个人信息兼容老微信号，添加接收消息逻辑

ec89375b · ljc545w · a05bce3c · ec89375b · ec89375b · ec89375b
23 changed file
--- a/CWeChatRobot/ReceiveMessage.cpp
+++ b/CWeChatRobot/ReceiveMessage.cpp
+#include "pch.h"
+
+BOOL ReceiveMessageHooked = FALSE;
+
+struct GetRemoteMessageStruct {
+    DWORD type;
+    DWORD sender;
+    DWORD l_sender;
+    DWORD wxid;
+    DWORD l_wxid;
+    DWORD message;
+    DWORD l_message;
+};
+
+struct MessageStruct {
+    DWORD type;
+    wchar_t* sender;
+    wchar_t* wxid;
+    wchar_t* message;
+};
+
+BOOL StartReceiveMessage() {
+    if (!hProcess || ReceiveMessageHooked)
+        return 1;
+    DWORD WeChatRobotBase = GetWeChatRobotBase();
+    DWORD dwId = 0;
+
+    DWORD HookReceiveMessageAddr = WeChatRobotBase + HookReceiveMessageRemoteOffset;
+    HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)HookReceiveMessageAddr, NULL, 0, &dwId);
+    if (hThread) {
+        WaitForSingleObject(hThread, INFINITE);
+    }
+    else {
+        return 1;
+    }
+    CloseHandle(hThread);
+    ReceiveMessageHooked = TRUE;
+    return 0;
+}
+
+BOOL StopReceiveMessage() {
+    if (!hProcess || !ReceiveMessageHooked)
+        return 1;
+    DWORD WeChatRobotBase = GetWeChatRobotBase();
+    DWORD dwId = 0;
+
+    DWORD UnHookReceiveMessageAddr = WeChatRobotBase + UnHookReceiveMessageRemoteOffset;
+    HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)UnHookReceiveMessageAddr, NULL, 0, &dwId);
+    if (hThread) {
+        WaitForSingleObject(hThread, INFINITE);
+    }
+    else {
+        return 1;
+    }
+    CloseHandle(hThread);
+    ReceiveMessageHooked = FALSE;
+    return 0;
+}
+
+BOOL GetHeadMessage(GetRemoteMessageStruct* message) {
+    if (!hProcess || !ReceiveMessageHooked)
+        return 1;
+    DWORD WeChatRobotBase = GetWeChatRobotBase();
+    DWORD dwId = 0;
+    DWORD dwHandle = 0;
+    DWORD GetHeadMessageAddr = WeChatRobotBase + GetHeadMessageRemoteOffset;
+    HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)GetHeadMessageAddr, NULL, 0, &dwId);
+    
+    if (hThread) {
+        WaitForSingleObject(hThread, INFINITE);
+        GetExitCodeThread(hThread, &dwHandle);
+    }
+    else {
+        return 1;
+    }
+    if (!dwHandle)
+        return 0;
+    ReadProcessMemory(hProcess,(LPCVOID)dwHandle, message,sizeof(GetRemoteMessageStruct),0);
+    CloseHandle(hThread);
+    return 0;
+}
+
+BOOL PopHeadMessage() {
+    if (!hProcess || !ReceiveMessageHooked)
+        return 1;
+    DWORD WeChatRobotBase = GetWeChatRobotBase();
+    DWORD dwId = 0;
+    DWORD PopHeadMessageAddr = WeChatRobotBase + PopHeadMessageRemoteOffset;
+    HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)PopHeadMessageAddr, NULL, 0, &dwId);
+    if (hThread) {
+        WaitForSingleObject(hThread, INFINITE);
+    }
+    else {
+        return 1;
+    }
+    CloseHandle(hThread);
+    return 0;
+}
+
+SAFEARRAY* ReceiveMessage() {
+    if (!hProcess || !ReceiveMessageHooked)
+        return NULL;
+    GetRemoteMessageStruct remotemessage = { 0 };
+    MessageStruct message = { 0 };
+    HRESULT hr = S_OK;
+    GetHeadMessage(&remotemessage);
+    printf("0x%X,0x%08X,0x%08X,0x%08X\n", remotemessage.type, remotemessage.sender, remotemessage.wxid, remotemessage.message);
+    DWORD dwInfoAddr = 0;
+    if (remotemessage.type) {
+        message.type = remotemessage.type;
+        message.sender = new wchar_t[remotemessage.l_sender + 1];
+        ReadProcessMemory(hProcess, (LPCVOID)remotemessage.sender, message.sender, (remotemessage.l_sender + 1) * sizeof(wchar_t), 0);
+        message.wxid = new wchar_t[remotemessage.l_wxid + 1];
+        ReadProcessMemory(hProcess, (LPCVOID)remotemessage.wxid, message.wxid, (remotemessage.l_wxid + 1) * sizeof(wchar_t), 0);
+        message.message = new wchar_t[remotemessage.l_message + 1];
+        ReadProcessMemory(hProcess, (LPCVOID)remotemessage.message, message.message, (remotemessage.l_message + 1) * sizeof(wchar_t), 0);
+    }
+    else {
+        return NULL;
+    }
+    printf("%ws\n", message.wxid);
+    PopHeadMessage();
+    SAFEARRAY* psaValue;
+    vector<wstring> MessageInfoKey = {
+        L"type",
+        L"sender",
+        L"wxid",
+        L"message",
+    };
+    SAFEARRAYBOUND rgsaBound[2] = { {4,0},{2,0} };
+    psaValue = SafeArrayCreate(VT_VARIANT, 2, rgsaBound);
+    long keyIndex[2] = { 0,0 };
+    keyIndex[0] = 0; keyIndex[1] = 0;
+    hr = SafeArrayPutElement(psaValue, keyIndex, &(_variant_t)MessageInfoKey[0].c_str());
+    keyIndex[0] = 0; keyIndex[1] = 1;
+    hr = SafeArrayPutElement(psaValue, keyIndex, &(_variant_t)message.type);
+    keyIndex[0] = 1; keyIndex[1] = 0;
+    hr = SafeArrayPutElement(psaValue, keyIndex, &(_variant_t)MessageInfoKey[1].c_str());
+    keyIndex[0] = 1; keyIndex[1] = 1;
+    hr = SafeArrayPutElement(psaValue, keyIndex, &(_variant_t)message.sender);
+    keyIndex[0] = 2; keyIndex[1] = 0;
+    hr = SafeArrayPutElement(psaValue, keyIndex, &(_variant_t)MessageInfoKey[2].c_str());
+    keyIndex[0] = 2; keyIndex[1] = 1;
+    hr = SafeArrayPutElement(psaValue, keyIndex, &(_variant_t)message.wxid);
+    keyIndex[0] = 3; keyIndex[1] = 0;
+    hr = SafeArrayPutElement(psaValue, keyIndex, &(_variant_t)MessageInfoKey[3].c_str());
+    keyIndex[0] = 3; keyIndex[1] = 1;
+    hr = SafeArrayPutElement(psaValue, keyIndex, &(_variant_t)message.message);
+    return psaValue;
+}
\ No newline at end of file
--- a/CWeChatRobot/ReceiveMessage.h
+++ b/CWeChatRobot/ReceiveMessage.h
+#pragma once
+#include<windows.h>
+BOOL StartReceiveMessage();
+SAFEARRAY* ReceiveMessage();
+BOOL StopReceiveMessage();
\ No newline at end of file
--- a/CWeChatRobot/WeChatRobot.cpp
+++ b/CWeChatRobot/WeChatRobot.cpp
@@ -148,4 +148,31 @@ STDMETHODIMP CWeChatRobot::CGetComWorkPath(BSTR* __result) {
    string path = _com_util::ConvertBSTRToString((BSTR)(GetComWorkPath().c_str()));
    *__result = _com_util::ConvertStringToBSTR(path.c_str());
    return S_OK;
+}
+
+/*
+* 参数1：预返回的值，调用时无需提供
+*/
+STDMETHODIMP CWeChatRobot::CStartReceiveMessage(int* __result) {
+    *__result = StartReceiveMessage();
+    return S_OK;
+}
+
+/*
+* 参数1：预返回的值，调用时无需提供
+*/
+STDMETHODIMP CWeChatRobot::CReceiveMessage(VARIANT* __result) {
+    VARIANT vsaValue;
+    vsaValue.vt = VT_ARRAY | VT_VARIANT;
+    V_ARRAY(&vsaValue) = ReceiveMessage();
+    *__result = vsaValue;
+    return S_OK;
+}
+
+/*
+* 参数1：预返回的值，调用时无需提供
+*/
+STDMETHODIMP CWeChatRobot::CStopReceiveMessage(int* __result) {
+    *__result = StopReceiveMessage();
+    return S_OK;
 }
\ No newline at end of file
--- a/CWeChatRobot/WeChatRobot.h
+++ b/CWeChatRobot/WeChatRobot.h
@@ -66,6 +66,9 @@ public:
 	STDMETHODIMP CCheckFriendStatus(BSTR wxid, int* __result);
 	STDMETHODIMP CCheckFriendStatusFinish(int* __result);
 	STDMETHODIMP CGetComWorkPath(BSTR* __result);
+	STDMETHODIMP CStartReceiveMessage(int* __result);
+	STDMETHODIMP CReceiveMessage(VARIANT* __result);
+	STDMETHODIMP CStopReceiveMessage(int* __result);
 };

