diff --git a/DWeChatRobot/CheckFriendStatus.cpp b/DWeChatRobot/CheckFriendStatus.cpp index 656cf0f30021570ff14de8657005c27e6b487beb..c56752800fa0201dc6169a8c0d98d49294aece2a 100644 --- a/DWeChatRobot/CheckFriendStatus.cpp +++ b/DWeChatRobot/CheckFriendStatus.cpp @@ -1,22 +1,22 @@ #include "pch.h" // 检查好友状态CALL1偏移 -#define CheckFriendStatusCall1Offset 0x78861210 - 0x787A0000 +#define CheckFriendStatusCall1Offset 0x594944E0 - 0x593B0000 // 检查好友状态CALL2偏移 -#define CheckFriendStatusCall2Offset 0x03521CD0 - 0x02E20000 +#define CheckFriendStatusCall2Offset 0x59B20890 - 0x593B0000 // 检查好友状态CALL3偏移 -#define CheckFriendStatusCall3Offset 0x03521DC0 - 0x02E20000 +#define CheckFriendStatusCall3Offset 0x59B20980 - 0x593B0000 // 检查好友状态CALL4偏移 -#define CheckFriendStatusCall4Offset 0x0321FB90 - 0x02E20000 +#define CheckFriendStatusCall4Offset 0x59813940 - 0x593B0000 // 检查好友状态参数偏移 -#define CheckFriendStatusParamOffset 0x0504F3BC - 0x02E20000 +#define CheckFriendStatusParamOffset 0x5B7138F4 - 0x593B0000 // 好友状态码HOOK地址偏移 -#define CheckFriendStatusHookOffset 0x5E0830B3 - 0x5DB60000 +#define CheckFriendStatusHookOffset 0x59937373 - 0x593B0000 // HOOK的CALL偏移 -#define CheckFriendStatusNextCallOffset 0x5E083150 - 0x5DB60000 +#define CheckFriendStatusNextCallOffset 0x59937410 - 0x593B0000 // HOOK跳转的地址偏移 -#define CheckFriendStatusHookJmpBackOffset 0x5E0830B8 - 0x5DB60000 +#define CheckFriendStatusHookJmpBackOffset 0x59937378 - 0x593B0000 // HOOK的CALL地址 DWORD CheckFriendStatusNextCallAddress = GetWeChatWinBase() + CheckFriendStatusNextCallOffset; diff --git a/DWeChatRobot/DbBackup.cpp b/DWeChatRobot/DbBackup.cpp index abd032d3319faf99cc88607fc8aadf41ad0254ad..02887156a930405f0b4c21a4fe29743899d04843 100644 --- a/DWeChatRobot/DbBackup.cpp +++ b/DWeChatRobot/DbBackup.cpp @@ -112,7 +112,7 @@ VOID PatchSQLite3_Backup_Init() { if (SQLite3_Backup_Init_Patched) return; // patch掉这块指令,绕过`backup is not supported with encrypted databases` - DWORD address_sqlite3_backup_init_patch_offset = OffsetFromIdaAddr(0x1131C110 + 0x52); + DWORD address_sqlite3_backup_init_patch_offset = OffsetFromIdaAddr(0x113E0470 + 0x52); DWORD patchAddress = GetWeChatWinBase() + address_sqlite3_backup_init_patch_offset; const int nopLen = 22; BYTE nopData[nopLen]; @@ -148,15 +148,15 @@ int BackupSQLiteDB(DWORD DbHandle,const char* BackupFile) #ifdef _DEBUG cout << "开始备份,文件保存至: " << BackupFile << endl; #endif - DWORD address_sqlite3_open = wxBaseAddress + OffsetFromIdaAddr(0x1138ACD0); - DWORD address_sqlite3_backup_init = wxBaseAddress + OffsetFromIdaAddr(0x1131C110); - DWORD address_sqlite3_backup_step = wxBaseAddress + OffsetFromIdaAddr(0x1131C510); - DWORD address_sqlite3_sleep = wxBaseAddress + OffsetFromIdaAddr(0x1138B510); - DWORD address_sqlite3_backup_finish = wxBaseAddress + OffsetFromIdaAddr(0x1131CB50); - DWORD address_sqlite3_close = wxBaseAddress + OffsetFromIdaAddr(0x113880A0); - DWORD address_sqlite3_backup_remaining = wxBaseAddress + OffsetFromIdaAddr(0x1131CC50); - DWORD address_sqlite3_backup_pagecount = wxBaseAddress + OffsetFromIdaAddr(0x1131CC60); - DWORD address_sqlite3_errcode = wxBaseAddress + OffsetFromIdaAddr(0x11389970); + DWORD address_sqlite3_open = wxBaseAddress + OffsetFromIdaAddr(0x1144F000); + DWORD address_sqlite3_backup_init = wxBaseAddress + OffsetFromIdaAddr(0x113E0470); + DWORD address_sqlite3_backup_step = wxBaseAddress + OffsetFromIdaAddr(0x113E0870); + DWORD address_sqlite3_sleep = wxBaseAddress + OffsetFromIdaAddr(0x1144F840); + DWORD address_sqlite3_backup_finish = wxBaseAddress + OffsetFromIdaAddr(0x113E0EB0); + DWORD address_sqlite3_close = wxBaseAddress + OffsetFromIdaAddr(0x1144C3D0); + DWORD address_sqlite3_backup_remaining = wxBaseAddress + OffsetFromIdaAddr(0x113E0FB0); + DWORD address_sqlite3_backup_pagecount = wxBaseAddress + OffsetFromIdaAddr(0x113E0FC0); + DWORD address_sqlite3_errcode = wxBaseAddress + OffsetFromIdaAddr(0x1144DCA0); const char* myMain = "main"; int rc = backupDb( DbHandle, diff --git a/DWeChatRobot/DbExecuteSql.cpp b/DWeChatRobot/DbExecuteSql.cpp index a853e91097842627befffe7827677338ae7a384e..f7ea2dfca92c6dec6477daa5acfa2d4c9f9eda30 100644 --- a/DWeChatRobot/DbExecuteSql.cpp +++ b/DWeChatRobot/DbExecuteSql.cpp @@ -1,7 +1,7 @@ #include "pch.h" // sqlite3_exec函数偏移 -#define sqlite3_execOffset 0x66176570 - 0x64E20000 +#define sqlite3_execOffset 0x141A8C0 // sqlite3_callback函数指针 typedef int(*sqlite3_callback)( diff --git a/DWeChatRobot/FriendList.cpp b/DWeChatRobot/FriendList.cpp index 8c9444257bde9432d5666ce7662ca32fb1befbfe..14efc03e8f510aa1f37d7ac6cec6c7ea8d3769cd 100644 --- a/DWeChatRobot/FriendList.cpp +++ b/DWeChatRobot/FriendList.cpp @@ -2,7 +2,7 @@ #include // 通讯录左树偏移 -#define LeftTreeOffset 0x222F3BC +#define LeftTreeOffset 0x23638F4 /* * 保存单个好友信息的结构体 diff --git a/DWeChatRobot/GetChatRoomMemebers.cpp b/DWeChatRobot/GetChatRoomMemebers.cpp index 77ed2c66a2eeb84f3959491316cb80b674ca4f25..9f88f4a08bb906ec657f69dea71881767a4ef579 100644 --- a/DWeChatRobot/GetChatRoomMemebers.cpp +++ b/DWeChatRobot/GetChatRoomMemebers.cpp @@ -1,13 +1,13 @@ #include "pch.h" // 获取群成员CALL1偏移 -#define GetChatRoomMembersCall1Offset 0x6246BBB0 - 0x61E20000 +#define GetChatRoomMembersCall1Offset 0x54926F80 - 0x54270000 // 获取群成员CALL2偏移 -#define GetChatRoomMembersCall2Offset 0x61EDF550 - 0x61E20000 +#define GetChatRoomMembersCall2Offset 0x54352990 - 0x54270000 // 获取群成员CALL3偏移 -#define GetChatRoomMembersCall3Offset 0x622046D0 - 0x61E20000 +#define GetChatRoomMembersCall3Offset 0x546B88C0 - 0x54270000 // 清空缓存CALL偏移 -#define DeleteGetChatRoomMembersCacheCallOffset 0x6246BDD0 - 0x61E20000 +#define DeleteGetChatRoomMembersCacheCallOffset 0x549271A0 - 0x54270000 /* * 外部调用的返回类型 @@ -61,7 +61,7 @@ BOOL __stdcall GetChatRoomMembers(wchar_t* chatroomid) { DWORD DeleteGetChatRoomMembersCacheCall = WeChatWinBase + DeleteGetChatRoomMembersCacheCallOffset; WxBaseStruct wsChatRoomId(chatroomid); - char buffer[0x1B0] = { 0 }; + char buffer[0x1E0] = { 0 }; DWORD isSuccess = 0x0; DWORD DataAddr = 0x0; @@ -83,6 +83,9 @@ BOOL __stdcall GetChatRoomMembers(wchar_t* chatroomid) { } if (isSuccess) { char* members = (char*)(*(DWORD*)(DataAddr + 0x1C)); +#ifdef _DEBUG + cout << members << endl; +#endif wchar_t* wmembers = new wchar_t[strlen(members) + 1]; ZeroMemory(wmembers, (strlen(members) + 1) * 2); MultiByteToWideChar(CP_ACP,0,members,-1,wmembers, strlen(members) + 1); diff --git a/DWeChatRobot/GetDbHandles.cpp b/DWeChatRobot/GetDbHandles.cpp index adcd67813d3690e1cb5b453cf261674d20a95b2e..9b5d436bf916b4613b0fcfbbe58c6fe026bc41d0 100644 --- a/DWeChatRobot/GetDbHandles.cpp +++ b/DWeChatRobot/GetDbHandles.cpp @@ -1,9 +1,9 @@ #include "pch.h" // 联系人相关库偏移 -#define SqlHandleMicroMsgOffset 0x222F3FC +#define SqlHandleMicroMsgOffset 0x2363934 // 公众号相关库偏移 -#define SqlHandlePublicMsgOffset 0x22553D0 +#define SqlHandlePublicMsgOffset 0x239B3C8 // 保存数据库信息的容器 vector dbs; @@ -47,7 +47,7 @@ void GetDbHandles() { __asm { mov eax, [SqlHandleBaseAddr]; mov ecx, [eax]; - add ecx, 0x1888; + add ecx, 0x1428; mov eax, [ecx]; mov SqlHandleBeginAddr, eax; mov eax, [ecx + 0x4]; @@ -60,26 +60,26 @@ void GetDbHandles() { SqlHandleBeginAddr += 0x4; if (SqlHandleBeginAddr == SqlHandleEndAddr) break; - if(dbnames.find((wchar_t*)(*(DWORD*)(dwHandle + 0x78)),0) != wstring::npos) + if(dbnames.find((wchar_t*)(*(DWORD*)(dwHandle + 0x50)),0) != wstring::npos) continue; DbInfoStruct db = { 0 }; - dbnames += (wchar_t*)(*(DWORD*)(dwHandle + 0x78)); - db.dbname = (wchar_t*)(*(DWORD*)(dwHandle + 0x78)); + dbnames += (wchar_t*)(*(DWORD*)(dwHandle + 0x50)); + db.dbname = (wchar_t*)(*(DWORD*)(dwHandle + 0x50)); db.l_dbname = wcslen(db.dbname); - db.handle = *(DWORD*)(dwHandle + 0x64); - ExecuteSQL(*(DWORD*)(dwHandle + 0x64), "select * from sqlite_master where type=\"table\";",(DWORD)GetDbInfo,&db); + db.handle = *(DWORD*)(dwHandle + 0x3C); + ExecuteSQL(*(DWORD*)(dwHandle + 0x3C), "select * from sqlite_master where type=\"table\";",(DWORD)GetDbInfo,&db); dbs.push_back(db); } for (int i = 1; i < 4; i++) { dwHandle = *((DWORD*)(SqlHandlePublicMsgAddr + i * 0x4)); - if (dbnames.find((wchar_t*)(*(DWORD*)(dwHandle + 0x78)), 0) != wstring::npos) + if (dbnames.find((wchar_t*)(*(DWORD*)(dwHandle + 0x50)), 0) != wstring::npos) continue; DbInfoStruct db = { 0 }; - dbnames += (wchar_t*)(*(DWORD*)(dwHandle + 0x78)); - db.dbname = (wchar_t*)(*(DWORD*)(dwHandle + 0x78)); + dbnames += (wchar_t*)(*(DWORD*)(dwHandle + 0x50)); + db.dbname = (wchar_t*)(*(DWORD*)(dwHandle + 0x50)); db.l_dbname = wcslen(db.dbname); - db.handle = *(DWORD*)(dwHandle + 0x64); - ExecuteSQL(*(DWORD*)(dwHandle + 0x64), "select * from sqlite_master where type=\"table\";", (DWORD)GetDbInfo, &db); + db.handle = *(DWORD*)(dwHandle + 0x3C); + ExecuteSQL(*(DWORD*)(dwHandle + 0x3C), "select * from sqlite_master where type=\"table\";", (DWORD)GetDbInfo, &db); dbs.push_back(db); } // 添加一个空结构体,作为读取结束标志 diff --git a/DWeChatRobot/LogMsgInfo.cpp b/DWeChatRobot/LogMsgInfo.cpp index 3e2a647830c7ca69d306d4eb0e91840b1154c0f9..20ce5d276c43bdfa1a0a00457fc9e82ac87ce59f 100644 --- a/DWeChatRobot/LogMsgInfo.cpp +++ b/DWeChatRobot/LogMsgInfo.cpp @@ -1,11 +1,11 @@ #include "pch.h" // 微信日志HOOK地址偏移 -#define HookLogMsgInfoAddrOffset 0x103408A4 - 0x0FC40000 +#define HookLogMsgInfoAddrOffset 0x549DF444 - 0x54270000 // HOOK的CALL偏移 -#define HookLogMsgInfoNextCallOffset 0x11586DFC - 0x0FC40000 +#define HookLogMsgInfoNextCallOffset 0x55C7E50E - 0x54270000 // HOOK的跳转地址偏移 -#define HookLogMsgJmpBackOffset 0x103408A9 - 0x0FC40000 +#define HookLogMsgJmpBackOffset 0x549DF449 - 0x54270000 // 微信日志HOOK地址 DWORD