Skip to content

C
ComWeChatRobot

m0_71762220 / ComWeChatRobot
与 Fork 源项目一致

从无法访问的项目Fork

通知 1
Star 0
Fork 0
C
ComWeChatRobot

前往新版Gitcode,体验更适合开发者的 AI 搜索 >>

提交 eb0b1414 编写于 作者: L ljc545w
浏览文件
操作

提供多开管理Beta

上级 db86c422
展开全部 隐藏空白更改
内联 并排
Showing with 3178 addition and 1697 deletion
CWeChatRobot/AddBrandContact.cpp
浏览文件 @ eb0b1414
#include "pch.h"
BOOL AddBrandContact(wchar_t* PublicId) {
BOOL AddBrandContact(DWORD pid,wchar_t* PublicId) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase();
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
DWORD dwId = 0;
DWORD dwWriteSize = 0;
DWORD dwRet = 1;
LPVOID PublicIdaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
if (!PublicIdaddr)
if (!PublicIdaddr) {
CloseHandle(hProcess);
return 1;
}
WriteProcessMemory(hProcess, PublicIdaddr, PublicId, wcslen(PublicId) * 2 + 2, &dwWriteSize);
DWORD AddBrandContactAddr = WeChatRobotBase + AddBrandContactRemoteOffset;
HANDLE hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)AddBrandContactAddr, (LPVOID)PublicIdaddr, 0, &dwId);
......@@ -21,5 +28,6 @@ BOOL AddBrandContact(wchar_t* PublicId) {
}
VirtualFreeEx(hProcess, PublicIdaddr, 0, MEM_RELEASE);
CloseHandle(hProcess);
return dwRet == 0;
}
\ No newline at end of file
CWeChatRobot/AddChatRoomMember.cpp
浏览文件 @ eb0b1414
......@@ -7,10 +7,15 @@ struct AddChatRoomMemberStruct
DWORD length;
};
BOOL AddChatRoomMember(wchar_t* chatroomid, wchar_t* wxid) {
BOOL AddChatRoomMember(DWORD pid,wchar_t* chatroomid, wchar_t* wxid) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase();
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
DWORD dwId = 0;
DWORD dwWriteSize = 0;
DWORD dwRet = 0;
......@@ -19,7 +24,8 @@ BOOL AddChatRoomMember(wchar_t* chatroomid, wchar_t* wxid) {
LPVOID chatroomidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
LPVOID wxidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
AddChatRoomMemberStruct* paramAndFunc = (AddChatRoomMemberStruct*)::VirtualAllocEx(hProcess, 0, sizeof(AddChatRoomMemberStruct), MEM_COMMIT, PAGE_READWRITE);
if (!chatroomidaddr || !wxidaddr || !paramAndFunc || !WeChatRobotBase) {
if (!chatroomidaddr || !wxidaddr || !paramAndFunc) {
CloseHandle(hProcess);
return 1;
}
DWORD dwTId = 0;
......@@ -38,6 +44,7 @@ BOOL AddChatRoomMember(wchar_t* chatroomid, wchar_t* wxid) {
WriteProcessMemory(hProcess, paramAndFunc, &params, sizeof(AddChatRoomMemberStruct), &dwTId);
}
else {
CloseHandle(hProcess);
return 1;
}
......@@ -49,17 +56,17 @@ BOOL AddChatRoomMember(wchar_t* chatroomid, wchar_t* wxid) {
CloseHandle(hThread);
}
else {
CloseHandle(hProcess);
return 1;
}
VirtualFreeEx(hProcess, chatroomidaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, wxidaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, paramAndFunc, 0, MEM_RELEASE);
CloseHandle(hProcess);
return dwRet == 0;
}
BOOL AddChatRoomMember(wchar_t* chatroomid, SAFEARRAY* psaValue) {
if (!hProcess)
return 1;
BOOL AddChatRoomMember(DWORD pid,wchar_t* chatroomid, SAFEARRAY* psaValue) {
VARIANT rgvar;
rgvar.vt = VT_BSTR;
HRESULT hr = S_OK;
......@@ -69,17 +76,25 @@ BOOL AddChatRoomMember(wchar_t* chatroomid, SAFEARRAY* psaValue) {
VariantInit(&rgvar);
long pIndex = 0;
hr = SafeArrayGetElement(psaValue, &pIndex, &rgvar);
return AddChatRoomMember(chatroomid, rgvar.bstrVal);
return AddChatRoomMember(pid,chatroomid, rgvar.bstrVal);
}
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
vector<void*> wxidptrs;
DWORD dwWriteSize = 0;
DWORD dwTId = 0; DWORD dwId = 0; DWORD dwRet = 0;
DWORD WeChatRobotBase = GetWeChatRobotBase();
AddChatRoomMemberStruct params = { 0 };
LPVOID chatroomidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
LPVOID wxidptrsaddr = VirtualAllocEx(hProcess, NULL, sizeof(void*) * cElements, MEM_COMMIT, PAGE_READWRITE);
AddChatRoomMemberStruct* paramAndFunc = (AddChatRoomMemberStruct*)::VirtualAllocEx(hProcess, 0, sizeof(AddChatRoomMemberStruct), MEM_COMMIT, PAGE_READWRITE);
if (!chatroomidaddr || !wxidptrsaddr || !paramAndFunc || !WeChatRobotBase) {
if (!chatroomidaddr || !wxidptrsaddr || !paramAndFunc) {
CloseHandle(hProcess);
return 1;
}
for (long i = lLbound; i < lLbound + cElements; i++) {
......@@ -104,6 +119,7 @@ BOOL AddChatRoomMember(wchar_t* chatroomid, SAFEARRAY* psaValue) {
WriteProcessMemory(hProcess, paramAndFunc, &params, sizeof(AddChatRoomMemberStruct), &dwTId);
}
else {
CloseHandle(hProcess);
return 1;
}
DWORD AddChatRoomMemberAddr = WeChatRobotBase + AddChatRoomMemberRemoteOffset;
......@@ -114,6 +130,7 @@ BOOL AddChatRoomMember(wchar_t* chatroomid, SAFEARRAY* psaValue) {
CloseHandle(hThread);
}
else {
CloseHandle(hProcess);
return 1;
}
for (unsigned int i = 0; i < wxidptrs.size(); i++) {
......@@ -122,5 +139,6 @@ BOOL AddChatRoomMember(wchar_t* chatroomid, SAFEARRAY* psaValue) {
VirtualFreeEx(hProcess, chatroomidaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, wxidptrsaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, paramAndFunc, 0, MEM_RELEASE);
CloseHandle(hProcess);
return dwRet == 0;
}
\ No newline at end of file
CWeChatRobot/AddChatRoomMember.h
浏览文件 @ eb0b1414
#pragma once
#include<windows.h>
BOOL AddChatRoomMember(wchar_t* chatroomid, wchar_t* wxid);
BOOL AddChatRoomMember(wchar_t* chatroomid, SAFEARRAY* psaValue);
\ No newline at end of file
BOOL AddChatRoomMember(DWORD pid,wchar_t* chatroomid, wchar_t* wxid);
BOOL AddChatRoomMember(DWORD pid,wchar_t* chatroomid, SAFEARRAY* psaValue);
\ No newline at end of file
CWeChatRobot/AddFriend.h
浏览文件 @ eb0b1414
#pragma once
#include<windows.h>
BOOL AddFriendByWxid(wchar_t* wxid, wchar_t* message);
BOOL AddFriendByV3(wchar_t* v3, wchar_t* message,int AddType);
BOOL AddBrandContact(wchar_t* PublicId);
\ No newline at end of file
BOOL AddFriendByWxid(DWORD pid,wchar_t* wxid, wchar_t* message);
BOOL AddFriendByV3(DWORD pid,wchar_t* v3, wchar_t* message,int AddType);
BOOL AddBrandContact(DWORD pid,wchar_t* PublicId);
\ No newline at end of file
CWeChatRobot/AddFriendByV3.cpp
浏览文件 @ eb0b1414
......@@ -6,10 +6,15 @@ struct AddFriendByV3Struct {
DWORD AddType;
};
BOOL AddFriendByV3(wchar_t* v3, wchar_t* message,int AddType) {
BOOL AddFriendByV3(DWORD pid,wchar_t* v3, wchar_t* message,int AddType) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase();
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
DWORD dwId = 0;
DWORD dwWriteSize = 0;
DWORD dwRet = 1;
......@@ -17,8 +22,10 @@ BOOL AddFriendByV3(wchar_t* v3, wchar_t* message,int AddType) {
LPVOID v3addr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
LPVOID messageaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
AddFriendByV3Struct* paramAndFunc = (AddFriendByV3Struct*)VirtualAllocEx(hProcess, 0, sizeof(AddFriendByV3Struct), MEM_COMMIT, PAGE_READWRITE);
if (!v3addr || !messageaddr || !paramAndFunc)
if (!v3addr || !messageaddr || !paramAndFunc) {
CloseHandle(hProcess);
return 1;
}
WriteProcessMemory(hProcess, v3addr, v3, wcslen(v3) * 2 + 2, &dwWriteSize);
if(message)
WriteProcessMemory(hProcess, messageaddr, message, wcslen(message) * 2 + 2, &dwWriteSize);
......@@ -39,5 +46,6 @@ BOOL AddFriendByV3(wchar_t* v3, wchar_t* message,int AddType) {
VirtualFreeEx(hProcess, v3addr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, messageaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, paramAndFunc, 0, MEM_RELEASE);
CloseHandle(hProcess);
return dwRet == 0;
}
\ No newline at end of file
CWeChatRobot/AddFriendByWxid.cpp
浏览文件 @ eb0b1414
......@@ -5,10 +5,15 @@ struct AddFriendByWxidStruct {
DWORD message;
};
BOOL AddFriendByWxid(wchar_t* wxid,wchar_t* message) {
BOOL AddFriendByWxid(DWORD pid,wchar_t* wxid,wchar_t* message) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase();
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
DWORD dwId = 0;
DWORD dwWriteSize = 0;
DWORD dwRet = 1;
......@@ -16,8 +21,10 @@ BOOL AddFriendByWxid(wchar_t* wxid,wchar_t* message) {
LPVOID wxidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
LPVOID messageaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
AddFriendByWxidStruct* paramAndFunc = (AddFriendByWxidStruct*)VirtualAllocEx(hProcess, 0, sizeof(AddFriendByWxidStruct), MEM_COMMIT, PAGE_READWRITE);
if (!wxidaddr || !messageaddr || !paramAndFunc)
if (!wxidaddr || !messageaddr || !paramAndFunc) {
CloseHandle(hProcess);
return 1;
}
WriteProcessMemory(hProcess, wxidaddr, wxid, wcslen(wxid) * 2 + 2, &dwWriteSize);
if(message)
WriteProcessMemory(hProcess, messageaddr, message, wcslen(message) * 2 + 2, &dwWriteSize);
......@@ -37,5 +44,6 @@ BOOL AddFriendByWxid(wchar_t* wxid,wchar_t* message) {
VirtualFreeEx(hProcess, wxidaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, messageaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, paramAndFunc, 0, MEM_RELEASE);
CloseHandle(hProcess);
return dwRet == 0;
}
\ No newline at end of file
CWeChatRobot/CheckFriendStatus.cpp
浏览文件 @ eb0b1414
#include "pch.h"
DWORD CheckFriendStatus(wchar_t* wxid) {
DWORD CheckFriendStatus(DWORD pid,wchar_t* wxid) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase();
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
DWORD dwId = 0;
DWORD dwWriteSize = 0;
DWORD dwStatus = 0;
LPVOID wxidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
if (!wxidaddr)
if (!wxidaddr) {
CloseHandle(hProcess);
return 1;
}
WriteProcessMemory(hProcess, wxidaddr, wxid, wcslen(wxid) * 2 + 2, &dwWriteSize);
DWORD CheckFriendStatusRemoteAddr = WeChatRobotBase + CheckFriendStatusRemoteOffset;
HANDLE hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)CheckFriendStatusRemoteAddr, (LPVOID)wxidaddr, 0, &dwId);
......@@ -21,5 +28,6 @@ DWORD CheckFriendStatus(wchar_t* wxid) {
}
VirtualFreeEx(hProcess, wxidaddr, 0, MEM_RELEASE);
CloseHandle(hProcess);
return dwStatus;
}
\ No newline at end of file
CWeChatRobot/CheckFriendStatus.h
浏览文件 @ eb0b1414
#pragma once
#include<windows.h>
DWORD CheckFriendStatus(wchar_t* wxid);
\ No newline at end of file
DWORD CheckFriendStatus(DWORD pid,wchar_t* wxid);
\ No newline at end of file
CWeChatRobot/DbBackup.cpp
浏览文件 @ eb0b1414
......@@ -6,16 +6,24 @@ struct BackupParams {
DWORD savepath;
};
BOOL BackupSQLiteDB(DWORD DbHandle, BSTR savepath) {
BOOL BackupSQLiteDB(DWORD pid,DWORD DbHandle, BSTR savepath) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
DWORD dwHandle = 0x0;
DWORD dwId = 0x0;
DWORD dwWriteSize = 0x0;
LPVOID savepathAddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
BackupParams* paramAndFunc = (BackupParams*)::VirtualAllocEx(hProcess, 0, sizeof(BackupParams), MEM_COMMIT, PAGE_READWRITE);
if (!savepathAddr || !paramAndFunc)
if (!savepathAddr || !paramAndFunc) {
CloseHandle(hProcess);
return 1;
}
char* a_savepath = _com_util::ConvertBSTRToString(savepath);
if (savepathAddr)
WriteProcessMemory(hProcess, savepathAddr, a_savepath, strlen(a_savepath) + 1, &dwWriteSize);
......@@ -26,7 +34,7 @@ BOOL BackupSQLiteDB(DWORD DbHandle, BSTR savepath) {
if (paramAndFunc)
WriteProcessMemory(hProcess, paramAndFunc, &param, sizeof(BackupParams), &dwWriteSize);
DWORD BackupSQLiteDBRemoteAddr = GetWeChatRobotBase() + BackupSQLiteDBRemoteOffset;
DWORD BackupSQLiteDBRemoteAddr = WeChatRobotBase + BackupSQLiteDBRemoteOffset;
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)BackupSQLiteDBRemoteAddr, (LPVOID)paramAndFunc, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
......@@ -34,9 +42,11 @@ BOOL BackupSQLiteDB(DWORD DbHandle, BSTR savepath) {
CloseHandle(hThread);
}
else {
CloseHandle(hProcess);
return 1;
}
VirtualFreeEx(hProcess, savepathAddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, paramAndFunc, 0, MEM_RELEASE);
CloseHandle(hProcess);
return dwHandle;
}
\ No newline at end of file
CWeChatRobot/DbBackup.h
浏览文件 @ eb0b1414
#pragma once
#include<windows.h>
BOOL BackupSQLiteDB(DWORD DbHandle, BSTR savepath);
\ No newline at end of file
BOOL BackupSQLiteDB(DWORD pid,DWORD DbHandle, BSTR savepath);
\ No newline at end of file
CWeChatRobot/DbExecuteSql.cpp
浏览文件 @ eb0b1414
......@@ -106,7 +106,7 @@ SAFEARRAY* CreateSQLResultSafeArray() {
}
// 读出查询结果
VOID ReadSQLResultFromWeChatProcess(DWORD dwHandle) {
VOID ReadSQLResultFromWeChatProcess(HANDLE hProcess,DWORD dwHandle) {
executeResult result = { 0 };
ReadProcessMemory(hProcess, (LPCVOID)dwHandle, &result, sizeof(executeResult), 0);
for (unsigned int i = 0; i < result.length; i++) {
......@@ -146,17 +146,25 @@ VOID ReadSQLResultFromWeChatProcess(DWORD dwHandle) {
}
}
SAFEARRAY* ExecuteSQL(DWORD DbHandle,BSTR sql) {
SAFEARRAY* ExecuteSQL(DWORD pid,DWORD DbHandle,BSTR sql) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return NULL;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return NULL;
}
ClearResultArray();
DWORD dwHandle = 0x0;
DWORD dwId = 0x0;
DWORD dwWriteSize = 0x0;
LPVOID sqlAddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
executeParams* paramAndFunc = (executeParams*)::VirtualAllocEx(hProcess, 0, sizeof(executeParams), MEM_COMMIT, PAGE_READWRITE);
if (!sqlAddr || !paramAndFunc)
if (!sqlAddr || !paramAndFunc) {
CloseHandle(hProcess);
return NULL;
}
char* a_sql = _com_util::ConvertBSTRToString(sql);
if(sqlAddr)
WriteProcessMemory(hProcess, sqlAddr, a_sql, strlen(a_sql) + 1, &dwWriteSize);
......@@ -167,8 +175,8 @@ SAFEARRAY* ExecuteSQL(DWORD DbHandle,BSTR sql) {
if(paramAndFunc)
WriteProcessMemory(hProcess, paramAndFunc, &param, sizeof(executeParams), &dwWriteSize);
// DWORD ExecuteSQLRemoteAddr = GetWeChatRobotBase() + ExecuteSQLRemoteOffset;
DWORD SelectDataRemoteAddr = GetWeChatRobotBase() + SelectDataRemoteOffset;
// DWORD ExecuteSQLRemoteAddr = WeChatRobotBase + ExecuteSQLRemoteOffset;
DWORD SelectDataRemoteAddr = WeChatRobotBase + SelectDataRemoteOffset;
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)SelectDataRemoteAddr, (LPVOID)paramAndFunc, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
......@@ -176,13 +184,17 @@ SAFEARRAY* ExecuteSQL(DWORD DbHandle,BSTR sql) {
CloseHandle(hThread);
}
else {
CloseHandle(hProcess);
return NULL;
}
if (!dwHandle)
if (!dwHandle) {
CloseHandle(hProcess);
return NULL;
ReadSQLResultFromWeChatProcess(dwHandle);
}
ReadSQLResultFromWeChatProcess(hProcess,dwHandle);
SAFEARRAY* psaValue = CreateSQLResultSafeArray();
VirtualFreeEx(hProcess, sqlAddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, paramAndFunc, 0, MEM_RELEASE);
CloseHandle(hProcess);
return psaValue;
}
\ No newline at end of file
CWeChatRobot/DbExecuteSql.h
浏览文件 @ eb0b1414
#pragma once
#include<windows.h>
SAFEARRAY* ExecuteSQL(DWORD DbHandle, BSTR sql);
\ No newline at end of file
SAFEARRAY* ExecuteSQL(DWORD pid,DWORD DbHandle, BSTR sql);
\ No newline at end of file
CWeChatRobot/DelChatRoomMember.cpp
浏览文件 @ eb0b1414
......@@ -7,10 +7,15 @@ struct DelChatRoomMemberStruct
DWORD length;
};
BOOL DelChatRoomMember(wchar_t* chatroomid, wchar_t* wxid) {
BOOL DelChatRoomMember(DWORD pid,wchar_t* chatroomid, wchar_t* wxid) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase();
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
DWORD dwId = 0;
DWORD dwWriteSize = 0;
DWORD dwRet = 0;
......@@ -19,7 +24,8 @@ BOOL DelChatRoomMember(wchar_t* chatroomid, wchar_t* wxid) {
LPVOID chatroomidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
LPVOID wxidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
DelChatRoomMemberStruct* paramAndFunc = (DelChatRoomMemberStruct*)::VirtualAllocEx(hProcess, 0, sizeof(DelChatRoomMemberStruct), MEM_COMMIT, PAGE_READWRITE);
if (!chatroomidaddr || !wxidaddr || !paramAndFunc || !WeChatRobotBase) {
if (!chatroomidaddr || !wxidaddr || !paramAndFunc) {
CloseHandle(hProcess);
return 1;
}
DWORD dwTId = 0;
......@@ -38,6 +44,7 @@ BOOL DelChatRoomMember(wchar_t* chatroomid, wchar_t* wxid) {
WriteProcessMemory(hProcess, paramAndFunc, &params, sizeof(DelChatRoomMemberStruct), &dwTId);
}
else {
CloseHandle(hProcess);
return 1;
}
......@@ -49,17 +56,17 @@ BOOL DelChatRoomMember(wchar_t* chatroomid, wchar_t* wxid) {
CloseHandle(hThread);
}
else {
CloseHandle(hProcess);
return 1;
}
VirtualFreeEx(hProcess, chatroomidaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, wxidaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, paramAndFunc, 0, MEM_RELEASE);
CloseHandle(hProcess);
return dwRet == 0;
}
BOOL DelChatRoomMember(wchar_t* chatroomid, SAFEARRAY* psaValue) {
if (!hProcess)
return 1;
BOOL DelChatRoomMember(DWORD pid,wchar_t* chatroomid, SAFEARRAY* psaValue) {
VARIANT rgvar;
rgvar.vt = VT_BSTR;
HRESULT hr = S_OK;
......@@ -69,17 +76,25 @@ BOOL DelChatRoomMember(wchar_t* chatroomid, SAFEARRAY* psaValue) {
VariantInit(&rgvar);