 OBJECT_ENTRY_AUTO(__uuidof(WeChatRobot), CWeChatRobot)
--- a/CWeChatRobot/WeChatRobotCOM.idl
+++ b/CWeChatRobot/WeChatRobotCOM.idl
@@ -31,6 +31,9 @@ interface IWeChatRobot : IDispatch
 	[id(13)] HRESULT CCheckFriendStatus([in] BSTR wxid, [out, retval] int* __result);
 	[id(14)] HRESULT CCheckFriendStatusFinish([out, retval] int* __result);
 	[id(15)] HRESULT CGetComWorkPath([out, retval] BSTR* __result);
+	[id(16)] HRESULT CStartReceiveMessage([out, retval] int* __result);
+	[id(17)] HRESULT CReceiveMessage([out, retval] VARIANT* __result);
+	[id(18)] HRESULT CStopReceiveMessage([out, retval] int* __result);
 };
 [
 	uuid(721abb35-141a-4aa2-94f2-762e2833fa6c),

--- a/CWeChatRobot/WeChatRobotCOM.vcxproj
+++ b/CWeChatRobot/WeChatRobotCOM.vcxproj
@@ -216,6 +216,7 @@
    <ClInclude Include="FriendList.h" />
    <ClInclude Include="InjertDll.h" />
    <ClInclude Include="pch.h" />
+    <ClInclude Include="ReceiveMessage.h" />
    <ClInclude Include="Resource.h" />
    <ClInclude Include="robotdata.h" />
    <ClInclude Include="SelfInfo.h" />
@@ -240,6 +241,7 @@
      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Create</PrecompiledHeader>
      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'">Create</PrecompiledHeader>
    </ClCompile>
+    <ClCompile Include="ReceiveMessage.cpp" />
    <ClCompile Include="SelfInfo.cpp" />
    <ClCompile Include="SendArticle.cpp" />
    <ClCompile Include="SendCard.cpp" />

