diff --git a/CWeChatRobot/InjertDll.cpp b/CWeChatRobot/InjertDll.cpp index afab6d2b717862442b785dc9868982bd53a1b038..d282e9d812b8e11fa941a04bdaecb0b5f181ffc3 100644 --- a/CWeChatRobot/InjertDll.cpp +++ b/CWeChatRobot/InjertDll.cpp @@ -6,7 +6,7 @@ bool InjectDll(DWORD dwId, WCHAR* szPath)// if (!hProcess) return 1; if (GetWeChatRobotBase() != 0) { - return 1; + return 0; } LPVOID pRemoteAddress = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE); @@ -24,6 +24,7 @@ bool InjectDll(DWORD dwId, WCHAR* szPath)// WaitForSingleObject(hThread, -1); } else { + VirtualFreeEx(hProcess, pRemoteAddress, 0, MEM_RELEASE); return 1; } CloseHandle(hThread); diff --git a/CWeChatRobot/VerifyFriendApply.cpp b/CWeChatRobot/VerifyFriendApply.cpp new file mode 100644 index 0000000000000000000000000000000000000000..b635a9568a67ed9f5acca0baeb500f2b6343ba31 --- /dev/null +++ b/CWeChatRobot/VerifyFriendApply.cpp @@ -0,0 +1,42 @@ +#include "pch.h" + +struct VerifyFriendApplyStruct { + DWORD v3; + DWORD v4; +}; + +BOOL VerifyFriendApply(wchar_t* v3,wchar_t* v4) { + if (!hProcess) + return 0; + DWORD VerifyFriendApplyProcAddr = GetWeChatRobotBase() + VerifyFriendApplyOffset; + LPVOID v3addr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE); + LPVOID v4addr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE); + DWORD dwWriteSize = 0; + DWORD dwId = 0; + DWORD dwHandle = 0; + VerifyFriendApplyStruct apply_data = { 0 }; + if (!v3addr || !v4addr) + return 0; + WriteProcessMemory(hProcess, v3addr, v3, wcslen(v3) * 2 + 2, &dwWriteSize); + WriteProcessMemory(hProcess, v4addr, v4, wcslen(v4) * 2 + 2, &dwWriteSize); + VerifyFriendApplyStruct* paramAndFunc = (VerifyFriendApplyStruct*)::VirtualAllocEx(hProcess, 0, sizeof(VerifyFriendApplyStruct), MEM_COMMIT, PAGE_READWRITE); + apply_data.v3 = (DWORD)v3addr; + apply_data.v4 = (DWORD)v4addr; + + if (paramAndFunc) + WriteProcessMemory(hProcess, paramAndFunc, &apply_data, sizeof(apply_data), &dwId); + else + return 1; + + HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)VerifyFriendApplyProcAddr, paramAndFunc, 0, &dwId); + if (hThread) { + WaitForSingleObject(hThread, INFINITE); + GetExitCodeThread(hThread, &dwHandle); + CloseHandle(hThread); + } + + VirtualFreeEx(hProcess, v3addr, 0, MEM_RELEASE); + VirtualFreeEx(hProcess, v4addr, 0, MEM_RELEASE); + VirtualFreeEx(hProcess, paramAndFunc, 0, MEM_RELEASE); + return dwHandle; +} \ No newline at end of file diff --git a/CWeChatRobot/VerifyFriendApply.h b/CWeChatRobot/VerifyFriendApply.h new file mode 100644 index 0000000000000000000000000000000000000000..72d471d9712856787dadeb1c7c90951d9d23185a --- /dev/null +++ b/CWeChatRobot/VerifyFriendApply.h @@ -0,0 +1,6 @@ +#pragma once +#include +#include +using namespace std; + +BOOL VerifyFriendApply(wchar_t* v3,wchar_t* v4); \ No newline at end of file diff --git a/CWeChatRobot/WeChatRobot.cpp b/CWeChatRobot/WeChatRobot.cpp index b7edc905f45728a339e3b20291f3b0f529edd81d..257c1b9e22ed55f118d6f02dbf186119f693d8c4 100644 --- a/CWeChatRobot/WeChatRobot.cpp +++ b/CWeChatRobot/WeChatRobot.cpp @@ -240,4 +240,14 @@ STDMETHODIMP CWeChatRobot::CExecuteSQL(DWORD DbHandle,BSTR sql,VARIANT* __result STDMETHODIMP CWeChatRobot::CBackupSQLiteDB(DWORD DbHandle, BSTR savepath, int* __result) { *__result = BackupSQLiteDB(DbHandle, savepath); return S_OK; +} + +/* +* 参数1:v3数据 +* 参数2:v4数据 +* 参数3:预返回的值,调用时无需提供 +*/ +STDMETHODIMP CWeChatRobot::CVerifyFriendApply(BSTR v3, BSTR v4, int* __result) { + *__result = VerifyFriendApply(v3, v4); + return S_OK; } \ No newline at end of file diff --git a/CWeChatRobot/WeChatRobot.h b/CWeChatRobot/WeChatRobot.h index 2a0a90080740ca84f2204f654e9f33677b6916d9..deb4a9d5c04ec2acc77fc0b0b1d484f0fed8972b 100644 --- a/CWeChatRobot/WeChatRobot.h +++ b/CWeChatRobot/WeChatRobot.h @@ -74,6 +74,7 @@ public: STDMETHODIMP CGetDbHandles(VARIANT* __result); STDMETHODIMP CExecuteSQL(DWORD DbHandle, BSTR sql, VARIANT* __result); STDMETHODIMP CBackupSQLiteDB(DWORD DbHandle, BSTR savepath, int* __result); + STDMETHODIMP CVerifyFriendApply(BSTR v3, BSTR v4, int* __result); }; OBJECT_ENTRY_AUTO(__uuidof(WeChatRobot), CWeChatRobot) diff --git a/CWeChatRobot/WeChatRobotCOM.idl b/CWeChatRobot/WeChatRobotCOM.idl index d250446a526f85ad43302d878dd56c89614a7098..302c919663a4647f73d1b460f78a555ea0740546 100644 --- a/CWeChatRobot/WeChatRobotCOM.idl +++ b/CWeChatRobot/WeChatRobotCOM.idl @@ -39,6 +39,7 @@ interface IWeChatRobot : IDispatch [id(21)] HRESULT CGetDbHandles([out, retval] VARIANT* __result); [id(22)] HRESULT CExecuteSQL([in] DWORD DbHandle, [in] BSTR sql, [out, retval] VARIANT* __result); [id(23)] HRESULT CBackupSQLiteDB([in] DWORD DbHandle, [in] BSTR savepath, [out, retval] int* __result); + [id(24)] HRESULT CVerifyFriendApply([in] BSTR v3, [in] BSTR v4, [out, retval] int* __result); }; [ uuid(721abb35-141a-4aa2-94f2-762e2833fa6c), diff --git a/CWeChatRobot/WeChatRobotCOM.vcxproj b/CWeChatRobot/WeChatRobotCOM.vcxproj index 829ae53d65ae330c29b86009d7b96c92d987f996..66b1037e96e93fe74bdc72eebcee38507fd4d800 100644 --- a/CWeChatRobot/WeChatRobotCOM.vcxproj +++ b/CWeChatRobot/WeChatRobotCOM.vcxproj @@ -232,6 +232,7 @@ + @@ -259,6 +260,7 @@ + diff --git a/CWeChatRobot/WeChatRobotCOM.vcxproj.filters b/CWeChatRobot/WeChatRobotCOM.vcxproj.filters index ce93c48d0901cbd03df06efa27006d361b6c586b..30734e8c37203c0149712cfe24a48aba87129e46 