Skip to content

C
ComWeChatRobot

被猫吃掉的鱼Z / ComWeChatRobot
与 Fork 源项目一致

从无法访问的项目Fork

通知 1
Star 1
Fork 0
C
ComWeChatRobot

前往新版Gitcode,体验更适合开发者的 AI 搜索 >>

提交 74151691 编写于 作者: L ljc545w
浏览文件
操作

Merge branch 'check_null_pointer' 

重构COM中的部分实现
上级 7bf10a89 5cc352c7
展开全部 隐藏空白更改
内联 并排
Showing with 1055 addition and 1923 deletion
CWeChatRobot/AddBrandContact.cpp
浏览文件 @ 74151691
#include "pch.h"
BOOL AddBrandContact(DWORD pid,wchar_t* PublicId) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
WeChatProcess hp(pid);
if (!hp.m_init) return 1;
DWORD AddBrandContactAddr = hp.GetProcAddr(AddBrandContactRemote);
if (AddBrandContactAddr == 0)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
WeChatData<wchar_t*> r_publicid(hp.GetHandle(), PublicId, TEXTLENGTH(PublicId));
if (r_publicid.GetAddr() == 0)
return 1;
}
DWORD dwId = 0;
DWORD dwWriteSize = 0;
DWORD dwRet = 1;
LPVOID PublicIdaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
if (!PublicIdaddr) {
CloseHandle(hProcess);
return 1;
}
WriteProcessMemory(hProcess, PublicIdaddr, PublicId, wcslen(PublicId) * 2 + 2, &dwWriteSize);
DWORD AddBrandContactAddr = WeChatRobotBase + AddBrandContactRemoteOffset;
HANDLE hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)AddBrandContactAddr, (LPVOID)PublicIdaddr, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
GetExitCodeThread(hThread, &dwRet);
CloseHandle(hThread);
}
VirtualFreeEx(hProcess, PublicIdaddr, 0, MEM_RELEASE);
CloseHandle(hProcess);
return dwRet == 0;
DWORD ret = CallRemoteFunction(hp.GetHandle(), AddBrandContactAddr, r_publicid.GetAddr());
return ret == 0;
}
\ No newline at end of file
CWeChatRobot/AddChatRoomMember.cpp
浏览文件 @ 74151691
......@@ -7,66 +7,26 @@ struct AddChatRoomMemberStruct
DWORD length;
};
BOOL AddChatRoomMember(DWORD pid,wchar_t* chatroomid, wchar_t* wxid) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
BOOL AddChatRoomMember(DWORD pid, wchar_t* chatroomid, wchar_t* wxid) {
WeChatProcess hp(pid);
if (!hp.m_init) return 1;
DWORD AddChatRoomMemberRemoteAddr = hp.GetProcAddr(AddChatRoomMemberRemote);
if (AddChatRoomMemberRemoteAddr == 0)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
DWORD dwId = 0;
DWORD dwWriteSize = 0;
DWORD dwRet = 0;
AddChatRoomMemberStruct params;
ZeroMemory(&params, sizeof(params));
LPVOID chatroomidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
LPVOID wxidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
AddChatRoomMemberStruct* paramAndFunc = (AddChatRoomMemberStruct*)::VirtualAllocEx(hProcess, 0, sizeof(AddChatRoomMemberStruct), MEM_COMMIT, PAGE_READWRITE);
if (!chatroomidaddr || !wxidaddr || !paramAndFunc) {
CloseHandle(hProcess);
return 1;
}
DWORD dwTId = 0;
if (chatroomidaddr)
WriteProcessMemory(hProcess, chatroomidaddr, chatroomid, wcslen(chatroomid) * 2 + 2, &dwWriteSize);
if (wxidaddr)
WriteProcessMemory(hProcess, wxidaddr, wxid, wcslen(wxid) * 2 + 2, &dwWriteSize);
params.chatroomid = (DWORD)chatroomidaddr;
params.wxids = (DWORD)wxidaddr;
WeChatData<wchar_t*> r_chatroomid(hp.GetHandle(), chatroomid, TEXTLENGTH(chatroomid));
WeChatData<wchar_t*> r_wxid(hp.GetHandle(), wxid, TEXTLENGTH(wxid));
AddChatRoomMemberStruct params = { 0 };
params.chatroomid = (DWORD)r_chatroomid.GetAddr();
params.wxids = (DWORD)r_wxid.GetAddr();
params.length = 1;
if (paramAndFunc) {
WriteProcessMemory(hProcess, paramAndFunc, &params, sizeof(AddChatRoomMemberStruct), &dwTId);
}
else {
CloseHandle(hProcess);
return 1;
}
DWORD AddChatRoomMemberAddr = WeChatRobotBase + AddChatRoomMemberRemoteOffset;
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)AddChatRoomMemberAddr, (LPVOID)paramAndFunc, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
GetExitCodeThread(hThread, &dwRet);
CloseHandle(hThread);
}
else {
CloseHandle(hProcess);
WeChatData<AddChatRoomMemberStruct*> r_params(hp.GetHandle(), &params, sizeof(params));
if (r_chatroomid.GetAddr() == 0 || r_wxid.GetAddr() == 0 || r_params.GetAddr() == 0)
return 1;
}
VirtualFreeEx(hProcess, chatroomidaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, wxidaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, paramAndFunc, 0, MEM_RELEASE);
CloseHandle(hProcess);
return dwRet == 0;
DWORD ret = CallRemoteFunction(hp.GetHandle(), AddChatRoomMemberRemoteAddr, r_params.GetAddr());
return ret == 0;
}
BOOL AddChatRoomMember(DWORD pid,wchar_t* chatroomid, SAFEARRAY* psaValue) {
BOOL AddChatRoomMember(DWORD pid, wchar_t* chatroomid, SAFEARRAY* psaValue) {
VARIANT rgvar;
rgvar.vt = VT_BSTR;
HRESULT hr = S_OK;
......@@ -76,69 +36,36 @@ BOOL AddChatRoomMember(DWORD pid,wchar_t* chatroomid, SAFEARRAY* psaValue) {
VariantInit(&rgvar);
long pIndex = 0;
hr = SafeArrayGetElement(psaValue, &pIndex, &rgvar);
return AddChatRoomMember(pid,chatroomid, rgvar.bstrVal);
return DelChatRoomMember(pid, chatroomid, rgvar.bstrVal);
}
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
vector<void*> wxidptrs;
DWORD dwWriteSize = 0;
DWORD dwTId = 0; DWORD dwId = 0; DWORD dwRet = 0;
AddChatRoomMemberStruct params = { 0 };
LPVOID chatroomidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
LPVOID wxidptrsaddr = VirtualAllocEx(hProcess, NULL, sizeof(void*) * cElements, MEM_COMMIT, PAGE_READWRITE);
AddChatRoomMemberStruct* paramAndFunc = (AddChatRoomMemberStruct*)::VirtualAllocEx(hProcess, 0, sizeof(AddChatRoomMemberStruct), MEM_COMMIT, PAGE_READWRITE);
if (!chatroomidaddr || !wxidptrsaddr || !paramAndFunc) {
CloseHandle(hProcess);
WeChatProcess hp(pid);
if (!hp.m_init) return 1;
DWORD AddChatRoomMemberRemoteAddr = hp.GetProcAddr(AddChatRoomMemberRemote);
if (AddChatRoomMemberRemoteAddr == 0)
return 1;
}
WeChatData<wchar_t*> r_chatroomid(hp.GetHandle(), chatroomid, TEXTLENGTH(chatroomid));
vector<void*> wxidptrs;
for (long i = lLbound; i < lLbound + cElements; i++) {
VariantInit(&rgvar);
hr = SafeArrayGetElement(psaValue, &i, &rgvar);
LPVOID wxidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
LPVOID wxidaddr = VirtualAllocEx(hp.GetHandle(), NULL, 1, MEM_COMMIT, PAGE_READWRITE);
if (wxidaddr) {
WriteProcessMemory(hProcess, wxidaddr, rgvar.bstrVal, wcslen(rgvar.bstrVal) * 2 + 2, &dwWriteSize);
WriteProcessMemory(hp.GetHandle(), wxidaddr, rgvar.bstrVal, wcslen(rgvar.bstrVal) * 2 + 2, &dwWriteSize);
wxidptrs.push_back(wxidaddr);
}
}
if (chatroomidaddr)
WriteProcessMemory(hProcess, chatroomidaddr, chatroomid, wcslen(chatroomid) * 2 + 2, &dwWriteSize);
if (wxidptrsaddr)
WriteProcessMemory(hProcess, wxidptrsaddr, &wxidptrs[0], wxidptrs.size() * sizeof(void*), &dwWriteSize);
params.chatroomid = (DWORD)chatroomidaddr;
params.wxids = (DWORD)wxidptrsaddr;
WeChatData<void**> r_wxids(hp.GetHandle(), &wxidptrs[0], wxidptrs.size() * sizeof(void*));
AddChatRoomMemberStruct params = { 0 };
params.chatroomid = (DWORD)r_chatroomid.GetAddr();
params.wxids = (DWORD)r_wxids.GetAddr();
params.length = wxidptrs.size();
if (paramAndFunc) {
WriteProcessMemory(hProcess, paramAndFunc, &params, sizeof(AddChatRoomMemberStruct), &dwTId);
}
else {
CloseHandle(hProcess);
WeChatData<AddChatRoomMemberStruct*> r_params(hp.GetHandle(), &params, sizeof(params));
if (r_chatroomid.GetAddr() == 0 || r_wxids.GetAddr() == 0 || r_params.GetAddr() == 0)
return 1;
}
DWORD AddChatRoomMemberAddr = WeChatRobotBase + AddChatRoomMemberRemoteOffset;
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)AddChatRoomMemberAddr, (LPVOID)paramAndFunc, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
GetExitCodeThread(hThread, &dwRet);
CloseHandle(hThread);
}
else {
CloseHandle(hProcess);
return 1;
}
DWORD ret = CallRemoteFunction(hp.GetHandle(), AddChatRoomMemberRemoteAddr, r_params.GetAddr());
for (unsigned int i = 0; i < wxidptrs.size(); i++) {
VirtualFreeEx(hProcess, wxidptrs[i], 0, MEM_RELEASE);
VirtualFreeEx(hp.GetHandle(), wxidptrs[i], 0, MEM_RELEASE);
}
VirtualFreeEx(hProcess, chatroomidaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, wxidptrsaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, paramAndFunc, 0, MEM_RELEASE);
CloseHandle(hProcess);
return dwRet == 0;
return ret == 0;
}
\ No newline at end of file
CWeChatRobot/AddFriendByV3.cpp
浏览文件 @ 74151691
......@@ -7,45 +7,20 @@ struct AddFriendByV3Struct {
};
BOOL AddFriendByV3(DWORD pid,wchar_t* v3, wchar_t* message,int AddType) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
WeChatProcess hp(pid);
if (!hp.m_init) return 1;
DWORD AddFriendByV3RemoteAddr = hp.GetProcAddr(AddFriendByV3Remote);
if (AddFriendByV3RemoteAddr == 0)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
DWORD dwId = 0;
DWORD dwWriteSize = 0;
DWORD dwRet = 1;
LPVOID v3addr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
LPVOID messageaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
AddFriendByV3Struct* paramAndFunc = (AddFriendByV3Struct*)VirtualAllocEx(hProcess, 0, sizeof(AddFriendByV3Struct), MEM_COMMIT, PAGE_READWRITE);
if (!v3addr || !messageaddr || !paramAndFunc) {
CloseHandle(hProcess);
return 1;
}
WriteProcessMemory(hProcess, v3addr, v3, wcslen(v3) * 2 + 2, &dwWriteSize);
if(message)
WriteProcessMemory(hProcess, messageaddr, message, wcslen(message) * 2 + 2, &dwWriteSize);
WeChatData<wchar_t*> r_v3(hp.GetHandle(), v3, TEXTLENGTH(v3));
WeChatData<wchar_t*> r_message(hp.GetHandle(), message, TEXTLENGTH(message));
AddFriendByV3Struct params = { 0 };
params.v3 = (DWORD)v3addr;
params.message = message ? (DWORD)messageaddr : 0;
params.v3 = (DWORD)r_v3.GetAddr();
params.message = (DWORD)r_message.GetAddr();
params.AddType = AddType;
WriteProcessMemory(hProcess, paramAndFunc, &params, sizeof(params), &dwWriteSize);
DWORD AddFriendByV3Addr = WeChatRobotBase + AddFriendByV3RemoteOffset;
HANDLE hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)AddFriendByV3Addr, (LPVOID)paramAndFunc, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
GetExitCodeThread(hThread, &dwRet);
CloseHandle(hThread);
}
VirtualFreeEx(hProcess, v3addr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, messageaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, paramAndFunc, 0, MEM_RELEASE);
CloseHandle(hProcess);
return dwRet == 0;
WeChatData<AddFriendByV3Struct*> r_params(hp.GetHandle(), &params, sizeof(params));
if (r_v3.GetAddr() == 0 || r_params.GetAddr() == 0)
return 1;
DWORD ret = CallRemoteFunction(hp.GetHandle(), AddFriendByV3RemoteAddr, r_params.GetAddr());
return ret == 0;
}
\ No newline at end of file
CWeChatRobot/AddFriendByWxid.cpp
浏览文件 @ 74151691
......@@ -6,44 +6,19 @@ struct AddFriendByWxidStruct {
};
BOOL AddFriendByWxid(DWORD pid,wchar_t* wxid,wchar_t* message) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
WeChatProcess hp(pid);
if (!hp.m_init) return 1;
DWORD AddFriendByWxidRemoteAddr = hp.GetProcAddr(AddFriendByWxidRemote);
if (AddFriendByWxidRemoteAddr == 0)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
DWORD dwId = 0;
DWORD dwWriteSize = 0;
DWORD dwRet = 1;
LPVOID wxidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
LPVOID messageaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
AddFriendByWxidStruct* paramAndFunc = (AddFriendByWxidStruct*)VirtualAllocEx(hProcess, 0, sizeof(AddFriendByWxidStruct), MEM_COMMIT, PAGE_READWRITE);
if (!wxidaddr || !messageaddr || !paramAndFunc) {
CloseHandle(hProcess);
return 1;
}
WriteProcessMemory(hProcess, wxidaddr, wxid, wcslen(wxid) * 2 + 2, &dwWriteSize);
if(message)
WriteProcessMemory(hProcess, messageaddr, message, wcslen(message) * 2 + 2, &dwWriteSize);
WeChatData<wchar_t*> r_wxid(hp.GetHandle(), wxid, TEXTLENGTH(wxid));
WeChatData<wchar_t*> r_message(hp.GetHandle(), message, TEXTLENGTH(message));
AddFriendByWxidStruct params = { 0 };
params.wxid = (DWORD)wxidaddr;
params.message = message ? (DWORD)messageaddr : 0;
WriteProcessMemory(hProcess, paramAndFunc, &params, sizeof(params), &dwWriteSize);
DWORD AddFriendByWxidAddr = WeChatRobotBase + AddFriendByWxidRemoteOffset;
HANDLE hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)AddFriendByWxidAddr, (LPVOID)paramAndFunc, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
GetExitCodeThread(hThread, &dwRet);
CloseHandle(hThread);
}
VirtualFreeEx(hProcess, wxidaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, messageaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, paramAndFunc, 0, MEM_RELEASE);
CloseHandle(hProcess);
return dwRet == 0;
params.wxid = (DWORD)r_wxid.GetAddr();
params.message = (DWORD)r_message.GetAddr();
WeChatData<AddFriendByWxidStruct*> r_params(hp.GetHandle(), &params, sizeof(params));
if (r_wxid.GetAddr() == 0 || r_params.GetAddr() == 0)
return 1;
DWORD ret = CallRemoteFunction(hp.GetHandle(), AddFriendByWxidRemoteAddr, r_params.GetAddr());
return ret == 0;
}
\ No newline at end of file
CWeChatRobot/CheckFriendStatus.cpp
浏览文件 @ 74151691
#include "pch.h"
DWORD CheckFriendStatus(DWORD pid,wchar_t* wxid) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
WeChatProcess hp(pid);
if (!hp.m_init) return 1;
DWORD CheckFriendStatusRemoteAddr = hp.GetProcAddr(CheckFriendStatusRemote);
