpen\course\frida\03_frida-node\wechat-devtools
+node WeChatAppEx.exe.js   9079   x64
diff --git a/course/frida/03_frida-node/wechat-devtools/cpp-hook/test/test.sln b/course/frida/03_frida-node/wechat-devtools/cpp-hook/test/test.sln
new file mode 100644
index 0000000..8d11c9f
--- /dev/null
+++ b/course/frida/03_frida-node/wechat-devtools/cpp-hook/test/test.sln
@@ -0,0 +1,31 @@
+ï»¿
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 16
+VisualStudioVersion = 16.0.33529.622
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "wechat-devtools", "wechat-devtools\wechat-devtools.vcxproj", "{8C4064E2-3CD3-4706-B746-D1129A52A875}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|x64 = Debug|x64
+		Debug|x86 = Debug|x86
+		Release|x64 = Release|x64
+		Release|x86 = Release|x86
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{8C4064E2-3CD3-4706-B746-D1129A52A875}.Debug|x64.ActiveCfg = Debug|x64
+		{8C4064E2-3CD3-4706-B746-D1129A52A875}.Debug|x64.Build.0 = Debug|x64
+		{8C4064E2-3CD3-4706-B746-D1129A52A875}.Debug|x86.ActiveCfg = Debug|Win32
+		{8C4064E2-3CD3-4706-B746-D1129A52A875}.Debug|x86.Build.0 = Debug|Win32
+		{8C4064E2-3CD3-4706-B746-D1129A52A875}.Release|x64.ActiveCfg = Release|x64
+		{8C4064E2-3CD3-4706-B746-D1129A52A875}.Release|x64.Build.0 = Release|x64
+		{8C4064E2-3CD3-4706-B746-D1129A52A875}.Release|x86.ActiveCfg = Release|Win32
+		{8C4064E2-3CD3-4706-B746-D1129A52A875}.Release|x86.Build.0 = Release|Win32
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(ExtensibilityGlobals) = postSolution
+		SolutionGuid = {73CAA0D8-B022-4FD6-9D86-A964B3925154}
+	EndGlobalSection
+EndGlobal
diff --git a/course/frida/03_frida-node/wechat-devtools/cpp-hook/test/wechat-devtools/common/EZDetour.cpp b/course/frida/03_frida-node/wechat-devtools/cpp-hook/test/wechat-devtools/common/EZDetour.cpp
new file mode 100644
index 0000000..9d31198
--- /dev/null
+++ b/course/frida/03_frida-node/wechat-devtools/cpp-hook/test/wechat-devtools/common/EZDetour.cpp
@@ -0,0 +1,64 @@
+#include "stdafx.h"
+#include "EZDetour.h"
+#include <assert.h>
+#include <detours/detours.h>
+#include "log/my_log.h"
+//#include "MyCommon.h"
+extern FARPROC MyGetProcAddress(const char* dll_name, const char* fun_name);
+
+
+namespace my
+{
+
+LONG WINAPI EZDetour::Attach(_Inout_ PVOID &ppPointer, _In_ PVOID pDetour)
+{
+    if (ppPointer == 0 || pDetour == 0) {
+        assert(true);
+        return 0;
+    }
+
+    addr_ = ppPointer;
+    pDetourFunc_ = pDetour;
+    DetourRestoreAfterWith();
+    DetourTransactionBegin();
+    LONG result = 0;
+    MyLogD("addr_, pDetourFunc_ = %016I64X, %016I64X.\n", addr_, pDetourFunc_);
+    result = DetourAttach(&(PVOID&)addr_, pDetourFunc_);
+    LONG result2 = DetourTransactionCommit();
+    MyLogD("result, result2 = %08X, %08X.\n", result, result2);
+    return result2;
+}
+
+LONG WINAPI EZDetour::Attach(const char* dll_name, const char* fun_name, _In_ PVOID pDetour)
+{
+    FARPROC addr = MyGetProcAddress(dll_name, fun_name);
+    return this->Attach((PVOID&)addr, pDetour);