--- a/CWeChatRobot/WeChatRobotCOM.vcxproj.filters
+++ b/CWeChatRobot/WeChatRobotCOM.vcxproj.filters
@@ -53,6 +53,9 @@
    <Filter Include="好友相关\好友状态">
      <UniqueIdentifier>{2543fa88-031d-42ca-9dd1-ac564ee2f744}</UniqueIdentifier>
    </Filter>
+    <Filter Include="接收消息">
+      <UniqueIdentifier>{9f0d63f2-46a6-4d9c-83dd-ed19792705d0}</UniqueIdentifier>
+    </Filter>
  </ItemGroup>
  <ItemGroup>
    <ClInclude Include="framework.h">
@@ -109,6 +112,9 @@
    <ClInclude Include="CheckFriendStatus.h">
      <Filter>好友相关\好友状态</Filter>
    </ClInclude>
+    <ClInclude Include="ReceiveMessage.h">
+      <Filter>接收消息</Filter>
+    </ClInclude>
  </ItemGroup>
  <ItemGroup>
    <ClCompile Include="WeChatRobotCOM.cpp">
@@ -156,6 +162,9 @@
    <ClCompile Include="CheckFriendStatus.cpp">
      <Filter>好友相关\好友状态</Filter>
    </ClCompile>
+    <ClCompile Include="ReceiveMessage.cpp">
+      <Filter>接收消息</Filter>
+    </ClCompile>
  </ItemGroup>
  <ItemGroup>
    <ResourceCompile Include="WeChatRobotCOM.rc">

--- a/CWeChatRobot/WeChatRobotCOM_i.h
+++ b/CWeChatRobot/WeChatRobotCOM_i.h
@@ -148,6 +148,15 @@ EXTERN_C const IID IID_IWeChatRobot;
        virtual /* [id] */ HRESULT STDMETHODCALLTYPE CGetComWorkPath( 
            /* [retval][out] */ BSTR *__result) = 0;
        
+        virtual /* [id] */ HRESULT STDMETHODCALLTYPE CStartReceiveMessage( 
+            /* [retval][out] */ int *__result) = 0;
+        
+        virtual /* [id] */ HRESULT STDMETHODCALLTYPE CReceiveMessage( 
+            /* [retval][out] */ VARIANT *__result) = 0;
+        
+        virtual /* [id] */ HRESULT STDMETHODCALLTYPE CStopReceiveMessage( 
+            /* [retval][out] */ int *__result) = 0;
+        
    };
    
    
@@ -281,6 +290,18 @@ EXTERN_C const IID IID_IWeChatRobot;
            IWeChatRobot * This,
            /* [retval][out] */ BSTR *__result);
        
+        /* [id] */ HRESULT ( STDMETHODCALLTYPE *CStartReceiveMessage )( 
+            IWeChatRobot * This,
+            /* [retval][out] */ int *__result);
+        
+        /* [id] */ HRESULT ( STDMETHODCALLTYPE *CReceiveMessage )( 
+            IWeChatRobot * This,
+            /* [retval][out] */ VARIANT *__result);
+        
+        /* [id] */ HRESULT ( STDMETHODCALLTYPE *CStopReceiveMessage )( 
+            IWeChatRobot * This,
+            /* [retval][out] */ int *__result);
+        
        END_INTERFACE
    } IWeChatRobotVtbl;

@@ -362,6 +383,15 @@ EXTERN_C const IID IID_IWeChatRobot;
 #define IWeChatRobot_CGetComWorkPath(This,__result)	\
    ( (This)->lpVtbl -> CGetComWorkPath(This,__result) ) 

+#define IWeChatRobot_CStartReceiveMessage(This,__result)	\
+    ( (This)->lpVtbl -> CStartReceiveMessage(This,__result) ) 
+
+#define IWeChatRobot_CReceiveMessage(This,__result)	\
+    ( (This)->lpVtbl -> CReceiveMessage(This,__result) ) 
+
+#define IWeChatRobot_CStopReceiveMessage(This,__result)	\
+    ( (This)->lpVtbl -> CStopReceiveMessage(This,__result) ) 
+
 #endif /* COBJMACROS */



--- a/CWeChatRobot/WeChatRobotCOM_p.c
+++ b/CWeChatRobot/WeChatRobotCOM_p.c
@@ -49,7 +49,7 @@
 #include "WeChatRobotCOM_i.h"

 #define TYPE_FORMAT_STRING_SIZE   1221                              
-#define PROC_FORMAT_STRING_SIZE   631                               
+#define PROC_FORMAT_STRING_SIZE   739                               
 #define EXPR_FORMAT_STRING_SIZE   1                                 
 #define TRANSMIT_AS_TABLE_SIZE    0            
 #define WIRE_MARSHAL_TABLE_SIZE   2            
@@ -657,6 +657,98 @@ static const WeChatRobotCOM_MIDL_PROC_FORMAT_STRING WeChatRobotCOM__MIDL_ProcFor
 /* 628 */	0x8,		/* FC_LONG */
 			0x0,		/* 0 */

