Skip to content

C
ComWeChatRobot

全是代码 / ComWeChatRobot
与 Fork 源项目一致

从无法访问的项目Fork

通知 1
Star 1
Fork 0
C
ComWeChatRobot

前往新版Gitcode,体验更适合开发者的 AI 搜索 >>

提交 accea756 编写于 作者: L ljc545w
浏览文件
操作

优化部分功能

上级 e350df9f
隐藏空白更改
内联 并排
Showing with 368 addition and 79 deletion
CWeChatRobot/DbExecuteSql.cpp
浏览文件 @ accea756
......@@ -18,6 +18,7 @@ struct SQLResultAddrStruct {
DWORD l_ColName;
DWORD content;
DWORD l_content;
DWORD isblob;
};
// vector的数据结构
......@@ -34,6 +35,8 @@ struct VectorStruct {
struct SQLResultStruct {
wchar_t* ColName;
wchar_t* content;
unsigned char* BlobContent;
int BlobLength;
};
// 查询结果是一个二维数组
vector<vector<SQLResultStruct>> SQLResult;
......@@ -53,6 +56,10 @@ void ClearResultArray() {
delete sr->content;
sr->content = NULL;
}
if (sr->BlobContent) {
delete sr->BlobContent;
sr->BlobContent = NULL;
}
}
SQLResult[i].clear();
}
......@@ -76,7 +83,23 @@ SAFEARRAY* CreateSQLResultSafeArray() {
hr = SafeArrayPutElement(psaValue, Index, &(_variant_t)ptrResult->ColName);
}
Index[0] = i + 1; Index[1] = j;
hr = SafeArrayPutElement(psaValue, Index, &(_variant_t)ptrResult->content);
if(ptrResult->content)
hr = SafeArrayPutElement(psaValue, Index, &(_variant_t)ptrResult->content);
else {
VARIANT varChunk;
SAFEARRAY* bsa;
BYTE* pByte = NULL;
SAFEARRAYBOUND rgsabound[1];
rgsabound[0].cElements = ptrResult->BlobLength;
rgsabound[0].lLbound = 0;
bsa = SafeArrayCreate(VT_UI1, 1, rgsabound);
SafeArrayAccessData(bsa, (void**)&pByte);
memcpy(pByte, ptrResult->BlobContent, ptrResult->BlobLength);
SafeArrayUnaccessData(bsa);
varChunk.vt = VT_ARRAY | VT_UI1;
varChunk.parray = bsa;
hr = SafeArrayPutElement(psaValue, Index, &(_variant_t)varChunk);
}
}
}
return psaValue;
......@@ -99,9 +122,18 @@ VOID ReadSQLResultFromWeChatProcess(DWORD dwHandle) {
ReadProcessMemory(hProcess, (LPCVOID)sqlresultAddr.ColName, ColName, sqlresultAddr.l_ColName + 1, 0);
MultiByteToWideChar(CP_ACP,0,ColName,-1,sqlresult.ColName,strlen(ColName) + 1);
char* content = new char[sqlresultAddr.l_content + 1];
sqlresult.content = new wchar_t[sqlresultAddr.l_content + 1];
ReadProcessMemory(hProcess, (LPCVOID)sqlresultAddr.content, content, sqlresultAddr.l_content + 1, 0);
MultiByteToWideChar(CP_UTF8, 0, content, -1, sqlresult.content, strlen(content) + 1);
if (!sqlresultAddr.isblob) {
sqlresult.content = new wchar_t[sqlresultAddr.l_content + 1];
ReadProcessMemory(hProcess, (LPCVOID)sqlresultAddr.content, content, sqlresultAddr.l_content + 1, 0);
MultiByteToWideChar(CP_UTF8, 0, content, -1, sqlresult.content, strlen(content) + 1);
sqlresult.BlobContent = NULL;
}
else {
sqlresult.BlobContent = new unsigned char[sqlresultAddr.l_content];
ReadProcessMemory(hProcess, (LPCVOID)sqlresultAddr.content, sqlresult.BlobContent, sqlresultAddr.l_content, 0);
sqlresult.BlobLength = sqlresultAddr.l_content;
sqlresult.content = NULL;
}
delete[] ColName;
ColName = NULL;
delete[] content;
......@@ -135,8 +167,9 @@ SAFEARRAY* ExecuteSQL(DWORD DbHandle,BSTR sql) {
if(paramAndFunc)
WriteProcessMemory(hProcess, paramAndFunc, &param, sizeof(executeParams), &dwWriteSize);
DWORD ExecuteSQLRemoteAddr = GetWeChatRobotBase() + ExecuteSQLRemoteOffset;
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)ExecuteSQLRemoteAddr, (LPVOID)paramAndFunc, 0, &dwId);
// DWORD ExecuteSQLRemoteAddr = GetWeChatRobotBase() + ExecuteSQLRemoteOffset;
DWORD SelectDataRemoteAddr = GetWeChatRobotBase() + SelectDataRemoteOffset;
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)SelectDataRemoteAddr, (LPVOID)paramAndFunc, 0, &dwId);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
GetExitCodeThread(hThread, &dwHandle);
......