+}
+
+
+LONG WINAPI EZDetour::detach(_Inout_ PVOID &ppPointer, _In_ PVOID pDetour)
+{
+    MyLogD("ppPointer, pDetour = %08X, %08X.\n", ppPointer, pDetour);
+
+    if (ppPointer == 0 || pDetour == 0) {
+        assert(true);
+        return 0;
+    }
+
+    DetourRestoreAfterWith();
+    DetourTransactionBegin();
+    LONG result = 0;
+    result = DetourDetach(&(PVOID&)ppPointer, pDetour);
+    LONG result2 = DetourTransactionCommit();
+    MyLogD("result, result2 = %08X, %08X.\n", result, result2);
+    // ÒÑ¾­Ð¶ÔØÁË
+    ppPointer = 0;
+    return result2;
+}
+
+void detour_func_null()
+{
+    MY_ENTER_FUNCTION;
+}
+
+}
\ No newline at end of file
diff --git a/course/frida/03_frida-node/wechat-devtools/cpp-hook/test/wechat-devtools/common/EZDetour.h b/course/frida/03_frida-node/wechat-devtools/cpp-hook/test/wechat-devtools/common/EZDetour.h
new file mode 100644
index 0000000..eed4d82
--- /dev/null
+++ b/course/frida/03_frida-node/wechat-devtools/cpp-hook/test/wechat-devtools/common/EZDetour.h
@@ -0,0 +1,37 @@
+#pragma once
+#include <Windows.h>
+
+namespace my
+{
+// hookÍ¨ÓÃº¯Êý£¬ÖÃ¿ÕÄ¿±êº¯ÊýÂß¼­
+void detour_func_null();
+
+
+class EZDetour
+{
+public:
+    EZDetour() : addr_(0) {}
+    ~EZDetour()
+    {
+        this->detach(addr_, pDetourFunc_);
+    }
+
+public:
+    //DWORD     GetAddr() { return addr_; }
+    LONG WINAPI Attach(_Inout_ PVOID &ppPointer, _In_ PVOID pDetour);
+    LONG WINAPI Attach(const char* dll_name, const char* fun_name, _In_ PVOID pDetour);
+    LONG WINAPI Detach()
+    {
+        return this->detach(addr_, pDetourFunc_);
+    }
+
+private:
+    // ²»ÐèÒªÖ÷¶¯µ÷ÓÃ£¬Îö¹¹º¯Êý×Ô¶¯´¦Àí
+    LONG WINAPI detach(_Inout_ PVOID &ppPointer, _In_ PVOID pDetour);
+
+public:
+    PVOID                       addr_;
+private:
+    PVOID                       pDetourFunc_;
+};
+}
diff --git a/course/frida/03_frida-node/wechat-devtools/cpp-hook/test/wechat-devtools/dllmain.cpp b/course/frida/03_frida-node/wechat-devtools/cpp-hook/test/wechat-devtools/dllmain.cpp
new file mode 100644
index 0000000..d37928e
--- /dev/null
+++ b/course/frida/03_frida-node/wechat-devtools/cpp-hook/test/wechat-devtools/dllmain.cpp
@@ -0,0 +1,19 @@
+ï»¿// dllmain.cpp : å®šä¹‰ DLL åº”ç”¨ç¨‹åºçš„å…¥å£ç‚¹ã€‚
+#include "pch.h"
+
+BOOL APIENTRY DllMain( HMODULE hModule,
+                       DWORD  ul_reason_for_call,
+                       LPVOID lpReserved
+                     )
+{
+    switch (ul_reason_for_call)
+    {
+    case DLL_PROCESS_ATTACH:
+    case DLL_THREAD_ATTACH:
+    case DLL_THREAD_DETACH:
+    case DLL_PROCESS_DETACH:
+        break;
+    }
+    return TRUE;
+}
+
diff --git a/course/frida/03_frida-node/wechat-devtools/cpp-hook/test/wechat-devtools/framework.h b/course/frida/03_frida-node/wechat-devtools/cpp-hook/test/wechat-devtools/framework.h
new file mode 100644
index 0000000..3f0fc4a
--- /dev/null
+++ b/course/frida/03_frida-node/wechat-devtools/cpp-hook/test/wechat-devtools/framework.h
@@ -0,0 +1,5 @@
+ï»¿#pragma once
+
