From f6d75778d22b590a4775e49b72cb9c19037d2671 Mon Sep 17 00:00:00 2001 From: ljc545w Date: Tue, 31 Jan 2023 21:35:56 +0800 Subject: [PATCH] =?UTF-8?q?=E8=A7=A3=E5=86=B3=E5=86=85=E5=AD=98=E6=B3=84?= =?UTF-8?q?=E6=BC=8F=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- CWeChatRobot/DbExecuteSql.cpp | 29 +++++++------- CWeChatRobot/DbExecuteSql.h | 4 +- CWeChatRobot/GetDbHandles.cpp | 53 +++++++++++++++---------- CWeChatRobot/GetQrcodeImage.cpp | 22 +++++------ CWeChatRobot/GetQrcodeImage.h | 4 +- CWeChatRobot/WeChatRobot.cpp | 70 ++++++++++++++++++++------------- 6 files changed, 105 insertions(+), 77 deletions(-) diff --git a/CWeChatRobot/DbExecuteSql.cpp b/CWeChatRobot/DbExecuteSql.cpp index a608f15..ccbda79 100644 --- a/CWeChatRobot/DbExecuteSql.cpp +++ b/CWeChatRobot/DbExecuteSql.cpp @@ -58,17 +58,17 @@ void ClearResultArray() SQLResultStruct *sr = (SQLResultStruct *)&SQLResult[i][j]; if (sr->ColName) { - delete sr->ColName; + delete[] sr->ColName; sr->ColName = NULL; } if (sr->content) { - delete sr->content; + delete[] sr->content; sr->content = NULL; } if (sr->BlobContent) { - delete sr->BlobContent; + delete[] sr->BlobContent; sr->BlobContent = NULL; } } @@ -93,29 +93,30 @@ SAFEARRAY *CreateSQLResultSafeArray() SQLResultStruct *ptrResult = (SQLResultStruct *)&SQLResult[i][j]; if (i == 0) { + ATL::CComVariant val(ptrResult->ColName); Index[0] = 0; Index[1] = j; - hr = SafeArrayPutElement(psaValue, Index, &(_variant_t)ptrResult->ColName); + hr = SafeArrayPutElement(psaValue, Index, &val); } Index[0] = i + 1; Index[1] = j; if (ptrResult->content) - hr = SafeArrayPutElement(psaValue, Index, &(_variant_t)ptrResult->content); + { + ATL::CComVariant val(ptrResult->content); + hr = SafeArrayPutElement(psaValue, Index, &val); + } else { - VARIANT varChunk; - SAFEARRAY *bsa; BYTE *pByte = NULL; SAFEARRAYBOUND rgsabound[1]; rgsabound[0].cElements = ptrResult->BlobLength; rgsabound[0].lLbound = 0; - bsa = SafeArrayCreate(VT_UI1, 1, rgsabound); - SafeArrayAccessData(bsa, (void **)&pByte); + ATL::CComSafeArray bsa(rgsabound); + SafeArrayAccessData(bsa.m_psa, (void **)&pByte); memcpy(pByte, ptrResult->BlobContent, ptrResult->BlobLength); - SafeArrayUnaccessData(bsa); - varChunk.vt = VT_ARRAY | VT_UI1; - varChunk.parray = bsa; - hr = SafeArrayPutElement(psaValue, Index, &(_variant_t)varChunk); + SafeArrayUnaccessData(bsa.m_psa); + ATL::CComVariant val(bsa.m_psa); + hr = SafeArrayPutElement(psaValue, Index, &val); } } } @@ -140,7 +141,7 @@ VOID ReadSQLResultFromWeChatProcess(HANDLE hProcess, DWORD dwHandle) char *ColName = new char[sqlresultAddr.l_ColName + 1]; sqlresult.ColName = new wchar_t[sqlresultAddr.l_ColName + 1]; ReadProcessMemory(hProcess, (LPCVOID)sqlresultAddr.ColName, ColName, sqlresultAddr.l_ColName + 1, 0); - MultiByteToWideChar(CP_ACP, 0, ColName, -1, sqlresult.ColName, strlen(ColName) + 1); + MultiByteToWideChar(CP_UTF8, 0, ColName, -1, sqlresult.ColName, strlen(ColName) + 1); char *content = new char[sqlresultAddr.l_content + 1]; if (!sqlresultAddr.isblob) { diff --git a/CWeChatRobot/DbExecuteSql.h b/CWeChatRobot/DbExecuteSql.h index ddcf961..d7e4cf8 100644 --- a/CWeChatRobot/DbExecuteSql.h +++ b/CWeChatRobot/DbExecuteSql.h @@ -1,4 +1,4 @@ #pragma once -#include +#include -SAFEARRAY* ExecuteSQL(DWORD pid,DWORD DbHandle, BSTR sql); \ No newline at end of file +SAFEARRAY *ExecuteSQL(DWORD pid, DWORD DbHandle, BSTR sql); diff --git a/CWeChatRobot/GetDbHandles.cpp b/CWeChatRobot/GetDbHandles.cpp index 5ecb0c0..742efe5 100644 --- a/CWeChatRobot/GetDbHandles.cpp +++ b/CWeChatRobot/GetDbHandles.cpp @@ -31,16 +31,16 @@ struct DbInfoAddrStruct struct TableInfoStruct { - char *name; - char *tbl_name; - char *sql; - char *rootpage; + std::string name; + std::string tbl_name; + std::string sql; + std::string rootpage; }; struct DbInfoStruct { DWORD handle; - wchar_t *dbname; + std::wstring dbname; vector tables; DWORD count; }; @@ -69,7 +69,7 @@ SAFEARRAY *CreateDbInfoSafeArray() hr = SafeArrayPutElement(psaValue, ArrayIndex, &(_variant_t)L"dbname"); ArrayIndex[1] = 0; ArrayIndex[2] = {1}; - hr = SafeArrayPutElement(psaValue, ArrayIndex, &(_variant_t)dbs[i].dbname); + hr = SafeArrayPutElement(psaValue, ArrayIndex, &(_variant_t)dbs[i].dbname.c_str()); ArrayIndex[1] = 1; ArrayIndex[2] = {0}; hr = SafeArrayPutElement(psaValue, ArrayIndex, &(_variant_t)L"Handle"); @@ -81,25 +81,25 @@ SAFEARRAY *CreateDbInfoSafeArray() hr = SafeArrayPutElement(psaValue, ArrayIndex, &(_variant_t)L"name"); ArrayIndex[1] = 2; ArrayIndex[2] = {1}; - hr = SafeArrayPutElement(psaValue, ArrayIndex, &(_variant_t)dbs[i].tables[j].name); + hr = SafeArrayPutElement(psaValue, ArrayIndex, &(_variant_t)dbs[i].tables[j].name.c_str()); ArrayIndex[1] = 3; ArrayIndex[2] = {0}; hr = SafeArrayPutElement(psaValue, ArrayIndex, &(_variant_t)L"tbl_name"); ArrayIndex[1] = 3; ArrayIndex[2] = {1}; - hr = SafeArrayPutElement(psaValue, ArrayIndex, &(_variant_t)dbs[i].tables[j].tbl_name); + hr = SafeArrayPutElement(psaValue, ArrayIndex, &(_variant_t)dbs[i].tables[j].tbl_name.c_str()); ArrayIndex[1] = 4; ArrayIndex[2] = {0}; hr = SafeArrayPutElement(psaValue, ArrayIndex, &(_variant_t)L"rootpage"); ArrayIndex[1] = 4; ArrayIndex[2] = {1}; - hr = SafeArrayPutElement(psaValue, ArrayIndex, &(_variant_t)dbs[i].tables[j].rootpage); + hr = SafeArrayPutElement(psaValue, ArrayIndex, &(_variant_t)dbs[i].tables[j].rootpage.c_str()); ArrayIndex[1] = 5; ArrayIndex[2] = {0}; hr = SafeArrayPutElement(psaValue, ArrayIndex, &(_variant_t)L"sql"); ArrayIndex[1] = 