CWeChatRobot/WeChatRobot.cpp
浏览文件 @ accea756
......@@ -271,4 +271,22 @@ STDMETHODIMP CWeChatRobot::CAddFriendByWxid(BSTR wxid, BSTR message, int* __resu
STDMETHODIMP CWeChatRobot::CAddFriendByV3(BSTR v3, BSTR message,int AddType, int* __result) {
*__result = AddFriendByV3(v3, message,AddType);
return S_OK;
}
/*
* 参数1:预返回的值,调用时无需提供
*/
STDMETHODIMP CWeChatRobot::CGetWeChatVer(BSTR* __result) {
string path = _com_util::ConvertBSTRToString((BSTR)(GetWeChatVerStr().c_str()));
*__result = _com_util::ConvertStringToBSTR(path.c_str());
return S_OK;
}
/*
* 参数1:预返回的值,调用时无需提供
*/
STDMETHODIMP CWeChatRobot::CStartWeChat(int* __result) {
StartWeChat();
*__result = 0;
return S_OK;
}
\ No newline at end of file
CWeChatRobot/WeChatRobot.h
浏览文件 @ accea756
......@@ -77,6 +77,8 @@ public:
STDMETHODIMP CVerifyFriendApply(BSTR v3, BSTR v4, int* __result);
STDMETHODIMP CAddFriendByWxid(BSTR wxid, BSTR message, int* __result);
STDMETHODIMP CAddFriendByV3(BSTR v3, BSTR message, int AddType, int* __result);
STDMETHODIMP CGetWeChatVer(BSTR* __result);
STDMETHODIMP CStartWeChat(int* __result);
};
OBJECT_ENTRY_AUTO(__uuidof(WeChatRobot), CWeChatRobot)
CWeChatRobot/WeChatRobotCOM.idl
浏览文件 @ accea756
......@@ -42,6 +42,8 @@ interface IWeChatRobot : IDispatch
[id(24)] HRESULT CVerifyFriendApply([in] BSTR v3, [in] BSTR v4, [out, retval] int* __result);
[id(25)] HRESULT CAddFriendByWxid([in] BSTR wxid, [in] BSTR message, [out, retval] int* __result);
[id(26)] HRESULT CAddFriendByV3([in] BSTR v3, [in] BSTR message, [in] int AddType, [out, retval] int* __result);
[id(27)] HRESULT CGetWeChatVer([out, retval] BSTR* __result);
[id(28)] HRESULT CStartWeChat([out, retval] int* __result);
};
[
uuid(721abb35-141a-4aa2-94f2-762e2833fa6c),
......
CWeChatRobot/WeChatRobotCOM.vcxproj.user
浏览文件 @ accea756
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<PropertyGroup />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<LocalDebuggerCommandArguments>/regserver</LocalDebuggerCommandArguments>
<DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
</PropertyGroup>
</Project>
\ No newline at end of file
CWeChatRobot/WeChatRobotCOM_i.h
浏览文件 @ accea756
......@@ -196,6 +196,12 @@ EXTERN_C const IID IID_IWeChatRobot;
/* [in] */ int AddType,
/* [retval][out] */ int *__result) = 0;
virtual /* [id] */ HRESULT STDMETHODCALLTYPE CGetWeChatVer(
/* [retval][out] */ BSTR *__result) = 0;
virtual /* [id] */ HRESULT STDMETHODCALLTYPE CStartWeChat(
/* [retval][out] */ int *__result) = 0;
};
......@@ -388,6 +394,14 @@ EXTERN_C const IID IID_IWeChatRobot;
/* [in] */ int AddType,
/* [retval][out] */ int *__result);
/* [id] */ HRESULT ( STDMETHODCALLTYPE *CGetWeChatVer )(
IWeChatRobot * This,
/* [retval][out] */ BSTR *__result);
/* [id] */ HRESULT ( STDMETHODCALLTYPE *CStartWeChat )(
IWeChatRobot * This,
/* [retval][out] */ int *__result);
END_INTERFACE
} IWeChatRobotVtbl;
......@@ -502,6 +516,12 @@ EXTERN_C const IID IID_IWeChatRobot;
#define IWeChatRobot_CAddFriendByV3(This,v3,message,AddType,__result) \
( (This)->lpVtbl -> CAddFriendByV3(This,v3,message,AddType,__result) )
#define IWeChatRobot_CGetWeChatVer(This,__result) \
( (This)->lpVtbl -> CGetWeChatVer(This,__result) )
#define IWeChatRobot_CStartWeChat(This,__result) \
( (This)->lpVtbl -> CStartWeChat(This,__result) )
#endif /* COBJMACROS */
......