if (CheckFriendStatusRemoteAddr == 0)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
WeChatData<wchar_t*> r_wxid(hp.GetHandle(), wxid, TEXTLENGTH(wxid));
if (r_wxid.GetAddr() == 0)
return 1;
}
DWORD dwId = 0;
DWORD dwWriteSize = 0;
DWORD dwStatus = 0;
LPVOID wxidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
if (!wxidaddr) {
CloseHandle(hProcess);
return 1;
}
WriteProcessMemory(hProcess, wxidaddr, wxid, wcslen(wxid) * 2 + 2, &dwWriteSize);
DWORD CheckFriendStatusRemoteAddr = WeChatRobotBase + CheckFriendStatusRemoteOffset;
HANDLE hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)CheckFriendStatusRemoteAddr, (LPVOID)wxidaddr, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
GetExitCodeThread(hThread, &dwStatus);
CloseHandle(hThread);
}
VirtualFreeEx(hProcess, wxidaddr, 0, MEM_RELEASE);
CloseHandle(hProcess);
return dwStatus;
DWORD ret = CallRemoteFunction(hp.GetHandle(), CheckFriendStatusRemoteAddr, r_wxid.GetAddr());
return ret;
}
\ No newline at end of file
CWeChatRobot/DbBackup.cpp
浏览文件 @ 74151691
......@@ -7,46 +7,19 @@ struct BackupParams {
};
BOOL BackupSQLiteDB(DWORD pid,DWORD DbHandle, BSTR savepath) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
WeChatProcess hp(pid);
if (!hp.m_init) return 1;
DWORD BackupSQLiteDBRemoteAddr = hp.GetProcAddr(BackupSQLiteDBRemote);
if (BackupSQLiteDBRemoteAddr == 0)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
DWORD dwHandle = 0x0;
DWORD dwId = 0x0;
DWORD dwWriteSize = 0x0;
LPVOID savepathAddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
BackupParams* paramAndFunc = (BackupParams*)::VirtualAllocEx(hProcess, 0, sizeof(BackupParams), MEM_COMMIT, PAGE_READWRITE);
if (!savepathAddr || !paramAndFunc) {
CloseHandle(hProcess);
return 1;
}
char* a_savepath = _com_util::ConvertBSTRToString(savepath);
if (savepathAddr)
WriteProcessMemory(hProcess, savepathAddr, a_savepath, strlen(a_savepath) + 1, &dwWriteSize);
BackupParams param = { 0 };
param.ptrDb = DbHandle;
param.savepath = (DWORD)savepathAddr;
if (paramAndFunc)
WriteProcessMemory(hProcess, paramAndFunc, &param, sizeof(BackupParams), &dwWriteSize);
DWORD BackupSQLiteDBRemoteAddr = WeChatRobotBase + BackupSQLiteDBRemoteOffset;
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)BackupSQLiteDBRemoteAddr, (LPVOID)paramAndFunc, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
GetExitCodeThread(hThread, &dwHandle);
CloseHandle(hThread);
}
else {
CloseHandle(hProcess);
WeChatData<char*> r_savepath(hp.GetHandle(), a_savepath, TEXTLENGTHA(a_savepath));
BackupParams params = { 0 };
params.ptrDb = DbHandle;
params.savepath = (DWORD)r_savepath.GetAddr();
WeChatData<BackupParams*> r_params(hp.GetHandle(), &params, sizeof(params));
if (r_savepath.GetAddr() == 0 || r_params.GetAddr() == 0)
return 1;
}
VirtualFreeEx(hProcess, savepathAddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, paramAndFunc, 0, MEM_RELEASE);
CloseHandle(hProcess);
return dwHandle;
DWORD ret = CallRemoteFunction(hp.GetHandle(), BackupSQLiteDBRemoteAddr, r_params.GetAddr());
return ret == 0;
}
\ No newline at end of file
CWeChatRobot/DbExecuteSql.cpp
浏览文件 @ 74151691
......@@ -147,54 +147,23 @@ VOID ReadSQLResultFromWeChatProcess(HANDLE hProcess,DWORD dwHandle) {
}
SAFEARRAY* ExecuteSQL(DWORD pid,DWORD DbHandle,BSTR sql) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return NULL;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return NULL;
}
WeChatProcess hp(pid);
if (!hp.m_init) return NULL;
ClearResultArray();
DWORD dwHandle = 0x0;
DWORD dwId = 0x0;
DWORD dwWriteSize = 0x0;
LPVOID sqlAddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
executeParams* paramAndFunc = (executeParams*)::VirtualAllocEx(hProcess, 0, sizeof(executeParams), MEM_COMMIT, PAGE_READWRITE);
if (!sqlAddr || !paramAndFunc) {
CloseHandle(hProcess);
// DWORD ExecuteSQLRemoteAddr = hp.GetProcAddr(ExecuteSQLRemote);
DWORD ExecuteSQLRemoteAddr = hp.GetProcAddr(SelectDataRemote);
if (ExecuteSQLRemoteAddr == 0)
return NULL;
}
char* a_sql = _com_util::ConvertBSTRToString(sql);
if(sqlAddr)
WriteProcessMemory(hProcess, sqlAddr, a_sql, strlen(a_sql) + 1, &dwWriteSize);
executeParams param = { 0 };
param.ptrDb = DbHandle;
param.ptrSql = (DWORD)sqlAddr;
if(paramAndFunc)
WriteProcessMemory(hProcess, paramAndFunc, &param, sizeof(executeParams), &dwWriteSize);
// DWORD ExecuteSQLRemoteAddr = WeChatRobotBase + ExecuteSQLRemoteOffset;
DWORD SelectDataRemoteAddr = WeChatRobotBase + SelectDataRemoteOffset;
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)SelectDataRemoteAddr, (LPVOID)paramAndFunc, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
GetExitCodeThread(hThread, &dwHandle);
CloseHandle(hThread);
}
else {
CloseHandle(hProcess);
WeChatData<char*> r_sql(hp.GetHandle(), a_sql, TEXTLENGTHA(a_sql));
executeParams params = { 0 };
params.ptrDb = DbHandle;
params.ptrSql = (DWORD)r_sql.GetAddr();
WeChatData<executeParams*> r_params(hp.GetHandle(), &params, sizeof(params));
if (r_sql.GetAddr() == 0 || r_params.GetAddr() == 0)
return NULL;
}
if (!dwHandle) {
CloseHandle(hProcess);
return NULL;
}
ReadSQLResultFromWeChatProcess(hProcess,dwHandle);
DWORD ret = CallRemoteFunction(hp.GetHandle(), ExecuteSQLRemoteAddr, r_params.GetAddr());
ReadSQLResultFromWeChatProcess(hp.GetHandle(),ret);
SAFEARRAY* psaValue = CreateSQLResultSafeArray();
VirtualFreeEx(hProcess, sqlAddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, paramAndFunc, 0, MEM_RELEASE);
CloseHandle(hProcess);
return psaValue;
}
\ No newline at end of file
CWeChatRobot/DelChatRoomMember.cpp
浏览文件 @ 74151691
......@@ -8,62 +8,22 @@ struct DelChatRoomMemberStruct
};
BOOL DelChatRoomMember(DWORD pid,wchar_t* chatroomid, wchar_t* wxid) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
WeChatProcess hp(pid);
if (!hp.m_init) return 1;
DWORD DelChatRoomMemberRemoteAddr = hp.GetProcAddr(DelChatRoomMemberRemote);
if (DelChatRoomMemberRemoteAddr == 0)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
DWORD dwId = 0;
DWORD dwWriteSize = 0;
DWORD dwRet = 0;
DelChatRoomMemberStruct params;
ZeroMemory(&params, sizeof(params));
LPVOID chatroomidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
LPVOID wxidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
DelChatRoomMemberStruct* paramAndFunc = (DelChatRoomMemberStruct*)::VirtualAllocEx(hProcess, 0, sizeof(DelChatRoomMemberStruct), MEM_COMMIT, PAGE_READWRITE);
if (!chatroomidaddr || !wxidaddr || !paramAndFunc) {
CloseHandle(hProcess);
return 1;
}
DWORD dwTId = 0;
if (chatroomidaddr)
WriteProcessMemory(hProcess, chatroomidaddr, chatroomid, wcslen(chatroomid) * 2 + 2, &dwWriteSize);
if (wxidaddr)
WriteProcessMemory(hProcess, wxidaddr, wxid, wcslen(wxid) * 2 + 2, &dwWriteSize);
params.chatroomid = (DWORD)chatroomidaddr;
params.wxids = (DWORD)wxidaddr;
WeChatData<wchar_t*> r_chatroomid(hp.GetHandle(), chatroomid, TEXTLENGTH(chatroomid));
WeChatData<wchar_t*> r_wxid(hp.GetHandle(), wxid, TEXTLENGTH(wxid));
DelChatRoomMemberStruct params = { 0 };
params.chatroomid = (DWORD)r_chatroomid.GetAddr();
params.wxids = (DWORD)r_wxid.GetAddr();
params.length = 1;
if (paramAndFunc) {
WriteProcessMemory(hProcess, paramAndFunc, &params, sizeof(DelChatRoomMemberStruct), &dwTId);
}
else {
CloseHandle(hProcess);
return 1;
}
DWORD DelChatRoomMemberAddr = WeChatRobotBase + DelChatRoomMemberRemoteOffset;
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)DelChatRoomMemberAddr, (LPVOID)paramAndFunc, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
GetExitCodeThread(hThread, &dwRet);
CloseHandle(hThread);
}
else {
CloseHandle(hProcess);
WeChatData<DelChatRoomMemberStruct*> r_params(hp.GetHandle(), &params, sizeof(params));
if (r_chatroomid.GetAddr() == 0 || r_wxid.GetAddr() == 0 || r_params.GetAddr() == 0)
return 1;
}
VirtualFreeEx(hProcess, chatroomidaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, wxidaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, paramAndFunc, 0, MEM_RELEASE);
CloseHandle(hProcess);
return dwRet == 0;
DWORD ret = CallRemoteFunction(hp.GetHandle(), DelChatRoomMemberRemoteAddr, r_params.GetAddr());
return ret == 0;
}
BOOL DelChatRoomMember(DWORD pid,wchar_t* chatroomid, SAFEARRAY* psaValue) {
......@@ -78,67 +38,34 @@ BOOL DelChatRoomMember(DWORD pid,wchar_t* chatroomid, SAFEARRAY* psaValue) {
hr = SafeArrayGetElement(psaValue, &pIndex, &rgvar);
return DelChatRoomMember(pid,chatroomid, rgvar.bstrVal);
}
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
vector<void*> wxidptrs;
DWORD dwWriteSize = 0;
DWORD dwTId = 0; DWORD dwId = 0; DWORD dwRet = 0;
DelChatRoomMemberStruct params = { 0 };
LPVOID chatroomidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
LPVOID wxidptrsaddr = VirtualAllocEx(hProcess, NULL, sizeof(void*) * cElements, MEM_COMMIT, PAGE_READWRITE);
DelChatRoomMemberStruct* paramAndFunc = (DelChatRoomMemberStruct*)::VirtualAllocEx(hProcess, 0, sizeof(DelChatRoomMemberStruct), MEM_COMMIT, PAGE_READWRITE);
if (!chatroomidaddr || !wxidptrsaddr || !paramAndFunc) {
CloseHandle(hProcess);
WeChatProcess hp(pid);
if (!hp.m_init) return 1;
DWORD DelChatRoomMemberRemoteAddr = hp.GetProcAddr(DelChatRoomMemberRemote);
if (DelChatRoomMemberRemoteAddr == 0)
return 1;
}
WeChatData<wchar_t*> r_chatroomid(hp.GetHandle(), chatroomid, TEXTLENGTH(chatroomid));
vector<void*> wxidptrs;
for (long i = lLbound; i < lLbound + cElements; i++) {
VariantInit(&rgvar);
hr = SafeArrayGetElement(psaValue, &i, &rgvar);
LPVOID wxidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
LPVOID wxidaddr = VirtualAllocEx(hp.GetHandle(), NULL, 1, MEM_COMMIT, PAGE_READWRITE);
if (wxidaddr) {
WriteProcessMemory(hProcess, wxidaddr, rgvar.bstrVal, wcslen(rgvar.bstrVal) * 2 + 2, &dwWriteSize);
WriteProcessMemory(hp.GetHandle(), wxidaddr, rgvar.bstrVal, wcslen(rgvar.bstrVal) * 2 + 2, &dwWriteSize);
wxidptrs.push_back(wxidaddr);
}
}
if (chatroomidaddr)
WriteProcessMemory(hProcess, chatroomidaddr, chatroomid, wcslen(chatroomid) * 2 + 2, &dwWriteSize);
if (wxidptrsaddr)
WriteProcessMemory(hProcess, wxidptrsaddr, &wxidptrs[0], wxidptrs.size() * sizeof(void*), &dwWriteSize);
params.chatroomid = (DWORD)chatroomidaddr;
params.wxids = (DWORD)wxidptrsaddr;
WeChatData<void**> r_wxids(hp.GetHandle(), &wxidptrs[0], wxidptrs.size() * sizeof(void*));
DelChatRoomMemberStruct params = { 0 };
params.chatroomid = (DWORD)r_chatroomid.GetAddr();
params.wxids = (DWORD)r_wxids.GetAddr();
params.length = wxidptrs.size();
if (paramAndFunc) {
WriteProcessMemory(hProcess, paramAndFunc, &params, sizeof(DelChatRoomMemberStruct), &dwTId);
}
else {
CloseHandle(hProcess);
WeChatData<DelChatRoomMemberStruct*> r_params(hp.GetHandle(), &params, sizeof(params));
if (r_chatroomid.GetAddr() == 0 || r_wxids.GetAddr() == 0 || r_params.GetAddr() == 0)
return 1;
}
DWORD DelChatRoomMemberAddr = WeChatRobotBase + DelChatRoomMemberRemoteOffset;
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)DelChatRoomMemberAddr, (LPVOID)paramAndFunc, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
GetExitCodeThread(hThread, &dwRet);
CloseHandle(hThread);
}
else {
CloseHandle(hProcess);
return 1;
}
DWORD ret = CallRemoteFunction(hp.GetHandle(), DelChatRoomMemberRemoteAddr, r_params.GetAddr());
for (unsigned int i = 0; i < wxidptrs.size(); i++) {
VirtualFreeEx(hProcess, wxidptrs[i], 0, MEM_RELEASE);
VirtualFreeEx(hp.GetHandle(), wxidptrs[i], 0, MEM_RELEASE);
}
VirtualFreeEx(hProcess, chatroomidaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, wxidptrsaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, paramAndFunc, 0, MEM_RELEASE);
CloseHandle(hProcess);
return dwRet == 0;
return ret == 0;
}
\ No newline at end of file
CWeChatRobot/DeleteUser.cpp
浏览文件 @ 74151691
#include "pch.h"
BOOL DeleteUser(DWORD pid,wchar_t* wxid) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
DWORD DeleteUserRemoteAddr = WeChatRobotBase + DeleteUserRemoteOffset;
LPVOID wxidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
DWORD dwWriteSize = 0;
DWORD dwId = 0;
DWORD dwRet = 0;
if (!wxidaddr) {
CloseHandle(hProcess);
return 1;
}
WriteProcessMemory(hProcess, wxidaddr, wxid, wcslen(wxid) * 2 + 2, &dwWriteSize);
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)DeleteUserRemoteAddr, wxidaddr, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
GetExitCodeThread(hThread, &dwRet);
CloseHandle(hThread);
}
VirtualFreeEx(hProcess, wxidaddr, 0, MEM_RELEASE);
CloseHandle(hProcess);
return dwRet == 0;
WeChatProcess hp(pid);
if (!hp.m_init) return 1;
DWORD DeleteUserRemoteAddr = hp.GetProcAddr(DeleteUserRemote);
if (DeleteUserRemoteAddr == 0)
return 1;
WeChatData<wchar_t*> r_wxid(hp.GetHandle(), wxid, TEXTLENGTH(wxid));
if (r_wxid.GetAddr() == 0)
return 1;
DWORD ret = CallRemoteFunction(hp.GetHandle(), DeleteUserRemoteAddr, r_wxid.GetAddr());
return ret == 0;
}
\ No newline at end of file
CWeChatRobot/EditRemark.cpp
浏览文件 @ 74151691
......@@ -6,44 +6,19 @@ struct EditRemarkStruct {
};
