Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
888H355
ComWeChatRobot
提交
18dc5dd9
C
ComWeChatRobot
项目概览
888H355
/
ComWeChatRobot
与 Fork 源项目一致
从无法访问的项目Fork
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
C
ComWeChatRobot
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
未验证
提交
18dc5dd9
编写于
6月 01, 2022
作者:
J
Jack Li
提交者:
GitHub
6月 01, 2022
浏览文件
操作
浏览文件
下载
差异文件
Merge pull request #12 from ljc545w/3.7.0.26
适配微信3.7.0.26版本
上级
44599f26
0696e2ad
变更
20
隐藏空白更改
内联
并排
Showing
20 changed file
with
133 addition
and
175 deletion
+133
-175
DWeChatRobot/CheckFriendStatus.cpp
DWeChatRobot/CheckFriendStatus.cpp
+8
-8
DWeChatRobot/DbBackup.cpp
DWeChatRobot/DbBackup.cpp
+10
-10
DWeChatRobot/DbExecuteSql.cpp
DWeChatRobot/DbExecuteSql.cpp
+1
-1
DWeChatRobot/FriendList.cpp
DWeChatRobot/FriendList.cpp
+1
-1
DWeChatRobot/GetChatRoomMemebers.cpp
DWeChatRobot/GetChatRoomMemebers.cpp
+8
-5
DWeChatRobot/GetDbHandles.cpp
DWeChatRobot/GetDbHandles.cpp
+13
-13
DWeChatRobot/LogMsgInfo.cpp
DWeChatRobot/LogMsgInfo.cpp
+3
-3
DWeChatRobot/ReceiveMessage.cpp
DWeChatRobot/ReceiveMessage.cpp
+4
-7
DWeChatRobot/SelfInfo.cpp
DWeChatRobot/SelfInfo.cpp
+10
-10
DWeChatRobot/SendArticle.cpp
DWeChatRobot/SendArticle.cpp
+10
-10
DWeChatRobot/SendAtText.cpp
DWeChatRobot/SendAtText.cpp
+2
-2
DWeChatRobot/SendCard.cpp
DWeChatRobot/SendCard.cpp
+2
-2
DWeChatRobot/SendFile.cpp
DWeChatRobot/SendFile.cpp
+18
-51
DWeChatRobot/SendImage.cpp
DWeChatRobot/SendImage.cpp
+4
-4
DWeChatRobot/SendText.cpp
DWeChatRobot/SendText.cpp
+2
-2
DWeChatRobot/UserInfo.cpp
DWeChatRobot/UserInfo.cpp
+37
-44
DWeChatRobot/dllmain.cpp
DWeChatRobot/dllmain.cpp
+0
-1
Python/wxRobot.py
Python/wxRobot.py
+0
-1
Release/CWeChatRobot.exe
Release/CWeChatRobot.exe
+0
-0
Release/DWeChatRobot.dll
Release/DWeChatRobot.dll
+0
-0
未找到文件。
DWeChatRobot/CheckFriendStatus.cpp
浏览文件 @
18dc5dd9
#include "pch.h"
// 检查好友状态CALL1偏移
#define CheckFriendStatusCall1Offset 0x
78861210 - 0x787A
0000
#define CheckFriendStatusCall1Offset 0x
594944E0 - 0x593B
0000
// 检查好友状态CALL2偏移
#define CheckFriendStatusCall2Offset 0x
03521CD0 - 0x02E2
0000
#define CheckFriendStatusCall2Offset 0x
59B20890 - 0x593B
0000
// 检查好友状态CALL3偏移
#define CheckFriendStatusCall3Offset 0x
03521DC0 - 0x02E2
0000
#define CheckFriendStatusCall3Offset 0x
59B20980 - 0x593B
0000
// 检查好友状态CALL4偏移
#define CheckFriendStatusCall4Offset 0x
0321FB90 - 0x02E2
0000
#define CheckFriendStatusCall4Offset 0x
59813940 - 0x593B
0000
// 检查好友状态参数偏移
#define CheckFriendStatusParamOffset 0x
0504F3BC - 0x02E2
0000
#define CheckFriendStatusParamOffset 0x
5B7138F4 - 0x593B
0000
// 好友状态码HOOK地址偏移
#define CheckFriendStatusHookOffset 0x5
E0830B3 - 0x5DB6
0000
#define CheckFriendStatusHookOffset 0x5
9937373 - 0x593B
0000
// HOOK的CALL偏移
#define CheckFriendStatusNextCallOffset 0x5
E083150 - 0x5DB6
0000
#define CheckFriendStatusNextCallOffset 0x5
9937410 - 0x593B
0000
// HOOK跳转的地址偏移
#define CheckFriendStatusHookJmpBackOffset 0x5
E0830B8 - 0x5DB6
0000
#define CheckFriendStatusHookJmpBackOffset 0x5
9937378 - 0x593B
0000
// HOOK的CALL地址
DWORD
CheckFriendStatusNextCallAddress
=
GetWeChatWinBase
()
+
CheckFriendStatusNextCallOffset
;
...
...
DWeChatRobot/DbBackup.cpp
浏览文件 @
18dc5dd9
...
...