CWeChatRobot/WeChatRobotCOM_p.c
浏览文件 @ accea756
......@@ -49,7 +49,7 @@
#include "WeChatRobotCOM_i.h"
#define TYPE_FORMAT_STRING_SIZE 1239
#define PROC_FORMAT_STRING_SIZE 1117
#define PROC_FORMAT_STRING_SIZE 1189
#define EXPR_FORMAT_STRING_SIZE 1
#define TRANSMIT_AS_TABLE_SIZE 0
#define WIRE_MARSHAL_TABLE_SIZE 2
......@@ -1087,6 +1087,67 @@ static const WeChatRobotCOM_MIDL_PROC_FORMAT_STRING WeChatRobotCOM__MIDL_ProcFor
/* 1114 */ 0x8, /* FC_LONG */
0x0, /* 0 */
/* Procedure CGetWeChatVer */
/* 1116 */ 0x33, /* FC_AUTO_HANDLE */
0x6c, /* Old Flags: object, Oi2 */
/* 1118 */ NdrFcLong( 0x0 ), /* 0 */
/* 1122 */ NdrFcShort( 0x21 ), /* 33 */
/* 1124 */ NdrFcShort( 0xc ), /* x86 Stack size/offset = 12 */
/* 1126 */ NdrFcShort( 0x0 ), /* 0 */
/* 1128 */ NdrFcShort( 0x8 ), /* 8 */
/* 1130 */ 0x45, /* Oi2 Flags: srv must size, has return, has ext, */
0x2, /* 2 */
/* 1132 */ 0x8, /* 8 */
0x43, /* Ext Flags: new corr desc, clt corr check, has range on conformance */
/* 1134 */ NdrFcShort( 0x1 ), /* 1 */
/* 1136 */ NdrFcShort( 0x0 ), /* 0 */
/* 1138 */ NdrFcShort( 0x0 ), /* 0 */
/* Parameter __result */
/* 1140 */ NdrFcShort( 0x2113 ), /* Flags: must size, must free, out, simple ref, srv alloc size=8 */
/* 1142 */ NdrFcShort( 0x4 ), /* x86 Stack size/offset = 4 */
/* 1144 */ NdrFcShort( 0x4ba ), /* Type Offset=1210 */
/* Return value */
/* 1146 */ NdrFcShort( 0x70 ), /* Flags: out, return, base type, */
/* 1148 */ NdrFcShort( 0x8 ), /* x86 Stack size/offset = 8 */
/* 1150 */ 0x8, /* FC_LONG */
0x0, /* 0 */
/* Procedure CStartWeChat */
/* 1152 */ 0x33, /* FC_AUTO_HANDLE */
0x6c, /* Old Flags: object, Oi2 */
/* 1154 */ NdrFcLong( 0x0 ), /* 0 */
/* 1158 */ NdrFcShort( 0x22 ), /* 34 */
/* 1160 */ NdrFcShort( 0xc ), /* x86 Stack size/offset = 12 */
/* 1162 */ NdrFcShort( 0x0 ), /* 0 */
/* 1164 */ NdrFcShort( 0x24 ), /* 36 */
/* 1166 */ 0x44, /* Oi2 Flags: has return, has ext, */
0x2, /* 2 */
/* 1168 */ 0x8, /* 8 */
0x41, /* Ext Flags: new corr desc, has range on conformance */
/* 1170 */ NdrFcShort( 0x0 ), /* 0 */
/* 1172 */ NdrFcShort( 0x0 ), /* 0 */
/* 1174 */ NdrFcShort( 0x0 ), /* 0 */
/* Parameter __result */
/* 1176 */ NdrFcShort( 0x2150 ), /* Flags: out, base type, simple ref, srv alloc size=8 */
/* 1178 */ NdrFcShort( 0x4 ), /* x86 Stack size/offset = 4 */
/* 1180 */ 0x8, /* FC_LONG */
0x0, /* 0 */
/* Return value */
/* 1182 */ NdrFcShort( 0x70 ), /* Flags: out, return, base type, */
/* 1184 */ NdrFcShort( 0x8 ), /* x86 Stack size/offset = 8 */
/* 1186 */ 0x8, /* FC_LONG */
0x0, /* 0 */
0x0
}
};
......@@ -1957,7 +2018,9 @@ static const unsigned short IWeChatRobot_FormatStringOffsetTable[] =
918,
966,
1014,
1062
1062,
1116,
1152
};
static const MIDL_STUBLESS_PROXY_INFO IWeChatRobot_ProxyInfo =
......@@ -1981,7 +2044,7 @@ static const MIDL_SERVER_INFO IWeChatRobot_ServerInfo =
0,
0,
0};
CINTERFACE_PROXY_VTABLE(33) _IWeChatRobotProxyVtbl =
CINTERFACE_PROXY_VTABLE(35) _IWeChatRobotProxyVtbl =
{
&IWeChatRobot_ProxyInfo,
&IID_IWeChatRobot,
......@@ -2017,7 +2080,9 @@ CINTERFACE_PROXY_VTABLE(33) _IWeChatRobotProxyVtbl =
(void *) (INT_PTR) -1 /* IWeChatRobot::CBackupSQLiteDB */ ,
(void *) (INT_PTR) -1 /* IWeChatRobot::CVerifyFriendApply */ ,
(void *) (INT_PTR) -1 /* IWeChatRobot::CAddFriendByWxid */ ,
(void *) (INT_PTR) -1 /* IWeChatRobot::CAddFriendByV3 */
(void *) (INT_PTR) -1 /* IWeChatRobot::CAddFriendByV3 */ ,
(void *) (INT_PTR) -1 /* IWeChatRobot::CGetWeChatVer */ ,
(void *) (INT_PTR) -1 /* IWeChatRobot::CStartWeChat */
};
......@@ -2052,6 +2117,8 @@ static const PRPC_STUB_FUNCTION IWeChatRobot_table[] =
NdrStubCall2,
NdrStubCall2,
NdrStubCall2,
NdrStubCall2,
NdrStubCall2,
NdrStubCall2
};
......@@ -2059,7 +2126,7 @@ CInterfaceStubVtbl _IWeChatRobotStubVtbl =
{
&IID_IWeChatRobot,
&IWeChatRobot_ServerInfo,
33,
35,
&IWeChatRobot_table[-3],
CStdStubBuffer_DELEGATING_METHODS
};
......