BOOL EditRemark(DWORD pid,wchar_t* wxid, wchar_t* remark) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
WeChatProcess hp(pid);
if (!hp.m_init) return 1;
DWORD EditRemarkRemoteAddr = hp.GetProcAddr(EditRemarkRemote);
if (EditRemarkRemoteAddr == 0)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
DWORD dwId = 0;
DWORD dwWriteSize = 0;
DWORD dwRet = 1;
LPVOID wxidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
LPVOID remarkaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
EditRemarkStruct* paramAndFunc = (EditRemarkStruct*)VirtualAllocEx(hProcess, 0, sizeof(EditRemarkStruct), MEM_COMMIT, PAGE_READWRITE);
if (!wxidaddr || !remarkaddr || !paramAndFunc) {
CloseHandle(hProcess);
return 1;
}
WriteProcessMemory(hProcess, wxidaddr, wxid, wcslen(wxid) * 2 + 2, &dwWriteSize);
if (remark)
WriteProcessMemory(hProcess, remarkaddr, remark, wcslen(remark) * 2 + 2, &dwWriteSize);
WeChatData<wchar_t*> r_wxid(hp.GetHandle(), wxid, TEXTLENGTH(wxid));
WeChatData<wchar_t*> r_remark(hp.GetHandle(), remark, TEXTLENGTH(remark));
EditRemarkStruct params = { 0 };
params.wxid = (DWORD)wxidaddr;
params.remark = remark ? (DWORD)remarkaddr : 0;
WriteProcessMemory(hProcess, paramAndFunc, &params, sizeof(params), &dwWriteSize);
DWORD EditRemarkAddr = WeChatRobotBase + EditRemarkRemoteOffset;
HANDLE hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)EditRemarkAddr, (LPVOID)paramAndFunc, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
GetExitCodeThread(hThread, &dwRet);
CloseHandle(hThread);
}
VirtualFreeEx(hProcess, wxidaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, remarkaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, paramAndFunc, 0, MEM_RELEASE);
CloseHandle(hProcess);
return dwRet == 0;
params.wxid = (DWORD)r_wxid.GetAddr();
params.remark = (DWORD)r_remark.GetAddr();
WeChatData<EditRemarkStruct*> r_params(hp.GetHandle(), &params, sizeof(params));
if (r_wxid.GetAddr() == 0 || r_params.GetAddr() == 0)
return 1;
DWORD ret = CallRemoteFunction(hp.GetHandle(), EditRemarkRemoteAddr, r_params.GetAddr());
return ret == 0;
}
\ No newline at end of file
CWeChatRobot/FriendList.cpp
浏览文件 @ 74151691
......@@ -120,120 +120,72 @@ SAFEARRAY* CreateFriendArray(int FriendCount) {
}
SAFEARRAY* GetFriendList(DWORD pid) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
WeChatProcess hp(pid);
if (!hp.m_init) return NULL;
DWORD GetFriendListInitAddr = hp.GetProcAddr(GetFriendListInit);
DWORD GetFriendListRemoteAddr = hp.GetProcAddr(GetFriendListRemote);
DWORD GetFriendListFinishAddr = hp.GetProcAddr(GetFriendListFinish);
if (GetFriendListInitAddr == 0 || GetFriendListRemoteAddr == 0 || GetFriendListFinishAddr == 0)
return NULL;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return NULL;
}
DWORD GetFriendListInitAddr = WeChatRobotBase + GetFriendListInitOffset;
DWORD GetFriendListRemoteAddr = WeChatRobotBase + GetFriendListRemoteOffset;
DWORD GetFriendListFinishAddr = WeChatRobotBase + GetFriendListFinishOffset;
DWORD FriendCount = 0;
DWORD dwId, dwHandle = 0;
DWORD dwHandle = 0;
// 获取好友列表的长度
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)GetFriendListInitAddr, NULL, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
GetExitCodeThread(hThread, &FriendCount);
CloseHandle(hThread);
}
FriendCount = CallRemoteFunction(hp.GetHandle(), GetFriendListInitAddr, NULL);
// 获取保存第一个好友的数据指针的结构体首地址
hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)GetFriendListRemoteAddr, NULL, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
GetExitCodeThread(hThread, &dwHandle);
CloseHandle(hThread);
}
dwHandle = CallRemoteFunction(hp.GetHandle(), GetFriendListRemoteAddr, NULL);
WxFriendAddrStruct WxFriendAddr = { 0 };
// 根据好友数量初始化全局变量
WxFriendList = new WxFriendStruct[FriendCount];
if (dwHandle) {
for (unsigned int i = 0; i < FriendCount; i++) {
WxFriendList[i] = { 0 };
ZeroMemory(&WxFriendAddr, sizeof(WxFriendAddrStruct));
ReadProcessMemory(hProcess, (LPCVOID)dwHandle, &WxFriendAddr, sizeof(WxFriendAddrStruct), 0);
ReadFriendMessageByAddress(hProcess,&WxFriendAddr, &WxFriendList[i]);
// 保存下一个好友数据的结构体
dwHandle += sizeof(WxFriendAddrStruct);
}
}
else {
CloseHandle(hProcess);
if (dwHandle == 0)
return NULL;
for (unsigned int i = 0; i < FriendCount; i++) {
WxFriendList[i] = { 0 };
ZeroMemory(&WxFriendAddr, sizeof(WxFriendAddrStruct));
ReadProcessMemory(hp.GetHandle(), (LPCVOID)dwHandle, &WxFriendAddr, sizeof(WxFriendAddrStruct), 0);
ReadFriendMessageByAddress(hp.GetHandle(),&WxFriendAddr, &WxFriendList[i]);
// 保存下一个好友数据的结构体
dwHandle += sizeof(WxFriendAddrStruct);
}
// 清除微信进程空间中的缓存
hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)GetFriendListFinishAddr, NULL, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
CloseHandle(hThread);
}
CallRemoteFunction(hp.GetHandle(), GetFriendListFinishAddr, NULL);
SAFEARRAY* psaValue = CreateFriendArray(FriendCount);
for (unsigned int i = 0; i < FriendCount; i++) {
FreeWxFriend(i);
}
delete[] WxFriendList;
WxFriendList = NULL;
CloseHandle(hProcess);
return psaValue;
}
std::wstring GetFriendListString(DWORD pid) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return L"[]";
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return L"[]";
}
DWORD GetFriendListInitAddr = WeChatRobotBase + GetFriendListInitOffset;
DWORD GetFriendListRemoteAddr = WeChatRobotBase + GetFriendListRemoteOffset;
DWORD GetFriendListFinishAddr = WeChatRobotBase + GetFriendListFinishOffset;
WeChatProcess hp(pid);
if (!hp.m_init) return L"[]";
DWORD GetFriendListInitAddr = hp.GetProcAddr(GetFriendListInit);
DWORD GetFriendListRemoteAddr = hp.GetProcAddr(GetFriendListRemote);
DWORD GetFriendListFinishAddr = hp.GetProcAddr(GetFriendListFinish);
DWORD FriendCount = 0;
DWORD dwId, dwHandle = 0;
DWORD dwHandle = 0;
// 获取好友列表的长度
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)GetFriendListInitAddr, NULL, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
GetExitCodeThread(hThread, &FriendCount);
CloseHandle(hThread);
}
FriendCount = CallRemoteFunction(hp.GetHandle(), GetFriendListInitAddr, NULL);
// 获取保存第一个好友的数据指针的结构体首地址
hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)GetFriendListRemoteAddr, NULL, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
GetExitCodeThread(hThread, &dwHandle);
CloseHandle(hThread);
}
dwHandle = CallRemoteFunction(hp.GetHandle(), GetFriendListRemoteAddr, NULL);
WxFriendAddrStruct WxFriendAddr = { 0 };
// 根据好友数量初始化全局变量
WxFriendList = new WxFriendStruct[FriendCount];
if (dwHandle) {
for (unsigned int i = 0; i < FriendCount; i++) {
WxFriendList[i] = { 0 };
ZeroMemory(&WxFriendAddr, sizeof(WxFriendAddrStruct));
ReadProcessMemory(hProcess, (LPCVOID)dwHandle, &WxFriendAddr, sizeof(WxFriendAddrStruct), 0);
ReadFriendMessageByAddress(hProcess,&WxFriendAddr, &WxFriendList[i]);
// 保存下一个好友数据的结构体
dwHandle += sizeof(WxFriendAddrStruct);
}
}
else {
CloseHandle(hProcess);
if (dwHandle == 0)
return L"[]";
for (unsigned int i = 0; i < FriendCount; i++) {
WxFriendList[i] = { 0 };
ZeroMemory(&WxFriendAddr, sizeof(WxFriendAddrStruct));
ReadProcessMemory(hp.GetHandle(), (LPCVOID)dwHandle, &WxFriendAddr, sizeof(WxFriendAddrStruct), 0);
ReadFriendMessageByAddress(hp.GetHandle(),&WxFriendAddr, &WxFriendList[i]);
// 保存下一个好友数据的结构体
dwHandle += sizeof(WxFriendAddrStruct);
}
// 清除微信进程空间中的缓存
hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)GetFriendListFinishAddr, NULL, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
CloseHandle(hThread);
}
CallRemoteFunction(hp.GetHandle(), GetFriendListFinishAddr, NULL);
wstring message = L"[";
// 构造结构化的数据
......@@ -250,6 +202,5 @@ std::wstring GetFriendListString(DWORD pid) {
// 释放全局变量
delete[] WxFriendList;
WxFriendList = NULL;
CloseHandle(hProcess);
return message;
}
\ No newline at end of file
CWeChatRobot/GetChatRoomMemberNickname.cpp
浏览文件 @ 74151691
......@@ -8,66 +8,24 @@ struct ChatRoomMemberNicknameStruct
};
wstring GetChatRoomMemberNickname(DWORD pid,wchar_t* chatroomid, wchar_t* wxid) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
wchar_t buffer[33] = { 0 };
WeChatProcess hp(pid);
if (!hp.m_init) return L"";
DWORD GetChatRoomMemberNicknameRemoteAddr = hp.GetProcAddr(GetChatRoomMemberNicknameRemote);
if (GetChatRoomMemberNicknameRemoteAddr == 0)
return L"";
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
WeChatData<wchar_t*> r_chatroomid(hp.GetHandle(), chatroomid, TEXTLENGTH(chatroomid));
WeChatData<wchar_t*> r_wxid(hp.GetHandle(), wxid, TEXTLENGTH(wxid));
WeChatData<wchar_t*> r_nickname(hp.GetHandle(), buffer, 33 * 2);
ChatRoomMemberNicknameStruct params = { 0 };
params.chatroomid = (DWORD)r_chatroomid.GetAddr();
params.wxid = (DWORD)r_wxid.GetAddr();
params.nickname = (DWORD)r_nickname.GetAddr();
WeChatData<ChatRoomMemberNicknameStruct*> r_params(hp.GetHandle(), &params, sizeof(params));
if (r_chatroomid.GetAddr() == 0 || r_wxid.GetAddr() == 0 || r_params.GetAddr() == 0 || r_nickname.GetAddr() == 0)
return L"";
}
DWORD dwId = 0;
DWORD dwWriteSize = 0;
DWORD dwRet = 0;
ChatRoomMemberNicknameStruct params;
ZeroMemory(&params, sizeof(params));
LPVOID chatroomidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
LPVOID wxidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
LPVOID nicknameaddr = VirtualAllocEx(hProcess, NULL, 33 * 2, MEM_COMMIT, PAGE_READWRITE);
ChatRoomMemberNicknameStruct* paramAndFunc = (ChatRoomMemberNicknameStruct*)::VirtualAllocEx(hProcess, 0, sizeof(ChatRoomMemberNicknameStruct), MEM_COMMIT, PAGE_READWRITE);
if (!chatroomidaddr || !wxidaddr || !nicknameaddr || !paramAndFunc) {
CloseHandle(hProcess);
return L"";
}
DWORD dwTId = 0;
if (chatroomidaddr)
WriteProcessMemory(hProcess, chatroomidaddr, chatroomid, wcslen(chatroomid) * 2 + 2, &dwWriteSize);
if (wxidaddr)
WriteProcessMemory(hProcess, wxidaddr, wxid, wcslen(wxid) * 2 + 2, &dwWriteSize);
params.chatroomid = (DWORD)chatroomidaddr;
params.wxid = (DWORD)wxidaddr;
params.nickname = (DWORD)nicknameaddr;
if (paramAndFunc) {
WriteProcessMemory(hProcess, paramAndFunc, &params, sizeof(params), &dwTId);
}
else {
CloseHandle(hProcess);
return L"";
}
DWORD GetChatRoomMemberNicknameAddr = WeChatRobotBase + GetChatRoomMemberNicknameRemoteOffset;
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)GetChatRoomMemberNicknameAddr, (LPVOID)paramAndFunc, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
GetExitCodeThread(hThread, &dwRet);
CloseHandle(hThread);
}
else {
CloseHandle(hProcess);
return L"";
}
wchar_t* buffer = new wchar_t[33];
ZeroMemory(buffer, 33 * 2);
ReadProcessMemory(hProcess, nicknameaddr, buffer, 32 * 2, 0);
DWORD ret = CallRemoteFunction(hp.GetHandle(), GetChatRoomMemberNicknameRemoteAddr, r_params.GetAddr());
ReadProcessMemory(hp.GetHandle(), r_nickname.GetAddr(), buffer, 32 * 2, 0);
wstring nickname(buffer);
delete[] buffer;
VirtualFreeEx(hProcess, chatroomidaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, nicknameaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, paramAndFunc, 0, MEM_RELEASE);
CloseHandle(hProcess);
return nickname;
}
\ No newline at end of file
CWeChatRobot/GetChatRoomMembers.cpp
浏览文件 @ 74151691
......@@ -6,47 +6,25 @@ struct ChatRoomInfoStruct {
};
SAFEARRAY* GetChatRoomMembers(DWORD pid,wchar_t* chatroomid) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return NULL;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return NULL;
}
DWORD dwId = 0;
DWORD dwWriteSize = 0;
DWORD dwHandle = 0;
HRESULT hr = S_OK;
ChatRoomInfoStruct chatroominfo = { 0 };
LPVOID chatroomidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
if (!chatroomidaddr || !WeChatRobotBase) {
CloseHandle(hProcess);
WeChatProcess hp(pid);
if (!hp.m_init) return NULL;
DWORD GetChatRoomMembersRemoteAddr = hp.GetProcAddr(GetChatRoomMembersRemote);
if (GetChatRoomMembersRemoteAddr == 0)
return NULL;
}
else {
WriteProcessMemory(hProcess, chatroomidaddr, chatroomid, wcslen(chatroomid) * 2 + 2, &dwWriteSize);
}
DWORD GetChatRoomMembersRemoteAddr = WeChatRobotBase + GetChatRoomMembersRemoteOffset;
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)GetChatRoomMembersRemoteAddr, (LPVOID)chatroomidaddr, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
GetExitCodeThread(hThread, &dwHandle);
}
else {
CloseHandle(hProcess);
WeChatData<wchar_t*> r_chatroomid(hp.GetHandle(), chatroomid, TEXTLENGTH(chatroomid));
if (r_chatroomid.GetAddr() == 0)
return NULL;
}
if (!dwHandle) {
CloseHandle(hProcess);
DWORD ret = CallRemoteFunction(hp.GetHandle(), GetChatRoomMembersRemoteAddr, r_chatroomid.GetAddr());
if (ret == 0) {
return NULL;
}
ReadProcessMemory(hProcess,(LPCVOID)dwHandle,&chatroominfo,sizeof(ChatRoomInfoStruct),0);
ChatRoomInfoStruct chatroominfo = { 0 };
ReadProcessMemory(hp.GetHandle(),(LPCVOID)ret,&chatroominfo,sizeof(ChatRoomInfoStruct),0);
wchar_t* members = new wchar_t[chatroominfo.length + 1];
ZeroMemory(members, (chatroominfo.length + 1) * 2);
ReadProcessMemory(hProcess, (LPCVOID)chatroominfo.members, members, chatroominfo.length * 2, 0);