long pIndex = 0;
hr = SafeArrayGetElement(psaValue, &pIndex, &rgvar);
return DelChatRoomMember(chatroomid, rgvar.bstrVal);
return DelChatRoomMember(pid,chatroomid, rgvar.bstrVal);
}
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
vector<void*> wxidptrs;
DWORD dwWriteSize = 0;
DWORD dwTId = 0; DWORD dwId = 0; DWORD dwRet = 0;
DWORD WeChatRobotBase = GetWeChatRobotBase();
DelChatRoomMemberStruct params = { 0 };
LPVOID chatroomidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
LPVOID wxidptrsaddr = VirtualAllocEx(hProcess, NULL, sizeof(void*) * cElements, MEM_COMMIT, PAGE_READWRITE);
DelChatRoomMemberStruct* paramAndFunc = (DelChatRoomMemberStruct*)::VirtualAllocEx(hProcess, 0, sizeof(DelChatRoomMemberStruct), MEM_COMMIT, PAGE_READWRITE);
if (!chatroomidaddr || !wxidptrsaddr || !paramAndFunc || !WeChatRobotBase) {
if (!chatroomidaddr || !wxidptrsaddr || !paramAndFunc) {
CloseHandle(hProcess);
return 1;
}
for (long i = lLbound; i < lLbound + cElements; i++) {
......@@ -104,6 +119,7 @@ BOOL DelChatRoomMember(wchar_t* chatroomid, SAFEARRAY* psaValue) {
WriteProcessMemory(hProcess, paramAndFunc, &params, sizeof(DelChatRoomMemberStruct), &dwTId);
}
else {
CloseHandle(hProcess);
return 1;
}
DWORD DelChatRoomMemberAddr = WeChatRobotBase + DelChatRoomMemberRemoteOffset;
......@@ -114,6 +130,7 @@ BOOL DelChatRoomMember(wchar_t* chatroomid, SAFEARRAY* psaValue) {
CloseHandle(hThread);
}
else {
CloseHandle(hProcess);
return 1;
}
for (unsigned int i = 0; i < wxidptrs.size(); i++) {
......@@ -122,5 +139,6 @@ BOOL DelChatRoomMember(wchar_t* chatroomid, SAFEARRAY* psaValue) {
VirtualFreeEx(hProcess, chatroomidaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, wxidptrsaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, paramAndFunc, 0, MEM_RELEASE);
CloseHandle(hProcess);
return dwRet == 0;
}
\ No newline at end of file
CWeChatRobot/DelChatRoomMember.h
浏览文件 @ eb0b1414
#pragma once
#include<windows.h>
BOOL DelChatRoomMember(wchar_t* chatroomid, wchar_t* wxid);
BOOL DelChatRoomMember(wchar_t* chatroomid, SAFEARRAY* psaValue);
\ No newline at end of file
BOOL DelChatRoomMember(DWORD pid,wchar_t* chatroomid, wchar_t* wxid);
BOOL DelChatRoomMember(DWORD pid,wchar_t* chatroomid, SAFEARRAY* psaValue);
\ No newline at end of file
CWeChatRobot/DeleteUser.cpp
浏览文件 @ eb0b1414
#include "pch.h"
BOOL DeleteUser(wchar_t* wxid) {
BOOL DeleteUser(DWORD pid,wchar_t* wxid) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return 1;
DWORD DeleteUserRemoteAddr = GetWeChatRobotBase() + DeleteUserRemoteOffset;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
DWORD DeleteUserRemoteAddr = WeChatRobotBase + DeleteUserRemoteOffset;
LPVOID wxidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
DWORD dwWriteSize = 0;
DWORD dwId = 0;
DWORD dwRet = 0;
if (!wxidaddr)
if (!wxidaddr) {
CloseHandle(hProcess);
return 1;
}
WriteProcessMemory(hProcess, wxidaddr, wxid, wcslen(wxid) * 2 + 2, &dwWriteSize);
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)DeleteUserRemoteAddr, wxidaddr, 0, &dwId);
if (hThread) {
......@@ -18,5 +26,6 @@ BOOL DeleteUser(wchar_t* wxid) {
CloseHandle(hThread);
}
VirtualFreeEx(hProcess, wxidaddr, 0, MEM_RELEASE);
CloseHandle(hProcess);
return dwRet == 0;
}
\ No newline at end of file
CWeChatRobot/DeleteUser.h
浏览文件 @ eb0b1414
#pragma once
#include<windows.h>
BOOL DeleteUser(wchar_t* wxid);
\ No newline at end of file
BOOL DeleteUser(DWORD pid,wchar_t* wxid);
\ No newline at end of file
CWeChatRobot/EditRemark.cpp
浏览文件 @ eb0b1414
......@@ -5,10 +5,15 @@ struct EditRemarkStruct {
DWORD remark;
};
BOOL EditRemark(wchar_t* wxid, wchar_t* remark) {
BOOL EditRemark(DWORD pid,wchar_t* wxid, wchar_t* remark) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase();
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
DWORD dwId = 0;
DWORD dwWriteSize = 0;
DWORD dwRet = 1;
......@@ -16,8 +21,10 @@ BOOL EditRemark(wchar_t* wxid, wchar_t* remark) {
LPVOID wxidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
LPVOID remarkaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
EditRemarkStruct* paramAndFunc = (EditRemarkStruct*)VirtualAllocEx(hProcess, 0, sizeof(EditRemarkStruct), MEM_COMMIT, PAGE_READWRITE);
if (!wxidaddr || !remarkaddr || !paramAndFunc)
if (!wxidaddr || !remarkaddr || !paramAndFunc) {
CloseHandle(hProcess);
return 1;
}
WriteProcessMemory(hProcess, wxidaddr, wxid, wcslen(wxid) * 2 + 2, &dwWriteSize);
if (remark)
WriteProcessMemory(hProcess, remarkaddr, remark, wcslen(remark) * 2 + 2, &dwWriteSize);
......@@ -37,5 +44,6 @@ BOOL EditRemark(wchar_t* wxid, wchar_t* remark) {
VirtualFreeEx(hProcess, wxidaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, remarkaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, paramAndFunc, 0, MEM_RELEASE);
CloseHandle(hProcess);
return dwRet == 0;
}
\ No newline at end of file
CWeChatRobot/EditRemark.h
浏览文件 @ eb0b1414
#pragma once
#include<windows.h>
BOOL EditRemark(wchar_t* wxid, wchar_t* remark);
\ No newline at end of file
BOOL EditRemark(DWORD pid,wchar_t* wxid, wchar_t* remark);
\ No newline at end of file
CWeChatRobot/FriendList.cpp
浏览文件 @ eb0b1414
......@@ -16,7 +16,7 @@ struct WxFriendStruct {
WxFriendStruct* WxFriendList;
void ReadFriendMessageByAddress(WxFriendAddrStruct* lpWxFriendAddr, WxFriendStruct* lpWxFriend) {
void ReadFriendMessageByAddress(HANDLE hProcess,WxFriendAddrStruct* lpWxFriendAddr, WxFriendStruct* lpWxFriend) {
DWORD length = 0;
DWORD bufferaddr = 0;
......@@ -119,12 +119,18 @@ SAFEARRAY* CreateFriendArray(int FriendCount) {
return psaValue;
}
SAFEARRAY* GetFriendList() {
SAFEARRAY* GetFriendList(DWORD pid) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return NULL;
DWORD GetFriendListInitAddr = GetWeChatRobotBase() + GetFriendListInitOffset;
DWORD GetFriendListRemoteAddr = GetWeChatRobotBase() + GetFriendListRemoteOffset;
DWORD GetFriendListFinishAddr = GetWeChatRobotBase() + GetFriendListFinishOffset;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return NULL;
}
DWORD GetFriendListInitAddr = WeChatRobotBase + GetFriendListInitOffset;
DWORD GetFriendListRemoteAddr = WeChatRobotBase + GetFriendListRemoteOffset;
DWORD GetFriendListFinishAddr = WeChatRobotBase + GetFriendListFinishOffset;
DWORD FriendCount = 0;
DWORD dwId, dwHandle = 0;
// 获取好友列表的长度
......@@ -150,12 +156,13 @@ SAFEARRAY* GetFriendList() {
WxFriendList[i] = { 0 };
ZeroMemory(&WxFriendAddr, sizeof(WxFriendAddrStruct));
ReadProcessMemory(hProcess, (LPCVOID)dwHandle, &WxFriendAddr, sizeof(WxFriendAddrStruct), 0);
ReadFriendMessageByAddress(&WxFriendAddr, &WxFriendList[i]);
ReadFriendMessageByAddress(hProcess,&WxFriendAddr, &WxFriendList[i]);
// 保存下一个好友数据的结构体
dwHandle += sizeof(WxFriendAddrStruct);
}
}
else {
CloseHandle(hProcess);
return NULL;
}
// 清除微信进程空间中的缓存
......@@ -171,15 +178,22 @@ SAFEARRAY* GetFriendList() {
}
delete[] WxFriendList;
WxFriendList = NULL;
CloseHandle(hProcess);
return psaValue;
}
std::wstring GetFriendListString() {
std::wstring GetFriendListString(DWORD pid) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return L"[]";
DWORD GetFriendListInitAddr = GetWeChatRobotBase() + GetFriendListInitOffset;
DWORD GetFriendListRemoteAddr = GetWeChatRobotBase() + GetFriendListRemoteOffset;
DWORD GetFriendListFinishAddr = GetWeChatRobotBase() + GetFriendListFinishOffset;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return L"[]";
}
DWORD GetFriendListInitAddr = WeChatRobotBase + GetFriendListInitOffset;
DWORD GetFriendListRemoteAddr = WeChatRobotBase + GetFriendListRemoteOffset;
DWORD GetFriendListFinishAddr = WeChatRobotBase + GetFriendListFinishOffset;
DWORD FriendCount = 0;
DWORD dwId, dwHandle = 0;
// 获取好友列表的长度
......@@ -205,12 +219,13 @@ std::wstring GetFriendListString() {
WxFriendList[i] = { 0 };
ZeroMemory(&WxFriendAddr, sizeof(WxFriendAddrStruct));
ReadProcessMemory(hProcess, (LPCVOID)dwHandle, &WxFriendAddr, sizeof(WxFriendAddrStruct), 0);
ReadFriendMessageByAddress(&WxFriendAddr, &WxFriendList[i]);
ReadFriendMessageByAddress(hProcess,&WxFriendAddr, &WxFriendList[i]);
// 保存下一个好友数据的结构体
dwHandle += sizeof(WxFriendAddrStruct);
}
}
else {
CloseHandle(hProcess);
return L"[]";
}
// 清除微信进程空间中的缓存
......@@ -235,5 +250,6 @@ std::wstring GetFriendListString() {
// 释放全局变量
delete[] WxFriendList;
WxFriendList = NULL;
CloseHandle(hProcess);
return message;
}
\ No newline at end of file
CWeChatRobot/FriendList.h
浏览文件 @ eb0b1414
......@@ -2,5 +2,5 @@
#include<windows.h>
#include<iostream>
using namespace std;
SAFEARRAY* GetFriendList();
std::wstring GetFriendListString();
\ No newline at end of file
SAFEARRAY* GetFriendList(DWORD pid);
std::wstring GetFriendListString(DWORD pid);
\ No newline at end of file
CWeChatRobot/GetChatRoomMemberNickname.cpp
浏览文件 @ eb0b1414
......@@ -7,10 +7,15 @@ struct ChatRoomMemberNicknameStruct
DWORD nickname;
};
wstring GetChatRoomMemberNickname(wchar_t* chatroomid, wchar_t* wxid) {
wstring GetChatRoomMemberNickname(DWORD pid,wchar_t* chatroomid, wchar_t* wxid) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return L"";
DWORD WeChatRobotBase = GetWeChatRobotBase();
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return L"";
}
DWORD dwId = 0;
DWORD dwWriteSize = 0;
DWORD dwRet = 0;
......@@ -21,6 +26,7 @@ wstring GetChatRoomMemberNickname(wchar_t* chatroomid, wchar_t* wxid) {
LPVOID nicknameaddr = VirtualAllocEx(hProcess, NULL, 33 * 2, MEM_COMMIT, PAGE_READWRITE);
ChatRoomMemberNicknameStruct* paramAndFunc = (ChatRoomMemberNicknameStruct*)::VirtualAllocEx(hProcess, 0, sizeof(ChatRoomMemberNicknameStruct), MEM_COMMIT, PAGE_READWRITE);
if (!chatroomidaddr || !wxidaddr || !nicknameaddr || !paramAndFunc) {
CloseHandle(hProcess);
return L"";
}
DWORD dwTId = 0;
......@@ -39,6 +45,7 @@ wstring GetChatRoomMemberNickname(wchar_t* chatroomid, wchar_t* wxid) {
WriteProcessMemory(hProcess, paramAndFunc, &params, sizeof(params), &dwTId);
}
else {
CloseHandle(hProcess);
return L"";
}
......@@ -50,6 +57,7 @@ wstring GetChatRoomMemberNickname(wchar_t* chatroomid, wchar_t* wxid) {
CloseHandle(hThread);
}
else {
CloseHandle(hProcess);
return L"";
}
wchar_t* buffer = new wchar_t[33];
......@@ -60,5 +68,6 @@ wstring GetChatRoomMemberNickname(wchar_t* chatroomid, wchar_t* wxid) {
VirtualFreeEx(hProcess, chatroomidaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, nicknameaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, paramAndFunc, 0, MEM_RELEASE);
CloseHandle(hProcess);
return nickname;
}
\ No newline at end of file
CWeChatRobot/GetChatRoomMemberNickname.h
浏览文件 @ eb0b1414
......@@ -3,4 +3,4 @@
#include<iostream>
using namespace std;
wstring GetChatRoomMemberNickname(wchar_t* chatroomid, wchar_t* wxid);
\ No newline at end of file
wstring GetChatRoomMemberNickname(DWORD pid,wchar_t* chatroomid, wchar_t* wxid);
\ No newline at end of file
CWeChatRobot/GetChatRoomMembers.cpp
浏览文件 @ eb0b1414
......@@ -5,10 +5,15 @@ struct ChatRoomInfoStruct {
DWORD length;
};
SAFEARRAY* GetChatRoomMembers(wchar_t* chatroomid) {
SAFEARRAY* GetChatRoomMembers(DWORD pid,wchar_t* chatroomid) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return NULL;
DWORD WeChatRobotBase = GetWeChatRobotBase();
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return NULL;
}
DWORD dwId = 0;
DWORD dwWriteSize = 0;
DWORD dwHandle = 0;
......@@ -16,6 +21,7 @@ SAFEARRAY* GetChatRoomMembers(wchar_t* chatroomid) {
ChatRoomInfoStruct chatroominfo = { 0 };
LPVOID chatroomidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
if (!chatroomidaddr || !WeChatRobotBase) {
CloseHandle(hProcess);
return NULL;
}
else {
......@@ -29,10 +35,13 @@ SAFEARRAY* GetChatRoomMembers(wchar_t* chatroomid) {
GetExitCodeThread(hThread, &dwHandle);
}
else {
CloseHandle(hProcess);
return NULL;
}
if (!dwHandle)
if (!dwHandle) {
CloseHandle(hProcess);
return NULL;
}
ReadProcessMemory(hProcess,(LPCVOID)dwHandle,&chatroominfo,sizeof(ChatRoomInfoStruct),0);
wchar_t* members = new wchar_t[chatroominfo.length + 1];
ZeroMemory(members, (chatroominfo.length + 1) * 2);
......@@ -51,5 +60,6 @@ SAFEARRAY* GetChatRoomMembers(wchar_t* chatroomid) {
hr = SafeArrayPutElement(psaValue, keyIndex, &(_variant_t)members);
delete[] members;
members = NULL;
CloseHandle(hProcess);
return psaValue;
}
\ No newline at end of file
CWeChatRobot/GetChatRoomMembers.h
浏览文件 @ eb0b1414
#pragma once
#include<windows.h>
SAFEARRAY* GetChatRoomMembers(wchar_t* chatroomid);
\ No newline at end of file
SAFEARRAY* GetChatRoomMembers(DWORD pid,wchar_t* chatroomid);
\ No newline at end of file
CWeChatRobot/GetDbHandles.cpp
浏览文件 @ eb0b1414
......@@ -85,12 +85,18 @@ SAFEARRAY* CreateDbInfoSafeArray() {
return psaValue;
}
SAFEARRAY* GetDbHandles() {
SAFEARRAY* GetDbHandles(DWORD pid) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return NULL;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return NULL;
}
DWORD dwHandle = 0x0;
DWORD dwId = 0x0;
DWORD GetDbHandlesRemoteAddr = GetWeChatRobotBase() + GetDbHandlesRemoteOffset;
DWORD GetDbHandlesRemoteAddr = WeChatRobotBase + GetDbHandlesRemoteOffset;
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)GetDbHandlesRemoteAddr, NULL, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
......@@ -98,10 +104,13 @@ SAFEARRAY* GetDbHandles() {
CloseHandle(hThread);
}
else {
CloseHandle(hProcess);
return NULL;
}
if (!dwHandle)
if (!dwHandle) {
CloseHandle(hProcess);
return NULL;
}
while (1) {
DbInfoAddrStruct dbaddr = { 0 };
ReadProcessMemory(hProcess, (LPCVOID)dwHandle, &dbaddr, sizeof(DbInfoAddrStruct), 0);
......@@ -132,5 +141,6 @@ SAFEARRAY* GetDbHandles() {
dwHandle += sizeof(DbInfoAddrStruct);
}
SAFEARRAY* psaValue = CreateDbInfoSafeArray();
CloseHandle(hProcess);
return psaValue;
}
\ No newline at end of file
CWeChatRobot/GetDbHandles.h
浏览文件 @ eb0b1414
#pragma once
#include <windows.h>
SAFEARRAY* GetDbHandles();
\ No newline at end of file
SAFEARRAY* GetDbHandles(DWORD pid);
\ No newline at end of file
CWeChatRobot/HookImageMessage.cpp
浏览文件 @ eb0b1414
#include "pch.h"
BOOL HookImageMsg(wchar_t* savepath) {
BOOL HookImageMsg(DWORD pid,wchar_t* savepath) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase();
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
DWORD dwId = 0;
DWORD dwRet = 0x0;
LPVOID savepathaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
DWORD dwWriteSize = 0;
if (!savepathaddr)
if (!savepathaddr) {
CloseHandle(hProcess);
return 1;
}
WriteProcessMemory(hProcess, savepathaddr, savepath, wcslen(savepath) * 2 + 2, &dwWriteSize);
DWORD HookImageMsgRemoteAddr = WeChatRobotBase + HookImageMsgRemoteOffset;
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)HookImageMsgRemoteAddr, savepathaddr, 0, &dwId);
......@@ -19,17 +26,25 @@ BOOL HookImageMsg(wchar_t* savepath) {
CloseHandle(hThread);
}
VirtualFreeEx(hProcess, savepathaddr, 0, MEM_RELEASE);
CloseHandle(hProcess);
return dwRet == 0;
}
void UnHookImageMsg() {
void UnHookImageMsg(DWORD pid) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return;
}
DWORD dwId = 0x0;
DWORD UnHookImageMsgRemoteAddr = GetWeChatRobotBase() + UnHookImageMsgRemoteOffset;
DWORD UnHookImageMsgRemoteAddr = WeChatRobotBase + UnHookImageMsgRemoteOffset;
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)UnHookImageMsgRemoteAddr, NULL, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
CloseHandle(hThread);
}
CloseHandle(hProcess);
}
\ No newline at end of file
CWeChatRobot/HookVoiceMessage.cpp
浏览文件 @ eb0b1414
#include "pch.h"
BOOL HookVoiceMsg(wchar_t* savepath) {
BOOL HookVoiceMsg(DWORD pid,wchar_t* savepath) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase();
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
DWORD dwId = 0;
DWORD dwRet = 0x0;
LPVOID savepathaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
DWORD dwWriteSize = 0;
if (!savepathaddr)
if (!savepathaddr) {
CloseHandle(hProcess);
return 1;
}
WriteProcessMemory(hProcess, savepathaddr, savepath, wcslen(savepath) * 2 + 2, &dwWriteSize);
DWORD HookVoiceMsgRemoteAddr = WeChatRobotBase + HookVoiceMsgRemoteOffset;
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)HookVoiceMsgRemoteAddr, savepathaddr, 0, &dwId);
......@@ -19,17 +26,25 @@ BOOL HookVoiceMsg(wchar_t* savepath) {
CloseHandle(hThread);
}
VirtualFreeEx(hProcess, savepathaddr, 0, MEM_RELEASE);
CloseHandle(hProcess);
return dwRet == 0;
}
void UnHookVoiceMsg() {
void UnHookVoiceMsg(DWORD pid) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return;
}
DWORD dwId = 0x0;
DWORD UnHookVoiceMsgRemoteAddr = GetWeChatRobotBase() + UnHookVoiceMsgRemoteOffset;