CWeChatRobot/pch.cpp
浏览文件 @ accea756
......@@ -35,6 +35,7 @@ DWORD GetChatRoomMembersRemoteOffset = 0x0;
DWORD GetDbHandlesRemoteOffset = 0x0;
DWORD ExecuteSQLRemoteOffset = 0x0;
DWORD SelectDataRemoteOffset = 0x0;
DWORD BackupSQLiteDBRemoteOffset = 0x0;
DWORD AddFriendByWxidRemoteOffset = 0x0;
......@@ -156,6 +157,8 @@ BOOL GetProcOffset(wchar_t* workPath) {
GetDbHandlesRemoteOffset = GetDbHandlesRemoteAddr - WeChatBase;
DWORD ExecuteSQLRemoteAddr = (DWORD)GetProcAddress(hd, ExecuteSQLRemote);
ExecuteSQLRemoteOffset = ExecuteSQLRemoteAddr - WeChatBase;
DWORD SelectDataRemoteAddr = (DWORD)GetProcAddress(hd, SelectDataRemote);
SelectDataRemoteOffset = SelectDataRemoteAddr - WeChatBase;
DWORD BackupSQLiteDBRemoteAddr = (DWORD)GetProcAddress(hd, BackupSQLiteDBRemote);
BackupSQLiteDBRemoteOffset = BackupSQLiteDBRemoteAddr - WeChatBase;
......@@ -254,13 +257,13 @@ tstring GetWeChatInstallDir() {
DWORD GetWeChatVerInt() {
DWORD version = 0x0;
GetWeChatInstallInfo((TCHAR*)TEXT("Version"), (void*)&version, sizeof(DWORD));
GetWeChatInstallInfo((TCHAR*)TEXT("CrashVersion"), (void*)&version, sizeof(DWORD));
return version;
}
tstring GetWeChatVerStr() {
BYTE pversion[4] = { 0 };
GetWeChatInstallInfo((TCHAR*)TEXT("Version"), (void*)pversion, sizeof(DWORD));
GetWeChatInstallInfo((TCHAR*)TEXT("CrashVersion"), (void*)pversion, sizeof(DWORD));
TCHAR* temp = new TCHAR[20];
_stprintf_s(temp, 20, _T("%d.%d.%d.%d\0"), (int)(pversion[3] - 0x60), (int)pversion[2], (int)pversion[1], (int)pversion[0]);
tstring verStr(temp);
......
CWeChatRobot/robotdata.h
浏览文件 @ accea756
......@@ -52,6 +52,7 @@ extern DWORD GetChatRoomMembersRemoteOffset;
extern DWORD GetDbHandlesRemoteOffset;
extern DWORD ExecuteSQLRemoteOffset;
extern DWORD SelectDataRemoteOffset;
extern DWORD BackupSQLiteDBRemoteOffset;
extern DWORD AddFriendByWxidRemoteOffset;
......@@ -92,6 +93,7 @@ extern DWORD AddFriendByV3RemoteOffset;
#define GetDbHandlesRemote "GetDbHandlesRemote"
#define ExecuteSQLRemote "ExecuteSQLRemote"
#define SelectDataRemote "SelectDataRemote"
#define BackupSQLiteDBRemote "BackupSQLiteDBRemote"
#define AddFriendByWxidRemote "AddFriendByWxidRemote"
......
DWeChatRobot/DWeChatRobot.vcxproj
浏览文件 @ accea756
......@@ -173,6 +173,7 @@
<ClInclude Include="SendImage.h" />
<ClInclude Include="SendText.h" />
<ClInclude Include="SearchContact.h" />
<ClInclude Include="sqlite3.h" />
<ClInclude Include="VerifyFriendApply.h" />
</ItemGroup>
<ItemGroup>
......
DWeChatRobot/DWeChatRobot.vcxproj.filters
浏览文件 @ accea756
......@@ -144,6 +144,9 @@
<ClInclude Include="AddFriend.h">
<Filter>好友相关\添加好友</Filter>
</ClInclude>
<ClInclude Include="sqlite3.h">
<Filter>通用标头</Filter>
</ClInclude>
</ItemGroup>
<ItemGroup>
<ClCompile Include="dllmain.cpp">
......