100644 --- a/CWeChatRobot/WeChatRobotCOM.vcxproj.filters +++ b/CWeChatRobot/WeChatRobotCOM.vcxproj.filters @@ -77,6 +77,9 @@ {f34f7c72-a310-4c23-b153-681307fb6277} + + {ed2746cb-8d2d-4ad9-865d-d06563766571} + @@ -151,6 +154,9 @@ 数据库\数据库备份 + + 好友相关\通过好友请求 + @@ -216,6 +222,9 @@ 数据库\数据库备份 + + 好友相关\通过好友请求 + diff --git a/CWeChatRobot/WeChatRobotCOM_i.h b/CWeChatRobot/WeChatRobotCOM_i.h index c67765741653efa21500b35457a5ad242d725186..207a050e4f7f9dd5099d305335db52116cf8724f 100644 --- a/CWeChatRobot/WeChatRobotCOM_i.h +++ b/CWeChatRobot/WeChatRobotCOM_i.h @@ -180,6 +180,11 @@ EXTERN_C const IID IID_IWeChatRobot; /* [in] */ BSTR savepath, /* [retval][out] */ int *__result) = 0; + virtual /* [id] */ HRESULT STDMETHODCALLTYPE CVerifyFriendApply( + /* [in] */ BSTR v3, + /* [in] */ BSTR v4, + /* [retval][out] */ int *__result) = 0; + }; @@ -353,6 +358,12 @@ EXTERN_C const IID IID_IWeChatRobot; /* [in] */ BSTR savepath, /* [retval][out] */ int *__result); + /* [id] */ HRESULT ( STDMETHODCALLTYPE *CVerifyFriendApply )( + IWeChatRobot * This, + /* [in] */ BSTR v3, + /* [in] */ BSTR v4, + /* [retval][out] */ int *__result); + END_INTERFACE } IWeChatRobotVtbl; @@ -458,6 +469,9 @@ EXTERN_C const IID IID_IWeChatRobot; #define IWeChatRobot_CBackupSQLiteDB(This,DbHandle,savepath,__result) \ ( (This)->lpVtbl -> CBackupSQLiteDB(This,DbHandle,savepath,__result) ) +#define IWeChatRobot_CVerifyFriendApply(This,v3,v4,__result) \ + ( (This)->lpVtbl -> CVerifyFriendApply(This,v3,v4,__result) ) + #endif /* COBJMACROS */ diff --git a/CWeChatRobot/WeChatRobotCOM_p.c b/CWeChatRobot/WeChatRobotCOM_p.c index 776be0362fea5dfa5c8ebce91d90b2df7bc211eb..2fbed813dbb113fb4904cdc0dccb4f67296c81a6 100644 --- a/CWeChatRobot/WeChatRobotCOM_p.c +++ b/CWeChatRobot/WeChatRobotCOM_p.c @@ -49,7 +49,7 @@ #include "WeChatRobotCOM_i.h" #define TYPE_FORMAT_STRING_SIZE 1239 -#define PROC_FORMAT_STRING_SIZE 967 +#define PROC_FORMAT_STRING_SIZE 1015 #define EXPR_FORMAT_STRING_SIZE 1 #define TRANSMIT_AS_TABLE_SIZE 0 #define WIRE_MARSHAL_TABLE_SIZE 2 @@ -951,6 +951,49 @@ static const WeChatRobotCOM_MIDL_PROC_FORMAT_STRING WeChatRobotCOM__MIDL_ProcFor /* 964 */ 0x8, /* FC_LONG */ 0x0, /* 0 */ + /* Procedure CVerifyFriendApply */ + +/* 966 */ 0x33, /* FC_AUTO_HANDLE */ + 0x6c, /* Old Flags: object, Oi2 */ +/* 968 */ NdrFcLong( 0x0 ), /* 0 */ +/* 972 */ NdrFcShort( 0x1e ), /* 30 */ +/* 974 */ NdrFcShort( 0x14 ), /* x86 Stack size/offset = 20 */ +/* 976 */ NdrFcShort( 0x0 ), /* 0 */ +/* 978 */ NdrFcShort( 0x24 ), /* 36 */ +/* 980 */ 0x46, /* Oi2 Flags: clt must size, has return, has ext, */ + 0x4, /* 4 */ +/* 982 */ 0x8, /* 