+#define WIN32_LEAN_AND_MEAN             // ä»Ž Windows å¤´æ–‡ä»¶ä¸­æŽ’é™¤æžå°‘ä½¿ç”¨çš„å†…å®¹
+// Windows å¤´æ–‡ä»¶
+#include <windows.h>
diff --git a/course/frida/03_frida-node/wechat-devtools/cpp-hook/test/wechat-devtools/pch.cpp b/course/frida/03_frida-node/wechat-devtools/cpp-hook/test/wechat-devtools/pch.cpp
new file mode 100644
index 0000000..db1a479
--- /dev/null
+++ b/course/frida/03_frida-node/wechat-devtools/cpp-hook/test/wechat-devtools/pch.cpp
@@ -0,0 +1,5 @@
+ï»¿// pch.cpp: ä¸Žé¢„ç¼–è¯‘æ ‡å¤´å¯¹åº”çš„æºæ–‡ä»¶
+
+#include "pch.h"
+
+// å½“ä½¿ç”¨é¢„ç¼–è¯‘çš„å¤´æ—¶ï¼Œéœ€è¦ä½¿ç”¨æ­¤æºæ–‡ä»¶ï¼Œç¼–è¯‘æ‰èƒ½æˆåŠŸã€‚
diff --git a/course/frida/03_frida-node/wechat-devtools/cpp-hook/test/wechat-devtools/pch.h b/course/frida/03_frida-node/wechat-devtools/cpp-hook/test/wechat-devtools/pch.h
new file mode 100644
index 0000000..aa4549e
--- /dev/null
+++ b/course/frida/03_frida-node/wechat-devtools/cpp-hook/test/wechat-devtools/pch.h
@@ -0,0 +1,13 @@
+ï»¿// pch.h: è¿™æ˜¯é¢„ç¼–è¯‘æ ‡å¤´æ–‡ä»¶ã€‚
+// ä¸‹æ–¹åˆ—å‡ºçš„æ–‡ä»¶ä»…ç¼–è¯‘ä¸€æ¬¡ï¼Œæé«˜äº†å°†æ¥ç”Ÿæˆçš„ç”Ÿæˆæ€§èƒ½ã€‚
+// è¿™è¿˜å°†å½±å“ IntelliSense æ€§èƒ½ï¼ŒåŒ…æ‹¬ä»£ç å®Œæˆå’Œè®¸å¤šä»£ç æµè§ˆåŠŸèƒ½ã€‚
+// ä½†æ˜¯ï¼Œå¦‚æžœæ­¤å¤„åˆ—å‡ºçš„æ–‡ä»¶ä¸­çš„ä»»ä½•ä¸€ä¸ªåœ¨ç”Ÿæˆä¹‹é—´æœ‰æ›´æ–°ï¼Œå®ƒä»¬å…¨éƒ¨éƒ½å°†è¢«é‡æ–°ç¼–è¯‘ã€‚
+// è¯·å‹¿åœ¨æ­¤å¤„æ·»åŠ è¦é¢‘ç¹æ›´æ–°çš„æ–‡ä»¶ï¼Œè¿™å°†ä½¿å¾—æ€§èƒ½ä¼˜åŠ¿æ— æ•ˆã€‚
+
+#ifndef PCH_H
+#define PCH_H
+
+// æ·»åŠ è¦åœ¨æ­¤å¤„é¢„ç¼–è¯‘çš„æ ‡å¤´
+#include "framework.h"
+
+#endif //PCH_H
diff --git a/course/frida/03_frida-node/wechat-devtools/cpp-hook/test/wechat-devtools/wechat-devtools.vcxproj b/course/frida/03_frida-node/wechat-devtools/cpp-hook/test/wechat-devtools/wechat-devtools.vcxproj
new file mode 100644
index 0000000..af2efbe
--- /dev/null
+++ b/course/frida/03_frida-node/wechat-devtools/cpp-hook/test/wechat-devtools/wechat-devtools.vcxproj
@@ -0,0 +1,171 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <VCProjectVersion>16.0</VCProjectVersion>
+    <Keyword>Win32Proj</Keyword>
+    <ProjectGuid>{8c4064e2-3cd3-4706-b746-d1129a52a875}</ProjectGuid>
+    <RootNamespace>wechatdevtools</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v142</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v142</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v142</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v142</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="Shared">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>WIN32;_DEBUG;WECHATDEVTOOLS_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <PrecompiledHeader>Use</PrecompiledHeader>
+      <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
+    </ClCompile>
+    <Link>
+      <SubSystem>Windows</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableUAC>false</EnableUAC>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>WIN32;NDEBUG;WECHATDEVTOOLS_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <PrecompiledHeader>Use</PrecompiledHeader>
+      <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
+    </ClCompile>
+    <Link>