DWeChatRobot/DWeChatRobot.vcxproj.user
浏览文件 @ accea756
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<PropertyGroup />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<LocalDebuggerCommandArguments>
</LocalDebuggerCommandArguments>
<DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
</PropertyGroup>
</Project>
\ No newline at end of file
DWeChatRobot/DbBackup.cpp
浏览文件 @ accea756
#include "pch.h"
#define SQLITE_OK 0 /* Successful result */
#define SQLITE_ERROR 1 /* Generic error */
#define SQLITE_INTERNAL 2 /* Internal logic error in SQLite */
#define SQLITE_PERM 3 /* Access permission denied */
#define SQLITE_ABORT 4 /* Callback routine requested an abort */
#define SQLITE_BUSY 5 /* The database file is locked */
#define SQLITE_LOCKED 6 /* A table in the database is locked */
#define SQLITE_NOMEM 7 /* A malloc() failed */
#define SQLITE_READONLY 8 /* Attempt to write a readonly database */
#define SQLITE_INTERRUPT 9 /* Operation terminated by sqlite3_interrupt()*/
#define SQLITE_IOERR 10 /* Some kind of disk I/O error occurred */
#define SQLITE_CORRUPT 11 /* The database disk image is malformed */
#define SQLITE_NOTFOUND 12 /* Unknown opcode in sqlite3_file_control() */
#define SQLITE_FULL 13 /* Insertion failed because database is full */
#define SQLITE_CANTOPEN 14 /* Unable to open the database file */
#define SQLITE_PROTOCOL 15 /* Database lock protocol error */
#define SQLITE_EMPTY 16 /* Internal use only */
#define SQLITE_SCHEMA 17 /* The database schema changed */
#define SQLITE_TOOBIG 18 /* String or BLOB exceeds size limit */
#define SQLITE_CONSTRAINT 19 /* Abort due to constraint violation */
#define SQLITE_MISMATCH 20 /* Data type mismatch */
#define SQLITE_MISUSE 21 /* Library used incorrectly */
#define SQLITE_NOLFS 22 /* Uses OS features not supported on host */
#define SQLITE_AUTH 23 /* Authorization denied */
#define SQLITE_FORMAT 24 /* Not used */
#define SQLITE_RANGE 25 /* 2nd parameter to sqlite3_bind out of range */
#define SQLITE_NOTADB 26 /* File opened that is not a database file */
#define SQLITE_NOTICE 27 /* Notifications from sqlite3_log() */
#define SQLITE_WARNING 28 /* Warnings from sqlite3_log() */
#define SQLITE_ROW 100 /* sqlite3_step() has another row ready */
#define SQLITE_DONE 101 /* sqlite3_step() has finished executing */
#define IDA_BASE 0x10000000
BOOL SQLite3_Backup_Init_Patched = FALSE;
typedef int(__cdecl* Sqlite3_open)(const char*, DWORD*);
typedef DWORD(__cdecl* Sqlite3_backup_init)(DWORD, const char*, DWORD, const char*);
typedef int(__cdecl* Sqlite3_backup_step)(DWORD, int);
typedef int(__cdecl* Sqlite3_backup_remaining)(DWORD);
typedef int(__cdecl* Sqlite3_backup_pagecount)(DWORD);
typedef int(__cdecl* Sqlite3_sleep)(int);
typedef int(__cdecl* Sqlite3_backup_finish)(DWORD);
typedef int(__cdecl* Sqlite3_errcode)(DWORD);
typedef int(__cdecl* Sqlite3_close)(DWORD);
DWORD OffsetFromIdaAddr(DWORD idaAddr) {
return idaAddr - IDA_BASE;
}
/*
* 数据库备份函数
* return:int,无异常返回`0`,有异常返回非0值
......@@ -112,7 +65,7 @@ VOID PatchSQLite3_Backup_Init() {
if (SQLite3_Backup_Init_Patched)
return;
// patch掉这块指令,绕过`backup is not supported with encrypted databases`
DWORD address_sqlite3_backup_init_patch_offset = OffsetFromIdaAddr(0x113E0470 + 0x52);
DWORD address_sqlite3_backup_init_patch_offset = OffsetFromIdaAddr(IDA_SQLITE3_BACKUP_INIT_ADDRESS + 0x52);
DWORD patchAddress = GetWeChatWinBase() + address_sqlite3_backup_init_patch_offset;
const int nopLen = 22;
BYTE nopData[nopLen];
......@@ -148,15 +101,15 @@ int BackupSQLiteDB(DWORD DbHandle,const char* BackupFile)
#ifdef _DEBUG
cout << "开始备份,文件保存至: " << BackupFile << endl;
#endif
DWORD address_sqlite3_open = wxBaseAddress + OffsetFromIdaAddr(0x1144F000);
DWORD address_sqlite3_backup_init = wxBaseAddress + OffsetFromIdaAddr(0x113E0470);
DWORD address_sqlite3_backup_step = wxBaseAddress + OffsetFromIdaAddr(0x113E0870);
DWORD address_sqlite3_sleep = wxBaseAddress + OffsetFromIdaAddr(0x1144F840);
DWORD address_sqlite3_backup_finish = wxBaseAddress + OffsetFromIdaAddr(0x113E0EB0);
DWORD address_sqlite3_close = wxBaseAddress + OffsetFromIdaAddr(0x1144C3D0);
DWORD address_sqlite3_backup_remaining = wxBaseAddress + OffsetFromIdaAddr(0x113E0FB0);
DWORD address_sqlite3_backup_pagecount = wxBaseAddress + OffsetFromIdaAddr(0x113E0FC0);
DWORD address_sqlite3_errcode = wxBaseAddress + OffsetFromIdaAddr(0x1144DCA0);
DWORD address_sqlite3_open = wxBaseAddress + OffsetFromIdaAddr(IDA_SQLITE3_OPEN_ADDRESS);
DWORD address_sqlite3_backup_init = wxBaseAddress + OffsetFromIdaAddr(IDA_SQLITE3_BACKUP_INIT_ADDRESS);
DWORD address_sqlite3_backup_step = wxBaseAddress + OffsetFromIdaAddr(IDA_SQLITE3_BACKUP_STEP_ADDRESS);
DWORD address_sqlite3_sleep = wxBaseAddress + OffsetFromIdaAddr(IDA_SQLITE3_SLEEP_ADDRESS);
DWORD address_sqlite3_backup_finish = wxBaseAddress + OffsetFromIdaAddr(IDA_SQLITE3_BACKUP_FINISH_ADDRESS);
DWORD address_sqlite3_close = wxBaseAddress + OffsetFromIdaAddr(IDA_SQLITE3_CLOSE_ADDRESS);
DWORD address_sqlite3_backup_remaining = wxBaseAddress + OffsetFromIdaAddr(IDA_SQLITE3_BACKUP_REMAINING_ADDRESS);
DWORD address_sqlite3_backup_pagecount = wxBaseAddress + OffsetFromIdaAddr(IDA_SQLITE3_BACKUP_PAGECOUNT_ADDRESS);
DWORD address_sqlite3_errcode = wxBaseAddress + OffsetFromIdaAddr(IDA_SQLITE3_ERRCODE_ADDRESS);
const char* myMain = "main";
int rc = backupDb(
DbHandle,
......