+	/* Procedure CStartReceiveMessage */
+
+/* 630 */	0x33,		/* FC_AUTO_HANDLE */
+			0x6c,		/* Old Flags:  object, Oi2 */
+/* 632 */	NdrFcLong( 0x0 ),	/* 0 */
+/* 636 */	NdrFcShort( 0x16 ),	/* 22 */
+/* 638 */	NdrFcShort( 0xc ),	/* x86 Stack size/offset = 12 */
+/* 640 */	NdrFcShort( 0x0 ),	/* 0 */
+/* 642 */	NdrFcShort( 0x24 ),	/* 36 */
+/* 644 */	0x44,		/* Oi2 Flags:  has return, has ext, */
+			0x2,		/* 2 */
+/* 646 */	0x8,		/* 8 */
+			0x41,		/* Ext Flags:  new corr desc, has range on conformance */
+/* 648 */	NdrFcShort( 0x0 ),	/* 0 */
+/* 650 */	NdrFcShort( 0x0 ),	/* 0 */
+/* 652 */	NdrFcShort( 0x0 ),	/* 0 */
+
+	/* Parameter __result */
+
+/* 654 */	NdrFcShort( 0x2150 ),	/* Flags:  out, base type, simple ref, srv alloc size=8 */
+/* 656 */	NdrFcShort( 0x4 ),	/* x86 Stack size/offset = 4 */
+/* 658 */	0x8,		/* FC_LONG */
+			0x0,		/* 0 */
+
+	/* Return value */
+
+/* 660 */	NdrFcShort( 0x70 ),	/* Flags:  out, return, base type, */
+/* 662 */	NdrFcShort( 0x8 ),	/* x86 Stack size/offset = 8 */
+/* 664 */	0x8,		/* FC_LONG */
+			0x0,		/* 0 */
+
+	/* Procedure CReceiveMessage */
+
+/* 666 */	0x33,		/* FC_AUTO_HANDLE */
+			0x6c,		/* Old Flags:  object, Oi2 */
+/* 668 */	NdrFcLong( 0x0 ),	/* 0 */
+/* 672 */	NdrFcShort( 0x17 ),	/* 23 */
+/* 674 */	NdrFcShort( 0xc ),	/* x86 Stack size/offset = 12 */
+/* 676 */	NdrFcShort( 0x0 ),	/* 0 */
+/* 678 */	NdrFcShort( 0x8 ),	/* 8 */
+/* 680 */	0x45,		/* Oi2 Flags:  srv must size, has return, has ext, */
+			0x2,		/* 2 */
+/* 682 */	0x8,		/* 8 */
+			0x43,		/* Ext Flags:  new corr desc, clt corr check, has range on conformance */
+/* 684 */	NdrFcShort( 0x1 ),	/* 1 */
+/* 686 */	NdrFcShort( 0x0 ),	/* 0 */
+/* 688 */	NdrFcShort( 0x0 ),	/* 0 */
+
+	/* Parameter __result */
+
+/* 690 */	NdrFcShort( 0x4113 ),	/* Flags:  must size, must free, out, simple ref, srv alloc size=16 */
+/* 692 */	NdrFcShort( 0x4 ),	/* x86 Stack size/offset = 4 */
+/* 694 */	NdrFcShort( 0x4ac ),	/* Type Offset=1196 */
+
+	/* Return value */
+
+/* 696 */	NdrFcShort( 0x70 ),	/* Flags:  out, return, base type, */
+/* 698 */	NdrFcShort( 0x8 ),	/* x86 Stack size/offset = 8 */
+/* 700 */	0x8,		/* FC_LONG */
+			0x0,		/* 0 */
+
+	/* Procedure CStopReceiveMessage */
+
+/* 702 */	0x33,		/* FC_AUTO_HANDLE */
+			0x6c,		/* Old Flags:  object, Oi2 */
+/* 704 */	NdrFcLong( 0x0 ),	/* 0 */
+/* 708 */	NdrFcShort( 0x18 ),	/* 24 */
+/* 710 */	NdrFcShort( 0xc ),	/* x86 Stack size/offset = 12 */
+/* 712 */	NdrFcShort( 0x0 ),	/* 0 */
+/* 714 */	NdrFcShort( 0x24 ),	/* 36 */
+/* 716 */	0x44,		/* Oi2 Flags:  has return, has ext, */
+			0x2,		/* 2 */
+/* 718 */	0x8,		/* 8 */
+			0x41,		/* Ext Flags:  new corr desc, has range on conformance */
+/* 720 */	NdrFcShort( 0x0 ),	/* 0 */
+/* 722 */	NdrFcShort( 0x0 ),	/* 0 */
+/* 724 */	NdrFcShort( 0x0 ),	/* 0 */
+
+	/* Parameter __result */
+
+/* 726 */	NdrFcShort( 0x2150 ),	/* Flags:  out, base type, simple ref, srv alloc size=8 */
+/* 728 */	NdrFcShort( 0x4 ),	/* x86 Stack size/offset = 4 */
+/* 730 */	0x8,		/* FC_LONG */
+			0x0,		/* 0 */
+
+	/* Return value */
+
+/* 732 */	NdrFcShort( 0x70 ),	/* Flags:  out, return, base type, */
+/* 734 */	NdrFcShort( 0x8 ),	/* x86 Stack size/offset = 8 */
+/* 736 */	0x8,		/* FC_LONG */
+			0x0,		/* 0 */
+
 			0x0
        }
    };
@@ -1504,7 +1596,10 @@ static const unsigned short IWeChatRobot_FormatStringOffsetTable[] =
    480,
    516,
    558,
-    594
+    594,
+    630,
+    666,
+    702
    };