cout << members << endl;
ReadProcessMemory(hp.GetHandle(), (LPCVOID)chatroominfo.members, members, chatroominfo.length * 2, 0);
SAFEARRAYBOUND rgsaBound[2] = { {2,0},{2,0} };
SAFEARRAY* psaValue = SafeArrayCreate(VT_VARIANT, 2, rgsaBound);
long keyIndex[2] = { 0,0 };
......@@ -60,6 +38,5 @@ SAFEARRAY* GetChatRoomMembers(DWORD pid,wchar_t* chatroomid) {
hr = SafeArrayPutElement(psaValue, keyIndex, &(_variant_t)members);
delete[] members;
members = NULL;
CloseHandle(hProcess);
return psaValue;
}
\ No newline at end of file
CWeChatRobot/GetDbHandles.cpp
浏览文件 @ 74151691
......@@ -86,61 +86,42 @@ SAFEARRAY* CreateDbInfoSafeArray() {
}
SAFEARRAY* GetDbHandles(DWORD pid) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
dbs.clear();
WeChatProcess hp(pid);
if (!hp.m_init) return NULL;
DWORD GetDbHandlesRemoteAddr = hp.GetProcAddr(GetDbHandlesRemote);
if (GetDbHandlesRemoteAddr == 0)
return NULL;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return NULL;
}
DWORD dwHandle = 0x0;
DWORD dwId = 0x0;
DWORD GetDbHandlesRemoteAddr = WeChatRobotBase + GetDbHandlesRemoteOffset;
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)GetDbHandlesRemoteAddr, NULL, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
GetExitCodeThread(hThread, &dwHandle);
CloseHandle(hThread);
}
else {
CloseHandle(hProcess);
return NULL;
}
if (!dwHandle) {
CloseHandle(hProcess);
return NULL;
}
DWORD ret = CallRemoteFunction(hp.GetHandle(), GetDbHandlesRemoteAddr, NULL);
while (1) {
DbInfoAddrStruct dbaddr = { 0 };
ReadProcessMemory(hProcess, (LPCVOID)dwHandle, &dbaddr, sizeof(DbInfoAddrStruct), 0);
ReadProcessMemory(hp.GetHandle(), (LPCVOID)ret, &dbaddr, sizeof(DbInfoAddrStruct), 0);
if (dbaddr.handle == 0)
break;
DbInfoStruct db = { 0 };
db.handle = dbaddr.handle;
db.count = dbaddr.count;
db.dbname = new wchar_t[dbaddr.l_dbname + 1];
ReadProcessMemory(hProcess, (LPCVOID)dbaddr.dbname, db.dbname, sizeof(wchar_t) * (dbaddr.l_dbname + 1), 0);
ReadProcessMemory(hp.GetHandle(), (LPCVOID)dbaddr.dbname, db.dbname, sizeof(wchar_t) * (dbaddr.l_dbname + 1), 0);
DWORD db_table_start_addr = dbaddr.v_data;
while (db_table_start_addr < dbaddr.v_end1) {
TableInfoAddrStruct tbaddr = { 0 };
TableInfoStruct tb = { 0 };
ReadProcessMemory(hProcess, (LPCVOID)db_table_start_addr, &tbaddr, sizeof(TableInfoAddrStruct), 0);
ReadProcessMemory(hp.GetHandle(), (LPCVOID)db_table_start_addr, &tbaddr, sizeof(TableInfoAddrStruct), 0);
tb.name = new char[tbaddr.l_name + 1];
ReadProcessMemory(hProcess, (LPCVOID)tbaddr.name, tb.name, tbaddr.l_name + 1, 0);
ReadProcessMemory(hp.GetHandle(), (LPCVOID)tbaddr.name, tb.name, tbaddr.l_name + 1, 0);
tb.tbl_name = new char[tbaddr.l_tbl_name + 1];
ReadProcessMemory(hProcess, (LPCVOID)tbaddr.tbl_name, tb.tbl_name, tbaddr.l_tbl_name + 1, 0);
ReadProcessMemory(hp.GetHandle(), (LPCVOID)tbaddr.tbl_name, tb.tbl_name, tbaddr.l_tbl_name + 1, 0);
tb.rootpage = new char[tbaddr.l_rootpage + 1];
ReadProcessMemory(hProcess, (LPCVOID)tbaddr.rootpage, tb.rootpage, tbaddr.l_rootpage + 1, 0);
ReadProcessMemory(hp.GetHandle(), (LPCVOID)tbaddr.rootpage, tb.rootpage, tbaddr.l_rootpage + 1, 0);
tb.sql = new char[tbaddr.l_sql + 1];
ReadProcessMemory(hProcess, (LPCVOID)tbaddr.sql, tb.sql, tbaddr.l_sql + 1, 0);
ReadProcessMemory(hp.GetHandle(), (LPCVOID)tbaddr.sql, tb.sql, tbaddr.l_sql + 1, 0);
db.tables.push_back(tb);
db_table_start_addr += sizeof(TableInfoAddrStruct);
}
dbs.push_back(db);
dwHandle += sizeof(DbInfoAddrStruct);
ret += sizeof(DbInfoAddrStruct);
}
SAFEARRAY* psaValue = CreateDbInfoSafeArray();
CloseHandle(hProcess);
return psaValue;
}
\ No newline at end of file
CWeChatRobot/HookImageMessage.cpp
浏览文件 @ 74151691
#include "pch.h"
BOOL HookImageMsg(DWORD pid,wchar_t* savepath) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
WeChatProcess hp(pid);
if (!hp.m_init) return 1;
DWORD HookImageMsgRemoteAddr = hp.GetProcAddr(HookImageMsgRemote);
if (HookImageMsgRemoteAddr == 0)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
WeChatData<wchar_t*> r_savepath(hp.GetHandle(), savepath, TEXTLENGTH(savepath));
if (r_savepath.GetAddr() == 0)
return 1;
}
DWORD dwId = 0;
DWORD dwRet = 0x0;
LPVOID savepathaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
DWORD dwWriteSize = 0;
if (!savepathaddr) {
CloseHandle(hProcess);
return 1;
}
WriteProcessMemory(hProcess, savepathaddr, savepath, wcslen(savepath) * 2 + 2, &dwWriteSize);
DWORD HookImageMsgRemoteAddr = WeChatRobotBase + HookImageMsgRemoteOffset;
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)HookImageMsgRemoteAddr, savepathaddr, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
GetExitCodeThread(hThread, &dwRet);
CloseHandle(hThread);
}
VirtualFreeEx(hProcess, savepathaddr, 0, MEM_RELEASE);
CloseHandle(hProcess);
return dwRet == 0;
DWORD ret = CallRemoteFunction(hp.GetHandle(), HookImageMsgRemoteAddr, r_savepath.GetAddr());
return ret == 0;
}
void UnHookImageMsg(DWORD pid) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
WeChatProcess hp(pid);
if (!hp.m_init) return;
DWORD UnHookImageMsgRemoteAddr = hp.GetProcAddr(UnHookImageMsgRemote);
if (UnHookImageMsgRemoteAddr == 0)
return;
}
DWORD dwId = 0x0;
DWORD UnHookImageMsgRemoteAddr = WeChatRobotBase + UnHookImageMsgRemoteOffset;
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)UnHookImageMsgRemoteAddr, NULL, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
CloseHandle(hThread);
}
CloseHandle(hProcess);
CallRemoteFunction(hp.GetHandle(), UnHookImageMsgRemoteAddr, NULL);
}
\ No newline at end of file
CWeChatRobot/HookVoiceMessage.cpp
浏览文件 @ 74151691
#include "pch.h"
BOOL HookVoiceMsg(DWORD pid,wchar_t* savepath) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
WeChatProcess hp(pid);
if (!hp.m_init) return 1;
DWORD HookVoiceMsgRemoteAddr = hp.GetProcAddr(HookVoiceMsgRemote);
if (HookVoiceMsgRemoteAddr == 0)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
WeChatData<wchar_t*> r_savepath(hp.GetHandle(), savepath, TEXTLENGTH(savepath));
if (r_savepath.GetAddr() == 0)
return 1;
}
DWORD dwId = 0;
DWORD dwRet = 0x0;
LPVOID savepathaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
DWORD dwWriteSize = 0;
if (!savepathaddr) {
CloseHandle(hProcess);
return 1;
}
WriteProcessMemory(hProcess, savepathaddr, savepath, wcslen(savepath) * 2 + 2, &dwWriteSize);
DWORD HookVoiceMsgRemoteAddr = WeChatRobotBase + HookVoiceMsgRemoteOffset;
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)HookVoiceMsgRemoteAddr, savepathaddr, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
GetExitCodeThread(hThread, &dwRet);
CloseHandle(hThread);
}
VirtualFreeEx(hProcess, savepathaddr, 0, MEM_RELEASE);
CloseHandle(hProcess);
return dwRet == 0;
DWORD ret = CallRemoteFunction(hp.GetHandle(), HookVoiceMsgRemoteAddr, r_savepath.GetAddr());
return ret == 0;
}
void UnHookVoiceMsg(DWORD pid) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
WeChatProcess hp(pid);
if (!hp.m_init) return;
DWORD UnHookVoiceMsgRemoteAddr = hp.GetProcAddr(UnHookVoiceMsgRemote);
if (UnHookVoiceMsgRemoteAddr == 0)
return;
}
DWORD dwId = 0x0;
DWORD UnHookVoiceMsgRemoteAddr = WeChatRobotBase + UnHookVoiceMsgRemoteOffset;
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)UnHookVoiceMsgRemoteAddr, NULL, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
CloseHandle(hThread);
}
CloseHandle(hProcess);
CallRemoteFunction(hp.GetHandle(), UnHookVoiceMsgRemoteAddr, NULL);
}
\ No newline at end of file
CWeChatRobot/InjectDll.cpp
浏览文件 @ 74151691
#include "pch.h"
bool InjectDll(DWORD dwId, WCHAR* szPath)//参数1:目标进程PID 参数2:DLL路径
bool InjectDll(DWORD dwId, WCHAR* szPath)
{
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwId);
if (!hProcess)
WeChatProcess hp(dwId);
if (!hp.m_init) return 1;
if (hp.WeChatRobotBase() != 0) return 0;
WeChatData<wchar_t*> r_dllpath(hp.GetHandle(), szPath, TEXTLENGTH(szPath));
if (r_dllpath.GetAddr() == 0)
return 1;
if (GetWeChatRobotBase(dwId) != 0) {
CloseHandle(hProcess);
return 0;
}
LPVOID pRemoteAddress = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
DWORD dwWriteSize = 0;
if (pRemoteAddress)
{
WriteProcessMemory(hProcess, pRemoteAddress, szPath, wcslen(szPath) * 2 + 2, &dwWriteSize);
}
else {
CloseHandle(hProcess);
return 1;
}
HANDLE hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)LoadLibrary, pRemoteAddress, NULL, NULL);
if (hThread) {
WaitForSingleObject(hThread, -1);
}
else {
CloseHandle(hProcess);
return 1;
}
CloseHandle(hThread);
VirtualFreeEx(hProcess, pRemoteAddress, 0, MEM_RELEASE);
CloseHandle(hProcess);
CallRemoteFunction(hp.GetHandle(), LoadLibraryW, r_dllpath.GetAddr());
return 0;
}
......@@ -52,36 +29,12 @@ bool Inject(DWORD dwPid,wchar_t* workPath) {
}
BOOL RemoveDll(DWORD dwId) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwId);
if (!hProcess)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase(dwId);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return 0;
}
DWORD dwWriteSize = 0;
HANDLE hThread = NULL;
DWORD dwID = 0;
hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)FreeConsole, NULL, 0, &dwID);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
CloseHandle(hThread);
}
else {
CloseHandle(hProcess);
return 1;
}
hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)FreeLibrary, (LPVOID)WeChatRobotBase, 0, &dwID);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
CloseHandle(hThread);
}
else {
CloseHandle(hProcess);
return 1;
}
CloseHandle(hProcess);
WeChatProcess hp(dwId);
if (!hp.m_init) return 1;
DWORD WeChatRobotBase = hp.WeChatRobotBase();
if (WeChatRobotBase == 0) return 0;
CallRemoteFunction(hp.GetHandle(), FreeConsole, NULL);
CallRemoteFunction(hp.GetHandle(), FreeLibrary, WeChatRobotBase);
return 0;
}
CWeChatRobot/ReceiveMessage.cpp
浏览文件 @ 74151691
#include "pch.h"
BOOL StartReceiveMessage(DWORD pid,int port) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
WeChatProcess hp(pid);
if (!hp.m_init) return 1;
DWORD StartReceiveMessageRemoteAddr = hp.GetProcAddr(HookReceiveMessageRemote);
if (StartReceiveMessageRemoteAddr == 0)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
DWORD dwId = 0;
DWORD HookReceiveMessageAddr = WeChatRobotBase + HookReceiveMessageRemoteOffset;
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)HookReceiveMessageAddr, (LPVOID)port, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
}
else {
CloseHandle(hProcess);
return 1;
}
CloseHandle(hThread);
CloseHandle(hProcess);
CallRemoteFunction(hp.GetHandle(), StartReceiveMessageRemoteAddr, port);
return 0;
}
BOOL StopReceiveMessage(DWORD pid) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess) {
return 1;
}
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
DWORD dwId = 0;
DWORD UnHookReceiveMessageAddr = WeChatRobotBase + UnHookReceiveMessageRemoteOffset;
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)UnHookReceiveMessageAddr, NULL, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
}
else {
CloseHandle(hProcess);
WeChatProcess hp(pid);
if (!hp.m_init) return 1;
DWORD UnHookReceiveMsgRemoteAddr = hp.GetProcAddr(UnHookReceiveMessageRemote);
if (UnHookReceiveMsgRemoteAddr == 0)
return 1;
}
CloseHandle(hThread);
CloseHandle(hProcess);
CallRemoteFunction(hp.GetHandle(), UnHookReceiveMsgRemoteAddr, NULL);
return 0;
}
\ No newline at end of file
CWeChatRobot/SearchContactByCache.cpp
浏览文件 @ 74151691
......@@ -5,63 +5,32 @@ struct GetUserInfoStruct {
DWORD length;
};
VOID DeleteUserInfoCache(DWORD pid,HANDLE hProcess) {
DWORD dwId = 0;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return;
}
DWORD DeleteUserInfoCacheProcAddr = WeChatRobotBase + DeleteUserInfoCacheOffset;
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)DeleteUserInfoCacheProcAddr, NULL, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
CloseHandle(hThread);
}
}
std::wstring GetWxUserInfo(DWORD pid,wchar_t* wxid) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
DWORD dwReadSize = 0;
wstring info = L"";
WeChatProcess hp(pid);
if (!hp.m_init) return L"{}";
DWORD GetWxUserInfoRemoteAddr = hp.GetProcAddr(GetWxUserInfoRemote);
DWORD DeleteUserInfoCacheProcAddr = hp.GetProcAddr(DeleteUserInfoCacheRemote);
if (GetWxUserInfoRemoteAddr == 0)
return L"{}";
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
WeChatData<wchar_t*> r_wxid(hp.GetHandle(), wxid, TEXTLENGTH(wxid));
if (r_wxid.GetAddr() == 0)
return L"{}";
}
wstring WString = L"";
DWORD GetUserInfoProcAddr = WeChatRobotBase + GetWxUserInfoOffset;
LPVOID wxidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
DWORD dwWriteSize = 0;
DWORD dwId = 0;
DWORD dwHandle = 0;
GetUserInfoStruct userinfo = { 0 };
if (!wxidaddr) {
CloseHandle(hProcess);
DWORD ret = CallRemoteFunction(hp.GetHandle(), GetWxUserInfoRemoteAddr, r_wxid.GetAddr());
if (ret == 0)
return L"{}";
}
WriteProcessMemory(hProcess, wxidaddr, wxid, wcslen(wxid) * 2 + 2, &dwWriteSize);
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)GetUserInfoProcAddr, wxidaddr, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