DWeChatRobot/DbExecuteSql.cpp
浏览文件 @ accea756
#include "pch.h"
// sqlite3_exec函数偏移
#define sqlite3_execOffset 0x141A8C0
// sqlite3_callback函数指针
typedef int(*sqlite3_callback)(
void*,
......@@ -22,7 +19,7 @@ typedef int(__cdecl* Sqlite3_exec)(
DWORD WeChatWinBase = GetWeChatWinBase();
// sqlite3_exec函数地址
DWORD sqlite3_execAddr = WeChatWinBase + sqlite3_execOffset;
DWORD sqlite3_execAddr = WeChatWinBase + OffsetFromIdaAddr(IDA_SQLITE3_EXEC_ADDRESS);
/*
* 外部调用时传递的参数结构
......@@ -44,6 +41,7 @@ struct SQLResultStruct {
DWORD l_ColName;
char* content;
DWORD l_content;
BOOL isblob;
};
/*
......@@ -199,6 +197,81 @@ DWORD ExecuteSQLRemote(LPVOID lpParameter){
executeParams* sqlparam = (executeParams*)lpParameter;
BOOL status = ExecuteSQL(sqlparam->ptrDb, (const char*)sqlparam->ptrSql, (DWORD)select, &result);
if (status) {
result.SQLResultAddr = (DWORD)SQLResult.data();
return (DWORD)&result;
}
else {
result.length = 0;
}
return 0;
}
static BOOL SelectData(DWORD db,const char* sql,void* data)
{
executeResult* pdata = (executeResult*)data;
DWORD wxBaseAddress = GetWeChatWinBase();
Sqlite3_prepare p_Sqlite3_prepare = (Sqlite3_prepare)(wxBaseAddress + OffsetFromIdaAddr(IDA_SQLITE3_PREPARE_ADDRESS));
Sqlite3_step p_Sqlite3_step = (Sqlite3_step)(wxBaseAddress + OffsetFromIdaAddr(IDA_SQLITE3_STEP_ADDRESS));
Sqlite3_column_count p_Sqlite3_column_count = (Sqlite3_column_count)(wxBaseAddress + OffsetFromIdaAddr(IDA_SQLITE3_COLUMN_COUNT_ADDRESS));
Sqlite3_column_name p_Sqlite3_column_name = (Sqlite3_column_name)(wxBaseAddress + OffsetFromIdaAddr(IDA_SQLITE3_COLUMN_NAME_ADDRESS));
Sqlite3_column_type p_Sqlite3_column_type = (Sqlite3_column_type)(wxBaseAddress + OffsetFromIdaAddr(IDA_SQLITE3_COLUMN_TYPE_ADDRESS));
Sqlite3_column_blob p_Sqlite3_column_blob = (Sqlite3_column_blob)(wxBaseAddress + OffsetFromIdaAddr(IDA_SQLITE3_COLUMN_BLOB_ADDRESS));
Sqlite3_column_bytes p_Sqlite3_column_bytes = (Sqlite3_column_bytes)(wxBaseAddress + OffsetFromIdaAddr(IDA_SQLITE3_COLUMN_BYTES_ADDRESS));
Sqlite3_finalize p_Sqlite3_finalize = (Sqlite3_finalize)(wxBaseAddress + OffsetFromIdaAddr(IDA_SQLITE3_FINALIZE_ADDRESS));
DWORD* stmt;
int rc = p_Sqlite3_prepare(db, sql, -1, &stmt, 0);
if (rc != SQLITE_OK)
return rc;
while (p_Sqlite3_step(stmt) == SQLITE_ROW)
{
int col_count = p_Sqlite3_column_count(stmt);
vector<SQLResultStruct> tempStruct;
for (int i = 0; i < col_count; i++) {
SQLResultStruct temp = { 0 };
const char* ColName = p_Sqlite3_column_name(stmt, i);
int nType = p_Sqlite3_column_type(stmt, i);
const void* pReadBlobData = p_Sqlite3_column_blob(stmt, i);
int nLength = p_Sqlite3_column_bytes(stmt, i);
temp.ColName = new char[strlen(ColName) + 1];
memcpy(temp.ColName, ColName, strlen(ColName) + 1);
temp.l_ColName = strlen(ColName);
temp.l_content = nLength;
switch (nType)
{
case SQLITE_BLOB: {
temp.content = new char[nLength];
memcpy(temp.content, pReadBlobData, nLength);
temp.isblob = true;
break;
}
default: {
if (nLength != 0) {
temp.content = new char[nLength + 1];
memcpy(temp.content, pReadBlobData, nLength + 1);
}
else {
temp.content = new char[2];
ZeroMemory(temp.content, 2);
}
temp.isblob = false;
break;
}
}
tempStruct.push_back(temp);
}
SQLResult.push_back(tempStruct);
pdata->length++;
}
p_Sqlite3_finalize(stmt);
return rc == 0;
}
int SelectDataRemote(LPVOID lpParameter) {
ClearResultArray();
executeParams* sqlparam = (executeParams*)lpParameter;
BOOL status = SelectData(sqlparam->ptrDb, (const char*)sqlparam->ptrSql, &result);
if (status) {
result.SQLResultAddr = (DWORD)SQLResult.data();
return (DWORD)&result;
......