DWORD UnHookVoiceMsgRemoteAddr = WeChatRobotBase + UnHookVoiceMsgRemoteOffset;
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)UnHookVoiceMsgRemoteAddr, NULL, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
CloseHandle(hThread);
}
CloseHandle(hProcess);
}
\ No newline at end of file
CWeChatRobot/InjectDll.cpp
浏览文件 @ eb0b1414
#include "pch.h"
bool InjectDll(DWORD dwId, WCHAR* szPath)//参数1:目标进程PID 参数2:DLL路径
{
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwId);
if (!hProcess)
return 1;
if (GetWeChatRobotBase() != 0) {
if (GetWeChatRobotBase(dwId) != 0) {
CloseHandle(hProcess);
return 0;
}
......@@ -16,6 +17,7 @@ bool InjectDll(DWORD dwId, WCHAR* szPath)//
WriteProcessMemory(hProcess, pRemoteAddress, szPath, wcslen(szPath) * 2 + 2, &dwWriteSize);
}
else {
CloseHandle(hProcess);
return 1;
}
......@@ -24,11 +26,12 @@ bool InjectDll(DWORD dwId, WCHAR* szPath)//
WaitForSingleObject(hThread, -1);
}
else {
VirtualFreeEx(hProcess, pRemoteAddress, 0, MEM_RELEASE);
CloseHandle(hProcess);
return 1;
}
CloseHandle(hThread);
VirtualFreeEx(hProcess, pRemoteAddress, 0, MEM_RELEASE);
CloseHandle(hProcess);
return 0;
}
......@@ -49,51 +52,36 @@ bool Inject(DWORD dwPid,wchar_t* workPath) {
}
BOOL RemoveDll(DWORD dwId) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwId);
if (!hProcess)
return 1;
LPVOID pRemoteAddress = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
DWORD dwWriteSize = 0;
HANDLE hThread = NULL;
DWORD dwHandle, dwID;
LPVOID pFunc = NULL;
if (pRemoteAddress)
WriteProcessMemory(hProcess, pRemoteAddress, dllname, wcslen(dllname) * 2 + 2, &dwWriteSize);
else {
return 1;
}
pFunc = GetModuleHandleW;
hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)pFunc, pRemoteAddress, 0, &dwID);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
GetExitCodeThread(hThread, &dwHandle);
}
else {
return 1;
}
CloseHandle(hThread);
if (!dwHandle) {
VirtualFreeEx(hProcess, pRemoteAddress, 0, MEM_RELEASE);
DWORD WeChatRobotBase = GetWeChatRobotBase(dwId);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return 0;
}
pFunc = FreeConsole;
hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)pFunc, NULL, 0, &dwID);
DWORD dwWriteSize = 0;
HANDLE hThread = NULL;
DWORD dwID = 0;
hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)FreeConsole, NULL, 0, &dwID);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
CloseHandle(hThread);
}
else {
CloseHandle(hProcess);
return 1;
}
CloseHandle(hThread);
pFunc = FreeLibrary;
hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)pFunc, (LPVOID)dwHandle, 0, &dwID);
hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)FreeLibrary, (LPVOID)WeChatRobotBase, 0, &dwID);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
CloseHandle(hThread);
}
else {
CloseHandle(hProcess);
return 1;
}
CloseHandle(hThread);
VirtualFreeEx(hProcess, pRemoteAddress, 0, MEM_RELEASE);
CloseHandle(hProcess);
return 0;
}
CWeChatRobot/ReceiveMessage.cpp
浏览文件 @ eb0b1414
#include "pch.h"
BOOL ReceiveMessageHooked = FALSE;
BOOL StartReceiveMessage(int port) {
if (!hProcess || ReceiveMessageHooked)
BOOL StartReceiveMessage(DWORD pid,int port) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase();
}
DWORD dwId = 0;
DWORD HookReceiveMessageAddr = WeChatRobotBase + HookReceiveMessageRemoteOffset;
......@@ -14,19 +17,24 @@ BOOL StartReceiveMessage(int port) {
WaitForSingleObject(hThread, INFINITE);
}
else {
CloseHandle(hProcess);
return 1;
}
CloseHandle(hThread);
ReceiveMessageHooked = TRUE;
CloseHandle(hProcess);
return 0;
}
BOOL StopReceiveMessage() {
if (!hProcess || !ReceiveMessageHooked) {
ReceiveMessageHooked = FALSE;
BOOL StopReceiveMessage(DWORD pid) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess) {
return 1;
}
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
DWORD WeChatRobotBase = GetWeChatRobotBase();
DWORD dwId = 0;
DWORD UnHookReceiveMessageAddr = WeChatRobotBase + UnHookReceiveMessageRemoteOffset;
......@@ -35,9 +43,10 @@ BOOL StopReceiveMessage() {
WaitForSingleObject(hThread, INFINITE);
}
else {
CloseHandle(hProcess);
return 1;
}
CloseHandle(hThread);
ReceiveMessageHooked = FALSE;
CloseHandle(hProcess);
return 0;
}
\ No newline at end of file
CWeChatRobot/ReceiveMessage.h
浏览文件 @ eb0b1414
#pragma once
#include<windows.h>
BOOL StartReceiveMessage(int port);
BOOL StopReceiveMessage();
BOOL StartReceiveMessage(DWORD pid,int port);
BOOL StopReceiveMessage(DWORD pid);
BOOL HookImageMsg(wchar_t* savepath);
BOOL HookVoiceMsg(wchar_t* savepath);
void UnHookImageMsg();
void UnHookVoiceMsg();
\ No newline at end of file
BOOL HookImageMsg(DWORD pid,wchar_t* savepath);
BOOL HookVoiceMsg(DWORD pid,wchar_t* savepath);
void UnHookImageMsg(DWORD pid);
void UnHookVoiceMsg(DWORD pid);
\ No newline at end of file
CWeChatRobot/RobotEvent.cpp
浏览文件 @ eb0b1414
......@@ -3,15 +3,27 @@
#include "pch.h"
#include "RobotEvent.h"
#define WX_MESSAGE 1
#define WX_LOG_MESSAGE 2
// CRobotEvent
STDMETHODIMP CRobotEvent::CPostMessage(VARIANT* msg, int* __result)
STDMETHODIMP CRobotEvent::CPostMessage(int msgtype,VARIANT* msg, int* __result)
{
// TODO: 在此处添加实现代码
// 将收到的消息广播给所有用户
Fire_OnGetMessageEvent(msg);
switch (msgtype) {
case WX_MESSAGE: {
Fire_OnGetMessageEvent(msg);
break;
}
case WX_LOG_MESSAGE:{
break;
}
default:
break;
}
*__result = 0;
return S_OK;
}
CWeChatRobot/RobotEvent.h
浏览文件 @ eb0b1414
......@@ -56,7 +56,7 @@ public:
STDMETHOD(CPostMessage)(VARIANT* msg, int* __result);
STDMETHOD(CPostMessage)(int msgtype,VARIANT* msg, int* __result);
};
OBJECT_ENTRY_AUTO(__uuidof(RobotEvent), CRobotEvent)
CWeChatRobot/SearchContact.h
浏览文件 @ eb0b1414
......@@ -2,5 +2,5 @@
#include <windows.h>
#include <iostream>
using namespace std;
std::wstring GetWxUserInfo(wchar_t* wxid);
SAFEARRAY* SearchContactByNet(wchar_t* keyword);
\ No newline at end of file
std::wstring GetWxUserInfo(DWORD pid,wchar_t* wxid);
SAFEARRAY* SearchContactByNet(DWORD pid,wchar_t* keyword);
\ No newline at end of file
CWeChatRobot/SearchContactByCache.cpp
浏览文件 @ eb0b1414
......@@ -5,11 +5,14 @@ struct GetUserInfoStruct {
DWORD length;
};
VOID DeleteUserInfoCache() {
if (!hProcess)
return;
VOID DeleteUserInfoCache(DWORD pid,HANDLE hProcess) {
DWORD dwId = 0;
DWORD DeleteUserInfoCacheProcAddr = GetWeChatRobotBase() + DeleteUserInfoCacheOffset;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return;
}
DWORD DeleteUserInfoCacheProcAddr = WeChatRobotBase + DeleteUserInfoCacheOffset;
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)DeleteUserInfoCacheProcAddr, NULL, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
......@@ -17,18 +20,26 @@ VOID DeleteUserInfoCache() {
}
}
std::wstring GetWxUserInfo(wchar_t* wxid) {
std::wstring GetWxUserInfo(DWORD pid,wchar_t* wxid) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return L"{}";
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return L"{}";
}
wstring WString = L"";
DWORD GetUserInfoProcAddr = GetWeChatRobotBase() + GetWxUserInfoOffset;
DWORD GetUserInfoProcAddr = WeChatRobotBase + GetWxUserInfoOffset;
LPVOID wxidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
DWORD dwWriteSize = 0;
DWORD dwId = 0;
DWORD dwHandle = 0;
GetUserInfoStruct userinfo = { 0 };
if (!wxidaddr)
if (!wxidaddr) {
CloseHandle(hProcess);
return L"{}";
}
WriteProcessMemory(hProcess, wxidaddr, wxid, wcslen(wxid) * 2 + 2, &dwWriteSize);
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)GetUserInfoProcAddr, wxidaddr, 0, &dwId);
if (hThread) {
......@@ -49,7 +60,8 @@ std::wstring GetWxUserInfo(wchar_t* wxid) {
}
VirtualFreeEx(hProcess, wxidaddr, 0, MEM_RELEASE);
DeleteUserInfoCache();
DeleteUserInfoCache(pid,hProcess);
CloseHandle(hProcess);
return WString;
}
CWeChatRobot/SearchContactByNet.cpp
浏览文件 @ eb0b1414
......@@ -109,7 +109,7 @@ static SAFEARRAY* CreateUserInfoArray() {
return psaValue;
}
static void ReadUserInfoFromMemory() {
static void ReadUserInfoFromMemory(HANDLE hProcess) {
userinfo.keyword = new wchar_t[userinfoaddr.l_keyword + 1];
ReadProcessMemory(hProcess, (LPCVOID)userinfoaddr.keyword, userinfo.keyword, (userinfoaddr.l_keyword + 1) * sizeof(wchar_t), 0);
userinfo.v3 = new wchar_t[userinfoaddr.l_v3 + 1];
......@@ -133,17 +133,25 @@ static void ReadUserInfoFromMemory() {
userinfo.sex = userinfoaddr.sex;
}
SAFEARRAY* SearchContactByNet(wchar_t* keyword) {
SAFEARRAY* SearchContactByNet(DWORD pid,wchar_t* keyword) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return NULL;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return NULL;
}
ClearUserInfoCache();
DWORD SearchContactByNetRemoteAddr = GetWeChatRobotBase() + SearchContactByNetRemoteOffset;
DWORD SearchContactByNetRemoteAddr = WeChatRobotBase + SearchContactByNetRemoteOffset;
LPVOID keywordaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
DWORD dwWriteSize = 0;
DWORD dwId = 0;
DWORD dwHandle = 0;
if (!keywordaddr)
if (!keywordaddr) {
CloseHandle(hProcess);
return NULL;
}
WriteProcessMemory(hProcess, keywordaddr, keyword, wcslen(keyword) * 2 + 2, &dwWriteSize);
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)SearchContactByNetRemoteAddr, keywordaddr, 0, &dwId);
if (hThread) {
......@@ -156,9 +164,11 @@ SAFEARRAY* SearchContactByNet(wchar_t* keyword) {
return NULL;
ReadProcessMemory(hProcess, (LPCVOID)dwHandle, &userinfoaddr, sizeof(UserInfoAddr), &dwWriteSize);
if (userinfoaddr.errcode == 0) {
ReadUserInfoFromMemory();
ReadUserInfoFromMemory(hProcess);
SAFEARRAY* psa = CreateUserInfoArray();
CloseHandle(hProcess);
return psa;
}
CloseHandle(hProcess);
return NULL;
}
\ No newline at end of file
CWeChatRobot/SelfInfo.cpp
浏览文件 @ eb0b1414
......@@ -5,11 +5,13 @@ struct GetSelfInfoStruct {
DWORD length;
};
VOID DeleteSelfInfoCache() {
if (!hProcess)
return;
VOID DeleteSelfInfoCache(DWORD pid,HANDLE hProcess) {
DWORD dwId = 0;
DWORD DeleteSelfInfoCacheProcAddr = GetWeChatRobotBase() + DeleteSelfInfoCacheOffset;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
return;
}
DWORD DeleteSelfInfoCacheProcAddr = WeChatRobotBase + DeleteSelfInfoCacheOffset;
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)DeleteSelfInfoCacheProcAddr, NULL, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
......@@ -17,13 +19,19 @@ VOID DeleteSelfInfoCache() {
}
}
std::wstring GetSelfInfo() {
if (!hProcess)
return L"{}";
std::wstring GetSelfInfo(DWORD pid) {
if (SelfInfoString.compare(L"")) {
return SelfInfoString;
}
DWORD GetSelfInfoProcAddr = GetWeChatRobotBase() + GetSelfInfoOffset;
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return L"{}";
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return L"{}";
}
DWORD GetSelfInfoProcAddr = WeChatRobotBase + GetSelfInfoOffset;
DWORD dwWriteSize = 0;
DWORD dwId = 0;
DWORD dwHandle = 0;
......@@ -45,14 +53,21 @@ std::wstring GetSelfInfo() {
wmessage = NULL;
}
DeleteSelfInfoCache();
DeleteSelfInfoCache(pid,hProcess);
CloseHandle(hProcess);
return SelfInfoString;
}
BOOL isWxLogin() {
BOOL isWxLogin(DWORD pid) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return false;
DWORD isWxLoginAddr = GetWeChatRobotBase() + isWxLoginOffset;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return false;
}
DWORD isWxLoginAddr = WeChatRobotBase + isWxLoginOffset;
DWORD dwId, dwRet = 0;
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)isWxLoginAddr, NULL, 0, &dwId);
if (hThread) {
......@@ -60,5 +75,6 @@ BOOL isWxLogin() {
GetExitCodeThread(hThread, &dwRet);
CloseHandle(hThread);
}
CloseHandle(hProcess);
return dwRet == 1;
}
\ No newline at end of file
CWeChatRobot/SelfInfo.h
浏览文件 @ eb0b1414
......@@ -2,5 +2,5 @@
#include <windows.h>
#include <iostream>
using namespace std;
std::wstring GetSelfInfo();
BOOL isWxLogin();
\ No newline at end of file
std::wstring GetSelfInfo(DWORD pid);
BOOL isWxLogin(DWORD pid);
\ No newline at end of file
CWeChatRobot/SendAppMsg.cpp
浏览文件 @ eb0b1414
......@@ -6,10 +6,15 @@ struct SendAppMsgStruct
DWORD appid;
};
BOOL SendAppMsg(wchar_t* wxid, wchar_t* appid) {
BOOL SendAppMsg(DWORD pid,wchar_t* wxid, wchar_t* appid) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase();
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
DWORD dwId = 0;
DWORD dwWriteSize = 0;
DWORD dwRet = 0x0;
......@@ -19,6 +24,7 @@ BOOL SendAppMsg(wchar_t* wxid, wchar_t* appid) {
LPVOID appidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
SendAppMsgStruct* paramAndFunc = (SendAppMsgStruct*)::VirtualAllocEx(hProcess, 0, sizeof(SendAppMsgStruct), MEM_COMMIT, PAGE_READWRITE);
if (!wxidaddr || !appidaddr || !paramAndFunc || !WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
......@@ -45,5 +51,6 @@ BOOL SendAppMsg(wchar_t* wxid, wchar_t* appid) {
VirtualFreeEx(hProcess, wxidaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, appidaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, paramAndFunc, 0, MEM_RELEASE);
CloseHandle(hProcess);
return dwRet == 0;
}
\ No newline at end of file
CWeChatRobot/SendAppMsg.h
浏览文件 @ eb0b1414
#pragma once
#include<windows.h>
BOOL SendAppMsg(wchar_t* wxid, wchar_t* appid);
\ No newline at end of file
BOOL SendAppMsg(DWORD pid,wchar_t* wxid, wchar_t* appid);
\ No newline at end of file
CWeChatRobot/SendArticle.cpp
浏览文件 @ eb0b1414
......@@ -8,11 +8,15 @@ struct SendArticleStruct {
DWORD imgpath;
};
BOOL SendArticle(wchar_t* wxid, wchar_t* title, wchar_t* abstract, wchar_t* url, wchar_t* imgpath) {
BOOL SendArticle(DWORD pid,wchar_t* wxid, wchar_t* title, wchar_t* abstract, wchar_t* url, wchar_t* imgpath) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase();
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
DWORD dwId = 0;
DWORD dwWriteSize = 0;
SendArticleStruct params;
......@@ -27,6 +31,7 @@ BOOL SendArticle(wchar_t* wxid, wchar_t* title, wchar_t* abstract, wchar_t* url,
if (!wxidaddr || !titleaddr || !abstractaddr || !urladdr || !imgaddr ||
!paramAndFunc || !WeChatRobotBase)
{
CloseHandle(hProcess);
return 1;
}
......@@ -59,5 +64,6 @@ BOOL SendArticle(wchar_t* wxid, wchar_t* title, wchar_t* abstract, wchar_t* url,
VirtualFreeEx(hProcess, urladdr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, imgaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, paramAndFunc, 0, MEM_RELEASE);
CloseHandle(hProcess);
return 0;
}
\ No newline at end of file
CWeChatRobot/SendArticle.h
浏览文件 @ eb0b1414
#pragma once
#include<windows.h>
BOOL SendArticle(wchar_t* wxid, wchar_t* title, wchar_t* abstract, wchar_t* url, wchar_t* imgpath);
\ No newline at end of file
BOOL SendArticle(DWORD pid,wchar_t* wxid, wchar_t* title, wchar_t* abstract, wchar_t* url, wchar_t* imgpath);
\ No newline at end of file
CWeChatRobot/SendAtText.cpp
浏览文件 @ eb0b1414
......@@ -9,10 +9,15 @@ struct SendAtTextStruct
DWORD AutoNickName;
};
int SendAtText(wchar_t* chatroomid, wchar_t* wxid, wchar_t* wxmsg,BOOL AutoNickName) {
int SendAtText(DWORD pid,wchar_t* chatroomid, wchar_t* wxid, wchar_t* wxmsg,BOOL AutoNickName) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase();
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
DWORD dwId = 0;
DWORD dwWriteSize = 0;
SendAtTextStruct params;
......@@ -22,6 +27,7 @@ int SendAtText(wchar_t* chatroomid, wchar_t* wxid, wchar_t* wxmsg,BOOL AutoNickN
LPVOID wxmsgaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
SendAtTextStruct* paramAndFunc = (SendAtTextStruct*)::VirtualAllocEx(hProcess, 0, sizeof(SendAtTextStruct), MEM_COMMIT, PAGE_READWRITE);
if (!chatroomidaddr || !wxidaddr || !wxmsgaddr || !paramAndFunc || !WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
DWORD dwTId = 0;
......@@ -42,12 +48,10 @@ int SendAtText(wchar_t* chatroomid, wchar_t* wxid, wchar_t* wxmsg,BOOL AutoNickN
params.AutoNickName = AutoNickName;
if (paramAndFunc) {
if (!::WriteProcessMemory(hProcess, paramAndFunc, &params, sizeof(SendAtTextStruct), &dwTId))
{
return 1;
}
WriteProcessMemory(hProcess, paramAndFunc, &params, sizeof(SendAtTextStruct), &dwTId);
}
else {
CloseHandle(hProcess);
return 1;
}
......@@ -57,6 +61,7 @@ int SendAtText(wchar_t* chatroomid, wchar_t* wxid, wchar_t* wxmsg,BOOL AutoNickN
WaitForSingleObject(hThread, INFINITE);
}
else {
CloseHandle(hProcess);
return 1;
}
CloseHandle(hThread);
......@@ -64,12 +69,11 @@ int SendAtText(wchar_t* chatroomid, wchar_t* wxid, wchar_t* wxmsg,BOOL AutoNickN
VirtualFreeEx(hProcess, wxidaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, wxmsgaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, paramAndFunc, 0, MEM_RELEASE);
CloseHandle(hProcess);
return 0;
}
BOOL SendAtText(wchar_t* chatroomid, SAFEARRAY* psaValue, wchar_t* wxmsg,BOOL AutoNickName) {
if (!hProcess)
return 1;
