pch.cpp

// pch.cpp: 与预编译标头对应的源文件

#include "pch.h"

// 当使用预编译的头时，需要使用此源文件，编译才能成功。
DWORD SendImageOffset = 0x0;
DWORD SendTextOffset = 0x0;
DWORD SendFileOffset = 0x0;
DWORD GetFriendListInitOffset = 0x0;
DWORD GetFriendListRemoteOffset = 0x0;
DWORD GetFriendListFinishOffset = 0x0;

HANDLE hProcess = NULL;

bool isFileExists_stat(string& name) {
    struct stat buffer;
    return (stat(name.c_str(), &buffer) == 0);
}

BOOL CreateConsole(void) {
    if (AllocConsole()) {
        AttachConsole(GetCurrentProcessId());
        FILE* retStream;
        freopen_s(&retStream, "CONOUT$", "w", stdout);
        if (!retStream) throw std::runtime_error("Stdout redirection failed.");
        freopen_s(&retStream, "CONOUT$", "w", stderr);
        if (!retStream) throw std::runtime_error("Stderr redirection failed.");
        return 0;
    }
    return 1;
}

DWORD GetWeChatRobotBase() {
    if (!hProcess)
        return 0;
    DWORD dwWriteSize = 0;
    LPVOID pRemoteAddress = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
    if (pRemoteAddress)
        WriteProcessMemory(hProcess, pRemoteAddress, dllname, wcslen(dllname) * 2 + 2, &dwWriteSize);
    else
        return 0;
    DWORD dwHandle, dwID;
    LPVOID pFunc = GetModuleHandleW;
    HANDLE hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)pFunc, pRemoteAddress, 0, &dwID);
    if (hThread) {
        WaitForSingleObject(hThread, INFINITE);
        GetExitCodeThread(hThread, &dwHandle);
    }
    else {
        return 0;
    }
    CloseHandle(hThread);
    VirtualFreeEx(hProcess, pRemoteAddress, 0, MEM_RELEASE);
    return dwHandle;
}

void GetProcOffset(wchar_t* workPath) {
    wchar_t* dllpath = new wchar_t[MAX_PATH];
    swprintf_s(dllpath, MAX_PATH, L"%ws%ws%ws", workPath, L"\\", dllname);
    string name = _com_util::ConvertBSTRToString((BSTR)dllpath);
    if (!isFileExists_stat(name)) {
        MessageBoxA(NULL, name.c_str(), "文件不存在", MB_ICONWARNING);
        return;
    }
    HMODULE hd = LoadLibraryW(dllpath);
    if (!hd)
        return;
    DWORD WeChatBase = (DWORD)GetModuleHandleW(dllname);

    DWORD SendImageProcAddr = (DWORD)GetProcAddress(hd, SendImageRemote);
    SendImageOffset = SendImageProcAddr - WeChatBase;
    DWORD SendTextProcAddr = (DWORD)GetProcAddress(hd, SendTextRemote);
    SendTextOffset = SendTextProcAddr - WeChatBase;
    DWORD SendFileProcAddr = (DWORD)GetProcAddress(hd, SendFileRemote);
    SendFileOffset = SendFileProcAddr - WeChatBase;

    DWORD GetFriendListInitProcAddr = (DWORD)GetProcAddress(hd, GetFriendListInit);
    GetFriendListInitOffset = GetFriendListInitProcAddr - WeChatBase;

    DWORD GetFriendListRemoteProcAddr = (DWORD)GetProcAddress(hd, GetFriendListRemote);
    GetFriendListRemoteOffset = GetFriendListRemoteProcAddr - WeChatBase;

    DWORD GetFriendListFinishProcAddr = (DWORD)GetProcAddress(hd, GetFriendListFinish);
    GetFriendListFinishOffset = GetFriendListFinishProcAddr - WeChatBase;

    FreeLibrary(hd);
    delete[] dllpath;
    dllpath = NULL;
}

DWORD GetWeChatPid() {
    HWND hCalc = FindWindow(NULL, L"微信");
    DWORD wxPid = 0;
    GetWindowThreadProcessId(hCalc, &wxPid);
    if (wxPid == 0) {
        hCalc = FindWindow(NULL, L"微信测试版");
        GetWindowThreadProcessId(hCalc, &wxPid);
    }
    return wxPid;
}

DWORD StartRobotService(wchar_t* workPath) {
    DWORD wxPid = GetWeChatPid();
    if (!wxPid) {
        MessageBoxA(NULL, "请先启动目标程序", "提示", MB_ICONWARNING);
        return 1;
    }
    GetProcOffset(workPath);
    hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, wxPid);
    bool status = Injert(wxPid, workPath);
    return status;
}

DWORD StopRobotService() {
    if (!hProcess)
        return 1;
    DWORD wxPid = GetWeChatPid();
    RemoveDll(wxPid);
    CloseHandle(hProcess);
    return 0;
}