DWeChatRobot/DbExecuteSql.h
浏览文件 @ accea756
......@@ -6,4 +6,5 @@ int select(void* data, int argc, char** argv, char** azColName);
int query(void* data, int argc, char** argv, char** azColName);
extern "C" __declspec(dllexport) DWORD ExecuteSQLRemote(LPVOID lpParameter);
extern "C" __declspec(dllexport) int SelectDataRemote(LPVOID lpParameter);
BOOL ExecuteSQL(DWORD ptrDb, const char* sql, DWORD callback, void* data);
\ No newline at end of file
DWeChatRobot/pch.cpp
浏览文件 @ accea756
......@@ -171,6 +171,7 @@ void PrintProcAddr() {
printf("VerifyFriendApply 0x%08X\n", (DWORD)VerifyFriendApply);
printf("AddFriendByV3 0x%08X\n", (DWORD)AddFriendByV3);
printf("AddFriendByWxid 0x%08X\n", (DWORD)AddFriendByWxid);
printf("SelectDataRemote 0x%08X\n", (DWORD)SelectDataRemote);
}
BOOL ProcessIsWeChat()
......@@ -238,4 +239,8 @@ string GetWeChatVerStr() {
wxVer << (int)pWxVer[3] - 0x60 << "." << (int)pWxVer[2] << "." << (int)pWxVer[1] << "." << (int)pWxVer[0];
wxVer >> wxver;
return wxver;
}
DWORD OffsetFromIdaAddr(DWORD idaAddr) {
return idaAddr - IDA_BASE;
}
\ No newline at end of file
DWeChatRobot/pch.h
浏览文件 @ accea756
......@@ -29,6 +29,7 @@
#include "DbBackup.h"
#include "VerifyFriendApply.h"
#include "AddFriend.h"
#include "sqlite3.h"
#include <vector>
#include <strstream>
#endif //PCH_H
......
DWeChatRobot/sqlite3.h 0 → 100644
浏览文件 @ accea756
#pragma once
#define SQLITE_OK 0 /* Successful result */
#define SQLITE_ERROR 1 /* Generic error */
#define SQLITE_INTERNAL 2 /* Internal logic error in SQLite */
#define SQLITE_PERM 3 /* Access permission denied */
#define SQLITE_ABORT 4 /* Callback routine requested an abort */
#define SQLITE_BUSY 5 /* The database file is locked */
#define SQLITE_LOCKED 6 /* A table in the database is locked */
#define SQLITE_NOMEM 7 /* A malloc() failed */
#define SQLITE_READONLY 8 /* Attempt to write a readonly database */
#define SQLITE_INTERRUPT 9 /* Operation terminated by sqlite3_interrupt()*/
#define SQLITE_IOERR 10 /* Some kind of disk I/O error occurred */
#define SQLITE_CORRUPT 11 /* The database disk image is malformed */
#define SQLITE_NOTFOUND 12 /* Unknown opcode in sqlite3_file_control() */
#define SQLITE_FULL 13 /* Insertion failed because database is full */
#define SQLITE_CANTOPEN 14 /* Unable to open the database file */
#define SQLITE_PROTOCOL 15 /* Database lock protocol error */
#define SQLITE_EMPTY 16 /* Internal use only */
#define SQLITE_SCHEMA 17 /* The database schema changed */
#define SQLITE_TOOBIG 18 /* String or BLOB exceeds size limit */
#define SQLITE_CONSTRAINT 19 /* Abort due to constraint violation */
#define SQLITE_MISMATCH 20 /* Data type mismatch */
#define SQLITE_MISUSE 21 /* Library used incorrectly */
#define SQLITE_NOLFS 22 /* Uses OS features not supported on host */
#define SQLITE_AUTH 23 /* Authorization denied */
#define SQLITE_FORMAT 24 /* Not used */
#define SQLITE_RANGE 25 /* 2nd parameter to sqlite3_bind out of range */
#define SQLITE_NOTADB 26 /* File opened that is not a database file */
#define SQLITE_NOTICE 27 /* Notifications from sqlite3_log() */
#define SQLITE_WARNING 28 /* Warnings from sqlite3_log() */
#define SQLITE_ROW 100 /* sqlite3_step() has another row ready */
#define SQLITE_DONE 101 /* sqlite3_step() has finished executing */