@@ -112,7 +112,7 @@ VOID PatchSQLite3_Backup_Init() {
if
(
SQLite3_Backup_Init_Patched
)
return
;
// patch掉这块指令,绕过`backup is not supported with encrypted databases`
DWORD
address_sqlite3_backup_init_patch_offset
=
OffsetFromIdaAddr
(
0x113
1C11
0
+
0x52
);
DWORD
address_sqlite3_backup_init_patch_offset
=
OffsetFromIdaAddr
(
0x113
E047
0
+
0x52
);
DWORD
patchAddress
=
GetWeChatWinBase
()
+
address_sqlite3_backup_init_patch_offset
;
const
int
nopLen
=
22
;
BYTE
nopData
[
nopLen
];
...
...
@@ -148,15 +148,15 @@ int BackupSQLiteDB(DWORD DbHandle,const char* BackupFile)
#ifdef _DEBUG
cout
<<
"开始备份,文件保存至: "
<<
BackupFile
<<
endl
;
#endif
DWORD
address_sqlite3_open
=
wxBaseAddress
+
OffsetFromIdaAddr
(
0x11
38ACD
0
);
DWORD
address_sqlite3_backup_init
=
wxBaseAddress
+
OffsetFromIdaAddr
(
0x113
1C11
0
);
DWORD
address_sqlite3_backup_step
=
wxBaseAddress
+
OffsetFromIdaAddr
(
0x113
1C51
0
);
DWORD
address_sqlite3_sleep
=
wxBaseAddress
+
OffsetFromIdaAddr
(
0x11
38B51
0
);
DWORD
address_sqlite3_backup_finish
=
wxBaseAddress
+
OffsetFromIdaAddr
(
0x113
1CB5
0
);
DWORD
address_sqlite3_close
=
wxBaseAddress
+
OffsetFromIdaAddr
(
0x11
3880A
0
);
DWORD
address_sqlite3_backup_remaining
=
wxBaseAddress
+
OffsetFromIdaAddr
(
0x113
1CC5
0
);
DWORD
address_sqlite3_backup_pagecount
=
wxBaseAddress
+
OffsetFromIdaAddr
(
0x113
1CC6
0
);
DWORD
address_sqlite3_errcode
=
wxBaseAddress
+
OffsetFromIdaAddr
(
0x11
38997
0
);
DWORD
address_sqlite3_open
=
wxBaseAddress
+
OffsetFromIdaAddr
(
0x11
44F00
0
);
DWORD
address_sqlite3_backup_init
=
wxBaseAddress
+
OffsetFromIdaAddr
(
0x113
E047
0
);
DWORD
address_sqlite3_backup_step
=
wxBaseAddress
+
OffsetFromIdaAddr
(
0x113
E087
0
);
DWORD
address_sqlite3_sleep
=
wxBaseAddress
+
OffsetFromIdaAddr
(
0x11
44F84
0
);
DWORD
address_sqlite3_backup_finish
=
wxBaseAddress
+
OffsetFromIdaAddr
(
0x113
E0EB
0
);
DWORD
address_sqlite3_close
=
wxBaseAddress
+
OffsetFromIdaAddr
(
0x11
44C3D
0
);
DWORD
address_sqlite3_backup_remaining
=
wxBaseAddress
+
OffsetFromIdaAddr
(
0x113
E0FB
0
);
DWORD
address_sqlite3_backup_pagecount
=
wxBaseAddress
+
OffsetFromIdaAddr
(
0x113
E0FC
0
);
DWORD
address_sqlite3_errcode
=
wxBaseAddress
+
OffsetFromIdaAddr
(
0x11
44DCA
0
);
const
char
*
myMain
=
"main"
;
int
rc
=
backupDb
(
DbHandle
,
...
...
DWeChatRobot/DbExecuteSql.cpp
浏览文件 @
18dc5dd9
#include "pch.h"
// sqlite3_exec函数偏移
#define sqlite3_execOffset 0x
66176570 - 0x64E2000
0
#define sqlite3_execOffset 0x
141A8C
0
// sqlite3_callback函数指针
typedef
int
(
*
sqlite3_callback
)(
...
...
DWeChatRobot/FriendList.cpp
浏览文件 @
18dc5dd9
...
...
@@ -2,7 +2,7 @@
#include <vector>
// 通讯录左树偏移
#define LeftTreeOffset 0x2
22F3BC
#define LeftTreeOffset 0x2
3638F4
/*
* 保存单个好友信息的结构体
...
...
DWeChatRobot/GetChatRoomMemebers.cpp
浏览文件 @
18dc5dd9
#include "pch.h"
// 获取群成员CALL1偏移
#define GetChatRoomMembersCall1Offset 0x
6246BBB0 - 0x61E2
0000
#define GetChatRoomMembersCall1Offset 0x
54926F80 - 0x5427
0000
// 获取群成员CALL2偏移
#define GetChatRoomMembersCall2Offset 0x
61EDF550 - 0x61E2
0000
#define GetChatRoomMembersCall2Offset 0x
54352990 - 0x5427
0000
// 获取群成员CALL3偏移
#define GetChatRoomMembersCall3Offset 0x
622046D0 - 0x61E2
0000
#define GetChatRoomMembersCall3Offset 0x
546B88C0 - 0x5427
0000
// 清空缓存CALL偏移
#define DeleteGetChatRoomMembersCacheCallOffset 0x
6246BDD0 - 0x61E2
0000
#define DeleteGetChatRoomMembersCacheCallOffset 0x
549271A0 - 0x5427
0000
/*
* 外部调用的返回类型
...