HookLogMsgInfoAddr = GetWeChatWinBase() + HookLogMsgInfoAddrOffset; diff --git a/DWeChatRobot/ReceiveMessage.cpp b/DWeChatRobot/ReceiveMessage.cpp index d079c911eb3f2c85e3ff58d2b12ede7ae196f8b1..4c3f5d0bf2827fd7a0f0eeebf038329dab2b45aa 100644 --- a/DWeChatRobot/ReceiveMessage.cpp +++ b/DWeChatRobot/ReceiveMessage.cpp @@ -2,9 +2,9 @@ #include // 接收消息的HOOK地址偏移 -#define ReceiveMessageHookOffset 0x034A4F60 - 0x02FE0000 +#define ReceiveMessageHookOffset 0x547C0F4C - 0x54270000 // HOOK的CALL偏移 -#define ReceiveMessageNextCallOffset 0x034A0CE0 - 0x02FE0000 +#define ReceiveMessageNextCallOffset 0x54D04E60 - 0x54270000 /* * 保存单条信息的结构 @@ -47,9 +47,6 @@ DWORD JmpBackAddress = ReceiveMessageHookAddress + 0x5; */ VOID ReceiveMessage(DWORD messageAddr) { // 此处用于区别是发送的还是接收的消息,发送的消息会被过滤 - DWORD isSendMessage = *(DWORD*)(messageAddr + 0x3C); - if (isSendMessage) - return; messageStruct message = { 0 }; message.messagetype = *(DWORD*)(messageAddr + 0x38); @@ -124,8 +121,8 @@ _declspec(naked) void dealReceiveMessage() { __asm { pushad; pushfd; - mov edi, [eax]; - push edi; + mov eax, [edi]; + push eax; call ReceiveMessage; add esp, 0x4; popfd; diff --git a/DWeChatRobot/SelfInfo.cpp b/DWeChatRobot/SelfInfo.cpp index b5942d65151785326029beec1e2c173b4cd7114f..9ae2a5e14c7593160158860ff95309050523c2b9 100644 --- a/DWeChatRobot/SelfInfo.cpp +++ b/DWeChatRobot/SelfInfo.cpp @@ -21,16 +21,16 @@ struct SelfInfoStruct { DWORD GetSelfInfoRemote() { DWORD WeChatWinBase = GetWeChatWinBase(); vector SelfInfoAddr = { - WeChatWinBase + 0x222EB3C, - WeChatWinBase + 0x222ED30, - WeChatWinBase + 0x222EBB4, - *(DWORD*)(WeChatWinBase + 0x222ECEC), - *(DWORD*)(WeChatWinBase + 0x222EE94), - *(DWORD*)(WeChatWinBase + 0x222EEAC), - WeChatWinBase + 0x222EF30, - WeChatWinBase + 0x222ECBC, - WeChatWinBase + 0x222ECD4, - WeChatWinBase + 0x222EBE8 + WeChatWinBase + 0x236307C, + WeChatWinBase + 0x2363548, + WeChatWinBase + 0x23630F4, + *(DWORD*)(WeChatWinBase + 0x236322C), + *(DWORD*)(WeChatWinBase + 0x239E11C), + *(DWORD*)(WeChatWinBase + 0x23633D4), + WeChatWinBase + 0x23632E8, + WeChatWinBase + 0x23631FC, + WeChatWinBase + 0x2363214, + WeChatWinBase + 0x2363128 }; vector SelfInfoKey = { diff --git a/DWeChatRobot/SendArticle.cpp b/DWeChatRobot/SendArticle.cpp index 072b4b9740d26a9a63f4aa12fb704bb85ee700d0..d9e2496aec75a153261d44c2f810642044ca82c6 100644 --- a/DWeChatRobot/SendArticle.cpp +++ b/DWeChatRobot/SendArticle.cpp @@ -1,20 +1,20 @@ #include "pch.h" // 发送文章CALL1偏移 -#define SendArticleCall1Offset 0x0F7454F0 - 0x0F6B0000 +#define SendArticleCall1Offset 0x54328A10 - 0x54270000 // 发送文章CALL2偏移 -#define SendArticleCall2Offset 0x0FA41F80 - 0x0F6B0000 +#define SendArticleCall2Offset 0x5465D5E0 - 0x54270000 // 发送文章CALL3偏移 -#define SendArticleCall3Offset 0x0F7794A0 - 0x0F6B0000 +#define SendArticleCall3Offset 0x54377EB0 - 0x54270000 // 发送文章CALL4偏移 -#define SendArticleCall4Offset 0x0FA42150 - 0x0F6B0000 +#define SendArticleCall4Offset 0x5465D7B0 - 0x54270000 // 发送文章CALL参数偏移 -#define SendArticleParamOffset 0x118EEC34 - 0x0F6B0000 +#define SendArticleParamOffset 0x565F3FE4 - 0x54270000 // 清空缓存CALL1偏移 -#define SendArticleClearCacheCall1Offset 0x0FCEB4F0 - 0x0F6B0000 +#define