BOOL SendAtText(DWORD pid,wchar_t* chatroomid, SAFEARRAY* psaValue, wchar_t* wxmsg,BOOL AutoNickName) {
VARIANT rgvar;
rgvar.vt = VT_BSTR;
HRESULT hr = S_OK;
......@@ -79,18 +83,26 @@ BOOL SendAtText(wchar_t* chatroomid, SAFEARRAY* psaValue, wchar_t* wxmsg,BOOL Au
VariantInit(&rgvar);
long pIndex = 0;
hr = SafeArrayGetElement(psaValue, &pIndex, &rgvar);
return SendAtText(chatroomid, rgvar.bstrVal, wxmsg,AutoNickName);
return SendAtText(pid,chatroomid, rgvar.bstrVal, wxmsg,AutoNickName);
}
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
vector<void*> wxidptrs;
DWORD dwWriteSize = 0;
DWORD dwTId = 0; DWORD dwId = 0;
DWORD WeChatRobotBase = GetWeChatRobotBase();
SendAtTextStruct params = { 0 };
LPVOID chatroomidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
LPVOID wxidptrsaddr = VirtualAllocEx(hProcess, NULL, sizeof(void*) * cElements, MEM_COMMIT, PAGE_READWRITE);
LPVOID wxmsgaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
SendAtTextStruct* paramAndFunc = (SendAtTextStruct*)::VirtualAllocEx(hProcess, 0, sizeof(SendAtTextStruct), MEM_COMMIT, PAGE_READWRITE);
if (!chatroomidaddr || !wxidptrsaddr || !wxmsgaddr || !paramAndFunc || !WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
for (long i = lLbound; i < lLbound + cElements; i++) {
......@@ -120,6 +132,7 @@ BOOL SendAtText(wchar_t* chatroomid, SAFEARRAY* psaValue, wchar_t* wxmsg,BOOL Au
WriteProcessMemory(hProcess, paramAndFunc, &params, sizeof(SendAtTextStruct), &dwTId);
}
else {
CloseHandle(hProcess);
return 1;
}
DWORD SendAtTextRemoteAddr = WeChatRobotBase + SendAtTextOffset;
......@@ -128,6 +141,7 @@ BOOL SendAtText(wchar_t* chatroomid, SAFEARRAY* psaValue, wchar_t* wxmsg,BOOL Au
WaitForSingleObject(hThread, INFINITE);
}
else {
CloseHandle(hProcess);
return 1;
}
CloseHandle(hThread);
......@@ -138,5 +152,6 @@ BOOL SendAtText(wchar_t* chatroomid, SAFEARRAY* psaValue, wchar_t* wxmsg,BOOL Au
VirtualFreeEx(hProcess, wxmsgaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, wxidptrsaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, paramAndFunc, 0, MEM_RELEASE);
CloseHandle(hProcess);
return 0;
}
\ No newline at end of file
CWeChatRobot/SendAtText.h
浏览文件 @ eb0b1414
#pragma once
#include<windows.h>
int SendAtText(wchar_t* chatroomid, wchar_t* wxid, wchar_t* wxmsg,BOOL AutoNickName);
int SendAtText(wchar_t* chatroomid, SAFEARRAY* wxid, wchar_t* wxmsg,BOOL AutoNickName);
\ No newline at end of file
int SendAtText(DWORD pid,wchar_t* chatroomid, wchar_t* wxid, wchar_t* wxmsg,BOOL AutoNickName);
int SendAtText(DWORD pid,wchar_t* chatroomid, SAFEARRAY* wxid, wchar_t* wxmsg,BOOL AutoNickName);
\ No newline at end of file
CWeChatRobot/SendCard.cpp
浏览文件 @ eb0b1414
......@@ -6,10 +6,15 @@ struct SendCardStruct {
DWORD nickname;
};
BOOL SendCard(wchar_t* receiver, wchar_t* sharedwxid, wchar_t* nickname) {
BOOL SendCard(DWORD pid,wchar_t* receiver, wchar_t* sharedwxid, wchar_t* nickname) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase();
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
DWORD dwId = 0;
DWORD dwWriteSize = 0;
SendCardStruct params;
......@@ -22,6 +27,7 @@ BOOL SendCard(wchar_t* receiver, wchar_t* sharedwxid, wchar_t* nickname) {
if (!receiveraddr || !sharedwxidaddr || !nicknameaddr ||
!paramAndFunc || !WeChatRobotBase)
{
CloseHandle(hProcess);
return 1;
}
if (receiveraddr)
......@@ -45,5 +51,6 @@ BOOL SendCard(wchar_t* receiver, wchar_t* sharedwxid, wchar_t* nickname) {
VirtualFreeEx(hProcess, sharedwxidaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, nicknameaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, paramAndFunc, 0, MEM_RELEASE);
CloseHandle(hProcess);
return 0;
}
\ No newline at end of file
CWeChatRobot/SendCard.h
浏览文件 @ eb0b1414
#pragma once
#include<windows.h>
BOOL SendCard(wchar_t* receiver, wchar_t* sharedwxid, wchar_t* nickname);
\ No newline at end of file
BOOL SendCard(DWORD pid,wchar_t* receiver, wchar_t* sharedwxid, wchar_t* nickname);
\ No newline at end of file
CWeChatRobot/SendFile.cpp
浏览文件 @ eb0b1414
......@@ -5,10 +5,15 @@ struct FileParamStruct {
DWORD filepath;
};
int SendFile(wchar_t* wxid, wchar_t* filepath) {
int SendFile(DWORD pid,wchar_t* wxid, wchar_t* filepath) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase();
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
DWORD dwId = 0;
DWORD dwWriteSize = 0;
FileParamStruct params;
......@@ -17,6 +22,7 @@ int SendFile(wchar_t* wxid, wchar_t* filepath) {
LPVOID filepathaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
FileParamStruct* paramAndFunc = (FileParamStruct*)::VirtualAllocEx(hProcess, 0, sizeof(FileParamStruct), MEM_COMMIT, PAGE_READWRITE);
if (!wxidaddr || !filepathaddr || !paramAndFunc || !WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
DWORD dwTId = 0;
......@@ -31,12 +37,10 @@ int SendFile(wchar_t* wxid, wchar_t* filepath) {
params.filepath = (DWORD)filepathaddr;
if (paramAndFunc) {
if (!::WriteProcessMemory(hProcess, paramAndFunc, &params, sizeof(params), &dwTId))
{
return 1;
}
WriteProcessMemory(hProcess, paramAndFunc, &params, sizeof(params), &dwTId);
}
else {
CloseHandle(hProcess);
return 1;
}
......@@ -46,11 +50,13 @@ int SendFile(wchar_t* wxid, wchar_t* filepath) {
WaitForSingleObject(hThread, INFINITE);
}
else {
CloseHandle(hProcess);
return 1;
}
CloseHandle(hThread);
VirtualFreeEx(hProcess, wxidaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, filepathaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, paramAndFunc, 0, MEM_RELEASE);
CloseHandle(hProcess);
return 0;
}
CWeChatRobot/SendFile.h
浏览文件 @ eb0b1414
#pragma once
#include<windows.h>
int SendFile(wchar_t* wxid, wchar_t* filepath);
\ No newline at end of file
int SendFile(DWORD pid,wchar_t* wxid, wchar_t* filepath);
\ No newline at end of file
CWeChatRobot/SendImage.cpp
浏览文件 @ eb0b1414
......@@ -5,10 +5,15 @@ struct ImageParamStruct {
DWORD imagepath;
};
int SendImage(wchar_t* wxid, wchar_t* imagepath) {
int SendImage(DWORD pid,wchar_t* wxid, wchar_t* imagepath) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase();
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
DWORD dwId = 0;
DWORD dwWriteSize = 0;
ImageParamStruct params;
......@@ -17,6 +22,7 @@ int SendImage(wchar_t* wxid, wchar_t* imagepath) {
LPVOID imagepathaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
ImageParamStruct* paramAndFunc = (ImageParamStruct*)::VirtualAllocEx(hProcess, 0, sizeof(ImageParamStruct), MEM_COMMIT, PAGE_READWRITE);
if (!wxidaddr || !imagepathaddr || !paramAndFunc || !WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
DWORD dwTId = 0;
......@@ -31,12 +37,10 @@ int SendImage(wchar_t* wxid, wchar_t* imagepath) {
params.imagepath = (DWORD)imagepathaddr;
if (paramAndFunc) {
if (!::WriteProcessMemory(hProcess, paramAndFunc, &params, sizeof(params), &dwTId))
{
return 1;
}
WriteProcessMemory(hProcess, paramAndFunc, &params, sizeof(params), &dwTId);
}
else {
CloseHandle(hProcess);
return 1;
}
......@@ -46,11 +50,13 @@ int SendImage(wchar_t* wxid, wchar_t* imagepath) {
WaitForSingleObject(hThread, INFINITE);
}
else {
CloseHandle(hProcess);
return 1;
}
CloseHandle(hThread);
VirtualFreeEx(hProcess, wxidaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, imagepathaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, paramAndFunc, 0, MEM_RELEASE);
CloseHandle(hProcess);
return 0;
}
CWeChatRobot/SendImage.h
浏览文件 @ eb0b1414
#pragma once
#include<windows.h>
int SendImage(wchar_t* wxid, wchar_t* imagepath);
\ No newline at end of file
int SendImage(DWORD pid,wchar_t* wxid, wchar_t* imagepath);
\ No newline at end of file
CWeChatRobot/SendText.cpp
浏览文件 @ eb0b1414
......@@ -6,10 +6,15 @@ struct SendTextStruct
DWORD wxmsg;
};
int SendText(wchar_t* wxid, wchar_t* wxmsg) {
int SendText(DWORD pid,wchar_t* wxid, wchar_t* wxmsg) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase();
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
DWORD dwId = 0;
DWORD dwWriteSize = 0;
SendTextStruct params;
......@@ -18,6 +23,7 @@ int SendText(wchar_t* wxid, wchar_t* wxmsg) {
LPVOID wxmsgaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
SendTextStruct* paramAndFunc = (SendTextStruct*)::VirtualAllocEx(hProcess, 0, sizeof(SendTextStruct), MEM_COMMIT, PAGE_READWRITE);
if (!wxidaddr || !wxmsgaddr || !paramAndFunc || !WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
DWORD dwTId = 0;
......@@ -32,12 +38,10 @@ int SendText(wchar_t* wxid, wchar_t* wxmsg) {
params.wxmsg = (DWORD)wxmsgaddr;
if (paramAndFunc) {
if (!::WriteProcessMemory(hProcess, paramAndFunc, &params, sizeof(params), &dwTId))
{
return 1;
}
WriteProcessMemory(hProcess, paramAndFunc, &params, sizeof(params), &dwTId);
}
else {
CloseHandle(hProcess);
return 1;
}
......@@ -47,11 +51,13 @@ int SendText(wchar_t* wxid, wchar_t* wxmsg) {
WaitForSingleObject(hThread, INFINITE);
}
else {
CloseHandle(hProcess);
return 1;
}
CloseHandle(hThread);
VirtualFreeEx(hProcess, wxidaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, wxmsgaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, paramAndFunc, 0, MEM_RELEASE);
CloseHandle(hProcess);
return 0;
}
\ No newline at end of file
CWeChatRobot/SendText.h
浏览文件 @ eb0b1414
#pragma once
#include<windows.h>
int SendText(wchar_t* wxid, wchar_t* wxmsg);
int SendText(DWORD pid,wchar_t* wxid, wchar_t* wxmsg);
CWeChatRobot/SetChatRoomAnnouncement.cpp
浏览文件 @ eb0b1414
......@@ -6,10 +6,15 @@ struct ChatRoomAnnouncementStruct
DWORD announcement;
};
BOOL SetChatRoomAnnouncement(wchar_t* chatroomid, wchar_t* announcement) {
BOOL SetChatRoomAnnouncement(DWORD pid,wchar_t* chatroomid, wchar_t* announcement) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase();
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
DWORD dwId = 0;
DWORD dwWriteSize = 0;
DWORD dwRet = 0;
......@@ -19,6 +24,7 @@ BOOL SetChatRoomAnnouncement(wchar_t* chatroomid, wchar_t* announcement) {
LPVOID announcementaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
ChatRoomAnnouncementStruct* paramAndFunc = (ChatRoomAnnouncementStruct*)::VirtualAllocEx(hProcess, 0, sizeof(ChatRoomAnnouncementStruct), MEM_COMMIT, PAGE_READWRITE);
if (!chatroomidaddr || !announcementaddr || !paramAndFunc) {
CloseHandle(hProcess);
return 1;
}
DWORD dwTId = 0;
......@@ -36,6 +42,7 @@ BOOL SetChatRoomAnnouncement(wchar_t* chatroomid, wchar_t* announcement) {
WriteProcessMemory(hProcess, paramAndFunc, &params, sizeof(params), &dwTId);
}
else {
CloseHandle(hProcess);
return 1;
}
......@@ -47,10 +54,12 @@ BOOL SetChatRoomAnnouncement(wchar_t* chatroomid, wchar_t* announcement) {
CloseHandle(hThread);
}
else {
CloseHandle(hProcess);
return 1;
}
VirtualFreeEx(hProcess, chatroomidaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, announcementaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, paramAndFunc, 0, MEM_RELEASE);
CloseHandle(hProcess);
return dwRet == 0;
}
\ No newline at end of file
CWeChatRobot/SetChatRoomAnnouncement.h
浏览文件 @ eb0b1414
#pragma once
#include<windows.h>
BOOL SetChatRoomAnnouncement(wchar_t* chatroomid, wchar_t* announcement);
\ No newline at end of file
BOOL SetChatRoomAnnouncement(DWORD pid,wchar_t* chatroomid, wchar_t* announcement);
\ No newline at end of file
CWeChatRobot/SetChatRoomName.cpp
浏览文件 @ eb0b1414
......@@ -6,10 +6,15 @@ struct ChatRoomNameStruct
DWORD name;
};
BOOL SetChatRoomName(wchar_t* chatroomid, wchar_t* name) {
BOOL SetChatRoomName(DWORD pid,wchar_t* chatroomid, wchar_t* name) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase();
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
DWORD dwId = 0;
DWORD dwWriteSize = 0;
DWORD dwRet = 0;
......@@ -19,6 +24,7 @@ BOOL SetChatRoomName(wchar_t* chatroomid, wchar_t* name) {
LPVOID nameaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
ChatRoomNameStruct* paramAndFunc = (ChatRoomNameStruct*)::VirtualAllocEx(hProcess, 0, sizeof(ChatRoomNameStruct), MEM_COMMIT, PAGE_READWRITE);
if (!chatroomidaddr || !nameaddr || !paramAndFunc) {
CloseHandle(hProcess);
return 1;
}
DWORD dwTId = 0;
......@@ -36,6 +42,7 @@ BOOL SetChatRoomName(wchar_t* chatroomid, wchar_t* name) {
WriteProcessMemory(hProcess, paramAndFunc, &params, sizeof(params), &dwTId);
}
else {
CloseHandle(hProcess);
return 1;
}
......@@ -47,10 +54,12 @@ BOOL SetChatRoomName(wchar_t* chatroomid, wchar_t* name) {
CloseHandle(hThread);
}
else {
CloseHandle(hProcess);
return 1;
}
VirtualFreeEx(hProcess, chatroomidaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, nameaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, paramAndFunc, 0, MEM_RELEASE);
CloseHandle(hProcess);
return dwRet == 0;
}
\ No newline at end of file
CWeChatRobot/SetChatRoomName.h
浏览文件 @ eb0b1414
#pragma once
#include<windows.h>
BOOL SetChatRoomName(wchar_t* chatroomid, wchar_t* name);
\ No newline at end of file
BOOL SetChatRoomName(DWORD pid,wchar_t* chatroomid, wchar_t* name);
\ No newline at end of file
CWeChatRobot/SetChatRoomSelfNickname.cpp
浏览文件 @ eb0b1414
......@@ -6,10 +6,15 @@ struct ChatRoomSelfNicknameStruct
DWORD nickname;
};
BOOL SetChatRoomSelfNickname(wchar_t* chatroomid, wchar_t* nickname) {
BOOL SetChatRoomSelfNickname(DWORD pid,wchar_t* chatroomid, wchar_t* nickname) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase();
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
DWORD dwId = 0;
DWORD dwWriteSize = 0;
DWORD dwRet = 0;
......@@ -19,6 +24,7 @@ BOOL SetChatRoomSelfNickname(wchar_t* chatroomid, wchar_t* nickname) {
LPVOID nicknameaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
ChatRoomSelfNicknameStruct* paramAndFunc = (ChatRoomSelfNicknameStruct*)::VirtualAllocEx(hProcess, 0, sizeof(ChatRoomSelfNicknameStruct), MEM_COMMIT, PAGE_READWRITE);
if (!chatroomidaddr || !nicknameaddr || !paramAndFunc) {
CloseHandle(hProcess);
return 1;
}
DWORD dwTId = 0;
......@@ -36,6 +42,7 @@ BOOL SetChatRoomSelfNickname(wchar_t* chatroomid, wchar_t* nickname) {
WriteProcessMemory(hProcess, paramAndFunc, &params, sizeof(params), &dwTId);
}
else {
CloseHandle(hProcess);
return 1;
}
......@@ -47,10 +54,12 @@ BOOL SetChatRoomSelfNickname(wchar_t* chatroomid, wchar_t* nickname) {
CloseHandle(hThread);
}
else {
CloseHandle(hProcess);
return 1;
}
VirtualFreeEx(hProcess, chatroomidaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, nicknameaddr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, paramAndFunc, 0, MEM_RELEASE);
CloseHandle(hProcess);
return dwRet == 0;
}
\ No newline at end of file
CWeChatRobot/SetChatRoomSelfNickname.h
浏览文件 @ eb0b1414
#pragma once
#include<windows.h>
BOOL SetChatRoomSelfNickname(wchar_t* chatroomid, wchar_t* nickname);
\ No newline at end of file
BOOL SetChatRoomSelfNickname(DWORD pid,wchar_t* chatroomid, wchar_t* nickname);
\ No newline at end of file
CWeChatRobot/VerifyFriendApply.cpp
浏览文件 @ eb0b1414
......@@ -5,18 +5,26 @@ struct VerifyFriendApplyStruct {
DWORD v4;
};
BOOL VerifyFriendApply(wchar_t* v3,wchar_t* v4) {
BOOL VerifyFriendApply(DWORD pid,wchar_t* v3,wchar_t* v4) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return 0;
DWORD VerifyFriendApplyProcAddr = GetWeChatRobotBase() + VerifyFriendApplyOffset;
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
DWORD VerifyFriendApplyProcAddr = WeChatRobotBase + VerifyFriendApplyOffset;
LPVOID v3addr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
LPVOID v4addr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
DWORD dwWriteSize = 0;
DWORD dwId = 0;
DWORD dwHandle = 0;
VerifyFriendApplyStruct apply_data = { 0 };
if (!v3addr || !v4addr)
return 0;
if (!v3addr || !v4addr) {
CloseHandle(hProcess);
return 1;
}
WriteProcessMemory(hProcess, v3addr, v3, wcslen(v3) * 2 + 2, &dwWriteSize);
WriteProcessMemory(hProcess, v4addr, v4, wcslen(v4) * 2 + 2, &dwWriteSize);
VerifyFriendApplyStruct* paramAndFunc = (VerifyFriendApplyStruct*)::VirtualAllocEx(hProcess, 0, sizeof(VerifyFriendApplyStruct), MEM_COMMIT, PAGE_READWRITE);
......@@ -25,9 +33,10 @@ BOOL VerifyFriendApply(wchar_t* v3,wchar_t* v4) {
if (paramAndFunc)
WriteProcessMemory(hProcess, paramAndFunc, &apply_data, sizeof(apply_data), &dwId);
else
else {
CloseHandle(hProcess);
return 1;
}
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)VerifyFriendApplyProcAddr, paramAndFunc, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
......@@ -38,5 +47,6 @@ BOOL VerifyFriendApply(wchar_t* v3,wchar_t* v4) {
VirtualFreeEx(hProcess, v3addr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, v4addr, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, paramAndFunc, 0, MEM_RELEASE);
return dwHandle;
CloseHandle(hProcess);
return dwHandle == 0;