...
@@ -61,7 +61,7 @@ BOOL __stdcall GetChatRoomMembers(wchar_t* chatroomid) {
DWORD
DeleteGetChatRoomMembersCacheCall
=
WeChatWinBase
+
DeleteGetChatRoomMembersCacheCallOffset
;
WxBaseStruct
wsChatRoomId
(
chatroomid
);
char
buffer
[
0x1
B
0
]
=
{
0
};
char
buffer
[
0x1
E
0
]
=
{
0
};
DWORD
isSuccess
=
0x0
;
DWORD
DataAddr
=
0x0
;
...
...
@@ -83,6 +83,9 @@ BOOL __stdcall GetChatRoomMembers(wchar_t* chatroomid) {
}
if
(
isSuccess
)
{
char
*
members
=
(
char
*
)(
*
(
DWORD
*
)(
DataAddr
+
0x1C
));
#ifdef _DEBUG
cout
<<
members
<<
endl
;
#endif
wchar_t
*
wmembers
=
new
wchar_t
[
strlen
(
members
)
+
1
];
ZeroMemory
(
wmembers
,
(
strlen
(
members
)
+
1
)
*
2
);
MultiByteToWideChar
(
CP_ACP
,
0
,
members
,
-
1
,
wmembers
,
strlen
(
members
)
+
1
);
...
...
DWeChatRobot/GetDbHandles.cpp
浏览文件 @
18dc5dd9
#include "pch.h"
// 联系人相关库偏移
#define SqlHandleMicroMsgOffset 0x2
22F3FC
#define SqlHandleMicroMsgOffset 0x2
363934
// 公众号相关库偏移
#define SqlHandlePublicMsgOffset 0x2
2553D0
#define SqlHandlePublicMsgOffset 0x2
39B3C8
// 保存数据库信息的容器
vector
<
DbInfoStruct
>
dbs
;
...
...
@@ -47,7 +47,7 @@ void GetDbHandles() {
__asm
{
mov
eax
,
[
SqlHandleBaseAddr
];
mov
ecx
,
[
eax
];
add
ecx
,
0x1
88
8
;
add
ecx
,
0x1
42
8
;
mov
eax
,
[
ecx
];
mov
SqlHandleBeginAddr
,
eax
;
mov
eax
,
[
ecx
+
0x4
];
...
...
@@ -60,26 +60,26 @@ void GetDbHandles() {
SqlHandleBeginAddr
+=
0x4
;
if
(
SqlHandleBeginAddr
==
SqlHandleEndAddr
)
break
;
if
(
dbnames
.
find
((
wchar_t
*
)(
*
(
DWORD
*
)(
dwHandle
+
0x
78
)),
0
)
!=
wstring
::
npos
)
if
(
dbnames
.
find
((
wchar_t
*
)(
*
(
DWORD
*
)(
dwHandle
+
0x
50
)),
0
)
!=
wstring
::
npos
)
continue
;
DbInfoStruct
db
=
{
0
};
dbnames
+=
(
wchar_t
*
)(
*
(
DWORD
*
)(
dwHandle
+
0x
78
));
db
.
dbname
=
(
wchar_t
*
)(
*
(
DWORD
*
)(
dwHandle
+
0x
78
));
dbnames
+=
(
wchar_t
*
)(
*
(
DWORD
*
)(
dwHandle
+
0x
50
));
db
.
dbname
=
(
wchar_t
*
)(
*
(
DWORD
*
)(
dwHandle
+
0x
50
));
db
.
l_dbname
=
wcslen
(
db
.
dbname
);
db
.
handle
=
*
(
DWORD
*
)(
dwHandle
+
0x
64
);
ExecuteSQL
(
*
(
DWORD
*
)(
dwHandle
+
0x
64
),
"select * from sqlite_master where type=
\"
table
\"
;"
,(
DWORD
)
GetDbInfo
,
&
db
);
db
.
handle
=
*
(
DWORD
*
)(
dwHandle
+
0x
3C
);
ExecuteSQL
(
*
(
DWORD
*
)(
dwHandle
+
0x
3C
),
"select * from sqlite_master where type=
\"
table
\"
;"
,(
DWORD
)
GetDbInfo
,
&
db
);
dbs
.
push_back
(
db
);
}
for
(
int
i
=
1
;
i
<
4
;
i
++
)
{
dwHandle
=
*
((
DWORD
*
)(
SqlHandlePublicMsgAddr
+
i
*
0x4
));
if
(
dbnames
.
find
((
wchar_t
*
)(
*
(
DWORD
*
)(
dwHandle
+
0x
78
)),
0
)
!=
wstring
::
npos
)
if
(
dbnames
.
find
((
wchar_t
*
)(
*
(
DWORD
*
)(
dwHandle
+
0x
50
)),
0
)
!=
wstring
::
npos
)
continue
;
DbInfoStruct
db
=
{
0
};
dbnames
+=
(
wchar_t
*
)(
*
(
DWORD
*
)(
dwHandle
+
0x
78
));
db
.