SendArticleClearCacheCall1Offset 0x54916450 - 0x54270000 // 清空缓存CALL2偏移 -#define SendArticleClearCacheCall2Offset 0x0F744200 - 0x0F6B0000 +#define SendArticleClearCacheCall2Offset 0x54327720 - 0x54270000 /* * 外部调用时传递的参数结构 @@ -49,7 +49,7 @@ VOID SendArticleRemote(LPVOID lparameter) { * return:DWORD,个人wxid保存地址 */ DWORD GetSelfWxIdAddr() { - DWORD baseAddr = GetWeChatWinBase() + 0x222EB3C; + DWORD baseAddr = GetWeChatWinBase() + 0x236307C; char wxidbuffer[0x100] = { 0 }; DWORD SelfWxIdAddr = 0x0; sprintf_s(wxidbuffer, "%s", (char*)baseAddr); @@ -86,7 +86,7 @@ BOOL __stdcall SendArticle(wchar_t* wxid,wchar_t* title, wchar_t* abstract, wcha // 自己的wxid,发送者 char* sselfwxid = (char*)GetSelfWxIdAddr(); wchar_t* wselfwxid = new wchar_t[strlen(sselfwxid) + 1]; - MultiByteToWideChar(CP_ACP, MB_COMPOSITE, sselfwxid, -1, wselfwxid, strlen(sselfwxid) + 1); + MultiByteToWideChar(CP_ACP, 0, sselfwxid, -1, wselfwxid, strlen(sselfwxid) + 1); // 构造xml数据 wchar_t* xmlbuffer = new wchar_t[0x2000]; ZeroMemory(xmlbuffer, 0x2000 * 2); @@ -100,7 +100,7 @@ BOOL __stdcall SendArticle(wchar_t* wxid,wchar_t* title, wchar_t* abstract, wcha WxBaseStruct pReceiver(wxid); WxString imgbuffer = { 0 }; WxString nullStruct = { 0 }; - char buffer[0xF90] = { 0 }; + char buffer[0xFF0] = { 0 }; DWORD isSuccess = 0x0; __asm { pushad; diff --git a/DWeChatRobot/SendAtText.cpp b/DWeChatRobot/SendAtText.cpp index b9bfed3ccff597c15fbeebb739b1cae957956533..d9769e2a76c22e84c8d916f45382ec7aa15b8ddb 100644 --- a/DWeChatRobot/SendAtText.cpp +++ b/DWeChatRobot/SendAtText.cpp @@ -1,9 +1,9 @@ #include "pch.h" // 发送艾特消息CALL偏移 -#define SendAtTextCallOffset 0x6782E7B0 - 0x67370000 +#define SendAtTextCallOffset 0x67391D30 - 0x66E70000 // 清空缓存CALL偏移 -#define DeleteAtTextCacheCallOffset 0x67404200 - 0x67370000 +#define DeleteAtTextCacheCallOffset 0x54327720 - 0x54270000 /* * 外部调用时传递的参数结构 diff --git a/DWeChatRobot/SendCard.cpp b/DWeChatRobot/SendCard.cpp index 415ca4b1479eb2fe63e1d07649a15780b2ae6732..7c68ed9f8ff82120280f924e4e03e05f0b3d0751 100644 --- a/DWeChatRobot/SendCard.cpp +++ b/DWeChatRobot/SendCard.cpp @@ -1,9 +1,9 @@ #include "pch.h" // 发送名片的CALL偏移 -#define SendCardCallOffset 0x644FE7B0 - 0x64040000 +#define SendCardCallOffset 0x54791D30 - 0x54270000 // 清空缓存的CALL偏移 -#define DeleteCardCacheCallOffset 0x640D4200 - 0x64040000 +#define DeleteCardCacheCallOffset 0x54327720 - 0x54270000 /* * 外部调用时提供的参数结构 diff --git a/DWeChatRobot/SendFile.cpp b/DWeChatRobot/SendFile.cpp index 1ef04b6d44db4ca1148b91d50a76ce8d6327eff2..a486bb6bbedf09d6158dd4995cae98683b88652d 100644 --- a/DWeChatRobot/SendFile.cpp +++ b/DWeChatRobot/SendFile.cpp @@ -1,17 +1,17 @@ #include "pch.h" // 发送文件CALL1偏移 -#define SendFileCall1Offset (0x67A71DC0 - 0x67370000) +#define SendFileCall1Offset (0x549E0980 - 0x54270000) // 发送文件CALL2偏移 -#define SendFileCall2Offset (0x68D81C83 - 0x67370000) +#define SendFileCall2Offset (0x549E0980 - 0x54270000) // 发送文件CALL3偏移 -#define SendFileCall3Offset (0x68D8047A - 0x67370000) +#define SendFileCall3Offset (0x5465D8C0 - 0x54270000) // 发送文件CALL4偏移 -#define SendFileCall4Offset (0x67702260 - 0x67370000) +#define SendFileCall4Offset (0x54698270 - 0x54270000) // 发送文件参数偏移 -#define SendFileParamsOffset (0x6959F170 - 0x67370000) +#define SendFileParamsOffset (0x565D36B0 - 0x54270000) // 清空缓存CALL偏移 -#define DeleteSendFileCacheCallOffset (0x67404200 - 0x67370000) +#define DeleteSendFileCacheCallOffset (0x54327720 - 0x54270000) /* * 外部调用时传递的参数结构 @@ -86,13 +86,6 @@ void __stdcall SendFile(wchar_t* receiver, wchar_t* FilePath) { __asm { pushad; pushfd; - lea esi, esi_; - push 0; - push 0; - push 0; - push 0; - push 0; - push 0x005A0000; sub esp, 0x14; mov edi, esp; mov dword ptr ds : [edi] , 0x0; @@ -100,54 +93,28 @@ void __stdcall SendFile(wchar_t* receiver, wchar_t* FilePath) { mov dword ptr ds : [edi + 0x8] , 0x0; mov dword ptr ds : [edi + 0xC] , 0x0; mov dword ptr ds : [edi + 0x10] , 0x0; - + push 0x00DBE200; + sub esp, 0x14; + mov edi, esp; + mov dword ptr ds : [edi] , 0x0; + mov dword ptr ds : [edi + 0x4] , 0x0; + mov dword ptr ds : [edi + 0x8] , 0x0; + mov dword ptr ds : [edi + 0xC] , 0x0; + mov dword ptr ds : [edi + 0x10] , 0x0; sub esp, 0x14; - lea eax, dword ptr ds : [esi + 0x4] ; + lea eax, pFilePath; mov ecx, esp; push eax; call WxSendFileCall1; - sub esp, 0x14; + lea eax, pReceiver; mov ecx, esp; - mov dword ptr ds : [ecx] , 0x0; - mov dword ptr ds : [ecx + 0x4] , 0x0; - mov dword ptr ds : [ecx + 0x8] , 0x0; - mov dword ptr ds : [ecx + 0xC] , 0x0; - mov dword ptr ds : [ecx + 0x10] , 0x0; - - lea edx, pReceiver; - mov eax, [edx]; - - mov edi, edi_; - lea eax, dword ptr ds : [edi * 2 + 0x2] ; - mov tempecx, ecx; push eax; - push dword ptr ds : [ecx] ; call WxSendFileCall2; - mov ecx, [tempecx]; - mov edx, eax; - add esp, 0x8; - - mov eax, dword ptr ds : [ecx + 0x4] ; - mov dword ptr ds : [ecx] , edx; - mov dword ptr ds : [ecx + 0x8] , edi; - mov tempecx, ecx; - push edi; - push ptrReceiver; - push dword ptr ds : [ecx] ; - call WxSendFileCall3; - mov ecx, [tempecx]; - add esp, 0xC; - - mov edx, 0x0; - mov eax, dword ptr ds : [ecx] ; - mov word ptr ds : [eax + edi * 2] , 0x0; - mov dword ptr ds : [ecx + 0x4] , edi; - - mov ecx, WxSendFileParams; + mov ecx, [WxSendFileParams]; lea eax, buffer; push eax; - call WxSendFileCall4; + call WxSendFileCall3; lea ecx, buffer; call DeleteSendFileCacheCall; popfd; diff --git a/DWeChatRobot/SendImage.cpp b/DWeChatRobot/SendImage.cpp index fd8ca73395629a3964ca03db4ddbf95d0489c232..b7f8920dc076f3ff5f92b060113ba643e34be2de 100644 --- a/DWeChatRobot/SendImage.cpp +++ b/DWeChatRobot/SendImage.cpp @@ -1,13 +1,13 @@ #include "pch.h" // 发送图片CALL1偏移 -#define SendImageCall1Offset (0x6740A1C0 - 0x67370000) +#define SendImageCall1Offset (0x5432D730 - 0x54270000) // 发送图片CALL2偏移 -#define SendImageCall2Offset (0x67A71DC0 - 0x67370000) +#define SendImageCall2Offset (0x549E0980 - 0x54270000) // 发送图片CALL3偏移 -#define SendImageCall3Offset (0x6782E160 - 0x67370000) +#define SendImageCall3Offset (0x54791640 - 0x54270000) // 清空缓存的CALL偏移 -#define DeleteSendImageCacheCallOffset (0x67404200 - 0x67370000) +#define DeleteSendImageCacheCallOffset (0x54327720 - 0x54270000) /* * 外部调用时传递的参数结构 diff --git a/DWeChatRobot/SendText.cpp b/DWeChatRobot/SendText.cpp index 67a39883b03a09d0e63e9bee93fff3a0136e31e5..667a4b2a5901f24c30e0a1c629d8a1d9825d8787 100644 --- a/DWeChatRobot/SendText.cpp +++ b/DWeChatRobot/SendText.cpp @@ -1,9 +1,9 @@ #include "pch.h" // 发送文本消息的CALL偏移 -#define SendTextCallOffset 0x6782E7B0 - 0x67370000 +#define SendTextCallOffset 0x67391D30 - 0x66E70000 // 清空缓存的CALL偏移 -#define DeleteTextCacheCallOffset 0x67404200 - 0x67370000 +#define DeleteTextCacheCallOffset 0x54327720 - 0x54270000 /* * 外部调用时传递的参数结构 diff --git a/DWeChatRobot/UserInfo.cpp b/DWeChatRobot/UserInfo.cpp index ae458588f5fc2d6b543073619c87694d03cde03f..93d1f80343deeefb50ee8cf68668378e71295468 100644 --- a/DWeChatRobot/UserInfo.cpp +++ b/DWeChatRobot/UserInfo.cpp @@ -3,19 +3,16 @@ #include #include -// 获取好友信息CALL0偏移 -#define GetUserInfoCall0Offset 0x6740A000 - 0x67370000 // 获取好友信息CALL1偏移 -#define GetUserInfoCall1Offset 0x679C9840 - 0x67370000 +#define GetUserInfoCall1Offset 0x5946D570 - 0x593B0000 // 获取好友信息CALL2偏移 -#define GetUserInfoCall2Offset 0x67A71DC0 - 0x67370000 +#define GetUserInfoCall2Offset 0x59B20980 - 0x593B0000 // 获取好友信息CALL3偏移 -#define GetUserInfoCall3Offset 0x677724A0 - 0x67370000 - -// 清空缓存CALL1偏移 -#define DeleteUserInfoCacheCall1Offset 0x67775990 - 0x67370000 -// 清空缓存CALL2偏移 -#define DeleteUserInfoCacheCall2Offset 0x679CA340 - 0x67370000 +#define GetUserInfoCall3Offset 0x59816270 - 0x593B0000 +// 清理好友信息缓存参数 +#define DeleteUserInfoCacheCall1Offset 0x59A752B0 - 0x593B0000 +// 清理好友信息缓存CALL2 +#define DeleteUserInfoCacheCall2Offset 0x5946E680 - 0x593B0000 /* * 外部调用时的返回类型 @@ -117,12 +114,11 @@ VOID DeleteUserInfoCacheRemote() { */ BOOL __stdcall GetUserInfoByWxId(wchar_t* wxid) { DWORD WeChatWinBase = GetWeChatWinBase(); - DWORD WxGetUserInfoCall0 = WeChatWinBase + GetUserInfoCall0Offset; DWORD WxGetUserInfoCall1 = WeChatWinBase + GetUserInfoCall1Offset; DWORD WxGetUserInfoCall2 = WeChatWinBase + GetUserInfoCall2Offset; DWORD WxGetUserInfoCall3 = WeChatWinBase + GetUserInfoCall3Offset; - DWORD DeleteUserInofCacheCall1 = WeChatWinBase + DeleteUserInfoCacheCall1Offset; - DWORD DeleteUserInofCacheCall2 = WeChatWinBase + DeleteUserInfoCacheCall2Offset; + DWORD DeleteUserInfoCacheCall1 = WeChatWinBase + DeleteUserInfoCacheCall1Offset; + DWORD DeleteUserInfoCacheCall2 = WeChatWinBase + DeleteUserInfoCacheCall2Offset; char buffer[0x3FC] = { 0 }; WxBaseStruct pWxid(wxid); DWORD address = 0; @@ -130,33 +126,32 @@ BOOL __stdcall GetUserInfoByWxId(wchar_t* wxid) { __asm { pushad; - call WxGetUserInfoCall0; - mov edi, eax; - lea ecx, buffer; call WxGetUserInfoCall1; - lea eax, buffer; - mov address, eax; - push eax; + lea ebx, buffer; + push ebx; sub esp, 0x14; + mov esi, eax; + lea eax, pWxid; mov ecx, esp; - lea esi, pWxid; - push esi; + push eax; call WxGetUserInfoCall2; - mov ecx, edi; + mov ecx, esi; call WxGetUserInfoCall3; mov isSuccess, eax; + mov address, ebx; popad; } if(isSuccess) WxUserInfo(address); + char deletebuffer[0x410] = { 0 }; __asm { pushad; - lea eax, buffer; + lea ecx, deletebuffer; + call DeleteUserInfoCacheCall1; push eax; - call DeleteUserInofCacheCall1; - lea ecx, buffer; - mov esi, eax; - call DeleteUserInofCacheCall2; + lea ebx,buffer; + mov ecx, ebx; + call DeleteUserInfoCacheCall2; popad; } return isSuccess; @@ -169,12 +164,11 @@ BOOL __stdcall GetUserInfoByWxId(wchar_t* wxid) { */ wchar_t* __stdcall