}
\ No newline at end of file
CWeChatRobot/VerifyFriendApply.h
浏览文件 @ eb0b1414
......@@ -3,4 +3,4 @@
#include<iostream>
using namespace std;
BOOL VerifyFriendApply(wchar_t* v3,wchar_t* v4);
\ No newline at end of file
BOOL VerifyFriendApply(DWORD pid,wchar_t* v3,wchar_t* v4);
\ No newline at end of file
CWeChatRobot/WeChatRobot.cpp
浏览文件 @ eb0b1414
......@@ -6,140 +6,153 @@
// CWeChatRobot
/*
* 参数0:目标进程pid
* 参数1:预返回的值,调用时无需提供
*/
STDMETHODIMP CWeChatRobot::CStartRobotService(int* __result) {
*__result = StartRobotService();
STDMETHODIMP CWeChatRobot::CStartRobotService(DWORD pid, int* __result) {
*__result = StartRobotService(pid);
return S_OK;
}
/*
* 参数0:目标进程pid
* 参数1:预返回的值,调用时无需提供
*/
STDMETHODIMP CWeChatRobot::CStopRobotService(int* __result) {
*__result = StopRobotService();
STDMETHODIMP CWeChatRobot::CStopRobotService(DWORD pid, int* __result) {
*__result = StopRobotService(pid);
return S_OK;
}
/*
* 参数0:目标进程pid
* 参数1:接收人wxid
* 参数2:文本消息内容
* 参数3:预返回的值,调用时无需提供
*/
STDMETHODIMP CWeChatRobot::CSendText(BSTR wxid, BSTR wxmsg, int* __result) {
*__result = SendText(wxid, wxmsg);
STDMETHODIMP CWeChatRobot::CSendText(DWORD pid, BSTR wxid, BSTR wxmsg, int* __result) {
*__result = SendText(pid,wxid, wxmsg);
return S_OK;
}
/*
* 参数0:目标进程pid
* 参数1:群聊id
* 参数2:艾特的人wxid
* 参数3:文本消息内容
* 参数4:预返回的值,调用时无需提供
*/
STDMETHODIMP CWeChatRobot::CSendAtText(BSTR chatroomid, VARIANT* wxid, BSTR wxmsg, BOOL AutoNickName, int* __result) {
STDMETHODIMP CWeChatRobot::CSendAtText(DWORD pid, BSTR chatroomid, VARIANT* wxid, BSTR wxmsg, BOOL AutoNickName, int* __result) {
*__result = 0;
if (wxid->vt == VT_BSTR) {
*__result = SendAtText(chatroomid, wxid->bstrVal, wxmsg, AutoNickName);
*__result = SendAtText(pid, chatroomid, wxid->bstrVal, wxmsg, AutoNickName);
}
else if (wxid->vt == (VT_ARRAY | VT_VARIANT)) {
SAFEARRAY* psaValue = wxid->parray;
*__result = SendAtText(chatroomid, psaValue, wxmsg, AutoNickName);
*__result = SendAtText(pid, chatroomid, psaValue, wxmsg, AutoNickName);
}
return S_OK;
}
/*
* 参数0:目标进程pid
* 参数1:接收人wxid
* 参数2:图片绝对路径
* 参数3:预返回的值,调用时无需提供
*/
STDMETHODIMP CWeChatRobot::CSendImage(BSTR wxid, BSTR imagepath, int* __result) {
*__result = SendImage(wxid, imagepath);
STDMETHODIMP CWeChatRobot::CSendImage(DWORD pid, BSTR wxid, BSTR imagepath, int* __result) {
*__result = SendImage(pid, wxid, imagepath);
return S_OK;
}
/*
* 参数0:目标进程pid
* 参数1:接收人wxid
* 参数2:文件绝对路径
* 参数3:预返回的值,调用时无需提供
*/
STDMETHODIMP CWeChatRobot::CSendFile(BSTR wxid, BSTR filepath, int* __result) {
*__result = SendFile(wxid, filepath);
STDMETHODIMP CWeChatRobot::CSendFile(DWORD pid, BSTR wxid, BSTR filepath, int* __result) {
*__result = SendFile(pid, wxid, filepath);
return S_OK;
}
/*
* 参数0:目标进程pid
* 参数1:接收人wxid
* 参数2:文章标题
* 参数3:文章摘要
* 参数4:文章链接
* 参数5:预返回的值,调用时无需提供
*/
STDMETHODIMP CWeChatRobot::CSendArticle(BSTR wxid, BSTR title,BSTR abstract,BSTR url, BSTR imgpath, int* __result) {
*__result = SendArticle(wxid, title,abstract,url,imgpath);
STDMETHODIMP CWeChatRobot::CSendArticle(DWORD pid, BSTR wxid, BSTR title,BSTR abstract,BSTR url, BSTR imgpath, int* __result) {
*__result = SendArticle(pid, wxid, title,abstract,url,imgpath);
return S_OK;
}
/*
* 参数0:目标进程pid
* 参数1:接收人wxid
* 参数2:被分享人wxid
* 参数3:显示的名字
* 参数4:预返回的值,调用时无需提供
*/
STDMETHODIMP CWeChatRobot::CSendCard(BSTR receiver, BSTR sharedwxid, BSTR nickname, int* __result) {
*__result = SendCard(receiver, sharedwxid, nickname);
STDMETHODIMP CWeChatRobot::CSendCard(DWORD pid, BSTR receiver, BSTR sharedwxid, BSTR nickname, int* __result) {
*__result = SendCard(pid, receiver, sharedwxid, nickname);
return S_OK;
}
/*
* 参数0:目标进程pid
* 参数1:预返回的值,调用时无需提供
* 返回一个三维数组,python的comtypes包会将其解析为元组
*/
STDMETHODIMP CWeChatRobot::CGetFriendList(VARIANT* __result) {
STDMETHODIMP CWeChatRobot::CGetFriendList(DWORD pid, VARIANT* __result) {
VARIANT vsaValue;
vsaValue.vt = VT_ARRAY | VT_VARIANT;
V_ARRAY(&vsaValue) = GetFriendList();
V_ARRAY(&vsaValue) = GetFriendList(pid);
*__result = vsaValue;
return S_OK;
}
/*
* 参数0:目标进程pid
* 参数1:预返回的值,调用时无需提供
返回构造好的json串,在反序列化时需考虑好友信息中是否存在json字符
(考虑到从SAFEARRAY转换到适当变量可能较为繁琐,故保留此接口)
*/
STDMETHODIMP CWeChatRobot::CGetFriendListString(BSTR* __result) {
string smessage = _com_util::ConvertBSTRToString((BSTR)(GetFriendListString().c_str()));
STDMETHODIMP CWeChatRobot::CGetFriendListString(DWORD pid, BSTR* __result) {
string smessage = _com_util::ConvertBSTRToString((BSTR)(GetFriendListString(pid).c_str()));
*__result = _com_util::ConvertStringToBSTR(smessage.c_str());
return S_OK;
}
/*
* 参数0:目标进程pid
* 参数1:要查询的wxid
* 参数2:预返回的值,调用时无需提供
*/
STDMETHODIMP CWeChatRobot::CGetWxUserInfo(BSTR wxid,BSTR* __result) {
string smessage = _com_util::ConvertBSTRToString((BSTR)(GetWxUserInfo(wxid).c_str()));
STDMETHODIMP CWeChatRobot::CGetWxUserInfo(DWORD pid, BSTR wxid,BSTR* __result) {
string smessage = _com_util::ConvertBSTRToString((BSTR)(GetWxUserInfo(pid, wxid).c_str()));
*__result = _com_util::ConvertStringToBSTR(smessage.c_str());
return S_OK;
}
/*
* 参数0:目标进程pid
* 参数1:预返回的值,调用时无需提供
*/
STDMETHODIMP CWeChatRobot::CGetSelfInfo(BSTR* __result) {
string smessage = _com_util::ConvertBSTRToString((BSTR)(GetSelfInfo().c_str()));
STDMETHODIMP CWeChatRobot::CGetSelfInfo(DWORD pid, BSTR* __result) {
string smessage = _com_util::ConvertBSTRToString((BSTR)(GetSelfInfo(pid).c_str()));
*__result = _com_util::ConvertStringToBSTR(smessage.c_str());
return S_OK;
}
/*
* 参数0:目标进程pid
* 参数1:查询的wxid
* 参数2:预返回的值,调用时无需提供
*/
STDMETHODIMP CWeChatRobot::CCheckFriendStatus(BSTR wxid,int* __result) {
*__result = CheckFriendStatus((wchar_t*)wxid);
STDMETHODIMP CWeChatRobot::CCheckFriendStatus(DWORD pid, BSTR wxid,int* __result) {
*__result = CheckFriendStatus(pid, (wchar_t*)wxid);
return S_OK;
}
......@@ -153,99 +166,109 @@ STDMETHODIMP CWeChatRobot::CGetComWorkPath(BSTR* __result) {
}
/*
* 参数0:目标进程pid
* 参数1:预返回的值,调用时无需提供
*/
STDMETHODIMP CWeChatRobot::CStartReceiveMessage(int port,int* __result) {
*__result = StartReceiveMessage(port);
STDMETHODIMP CWeChatRobot::CStartReceiveMessage(DWORD pid, int port,int* __result) {
*__result = StartReceiveMessage(pid, port);
return S_OK;
}
/*
* 参数0:目标进程pid
* 参数1:预返回的值,调用时无需提供
*/
STDMETHODIMP CWeChatRobot::CStopReceiveMessage(int* __result) {
*__result = StopReceiveMessage();
STDMETHODIMP CWeChatRobot::CStopReceiveMessage(DWORD pid, int* __result) {
*__result = StopReceiveMessage(pid);
return S_OK;
}
/*
* 参数0:目标进程pid
* 参数1:群聊ID
* 参数2:预返回的值,调用时无需提供
*/
STDMETHODIMP CWeChatRobot::CGetChatRoomMembers(BSTR chatroomid,VARIANT* __result) {
STDMETHODIMP CWeChatRobot::CGetChatRoomMembers(DWORD pid, BSTR chatroomid,VARIANT* __result) {
VARIANT vsaValue;
vsaValue.vt = VT_ARRAY | VT_VARIANT;
V_ARRAY(&vsaValue) = GetChatRoomMembers(chatroomid);
V_ARRAY(&vsaValue) = GetChatRoomMembers(pid, chatroomid);
*__result = vsaValue;
return S_OK;
}
/*
* 参数0:目标进程pid
* 参数1:预返回的值,调用时无需提供
*/
STDMETHODIMP CWeChatRobot::CGetDbHandles(VARIANT* __result) {
STDMETHODIMP CWeChatRobot::CGetDbHandles(DWORD pid, VARIANT* __result) {
VARIANT vsaValue;
vsaValue.vt = VT_ARRAY | VT_VARIANT;
V_ARRAY(&vsaValue) = GetDbHandles();
V_ARRAY(&vsaValue) = GetDbHandles(pid);
*__result = vsaValue;
return S_OK;
}
/*
* 参数0:目标进程pid
* 参数1:数据库句柄
* 参数2:要执行的SQL语句
* 参数3:预返回的值,调用时无需提供
*/
STDMETHODIMP CWeChatRobot::CExecuteSQL(DWORD DbHandle,BSTR sql,VARIANT* __result) {
STDMETHODIMP CWeChatRobot::CExecuteSQL(DWORD pid, DWORD DbHandle,BSTR sql,VARIANT* __result) {
VARIANT vsaValue;
vsaValue.vt = VT_ARRAY | VT_VARIANT;
V_ARRAY(&vsaValue) = ExecuteSQL(DbHandle, sql);
V_ARRAY(&vsaValue) = ExecuteSQL(pid, DbHandle, sql);
*__result = vsaValue;
return S_OK;
}
/*
* 参数0:目标进程pid
* 参数1:数据库句柄
* 参数2:备份保存路径
* 参数3:预返回的值,调用时无需提供
*/
STDMETHODIMP CWeChatRobot::CBackupSQLiteDB(DWORD DbHandle, BSTR savepath, int* __result) {
*__result = BackupSQLiteDB(DbHandle, savepath);
STDMETHODIMP CWeChatRobot::CBackupSQLiteDB(DWORD pid, DWORD DbHandle, BSTR savepath, int* __result) {
*__result = BackupSQLiteDB(pid, DbHandle, savepath);
return S_OK;
}
/*
* 参数0:目标进程pid
* 参数1:v3数据
* 参数2:v4数据
* 参数3:预返回的值,调用时无需提供
*/
STDMETHODIMP CWeChatRobot::CVerifyFriendApply(BSTR v3, BSTR v4, int* __result) {
*__result = VerifyFriendApply(v3, v4);
STDMETHODIMP CWeChatRobot::CVerifyFriendApply(DWORD pid, BSTR v3, BSTR v4, int* __result) {
*__result = VerifyFriendApply(pid, v3, v4);
return S_OK;
}
/*
* 参数0:目标进程pid
* 参数1:wxid
* 参数2:附加信息
* 参数3:预返回的值,调用时无需提供
*/
STDMETHODIMP CWeChatRobot::CAddFriendByWxid(BSTR wxid, BSTR message, int* __result) {
*__result = AddFriendByWxid(wxid, message);
STDMETHODIMP CWeChatRobot::CAddFriendByWxid(DWORD pid, BSTR wxid, BSTR message, int* __result) {
*__result = AddFriendByWxid(pid, wxid, message);
return S_OK;
}
/*
* 参数0:目标进程pid
* 参数1:v3数据
* 参数2:附加信息
* 参数3:添加方式
* 参数4:预返回的值,调用时无需提供
*/
STDMETHODIMP CWeChatRobot::CAddFriendByV3(BSTR v3, BSTR message,int AddType, int* __result) {
*__result = AddFriendByV3(v3, message,AddType);
STDMETHODIMP CWeChatRobot::CAddFriendByV3(DWORD pid, BSTR v3, BSTR message,int AddType, int* __result) {
*__result = AddFriendByV3(pid, v3, message,AddType);
return S_OK;
}
/*
* 参数0:目标进程pid
* 参数1:预返回的值,调用时无需提供
*/
STDMETHODIMP CWeChatRobot::CGetWeChatVer(BSTR* __result) {
......@@ -258,183 +281,199 @@ STDMETHODIMP CWeChatRobot::CGetWeChatVer(BSTR* __result) {
* 参数1:预返回的值,调用时无需提供
*/
STDMETHODIMP CWeChatRobot::CStartWeChat(int* __result) {
StartWeChat();
*__result = 0;
*__result = StartWeChat();
return S_OK;
}
/*
* 参数0:目标进程pid
* 参数1:搜索关键字
* 参数2:预返回的值,调用时无需提供
*/
STDMETHODIMP CWeChatRobot::CSearchContactByNet(BSTR keyword, VARIANT* __result) {
STDMETHODIMP CWeChatRobot::CSearchContactByNet(DWORD pid, BSTR keyword, VARIANT* __result) {
VARIANT vsaValue;
vsaValue.vt = VT_ARRAY | VT_VARIANT;
V_ARRAY(&vsaValue) = SearchContactByNet(keyword);
V_ARRAY(&vsaValue) = SearchContactByNet(pid, keyword);
*__result = vsaValue;
return S_OK;
}
/*
* 参数0:目标进程pid
* 参数1:公众号id
* 参数2:预返回的值,调用时无需提供
*/
STDMETHODIMP CWeChatRobot::CAddBrandContact(BSTR PublicId, int* __result) {
*__result = AddBrandContact(PublicId);
STDMETHODIMP CWeChatRobot::CAddBrandContact(DWORD pid, BSTR PublicId, int* __result) {
*__result = AddBrandContact(pid, PublicId);
return S_OK;
}
/*
* 参数0:目标进程pid
* 参数1:保存路径
* 参数2:预返回的值,调用时无需提供
*/
STDMETHODIMP CWeChatRobot::CHookVoiceMsg(BSTR savepath, int* __result) {
*__result = HookVoiceMsg(savepath);
STDMETHODIMP CWeChatRobot::CHookVoiceMsg(DWORD pid, BSTR savepath, int* __result) {
*__result = HookVoiceMsg(pid, savepath);
return S_OK;
}
/*
* 参数0:目标进程pid
* 参数1:预返回的值,调用时无需提供
*/
STDMETHODIMP CWeChatRobot::CUnHookVoiceMsg(int* __result) {
UnHookVoiceMsg();
STDMETHODIMP CWeChatRobot::CUnHookVoiceMsg(DWORD pid, int* __result) {
UnHookVoiceMsg(pid);
*__result = 0;
return S_OK;
}
/*
* 参数0:目标进程pid
* 参数1:保存路径
* 参数2:预返回的值,调用时无需提供
*/
STDMETHODIMP CWeChatRobot::CHookImageMsg(BSTR savepath, int* __result) {
*__result = HookImageMsg(savepath);
STDMETHODIMP CWeChatRobot::CHookImageMsg(DWORD pid, BSTR savepath, int* __result) {
*__result = HookImageMsg(pid, savepath);
return S_OK;
}
/*
* 参数0:目标进程pid
* 参数1:预返回的值,调用时无需提供
*/
STDMETHODIMP CWeChatRobot::CUnHookImageMsg(int* __result) {
UnHookImageMsg();
STDMETHODIMP CWeChatRobot::CUnHookImageMsg(DWORD pid, int* __result) {
UnHookImageMsg(pid);
*__result = 0;
return S_OK;
}
/*
* 参数0:目标进程pid
* 参数1:版本号
* 参数2:预返回的值,调用时无需提供
*/
STDMETHODIMP CWeChatRobot::CChangeWeChatVer(BSTR verStr, int* __result) {
*__result = ChangeWeChatVer(verStr);
STDMETHODIMP CWeChatRobot::CChangeWeChatVer(DWORD pid, BSTR verStr, int* __result) {
*__result = ChangeWeChatVer(pid, verStr);
return S_OK;
}
/*
* 参数0:目标进程pid
* 参数1:接收人wxid
* 参数2:小程序id
* 参数3:预返回的值,调用时无需提供
*/
STDMETHODIMP CWeChatRobot::CSendAppMsg(BSTR wxid,BSTR appid,int* __result) {
*__result = SendAppMsg(wxid,appid);
STDMETHODIMP CWeChatRobot::CSendAppMsg(DWORD pid, BSTR wxid,BSTR appid,int* __result) {
*__result = SendAppMsg(pid, wxid,appid);
return S_OK;
}
/*
* 参数0:目标进程pid
* 参数1:要删除的人wxid
* 参数2:预返回的值,调用时无需提供
*/
STDMETHODIMP CWeChatRobot::CDeleteUser(BSTR wxid, int* __result) {
*__result = DeleteUser(wxid);
STDMETHODIMP CWeChatRobot::CDeleteUser(DWORD pid, BSTR wxid, int* __result) {
*__result = DeleteUser(pid, wxid);
return S_OK;
}
/*
* 参数0:目标进程pid
* 参数1:预返回的值,调用时无需提供
*/
STDMETHODIMP CWeChatRobot::CIsWxLogin(int* __result) {
*__result = isWxLogin();
STDMETHODIMP CWeChatRobot::CIsWxLogin(DWORD pid, int* __result) {
*__result = isWxLogin(pid);
return S_OK;
}
/*
* 参数0:目标进程pid
* 参数1:wxid或群聊id
* 参数2:备注内容
* 参数3:预返回的值,调用时无需提供
*/
STDMETHODIMP CWeChatRobot::CEditRemark(BSTR wxid,BSTR remark,int* __result) {
*__result = EditRemark(wxid,remark);
STDMETHODIMP CWeChatRobot::CEditRemark(DWORD pid, BSTR wxid,BSTR remark,int* __result) {
*__result = EditRemark(pid, wxid,remark);
return S_OK;
}
/*
* 参数0:目标进程pid
* 参数1:群聊id
* 参数2:群聊名称
* 参数3:预返回的值,调用时无需提供
*/
STDMETHODIMP CWeChatRobot::CSetChatRoomName(BSTR chatroomid, BSTR name, int* __result) {
*__result = SetChatRoomName(chatroomid, name);
STDMETHODIMP CWeChatRobot::CSetChatRoomName(DWORD pid, BSTR chatroomid, BSTR name, int* __result) {
*__result = SetChatRoomName(pid, chatroomid, name);
return S_OK;
}
/*
* 参数0:目标进程pid
* 参数1:群聊id
* 参数2:公告内容
* 参数3:预返回的值,调用时无需提供
*/
STDMETHODIMP CWeChatRobot::CSetChatRoomAnnouncement(BSTR chatroomid, BSTR announcement, int* __result) {
*__result = SetChatRoomAnnouncement(chatroomid, announcement);
STDMETHODIMP CWeChatRobot::CSetChatRoomAnnouncement(DWORD pid, BSTR chatroomid, BSTR announcement, int* __result) {
*__result = SetChatRoomAnnouncement(pid, chatroomid, announcement);
return S_OK;
}
/*
* 参数0:目标进程pid
* 参数1:群聊id
* 参数2:个人昵称
* 参数3:预返回的值,调用时无需提供
*/
STDMETHODIMP CWeChatRobot::CSetChatRoomSelfNickname(BSTR chatroomid, BSTR nickname, int* __result) {
*__result = SetChatRoomSelfNickname(chatroomid, nickname);
STDMETHODIMP CWeChatRobot::CSetChatRoomSelfNickname(DWORD pid, BSTR chatroomid, BSTR nickname, int* __result) {
*__result = SetChatRoomSelfNickname(pid, chatroomid, nickname);
return S_OK;
}
/*
* 参数0:目标进程pid
* 参数1:群聊id
* 参数2:群成员wxid
* 参数3:预返回的值,调用时无需提供
*/
STDMETHODIMP CWeChatRobot::CGetChatRoomMemberNickname(BSTR chatroomid, BSTR wxid, BSTR* __result) {
wstring nickname = GetChatRoomMemberNickname(chatroomid, wxid);
STDMETHODIMP CWeChatRobot::CGetChatRoomMemberNickname(DWORD pid, BSTR chatroomid, BSTR wxid, BSTR* __result) {
wstring nickname = GetChatRoomMemberNickname(pid, chatroomid, wxid);
*__result = (_bstr_t)nickname.c_str();
return S_OK;
}
/*
* 参数0:目标进程pid
* 参数1:群聊id
* 参数2:wxid列表
* 参数3:预返回的值,调用时无需提供
*/
STDMETHODIMP CWeChatRobot::CDelChatRoomMember(BSTR chatroomid, VARIANT* wxids, int* __result) {
STDMETHODIMP CWeChatRobot::CDelChatRoomMember(DWORD pid, BSTR chatroomid, VARIANT* wxids, int* __result) {
if (wxids->vt == VT_BSTR) {
*__result = DelChatRoomMember(chatroomid, wxids->bstrVal);
*__result = DelChatRoomMember(pid, chatroomid, wxids->bstrVal);
}
else if (wxids->vt == (VT_ARRAY | VT_VARIANT)) {
SAFEARRAY* psaValue = wxids->parray;
*__result = DelChatRoomMember(chatroomid, psaValue);
*__result = DelChatRoomMember(pid, chatroomid, psaValue);
}
return S_OK;
}
/*
* 参数0:目标进程pid
* 参数1:群聊id
* 参数2:wxid列表
* 参数3:预返回的值,调用时无需提供
*/
STDMETHODIMP CWeChatRobot::CAddChatRoomMember(BSTR chatroomid, VARIANT* wxids, int* __result) {
STDMETHODIMP CWeChatRobot::CAddChatRoomMember(DWORD pid, BSTR chatroomid, VARIANT* wxids, int* __result) {
if (wxids->vt == VT_BSTR) {
*__result = AddChatRoomMember(chatroomid, wxids->bstrVal);
*__result = AddChatRoomMember(pid, chatroomid, wxids->bstrVal);
}
else if (wxids->vt == (VT_ARRAY | VT_VARIANT)) {
SAFEARRAY* psaValue = wxids->parray;
*__result = AddChatRoomMember(chatroomid, psaValue);
*__result = AddChatRoomMember(pid, chatroomid, psaValue);
}
return S_OK;
}
\ No newline at end of file
CWeChatRobot/WeChatRobot.h
浏览文件 @ eb0b1414
......@@ -51,48 +51,48 @@ END_COM_MAP()
public:
STDMETHODIMP CStartRobotService(int* __result);
STDMETHODIMP CStopRobotService(int* __result);
STDMETHODIMP CSendImage(BSTR wxid, BSTR imagepath, int* __result);
STDMETHODIMP CSendText(BSTR wxid, BSTR wxmsg, int* __result);
STDMETHODIMP CSendFile(BSTR wxid, BSTR filepath, int* __result);
STDMETHODIMP CSendArticle(BSTR wxid, BSTR title, BSTR abstract, BSTR url, BSTR imgpath, int* __result);
STDMETHODIMP CSendCard(BSTR receiver, BSTR sharedwxid, BSTR nickname, int* __result);
STDMETHODIMP CSendAtText(BSTR chatroomid, VARIANT* wxid, BSTR wxmsg, BOOL AutoNickName, int* __result);
STDMETHODIMP CGetFriendList(VARIANT* __result);
STDMETHODIMP CGetFriendListString(BSTR* __result);
STDMETHODIMP CGetWxUserInfo(BSTR wxid, BSTR* __result);
STDMETHODIMP CGetSelfInfo(BSTR* __result);