 static const MIDL_STUBLESS_PROXY_INFO IWeChatRobot_ProxyInfo =
@@ -1528,7 +1623,7 @@ static const MIDL_SERVER_INFO IWeChatRobot_ServerInfo =
    0,
    0,
    0};
-CINTERFACE_PROXY_VTABLE(22) _IWeChatRobotProxyVtbl = 
+CINTERFACE_PROXY_VTABLE(25) _IWeChatRobotProxyVtbl = 
 {
    &IWeChatRobot_ProxyInfo,
    &IID_IWeChatRobot,
@@ -1553,7 +1648,10 @@ CINTERFACE_PROXY_VTABLE(22) _IWeChatRobotProxyVtbl =
    (void *) (INT_PTR) -1 /* IWeChatRobot::CCheckFriendStatusInit */ ,
    (void *) (INT_PTR) -1 /* IWeChatRobot::CCheckFriendStatus */ ,
    (void *) (INT_PTR) -1 /* IWeChatRobot::CCheckFriendStatusFinish */ ,
-    (void *) (INT_PTR) -1 /* IWeChatRobot::CGetComWorkPath */
+    (void *) (INT_PTR) -1 /* IWeChatRobot::CGetComWorkPath */ ,
+    (void *) (INT_PTR) -1 /* IWeChatRobot::CStartReceiveMessage */ ,
+    (void *) (INT_PTR) -1 /* IWeChatRobot::CReceiveMessage */ ,
+    (void *) (INT_PTR) -1 /* IWeChatRobot::CStopReceiveMessage */
 };


@@ -1577,6 +1675,9 @@ static const PRPC_STUB_FUNCTION IWeChatRobot_table[] =
    NdrStubCall2,
    NdrStubCall2,
    NdrStubCall2,
+    NdrStubCall2,
+    NdrStubCall2,
+    NdrStubCall2,
    NdrStubCall2
 };

@@ -1584,7 +1685,7 @@ CInterfaceStubVtbl _IWeChatRobotStubVtbl =
 {
    &IID_IWeChatRobot,
    &IWeChatRobot_ServerInfo,
-    22,
+    25,
    &IWeChatRobot_table[-3],
    CStdStubBuffer_DELEGATING_METHODS
 };

--- a/CWeChatRobot/pch.cpp
+++ b/CWeChatRobot/pch.cpp
@@ -23,6 +23,11 @@ DWORD CheckFriendStatusInitRemoteOffset = 0x0;
 DWORD CheckFriendStatusRemoteOffset = 0x0;
 DWORD CheckFriendStatusFinishRemoteOffset = 0x0;

+DWORD HookReceiveMessageRemoteOffset = 0x0;
+DWORD UnHookReceiveMessageRemoteOffset = 0x0;
+DWORD GetHeadMessageRemoteOffset = 0x0;
+DWORD PopHeadMessageRemoteOffset = 0x0;
+
 wstring SelfInfoString = L"";

 HANDLE hProcess = NULL;
@@ -117,6 +122,15 @@ void GetProcOffset(wchar_t* workPath) {
    DWORD CheckFriendStatusFinishRemoteAddr = (DWORD)GetProcAddress(hd, CheckFriendStatusFinishRemote);
    CheckFriendStatusFinishRemoteOffset = CheckFriendStatusFinishRemoteAddr - WeChatBase;

+    DWORD HookReceiveMessageRemoteAddr = (DWORD)GetProcAddress(hd, HookReceiveMessageRemote);
+    HookReceiveMessageRemoteOffset = HookReceiveMessageRemoteAddr - WeChatBase;
+    DWORD UnHookReceiveMessageRemoteAddr = (DWORD)GetProcAddress(hd, UnHookReceiveMessageRemote);
+    UnHookReceiveMessageRemoteOffset = UnHookReceiveMessageRemoteAddr - WeChatBase;
+    DWORD GetHeadMessageRemoteAddr = (DWORD)GetProcAddress(hd, GetHeadMessageRemote);
+    GetHeadMessageRemoteOffset = GetHeadMessageRemoteAddr - WeChatBase;
+    DWORD PopHeadMessageRemoteAddr = (DWORD)GetProcAddress(hd, PopHeadMessageRemote);
+    PopHeadMessageRemoteOffset = PopHeadMessageRemoteAddr - WeChatBase;
+
    FreeLibrary(hd);
    delete[] dllpath;
    dllpath = NULL;
@@ -156,6 +170,7 @@ DWORD StopRobotService() {
        return 1;
    DWORD wxPid = GetWeChatPid();
    CheckFriendStatusFinish();
+    StopReceiveMessage();
    RemoveDll(wxPid);
    ZeroMemory((wchar_t*)SelfInfoString.c_str(), SelfInfoString.length() * 2 + 2);
    CloseHandle(hProcess);

--- a/CWeChatRobot/robotdata.h
+++ b/CWeChatRobot/robotdata.h
@@ -9,6 +9,7 @@
 #include "UserInfo.h"
 #include "SelfInfo.h"
 #include "CheckFriendStatus.h"
+#include "ReceiveMessage.h"

 extern HANDLE hProcess;
 extern DWORD SendImageOffset;
@@ -32,6 +33,11 @@ extern DWORD CheckFriendStatusInitRemoteOffset;
 extern DWORD CheckFriendStatusRemoteOffset;
 extern DWORD CheckFriendStatusFinishRemoteOffset;

+extern DWORD HookReceiveMessageRemoteOffset;
+extern DWORD UnHookReceiveMessageRemoteOffset;
+extern DWORD GetHeadMessageRemoteOffset;
+extern DWORD PopHeadMessageRemoteOffset;
+