dbname
=
(
wchar_t
*
)(
*
(
DWORD
*
)(
dwHandle
+
0x
78
));
dbnames
+=
(
wchar_t
*
)(
*
(
DWORD
*
)(
dwHandle
+
0x
50
));
db
.
dbname
=
(
wchar_t
*
)(
*
(
DWORD
*
)(
dwHandle
+
0x
50
));
db
.
l_dbname
=
wcslen
(
db
.
dbname
);
db
.
handle
=
*
(
DWORD
*
)(
dwHandle
+
0x
64
);
ExecuteSQL
(
*
(
DWORD
*
)(
dwHandle
+
0x
64
),
"select * from sqlite_master where type=
\"
table
\"
;"
,
(
DWORD
)
GetDbInfo
,
&
db
);
db
.
handle
=
*
(
DWORD
*
)(
dwHandle
+
0x
3C
);
ExecuteSQL
(
*
(
DWORD
*
)(
dwHandle
+
0x
3C
),
"select * from sqlite_master where type=
\"
table
\"
;"
,
(
DWORD
)
GetDbInfo
,
&
db
);
dbs
.
push_back
(
db
);
}
// 添加一个空结构体,作为读取结束标志
...
...
DWeChatRobot/LogMsgInfo.cpp
浏览文件 @
18dc5dd9
#include "pch.h"
// 微信日志HOOK地址偏移
#define HookLogMsgInfoAddrOffset 0x
103408A4 - 0x0FC4
0000
#define HookLogMsgInfoAddrOffset 0x
549DF444 - 0x5427
0000
// HOOK的CALL偏移
#define HookLogMsgInfoNextCallOffset 0x
11586DFC - 0x0FC4
0000
#define HookLogMsgInfoNextCallOffset 0x
55C7E50E - 0x5427
0000
// HOOK的跳转地址偏移
#define HookLogMsgJmpBackOffset 0x
103408A9 - 0x0FC4
0000
#define HookLogMsgJmpBackOffset 0x
549DF449 - 0x5427
0000
// 微信日志HOOK地址
DWORD
HookLogMsgInfoAddr
=
GetWeChatWinBase
()
+
HookLogMsgInfoAddrOffset
;
...
...
DWeChatRobot/ReceiveMessage.cpp
浏览文件 @
18dc5dd9
...
...
@@ -2,9 +2,9 @@
#include <vector>
// 接收消息的HOOK地址偏移
#define ReceiveMessageHookOffset 0x
034A4F60 - 0x02FE
0000
#define ReceiveMessageHookOffset 0x
547C0F4C - 0x5427
0000
// HOOK的CALL偏移
#define ReceiveMessageNextCallOffset 0x
034A0CE0 - 0x02FE
0000
#define ReceiveMessageNextCallOffset 0x
54D04E60 - 0x5427
0000
/*
* 保存单条信息的结构
...
...
@@ -47,9 +47,6 @@ DWORD JmpBackAddress = ReceiveMessageHookAddress + 0x5;
*/
VOID
ReceiveMessage
(
DWORD
messageAddr
)
{
// 此处用于区别是发送的还是接收的消息,发送的消息会被过滤
DWORD
isSendMessage
=
*
(
DWORD
*
)(
messageAddr
+
0x3C
);
if
(
isSendMessage
)
return
;
messageStruct
message
=
{
0
};
message
.
messagetype
=
*
(
DWORD
*
)(
messageAddr
+
0x38
);
...
...
@@ -124,8 +121,8 @@ _declspec(naked) void dealReceiveMessage() {
__asm
{
pushad
;
pushfd
;
mov
e
di
,
[
eax
];
push
e
di
;
mov
e
ax
,
[
edi
];
push
e
ax
;
call
ReceiveMessage
;
add
esp
,
0x4
;
popfd
;
...
...
DWeChatRobot/SelfInfo.cpp
浏览文件 @
18dc5dd9
...
...
@@ -21,16 +21,16 @@ struct SelfInfoStruct {
DWORD
GetSelfInfoRemote
()
{
DWORD
WeChatWinBase
=
GetWeChatWinBase
();
vector
<
DWORD
>
SelfInfoAddr
=
{
WeChatWinBase
+
0x2
22EB3
C
,
WeChatWinBase
+
0x2
22ED30
,
WeChatWinBase
+
0x2
22EBB
4
,
*
(
DWORD
*
)(
WeChatWinBase
+
0x2
22ECE
C
),
*
(
DWORD
*
)(
WeChatWinBase
+
0x2
22EE94
),
*
(
DWORD
*
)(
WeChatWinBase
+
0x2
22EEAC
),
WeChatWinBase
+
0x2
22EF30
,
WeChatWinBase
+
0x2
22ECB
C
,
WeChatWinBase
+
0x2
22ECD
4
,
WeChatWinBase
+
0x2
22EBE
8
WeChatWinBase
+
0x2
36307
C
,
WeChatWinBase
+
0x2
363548
,
WeChatWinBase
+
0x2
3630F
4
,
*
(
DWORD
*
)(
WeChatWinBase
+
0x2
36322
C
),
*
(
DWORD
*
)(
WeChatWinBase
+
0x2
39E11C
),
*
(
DWORD
*
)(
WeChatWinBase
+
0x2
3633D4
),
WeChatWinBase
+
0x2
3632E8
,
WeChatWinBase
+
0x2
3631F
C
,
WeChatWinBase
+
0x2
36321
4
,
WeChatWinBase
+
0x2
36312
8
};
vector
<
wstring
>
SelfInfoKey
=
{
...