8 */ + 0x45, /* Ext Flags: new corr desc, srv corr check, has range on conformance */ +/* 984 */ NdrFcShort( 0x0 ), /* 0 */ +/* 986 */ NdrFcShort( 0x1 ), /* 1 */ +/* 988 */ NdrFcShort( 0x0 ), /* 0 */ + + /* Parameter v3 */ + +/* 990 */ NdrFcShort( 0x8b ), /* Flags: must size, must free, in, by val, */ +/* 992 */ NdrFcShort( 0x4 ), /* x86 Stack size/offset = 4 */ +/* 994 */ NdrFcShort( 0x2a ), /* Type Offset=42 */ + + /* Parameter v4 */ + +/* 996 */ NdrFcShort( 0x8b ), /* Flags: must size, must free, in, by val, */ +/* 998 */ NdrFcShort( 0x8 ), /* x86 Stack size/offset = 8 */ +/* 1000 */ NdrFcShort( 0x2a ), /* Type Offset=42 */ + + /* Parameter __result */ + +/* 1002 */ NdrFcShort( 0x2150 ), /* Flags: out, base type, simple ref, srv alloc size=8 */ +/* 1004 */ NdrFcShort( 0xc ), /* x86 Stack size/offset = 12 */ +/* 1006 */ 0x8, /* FC_LONG */ + 0x0, /* 0 */ + + /* Return value */ + +/* 1008 */ NdrFcShort( 0x70 ), /* Flags: out, return, base type, */ +/* 1010 */ NdrFcShort( 0x10 ), /* x86 Stack size/offset = 16 */ +/* 1012 */ 0x8, /* FC_LONG */ + 0x0, /* 0 */ + 0x0 } }; @@ -1818,7 +1861,8 @@ static const unsigned short IWeChatRobot_FormatStringOffsetTable[] = 792, 834, 870, - 918 + 918, + 966 }; static const MIDL_STUBLESS_PROXY_INFO IWeChatRobot_ProxyInfo = @@ -1842,7 +1886,7 @@ static const MIDL_SERVER_INFO IWeChatRobot_ServerInfo = 0, 0, 0}; -CINTERFACE_PROXY_VTABLE(30) _IWeChatRobotProxyVtbl = +CINTERFACE_PROXY_VTABLE(31) _IWeChatRobotProxyVtbl = { &IWeChatRobot_ProxyInfo, &IID_IWeChatRobot, @@ -1875,7 +1919,8 @@ CINTERFACE_PROXY_VTABLE(30) _IWeChatRobotProxyVtbl = (void *) (INT_PTR) -1 /* IWeChatRobot::CGetChatRoomMembers */ , (void *) (INT_PTR) -1 /* IWeChatRobot::CGetDbHandles */ , (void *) (INT_PTR) -1 /* IWeChatRobot::CExecuteSQL */ , - (void *) (INT_PTR) -1 /* IWeChatRobot::CBackupSQLiteDB */ + (void *) (INT_PTR) -1 /* IWeChatRobot::CBackupSQLiteDB */ , + (void *) (INT_PTR) -1 /* IWeChatRobot::CVerifyFriendApply */ }; @@ -1907,6 +1952,7 @@ static const PRPC_STUB_FUNCTION IWeChatRobot_table[] = NdrStubCall2, NdrStubCall2, NdrStubCall2, + NdrStubCall2, NdrStubCall2 }; @@ -1914,7 +1960,7 @@ CInterfaceStubVtbl _IWeChatRobotStubVtbl = { &IID_IWeChatRobot, &IWeChatRobot_ServerInfo, - 30, + 31, &IWeChatRobot_table[-3], CStdStubBuffer_DELEGATING_METHODS }; diff --git a/CWeChatRobot/pch.cpp b/CWeChatRobot/pch.cpp index e9782c6a39ca106a60dd9b620fd3d701824bd9eb..cc963f0c65e98b9544ca554b22d76037f8cc5970 100644 --- a/CWeChatRobot/pch.cpp +++ b/CWeChatRobot/pch.cpp @@ -20,6 +20,8 @@ DWORD DeleteUserInfoCacheOffset = 0x0; DWORD GetSelfInfoOffset = 0x0; DWORD DeleteSelfInfoCacheOffset = 0x0; +DWORD