 #define dllname L"DWeChatRobot.dll"

@@ -53,4 +59,9 @@ extern DWORD CheckFriendStatusFinishRemoteOffset;

 #define CheckFriendStatusInitRemote "CheckFriendStatusInitRemote"
 #define CheckFriendStatusRemote "CheckFriendStatusRemote"
-#define CheckFriendStatusFinishRemote "CheckFriendStatusFinishRemote"
\ No newline at end of file
+#define CheckFriendStatusFinishRemote "CheckFriendStatusFinishRemote"
+
+#define HookReceiveMessageRemote "HookReceiveMessage"
+#define UnHookReceiveMessageRemote "UnHookReceiveMessage"
+#define GetHeadMessageRemote "GetHeadMessage"
+#define PopHeadMessageRemote "PopHeadMessage"
\ No newline at end of file
--- a/DWeChatRobot/DWeChatRobot.vcxproj
+++ b/DWeChatRobot/DWeChatRobot.vcxproj
@@ -159,6 +159,7 @@
    <ClInclude Include="FriendList.h" />
    <ClInclude Include="LogMsgInfo.h" />
    <ClInclude Include="pch.h" />
+    <ClInclude Include="ReceiveMessage.h" />
    <ClInclude Include="SelfInfo.h" />
    <ClInclude Include="SendArticle.h" />
    <ClInclude Include="SendCard.h" />
@@ -177,6 +178,7 @@
      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Create</PrecompiledHeader>
      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'">Create</PrecompiledHeader>
    </ClCompile>
+    <ClCompile Include="ReceiveMessage.cpp" />
    <ClCompile Include="SelfInfo.cpp" />
    <ClCompile Include="SendArticle.cpp" />
    <ClCompile Include="SendCard.cpp" />

--- a/DWeChatRobot/DWeChatRobot.vcxproj.filters
+++ b/DWeChatRobot/DWeChatRobot.vcxproj.filters
@@ -52,6 +52,9 @@
    <Filter Include="微信日志">
      <UniqueIdentifier>{54c9691e-786d-4279-874d-b1e35673a666}</UniqueIdentifier>
    </Filter>
+    <Filter Include="接收消息">
+      <UniqueIdentifier>{4763248d-1490-48c0-aa63-bf3265cf8178}</UniqueIdentifier>
+    </Filter>
  </ItemGroup>
  <ItemGroup>
    <ClInclude Include="framework.h">
@@ -90,6 +93,9 @@
    <ClInclude Include="LogMsgInfo.h">
      <Filter>微信日志</Filter>
    </ClInclude>
+    <ClInclude Include="ReceiveMessage.h">
+      <Filter>接收消息</Filter>
+    </ClInclude>
  </ItemGroup>
  <ItemGroup>
    <ClCompile Include="dllmain.cpp">
@@ -128,5 +134,8 @@
    <ClCompile Include="LogMsgInfo.cpp">
      <Filter>微信日志</Filter>
    </ClCompile>
+    <ClCompile Include="ReceiveMessage.cpp">
+      <Filter>接收消息</Filter>
+    </ClCompile>
  </ItemGroup>
 </Project>
\ No newline at end of file
--- a/DWeChatRobot/ReceiveMessage.cpp
+++ b/DWeChatRobot/ReceiveMessage.cpp
+#include "pch.h"
+#include <vector>
+
+#define ReceiveMessageHookOffset 0x034A4F60 - 0x02FE0000
+#define ReceiveMessageNextCallOffset 0x034A0CE0 - 0x02FE0000
+
+struct messageStruct {
+	DWORD messagetype;
+	wchar_t* sender;
+	DWORD l_sender;
+	wchar_t* wxid;
+	DWORD l_wxid;
+	wchar_t* message;
+	DWORD l_message;
+};
+
+vector<messageStruct> messageVector;
+
+BOOL ReceiveMessageHooked = false;
+char OldReceiveMessageAsmCode[5] = { 0 };
+
+DWORD ReceiveMessageHookAddress = GetWeChatWinBase() + ReceiveMessageHookOffset;
+DWORD ReceiveMessageNextCall = GetWeChatWinBase() + ReceiveMessageNextCallOffset;
+DWORD JmpBackAddress = ReceiveMessageHookAddress + 0x5;
+
+VOID ReceiveMessage(DWORD messageAddr) {
+	messageStruct message = { 0 };
+	message.messagetype = *(DWORD*)(messageAddr + 0x38);
+	
+	DWORD length = *(DWORD*)(messageAddr + 0x48 + 0x4);
+	message.sender = new wchar_t[length + 1];
+	ZeroMemory(message.sender, (length + 1) * 2);
+	memcpy(message.sender,(wchar_t*)(*(DWORD*)(messageAddr + 0x48)),length * 2);
+	message.l_sender = length;
+	
+	length = *(DWORD*)(messageAddr + 0x170 + 0x4);
+	if (length == 0) {
+		message.wxid = new wchar_t[message.l_sender + 1];
+		ZeroMemory(message.wxid, (message.l_sender + 1) * 2);
+		memcpy(message.wxid, (wchar_t*)(*(DWORD*)(messageAddr + 0x48)), message.l_sender * 2);
+		message.l_wxid = message.l_sender;
+	}
+	else {
+		message.wxid = new wchar_t[length + 1];
+		ZeroMemory(message.wxid, (length + 1) * 2);
+		memcpy(message.wxid, (wchar_t*)(*(DWORD*)(messageAddr + 0x170)), length * 2);
+		message.l_wxid = length;
+	}
+	
+	length = *(DWORD*)(messageAddr + 0x70 + 0x4);
+	message.message = new wchar_t[length + 1];
+	ZeroMemory(message.message, (length + 1) * 2);
+	memcpy(message.message, (wchar_t*)(*(DWORD*)(messageAddr + 0x70)), length * 2);
+	message.l_message = length;
+
+	messageVector.push_back(message);
+}
+
+DWORD GetHeadMessage() {
+	if (messageVector.size() == 0)
+		return 0;
+	return (DWORD)&messageVector[0].messagetype;
+}
+
+VOID PopHeadMessage() {
+	if (messageVector.size() == 0)
+		return;
+	vector<messageStruct>::iterator k = messageVector.begin();
+	messageVector.erase(k);
+}
+
+_declspec(naked) void dealReceiveMessage() {
+	__asm {
+		pushad;
+		pushfd;
+		mov edi, [eax];
+		push edi;
+		call ReceiveMessage;
+		add esp, 0x4;
+		popfd;
+		popad;
+		call ReceiveMessageNextCall;
+		jmp JmpBackAddress;
+	}
+}
+
+VOID HookReceiveMessage() {
+	if (ReceiveMessageHooked)
+		return;
+	HookAnyAddress(ReceiveMessageHookAddress,(LPVOID)dealReceiveMessage,OldReceiveMessageAsmCode);
+	ReceiveMessageHooked = TRUE;
+}
+
+VOID UnHookReceiveMessage() {
+	if (!ReceiveMessageHooked)
+		return;
+	UnHookAnyAddress(ReceiveMessageHookAddress,OldReceiveMessageAsmCode);
+	ReceiveMessageHooked = FALSE;
+}
\ No newline at end of file
--- a/DWeChatRobot/ReceiveMessage.h
+++ b/DWeChatRobot/ReceiveMessage.h
+#pragma once
+#include<windows.h>
+extern "C" __declspec(dllexport) DWORD GetHeadMessage();
+extern "C" __declspec(dllexport) VOID PopHeadMessage();
+
+extern "C" __declspec(dllexport) VOID HookReceiveMessage();
+extern "C" __declspec(dllexport) VOID UnHookReceiveMessage();
\ No newline at end of file
--- a/DWeChatRobot/SelfInfo.cpp
+++ b/DWeChatRobot/SelfInfo.cpp
@@ -12,7 +12,7 @@ struct SelfInfoStruct {
 DWORD GetSelfInfoRemote() {
 	DWORD WeChatWinBase = GetWeChatWinBase();
 	vector<DWORD> SelfInfoAddr = {
-		*(DWORD*)(WeChatWinBase + 0x222EB3C),
+		WeChatWinBase + 0x222EB3C,
 		WeChatWinBase + 0x222ED30,
 		WeChatWinBase + 0x222EBB4,
 		*(DWORD*)(WeChatWinBase + 0x222ECEC),
@@ -52,6 +52,19 @@ DWORD GetSelfInfoRemote() {
 				temp = (*((DWORD*)SelfInfoAddr[i]) != 0) ? (char*)(*(DWORD*)SelfInfoAddr[i]) : (char*)"null";
 			}
 		}
+		else if (!SelfInfoKey[i].compare(L"\"wxId\"")) {
+			char wxidbuffer[0x100] = { 0 };
+			sprintf_s(wxidbuffer, "%s", (char*)SelfInfoAddr[i]);
+			if (strlen(wxidbuffer) < 0x6 || strlen(wxidbuffer) > 0x14)
+			{
+				//新的微信号 微信ID用地址保存
+				temp = (char*)(*(DWORD*)SelfInfoAddr[i]);
+			}
+			else
+			{
+				temp = (char*)SelfInfoAddr[i];
+			}
+		}
 		else {
 			temp = (char*)SelfInfoAddr[i];
 			if (strlen(temp) == 0)