...
DWeChatRobot/SendArticle.cpp
浏览文件 @
18dc5dd9
#include "pch.h"
// 发送文章CALL1偏移
#define SendArticleCall1Offset 0x
0F7454F0 - 0x0F6B
0000
#define SendArticleCall1Offset 0x
54328A10 - 0x5427
0000
// 发送文章CALL2偏移
#define SendArticleCall2Offset 0x
0FA41F80 - 0x0F6B
0000
#define SendArticleCall2Offset 0x
5465D5E0 - 0x5427
0000
// 发送文章CALL3偏移
#define SendArticleCall3Offset 0x
0F7794A0 - 0x0F6B
0000
#define SendArticleCall3Offset 0x
54377EB0 - 0x5427
0000
// 发送文章CALL4偏移
#define SendArticleCall4Offset 0x
0FA42150 - 0x0F6B
0000
#define SendArticleCall4Offset 0x
5465D7B0 - 0x5427
0000
// 发送文章CALL参数偏移
#define SendArticleParamOffset 0x
118EEC34 - 0x0F6B
0000
#define SendArticleParamOffset 0x
565F3FE4 - 0x5427
0000
// 清空缓存CALL1偏移
#define SendArticleClearCacheCall1Offset 0x
0FCEB4F0 - 0x0F6B
0000
#define SendArticleClearCacheCall1Offset 0x
54916450 - 0x5427
0000
// 清空缓存CALL2偏移
#define SendArticleClearCacheCall2Offset 0x
0F744200 - 0x0F6B
0000
#define SendArticleClearCacheCall2Offset 0x
54327720 - 0x5427
0000
/*
* 外部调用时传递的参数结构
...
...
@@ -49,7 +49,7 @@ VOID SendArticleRemote(LPVOID lparameter) {
* return:DWORD,个人wxid保存地址
*/
DWORD
GetSelfWxIdAddr
()
{
DWORD
baseAddr
=
GetWeChatWinBase
()
+
0x2
22EB3
C
;
DWORD
baseAddr
=
GetWeChatWinBase
()
+
0x2
36307
C
;
char
wxidbuffer
[
0x100
]
=
{
0
};
DWORD
SelfWxIdAddr
=
0x0
;
sprintf_s
(
wxidbuffer
,
"%s"
,
(
char
*
)
baseAddr
);
...
...
@@ -86,7 +86,7 @@ BOOL __stdcall SendArticle(wchar_t* wxid,wchar_t* title, wchar_t* abstract, wcha
// 自己的wxid,发送者
char
*
sselfwxid
=
(
char
*
)
GetSelfWxIdAddr
();
wchar_t
*
wselfwxid
=
new
wchar_t
[
strlen
(
sselfwxid
)
+
1
];
MultiByteToWideChar
(
CP_ACP
,
MB_COMPOSITE
,
sselfwxid
,
-
1
,
wselfwxid
,
strlen
(
sselfwxid
)
+
1
);
MultiByteToWideChar
(
CP_ACP
,
0
,
sselfwxid
,
-
1
,
wselfwxid
,
strlen
(
sselfwxid
)
+
1
);
// 构造xml数据
wchar_t
*
xmlbuffer
=
new
wchar_t
[
0x2000
];
ZeroMemory
(
xmlbuffer
,
0x2000
*
2
);
...
...
@@ -100,7 +100,7 @@ BOOL __stdcall SendArticle(wchar_t* wxid,wchar_t* title, wchar_t* abstract, wcha
WxBaseStruct
pReceiver
(
wxid
);
WxString
imgbuffer
=
{
0
};
WxString
nullStruct
=
{
0
};
char
buffer
[
0xF
9
0
]
=
{
0
};
char
buffer
[
0xF
F
0
]
=
{
0
};
DWORD
isSuccess
=
0x0
;
__asm
{
pushad
;
...
...
DWeChatRobot/SendAtText.cpp
浏览文件 @
18dc5dd9
#include "pch.h"
// 发送艾特消息CALL偏移
#define SendAtTextCallOffset 0x67
82E7B0 - 0x673
70000
#define SendAtTextCallOffset 0x67
391D30 - 0x66E
70000
// 清空缓存CALL偏移
#define DeleteAtTextCacheCallOffset 0x
67404200 - 0x673
70000
#define DeleteAtTextCacheCallOffset 0x
54327720 - 0x542
70000
/*
* 外部调用时传递的参数结构
...
...