VerifyFriendApplyOffset = 0x0; + DWORD CheckFriendStatusInitRemoteOffset = 0x0; DWORD CheckFriendStatusRemoteOffset = 0x0; DWORD CheckFriendStatusFinishRemoteOffset = 0x0; @@ -119,6 +121,9 @@ void GetProcOffset(wchar_t* workPath) { DWORD DeleteUserInfoCacheProcAddr = (DWORD)GetProcAddress(hd, DeleteUserInfoCacheRemote); DeleteUserInfoCacheOffset = DeleteUserInfoCacheProcAddr - WeChatBase; + DWORD VerifyFriendApplyProcAddr = (DWORD)GetProcAddress(hd, VerifyFriendApplyRemote); + VerifyFriendApplyOffset = VerifyFriendApplyProcAddr - WeChatBase; + DWORD GetSelfInfoProcAddr = (DWORD)GetProcAddress(hd, GetSelfInfoRemote); GetSelfInfoOffset = GetSelfInfoProcAddr - WeChatBase; DWORD DeleteSelfInfoCacheProcAddr = (DWORD)GetProcAddress(hd, DeleteSelfInfoCacheRemote); @@ -174,7 +179,8 @@ DWORD StartRobotService() { } wstring wworkPath = GetComWorkPath(); wchar_t* workPath = (wchar_t*)wworkPath.c_str(); - hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, wxPid); + if(!hProcess) + hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, wxPid); bool status = Injert(wxPid, workPath); if (status == 1) { CloseHandle(hProcess); diff --git a/CWeChatRobot/robotdata.h b/CWeChatRobot/robotdata.h index 0d88ff019789cf00fd434444efc7852df4d31c15..ebdefadb085d53859bfca5fc7692d9006876ede0 100644 --- a/CWeChatRobot/robotdata.h +++ b/CWeChatRobot/robotdata.h @@ -15,6 +15,7 @@ #include "GetDbHandles.h" #include "DbExecuteSql.h" #include "DbBackup.h" +#include "VerifyFriendApply.h" extern HANDLE hProcess; extern DWORD SendImageOffset; @@ -31,6 +32,8 @@ extern DWORD GetFriendListFinishOffset; extern DWORD GetWxUserInfoOffset; extern DWORD DeleteUserInfoCacheOffset; +extern DWORD VerifyFriendApplyOffset; + extern DWORD GetSelfInfoOffset; extern DWORD DeleteSelfInfoCacheOffset; extern wstring SelfInfoString; @@ -70,6 +73,8 @@ extern DWORD BackupSQLiteDBRemoteOffset; #define GetSelfInfoRemote "GetSelfInfoRemote" #define DeleteSelfInfoCacheRemote "DeleteSelfInfoCacheRemote" +#define VerifyFriendApplyRemote "VerifyFriendApplyRemote" + #define CheckFriendStatusInitRemote "CheckFriendStatusInitRemote" #define CheckFriendStatusRemote "CheckFriendStatusRemote" #define CheckFriendStatusFinishRemote "CheckFriendStatusFinishRemote" diff --git a/DWeChatRobot/DWeChatRobot.vcxproj b/DWeChatRobot/DWeChatRobot.vcxproj index 2e3613321dbcbcd99aa16dc41cb8e7e4a90c8e26..7764f757d52f9b335a48a85d0d2c9f1e2f5ad0e3 100644 --- a/DWeChatRobot/DWeChatRobot.vcxproj +++ b/DWeChatRobot/DWeChatRobot.vcxproj @@ -172,6 +172,7 @@ + @@ -197,6 +198,7 @@ + diff --git a/DWeChatRobot/DWeChatRobot.vcxproj.filters b/DWeChatRobot/DWeChatRobot.vcxproj.filters index 