--- a/DWeChatRobot/SendArticle.cpp
+++ b/DWeChatRobot/SendArticle.cpp
@@ -25,6 +25,22 @@ VOID SendArticleRemote(LPVOID lparameter) {
 	SendArticle(wxid,title,abstract,url);
 }

+DWORD GetSelfWxIdAddr() {
+	DWORD baseAddr = GetWeChatWinBase() + 0x222EB3C;
+	char wxidbuffer[0x100] = { 0 };
+	DWORD SelfWxIdAddr = 0x0;
+	sprintf_s(wxidbuffer, "%s", (char*)baseAddr);
+	if (strlen(wxidbuffer) < 0x6 || strlen(wxidbuffer) > 0x14)
+	{
+		SelfWxIdAddr = *(DWORD*)baseAddr;
+	}
+	else
+	{
+		SelfWxIdAddr = baseAddr;
+	}
+	return SelfWxIdAddr;
+}
+
 BOOL __stdcall SendArticle(wchar_t* wxid,wchar_t* title, wchar_t* abstract, wchar_t* url) {
 	DWORD WeChatWinBase = GetWeChatWinBase();
 	DWORD SendArticleCall1 = WeChatWinBase + SendArticleCall1Offset;
@@ -37,7 +53,7 @@ BOOL __stdcall SendArticle(wchar_t* wxid,wchar_t* title, wchar_t* abstract, wcha
 	DWORD SendArticleClearCacheCall1 = WeChatWinBase + SendArticleClearCacheCall1Offset;
 	DWORD SendArticleClearCacheCall2 = WeChatWinBase + SendArticleClearCacheCall2Offset;
 	// 自己的wxid，发送者
-	char* sselfwxid = (char*)(*(DWORD*)(WeChatWinBase + 0x222EB3C));
+	char* sselfwxid = (char*)GetSelfWxIdAddr();
 	wchar_t* wselfwxid = new wchar_t[strlen(sselfwxid) + 1];
 	MultiByteToWideChar(CP_ACP, MB_COMPOSITE, sselfwxid, -1, wselfwxid, strlen(sselfwxid) + 1);
 	// 构造xml数据