DWeChatRobot/SendCard.cpp
浏览文件 @
18dc5dd9
#include "pch.h"
// 发送名片的CALL偏移
#define SendCardCallOffset 0x
644FE7B0 - 0x6404
0000
#define SendCardCallOffset 0x
54791D30 - 0x5427
0000
// 清空缓存的CALL偏移
#define DeleteCardCacheCallOffset 0x
640D4200 - 0x6404
0000
#define DeleteCardCacheCallOffset 0x
54327720 - 0x5427
0000
/*
* 外部调用时提供的参数结构
...
...
DWeChatRobot/SendFile.cpp
浏览文件 @
18dc5dd9
#include "pch.h"
// 发送文件CALL1偏移
#define SendFileCall1Offset (0x
67A71DC0 - 0x673
70000)
#define SendFileCall1Offset (0x
549E0980 - 0x542
70000)
// 发送文件CALL2偏移
#define SendFileCall2Offset (0x
68D81C83 - 0x673
70000)
#define SendFileCall2Offset (0x
549E0980 - 0x542
70000)
// 发送文件CALL3偏移
#define SendFileCall3Offset (0x
68D8047A - 0x673
70000)
#define SendFileCall3Offset (0x
5465D8C0 - 0x542
70000)
// 发送文件CALL4偏移
#define SendFileCall4Offset (0x
67702260 - 0x673
70000)
#define SendFileCall4Offset (0x
54698270 - 0x542
70000)
// 发送文件参数偏移
#define SendFileParamsOffset (0x
6959F170 - 0x673
70000)
#define SendFileParamsOffset (0x
565D36B0 - 0x542
70000)
// 清空缓存CALL偏移
#define DeleteSendFileCacheCallOffset (0x
67404200 - 0x673
70000)
#define DeleteSendFileCacheCallOffset (0x
54327720 - 0x542
70000)
/*
* 外部调用时传递的参数结构
...
...
@@ -86,13 +86,6 @@ void __stdcall SendFile(wchar_t* receiver, wchar_t* FilePath) {
__asm
{
pushad
;
pushfd
;
lea
esi
,
esi_
;
push
0
;
push
0
;
push
0
;
push
0
;
push
0
;
push
0x005A0000
;
sub
esp
,
0x14
;
mov
edi
,
esp
;
mov
dword
ptr
ds
:
[
edi
]
,
0x0
;
...
...
@@ -100,54 +93,28 @@ void __stdcall SendFile(wchar_t* receiver, wchar_t* FilePath) {
mov
dword
ptr
ds
:
[
edi
+
0x8
]
,
0x0
;
mov
dword
ptr
ds
:
[
edi
+
0xC
]
,
0x0
;
mov
dword
ptr
ds
:
[
edi
+
0x10
]
,
0x0
;
push
0x00DBE200
;
sub
esp
,
0x14
;
mov
edi
,
esp
;
mov
dword
ptr
ds
:
[
edi
]
,
0x0
;
mov
dword
ptr
ds
:
[
edi
+
0x4
]
,
0x0
;
mov
dword
ptr
ds
:
[
edi
+
0x8
]
,
0x0
;
mov
dword
ptr
ds
:
[
edi
+
0xC
]
,
0x0
;
mov
dword
ptr
ds
:
[
edi
+
0x10
]
,
0x0
;
sub
esp
,
0x14
;
lea
eax
,
dword
ptr
ds
:
[
esi
+
0x4
]
;
lea
eax
,
pFilePath
;
mov
ecx
,
esp
;
push
eax
;
call
WxSendFileCall1
;
sub
esp
,
0x14
;
lea
eax
,
pReceiver
;
mov
ecx
,
esp
;
mov
dword
ptr
ds
:
[
ecx
]
,
0x0
;
mov
dword
ptr
ds
:
[
ecx
+
0x4
]
,
0x0
;
mov
dword
ptr
ds
:
[
ecx
+
0x8
]
,
0x0
;
mov
dword
ptr
ds
:
[
ecx
+
0xC
]
,
0x0
;
mov
dword
ptr
ds
:
[
ecx
+
0x10
]
,
0x0
;
lea
edx
,
pReceiver
;
mov
eax
,
[
edx
];
mov
edi
,
edi_
;
lea
eax
,
dword
ptr
ds
:
[
edi
*
2
+
0x2
]
;
mov
tempecx
,
ecx
;
push
eax
;
push
dword
ptr
ds
:
[
ecx
]
;
call
WxSendFileCall2
;
mov
ecx
,
[
tempecx
];
mov
edx
,
eax
;
add
esp
,
0x8
;
mov
eax
,
dword
ptr
ds
:
[
ecx
+
0x4
]
;
mov
dword
ptr
ds
:
[
ecx
]
,
edx
;
mov
dword
ptr
ds
:
[
ecx
+
0x8
]
,
edi
;
mov
tempecx
,
ecx
;
push
edi
;
push
ptrReceiver
;
push
dword
ptr
ds
:
[
ecx
]
;
call
WxSendFileCall3
;
mov
ecx
,
[
tempecx
];
add
esp
,
0xC
;
mov
edx
,
0x0
;
mov
eax
,
dword
ptr
ds
:
[
ecx
]
;
mov
word
ptr
ds
:
[
eax
+
edi
*
2
]
,
0x0
;
mov
dword
ptr
ds
:
[
ecx
+
0x4
]
,
edi
;
mov
ecx
,
WxSendFileParams
;
mov
ecx
,
[
WxSendFileParams
];
lea
eax
,
buffer
;
push
eax
;
call
WxSendFileCall
4
;
call
WxSendFileCall
3
;
lea
ecx
,
buffer
;
call
DeleteSendFileCacheCall
;
popfd
;
...