5; ArrayIndex[2] = {1}; - hr = SafeArrayPutElement(psaValue, ArrayIndex, &(_variant_t)dbs[i].tables[j].sql); + hr = SafeArrayPutElement(psaValue, ArrayIndex, &(_variant_t)dbs[i].tables[j].sql.c_str()); index++; } } @@ -125,22 +125,33 @@ SAFEARRAY *GetDbHandles(DWORD pid) DbInfoStruct db = {0}; db.handle = dbaddr.handle; db.count = dbaddr.count; - db.dbname = new wchar_t[dbaddr.l_dbname + 1]; - ReadProcessMemory(hp.GetHandle(), (LPCVOID)dbaddr.dbname, db.dbname, sizeof(wchar_t) * (dbaddr.l_dbname + 1), 0); + wchar_t *wbuf = new wchar_t[dbaddr.l_dbname + 1]; + ReadProcessMemory(hp.GetHandle(), (LPCVOID)dbaddr.dbname, wbuf, sizeof(wchar_t) * (dbaddr.l_dbname + 1), 0); + db.dbname = std::wstring(wbuf); + delete[] wbuf; DWORD db_table_start_addr = dbaddr.v_data; while (db_table_start_addr < dbaddr.v_end1) { + char *buf = NULL; TableInfoAddrStruct tbaddr = {0}; - TableInfoStruct tb = {0}; + TableInfoStruct tb; ReadProcessMemory(hp.GetHandle(), (LPCVOID)db_table_start_addr, &tbaddr, sizeof(TableInfoAddrStruct), 0); - tb.name = new char[tbaddr.l_name + 1]; - ReadProcessMemory(hp.GetHandle(), (LPCVOID)tbaddr.name, tb.name, tbaddr.l_name + 1, 0); - tb.tbl_name = new char[tbaddr.l_tbl_name + 1]; - ReadProcessMemory(hp.GetHandle(), (LPCVOID)tbaddr.tbl_name, tb.tbl_name, tbaddr.l_tbl_name + 1, 0); - tb.rootpage = new char[tbaddr.l_rootpage + 1]; - ReadProcessMemory(hp.GetHandle(), (LPCVOID)tbaddr.rootpage, tb.rootpage, tbaddr.l_rootpage + 1, 0); - tb.sql = new char[tbaddr.l_sql + 1]; - ReadProcessMemory(hp.GetHandle(), (LPCVOID)tbaddr.sql, tb.sql, tbaddr.l_sql + 1, 0); + buf = new char[tbaddr.l_name + 1]; + ReadProcessMemory(hp.GetHandle(), (LPCVOID)tbaddr.name, buf, tbaddr.l_name + 1, 0); + tb.name = std::string(buf); + delete[] buf; + buf = new char[tbaddr.l_tbl_name + 1]; + ReadProcessMemory(hp.GetHandle(), (LPCVOID)tbaddr.tbl_name, buf, tbaddr.l_tbl_name + 1, 0); + tb.tbl_name = std::string(buf); + delete[] buf; + buf = new char[tbaddr.l_rootpage + 1]; + ReadProcessMemory(hp.GetHandle(), (LPCVOID)tbaddr.rootpage, buf, tbaddr.l_rootpage + 1, 0); + tb.rootpage = std::string(buf); + delete[] buf; + buf = new char[tbaddr.l_sql + 1]; + ReadProcessMemory(hp.GetHandle(), (LPCVOID)tbaddr.sql, buf, tbaddr.l_sql + 1, 0); + tb.sql = std::string(buf); + delete[] buf; db.tables.push_back(tb); db_table_start_addr += sizeof(TableInfoAddrStruct); } diff --git a/CWeChatRobot/GetQrcodeImage.cpp b/CWeChatRobot/GetQrcodeImage.cpp index 84167b4..364660a 100644 --- a/CWeChatRobot/GetQrcodeImage.cpp +++ b/CWeChatRobot/GetQrcodeImage.cpp @@ -1,33 +1,31 @@ #include "pch.h" -VARIANT GetQrcodeImage(DWORD pid) +ATL::CComVariant GetQrcodeImage(DWORD pid) { - VARIANT vsa; - vsa.vt = VT_ARRAY | VT_UI1; - V_ARRAY(&vsa) = NULL; WeChatProcess