GetExitCodeThread(hThread, &dwHandle);
CloseHandle(hThread);
}
if(dwHandle)
ReadProcessMemory(hProcess, (LPCVOID)dwHandle, &userinfo, sizeof(GetUserInfoStruct), &dwWriteSize);
GetUserInfoStruct userinfo = { 0 };
ReadProcessMemory(hp.GetHandle(), (LPVOID)ret, &userinfo, sizeof(GetUserInfoStruct), &dwReadSize);
if (userinfo.length) {
wchar_t* wmessage = new wchar_t[userinfo.length + 1];
ZeroMemory(wmessage, (userinfo.length + 1) * 2);
ReadProcessMemory(hProcess, (LPCVOID)userinfo.message, wmessage, userinfo.length * 2, &dwWriteSize);
WString += wmessage;
ReadProcessMemory(hp.GetHandle(), (LPVOID)userinfo.message, wmessage, userinfo.length * 2, &dwReadSize);
info = (wstring)wmessage;
delete[] wmessage;
wmessage = NULL;
}
VirtualFreeEx(hProcess, wxidaddr, 0, MEM_RELEASE);
DeleteUserInfoCache(pid,hProcess);
CloseHandle(hProcess);
return WString;
CallRemoteFunction(hp.GetHandle(), DeleteUserInfoCacheProcAddr, NULL);
return info;
}
CWeChatRobot/SearchContactByNet.cpp
浏览文件 @ 74151691
......@@ -134,41 +134,24 @@ static void ReadUserInfoFromMemory(HANDLE hProcess) {
}
SAFEARRAY* SearchContactByNet(DWORD pid,wchar_t* keyword) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
DWORD dwReadSize = 0;
WeChatProcess hp(pid);
if (!hp.m_init) return NULL;
DWORD SearchContactByNetRemoteAddr = hp.GetProcAddr(SearchContactByNetRemote);
if (SearchContactByNetRemoteAddr == 0)
return NULL;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
WeChatData<wchar_t*> r_keyword(hp.GetHandle(), keyword, TEXTLENGTH(keyword));
if (r_keyword.GetAddr() == 0)
return NULL;
}
ClearUserInfoCache();
DWORD SearchContactByNetRemoteAddr = WeChatRobotBase + SearchContactByNetRemoteOffset;
LPVOID keywordaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
DWORD dwWriteSize = 0;
DWORD dwId = 0;
DWORD dwHandle = 0;
if (!keywordaddr) {
CloseHandle(hProcess);
return NULL;
}
WriteProcessMemory(hProcess, keywordaddr, keyword, wcslen(keyword) * 2 + 2, &dwWriteSize);
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)SearchContactByNetRemoteAddr, keywordaddr, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
GetExitCodeThread(hThread, &dwHandle);
CloseHandle(hThread);
}
VirtualFreeEx(hProcess, keywordaddr, 0, MEM_RELEASE);
if (!dwHandle)
DWORD ret = CallRemoteFunction(hp.GetHandle(), SearchContactByNetRemoteAddr, r_keyword.GetAddr());
if (ret == 0)
return NULL;
ReadProcessMemory(hProcess, (LPCVOID)dwHandle, &userinfoaddr, sizeof(UserInfoAddr), &dwWriteSize);
ReadProcessMemory(hp.GetHandle(), (LPCVOID)ret, &userinfoaddr, sizeof(UserInfoAddr), &dwReadSize);
if (userinfoaddr.errcode == 0) {
ReadUserInfoFromMemory(hProcess);
ReadUserInfoFromMemory(hp.GetHandle());
SAFEARRAY* psa = CreateUserInfoArray();
CloseHandle(hProcess);
return psa;
}
CloseHandle(hProcess);
return NULL;
}
\ No newline at end of file
CWeChatRobot/SendAppMsg.cpp
浏览文件 @ 74151691
......@@ -7,50 +7,22 @@ struct SendAppMsgStruct
};
BOOL SendAppMsg(DWORD pid,wchar_t* wxid, wchar_t* appid) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
DWORD dwId = 0;
DWORD dwWriteSize = 0;
DWORD dwRet = 0x0;
SendAppMsgStruct params;
ZeroMemory(&params, sizeof(params));
LPVOID wxidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
LPVOID appidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
SendAppMsgStruct* paramAndFunc = (SendAppMsgStruct*)::VirtualAllocEx(hProcess, 0, sizeof(SendAppMsgStruct), MEM_COMMIT, PAGE_READWRITE);
if (!wxidaddr || !appidaddr || !paramAndFunc || !WeChatRobotBase) {
CloseHandle(hProcess);
WeChatProcess hp(pid);
if (!hp.m_init) return 1;
DWORD SendAppMsgRemoteAddr = hp.GetProcAddr(SendAppMsgRemote);
if (SendAppMsgRemoteAddr == 0) {
return 1;
}
SendAppMsgStruct params = { 0 };
WeChatData<wchar_t*> r_wxid(hp.GetHandle(), wxid, TEXTLENGTH(wxid));
WeChatData<wchar_t*> r_appid(hp.GetHandle(), appid, TEXTLENGTH(appid));
if (wxidaddr)
WriteProcessMemory(hProcess, wxidaddr, wxid, wcslen(wxid) * 2 + 2, &dwWriteSize);
if (appidaddr)
WriteProcessMemory(hProcess, appidaddr, appid, wcslen(appid) * 2 + 2, &dwWriteSize);
params.wxid = (DWORD)wxidaddr;
params.appid = (DWORD)appidaddr;
if (paramAndFunc)
WriteProcessMemory(hProcess, paramAndFunc, &params, sizeof(params), &dwWriteSize);
DWORD SendAppMsgRemoteAddr = WeChatRobotBase + SendAppMsgRemoteOffset;
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)SendAppMsgRemoteAddr, (LPVOID)paramAndFunc, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
GetExitCodeThread(hThread, &dwRet);
CloseHandle(hThread);
params.wxid = (DWORD)r_wxid.GetAddr();
params.appid = (DWORD)r_appid.GetAddr();
WeChatData<SendAppMsgStruct*> r_params(hp.GetHandle(), &params, sizeof(params));
if (!params.wxid || !params.appid || !r_params.GetAddr()) {
return 1;
}
VirtualFreeEx(hProcess, wxidaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, appidaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, paramAndFunc, 0, MEM_RELEASE);
CloseHandle(hProcess);
DWORD dwRet = CallRemoteFunction(hp.GetHandle(), SendAppMsgRemoteAddr, r_params.GetAddr());
return dwRet == 0;
}
\ No newline at end of file
CWeChatRobot/SendArticle.cpp
浏览文件 @ 74151691
......@@ -9,61 +9,27 @@ struct SendArticleStruct {
};
BOOL SendArticle(DWORD pid,wchar_t* wxid, wchar_t* title, wchar_t* abstract, wchar_t* url, wchar_t* imgpath) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
DWORD dwId = 0;
DWORD dwWriteSize = 0;
SendArticleStruct params;
ZeroMemory(&params, sizeof(params));
DWORD SendArticleProcAddr = WeChatRobotBase + SendArticleOffset;
LPVOID wxidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
LPVOID titleaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
LPVOID abstractaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
LPVOID urladdr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
LPVOID imgaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
SendArticleStruct* paramAndFunc = (SendArticleStruct*)::VirtualAllocEx(hProcess, 0, sizeof(SendArticleStruct), MEM_COMMIT, PAGE_READWRITE);
if (!wxidaddr || !titleaddr || !abstractaddr || !urladdr || !imgaddr ||
!paramAndFunc || !WeChatRobotBase)
{
CloseHandle(hProcess);
return 1;
}
if (wxidaddr)
WriteProcessMemory(hProcess, wxidaddr, wxid, wcslen(wxid) * 2 + 2, &dwWriteSize);
if (titleaddr)
WriteProcessMemory(hProcess, titleaddr, title, wcslen(title) * 2 + 2, &dwWriteSize);
if (abstractaddr)
WriteProcessMemory(hProcess, abstractaddr, abstract, wcslen(abstract) * 2 + 2, &dwWriteSize);
if (urladdr)
WriteProcessMemory(hProcess, urladdr, url, wcslen(url) * 2 + 2, &dwWriteSize);
if (imgpath && imgaddr)
WriteProcessMemory(hProcess, imgaddr, imgpath, wcslen(imgpath) * 2 + 2, &dwWriteSize);
params.wxid = (DWORD)wxidaddr;
params.title = (DWORD)titleaddr;
params.abstract = (DWORD)abstractaddr;
params.url = (DWORD)urladdr;
params.imgpath = imgpath ? (DWORD)imgaddr : 0;
if (paramAndFunc)
WriteProcessMemory(hProcess, paramAndFunc, &params, sizeof(params), &dwId);
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)SendArticleProcAddr, (LPVOID)paramAndFunc, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
CloseHandle(hThread);
}
VirtualFreeEx(hProcess, wxidaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, titleaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, abstractaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, urladdr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, imgaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, paramAndFunc, 0, MEM_RELEASE);
CloseHandle(hProcess);
WeChatProcess hp(pid);
if (!hp.m_init) return 1;
DWORD SendArticleRemoteAddr = hp.GetProcAddr(SendArticleRemote);
if (SendArticleRemoteAddr == 0) {
return 1;
}
SendArticleStruct params = { 0 };
WeChatData<wchar_t*> r_wxid(hp.GetHandle(), wxid, TEXTLENGTH(wxid));
WeChatData<wchar_t*> r_title(hp.GetHandle(), title, TEXTLENGTH(title));
WeChatData<wchar_t*> r_abstract(hp.GetHandle(), abstract, TEXTLENGTH(abstract));
WeChatData<wchar_t*> r_url(hp.GetHandle(), url, TEXTLENGTH(url));
WeChatData<wchar_t*> r_imgpath(hp.GetHandle(), imgpath, TEXTLENGTH(imgpath));
params.wxid = (DWORD)r_wxid.GetAddr();
params.title = (DWORD)r_title.GetAddr();
params.abstract = (DWORD)r_abstract.GetAddr();
params.url = (DWORD)r_url.GetAddr();
params.imgpath = (DWORD)r_imgpath.GetAddr();
WeChatData<SendArticleStruct*> r_params(hp.GetHandle(), &params, sizeof(params));
if (!r_wxid.GetAddr() || !r_title.GetAddr() || !r_abstract.GetAddr() || !r_url.GetAddr() || !r_params.GetAddr()) {
return 1;
}
DWORD dwRet = CallRemoteFunction(hp.GetHandle(), SendArticleRemoteAddr, r_params.GetAddr());
return 0;
}
\ No newline at end of file
CWeChatRobot/SendAtText.cpp
浏览文件 @ 74151691
......@@ -10,66 +10,26 @@ struct SendAtTextStruct
};
int SendAtText(DWORD pid,wchar_t* chatroomid, wchar_t* wxid, wchar_t* wxmsg,BOOL AutoNickName) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
DWORD dwId = 0;
DWORD dwWriteSize = 0;
SendAtTextStruct params;
ZeroMemory(&params, sizeof(params));
LPVOID chatroomidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
LPVOID wxidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
LPVOID wxmsgaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
SendAtTextStruct* paramAndFunc = (SendAtTextStruct*)::VirtualAllocEx(hProcess, 0, sizeof(SendAtTextStruct), MEM_COMMIT, PAGE_READWRITE);
if (!chatroomidaddr || !wxidaddr || !wxmsgaddr || !paramAndFunc || !WeChatRobotBase) {
CloseHandle(hProcess);
WeChatProcess hp(pid);
if (!hp.m_init) return 1;
DWORD SendAtTextRemoteAddr = hp.GetProcAddr(SendAtTextRemote);
if (SendAtTextRemoteAddr == 0) {
return 1;
}
DWORD dwTId = 0;
if (chatroomidaddr)
WriteProcessMemory(hProcess, chatroomidaddr, chatroomid, wcslen(chatroomid) * 2 + 2, &dwWriteSize);
if (wxidaddr)
WriteProcessMemory(hProcess, wxidaddr, wxid, wcslen(wxid) * 2 + 2, &dwWriteSize);
if (wxmsgaddr)
WriteProcessMemory(hProcess, wxmsgaddr, wxmsg, wcslen(wxmsg) * 2 + 2, &dwWriteSize);
params.chatroomid = (DWORD)chatroomidaddr;
params.wxid = (DWORD)wxidaddr;
params.wxmsg = (DWORD)wxmsgaddr;
params.length = 1;
SendAtTextStruct params = { 0 };
WeChatData<wchar_t*> r_wxid(hp.GetHandle(), wxid, TEXTLENGTH(wxid));
WeChatData<wchar_t*> r_chatroomid(hp.GetHandle(), chatroomid, TEXTLENGTH(chatroomid));
WeChatData<wchar_t*> r_wxmsg(hp.GetHandle(), wxmsg, TEXTLENGTH(wxmsg));
params.wxid = (DWORD)r_wxid.GetAddr();
params.wxmsg = (DWORD)r_wxmsg.GetAddr();
params.chatroomid = (DWORD)r_chatroomid.GetAddr();
params.AutoNickName = AutoNickName;
if (paramAndFunc) {
WriteProcessMemory(hProcess, paramAndFunc, &params, sizeof(SendAtTextStruct), &dwTId);
}
else {
CloseHandle(hProcess);
return 1;
}
DWORD SendAtTextRemoteAddr = WeChatRobotBase + SendAtTextOffset;
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)SendAtTextRemoteAddr, (LPVOID)paramAndFunc, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
}
else {
CloseHandle(hProcess);
params.length = 1;
WeChatData<SendAtTextStruct*> r_params(hp.GetHandle(), &params, sizeof(params));
if (!params.wxid || !params.wxmsg || !r_params.GetAddr()) {
return 1;
}
CloseHandle(hThread);
VirtualFreeEx(hProcess, chatroomidaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, wxidaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, wxmsgaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, paramAndFunc, 0, MEM_RELEASE);
CloseHandle(hProcess);
DWORD dwRet = CallRemoteFunction(hp.GetHandle(), SendAtTextRemoteAddr, r_params.GetAddr());
return 0;
}
......@@ -85,73 +45,37 @@ BOOL SendAtText(DWORD pid,wchar_t* chatroomid, SAFEARRAY* psaValue, wchar_t* wxm
hr = SafeArrayGetElement(psaValue, &pIndex, &rgvar);
return SendAtText(pid,chatroomid, rgvar.bstrVal, wxmsg,AutoNickName);
}
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
WeChatProcess hp(pid);
if (!hp.m_init) return 1;
DWORD SendAtTextRemoteAddr = hp.GetProcAddr(SendAtTextRemote);
if (SendAtTextRemoteAddr == 0) {
return 1;
}
vector<void*> wxidptrs;
DWORD dwWriteSize = 0;
DWORD dwTId = 0; DWORD dwId = 0;
SendAtTextStruct params = { 0 };
LPVOID chatroomidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
LPVOID wxidptrsaddr = VirtualAllocEx(hProcess, NULL, sizeof(void*) * cElements, MEM_COMMIT, PAGE_READWRITE);
LPVOID wxmsgaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
SendAtTextStruct* paramAndFunc = (SendAtTextStruct*)::VirtualAllocEx(hProcess, 0, sizeof(SendAtTextStruct), MEM_COMMIT, PAGE_READWRITE);
if (!chatroomidaddr || !wxidptrsaddr || !wxmsgaddr || !paramAndFunc || !WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
WeChatData<wchar_t*> r_chatroomid(hp.GetHandle(), chatroomid, TEXTLENGTH(chatroomid));
WeChatData<wchar_t*> r_wxmsg(hp.GetHandle(), wxmsg, TEXTLENGTH(wxmsg));
params.wxmsg = (DWORD)r_wxmsg.GetAddr();
params.chatroomid = (DWORD)r_chatroomid.GetAddr();
params.AutoNickName = AutoNickName;
for (long i = lLbound; i < lLbound + cElements; i++) {
VariantInit(&rgvar);
hr = SafeArrayGetElement(psaValue, &i, &rgvar);