...
DWeChatRobot/SendImage.cpp
浏览文件 @
18dc5dd9
#include "pch.h"
// 发送图片CALL1偏移
#define SendImageCall1Offset (0x
6740A1C0 - 0x673
70000)
#define SendImageCall1Offset (0x
5432D730 - 0x542
70000)
// 发送图片CALL2偏移
#define SendImageCall2Offset (0x
67A71DC0 - 0x673
70000)
#define SendImageCall2Offset (0x
549E0980 - 0x542
70000)
// 发送图片CALL3偏移
#define SendImageCall3Offset (0x
6782E160 - 0x673
70000)
#define SendImageCall3Offset (0x
54791640 - 0x542
70000)
// 清空缓存的CALL偏移
#define DeleteSendImageCacheCallOffset (0x
67404200 - 0x673
70000)
#define DeleteSendImageCacheCallOffset (0x
54327720 - 0x542
70000)
/*
* 外部调用时传递的参数结构
...
...
DWeChatRobot/SendText.cpp
浏览文件 @
18dc5dd9
#include "pch.h"
// 发送文本消息的CALL偏移
#define SendTextCallOffset 0x67
82E7B0 - 0x673
70000
#define SendTextCallOffset 0x67
391D30 - 0x66E
70000
// 清空缓存的CALL偏移
#define DeleteTextCacheCallOffset 0x
67404200 - 0x673
70000
#define DeleteTextCacheCallOffset 0x
54327720 - 0x542
70000
/*
* 外部调用时传递的参数结构
...
...
DWeChatRobot/UserInfo.cpp
浏览文件 @
18dc5dd9
...
...
@@ -3,19 +3,16 @@
#include <string>
#include <vector>
// 获取好友信息CALL0偏移
#define GetUserInfoCall0Offset 0x6740A000 - 0x67370000
// 获取好友信息CALL1偏移
#define GetUserInfoCall1Offset 0x
679C9840 - 0x6737
0000
#define GetUserInfoCall1Offset 0x
5946D570 - 0x593B
0000
// 获取好友信息CALL2偏移
#define GetUserInfoCall2Offset 0x
67A71DC0 - 0x6737
0000
#define GetUserInfoCall2Offset 0x
59B20980 - 0x593B
0000
// 获取好友信息CALL3偏移
#define GetUserInfoCall3Offset 0x677724A0 - 0x67370000
// 清空缓存CALL1偏移
#define DeleteUserInfoCacheCall1Offset 0x67775990 - 0x67370000
// 清空缓存CALL2偏移
#define DeleteUserInfoCacheCall2Offset 0x679CA340 - 0x67370000
#define GetUserInfoCall3Offset 0x59816270 - 0x593B0000
// 清理好友信息缓存参数
#define DeleteUserInfoCacheCall1Offset 0x59A752B0 - 0x593B0000
// 清理好友信息缓存CALL2
#define DeleteUserInfoCacheCall2Offset 0x5946E680 - 0x593B0000
/*
* 外部调用时的返回类型
...
...
@@ -117,12 +114,11 @@ VOID DeleteUserInfoCacheRemote() {
*/
BOOL
__stdcall
GetUserInfoByWxId
(
wchar_t
*
wxid
)
{
DWORD
WeChatWinBase
=
GetWeChatWinBase
();
DWORD
WxGetUserInfoCall0
=
WeChatWinBase
+
GetUserInfoCall0Offset
;
DWORD
WxGetUserInfoCall1
=
WeChatWinBase
+
GetUserInfoCall1Offset
;
DWORD
WxGetUserInfoCall2
=
WeChatWinBase
+
GetUserInfoCall2Offset
;
DWORD
WxGetUserInfoCall3
=
WeChatWinBase
+
GetUserInfoCall3Offset
;
DWORD
DeleteUserIn
of
CacheCall1
=
WeChatWinBase
+
DeleteUserInfoCacheCall1Offset
;
DWORD
DeleteUserIn
of
CacheCall2
=
WeChatWinBase
+
DeleteUserInfoCacheCall2Offset
;
DWORD
DeleteUserIn
fo
CacheCall1
=
WeChatWinBase
+
DeleteUserInfoCacheCall1Offset
;
DWORD
DeleteUserIn
fo
CacheCall2
=
WeChatWinBase
+
DeleteUserInfoCacheCall2Offset
;
char
buffer
[
0x3FC
]
=
{
0
};
WxBaseStruct
pWxid
(
wxid
);
DWORD
address
=
0
;
...
...