hp(pid); if (!hp.m_init) - return vsa; + return NULL; DWORD GetQrcodeImageAddr = hp.GetProcAddr(GetQrcodeImageRemote); DWORD ret = CallRemoteFunction(hp.GetHandle(), GetQrcodeImageAddr, NULL); if (ret == 0) - return vsa; + return NULL; DWORD ret_info[2] = {0}; ReadProcessMemory(hp.GetHandle(), (LPCVOID)ret, &ret_info, sizeof(ret_info), 0); DWORD buf_addr = ret_info[0]; int size = ret_info[1]; if (size == 0 || buf_addr == 0) - return vsa; + return NULL; unique_ptr image(new BYTE[size + 1]()); ReadProcessMemory(hp.GetHandle(), (LPCVOID)buf_addr, image.get(), size, 0); SAFEARRAYBOUND rgsaBound = {(ULONG)size, 0}; - SAFEARRAY *psaValue = SafeArrayCreate(VT_UI1, 1, &rgsaBound); + ATL::CComSafeArray cpsa(rgsaBound); BYTE *buf = NULL; - ::SafeArrayAccessData(psaValue, (void **)&buf); + ::SafeArrayAccessData(cpsa.m_psa, (void **)&buf); memcpy(buf, image.get(), size); - ::SafeArrayUnaccessData(psaValue); - V_ARRAY(&vsa) = psaValue; - return vsa; + ::SafeArrayUnaccessData(cpsa.m_psa); + ATL::CComVariant cva(cpsa.m_psa); + cpsa.Destroy(); + return cva; } BOOL isWxLogin(DWORD pid) diff --git a/CWeChatRobot/GetQrcodeImage.h b/CWeChatRobot/GetQrcodeImage.h index a16cd01..0a62424 100644 --- a/CWeChatRobot/GetQrcodeImage.h +++ b/CWeChatRobot/GetQrcodeImage.h @@ -1,4 +1,6 @@ #pragma once #include -VARIANT GetQrcodeImage(DWORD pid); +#include +#include +ATL::CComVariant GetQrcodeImage(DWORD pid); BOOL isWxLogin(DWORD pid); diff --git a/CWeChatRobot/WeChatRobot.cpp b/CWeChatRobot/WeChatRobot.cpp index 1a6c125..1c0c9dd 100644 --- a/CWeChatRobot/WeChatRobot.cpp +++ b/CWeChatRobot/WeChatRobot.cpp @@ -116,10 +116,13 @@ STDMETHODIMP CWeChatRobot::CSendCard(DWORD pid, BSTR receiver, BSTR sharedwxid, */ STDMETHODIMP CWeChatRobot::CGetFriendList(DWORD pid, VARIANT *__result) { - VARIANT vsaValue; - vsaValue.vt = VT_ARRAY | VT_VARIANT; - V_ARRAY(&vsaValue) = GetFriendList(pid); - *__result = vsaValue; + VariantInit(__result); + SAFEARRAY *psaValue = GetFriendList(pid); + ATL::CComSafeArray cpsa; + cpsa.Attach(psaValue); + ATL::CComVariant cva = cpsa.m_psa; + cva.Detach(__result); + cpsa.Destroy(); return S_OK; } @@ -207,10 +210,13 @@ STDMETHODIMP CWeChatRobot::CStopReceiveMessage(DWORD pid, int *__result) */ STDMETHODIMP CWeChatRobot::CGetChatRoomMembers(DWORD pid, BSTR chatroomid, VARIANT *__result) { - VARIANT vsaValue; - vsaValue.vt = VT_ARRAY | VT_VARIANT; - V_ARRAY(&vsaValue) = GetChatRoomMembers(pid, chatroomid); - *__result = vsaValue; + VariantInit(__result); + SAFEARRAY *psaValue = GetChatRoomMembers(pid, chatroomid); + ATL::CComSafeArray cpsa; + cpsa.Attach(psaValue); + ATL::CComVariant cva = cpsa.m_psa; + cva.Detach(__result); + cpsa.Destroy(); return S_OK; } @@ -220,10 +226,13 @@ STDMETHODIMP CWeChatRobot::CGetChatRoomMembers(DWORD