STDMETHODIMP CCheckFriendStatus(BSTR wxid, int* __result);
STDMETHODIMP CStartRobotService(DWORD pid, int* __result);
STDMETHODIMP CStopRobotService(DWORD pid, int* __result);
STDMETHODIMP CSendImage(DWORD pid, BSTR wxid, BSTR imagepath, int* __result);
STDMETHODIMP CSendText(DWORD pid, BSTR wxid, BSTR wxmsg, int* __result);
STDMETHODIMP CSendFile(DWORD pid, BSTR wxid, BSTR filepath, int* __result);
STDMETHODIMP CSendArticle(DWORD pid, BSTR wxid, BSTR title, BSTR abstract, BSTR url, BSTR imgpath, int* __result);
STDMETHODIMP CSendCard(DWORD pid, BSTR receiver, BSTR sharedwxid, BSTR nickname, int* __result);
STDMETHODIMP CSendAtText(DWORD pid, BSTR chatroomid, VARIANT* wxid, BSTR wxmsg, BOOL AutoNickName, int* __result);
STDMETHODIMP CGetFriendList(DWORD pid, VARIANT* __result);
STDMETHODIMP CGetFriendListString(DWORD pid, BSTR* __result);
STDMETHODIMP CGetWxUserInfo(DWORD pid, BSTR wxid, BSTR* __result);
STDMETHODIMP CGetSelfInfo(DWORD pid, BSTR* __result);
STDMETHODIMP CCheckFriendStatus(DWORD pid, BSTR wxid, int* __result);
STDMETHODIMP CGetComWorkPath(BSTR* __result);
STDMETHODIMP CStartReceiveMessage(int port, int* __result);
STDMETHODIMP CStopReceiveMessage(int* __result);
STDMETHODIMP CGetChatRoomMembers(BSTR chatroomid, VARIANT* __result);
STDMETHODIMP CGetDbHandles(VARIANT* __result);
STDMETHODIMP CExecuteSQL(DWORD DbHandle, BSTR sql, VARIANT* __result);
STDMETHODIMP CBackupSQLiteDB(DWORD DbHandle, BSTR savepath, int* __result);
STDMETHODIMP CVerifyFriendApply(BSTR v3, BSTR v4, int* __result);
STDMETHODIMP CAddFriendByWxid(BSTR wxid, BSTR message, int* __result);
STDMETHODIMP CAddFriendByV3(BSTR v3, BSTR message, int AddType, int* __result);
STDMETHODIMP CStartReceiveMessage(DWORD pid, int port, int* __result);
STDMETHODIMP CStopReceiveMessage(DWORD pid, int* __result);
STDMETHODIMP CGetChatRoomMembers(DWORD pid, BSTR chatroomid, VARIANT* __result);
STDMETHODIMP CGetDbHandles(DWORD pid, VARIANT* __result);
STDMETHODIMP CExecuteSQL(DWORD pid, DWORD DbHandle, BSTR sql, VARIANT* __result);
STDMETHODIMP CBackupSQLiteDB(DWORD pid, DWORD DbHandle, BSTR savepath, int* __result);
STDMETHODIMP CVerifyFriendApply(DWORD pid, BSTR v3, BSTR v4, int* __result);
STDMETHODIMP CAddFriendByWxid(DWORD pid, BSTR wxid, BSTR message, int* __result);
STDMETHODIMP CAddFriendByV3(DWORD pid, BSTR v3, BSTR message, int AddType, int* __result);
STDMETHODIMP CGetWeChatVer(BSTR* __result);
STDMETHODIMP CStartWeChat(int* __result);
STDMETHODIMP CSearchContactByNet(BSTR keyword, VARIANT* __result);
STDMETHODIMP CAddBrandContact(BSTR PublicId, int* __result);
STDMETHODIMP CHookVoiceMsg(BSTR savepath, int* __result);
STDMETHODIMP CUnHookVoiceMsg(int* __result);
STDMETHODIMP CHookImageMsg(BSTR savepath, int* __result);
STDMETHODIMP CUnHookImageMsg(int* __result);
STDMETHODIMP CChangeWeChatVer(BSTR verStr, int* __result);
STDMETHODIMP CSendAppMsg(BSTR wxid, BSTR appid, int* __result);
STDMETHODIMP CDeleteUser(BSTR wxid, int* __result);
STDMETHODIMP CIsWxLogin(int* __result);
STDMETHODIMP CEditRemark(BSTR wxid,BSTR remark,int* __result);
STDMETHODIMP CSetChatRoomName(BSTR chatroomid, BSTR name, int* __result);
STDMETHODIMP CSetChatRoomAnnouncement(BSTR chatroomid, BSTR announcement, int* __result);
STDMETHODIMP CSetChatRoomSelfNickname(BSTR chatroomid, BSTR nickname, int* __result);
STDMETHODIMP CGetChatRoomMemberNickname(BSTR chatroomid, BSTR wxid, BSTR* __result);
STDMETHODIMP CDelChatRoomMember(BSTR chatroomid, VARIANT* wxids, int* __result);
STDMETHODIMP CAddChatRoomMember(BSTR chatroomid, VARIANT* wxids, int* __result);
STDMETHODIMP CSearchContactByNet(DWORD pid, BSTR keyword, VARIANT* __result);
STDMETHODIMP CAddBrandContact(DWORD pid, BSTR PublicId, int* __result);
STDMETHODIMP CHookVoiceMsg(DWORD pid, BSTR savepath, int* __result);
STDMETHODIMP CUnHookVoiceMsg(DWORD pid, int* __result);
STDMETHODIMP CHookImageMsg(DWORD pid, BSTR savepath, int* __result);
STDMETHODIMP CUnHookImageMsg(DWORD pid, int* __result);
STDMETHODIMP CChangeWeChatVer(DWORD pid, BSTR verStr, int* __result);
STDMETHODIMP CSendAppMsg(DWORD pid, BSTR wxid, BSTR appid, int* __result);
STDMETHODIMP CDeleteUser(DWORD pid, BSTR wxid, int* __result);
STDMETHODIMP CIsWxLogin(DWORD pid, int* __result);
STDMETHODIMP CEditRemark(DWORD pid, BSTR wxid,BSTR remark,int* __result);
STDMETHODIMP CSetChatRoomName(DWORD pid, BSTR chatroomid, BSTR name, int* __result);
STDMETHODIMP CSetChatRoomAnnouncement(DWORD pid, BSTR chatroomid, BSTR announcement, int* __result);
STDMETHODIMP CSetChatRoomSelfNickname(DWORD pid, BSTR chatroomid, BSTR nickname, int* __result);
STDMETHODIMP CGetChatRoomMemberNickname(DWORD pid, BSTR chatroomid, BSTR wxid, BSTR* __result);
STDMETHODIMP CDelChatRoomMember(DWORD pid, BSTR chatroomid, VARIANT* wxids, int* __result);
STDMETHODIMP CAddChatRoomMember(DWORD pid, BSTR chatroomid, VARIANT* wxids, int* __result);
};
OBJECT_ENTRY_AUTO(__uuidof(WeChatRobot), CWeChatRobot)
CWeChatRobot/WeChatRobotCOM.idl
浏览文件 @ eb0b1414
......@@ -16,48 +16,48 @@ import "ocidl.idl";
]
interface IWeChatRobot : IDispatch
{
[id(1), helpstring("启动服务")] HRESULT CStartRobotService([out, retval] int* __result);
[id(2), helpstring("关闭服务")] HRESULT CStopRobotService([out, retval] int* __result);
[id(3), helpstring("发送文本")] HRESULT CSendText([in] BSTR wxid, [in] BSTR wxmsg, [out, retval] int* __result);
[id(4), helpstring("发送图片")] HRESULT CSendImage([in] BSTR wxid, [in] BSTR imagepath, [out, retval] int* __result);
[id(5), helpstring("发送文件")] HRESULT CSendFile([in] BSTR wxid, [in] BSTR filepath, [out, retval] int* __result);
[id(6), helpstring("发送XML文章")] HRESULT CSendArticle([in] BSTR wxid, [in] BSTR title, [in] BSTR abstract, [in] BSTR url, [in] BSTR imgpath, [out, retval] int* __result);
[id(7), helpstring("发送名片")] HRESULT CSendCard([in] BSTR receiver, [in] BSTR sharedwxid, [in] BSTR nickname, [out, retval] int* __result);
[id(8), helpstring("获取联系人列表,返回数组")] HRESULT CGetFriendList([out, retval] VARIANT* __result);
[id(9), helpstring("获取联系人列表,返回JSON")] HRESULT CGetFriendListString([out, retval] BSTR* __result);
[id(10), helpstring("wxid查询好友信息")] HRESULT CGetWxUserInfo([in] BSTR wxid, [out, retval] BSTR* __result);
[id(11), helpstring("获取个人信息")] HRESULT CGetSelfInfo([out, retval] BSTR* __result);
[id(13), helpstring("检查是否被好友删除")] HRESULT CCheckFriendStatus([in] BSTR wxid, [out, retval] int* __result);
[id(1), helpstring("启动服务")] HRESULT CStartRobotService([in] DWORD pid, [out, retval] int* __result);
[id(2), helpstring("关闭服务")] HRESULT CStopRobotService([in] DWORD pid, [out, retval] int* __result);
[id(3), helpstring("发送文本")] HRESULT CSendText([in] DWORD pid, [in] BSTR wxid, [in] BSTR wxmsg, [out, retval] int* __result);
[id(4), helpstring("发送图片")] HRESULT CSendImage([in] DWORD pid, [in] BSTR wxid, [in] BSTR imagepath, [out, retval] int* __result);
[id(5), helpstring("发送文件")] HRESULT CSendFile([in] DWORD pid, [in] BSTR wxid, [in] BSTR filepath, [out, retval] int* __result);
[id(6), helpstring("发送XML文章")] HRESULT CSendArticle([in] DWORD pid, [in] BSTR wxid, [in] BSTR title, [in] BSTR abstract, [in] BSTR url, [in] BSTR imgpath, [out, retval] int* __result);
[id(7), helpstring("发送名片")] HRESULT CSendCard([in] DWORD pid, [in] BSTR receiver, [in] BSTR sharedwxid, [in] BSTR nickname, [out, retval] int* __result);
[id(8), helpstring("获取联系人列表,返回数组")] HRESULT CGetFriendList([in] DWORD pid, [out, retval] VARIANT* __result);
[id(9), helpstring("获取联系人列表,返回JSON")] HRESULT CGetFriendListString([in] DWORD pid, [out, retval] BSTR* __result);
[id(10), helpstring("wxid查询好友信息")] HRESULT CGetWxUserInfo([in] DWORD pid, [in] BSTR wxid, [out, retval] BSTR* __result);
[id(11), helpstring("获取个人信息")] HRESULT CGetSelfInfo([in] DWORD pid, [out, retval] BSTR* __result);
[id(13), helpstring("检查是否被好友删除")] HRESULT CCheckFriendStatus([in] DWORD pid, [in] BSTR wxid, [out, retval] int* __result);
[id(15), helpstring("获取COM的工作目录")] HRESULT CGetComWorkPath([out, retval] BSTR* __result);
[id(16), helpstring("启动接收消息Hook")] HRESULT CStartReceiveMessage([in] int port, [out, retval] int* __result);
[id(18), helpstring("停止接收消息Hook")] HRESULT CStopReceiveMessage([out, retval] int* __result);
[id(19), helpstring("发送艾特消息")] HRESULT CSendAtText([in] BSTR chatroomid, [in] VARIANT* wxid, [in] BSTR wxmsg, [in] BOOL AutoNickName, [out, retval] int* __result);
[id(20), helpstring("获取群成员wxid")] HRESULT CGetChatRoomMembers([in] BSTR chatroomid, [out, retval] VARIANT* __result);
[id(21), helpstring("获取数据库句柄")] HRESULT CGetDbHandles([out, retval] VARIANT* __result);
[id(22), helpstring("执行SQL")] HRESULT CExecuteSQL([in] DWORD DbHandle, [in] BSTR sql, [out, retval] VARIANT* __result);
[id(23), helpstring("备份数据库")] HRESULT CBackupSQLiteDB([in] DWORD DbHandle, [in] BSTR savepath, [out, retval] int* __result);
[id(24), helpstring("通过好友请求")] HRESULT CVerifyFriendApply([in] BSTR v3, [in] BSTR v4, [out, retval] int* __result);
[id(25), helpstring("wxid加好友")] HRESULT CAddFriendByWxid([in] BSTR wxid, [in] BSTR message, [out, retval] int* __result);
[id(26), helpstring("v3数据加好友")] HRESULT CAddFriendByV3([in] BSTR v3, [in] BSTR message, [in] int AddType, [out, retval] int* __result);
[id(16), helpstring("启动接收消息Hook")] HRESULT CStartReceiveMessage([in] DWORD pid, [in] int port, [out, retval] int* __result);
[id(18), helpstring("停止接收消息Hook")] HRESULT CStopReceiveMessage([in] DWORD pid, [out, retval] int* __result);
[id(19), helpstring("发送艾特消息")] HRESULT CSendAtText([in] DWORD pid, [in] BSTR chatroomid, [in] VARIANT* wxid, [in] BSTR wxmsg, [in] BOOL AutoNickName, [out, retval] int* __result);
[id(20), helpstring("获取群成员wxid")] HRESULT CGetChatRoomMembers([in] DWORD pid, [in] BSTR chatroomid, [out, retval] VARIANT* __result);
[id(21), helpstring("获取数据库句柄")] HRESULT CGetDbHandles([in] DWORD pid, [out, retval] VARIANT* __result);
[id(22), helpstring("执行SQL")] HRESULT CExecuteSQL([in] DWORD pid, [in] DWORD DbHandle, [in] BSTR sql, [out, retval] VARIANT* __result);
[id(23), helpstring("备份数据库")] HRESULT CBackupSQLiteDB([in] DWORD pid, [in] DWORD DbHandle, [in] BSTR savepath, [out, retval] int* __result);
[id(24), helpstring("通过好友请求")] HRESULT CVerifyFriendApply([in] DWORD pid, [in] BSTR v3, [in] BSTR v4, [out, retval] int* __result);
[id(25), helpstring("wxid加好友")] HRESULT CAddFriendByWxid([in] DWORD pid, [in] BSTR wxid, [in] BSTR message, [out, retval] int* __result);
[id(26), helpstring("v3数据加好友")] HRESULT CAddFriendByV3([in] DWORD pid, [in] BSTR v3, [in] BSTR message, [in] int AddType, [out, retval] int* __result);
[id(27), helpstring("获取微信版本号(注册表)")] HRESULT CGetWeChatVer([out, retval] BSTR* __result);
[id(28), helpstring("启动微信")] HRESULT CStartWeChat([out, retval] int* __result);
[id(29), helpstring("网络查询用户信息")] HRESULT CSearchContactByNet([in] BSTR keyword, [out, retval] VARIANT* __result);
[id(30), helpstring("关注公众号")] HRESULT CAddBrandContact([in] BSTR PublicId, [out, retval] int* __result);
[id(31), helpstring("Hook语音消息")] HRESULT CHookVoiceMsg([in] BSTR savepath, [out, retval] int* __result);
[id(32), helpstring("取消Hook语音消息")] HRESULT CUnHookVoiceMsg([out, retval] int* __result);
[id(33), helpstring("Hook图片消息")] HRESULT CHookImageMsg([in] BSTR savepath, [out, retval] int* __result);
[id(34), helpstring("取消Hook图片消息")] HRESULT CUnHookImageMsg([out, retval] int* __result);
[id(35), helpstring("修改微信版本号")] HRESULT CChangeWeChatVer([in] BSTR verStr, [out, retval] int* __result);
[id(36), helpstring("发送小程序")] HRESULT CSendAppMsg([in] BSTR wxid, [in] BSTR appid, [out, retval] int* __result);
[id(37), helpstring("删除好友")] HRESULT CDeleteUser([in] BSTR wxid, [out, retval] int* __result);
[id(38), helpstring("获取登录状态")] HRESULT CIsWxLogin([out, retval] int* __result);
[id(39), helpstring("修改好友备注")] HRESULT CEditRemark([in] BSTR wxid, [in] BSTR remark, [out, retval] int* __result);
[id(40), helpstring("修改群聊名称")] HRESULT CSetChatRoomName([in] BSTR chatroomid, [in] BSTR name, [out, retval] int* __result);
[id(41), helpstring("修改群公告")] HRESULT CSetChatRoomAnnouncement([in] BSTR chatroomid, [in] BSTR announcement, [out, retval] int* __result);
[id(42), helpstring("修改群聊个人昵称")] HRESULT CSetChatRoomSelfNickname([in] BSTR chatroomid, [in] BSTR nickname, [out, retval] int* __result);
[id(43), helpstring("获取指定群成员昵称")] HRESULT CGetChatRoomMemberNickname([in] BSTR chatroomid, [in] BSTR wxid, [out, retval] BSTR* __result);
[id(44), helpstring("删除群成员")] HRESULT CDelChatRoomMember([in] BSTR chatroomid, [in] VARIANT* wxids, [out, retval] int* __result);
[id(45), helpstring("添加群成员")] HRESULT CAddChatRoomMember([in] BSTR chatroomid, [in] VARIANT* wxids, [out, retval] int* __result);
[id(29), helpstring("网络查询用户信息")] HRESULT CSearchContactByNet([in] DWORD pid, [in] BSTR keyword, [out, retval] VARIANT* __result);
[id(30), helpstring("关注公众号")] HRESULT CAddBrandContact([in] DWORD pid, [in] BSTR PublicId, [out, retval] int* __result);
[id(31), helpstring("Hook语音消息")] HRESULT CHookVoiceMsg([in] DWORD pid, [in] BSTR savepath, [out, retval] int* __result);
[id(32), helpstring("取消Hook语音消息")] HRESULT CUnHookVoiceMsg([in] DWORD pid, [out, retval] int* __result);
[id(33), helpstring("Hook图片消息")] HRESULT CHookImageMsg([in] DWORD pid, [in] BSTR savepath, [out, retval] int* __result);
[id(34), helpstring("取消Hook图片消息")] HRESULT CUnHookImageMsg([in] DWORD pid, [out, retval] int* __result);
[id(35), helpstring("修改微信版本号")] HRESULT CChangeWeChatVer([in] DWORD pid, [in] BSTR verStr, [out, retval] int* __result);
[id(36), helpstring("发送小程序")] HRESULT CSendAppMsg([in] DWORD pid, [in] BSTR wxid, [in] BSTR appid, [out, retval] int* __result);
[id(37), helpstring("删除好友")] HRESULT CDeleteUser([in] DWORD pid, [in] BSTR wxid, [out, retval] int* __result);
[id(38), helpstring("获取登录状态")] HRESULT CIsWxLogin([in] DWORD pid, [out, retval] int* __result);
[id(39), helpstring("修改好友备注")] HRESULT CEditRemark([in] DWORD pid, [in] BSTR wxid, [in] BSTR remark, [out, retval] int* __result);
[id(40), helpstring("修改群聊名称")] HRESULT CSetChatRoomName([in] DWORD pid, [in] BSTR chatroomid, [in] BSTR name, [out, retval] int* __result);
[id(41), helpstring("修改群公告")] HRESULT CSetChatRoomAnnouncement([in] DWORD pid, [in] BSTR chatroomid, [in] BSTR announcement, [out, retval] int* __result);
[id(42), helpstring("修改群聊个人昵称")] HRESULT CSetChatRoomSelfNickname([in] DWORD pid, [in] BSTR chatroomid, [in] BSTR nickname, [out, retval] int* __result);
[id(43), helpstring("获取指定群成员昵称")] HRESULT CGetChatRoomMemberNickname([in] DWORD pid, [in] BSTR chatroomid, [in] BSTR wxid, [out, retval] BSTR* __result);
[id(44), helpstring("删除群成员")] HRESULT CDelChatRoomMember([in] DWORD pid, [in] BSTR chatroomid, [in] VARIANT* wxids, [out, retval] int* __result);
[id(45), helpstring("添加群成员")] HRESULT CAddChatRoomMember([in] DWORD pid, [in] BSTR chatroomid, [in] VARIANT* wxids, [out, retval] int* __result);
};
[
object,
......@@ -68,7 +68,7 @@ interface IWeChatRobot : IDispatch
]
interface IRobotEvent : IDispatch
{
[id(1), helpstring("用于微信主动推送消息")] HRESULT CPostMessage([in] VARIANT* msg, [out, retval] int* __result);
[id(1), helpstring("用于微信主动推送消息")] HRESULT CPostMessage([in] int msgtype, [in] VARIANT* msg, [out, retval] int* __result);
};
[
uuid(721abb35-141a-4aa2-94f2-762e2833fa6c),
......
CWeChatRobot/WeChatRobotCOM.vcxproj
浏览文件 @ eb0b1414
......@@ -225,6 +225,7 @@
<ClInclude Include="GetChatRoomMembers.h" />
<ClInclude Include="GetDbHandles.h" />
<ClInclude Include="InjectDll.h" />
<ClInclude Include="ntapi.h" />
<ClInclude Include="pch.h" />
<ClInclude Include="ReceiveMessage.h" />
<ClInclude Include="Resource.h" />
......@@ -268,6 +269,7 @@
<ClCompile Include="HookImageMessage.cpp" />
<ClCompile Include="HookVoiceMessage.cpp" />
<ClCompile Include="InjectDll.cpp" />
<ClCompile Include="ntapi.cpp" />
<ClCompile Include="pch.cpp">
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader>
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">Create</PrecompiledHeader>
......
CWeChatRobot/WeChatRobotCOM.vcxproj.filters
浏览文件 @ eb0b1414
......@@ -229,6 +229,9 @@
<ClInclude Include="GetChatRoomMemberNickname.h">
<Filter>群相关\获取群成员昵称</Filter>
</ClInclude>
<ClInclude Include="ntapi.h">
<Filter>头文件</Filter>
</ClInclude>
</ItemGroup>
<ItemGroup>
<ClCompile Include="WeChatRobotCOM.cpp">
......@@ -348,6 +351,9 @@
<ClCompile Include="GetChatRoomMemberNickname.cpp">
<Filter>群相关\获取群成员昵称</Filter>
</ClCompile>
<ClCompile Include="ntapi.cpp">
<Filter>源文件</Filter>
</ClCompile>
</ItemGroup>
<ItemGroup>
<ResourceCompile Include="WeChatRobotCOM.rc">
......