43dae5be4145003290c89d3a25c70fd7098b4e62..546e471b4e31fd0de55969ef1218b2e152d3b0bb 100644 --- a/DWeChatRobot/DWeChatRobot.vcxproj.filters +++ b/DWeChatRobot/DWeChatRobot.vcxproj.filters @@ -76,6 +76,9 @@ {59e555da-03e8-41d4-bd90-53e1b02fb30d} + + {350447a5-87e5-438c-b54d-504bbb15b201} + @@ -132,6 +135,9 @@ 数据库\数据库备份 + + 好友相关\通过好友请求 + @@ -188,5 +194,8 @@ 数据库\数据库备份 + + 好友相关\通过好友请求 + \ No newline at end of file diff --git a/DWeChatRobot/GetDbHandles.cpp b/DWeChatRobot/GetDbHandles.cpp index 9b5d436bf916b4613b0fcfbbe58c6fe026bc41d0..a13121e1cc76304f220ceb13ac3e926fa15f0a4c 100644 --- a/DWeChatRobot/GetDbHandles.cpp +++ b/DWeChatRobot/GetDbHandles.cpp @@ -4,6 +4,8 @@ #define SqlHandleMicroMsgOffset 0x2363934 // ںؿƫ #define SqlHandlePublicMsgOffset 0x239B3C8 +// ¼ؿƫ +#define SqlHandleMSGOffset 0x239CF68 // ݿϢ vector dbs; @@ -44,6 +46,7 @@ void GetDbHandles() { DWORD SqlHandleBeginAddr = 0x0; DWORD SqlHandleEndAddr = 0x0; DWORD SqlHandlePublicMsgAddr = *(DWORD*)(WeChatWinBase + SqlHandlePublicMsgOffset); + DWORD SqlHandleMSGAddr = *(DWORD*)(WeChatWinBase + SqlHandleMSGOffset); __asm { mov eax, [SqlHandleBaseAddr]; mov ecx, [eax]; @@ -55,33 +58,53 @@ void GetDbHandles() { } DWORD dwHandle = 0x0; wstring dbnames = L""; + // ȡϵݿ while (SqlHandleBeginAddr < SqlHandleEndAddr) { dwHandle = *(DWORD*)SqlHandleBeginAddr; SqlHandleBeginAddr += 0x4; if (SqlHandleBeginAddr == SqlHandleEndAddr) break; - if(dbnames.find((wchar_t*)(*(DWORD*)(dwHandle + 0x50)),0) != wstring::npos) + if(dbnames.find(L"|" + (wstring)(wchar_t*)(*(DWORD*)(dwHandle + 0x50)) + L"|",0) != wstring::npos) continue; DbInfoStruct db = { 0 }; - dbnames += (wchar_t*)(*(DWORD*)(dwHandle + 0x50)); + dbnames = dbnames + L"|" + (wchar_t*)(*(DWORD*)(dwHandle + 0x50)) + L"|"; db.dbname = (wchar_t*)(*(DWORD*)(dwHandle + 0x50)); db.l_dbname = wcslen(db.dbname); db.handle = *(DWORD*)(dwHandle + 0x3C); ExecuteSQL(*(DWORD*)(dwHandle + 0x3C), "select * from sqlite_master where type=\"table\";",(DWORD)GetDbInfo,&db); dbs.push_back(db); } + // ȡںݿ for (int i = 1; i < 4; i++) { dwHandle = *((DWORD*)(SqlHandlePublicMsgAddr + i * 0x4)); - if (dbnames.find((wchar_t*)(*(DWORD*)(dwHandle + 0x50)), 0) != wstring::npos) + if (dbnames.find(L"|" + (wstring)(wchar_t*)(*(DWORD*)(dwHandle + 0x50)) + L"|", 0) != wstring::npos) continue; DbInfoStruct db = { 0 }; - dbnames += (wchar_t*)(*(DWORD*)(dwHandle + 0x50)); + dbnames = dbnames + L"|" + (wchar_t*)(*(DWORD*)(dwHandle + 0x50)) + L"|"; db.dbname = (wchar_t*)(*(DWORD*)(dwHandle + 0x50)); db.l_dbname = wcslen(db.dbname); db.handle = *(DWORD*)(dwHandle + 0x3C); ExecuteSQL(*(DWORD*)(dwHandle + 0x3C), "select * from sqlite_master where