pid, BSTR chatroomid, VARIA */ STDMETHODIMP CWeChatRobot::CGetDbHandles(DWORD pid, VARIANT *__result) { - VARIANT vsaValue; - vsaValue.vt = VT_ARRAY | VT_VARIANT; - V_ARRAY(&vsaValue) = GetDbHandles(pid); - *__result = vsaValue; + VariantInit(__result); + SAFEARRAY *psaValue = GetDbHandles(pid); + ATL::CComSafeArray cpsa; + cpsa.Attach(psaValue); + ATL::CComVariant cva = cpsa.m_psa; + cva.Detach(__result); + cpsa.Destroy(); return S_OK; } @@ -235,10 +244,13 @@ STDMETHODIMP CWeChatRobot::CGetDbHandles(DWORD pid, VARIANT *__result) */ STDMETHODIMP CWeChatRobot::CExecuteSQL(DWORD pid, DWORD DbHandle, BSTR sql, VARIANT *__result) { - VARIANT vsaValue; - vsaValue.vt = VT_ARRAY | VT_VARIANT; - V_ARRAY(&vsaValue) = ExecuteSQL(pid, DbHandle, sql); - *__result = vsaValue; + VariantInit(__result); + SAFEARRAY *psaValue = ExecuteSQL(pid, DbHandle, sql); + ATL::CComSafeArray cpsa; + cpsa.Attach(psaValue); + ATL::CComVariant cva = cpsa.m_psa; + cva.Detach(__result); + cpsa.Destroy(); return S_OK; } @@ -318,10 +330,13 @@ STDMETHODIMP CWeChatRobot::CStartWeChat(int *__result) */ STDMETHODIMP CWeChatRobot::CSearchContactByNet(DWORD pid, BSTR keyword, VARIANT *__result) { - VARIANT vsaValue; - vsaValue.vt = VT_ARRAY | VT_VARIANT; - V_ARRAY(&vsaValue) = SearchContactByNet(pid, keyword); - *__result = vsaValue; + VariantInit(__result); + SAFEARRAY *psaValue = SearchContactByNet(pid, keyword); + ATL::CComSafeArray cpsa; + cpsa.Attach(psaValue); + ATL::CComVariant cva = cpsa.m_psa; + cva.Detach(__result); + cpsa.Destroy(); return S_OK; } @@ -545,16 +560,15 @@ STDMETHODIMP CWeChatRobot::COpenBrowser(DWORD pid, BSTR url, int *__result) STDMETHODIMP CWeChatRobot::CGetHistoryPublicMsg(DWORD pid, BSTR PublicId, BSTR Offset, VARIANT *__result) { HRESULT hr = S_OK; + VariantInit(__result); wstring result = GetHistoryPublicMsg(pid, PublicId, Offset); - VARIANT vsaValue; - vsaValue.vt = VT_ARRAY | VT_VARIANT; SAFEARRAYBOUND rgsaBound = {1, 0}; - SAFEARRAY *psaValue = SafeArrayCreate(VT_VARIANT, 1, &rgsaBound); + ATL::CComSafeArray cpsa(rgsaBound); long index = 0; // 数据大小超过16382个字符,客户端调用可能出现异常,因此将数据放入安全数组中传递 - hr = SafeArrayPutElement(psaValue, &index, &(_variant_t)result.c_str()); - V_ARRAY(&vsaValue) = psaValue; - *__result = vsaValue; + hr = SafeArrayPutElement(cpsa.m_psa, &index, &(_variant_t)result.c_str()); + ATL::CComVariant vsa(cpsa.m_psa); + vsa.Detach(__result); return S_OK; } @@ -576,7 +590,9 @@ STDMETHODIMP CWeChatRobot::CForwardMessage(DWORD pid, BSTR wxid, ULONG64 msgid, */ STDMETHODIMP CWeChatRobot::CGetQrcodeImage(DWORD pid, VARIANT *__result) { - *__result = GetQrcodeImage(pid); + ATL::CComVariant cva = GetQrcodeImage(pid); + VariantInit(__result); + cva.Detach(__result); return S_OK; } -- GitLab