CWeChatRobot/WeChatRobotCOM_i.h
浏览文件 @ eb0b1414
此差异已折叠。
CWeChatRobot/WeChatRobotCOM_p.c
浏览文件 @ eb0b1414
此差异已折叠。
CWeChatRobot/ntapi.cpp 0 → 100644
浏览文件 @ eb0b1414
#include "pch.h"
#include "ntapi.h"
#pragma comment(lib,"ntdll.lib")
HMODULE hNtdll = GetModuleHandle(L"ntdll.dll");
pNtQuerySystemInformation NtQuerySystemInformation = (pNtQuerySystemInformation)GetProcAddress(hNtdll, "NtQuerySystemInformation");
pNtDuplicateObject NtDuplicateObject = (pNtDuplicateObject)GetProcAddress(hNtdll, "NtDuplicateObject");
pNtQueryObject NtQueryObject = (pNtQueryObject)GetProcAddress(hNtdll, "NtQueryObject");
BOOL CloseProcessHandle(DWORD pid, wchar_t* handlename) {
wstring name(handlename);
NTSTATUS status;
PSYSTEM_HANDLE_INFORMATION handleInfo;
ULONG handleInfoSize = 0x10000;
HANDLE processHandle, dupHandle;
POBJECT_TYPE_INFORMATION objectTypeInfo;
SYSTEM_HANDLE handle = { 0 };
bool thao = false;
wstring str = L"";
handleInfo = (PSYSTEM_HANDLE_INFORMATION)malloc(handleInfoSize);
while ((status = NtQuerySystemInformation(SystemHandleInformation, handleInfo, handleInfoSize, NULL)
) == STATUS_INFO_LENGTH_MISMATCH)
{
handleInfoSize *= 2;
PSYSTEM_HANDLE_INFORMATION tempinfo = (PSYSTEM_HANDLE_INFORMATION)realloc(handleInfo, (size_t)handleInfoSize);
if (tempinfo)
handleInfo = tempinfo;
}
if (handleInfo == NULL) {
return false;
}
for (ULONG i = 0; i < handleInfo->HandleCount; i++)
{
thao = false;
handle = handleInfo->Handles[i];
if (handle.ProcessId != pid)
continue;
processHandle = OpenProcess(PROCESS_DUP_HANDLE, FALSE, pid);
if (processHandle != NULL)
{
status = NtDuplicateObject(processHandle, (HANDLE)handle.Handle, GetCurrentProcess(), &dupHandle, 0, 0, 0);
if (status == 0)
{
objectTypeInfo = (POBJECT_TYPE_INFORMATION)malloc(0x2000);
if (NtQueryObject(dupHandle, ObjectTypeInformation, objectTypeInfo, 0x1000, NULL) == 0)
{
if (objectTypeInfo != NULL) {
str = wstring(objectTypeInfo->Name.Buffer);
}
if (str == L"Mutant")
{
NtQueryObject(dupHandle, ObjectNameInformation, objectTypeInfo, 0x1000, NULL);
if (objectTypeInfo != NULL) {
str = wstring(objectTypeInfo->Name.Buffer ? objectTypeInfo->Name.Buffer : L"");
}
if (str.find(name) != wstring::npos)
{
thao = true;
}
}
else if (str == L"Semaphore")
{
NtQueryObject(dupHandle, ObjectNameInformation, objectTypeInfo, 0x1000, NULL);
if (objectTypeInfo != NULL) {
str = wstring(objectTypeInfo->Name.Buffer ? objectTypeInfo->Name.Buffer : L"");
}
if (str.find(name) != wstring::npos)
{
thao = true;
}
}
}
CloseHandle(dupHandle);
free(objectTypeInfo);
objectTypeInfo = NULL;
if (thao == true)
{
HANDLE h_another_proc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
DuplicateHandle(h_another_proc, (HANDLE)handle.Handle, GetCurrentProcess(), &dupHandle, 0, FALSE, DUPLICATE_SAME_ACCESS | DUPLICATE_CLOSE_SOURCE); // ر
CloseHandle(dupHandle);
CloseHandle(h_another_proc);
}
}
CloseHandle(processHandle);
}
}
free(handleInfo);
handleInfo = NULL;
return thao;
}
\ No newline at end of file
CWeChatRobot/ntapi.h 0 → 100644
浏览文件 @ eb0b1414
#pragma once
#include<windows.h>
#ifndef _WIN64
typedef _Return_type_success_(return >= 0) LONG NTSTATUS;
typedef NTSTATUS* PNTSTATUS;
#endif // !_WIN64
#define STATUS_INFO_LENGTH_MISMATCH 0xc0000004
#define SystemHandleInformation 16
#define ObjectBasicInformation 0
#define ObjectNameInformation 1
#define ObjectTypeInformation 2
/*
* 函数指针、数据结构以及宏参考如下仓库
* https://github.com/winsiderss/systeminformer
*/
#define RtlPointerToOffset(Base, Pointer) ((ULONG)(((PCHAR)(Pointer)) - ((PCHAR)(Base))))
#define RtlOffsetToPointer(Base, Offset) ((PCHAR)(((PCHAR)(Base)) + ((ULONG_PTR)(Offset))))
#define NtCurrentProcess() ((HANDLE)(LONG_PTR)-1)
#ifndef OBJ_PROTECT_CLOSE
#define OBJ_PROTECT_CLOSE 0x00000001
#endif
#ifndef OBJ_INHERIT
#define OBJ_INHERIT 0x00000002
#endif
#ifndef OBJ_AUDIT_OBJECT_CLOSE
#define OBJ_AUDIT_OBJECT_CLOSE 0x00000004
#endif
#define InitializeObjectAttributes(p, n, a, r, s) { \
(p)->Length = sizeof(OBJECT_ATTRIBUTES); \
(p)->RootDirectory = r; \
(p)->Attributes = a; \
(p)->ObjectName = n; \
(p)->SecurityDescriptor = s; \
(p)->SecurityQualityOfService = NULL; \
}
typedef enum _SECTION_INHERIT
{
ViewShare = 1,
ViewUnmap = 2
} SECTION_INHERIT;
typedef enum _SECTION_INFORMATION_CLASS
{
SectionBasicInformation,
SectionImageInformation,
SectionRelocationInformation,
SectionOriginalBaseInformation,
SectionInternalImageInformation,
MaxSectionInfoClass
} SECTION_INFORMATION_CLASS;
typedef struct _UNICODE_STRING
{
USHORT Length;
USHORT MaximumLength;
_Field_size_bytes_part_(MaximumLength, Length) PWCH Buffer;
} UNICODE_STRING, * PUNICODE_STRING;
typedef struct _OBJECT_ATTRIBUTES
{
ULONG Length;
HANDLE RootDirectory;
PUNICODE_STRING ObjectName;
ULONG Attributes;
PVOID SecurityDescriptor;
PVOID SecurityQualityOfService;
} OBJECT_ATTRIBUTES, * POBJECT_ATTRIBUTES;
typedef struct _SECTION_IMAGE_INFORMATION
{
PVOID TransferAddress;
ULONG ZeroBits;
SIZE_T MaximumStackSize;
SIZE_T CommittedStackSize;
ULONG SubSystemType;
union
{
struct
{
USHORT SubSystemMinorVersion;
USHORT SubSystemMajorVersion;
};
ULONG SubSystemVersion;
};
union
{
struct
{
USHORT MajorOperatingSystemVersion;
USHORT MinorOperatingSystemVersion;
};
ULONG OperatingSystemVersion;
};
USHORT ImageCharacteristics;
USHORT DllCharacteristics;
USHORT Machine;
BOOLEAN ImageContainsCode;
union
{
UCHAR ImageFlags;
struct
{
UCHAR ComPlusNativeReady : 1;
UCHAR ComPlusILOnly : 1;
UCHAR ImageDynamicallyRelocated : 1;
UCHAR ImageMappedFlat : 1;
UCHAR BaseBelow4gb : 1;
UCHAR ComPlusPrefer32bit : 1;
UCHAR Reserved : 2;
};
};
ULONG LoaderFlags;
ULONG ImageFileSize;
ULONG CheckSum;
} SECTION_IMAGE_INFORMATION, * PSECTION_IMAGE_INFORMATION;
typedef struct _SYSTEM_HANDLE
{
ULONG ProcessId;
BYTE ObjectTypeNumber;
BYTE Flags;
USHORT Handle;
PVOID Object;
ACCESS_MASK GrantedAccess;
} SYSTEM_HANDLE, * PSYSTEM_HANDLE;
typedef struct _SYSTEM_HANDLE_INFORMATION
{
ULONG HandleCount;
SYSTEM_HANDLE Handles[1];
} SYSTEM_HANDLE_INFORMATION, * PSYSTEM_HANDLE_INFORMATION;
typedef enum _POOL_TYPE
{
NonPagedPool,
PagedPool,
NonPagedPoolMustSucceed,
DontUseThisType,
NonPagedPoolCacheAligned,
PagedPoolCacheAligned,
NonPagedPoolCacheAlignedMustS
} POOL_TYPE, * PPOOL_TYPE;
typedef struct _OBJECT_TYPE_INFORMATION
{
UNICODE_STRING Name;
ULONG TotalNumberOfObjects;
ULONG TotalNumberOfHandles;
ULONG TotalPagedPoolUsage;
ULONG TotalNonPagedPoolUsage;
ULONG TotalNamePoolUsage;
ULONG TotalHandleTableUsage;
ULONG HighWaterNumberOfObjects;
ULONG HighWaterNumberOfHandles;
ULONG HighWaterPagedPoolUsage;
ULONG HighWaterNonPagedPoolUsage;
ULONG HighWaterNamePoolUsage;
ULONG HighWaterHandleTableUsage;
ULONG InvalidAttributes;
GENERIC_MAPPING GenericMapping;
ULONG ValidAccess;
BOOLEAN SecurityRequired;
BOOLEAN MaintainHandleCount;
USHORT MaintainTypeList;
POOL_TYPE PoolType;
ULONG PagedPoolUsage;
ULONG NonPagedPoolUsage;
} OBJECT_TYPE_INFORMATION, * POBJECT_TYPE_INFORMATION;
typedef
NTSYSCALLAPI
PIMAGE_NT_HEADERS
(NTAPI*
pRtlImageNtHeader)(
_In_ PVOID BaseOfImage
);
typedef
NTSYSCALLAPI
PVOID
(NTAPI*
pRtlImageDirectoryEntryToData)(
_In_ PVOID BaseOfImage,
_In_ BOOLEAN MappedAsImage,
_In_ USHORT DirectoryEntry,
_Out_ PULONG Size
);
typedef
NTSYSCALLAPI
NTSTATUS
(NTAPI*
pZwOpenSection)(
_Out_ PHANDLE SectionHandle,
_In_ ACCESS_MASK DesiredAccess,
_In_ POBJECT_ATTRIBUTES ObjectAttributes
);
typedef
NTSYSCALLAPI
NTSTATUS
(NTAPI*
pZwQuerySection)(
_In_ HANDLE SectionHandle,
_In_ SECTION_INFORMATION_CLASS SectionInformationClass,
_Out_writes_bytes_(SectionInformationLength) PVOID SectionInformation,
_In_ SIZE_T SectionInformationLength,
_Out_opt_ PSIZE_T ReturnLength
);
typedef
NTSYSCALLAPI
NTSTATUS
(NTAPI*
pZwMapViewOfSection)(
_In_ HANDLE SectionHandle,
_In_ HANDLE ProcessHandle,
_Inout_ _At_(*BaseAddress, _Readable_bytes_(*ViewSize) _Writable_bytes_(*ViewSize) _Post_readable_byte_size_(*ViewSize)) PVOID* BaseAddress,
_In_ ULONG_PTR ZeroBits,
_In_ SIZE_T CommitSize,
_Inout_opt_ PLARGE_INTEGER SectionOffset,
_Inout_ PSIZE_T ViewSize,
_In_ SECTION_INHERIT InheritDisposition,
_In_ ULONG AllocationType,
_In_ ULONG Win32Protect
);
typedef
NTSYSCALLAPI
NTSTATUS
(NTAPI*
pZwUnmapViewOfSection)(
_In_ HANDLE ProcessHandle,
_In_opt_ PVOID BaseAddress
);
typedef
NTSYSCALLAPI
NTSTATUS
(NTAPI*
pNtClose)(
_In_ _Post_ptr_invalid_ HANDLE Handle
);
typedef
NTSYSCALLAPI
NTSTATUS
(NTAPI*
pNtQuerySystemInformation)(
ULONG SystemInformationClass,
PVOID SystemInformation,
ULONG SystemInformationLength,
PULONG ReturnLength
);
typedef
NTSYSCALLAPI
NTSTATUS
(NTAPI*
pNtDuplicateObject)(
HANDLE SourceProcessHandle,
HANDLE SourceHandle,
HANDLE TargetProcessHandle,
PHANDLE TargetHandle,
ACCESS_MASK DesiredAccess,
ULONG Attributes,
ULONG Options
);
typedef
NTSYSCALLAPI
NTSTATUS
(NTAPI*
pNtQueryObject)(
HANDLE ObjectHandle,
ULONG ObjectInformationClass,
PVOID ObjectInformation,
ULONG ObjectInformationLength,
PULONG ReturnLength
);
\ No newline at end of file
CWeChatRobot/pch.cpp
浏览文件 @ eb0b1414
......@@ -58,8 +58,6 @@ DWORD ChangeWeChatVerRemoteOffset = 0x0;
wstring SelfInfoString = L"";
HANDLE hProcess = NULL;
BOOL isFileExists_stat(string& name) {
struct stat buffer;
return (stat(name.c_str(), &buffer) == 0);
......@@ -78,7 +76,8 @@ BOOL CreateConsole() {
return 1;
}
DWORD GetWeChatRobotBase() {
DWORD GetWeChatRobotBase(DWORD pid) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return 0;
DWORD dwWriteSize = 0;
......@@ -88,8 +87,7 @@ DWORD GetWeChatRobotBase() {
else
return 0;
DWORD dwHandle, dwID;
LPVOID pFunc = GetModuleHandleW;
HANDLE hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)pFunc, pRemoteAddress, 0, &dwID);
HANDLE hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)GetModuleHandleW, pRemoteAddress, 0, &dwID);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
GetExitCodeThread(hThread, &dwHandle);
......@@ -99,6 +97,32 @@ DWORD GetWeChatRobotBase() {
}
CloseHandle(hThread);
VirtualFreeEx(hProcess, pRemoteAddress, 0, MEM_RELEASE);
CloseHandle(hProcess);
return dwHandle;
}
DWORD GetWeChatWinBase(DWORD pid) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return 0;
DWORD dwWriteSize = 0;
LPVOID pRemoteAddress = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
if (pRemoteAddress)
WriteProcessMemory(hProcess, pRemoteAddress, L"WeChatWin.dll", wcslen(L"WeChatWin.dll") * 2 + 2, &dwWriteSize);
else
return 0;
DWORD dwHandle, dwID;
HANDLE hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)GetModuleHandleW, pRemoteAddress, 0, &dwID);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
GetExitCodeThread(hThread, &dwHandle);
}
else {
return 0;
}
CloseHandle(hThread);
VirtualFreeEx(hProcess, pRemoteAddress, 0, MEM_RELEASE);
CloseHandle(hProcess);
return dwHandle;
}
......@@ -228,12 +252,7 @@ DWORD GetWeChatPid() {
return wxPid;
}
DWORD StartRobotService() {
DWORD wxPid = GetWeChatPid();
if (!wxPid) {
MessageBoxA(NULL, "请先启动目标程序", "提示", MB_ICONWARNING);
return 1;
}
DWORD StartRobotService(DWORD pid) {
wstring wworkPath = GetComWorkPath();
wchar_t* workPath = (wchar_t*)wworkPath.c_str();
if (!GetProcOffset(workPath)) {
......@@ -242,32 +261,17 @@ DWORD StartRobotService() {
MessageBox(NULL, info, L"致命错误!", MB_ICONWARNING);
return 1;
};
if(!hProcess)
hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, wxPid);
bool status = Inject(wxPid, workPath);
if (status == 1) {
CloseHandle(hProcess);
hProcess = NULL;
return status;
}
bool status = Inject(pid, workPath);
return status;
}
DWORD StopRobotService() {
DWORD StopRobotService(DWORD pid) {
DWORD cpid = GetCurrentProcessId();
DWORD wxPid = GetWeChatPid();
if (!wxPid) {
hProcess = NULL;
if (pid == 0)
return cpid;
}
if (!hProcess)
hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, wxPid);
RemoveDll(wxPid);
RemoveDll(pid);
ZeroMemory((wchar_t*)SelfInfoString.c_str(), SelfInfoString.length() * 2 + 2);
CloseHandle(hProcess);
hProcess = NULL;
StopReceiveMessage();
return cpid;
return 0;
}
wstring GetComWorkPath() {
......@@ -320,11 +324,34 @@ tstring GetWeChatVerStr() {
return verStr;
}
VOID StartWeChat()
static bool CloseAllWxProcessMutexHandle()
{
HANDLE hsnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (hsnapshot == INVALID_HANDLE_VALUE)
{
return false;
}
PROCESSENTRY32 pe;
pe.dwSize = sizeof(PROCESSENTRY32);
int flag = Process32First(hsnapshot, &pe);
while (flag != 0)
{
if (lstrcmp(pe.szExeFile, L"WeChat.exe") == 0)
{
CloseProcessHandle(pe.th32ProcessID, L"_WeChat_App_Instance_Identity_Mutex_Name");
}
flag = Process32Next(hsnapshot, &pe);
}
CloseHandle(hsnapshot);
return true;
}
DWORD StartWeChat()
{
CloseAllWxProcessMutexHandle();
tstring szAppName = GetWeChatInstallDir();
if (szAppName.length() == 0)
return;
return 0;
szAppName += TEXT("\\WeChat.exe");
STARTUPINFO StartInfo;
ZeroMemory(&StartInfo, sizeof(StartInfo));
......@@ -336,4 +363,11 @@ VOID StartWeChat()
CloseHandle(procStruct.hProcess);
CloseHandle(procStruct.hThread);
}
if (procStruct.dwProcessId == 0)
return 0;
DWORD WeChatWinBase = 0;
while ((WeChatWinBase = GetWeChatWinBase(procStruct.dwProcessId)) == 0) {
Sleep(500);
}
return procStruct.dwProcessId;
}
\ No newline at end of file
CWeChatRobot/pch.h
浏览文件 @ eb0b1414
......@@ -37,14 +37,17 @@ using namespace std;
#endif
BOOL isFileExists_stat(string& name);
DWORD GetWeChatRobotBase();
DWORD GetWeChatRobotBase(DWORD pid);
DWORD GetWeChatWinBase(DWORD pid);
DWORD GetWeChatPid();
DWORD StartRobotService();
DWORD StopRobotService();
DWORD StartRobotService(DWORD pid);
DWORD StopRobotService(DWORD pid);
BOOL CreateConsole();
wstring GetComWorkPath();
tstring GetWeChatInstallDir();
DWORD GetWeChatVerInt();
tstring GetWeChatVerStr();
VOID StartWeChat();
\ No newline at end of file
DWORD StartWeChat();
BOOL CloseProcessHandle(DWORD pid, wchar_t* handlename);
\ No newline at end of file
CWeChatRobot/robotdata.h
浏览文件 @ eb0b1414
......@@ -28,7 +28,7 @@
#include "DelChatRoomMember.h"
#include "AddChatRoomMember.h"
extern HANDLE hProcess;
// extern HANDLE hProcess;
extern DWORD SendImageOffset;
extern DWORD SendTextOffset;
extern DWORD SendFileOffset;
......
CWeChatRobot/wechatver.cpp
浏览文件 @ eb0b1414
#include "pch.h"
BOOL ChangeWeChatVer(wchar_t* verStr) {
BOOL ChangeWeChatVer(DWORD pid,wchar_t* verStr) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hProcess)
return 1;
DWORD WeChatRobotBase = GetWeChatRobotBase();
DWORD WeChatRobotBase = GetWeChatRobotBase(pid);
if (!WeChatRobotBase) {
CloseHandle(hProcess);
return 1;
}
DWORD dwId = 0;
DWORD dwRet = 0x0;
LPVOID verStraddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
DWORD dwWriteSize = 0;
if (!verStraddr)
if (!verStraddr) {
CloseHandle(hProcess);
return 1;
}
WriteProcessMemory(hProcess, verStraddr, verStr, wcslen(verStr) * 2 + 2, &dwWriteSize);
DWORD ChangeWeChatVerRemoteAddr = WeChatRobotBase + ChangeWeChatVerRemoteOffset;
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)ChangeWeChatVerRemoteAddr, verStraddr, 0, &dwId);
......@@ -19,5 +26,6 @@ BOOL ChangeWeChatVer(wchar_t* verStr) {
CloseHandle(hThread);
}
VirtualFreeEx(hProcess, verStraddr, 0, MEM_RELEASE);
CloseHandle(hProcess);
return dwRet == 0;
}
\ No newline at end of file
CWeChatRobot/wechatver.h
浏览文件 @ eb0b1414
#pragma once
#include<windows.h>
BOOL ChangeWeChatVer(wchar_t* verStr);
\ No newline at end of file
BOOL ChangeWeChatVer(DWORD pid,wchar_t* verStr);
\ No newline at end of file
DWeChatRobot/CheckFriendStatus.cpp
浏览文件 @ eb0b1414
......@@ -80,6 +80,8 @@ VOID HookFriendStatusCode(){
if (CheckFriendStatusHooked)
return;
DWORD WeChatWinBase = GetWeChatWinBase();
CheckFriendStatusNextCallAddress = WeChatWinBase + CheckFriendStatusNextCallOffset;
CheckFriendStatusHookJmpBackAddress = WeChatWinBase + CheckFriendStatusHookJmpBackOffset;
DWORD dwHookAddress = WeChatWinBase + CheckFriendStatusHookOffset;
HookAnyAddress(dwHookAddress, doHookVerifyUserResult, OldAsmCode);
CheckFriendStatusHooked = true;
......
DWeChatRobot/DbExecuteSql.cpp
浏览文件 @ eb0b1414
......@@ -17,10 +17,6 @@ typedef int(__cdecl* Sqlite3_exec)(
char** /* Write error messages here */
);
DWORD WeChatWinBase = GetWeChatWinBase();
// sqlite3_exec函数地址
DWORD sqlite3_execAddr = WeChatWinBase + OffsetFromIdaAddr(IDA_SQLITE3_EXEC_ADDRESS);
/*
* 外部调用时传递的参数结构
* ptrDb:数据库句柄
......@@ -184,6 +180,8 @@ void ClearResultArray() {
* return:void*,执行成功返回数组指针,执行失败返回`0`
*/
void* ExecuteSQL(DWORD ptrDb,const char* sql,DWORD callback,void* data) {
DWORD WeChatWinBase = GetWeChatWinBase();
DWORD sqlite3_execAddr = WeChatWinBase + OffsetFromIdaAddr(IDA_SQLITE3_EXEC_ADDRESS);
Sqlite3_exec p_Sqlite3_exec = (Sqlite3_exec)sqlite3_execAddr;
int status = p_Sqlite3_exec(ptrDb,sql, (sqlite3_callback)callback,data,0);
if (status != SQLITE_OK)
......
DWeChatRobot/HookImageMessage.cpp
浏览文件 @ eb0b1414
......@@ -72,8 +72,12 @@ __declspec(naked) void dealImageMsg() {
}
void __stdcall HookImageMsg() {
if (ImageMsgHooked)
WeChatWinBase = GetWeChatWinBase();
if (ImageMsgHooked || !WeChatWinBase)
return;
HookImageMsgAddr = WeChatWinBase + HookImageMsgAddrOffset;
HookImageMsgNextCall = WeChatWinBase + HookImageMsgNextCallOffset;
HookImageMsgJmpBackAddr = HookImageMsgAddr + 0x5;
HookAnyAddress(HookImageMsgAddr, dealImageMsg, ImageMsgOldAsm);
char settime[] = "00:00-00:00";
DWORD AutoDownloadTimeSettingAddr = GetWeChatWinBase() + AutoDownloadTimeSettingOffset;
......
DWeChatRobot/HookVoiceMessage.cpp
浏览文件 @ eb0b1414
......@@ -57,8 +57,12 @@ __declspec(naked) void dealVoiceMsg() {
}
void __stdcall HookVoiceMsg() {
if (VoiceMsgHooked)
WeChatWinBase = GetWeChatWinBase();
if (VoiceMsgHooked || !WeChatWinBase)
return;
HookVoiceMsgAddr = WeChatWinBase + HookVoiceMsgAddrOffset;
HookVoiceMsgNextCall = WeChatWinBase + HookVoiceMsgNextCallOffset;
HookVoiceMsgJmpBackAddr = HookVoiceMsgAddr + 0x5;
HookAnyAddress(HookVoiceMsgAddr, dealVoiceMsg, VoiceMsgOldAsm);
VoiceMsgHooked = true;
}
......
DWeChatRobot/LogMsgInfo.cpp
浏览文件 @ eb0b1414
......@@ -7,18 +7,26 @@
// HOOK的跳转地址偏移
#define HookLogMsgJmpBackOffset 0x78E10449 - 0x786A0000
static DWORD WeChatWinBase = GetWeChatWinBase();
// 微信日志HOOK地址
DWORD HookLogMsgInfoAddr = GetWeChatWinBase() + HookLogMsgInfoAddrOffset;
static DWORD HookLogMsgInfoAddr = WeChatWinBase + HookLogMsgInfoAddrOffset;
// HOOK的CALL地址
DWORD NextCallAddr = GetWeChatWinBase() + HookLogMsgInfoNextCallOffset;
static DWORD NextCallAddr = WeChatWinBase + HookLogMsgInfoNextCallOffset;
// HOOK的跳转地址
DWORD JmpBackAddr = GetWeChatWinBase() + HookLogMsgJmpBackOffset;
static DWORD JmpBackAddr = WeChatWinBase + HookLogMsgJmpBackOffset;
// 是否开启日志HOOK标志
BOOL LogMsgHooked = false;
static BOOL LogMsgHooked = false;
// 保存HOOK前的指令用于恢复
char LogOldAsmCode[5] = { 0 };
static void SendLogToComServer(wchar_t* logmsg) {
// _variant_t log = logmsg;
// PostComMessage(WX_LOG_MESSAGE, &log);
delete[] logmsg;
logmsg = NULL;
}
/*
* 处理函数,打印日志信息
* msg:日志信息
......@@ -27,6 +35,7 @@ char LogOldAsmCode[5] = { 0 };
VOID PrintMsg(DWORD msg) {
if (!msg)
return;
DWORD dwId = 0;
char* utf8_message = (char*)msg;
int c_size = MultiByteToWideChar(CP_UTF8, 0, utf8_message, -1, 0, 0);
wchar_t* wmessage = new wchar_t[c_size + 1];
......@@ -36,9 +45,17 @@ VOID PrintMsg(DWORD msg) {
char* message = new char[c_size + 1];
memset(message, 0, c_size + 1);
WideCharToMultiByte(CP_ACP, 0, wmessage, -1, message, c_size, 0, 0);
#ifndef USE_SOCKET
HANDLE hThread = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)SendLogToComServer, wmessage, NULL, &dwId);
if (hThread)
CloseHandle(hThread);
#else
delete[] wmessage;
wmessage = NULL;
#endif
#ifdef _DEBUG
cout << message;
#endif
delete[] message;
message = NULL;
return;
......@@ -66,8 +83,12 @@ __declspec(naked) void doprintmsg(){
* return:void
*/
VOID HookLogMsgInfo() {
if (LogMsgHooked)
WeChatWinBase = GetWeChatWinBase();
if (LogMsgHooked || !WeChatWinBase)
return;
HookLogMsgInfoAddr = WeChatWinBase + HookLogMsgInfoAddrOffset;
NextCallAddr = WeChatWinBase + HookLogMsgInfoNextCallOffset;
JmpBackAddr = WeChatWinBase + HookLogMsgJmpBackOffset;
HookAnyAddress(HookLogMsgInfoAddr,(LPVOID)doprintmsg, LogOldAsmCode);
LogMsgHooked = true;
}
......