LPVOID wxidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
LPVOID wxidaddr = WriteWeChatMemory(hp.GetHandle(), rgvar.bstrVal, TEXTLENGTH(rgvar.bstrVal));
if (wxidaddr) {
WriteProcessMemory(hProcess, wxidaddr, rgvar.bstrVal, wcslen(rgvar.bstrVal) * 2 + 2, &dwWriteSize);
wxidptrs.push_back(wxidaddr);
}
}
if (chatroomidaddr)
WriteProcessMemory(hProcess, chatroomidaddr, chatroomid, wcslen(chatroomid) * 2 + 2, &dwWriteSize);
if (wxidptrsaddr)
WriteProcessMemory(hProcess, wxidptrsaddr, &wxidptrs[0], wxidptrs.size() * sizeof(void*), &dwWriteSize);
if (wxmsgaddr)
WriteProcessMemory(hProcess, wxmsgaddr, wxmsg, wcslen(wxmsg) * 2 + 2, &dwWriteSize);
params.chatroomid = (DWORD)chatroomidaddr;
params.wxid = (DWORD)wxidptrsaddr;
params.wxmsg = (DWORD)wxmsgaddr;
WeChatData<void**> r_wxids(hp.GetHandle(), &wxidptrs[0], wxidptrs.size() * sizeof(void*));
params.wxid = (DWORD)r_wxids.GetAddr();
params.length = wxidptrs.size();
params.AutoNickName = AutoNickName;
if (paramAndFunc) {
WriteProcessMemory(hProcess, paramAndFunc, &params, sizeof(SendAtTextStruct), &dwTId);
}
else {
CloseHandle(hProcess);
return 1;
}
DWORD SendAtTextRemoteAddr = WeChatRobotBase + SendAtTextOffset;
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)SendAtTextRemoteAddr, (LPVOID)paramAndFunc, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
}
else {
CloseHandle(hProcess);
WeChatData<SendAtTextStruct*> r_params(hp.GetHandle(), &params, sizeof(params));
if (!params.chatroomid || !params.wxid || !params.wxmsg || !r_params.GetAddr()) {
return 1;
}
CloseHandle(hThread);
DWORD dwRet = CallRemoteFunction(hp.GetHandle(), SendAtTextRemoteAddr, r_params.GetAddr());
for (unsigned int i = 0; i < wxidptrs.size(); i++) {
VirtualFreeEx(hProcess, wxidptrs[i], 0, MEM_RELEASE);
VirtualFreeEx(hp.GetHandle(), wxidptrs[i], 0, MEM_RELEASE);
}
VirtualFreeEx(hProcess, chatroomidaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, wxmsgaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, wxidptrsaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, paramAndFunc, 0, MEM_RELEASE);
CloseHandle(hProcess);
return 0;
}
\ No newline at end of file
CWeChatRobot/SendCard.cpp
浏览文件 @ 74151691
......@@ -7,50 +7,23 @@ struct SendCardStruct {
};
BOOL SendCard(DWORD pid,wchar_t* receiver, wchar_t* sharedwxid, wchar_t* nickname) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
DWORD dwId = 0;
DWORD dwWriteSize = 0;
SendCardStruct params;
ZeroMemory(&params, sizeof(params));
DWORD SendCardProcAddr = WeChatRobotBase + SendCardOffset;
LPVOID receiveraddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
LPVOID sharedwxidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
LPVOID nicknameaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
SendCardStruct* paramAndFunc = (SendCardStruct*)::VirtualAllocEx(hProcess, 0, sizeof(SendCardStruct), MEM_COMMIT, PAGE_READWRITE);
if (!receiveraddr || !sharedwxidaddr || !nicknameaddr ||
!paramAndFunc || !WeChatRobotBase)
{
CloseHandle(hProcess);
return 1;
}
if (receiveraddr)
WriteProcessMemory(hProcess, receiveraddr, receiver, wcslen(receiver) * 2 + 2, &dwWriteSize);
if (sharedwxidaddr)
WriteProcessMemory(hProcess, sharedwxidaddr, sharedwxid, wcslen(sharedwxid) * 2 + 2, &dwWriteSize);
if (nicknameaddr)
WriteProcessMemory(hProcess, nicknameaddr, nickname, wcslen(nickname) * 2 + 2, &dwWriteSize);
params.receiver = (DWORD)receiveraddr;
params.sharedwxid = (DWORD)sharedwxidaddr;
params.nickname = (DWORD)nicknameaddr;
if (paramAndFunc)
WriteProcessMemory(hProcess, paramAndFunc, &params, sizeof(params), &dwId);
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)SendCardProcAddr, (LPVOID)paramAndFunc, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
CloseHandle(hThread);
}
VirtualFreeEx(hProcess, receiveraddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, sharedwxidaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, nicknameaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, paramAndFunc, 0, MEM_RELEASE);
CloseHandle(hProcess);
return 0;
WeChatProcess hp(pid);
if (!hp.m_init) return 1;
DWORD SendCardRemoteAddr = hp.GetProcAddr(SendCardRemote);
if (SendCardRemoteAddr == 0) {
return 1;
}
SendCardStruct params = { 0 };
WeChatData<wchar_t*> r_receiver(hp.GetHandle(), receiver, TEXTLENGTH(receiver));
WeChatData<wchar_t*> r_sharedwxid(hp.GetHandle(), sharedwxid, TEXTLENGTH(sharedwxid));
WeChatData<wchar_t*> r_nickname(hp.GetHandle(), nickname, TEXTLENGTH(nickname));
params.receiver = (DWORD)r_receiver.GetAddr();
params.sharedwxid = (DWORD)r_sharedwxid.GetAddr();
params.nickname = (DWORD)r_nickname.GetAddr();
WeChatData<SendCardStruct*> r_params(hp.GetHandle(), &params, sizeof(params));
if (!params.receiver || !params.sharedwxid || !params.nickname || !r_params.GetAddr()) {
return 1;
}
DWORD dwRet = CallRemoteFunction(hp.GetHandle(), SendCardRemoteAddr, r_params.GetAddr());
return 0;
}
\ No newline at end of file
CWeChatRobot/SendFile.cpp
浏览文件 @ 74151691
......@@ -6,57 +6,22 @@ struct FileParamStruct {
};
int SendFile(DWORD pid,wchar_t* wxid, wchar_t* filepath) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
DWORD dwId = 0;
DWORD dwWriteSize = 0;
FileParamStruct params;
ZeroMemory(&params, sizeof(params));
LPVOID wxidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
LPVOID filepathaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
FileParamStruct* paramAndFunc = (FileParamStruct*)::VirtualAllocEx(hProcess, 0, sizeof(FileParamStruct), MEM_COMMIT, PAGE_READWRITE);
if (!wxidaddr || !filepathaddr || !paramAndFunc || !WeChatRobotBase) {
CloseHandle(hProcess);
WeChatProcess hp(pid);
if (!hp.m_init) return 1;
DWORD SendFileRemoteAddr = hp.GetProcAddr(SendFileRemote);
if (SendFileRemoteAddr == 0) {
return 1;
}
DWORD dwTId = 0;
if (wxidaddr)
WriteProcessMemory(hProcess, wxidaddr, wxid, wcslen(wxid) * 2 + 2, &dwWriteSize);
if (filepathaddr)
WriteProcessMemory(hProcess, filepathaddr, filepath, wcslen(filepath) * 2 + 2, &dwWriteSize);
params.wxid = (DWORD)wxidaddr;
params.filepath = (DWORD)filepathaddr;
FileParamStruct params = { 0 };
WeChatData<wchar_t*> r_wxid(hp.GetHandle(), wxid, TEXTLENGTH(wxid));
WeChatData<wchar_t*> r_filepath(hp.GetHandle(), filepath, TEXTLENGTH(filepath));
if (paramAndFunc) {
WriteProcessMemory(hProcess, paramAndFunc, &params, sizeof(params), &dwTId);
}
else {
CloseHandle(hProcess);
return 1;
}
DWORD SendFileRemoteAddr = WeChatRobotBase + SendFileOffset;
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)SendFileRemoteAddr, (LPVOID)paramAndFunc, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
}
else {
CloseHandle(hProcess);
params.wxid = (DWORD)r_wxid.GetAddr();
params.filepath = (DWORD)r_filepath.GetAddr();
WeChatData<FileParamStruct*> r_params(hp.GetHandle(), &params, sizeof(params));
if (!params.wxid || !params.filepath || !r_params.GetAddr()) {
return 1;
}
CloseHandle(hThread);
VirtualFreeEx(hProcess, wxidaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, filepathaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, paramAndFunc, 0, MEM_RELEASE);
CloseHandle(hProcess);
DWORD dwRet = CallRemoteFunction(hp.GetHandle(), SendFileRemoteAddr, r_params.GetAddr());
return 0;
}
CWeChatRobot/SendImage.cpp
浏览文件 @ 74151691
......@@ -6,57 +6,22 @@ struct ImageParamStruct {
};
int SendImage(DWORD pid,wchar_t* wxid, wchar_t* imagepath) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
DWORD dwId = 0;
DWORD dwWriteSize = 0;
ImageParamStruct params;
ZeroMemory(&params, sizeof(params));
LPVOID wxidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
LPVOID imagepathaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
ImageParamStruct* paramAndFunc = (ImageParamStruct*)::VirtualAllocEx(hProcess, 0, sizeof(ImageParamStruct), MEM_COMMIT, PAGE_READWRITE);
if (!wxidaddr || !imagepathaddr || !paramAndFunc || !WeChatRobotBase) {
CloseHandle(hProcess);
WeChatProcess hp(pid);
if (!hp.m_init) return 1;
DWORD SendImageRemoteAddr = hp.GetProcAddr(SendImageRemote);
if (SendImageRemoteAddr == 0) {
return 1;
}
DWORD dwTId = 0;
if (wxidaddr)
WriteProcessMemory(hProcess, wxidaddr, wxid, wcslen(wxid) * 2 + 2, &dwWriteSize);
if (imagepathaddr)
WriteProcessMemory(hProcess, imagepathaddr, imagepath, wcslen(imagepath) * 2 + 2, &dwWriteSize);
params.wxid = (DWORD)wxidaddr;
params.imagepath = (DWORD)imagepathaddr;
ImageParamStruct params = { 0 };
WeChatData<wchar_t*> r_wxid(hp.GetHandle(), wxid, TEXTLENGTH(wxid));
WeChatData<wchar_t*> r_imagepath(hp.GetHandle(), imagepath, TEXTLENGTH(imagepath));
if (paramAndFunc) {
WriteProcessMemory(hProcess, paramAndFunc, &params, sizeof(params), &dwTId);
}
else {
CloseHandle(hProcess);
return 1;
}
DWORD SendImageRemoteAddr = WeChatRobotBase + SendImageOffset;
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)SendImageRemoteAddr, (LPVOID)paramAndFunc, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
}
else {
CloseHandle(hProcess);
params.wxid = (DWORD)r_wxid.GetAddr();
params.imagepath = (DWORD)r_imagepath.GetAddr();
WeChatData<ImageParamStruct*> r_params(hp.GetHandle(), &params, sizeof(params));
if (!params.wxid || !params.imagepath || !r_params.GetAddr()) {
return 1;
}
CloseHandle(hThread);
VirtualFreeEx(hProcess, wxidaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, imagepathaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, paramAndFunc, 0, MEM_RELEASE);
CloseHandle(hProcess);
DWORD dwRet = CallRemoteFunction(hp.GetHandle(), SendImageRemoteAddr, r_params.GetAddr());
return 0;
}
CWeChatRobot/SendText.cpp
浏览文件 @ 74151691
......@@ -7,57 +7,21 @@ struct SendTextStruct
};
int SendText(DWORD pid,wchar_t* wxid, wchar_t* wxmsg) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
WeChatProcess hp(pid);
if (!hp.m_init) return 1;
DWORD SendTextRemoteAddr = hp.GetProcAddr(SendTextRemote);
if (SendTextRemoteAddr == 0) {
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
DWORD dwId = 0;
DWORD dwWriteSize = 0;
SendTextStruct params;
ZeroMemory(&params, sizeof(params));
LPVOID wxidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
LPVOID wxmsgaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
SendTextStruct* paramAndFunc = (SendTextStruct*)::VirtualAllocEx(hProcess, 0, sizeof(SendTextStruct), MEM_COMMIT, PAGE_READWRITE);
if (!wxidaddr || !wxmsgaddr || !paramAndFunc || !WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
DWORD dwTId = 0;
if (wxidaddr)
WriteProcessMemory(hProcess, wxidaddr, wxid, wcslen(wxid) * 2 + 2, &dwWriteSize);
if (wxmsgaddr)
WriteProcessMemory(hProcess, wxmsgaddr, wxmsg, wcslen(wxmsg) * 2 + 2, &dwWriteSize);
params.wxid = (DWORD)wxidaddr;
params.wxmsg = (DWORD)wxmsgaddr;
if (paramAndFunc) {
WriteProcessMemory(hProcess, paramAndFunc, &params, sizeof(params), &dwTId);
}
else {
CloseHandle(hProcess);
return 1;
}
DWORD SendTextRemoteAddr = WeChatRobotBase + SendTextOffset;
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)SendTextRemoteAddr, (LPVOID)paramAndFunc, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
}
else {
CloseHandle(hProcess);
SendTextStruct params = { 0 };
WeChatData<wchar_t*> r_wxid(hp.GetHandle(),wxid,TEXTLENGTH(wxid));
WeChatData<wchar_t*> r_wxmsg(hp.GetHandle(), wxmsg, TEXTLENGTH(wxmsg));
params.wxid = (DWORD)r_wxid.GetAddr();
params.wxmsg = (DWORD)r_wxmsg.GetAddr();
WeChatData<SendTextStruct*> r_params(hp.GetHandle(), &params, sizeof(params));
if (!params.wxid || !params.wxmsg || !r_params.GetAddr()) {
return 1;
}
CloseHandle(hThread);
VirtualFreeEx(hProcess, wxidaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, wxmsgaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, paramAndFunc, 0, MEM_RELEASE);
CloseHandle(hProcess);
DWORD dwRet = CallRemoteFunction(hp.GetHandle(), SendTextRemoteAddr, r_params.GetAddr());
return 0;
}
\ No newline at end of file
CWeChatRobot/SetChatRoomAnnouncement.cpp
浏览文件 @ 74151691
......@@ -7,59 +7,19 @@ struct ChatRoomAnnouncementStruct
};
BOOL SetChatRoomAnnouncement(DWORD pid,wchar_t* chatroomid, wchar_t* announcement) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
WeChatProcess hp(pid);
if (!hp.m_init) return 1;
DWORD SetChatRoomAnnouncementRemoteAddr = hp.GetProcAddr(SetChatRoomAnnouncementRemote);
if (SetChatRoomAnnouncementRemoteAddr == 0)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
WeChatData<wchar_t*> r_chatroomid(hp.GetHandle(), chatroomid, TEXTLENGTH(chatroomid));
WeChatData<wchar_t*> r_announcement(hp.GetHandle(), announcement, TEXTLENGTH(announcement));
ChatRoomAnnouncementStruct params = { 0 };
params.chatroomid = (DWORD)r_chatroomid.GetAddr();
params.announcement = (DWORD)r_announcement.GetAddr();
WeChatData<ChatRoomAnnouncementStruct*> r_params(hp.GetHandle(), &params, sizeof(params));
if (r_chatroomid.GetAddr() == 0 || r_params.GetAddr() == 0)
return 1;
}
DWORD dwId = 0;
DWORD dwWriteSize = 0;
DWORD dwRet = 0;
ChatRoomAnnouncementStruct params;
ZeroMemory(&params, sizeof(params));
LPVOID chatroomidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