type=\"table\";", (DWORD)GetDbInfo, &db); dbs.push_back(db); } + // ȡ¼ݿ + int msgdb_count = *(int*)(SqlHandleMSGAddr + 0x4); + DWORD MsgdwHandle = *(DWORD*)(SqlHandleMSGAddr + 0x1C); + for (int i = 0; i < msgdb_count; i++) { + for (int j = 0; j < 4; j++) { + dwHandle = *(DWORD*)(MsgdwHandle + 0x14 + j * 4); + if (dbnames.find(L"|" + (wstring)(wchar_t*)(*(DWORD*)(dwHandle + 0x50)) + L"|", 0) != wstring::npos) + continue; + DbInfoStruct db = { 0 }; + dbnames = dbnames + L"|" + (wchar_t*)(*(DWORD*)(dwHandle + 0x50)) + L"|"; + db.dbname = (wchar_t*)(*(DWORD*)(dwHandle + 0x50)); + db.l_dbname = wcslen(db.dbname); + db.handle = *(DWORD*)(dwHandle + 0x3C); + ExecuteSQL(*(DWORD*)(dwHandle + 0x3C), "select * from sqlite_master where type=\"table\";", (DWORD)GetDbInfo, &db); + dbs.push_back(db); + } + MsgdwHandle += 0x68; + } // һսṹ壬Ϊȡ־ DbInfoStruct db_end = { 0 }; dbs.push_back(db_end); diff --git a/DWeChatRobot/VerifyFriendApply.cpp b/DWeChatRobot/VerifyFriendApply.cpp new file mode 100644 index 0000000000000000000000000000000000000000..d4e621fe540880d13f571cac699b00e05b14118a --- /dev/null +++ b/DWeChatRobot/VerifyFriendApply.cpp @@ -0,0 +1,64 @@ +#include "pch.h" + +#define VerifyFriendApplyCall1Offset 0x6BBC0980 - 0x6B450000 +#define VerifyFriendApplyCall2Offset 0x6B6FE8D0 - 0x6B450000 +#define VerifyFriendApplyParamOffset 0x6D3320D8 - 0x6B450000 + +struct VerifyFriendApplyStruct { + wchar_t* v3_data; + wchar_t* v4_data; +}; + +struct VerifyFriendApplyParamStruct { + DWORD handle; + DWORD* StatusCode; + DWORD StatusCodeEndAddr1; + DWORD StatusCodeEndAddr2; + char buffer[0x3C] = { 0 }; +}; + +BOOL VerifyFriendApplyRemote(LPVOID lparameter) { + VerifyFriendApplyStruct* vfas = (VerifyFriendApplyStruct*)lparameter; + BOOL isSuccess = VerifyFriendApply(vfas->v3_data, vfas->v4_data); + return isSuccess; +} + +BOOL __stdcall VerifyFriendApply(wchar_t* v3_data, wchar_t* v4_data) { + WxBaseStruct v3(v3_data); + WxBaseStruct v4(v4_data); + DWORD VerifyFriendApplyCall1 = GetWeChatWinBase() + VerifyFriendApplyCall1Offset; + DWORD VerifyFriendApplyCall2 = GetWeChatWinBase() + VerifyFriendApplyCall2Offset; + DWORD VerifyFriendApplyParam = GetWeChatWinBase() + VerifyFriendApplyParamOffset; + VerifyFriendApplyParamStruct* param = new VerifyFriendApplyParamStruct; + DWORD StatusCode[9] = { 0xB2,(DWORD)param,0xB5,(DWORD)param,0xB0,(DWORD)param,0xB1,(DWORD)param,0x0 }; + param->handle = VerifyFriendApplyParam; + param->StatusCode = StatusCode; + param->StatusCodeEndAddr1 = (DWORD)&StatusCode[8]; + param->StatusCodeEndAddr2 = (DWORD)&StatusCode[8]; + + char nullbuffer[0x94] = { 0 }; + BOOL isSuccess = false; + __asm { + pushad; + pushfd; + push 