DWeChatRobot/ReceiveMessage.cpp
浏览文件 @ eb0b1414
......@@ -22,6 +22,7 @@ using namespace std;
static int SRVPORT = 0;
struct ScoketMsgStruct {
DWORD pid;
int messagetype;
BOOL isSendMessage;
wchar_t sender[80];
......@@ -36,18 +37,19 @@ BOOL ReceiveMessageHooked = false;
// 保存HOOK前的字节码,用于恢复
char OldReceiveMessageAsmCode[5] = { 0 };
char OldSendMessageAsmCode[5] = { 0 };
static DWORD WeChatWinBase = GetWeChatWinBase();
// 接收消息HOOK地址
DWORD ReceiveMessageHookAddress = GetWeChatWinBase() + ReceiveMessageHookOffset;
static DWORD ReceiveMessageHookAddress = WeChatWinBase + ReceiveMessageHookOffset;
// 接收消息HOOK的CALL地址
DWORD ReceiveMessageNextCall = GetWeChatWinBase() + ReceiveMessageNextCallOffset;
static DWORD ReceiveMessageNextCall = WeChatWinBase + ReceiveMessageNextCallOffset;
// 接收HOOK的跳转地址
DWORD ReceiveMessageJmpBackAddress = ReceiveMessageHookAddress + 0x5;
static DWORD ReceiveMessageJmpBackAddress = ReceiveMessageHookAddress + 0x5;
// 发送消息HOOK地址
DWORD SendMessageHookAddress = GetWeChatWinBase() + SendMessageHookOffset;
static DWORD SendMessageHookAddress = WeChatWinBase + SendMessageHookOffset;
// 发送消息HOOK的CALL地址
DWORD SendMessageNextCall = GetWeChatWinBase() + SendMessageNextCallOffset;
static DWORD SendMessageNextCall = WeChatWinBase + SendMessageNextCallOffset;
// 发送HOOK的跳转地址
DWORD SendMessageJmpBackAddress = SendMessageHookAddress + 0x5;
static DWORD SendMessageJmpBackAddress = SendMessageHookAddress + 0x5;
// 通过socket将消息发送给服务端
BOOL SendSocketMessage(ReceiveMsgStruct* ms)
......@@ -82,6 +84,7 @@ BOOL SendSocketMessage(ReceiveMsgStruct* ms)
char recvbuf[1024] = { 0 };
ScoketMsgStruct* sms = new ScoketMsgStruct;
ZeroMemory(sms, sizeof(ScoketMsgStruct));
sms->pid = ms->pid;
sms->messagetype = ms->messagetype;
sms->isSendMessage = ms->isSendMessage;
memcpy(sms->wxid, ms->wxid, ms->l_wxid * 2);
......@@ -122,6 +125,7 @@ static SAFEARRAY* CreateMessageArray(ReceiveMsgStruct* ms) {
HRESULT hr = S_OK;
SAFEARRAY* psaValue;
vector<wstring> MessageInfoKey = {
L"pid",
L"type",
L"isSendMessage",
ms->isSendMessage ? L"sendto" : L"from",
......@@ -139,12 +143,12 @@ static SAFEARRAY* CreateMessageArray(ReceiveMsgStruct* ms) {
_variant_t key = MessageInfoKey[i].c_str();
hr = SafeArrayPutElement(psaValue, keyIndex, &key);
keyIndex[0] = i; keyIndex[1] = 1;
if (i < 2) {
if (i < 3) {
_variant_t value = ((DWORD*)ms)[i];
hr = SafeArrayPutElement(psaValue, keyIndex, &value);
}
else {
_variant_t value = ((wchar_t**)ms)[i * 2 - 2];
_variant_t value = ((wchar_t**)ms)[i * 2 - 3];
hr = SafeArrayPutElement(psaValue, keyIndex, &value);
}
}
......@@ -156,6 +160,7 @@ static void dealMessage(DWORD messageAddr) {
BOOL isSendMessage = *(BOOL*)(messageAddr + 0x3C);
ReceiveMsgStruct* message = new ReceiveMsgStruct;
ZeroMemory(message, sizeof(ReceiveMsgStruct));
message->pid = GetCurrentProcessId();
message->isSendMessage = isSendMessage;
message->time = GetTimeW(*(DWORD*)(messageAddr + 0x44));
message->l_time = wcslen(message->time);
......@@ -198,7 +203,7 @@ static void dealMessage(DWORD messageAddr) {
VARIANT vsaValue;
vsaValue.vt = VT_ARRAY | VT_VARIANT;
V_ARRAY(&vsaValue) = psaValue;
PostComMessage(&vsaValue);
PostComMessage(WX_MESSAGE,&vsaValue);
#endif
HANDLE hThread = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)SendSocketMessage, message, NULL, 0);
if (hThread) {
......@@ -219,7 +224,6 @@ VOID ReceiveMessage(DWORD messagesAddr) {
}
}
/*
* HOOK的具体实现,接收到消息后调用处理函数
*/
......@@ -261,8 +265,15 @@ _declspec(naked) void dealSendMessage() {
*/
VOID HookReceiveMessage(int port) {
SRVPORT = port;
if (ReceiveMessageHooked)
WeChatWinBase = GetWeChatWinBase();
if (ReceiveMessageHooked || !WeChatWinBase)
return;
ReceiveMessageHookAddress = WeChatWinBase + ReceiveMessageHookOffset;
ReceiveMessageNextCall = WeChatWinBase + ReceiveMessageNextCallOffset;
ReceiveMessageJmpBackAddress = ReceiveMessageHookAddress + 0x5;
SendMessageHookAddress = WeChatWinBase + SendMessageHookOffset;
SendMessageNextCall = WeChatWinBase + SendMessageNextCallOffset;
SendMessageJmpBackAddress = SendMessageHookAddress + 0x5;
HookAnyAddress(ReceiveMessageHookAddress,(LPVOID)dealReceiveMessage,OldReceiveMessageAsmCode);
HookAnyAddress(SendMessageHookAddress, (LPVOID)dealSendMessage, OldSendMessageAsmCode);
ReceiveMessageHooked = TRUE;
......
DWeChatRobot/SearchContactByNet.cpp
浏览文件 @ eb0b1414
......@@ -142,8 +142,16 @@ __declspec(naked) void dealUserInfo() {
}
static void HookSearchContact() {
if (SearchContactHooked)
WeChatWinBase = GetWeChatWinBase();
if (SearchContactHooked || WeChatWinBase == 0)
return;
HookSearchContactErrcodeNextCall = WeChatWinBase + HookSearchContactErrcodeNextCallOffset;
HookSearchContactErrcodeAddr = WeChatWinBase + HookSearchContactErrcodeAddrOffset;
HookSearchContactErrcodeJmpBackAddr = HookSearchContactErrcodeAddr + 0x5;
HookUserInfoNextCall = WeChatWinBase + HookUserInfoNextCallOffset;
HookUserInfoAddr = WeChatWinBase + HookUserInfoAddrOffset;
HookUserInfoJmpBackAddr = HookUserInfoAddr + 0x5;
HookAnyAddress(HookSearchContactErrcodeAddr, (LPVOID)dealSearchContactErrcode, HookSearchContactErrcodeOldAsm);
HookAnyAddress(HookUserInfoAddr,(LPVOID)dealUserInfo, HookUserInfoOldAsm);
SearchContactHooked = true;
......
DWeChatRobot/comclient.cpp
浏览文件 @ eb0b1414
......@@ -33,7 +33,7 @@ public:
}
};
BOOL PostComMessage(VARIANT* msg) {
BOOL PostComMessage(int msgtype,VARIANT* msg) {
HRESULT hr = S_OK;
hr = CoInitializeEx(0, COINIT_APARTMENTTHREADED);
if (FAILED(hr))
......@@ -50,7 +50,7 @@ BOOL PostComMessage(VARIANT* msg) {
AtlAdvise(spRobotEvent, sinkptr, __uuidof(_IRobotEventEvents), &cookies);
*/
int __result = 0;
spRobotEvent->CPostMessage(msg, &__result);
spRobotEvent->CPostMessage(msgtype,msg, &__result);
}
else {
return false;
......
DWeChatRobot/comclient.h
浏览文件 @ eb0b1414
......@@ -3,4 +3,7 @@
#define USE_COM
#include<comutil.h>
#pragma comment(lib, "comsuppw.lib")
BOOL PostComMessage(VARIANT* msg);
\ No newline at end of file
#define WX_MESSAGE 1
#define WX_LOG_MESSAGE 2
BOOL PostComMessage(int msgtype,VARIANT* msg);
\ No newline at end of file
DWeChatRobot/wxdata.h
浏览文件 @ eb0b1414
......@@ -56,6 +56,7 @@ struct WxString
* filepath:图片、文件及其他资源的保存路径;l_filepath:`filepath`字符数
*/
struct ReceiveMsgStruct {
DWORD pid;
DWORD messagetype;
BOOL isSendMessage;
wchar_t* sender;
......
Python/test.py
浏览文件 @ eb0b1414
......@@ -6,16 +6,15 @@ Created on Sat Apr 16 14:06:24 2022
"""
import time
import os
import wxRobot
from wxRobot import WeChatRobot
def test_SendText():
def test_SendText(wx):
path = os.path.split(os.path.realpath(__file__))[0]
# image full path
imgpath = os.path.join(path,'test\\测试图片.png')
# file full path
filepath = os.path.join(path,'test\\测试文件')
wx = WeChatRobot()
wx.StartService()
myinfo = wx.GetSelfInfo()
chatwith = wx.GetFriendByWxNickName("文件传输助手")
session = wx.GetChatSession(chatwith.get('wxid'))
......@@ -27,12 +26,9 @@ def test_SendText():
session.SendArticle("天气预报","点击查看","http://www.baidu.com")
shared = wx.GetFriendByWxNickName("码农翻身")
if shared: session.SendCard(shared.get('wxid'),shared.get('wxNickName'))
wx.StopService()
def test_FriendStatus():
def test_FriendStatus(wx):
f = open('Friendstatus.txt','wt',encoding = 'utf-8')
wx = WeChatRobot()
wx.StartService()
FriendList = wx.GetFriendList()
index = "\t".join(['微信号','昵称','备注','状态','\n'])
f.writelines(index)
......@@ -46,27 +42,23 @@ def test_FriendStatus():
time.sleep(1)
break
f.close()
wx.StopService()
def test_ExecuteSQL():
wx = WeChatRobot()
wx.StartService()
def test_ExecuteSQL(wx):
try:
dbs = wx.GetDbHandles()
dbname = 'MicroMsg.db'
handle = dbs.get(dbname).get('Handle')
sql = 'select a.UserName as `wxID`,a.Alias as `微信号`,a.EncryptUserName as `V3数据`,\
a.Type as `联系人类型`,a.VerifyFlag as `添加方式`,a.Remark as `备注`,a.NickName as `昵称`,b.bigHeadImgUrl as `头像` \
a.Type as `联系人类型`,a.VerifyFlag as `添加方式`,a.Remark as `备注`,a.NickName as `昵称`,b.bigHeadImgUrl as `头像`,\
a.ExtraBuf as `扩展数据` \
from Contact a inner join ContactHeadImgUrl b where a.UserName=b.usrName and a.Type=3 limit 10'
result = wx.ExecuteSQL(handle,sql)
print(result)
except:
except Exception as e:
print(e)
pass
wx.StopService()
def test_BackupDb():
wx = WeChatRobot()
wx.StartService()
def test_BackupDb(wx):
try:
dbs = wx.GetDbHandles()
dbname = 'MicroMsg.db'
......@@ -75,14 +67,22 @@ def test_BackupDb():
print(rc)
except:
pass
wx.StopService()
if __name__ == '__main__':
wx = WeChatRobot()
print(wx.GetWeChatVer())
interfaces = [i for i in dir(wx.robot) if '_' not in i and i[0] == 'C']
def show_interfaces():
robot = wxRobot._WeChatRobotClient.instance().robot
print(robot.CGetWeChatVer())
interfaces = [i for i in dir(robot) if '_' not in i and i[0] == 'C']
for interface in interfaces:
print(interface)
wx.StartService()
wx.StartReceiveMessage()
wx.StopService()
\ No newline at end of file
if __name__ == '__main__':
pids = wxRobot.GetWeChatPids()
wx_list = [WeChatRobot(pid) for pid in pids]
if len(wx_list) < 1:
wx_list = wx_list + [wxRobot.StartWeChat()] * (1 - len(wx_list))
for wx in wx_list:
wx.StartService()
wx.StartReceiveMessage()
wxRobot.StartSocketServer()
for wx in wx_list:
wx.StopService()
\ No newline at end of file
Python/wxRobot.py
浏览文件 @ eb0b1414
此差异已折叠。
README.md
浏览文件 @ eb0b1414
......@@ -15,6 +15,12 @@ PC微信机器人,实现以下功能:
4. 聊天记录备份
5. 其他你能想到的用途
# tips
1、当前分支是兼容多开的Beta版本,可通过pid进行多开管理
2、`CStartWeChat`接口可打开一个新的微信实例并返回该进程的pid,但仍然需要用户手动调用`CStartRobotService`进行注入
3、已经重新整理python socket server和连接点,可以实现多微信消息聚合
4、另外一个小小的诉求,如果您所在的公司有C++或Python岗位空缺,并且办公地点在北京、深圳,希望能提供内推机会给我,可以通过ljc545w@qq.com联系到我,不胜感激~
# 可用版本
微信电脑版**3.5.0.46**
微信电脑版**3.6.0.18**
......
wxDriver/driver.h
浏览文件 @ eb0b1414
......@@ -9,6 +9,8 @@ using namespace std;
#ifdef _WIN64
PVOID GetSystem32ProcAddr(PCWSTR ObjectName, PCSTR procName);
#endif
BOOL CloseProcessHandle(DWORD pid, wchar_t* handlename);
BOOL InjectDll(DWORD dwId, const wchar_t* szPath);
BOOL RemoveDll(DWORD dwId, PCWSTR dllname);
......
wxDriver/ntapi.cpp
浏览文件 @ eb0b1414
#include "pch.h"
#ifdef _WIN64
#include "driver.h"
#include "ntapi.h"
#include "driver.h"
#pragma comment(lib,"ntdll.lib")
HMODULE hNtdll = GetModuleHandle(L"ntdll.dll");
pNtQuerySystemInformation NtQuerySystemInformation = (pNtQuerySystemInformation)GetProcAddress(hNtdll, "NtQuerySystemInformation");
pNtDuplicateObject NtDuplicateObject = (pNtDuplicateObject)GetProcAddress(hNtdll, "NtDuplicateObject");
pNtQueryObject NtQueryObject = (pNtQueryObject)GetProcAddress(hNtdll, "NtQueryObject");
#ifdef _WIN64
pZwOpenSection ZwOpenSection = (pZwOpenSection)GetProcAddress(hNtdll, "ZwOpenSection");
pZwQuerySection ZwQuerySection = (pZwQuerySection)GetProcAddress(hNtdll, "ZwQuerySection");
pZwMapViewOfSection ZwMapViewOfSection = (pZwMapViewOfSection)GetProcAddress(hNtdll, "ZwMapViewOfSection");
......@@ -87,4 +92,87 @@ PVOID GetSystem32ProcAddr(PCWSTR ObjectName, PCSTR procName)
}
return pv;
}
#endif
\ No newline at end of file
#endif
BOOL CloseProcessHandle(DWORD pid, wchar_t* handlename) {
wstring name(handlename);
NTSTATUS status;
PSYSTEM_HANDLE_INFORMATION handleInfo;
ULONG handleInfoSize = 0x10000;
HANDLE processHandle,dupHandle;
POBJECT_TYPE_INFORMATION objectTypeInfo;
SYSTEM_HANDLE handle = { 0 };
bool thao = false;
wstring str = L"";
handleInfo = (PSYSTEM_HANDLE_INFORMATION)malloc(handleInfoSize);
while ((status = NtQuerySystemInformation(SystemHandleInformation,handleInfo,handleInfoSize,NULL)
) == STATUS_INFO_LENGTH_MISMATCH)
{
handleInfoSize *= 2;
PSYSTEM_HANDLE_INFORMATION tempinfo = (PSYSTEM_HANDLE_INFORMATION)realloc(handleInfo, (size_t)handleInfoSize);
if (tempinfo)
handleInfo = tempinfo;
}
if (handleInfo == NULL) {
return false;
}
for (ULONG i = 0; i < handleInfo->HandleCount; i++)
{
thao = false;
handle = handleInfo->Handles[i];
if (handle.ProcessId != pid)
continue;
processHandle = OpenProcess(PROCESS_DUP_HANDLE, FALSE, pid);
if (processHandle != NULL)
{
status = NtDuplicateObject(processHandle, (HANDLE)handle.Handle, GetCurrentProcess(), &dupHandle, 0, 0, 0);
if (status == 0)
{
objectTypeInfo = (POBJECT_TYPE_INFORMATION)malloc(0x2000);
if (NtQueryObject(dupHandle, ObjectTypeInformation, objectTypeInfo, 0x1000, NULL) == 0)
{
if (objectTypeInfo != NULL) {
str = wstring(objectTypeInfo->Name.Buffer);
}
if (str == L"Mutant")
{
NtQueryObject(dupHandle, ObjectNameInformation, objectTypeInfo, 0x1000, NULL);
if (objectTypeInfo != NULL) {
str = wstring(objectTypeInfo->Name.Buffer ? objectTypeInfo->Name.Buffer : L"");
}
if (str.find(name) != wstring::npos)
{
thao = true;
}
}
else if (str == L"Semaphore")
{
NtQueryObject(dupHandle, ObjectNameInformation, objectTypeInfo, 0x1000, NULL);
if (objectTypeInfo != NULL) {
str = wstring(objectTypeInfo->Name.Buffer ? objectTypeInfo->Name.Buffer : L"");
}
if (str.find(name) != wstring::npos)
{
thao = true;
}
}
}
CloseHandle(dupHandle);
free(objectTypeInfo);
objectTypeInfo = NULL;
if (thao == true)
{
HANDLE h_another_proc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
DuplicateHandle(h_another_proc, (HANDLE)handle.Handle, GetCurrentProcess(), &dupHandle, 0, FALSE, DUPLICATE_SAME_ACCESS | DUPLICATE_CLOSE_SOURCE); // ر
CloseHandle(dupHandle);
CloseHandle(h_another_proc);
}
}
CloseHandle(processHandle);
}
}
free(handleInfo);
handleInfo = NULL;
return thao;
}
\ No newline at end of file
wxDriver/ntapi.h
浏览文件 @ eb0b1414
#pragma once
#include<windows.h>
#ifndef _WIN64
typedef _Return_type_success_(return >= 0) LONG NTSTATUS;
typedef NTSTATUS* PNTSTATUS;
#endif // !_WIN64
#define STATUS_INFO_LENGTH_MISMATCH 0xc0000004
#define SystemHandleInformation 16
#define ObjectBasicInformation 0
#define ObjectNameInformation 1
#define ObjectTypeInformation 2
/*
* 函数指针、数据结构以及宏参考如下仓库
* https://github.com/winsiderss/systeminformer
......@@ -110,6 +121,58 @@ typedef struct _SECTION_IMAGE_INFORMATION
ULONG CheckSum;
} SECTION_IMAGE_INFORMATION, * PSECTION_IMAGE_INFORMATION;
typedef struct _SYSTEM_HANDLE
{
ULONG ProcessId;
BYTE ObjectTypeNumber;
BYTE Flags;
USHORT Handle;
PVOID Object;
ACCESS_MASK GrantedAccess;
} SYSTEM_HANDLE, * PSYSTEM_HANDLE;
typedef struct _SYSTEM_HANDLE_INFORMATION
{
ULONG HandleCount;
SYSTEM_HANDLE Handles[1];
} SYSTEM_HANDLE_INFORMATION, * PSYSTEM_HANDLE_INFORMATION;
typedef enum _POOL_TYPE
{
NonPagedPool,
PagedPool,
NonPagedPoolMustSucceed,
DontUseThisType,
NonPagedPoolCacheAligned,
PagedPoolCacheAligned,
NonPagedPoolCacheAlignedMustS
} POOL_TYPE, * PPOOL_TYPE;
typedef struct _OBJECT_TYPE_INFORMATION
{
UNICODE_STRING Name;
ULONG TotalNumberOfObjects;
ULONG TotalNumberOfHandles;
ULONG TotalPagedPoolUsage;
ULONG TotalNonPagedPoolUsage;
ULONG TotalNamePoolUsage;
ULONG TotalHandleTableUsage;
ULONG HighWaterNumberOfObjects;
ULONG HighWaterNumberOfHandles;
ULONG HighWaterPagedPoolUsage;
ULONG HighWaterNonPagedPoolUsage;
ULONG HighWaterNamePoolUsage;
ULONG HighWaterHandleTableUsage;
ULONG InvalidAttributes;
GENERIC_MAPPING GenericMapping;
ULONG ValidAccess;
BOOLEAN SecurityRequired;
BOOLEAN MaintainHandleCount;
USHORT MaintainTypeList;
POOL_TYPE PoolType;
ULONG PagedPoolUsage;
ULONG NonPagedPoolUsage;
} OBJECT_TYPE_INFORMATION, * POBJECT_TYPE_INFORMATION;
typedef
NTSYSCALLAPI
......@@ -184,4 +247,41 @@ NTSTATUS
(NTAPI*
pNtClose)(
_In_ _Post_ptr_invalid_ HANDLE Handle
);
typedef
NTSYSCALLAPI
NTSTATUS
(NTAPI*
pNtQuerySystemInformation)(
ULONG SystemInformationClass,
PVOID SystemInformation,
ULONG SystemInformationLength,
PULONG ReturnLength
);
typedef
NTSYSCALLAPI
NTSTATUS
(NTAPI*
pNtDuplicateObject)(
HANDLE SourceProcessHandle,
HANDLE SourceHandle,
HANDLE TargetProcessHandle,
PHANDLE TargetHandle,
ACCESS_MASK DesiredAccess,
ULONG Attributes,
ULONG Options
);
typedef
NTSYSCALLAPI
NTSTATUS
(NTAPI*
pNtQueryObject)(
HANDLE ObjectHandle,
ULONG ObjectInformationClass,
PVOID ObjectInformation,
ULONG ObjectInformationLength,
PULONG ReturnLength
);
\ No newline at end of file
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册