LPVOID announcementaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
ChatRoomAnnouncementStruct* paramAndFunc = (ChatRoomAnnouncementStruct*)::VirtualAllocEx(hProcess, 0, sizeof(ChatRoomAnnouncementStruct), MEM_COMMIT, PAGE_READWRITE);
if (!chatroomidaddr || !announcementaddr || !paramAndFunc) {
CloseHandle(hProcess);
return 1;
}
DWORD dwTId = 0;
if (chatroomidaddr)
WriteProcessMemory(hProcess, chatroomidaddr, chatroomid, wcslen(chatroomid) * 2 + 2, &dwWriteSize);
if (announcement && announcementaddr)
WriteProcessMemory(hProcess, announcementaddr, announcement, wcslen(announcement) * 2 + 2, &dwWriteSize);
params.chatroomid = (DWORD)chatroomidaddr;
params.announcement = announcement ? (DWORD)announcementaddr : 0;
if (paramAndFunc) {
WriteProcessMemory(hProcess, paramAndFunc, &params, sizeof(params), &dwTId);
}
else {
CloseHandle(hProcess);
return 1;
}
DWORD SetChatRoomAnnouncementAddr = WeChatRobotBase + SetChatRoomAnnouncementRemoteOffset;
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)SetChatRoomAnnouncementAddr, (LPVOID)paramAndFunc, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
GetExitCodeThread(hThread, &dwRet);
CloseHandle(hThread);
}
else {
CloseHandle(hProcess);
return 1;
}
VirtualFreeEx(hProcess, chatroomidaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, announcementaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, paramAndFunc, 0, MEM_RELEASE);
CloseHandle(hProcess);
return dwRet == 0;
DWORD ret = CallRemoteFunction(hp.GetHandle(), SetChatRoomAnnouncementRemoteAddr, r_params.GetAddr());
return ret == 0;
}
\ No newline at end of file
CWeChatRobot/SetChatRoomName.cpp
浏览文件 @ 74151691
......@@ -7,59 +7,19 @@ struct ChatRoomNameStruct
};
BOOL SetChatRoomName(DWORD pid,wchar_t* chatroomid, wchar_t* name) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
WeChatProcess hp(pid);
if (!hp.m_init) return 1;
DWORD SetChatRoomNameRemoteAddr = hp.GetProcAddr(SetChatRoomNameRemote);
if (SetChatRoomNameRemoteAddr == 0)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
WeChatData<wchar_t*> r_chatroomid(hp.GetHandle(), chatroomid, TEXTLENGTH(chatroomid));
WeChatData<wchar_t*> r_name(hp.GetHandle(), name, TEXTLENGTH(name));
ChatRoomNameStruct params = { 0 };
params.chatroomid = (DWORD)r_chatroomid.GetAddr();
params.name = (DWORD)r_name.GetAddr();
WeChatData<ChatRoomNameStruct*> r_params(hp.GetHandle(), &params, sizeof(params));
if (r_chatroomid.GetAddr() == 0 || r_params.GetAddr() == 0)
return 1;
}
DWORD dwId = 0;
DWORD dwWriteSize = 0;
DWORD dwRet = 0;
ChatRoomNameStruct params;
ZeroMemory(&params, sizeof(params));
LPVOID chatroomidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
LPVOID nameaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
ChatRoomNameStruct* paramAndFunc = (ChatRoomNameStruct*)::VirtualAllocEx(hProcess, 0, sizeof(ChatRoomNameStruct), MEM_COMMIT, PAGE_READWRITE);
if (!chatroomidaddr || !nameaddr || !paramAndFunc) {
CloseHandle(hProcess);
return 1;
}
DWORD dwTId = 0;
if (chatroomidaddr)
WriteProcessMemory(hProcess, chatroomidaddr, chatroomid, wcslen(chatroomid) * 2 + 2, &dwWriteSize);
if (nameaddr)
WriteProcessMemory(hProcess, nameaddr, name, wcslen(name) * 2 + 2, &dwWriteSize);
params.chatroomid = (DWORD)chatroomidaddr;
params.name = (DWORD)nameaddr;
if (paramAndFunc) {
WriteProcessMemory(hProcess, paramAndFunc, &params, sizeof(params), &dwTId);
}
else {
CloseHandle(hProcess);
return 1;
}
DWORD SetChatRoomNameAddr = WeChatRobotBase + SetChatRoomNameRemoteOffset;
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)SetChatRoomNameAddr, (LPVOID)paramAndFunc, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
GetExitCodeThread(hThread, &dwRet);
CloseHandle(hThread);
}
else {
CloseHandle(hProcess);
return 1;
}
VirtualFreeEx(hProcess, chatroomidaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, nameaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, paramAndFunc, 0, MEM_RELEASE);
CloseHandle(hProcess);
return dwRet == 0;
DWORD ret = CallRemoteFunction(hp.GetHandle(), SetChatRoomNameRemoteAddr, r_params.GetAddr());
return ret == 0;
}
\ No newline at end of file
CWeChatRobot/SetChatRoomSelfNickname.cpp
浏览文件 @ 74151691
......@@ -7,59 +7,19 @@ struct ChatRoomSelfNicknameStruct
};
BOOL SetChatRoomSelfNickname(DWORD pid,wchar_t* chatroomid, wchar_t* nickname) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
WeChatProcess hp(pid);
if (!hp.m_init) return 1;
DWORD SetChatRoomSelfNicknameRemoteAddr = hp.GetProcAddr(SetChatRoomSelfNicknameRemote);
if (SetChatRoomSelfNicknameRemoteAddr == 0)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
WeChatData<wchar_t*> r_chatroomid(hp.GetHandle(), chatroomid, TEXTLENGTH(chatroomid));
WeChatData<wchar_t*> r_nickname(hp.GetHandle(), nickname, TEXTLENGTH(nickname));
ChatRoomSelfNicknameStruct params = { 0 };
params.chatroomid = (DWORD)r_chatroomid.GetAddr();
params.nickname = (DWORD)r_nickname.GetAddr();
WeChatData<ChatRoomSelfNicknameStruct*> r_params(hp.GetHandle(), &params, sizeof(params));
if (r_chatroomid.GetAddr() == 0 || r_params.GetAddr() == 0)
return 1;
}
DWORD dwId = 0;
DWORD dwWriteSize = 0;
DWORD dwRet = 0;
ChatRoomSelfNicknameStruct params;
ZeroMemory(&params, sizeof(params));
LPVOID chatroomidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
LPVOID nicknameaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
ChatRoomSelfNicknameStruct* paramAndFunc = (ChatRoomSelfNicknameStruct*)::VirtualAllocEx(hProcess, 0, sizeof(ChatRoomSelfNicknameStruct), MEM_COMMIT, PAGE_READWRITE);
if (!chatroomidaddr || !nicknameaddr || !paramAndFunc) {
CloseHandle(hProcess);
return 1;
}
DWORD dwTId = 0;
if (chatroomidaddr)
WriteProcessMemory(hProcess, chatroomidaddr, chatroomid, wcslen(chatroomid) * 2 + 2, &dwWriteSize);
if (nicknameaddr)
WriteProcessMemory(hProcess, nicknameaddr, nickname, wcslen(nickname) * 2 + 2, &dwWriteSize);
params.chatroomid = (DWORD)chatroomidaddr;
params.nickname = (DWORD)nicknameaddr;
if (paramAndFunc) {
WriteProcessMemory(hProcess, paramAndFunc, &params, sizeof(params), &dwTId);
}
else {
CloseHandle(hProcess);
return 1;
}
DWORD SetChatRoomSelfNicknameAddr = WeChatRobotBase + SetChatRoomSelfNicknameRemoteOffset;
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)SetChatRoomSelfNicknameAddr, (LPVOID)paramAndFunc, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
GetExitCodeThread(hThread, &dwRet);
CloseHandle(hThread);
}
else {
CloseHandle(hProcess);
return 1;
}
VirtualFreeEx(hProcess, chatroomidaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, nicknameaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, paramAndFunc, 0, MEM_RELEASE);
CloseHandle(hProcess);
return dwRet == 0;
DWORD ret = CallRemoteFunction(hp.GetHandle(), SetChatRoomSelfNicknameRemoteAddr, r_params.GetAddr());
return ret == 0;
}
\ No newline at end of file
CWeChatRobot/VerifyFriendApply.cpp
浏览文件 @ 74151691
......@@ -6,47 +6,19 @@ struct VerifyFriendApplyStruct {
};
BOOL VerifyFriendApply(DWORD pid,wchar_t* v3,wchar_t* v4) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
DWORD VerifyFriendApplyProcAddr = WeChatRobotBase + VerifyFriendApplyOffset;
LPVOID v3addr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
LPVOID v4addr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
DWORD dwWriteSize = 0;
DWORD dwId = 0;
DWORD dwHandle = 0;
VerifyFriendApplyStruct apply_data = { 0 };
if (!v3addr || !v4addr) {
CloseHandle(hProcess);
return 1;
}
WriteProcessMemory(hProcess, v3addr, v3, wcslen(v3) * 2 + 2, &dwWriteSize);
WriteProcessMemory(hProcess, v4addr, v4, wcslen(v4) * 2 + 2, &dwWriteSize);
VerifyFriendApplyStruct* paramAndFunc = (VerifyFriendApplyStruct*)::VirtualAllocEx(hProcess, 0, sizeof(VerifyFriendApplyStruct), MEM_COMMIT, PAGE_READWRITE);
apply_data.v3 = (DWORD)v3addr;
apply_data.v4 = (DWORD)v4addr;
if (paramAndFunc)
WriteProcessMemory(hProcess, paramAndFunc, &apply_data, sizeof(apply_data), &dwId);
else {
CloseHandle(hProcess);
return 1;
}
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)VerifyFriendApplyProcAddr, paramAndFunc, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
GetExitCodeThread(hThread, &dwHandle);
CloseHandle(hThread);
}
VirtualFreeEx(hProcess, v3addr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, v4addr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, paramAndFunc, 0, MEM_RELEASE);
CloseHandle(hProcess);
return dwHandle == 0;
WeChatProcess hp(pid);
if (!hp.m_init) return 1;
DWORD VerifyFriendApplyRemoteAddr = hp.GetProcAddr(VerifyFriendApplyRemote);
if (VerifyFriendApplyRemoteAddr == 0)
return 1;
WeChatData<wchar_t*> r_v3(hp.GetHandle(), v3, TEXTLENGTH(v3));
WeChatData<wchar_t*> r_v4(hp.GetHandle(), v4, TEXTLENGTH(v4));
VerifyFriendApplyStruct params = { 0 };
params.v3 = (DWORD)r_v3.GetAddr();
params.v4 = (DWORD)r_v4.GetAddr();
WeChatData<VerifyFriendApplyStruct*> r_params(hp.GetHandle(), &params, sizeof(params));
if (r_v3.GetAddr() == 0 || r_v4.GetAddr() == 0 || r_params.GetAddr() == 0)
return 1;
DWORD ret = CallRemoteFunction(hp.GetHandle(), VerifyFriendApplyRemoteAddr, r_params.GetAddr());
return ret == 0;
}
\ No newline at end of file
CWeChatRobot/WeChatRobot.cpp
浏览文件 @ 74151691
......@@ -120,8 +120,8 @@ STDMETHODIMP CWeChatRobot::CGetFriendList(DWORD pid, VARIANT* __result) {
(考虑到从SAFEARRAY转换到适当变量可能较为繁琐,故保留此接口)
*/
STDMETHODIMP CWeChatRobot::CGetFriendListString(DWORD pid, BSTR* __result) {
string smessage = _com_util::ConvertBSTRToString((BSTR)(GetFriendListString(pid).c_str()));
*__result = _com_util::ConvertStringToBSTR(smessage.c_str());
wstring info = GetFriendListString(pid);
*__result = (_bstr_t)info.c_str();
return S_OK;
}
......@@ -131,8 +131,8 @@ STDMETHODIMP CWeChatRobot::CGetFriendListString(DWORD pid, BSTR* __result) {
* 参数2:预返回的值,调用时无需提供
*/
STDMETHODIMP CWeChatRobot::CGetWxUserInfo(DWORD pid, BSTR wxid,BSTR* __result) {
string smessage = _com_util::ConvertBSTRToString((BSTR)(GetWxUserInfo(pid, wxid).c_str()));
*__result = _com_util::ConvertStringToBSTR(smessage.c_str());
wstring info = GetWxUserInfo(pid, wxid);
*__result = (_bstr_t)info.c_str();
return S_OK;
}
......@@ -141,8 +141,8 @@ STDMETHODIMP CWeChatRobot::CGetWxUserInfo(DWORD pid, BSTR wxid,BSTR* __result) {
* 参数1:预返回的值,调用时无需提供
*/
STDMETHODIMP CWeChatRobot::CGetSelfInfo(DWORD pid, BSTR* __result) {
string smessage = _com_util::ConvertBSTRToString((BSTR)(GetSelfInfo(pid).c_str()));
*__result = _com_util::ConvertStringToBSTR(smessage.c_str());
wstring info = GetSelfInfo(pid);
*__result = (_bstr_t)info.c_str();
return S_OK;
}
......@@ -160,8 +160,8 @@ STDMETHODIMP CWeChatRobot::CCheckFriendStatus(DWORD pid, BSTR wxid,int* __result
* 参数1:预返回的值,调用时无需提供
*/
STDMETHODIMP CWeChatRobot::CGetComWorkPath(BSTR* __result) {
string path = _com_util::ConvertBSTRToString((BSTR)(GetComWorkPath().c_str()));
*__result = _com_util::ConvertStringToBSTR(path.c_str());
wstring path = GetComWorkPath();
*__result = (_bstr_t)path.c_str();
return S_OK;
}
......@@ -272,8 +272,8 @@ STDMETHODIMP CWeChatRobot::CAddFriendByV3(DWORD pid, BSTR v3, BSTR message,int A
* 参数1:预返回的值,调用时无需提供
*/
STDMETHODIMP CWeChatRobot::CGetWeChatVer(BSTR* __result) {
string path = _com_util::ConvertBSTRToString((BSTR)(GetWeChatVerStr().c_str()));
*__result = _com_util::ConvertStringToBSTR(path.c_str());
wstring path = GetWeChatVerStr();
*__result = (_bstr_t)path.c_str();
return S_OK;
}
......
CWeChatRobot/WeChatRobotCOM.vcxproj
浏览文件 @ 74151691
......@@ -244,6 +244,7 @@
<ClInclude Include="SetChatRoomSelfNickname.h" />
<ClInclude Include="targetver.h" />
<ClInclude Include="SearchContact.h" />
<ClInclude Include="templatefunc.h" />
<ClInclude Include="VerifyFriendApply.h" />
<ClInclude Include="WeChatRobot.h" />
<ClInclude Include="WeChatRobotCOM_i.h" />
......@@ -291,6 +292,7 @@
<ClCompile Include="SetChatRoomAnnouncement.cpp" />
<ClCompile Include="SetChatRoomName.cpp" />
<ClCompile Include="SetChatRoomSelfNickname.cpp" />
<ClCompile Include="templatefunc.cpp" />
<ClCompile Include="VerifyFriendApply.cpp" />
<ClCompile Include="WeChatRobot.cpp" />
<ClCompile Include="WeChatRobotCOM.cpp" />
......
CWeChatRobot/WeChatRobotCOM.vcxproj.filters
浏览文件 @ 74151691
......@@ -113,6 +113,9 @@
<Filter Include="群相关\获取群成员列表">
<UniqueIdentifier>{dce4ab67-7d14-41b1-8e89-cbf9a8315a3a}</UniqueIdentifier>
</Filter>
<Filter Include="template">
<UniqueIdentifier>{fdd967bf-e9c0-4793-80a1-dcb87b061fc6}</UniqueIdentifier>
</Filter>
</ItemGroup>
<ItemGroup>
<ClInclude Include="framework.h">
......@@ -232,6 +235,9 @@
<ClInclude Include="ntapi.h">
<Filter>头文件</Filter>
</ClInclude>
<ClInclude Include="templatefunc.h">
<Filter>template</Filter>
</ClInclude>
</ItemGroup>
<ItemGroup>
<ClCompile Include="WeChatRobotCOM.cpp">
......@@ -354,6 +360,9 @@
<ClCompile Include="ntapi.cpp">
<Filter>源文件</Filter>
</ClCompile>
<ClCompile Include="templatefunc.cpp">
<Filter>template</Filter>
</ClCompile>
</ItemGroup>
<ItemGroup>
<ResourceCompile Include="WeChatRobotCOM.rc">
......