--- a/DWeChatRobot/dllmain.cpp
+++ b/DWeChatRobot/dllmain.cpp
@@ -20,7 +20,6 @@ BOOL APIENTRY DllMain( HMODULE hModule,
        printf("SendArticle 0x%08X\n", (DWORD)SendArticle);
        printf("SendCard 0x%08X\n", (DWORD)SendCard);
        printf("CheckFriendStatus 0x%08X\n", (DWORD)CheckFriendStatus);
-        HookLogMsgInfo();
 #endif
        break;
    }

--- a/DWeChatRobot/pch.h
+++ b/DWeChatRobot/pch.h
@@ -21,6 +21,7 @@
 #include "SendCard.h"
 #include "CheckFriendStatus.h"
 #include "LogMsgInfo.h"
+#include "ReceiveMessage.h"
 #endif //PCH_H

 using namespace std;

--- a/Release/CWeChatRobot.exe
+++ b/Release/CWeChatRobot.exe
--- a/Release/DWeChatRobot.dll
+++ b/Release/DWeChatRobot.dll
--- a/wxRobot.py
+++ b/wxRobot.py
@@ -9,6 +9,8 @@ Created on Thu Feb 24 16:19:48 2022
 # need `pip install comtypes`
 import comtypes.client
 import ast
+import threading
+import time

 class ChatSession():
    def __init__(self,robot,wxid):
@@ -41,6 +43,7 @@ class WeChatRobot():
        self.robot = comtypes.client.CreateObject("WeChatRobot.CWeChatRobot")
        self.AddressBook = []
        self.myinfo = {}
+        self.ReceiveMessageStarted = False
        
    def StartService(self):
        status = self.robot.CStartRobotService()
@@ -57,6 +60,7 @@ class WeChatRobot():
        return self.myinfo
        
    def StopService(self):
+        self.StopReceiveMessage()
        return self.robot.CStopRobotService()
    
    def GetAddressBook(self):
@@ -147,6 +151,44 @@ class WeChatRobot():
        except KeyError:
            return "未知状态：{}".format(
                    hex(status).upper().replace('0X','0x'))
+        
+    def ReceiveMessage(self,CallBackFunc = None):
+        comtypes.CoInitialize()
+        ThreadRobot = comtypes.client.CreateObject("WeChatRobot.CWeChatRobot")
+        
+        while self.ReceiveMessageStarted:
+            try:
+                message = dict(ThreadRobot.CReceiveMessage())
+                if CallBackFunc:
+                    CallBackFunc(ThreadRobot,message)
+            except IndexError:
+                message = None
+            time.sleep(0.5)
+        comtypes.CoUninitialize()
+    
+    # 接收消息的函数，可以添加一个回调
+    def StartReceiveMessage(self,CallBackFunc = None):
+        self.ReceiveMessageStarted = True
+        status = self.robot.CStartReceiveMessage()
+        self.ReceiveMessageThread = threading.Thread(target = self.ReceiveMessage,args= (CallBackFunc,))
+        self.ReceiveMessageThread.daemon = True
+        self.ReceiveMessageThread.start()
+        return status
+        
+    def StopReceiveMessage(self):
+        self.ReceiveMessageStarted = False
+        try:
+            self.ReceiveMessageThread.join()
+        except:
+            pass
+        status = self.robot.CStopReceiveMessage()
+        return status
+
+# 一个示例回调，将收到的文本消息转发给filehelper
+def ReceiveMessageCallBack(robot,message):
+    if message['type'] == 1 and message['sender'] != 'filehelper':
+        robot.CSendText('filehelper',message['message'])
+    if message['sender'] != 'filehelper': print(message)
    
 def test_SendText():
    import os
@@ -165,13 +207,12 @@ def test_SendText():
    session.SendText('好友信息：{}'.format(str(filehelper.get('wxNickName'))))
    if os.path.exists(imgpath): session.SendImage(imgpath)
    if os.path.exists(filepath): session.SendFile(filepath)
-    session.SendArticle("PC微信逆向--获取通讯录","确定不来看看么?","https://www.ljczero.top/article/2022/3/13/133.html")
+    session.SendArticle("天气预报","点击查看","http://www.baidu.com")
    shared = wx.GetFriendByWxNickName("码农翻身")
    if shared: session.SendCard(shared.get('wxid'),shared.get('wxNickName'))
    wx.StopService()
    
 def test_FriendStatus():
-    import time
    f = open('Friendstatus.txt','wt',encoding = 'utf-8')
    wx = WeChatRobot()
    wx.StartService()
@@ -190,6 +231,13 @@ def test_FriendStatus():
        break
    f.close()
    wx.StopService()
+    
+def test_ReceiveMessage():
+    wx = WeChatRobot()
+    wx.StartService()
+    wx.StartReceiveMessage(CallBackFunc = ReceiveMessageCallBack)
+    input('按Enter可退出')
+    wx.StopService()

 if __name__ == '__main__':
-    test_SendText()
\ No newline at end of file
+    test_ReceiveMessage()
\ No newline at end of file
--- a/wxRobot/bin/Release/wxRobot.exe
+++ b/wxRobot/bin/Release/wxRobot.exe