0x0; + push 0x6; + sub esp, 0x14; + mov ecx, esp; + lea eax, v4; + push eax; + call VerifyFriendApplyCall1; + sub esp, 0x8; + push 0x0; + lea eax, nullbuffer; + push eax; + lea eax, v3; + push eax; + mov ecx, param; + call VerifyFriendApplyCall2; + mov isSuccess, eax; + popfd; + popad; + } + return isSuccess; +} \ No newline at end of file diff --git a/DWeChatRobot/VerifyFriendApply.h b/DWeChatRobot/VerifyFriendApply.h new file mode 100644 index 0000000000000000000000000000000000000000..71881a1293790764f61e04304fdf905aa63958f4 --- /dev/null +++ b/DWeChatRobot/VerifyFriendApply.h @@ -0,0 +1,5 @@ +#pragma once +#include + +BOOL __stdcall VerifyFriendApply(wchar_t* v3_data, wchar_t* v4_data); +extern "C" __declspec(dllexport) BOOL VerifyFriendApplyRemote(LPVOID lparameter); \ No newline at end of file diff --git a/DWeChatRobot/dllmain.cpp b/DWeChatRobot/dllmain.cpp index 785f7e8b2d69ff543cd0a62a7a1b0b9b5b034a00..50022efbdd17fdec7acd88f537263f616b096a25 100644 --- a/DWeChatRobot/dllmain.cpp +++ b/DWeChatRobot/dllmain.cpp @@ -24,6 +24,7 @@ BOOL APIENTRY DllMain( HMODULE hModule, printf("GetChatRoomMembers 0x%08X\n", (DWORD)GetChatRoomMembers); printf("ExecuteSql 0x%08X\n", (DWORD)ExecuteSQL); printf("BackupSQLiteDB 0x%08X\n", (DWORD)BackupSQLiteDBRemote); + printf("VerifyFriendApply 0x%08X\n", (DWORD)VerifyFriendApply); #endif break; } diff --git a/DWeChatRobot/pch.h b/DWeChatRobot/pch.h index 71fa50caff037de23eba455a7f9b255e9d366bce..98f08ebbd2f83c3437e1033505e4850ea9b2866b 100644 --- a/DWeChatRobot/pch.h +++ b/DWeChatRobot/pch.h @@ -27,6 +27,7 @@ #include "GetDbHandles.h" #include "DbExecuteSql.h" #include "DbBackup.h" +#include "VerifyFriendApply.h" #include #endif //PCH_H diff --git a/Python/wxRobot.py b/Python/wxRobot.py index 20ed37d0a7707f9bab964dd7e1273ff66b6afc03..a6dc0020cf9c01cb0a5f2972a81cc13204ac1a2b 100644 --- a/Python/wxRobot.py +++ b/Python/wxRobot.py @@ -229,4 +229,7 @@ class WeChatRobot(): except: pass status = self.robot.CStopReceiveMessage() - return status \ No newline at end of file + return status + + def VerifyFriendApply(self,v3,v4): + return self.robot.CVerifyFriendApply(v3,v4) \ No newline at end of file diff --git a/Release/CWeChatRobot.exe b/Release/CWeChatRobot.exe index 5f169702818eae4074312758e5388a9d26fb7e72..2ce8ff186976216eb85c0665556336ad286f10ae 100644 Binary files a/Release/CWeChatRobot.exe and b/Release/CWeChatRobot.exe differ diff --git a/Release/DWeChatRobot.dll b/Release/DWeChatRobot.dll index a703a3c5ed1efb96be6127936420274d5be5e734..a7ecd0c15f4b72c02641a38d21d0003fa335b0e9 100644 Binary files a/Release/DWeChatRobot.dll and b/Release/DWeChatRobot.dll differ