CWeChatRobot/templatefunc.cpp 0 → 100644
浏览文件 @ 74151691
#include "pch.h"
static unsigned char GetProcAsmCode[] = {
0x55, // push ebp;
0x8B,0xEC, // mov ebp, esp;
0x83,0xEC,0x40, // sub esp, 0x40;
0x57, // push edi;
0x51, // push ecx;
0x8B,0x7D,0x08, // mov edi, dword ptr[ebp + 0x8];
0x8B,0x07, // mov eax,dword ptr[edi];
0x50, // push eax;
0xE8,0x00,0x00,0x00,0x00, // call GetModuleHandleW;
0x83,0xC4,0x04, // add esp,0x4;
0x83,0xC7,0x04, // add edi,0x4;
0x8B,0x0F, // mov ecx, dword ptr[edi];
0x51, // push ecx;
0x50, // push eax;
0xE8,0x00,0x00,0x00,0x00, // call GetProcAddress;
0x83,0xC4,0x08, // add esp, 0x8;
0x59, // pop ecx;
0x5F, // pop edi;
0x8B,0xE5, // mov esp, ebp;
0x5D, // pop ebp;
0xC3 // retn;
};
LPVOID WeChatProcess::GetAsmFunAddr() {
DWORD pGetModuleHandleW = (DWORD)GetModuleHandleW;
DWORD pGetProcAddress = (DWORD)GetProcAddress;
PVOID call1 = (PVOID)&GetProcAsmCode[15];
PVOID call2 = (PVOID)&GetProcAsmCode[30];
LPVOID pAsmFuncAddr = VirtualAllocEx(handle, NULL, 1, MEM_COMMIT, PAGE_EXECUTE);
if (!pAsmFuncAddr)
return 0;
*(DWORD*)call1 = pGetModuleHandleW - (DWORD)pAsmFuncAddr - 14 - 5;
*(DWORD*)call2 = pGetProcAddress - (DWORD)pAsmFuncAddr - 29 - 5;
SIZE_T dwWriteSize;
WriteProcessMemory(handle, pAsmFuncAddr, GetProcAsmCode, sizeof(GetProcAsmCode), &dwWriteSize);
return pAsmFuncAddr;
}
DWORD WeChatProcess::GetProcAddr(LPSTR functionname) {
if (!AsmProcAddr || !handle)
return 0;
WeChatData<wchar_t*> r_modulename(handle, dllname, TEXTLENGTH(dllname));
WeChatData<LPSTR> r_functionname(handle, functionname, TEXTLENGTHA(functionname));
DWORD params[2] = { 0 };
params[0] = (DWORD)r_modulename.GetAddr();
params[1] = (DWORD)r_functionname.GetAddr();
WeChatData<DWORD*> r_params(handle, &params[0], sizeof(params));
DWORD dwProcAddr = CallRemoteFunction(handle, AsmProcAddr, r_params.GetAddr());
return dwProcAddr;
}
DWORD WeChatProcess::WeChatRobotBase() {
if (!handle)
return 0;
WeChatData<wchar_t*> r_dllname(handle, dllname, TEXTLENGTH(dllname));
if (r_dllname.GetAddr() == 0)
return 0;
DWORD ret = CallRemoteFunction(handle, GetModuleHandleW, r_dllname.GetAddr());
return ret;
}
\ No newline at end of file
CWeChatRobot/templatefunc.h 0 → 100644
浏览文件 @ 74151691
#pragma once
#include<windows.h>
#include<iostream>
template <typename T1, typename T2, typename T3>
T2 WriteWeChatMemory(T1 hProcess, T2 ptrvalue, T3 size) {
if (!hProcess)
return NULL;
DWORD dwWriteSize;
T2 addr = (T2)VirtualAllocEx(hProcess, NULL, size, MEM_COMMIT, PAGE_READWRITE);
if (addr)
WriteProcessMemory(hProcess, (LPVOID)addr, ptrvalue, size, &dwWriteSize);
return addr;
}
template<typename T1,typename T2,typename T3>
DWORD CallRemoteFunction(T1 hProcess,T2 FunctionAddr,T3 params)
{
DWORD dwRet = 0;
DWORD dwThreadId = 0;
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)FunctionAddr, (LPVOID)params, 0, &dwThreadId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
GetExitCodeThread(hThread, &dwRet);
CloseHandle(hThread);
}
else {
return 0;
}
return dwRet;
}
template <typename T>
class WeChatData {
public:
WeChatData(HANDLE hProcess,T data,int size) {
this->hProcess = hProcess;
this->size = size;
if (size == 0)
this->addr = data;
else
this->addr = WriteWeChatMemory(hProcess, data, size);
}
~WeChatData() {
if(this->size)
VirtualFreeEx(this->hProcess, this->addr, 0, MEM_RELEASE);
}
T GetAddr() {
return this->addr;
}
private:
T addr;
int size;
HANDLE hProcess;
};
class WeChatProcess {
public:
WeChatProcess(DWORD pid) {
this->handle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!this->handle)
m_init = FALSE;
else {
AsmProcAddr = this->GetAsmFunAddr();
m_init = AsmProcAddr != 0 ? TRUE : FALSE;
}
}
~WeChatProcess() {
if (AsmProcAddr)
VirtualFreeEx(handle, AsmProcAddr, 0, MEM_RELEASE);
if(handle)
CloseHandle(handle);
AsmProcAddr = NULL;
handle = NULL;
}
HANDLE GetHandle() {
return this->handle;
}
DWORD GetProcAddr(LPSTR functionname);
DWORD WeChatRobotBase();
BOOL m_init = FALSE;
private:
HANDLE handle;
LPVOID AsmProcAddr = NULL;
virtual LPVOID GetAsmFunAddr();
};
CWeChatRobot/wechatver.cpp
浏览文件 @ 74151691
#include "pch.h"
BOOL ChangeWeChatVer(DWORD pid,wchar_t* verStr) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
WeChatProcess hp(pid);
if (!hp.m_init) return 1;
DWORD ChangeWeChatVerRemoteAddr = hp.GetProcAddr(ChangeWeChatVerRemote);
if (ChangeWeChatVerRemoteAddr == 0)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
WeChatData<wchar_t*> r_version(hp.GetHandle(), verStr, TEXTLENGTH(verStr));
if (r_version.GetAddr() == 0)
return 1;
}
DWORD dwId = 0;
DWORD dwRet = 0x0;
LPVOID verStraddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
DWORD dwWriteSize = 0;
if (!verStraddr) {
CloseHandle(hProcess);
return 1;
}
WriteProcessMemory(hProcess, verStraddr, verStr, wcslen(verStr) * 2 + 2, &dwWriteSize);
DWORD ChangeWeChatVerRemoteAddr = WeChatRobotBase + ChangeWeChatVerRemoteOffset;
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)ChangeWeChatVerRemoteAddr, verStraddr, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
GetExitCodeThread(hThread, &dwRet);
CloseHandle(hThread);
}
VirtualFreeEx(hProcess, verStraddr, 0, MEM_RELEASE);
CloseHandle(hProcess);
return dwRet == 0;
DWORD ret = CallRemoteFunction(hp.GetHandle(), ChangeWeChatVerRemoteAddr, r_version.GetAddr());
return ret == 0;
}
\ No newline at end of file
DWeChatRobot/LogMsgInfo.cpp
浏览文件 @ 74151691
......@@ -45,14 +45,8 @@ VOID PrintMsg(DWORD msg) {
char* message = new char[c_size + 1];
memset(message, 0, c_size + 1);
WideCharToMultiByte(CP_ACP, 0, wmessage, -1, message, c_size, 0, 0);
#ifndef USE_SOCKET
HANDLE hThread = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)SendLogToComServer, wmessage, NULL, &dwId);
if (hThread)
CloseHandle(hThread);
#else
delete[] wmessage;
wmessage = NULL;
#endif
#ifdef _DEBUG
cout << message;
#endif
......
Python/.idea/.gitignore 0 → 100644
浏览文件 @ 74151691
# 默认忽略的文件
/shelf/
/workspace.xml
Python/.idea/Python.iml 0 → 100644
浏览文件 @ 74151691
<?xml version="1.0" encoding="UTF-8"?>
<module type="PYTHON_MODULE" version="4">
<component name="NewModuleRootManager">
<content url="file://$MODULE_DIR$" />
<orderEntry type="jdk" jdkName="Python 3.8" jdkType="Python SDK" />
<orderEntry type="sourceFolder" forTests="false" />
</component>
<component name="PyDocumentationSettings">
<option name="format" value="PLAIN" />
<option name="myDocStringFormat" value="Plain" />
</component>
</module>
\ No newline at end of file
Python/.idea/inspectionProfiles/profiles_settings.xml 0 → 100644
浏览文件 @ 74151691
<component name="InspectionProjectProfileManager">
<settings>
<option name="PROJECT_PROFILE" value="Default" />
<option name="USE_PROJECT_PROFILE" value="false" />
<version value="1.0" />
</settings>
</component>
\ No newline at end of file
Python/.idea/misc.xml 0 → 100644
浏览文件 @ 74151691
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="ProjectRootManager" version="2" project-jdk-name="Python 3.8" project-jdk-type="Python SDK" />
</project>
\ No newline at end of file
Python/.idea/modules.xml 0 → 100644
浏览文件 @ 74151691
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="ProjectModuleManager">
<modules>
<module fileurl="file://$PROJECT_DIR$/.idea/Python.iml" filepath="$PROJECT_DIR$/.idea/Python.iml" />
</modules>
</component>
</project>
\ No newline at end of file
Python/.idea/vcs.xml 0 → 100644
浏览文件 @ 74151691
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="VcsDirectoryMappings">
<mapping directory="$PROJECT_DIR$/.." vcs="Git" />
</component>
</project>
\ No newline at end of file
Python/test.py
浏览文件 @ 74151691
......@@ -2,87 +2,91 @@
"""
Created on Sat Apr 16 14:06:24 2022
@author: lijinchao-002
@author: ljc545w
"""
import time
import os
import wxRobot
from wxRobot import WeChatRobot
def test_SendText(wx):
def test_send_text(instance):
path = os.path.split(os.path.realpath(__file__))[0]
# image full path
imgpath = os.path.join(path,'test\\测试图片.png')
img_path = os.path.join(path, 'test\\测试图片.png')
# file full path
filepath = os.path.join(path,'test\\测试文件')
myinfo = wx.GetSelfInfo()
chatwith = wx.GetFriendByWxNickName("文件传输助手")
session = wx.GetChatSession(chatwith.get('wxid'))
filehelper = wx.GetWxUserInfo(chatwith.get('wxid'))
session.SendText('个人信息:{}'.format(str(myinfo.get('wxNickName'))))
filepath = os.path.join(path, 'test\\测试文件')
self_info = instance.GetSelfInfo()
chat_with = instance.GetFriendByWxNickName("文件传输助手")
session = instance.GetChatSession(chat_with.get('wxid'))
filehelper = instance.GetWxUserInfo(chat_with.get('wxid'))
session.SendText('个人信息:{}'.format(str(self_info.get('wxNickName'))))
session.SendText('好友信息:{}'.format(str(filehelper.get('wxNickName'))))
if os.path.exists(imgpath): session.SendImage(imgpath)
if os.path.exists(filepath): session.SendFile(filepath)
session.SendArticle("天气预报","点击查看","http://www.baidu.com")
shared = wx.GetFriendByWxNickName("码农翻身")
if shared: session.SendCard(shared.get('wxid'),shared.get('wxNickName'))
def test_FriendStatus(wx):
f = open('Friendstatus.txt','wt',encoding = 'utf-8')
FriendList = wx.GetFriendList()
index = "\t".join(['微信号','昵称','备注','状态','\n'])
if os.path.exists(img_path):
session.SendImage(img_path)
if os.path.exists(filepath):
session.SendFile(filepath)
session.SendArticle("天气预报", "点击查看", "http://www.baidu.com")
shared = instance.GetFriendByWxNickName("码农翻身")
if shared:
session.SendCard(shared.get('wxid'), shared.get('wxNickName'))
def test_friend_status(instance):
f = open('friend_status.txt', 'wt', encoding='utf-8')
friend_list = instance.GetFriendList()
index = "\t".join(['微信号', '昵称', '备注', '状态', '\n'])
f.writelines(index)
for Friend in FriendList:
for Friend in friend_list:
result = '\t'.join(
[Friend.get('wxNumber'),Friend.get('wxNickName'),Friend.get('wxRemark'),
wx.CheckFriendStatus(Friend.get('wxid'))])
[Friend.get('wxNumber'), Friend.get('wxNickName'), Friend.get('wxRemark'),
instance.CheckFriendStatus(Friend.get('wxid'))])
print(result)
result += '\n'
f.writelines(result)
time.sleep(1)
break
f.close()
def test_ExecuteSQL(wx):
def test_execute_sql(instance):
try:
dbs = wx.GetDbHandles()
dbs = instance.GetDbHandles()
dbname = 'MicroMsg.db'
handle = dbs.get(dbname).get('Handle')
sql = 'select a.UserName as `wxID`,a.Alias as `微信号`,a.EncryptUserName as `V3数据`,\
a.Type as `联系人类型`,a.VerifyFlag as `添加方式`,a.Remark as `备注`,a.NickName as `昵称`,b.bigHeadImgUrl as `头像`,\
a.ExtraBuf as `扩展数据` \
from Contact a inner join ContactHeadImgUrl b where a.UserName=b.usrName and a.Type=3 limit 10'
result = wx.ExecuteSQL(handle,sql)
result = instance.ExecuteSQL(handle, sql)
print(result)
except Exception as e:
print(e)
pass
def test_BackupDb(wx):
def test_BackupDb(instance):
try:
dbs = wx.GetDbHandles()
dbs = instance.GetDbHandles()
dbname = 'MicroMsg.db'
handle = dbs.get(dbname).get('Handle')
rc = wx.BackupSQLiteDB(handle,'D:\\WeChatBackup\\{}'.format(dbname))
rc = instance.BackupSQLiteDB(handle, 'D:\\WeChatBackup\\{}'.format(dbname))
print(rc)
except:
pass
except Exception as e:
print(e)
def show_interfaces():
robot = wxRobot._WeChatRobotClient.instance().robot
robot = wxRobot.WeChatRobot(0).robot
print(robot.CGetWeChatVer())
interfaces = [i for i in dir(robot) if '_' not in i and i[0] == 'C']
for interface in interfaces:
print(interface)
if __name__ == '__main__':
pids = wxRobot.GetWeChatPids()
wx_list = [WeChatRobot(pid) for pid in pids]
if len(wx_list) < 1:
wx_list = wx_list + [wxRobot.StartWeChat()] * (1 - len(wx_list))
for wx in wx_list:
wx.StartService()
wx.StartReceiveMessage()
wxRobot.StartSocketServer()
for wx in wx_list:
wx.StopService()
\ No newline at end of file
pid_list = wxRobot.get_wechat_pid_list()
wx = WeChatRobot(pid_list[0])
wx.StartService()
wx.StartReceiveMessage()
wxRobot.register_msg_event()
wx.StopService()
Python/wxRobot.py
浏览文件 @ 74151691
此差异已折叠。
README.md
浏览文件 @ 74151691
......@@ -7,19 +7,15 @@ PC微信机器人,实现以下功能:
5. 检测好友状态(是否好友、被删除、被拉黑)
6. 接收各类消息,可写回调函数进行处理
7. 封装COM接口,方便使用自己喜欢的语言进行调用
8. 群管理
9. 微信多开
# 用途
1. 淘客发单
2. 无痕清粉
3. 微信公众号采集
4. 聊天记录备份
5. 其他你能想到的用途
# tips
1、当前分支是兼容多开的Beta版本,可通过pid进行多开管理
2、`CStartWeChat`接口可打开一个新的微信实例并返回该进程的pid,但仍然需要用户手动调用`CStartRobotService`进行注入
3、已经重新整理python socket server和连接点,可以实现多微信消息聚合
4、另外一个小小的诉求,如果您所在的公司有C++或Python岗位空缺,并且办公地点在北京、深圳,希望能提供内推机会给我,可以通过ljc545w@qq.com联系到我,不胜感激~
5. 其他你能想到的用途
# 可用版本
微信电脑版**3.5.0.46**
......@@ -60,7 +56,7 @@ CWeChatRobot.exe /unregserver
参考[ESDK](/ESDK),感谢@lovezm 的贡献
# 更多功能
后续计划功能:
1. 修改好友备注
1. 实现http调用
有空的时候会按照上述顺序进行开发,不过嘛,计划只是计划,如果未实现也请见谅
**也欢迎您提交PR**
......@@ -115,7 +111,13 @@ CWeChatRobot.exe /unregserver
1. 已适配3.7.0.30版本
## 2022.07.19
1. 新增修改备注接口
1. 新增群管理功能,包括添加成员、删除成员、设置公告、修改群名称、设置群内个人昵称、获取群成员昵称
2. 新增群管理功能,包括添加成员、删除成员、设置公告、修改群名称、设置群内个人昵称、获取群成员昵称
## 2022.07.24
1. 添加多开管理
## 2022.07.28
1. 解决部分已知问题,优化多开管理
2. 重构COM中的部分实现
# 打赏作者
请给作者一个star,感谢感谢
# 免责声明
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册