#define SQLITE_INTEGER 1
#define SQLITE_FLOAT 2
#define SQLITE_BLOB 4
#define SQLITE_NULL 5
#define SQLITE_TEXT 3
#define IDA_BASE 0x10000000
#define IDA_SQLITE3_EXEC_ADDRESS 0x1141A8C0
#define IDA_SQLITE3_OPEN_ADDRESS 0x1144F000
#define IDA_SQLITE3_BACKUP_INIT_ADDRESS 0x113E0470
#define IDA_SQLITE3_BACKUP_STEP_ADDRESS 0x113E0870
#define IDA_SQLITE3_SLEEP_ADDRESS 0x1144F840
#define IDA_SQLITE3_BACKUP_FINISH_ADDRESS 0x113E0EB0
#define IDA_SQLITE3_CLOSE_ADDRESS 0x1144C3D0
#define IDA_SQLITE3_BACKUP_REMAINING_ADDRESS 0x113E0FB0
#define IDA_SQLITE3_BACKUP_PAGECOUNT_ADDRESS 0x113E0FC0
#define IDA_SQLITE3_ERRCODE_ADDRESS 0x1144DCA0
#define IDA_SQLITE3_PREPARE_ADDRESS 0x114212C0
#define IDA_SQLITE3_PREPARE_V2_ADDRESS 0x114212E0
#define IDA_SQLITE3_STEP_ADDRESS 0x113E9240
#define IDA_SQLITE3_COLUMN_COUNT_ADDRESS 0x113E9790
#define IDA_SQLITE3_COLUMN_NAME_ADDRESS 0x113EA0F0
#define IDA_SQLITE3_COLUMN_TYPE_ADDRESS 0x113E9F30
#define IDA_SQLITE3_COLUMN_BLOB_ADDRESS 0x113E97D0
#define IDA_SQLITE3_COLUMN_BYTES_ADDRESS 0x113E9890
#define IDA_SQLITE3_FINALIZE_ADDRESS 0x113E81F0
typedef int(__cdecl* Sqlite3_open)(const char*, DWORD*);
typedef DWORD(__cdecl* Sqlite3_backup_init)(DWORD, const char*, DWORD, const char*);
typedef int(__cdecl* Sqlite3_backup_step)(DWORD, int);
typedef int(__cdecl* Sqlite3_backup_remaining)(DWORD);
typedef int(__cdecl* Sqlite3_backup_pagecount)(DWORD);
typedef int(__cdecl* Sqlite3_sleep)(int);
typedef int(__cdecl* Sqlite3_backup_finish)(DWORD);
typedef int(__cdecl* Sqlite3_errcode)(DWORD);
typedef int(__cdecl* Sqlite3_close)(DWORD);
typedef int(__cdecl* Sqlite3_prepare)(DWORD, const char*, int, DWORD**, int);
typedef int(__cdecl* Sqlite3_step)(DWORD*);
typedef int(__cdecl* Sqlite3_column_count)(DWORD*);
typedef const char*(__cdecl* Sqlite3_column_name)(DWORD*, int);
typedef int(__cdecl* Sqlite3_column_type)(DWORD*, int);
typedef const void*(__cdecl* Sqlite3_column_blob)(DWORD*, int);
typedef int(__cdecl* Sqlite3_column_bytes)(DWORD*, int);
typedef int(__cdecl* Sqlite3_finalize)(DWORD*);
DWORD OffsetFromIdaAddr(DWORD idaAddr);
\ No newline at end of file
Python/test.py
浏览文件 @ accea756
......@@ -101,4 +101,6 @@ def test_BackupDb():
wx.StopService()
if __name__ == '__main__':
test_ExecuteSQL()
\ No newline at end of file
wx = WeChatRobot()
print(wx.GetWeChatVer())
wx.StopService()
\ No newline at end of file
Python/wxRobot.py
浏览文件 @ accea756
......@@ -213,7 +213,14 @@ class WeChatRobot():
def ExecuteSQL(self,handle,sql):
result = self.robot.CExecuteSQL(handle,sql)
return result
query_list = []
keys = list(result[0])
for item in result[1:]:
query_dict = {}
for key,value in zip(keys,item):
query_dict[key] = value if not isinstance(value, tuple) else bytes(value)
query_list.append(query_dict)
return query_list
def BackupSQLiteDB(self,handle,BackupFile):
BackupFile = BackupFile.replace('/','\\')
......@@ -246,4 +253,10 @@ class WeChatRobot():
AddType : int
手机号: 0xF;微信号: 0x3;QQ号: 0x1;朋友验证消息: 0x6.
"""
return self.robot.CAddFriendByV3(v3,message,AddType)
\ No newline at end of file
return self.robot.CAddFriendByV3(v3,message,AddType)
def GetWeChatVer(self):
return self.robot.CGetWeChatVer()
def StartWeChat(self):
return self.robot.CStartWeChat()
\ No newline at end of file
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册