+      <SubSystem>Windows</SubSystem>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableUAC>false</EnableUAC>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>_DEBUG;WECHATDEVTOOLS_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <PrecompiledHeader>Use</PrecompiledHeader>
+      <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
+    </ClCompile>
+    <Link>
+      <SubSystem>Windows</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableUAC>false</EnableUAC>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>NDEBUG;WECHATDEVTOOLS_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <PrecompiledHeader>Use</PrecompiledHeader>
+      <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
+    </ClCompile>
+    <Link>
+      <SubSystem>Windows</SubSystem>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableUAC>false</EnableUAC>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClInclude Include="common\EZDetour.h" />
+    <ClInclude Include="framework.h" />
+    <ClInclude Include="pch.h" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="common\EZDetour.cpp" />
+    <ClCompile Include="dllmain.cpp" />
+    <ClCompile Include="pch.cpp">
+      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader>
+      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">Create</PrecompiledHeader>
+      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Create</PrecompiledHeader>
+      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'">Create</PrecompiledHeader>
+    </ClCompile>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/course/frida/03_frida-node/wechat-devtools/cpp-hook/test/wechat-devtools/wechat-devtools.vcxproj.filters b/course/frida/03_frida-node/wechat-devtools/cpp-hook/test/wechat-devtools/wechat-devtools.vcxproj.filters
new file mode 100644
index 0000000..14161ad
--- /dev/null
+++ b/course/frida/03_frida-node/wechat-devtools/cpp-hook/test/wechat-devtools/wechat-devtools.vcxproj.filters
@@ -0,0 +1,42 @@
+ï»¿<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="æºæ–‡ä»¶">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="å¤´æ–‡ä»¶">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd</Extensions>
+    </Filter>
+    <Filter Include="èµ„æºæ–‡ä»¶">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+    <Filter Include="common">
+      <UniqueIdentifier>{06fa8db7-3a12-40e6-ba40-7076342bd4db}</UniqueIdentifier>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="framework.h">
+      <Filter>å¤´æ–‡ä»¶</Filter>
+    </ClInclude>
+    <ClInclude Include="pch.h">
+      <Filter>å¤´æ–‡ä»¶</Filter>
+    </ClInclude>
+    <ClInclude Include="common\EZDetour.h">
+      <Filter>common</Filter>
+    </ClInclude>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="dllmain.cpp">
+      <Filter>æºæ–‡ä»¶</Filter>
+    </ClCompile>
+    <ClCompile Include="pch.cpp">
+      <Filter>æºæ–‡ä»¶</Filter>
+    </ClCompile>
+    <ClCompile Include="common\EZDetour.cpp">
+      <Filter>common</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
-- 
GitLab