GetUserNickNameByWxId(wchar_t* wxid) { DWORD WeChatWinBase = GetWeChatWinBase(); - DWORD WxGetUserInfoCall0 = WeChatWinBase + GetUserInfoCall0Offset; DWORD WxGetUserInfoCall1 = WeChatWinBase + GetUserInfoCall1Offset; DWORD WxGetUserInfoCall2 = WeChatWinBase + GetUserInfoCall2Offset; DWORD WxGetUserInfoCall3 = WeChatWinBase + GetUserInfoCall3Offset; - DWORD DeleteUserInofCacheCall1 = WeChatWinBase + DeleteUserInfoCacheCall1Offset; - DWORD DeleteUserInofCacheCall2 = WeChatWinBase + DeleteUserInfoCacheCall2Offset; + DWORD DeleteUserInfoCacheCall1 = WeChatWinBase + DeleteUserInfoCacheCall1Offset; + DWORD DeleteUserInfoCacheCall2 = WeChatWinBase + DeleteUserInfoCacheCall2Offset; char buffer[0x3FC] = { 0 }; WxBaseStruct pWxid(wxid); DWORD address = 0; @@ -182,21 +176,19 @@ wchar_t* __stdcall GetUserNickNameByWxId(wchar_t* wxid) { __asm { pushad; - call WxGetUserInfoCall0; - mov edi, eax; - lea ecx, buffer; call WxGetUserInfoCall1; - lea eax, buffer; - mov address, eax; - push eax; + lea ebx, buffer; + push ebx; sub esp, 0x14; + mov esi, eax; + lea eax, pWxid; mov ecx, esp; - lea esi, pWxid; - push esi; + push eax; call WxGetUserInfoCall2; - mov ecx, edi; + mov ecx, esi; call WxGetUserInfoCall3; mov isSuccess, eax; + mov address, ebx; popad; } wchar_t* NickName = NULL; @@ -206,14 +198,15 @@ wchar_t* __stdcall GetUserNickNameByWxId(wchar_t* wxid) { ZeroMemory(NickName, (length + 1) * 2); memcpy(NickName, (wchar_t*)(*(DWORD*)(address + 0x6C)), length * 2); } + char deletebuffer[0x410] = { 0 }; __asm { pushad; - lea eax, buffer; + lea ecx, deletebuffer; + call DeleteUserInfoCacheCall1; push eax; - call DeleteUserInofCacheCall1; - lea ecx, buffer; - mov esi, eax; - call DeleteUserInofCacheCall2; + lea ebx, buffer; + mov ecx, ebx; + call DeleteUserInfoCacheCall2; popad; } return NickName; diff --git a/DWeChatRobot/dllmain.cpp b/DWeChatRobot/dllmain.cpp index ca950cf86b6662d817fdaeba2141b3b12ea68ab1..785f7e8b2d69ff543cd0a62a7a1b0b9b5b034a00 100644 --- a/DWeChatRobot/dllmain.cpp +++ b/DWeChatRobot/dllmain.cpp @@ -24,7 +24,6 @@ BOOL APIENTRY DllMain( HMODULE hModule, printf("GetChatRoomMembers 0x%08X\n", (DWORD)GetChatRoomMembers); printf("ExecuteSql 0x%08X\n", (DWORD)ExecuteSQL); printf("BackupSQLiteDB 0x%08X\n", (DWORD)BackupSQLiteDBRemote); - HookLogMsgInfo(); #endif break; } diff --git a/Python/wxRobot.py b/Python/wxRobot.py index 08156ad8d368fe84008dde09c34e36f64a2508a4..20ed37d0a7707f9bab964dd7e1273ff66b6afc03 100644 --- a/Python/wxRobot.py +++ b/Python/wxRobot.py @@ -60,7 +60,6 @@ class WeChatRobot(): myinfo = ast.literal_eval(myinfo) except SyntaxError: return {} - myinfo['wxBigAvatar'] = myinfo['wxBigAvatar'].replace("/132","/0") self.myinfo = myinfo return self.myinfo diff --git a/Release/CWeChatRobot.exe b/Release/CWeChatRobot.exe index 43bcbc8dd5585ca4123be1f63308744bd2dce147..5f169702818eae4074312758e5388a9d26fb7e72 100644 Binary files a/Release/CWeChatRobot.exe and b/Release/CWeChatRobot.exe differ diff --git a/Release/DWeChatRobot.dll b/Release/DWeChatRobot.dll index 853e80fe9a69bbc18bf05db4df6bbc0c9398b444..a703a3c5ed1efb96be6127936420274d5be5e734 100644 Binary files a/Release/DWeChatRobot.dll and b/Release/DWeChatRobot.dll differ