@@ -130,33 +126,32 @@ BOOL __stdcall GetUserInfoByWxId(wchar_t* wxid) {
__asm
{
pushad
;
call
WxGetUserInfoCall0
;
mov
edi
,
eax
;
lea
ecx
,
buffer
;
call
WxGetUserInfoCall1
;
lea
eax
,
buffer
;
mov
address
,
eax
;
push
eax
;
lea
ebx
,
buffer
;
push
ebx
;
sub
esp
,
0x14
;
mov
esi
,
eax
;
lea
eax
,
pWxid
;
mov
ecx
,
esp
;
lea
esi
,
pWxid
;
push
esi
;
push
eax
;
call
WxGetUserInfoCall2
;
mov
ecx
,
e
d
i
;
mov
ecx
,
e
s
i
;
call
WxGetUserInfoCall3
;
mov
isSuccess
,
eax
;
mov
address
,
ebx
;
popad
;
}
if
(
isSuccess
)
WxUserInfo
(
address
);
char
deletebuffer
[
0x410
]
=
{
0
};
__asm
{
pushad
;
lea
eax
,
buffer
;
lea
ecx
,
deletebuffer
;
call
DeleteUserInfoCacheCall1
;
push
eax
;
call
DeleteUserInofCacheCall1
;
lea
ecx
,
buffer
;
mov
esi
,
eax
;
call
DeleteUserInofCacheCall2
;
lea
ebx
,
buffer
;
mov
ecx
,
ebx
;
call
DeleteUserInfoCacheCall2
;
popad
;
}
return
isSuccess
;
...
...
@@ -169,12 +164,11 @@ BOOL __stdcall GetUserInfoByWxId(wchar_t* wxid) {
*/
wchar_t
*
__stdcall
GetUserNickNameByWxId
(
wchar_t
*
wxid
)
{
DWORD
WeChatWinBase
=
GetWeChatWinBase
();
DWORD
WxGetUserInfoCall0
=
WeChatWinBase
+
GetUserInfoCall0Offset
;
DWORD
WxGetUserInfoCall1
=
WeChatWinBase
+
GetUserInfoCall1Offset
;
DWORD
WxGetUserInfoCall2
=
WeChatWinBase
+
GetUserInfoCall2Offset
;
DWORD
WxGetUserInfoCall3
=
WeChatWinBase
+
GetUserInfoCall3Offset
;
DWORD
DeleteUserIn
of
CacheCall1
=
WeChatWinBase
+
DeleteUserInfoCacheCall1Offset
;
DWORD
DeleteUserIn
of
CacheCall2
=
WeChatWinBase
+
DeleteUserInfoCacheCall2Offset
;
DWORD
DeleteUserIn
fo
CacheCall1
=
WeChatWinBase
+
DeleteUserInfoCacheCall1Offset
;
DWORD
DeleteUserIn
fo
CacheCall2
=
WeChatWinBase
+
DeleteUserInfoCacheCall2Offset
;
char
buffer
[
0x3FC
]
=
{
0
};
WxBaseStruct
pWxid
(
wxid
);
DWORD
address
=
0
;
...
...
@@ -182,21 +176,19 @@ wchar_t* __stdcall GetUserNickNameByWxId(wchar_t* wxid) {
__asm
{
pushad
;
call
WxGetUserInfoCall0
;
mov
edi
,
eax
;
lea
ecx
,
buffer
;
call
WxGetUserInfoCall1
;
lea
eax
,
buffer
;
mov
address
,
eax
;
push
eax
;
lea
ebx
,
buffer
;
push
ebx
;
sub
esp
,
0x14
;
mov
esi
,
eax
;
lea
eax
,
pWxid
;
mov
ecx
,
esp
;
lea
esi
,
pWxid
;
push
esi
;
push
eax
;
call
WxGetUserInfoCall2
;
mov
ecx
,
e
d
i
;
mov
ecx
,
e
s
i
;
call
WxGetUserInfoCall3
;
mov
isSuccess
,
eax
;
mov
address
,
ebx
;
popad
;
}
wchar_t
*
NickName
=
NULL
;
...
...
@@ -206,14 +198,15 @@ wchar_t* __stdcall GetUserNickNameByWxId(wchar_t* wxid) {
ZeroMemory
(
NickName
,
(
length
+
1
)
*
2
);
memcpy
(
NickName
,
(
wchar_t
*
)(
*
(
DWORD
*
)(
address
+
0x6C
)),
length
*
2
);
}
char
deletebuffer
[
0x410
]
=
{
0
};
__asm
{
pushad
;
lea
eax
,
buffer
;
lea
ecx
,
deletebuffer
;
call
DeleteUserInfoCacheCall1
;
push
eax
;
call
DeleteUserInofCacheCall1
;
lea
ecx
,
buffer
;
mov
esi
,
eax
;
call
DeleteUserInofCacheCall2
;
lea
ebx
,
buffer
;
mov
ecx
,
ebx
;
call
DeleteUserInfoCacheCall2
;
popad
;
}
return
NickName
;
...
...
DWeChatRobot/dllmain.cpp
浏览文件 @
18dc5dd9
...
...
@@ -24,7 +24,6 @@ BOOL APIENTRY DllMain( HMODULE hModule,
printf
(
"GetChatRoomMembers 0x%08X
\n
"
,
(
DWORD
)
GetChatRoomMembers
);
printf
(
"ExecuteSql 0x%08X
\n
"
,
(
DWORD
)
ExecuteSQL
);
printf
(
"BackupSQLiteDB 0x%08X
\n
"
,
(
DWORD
)
BackupSQLiteDBRemote
);
HookLogMsgInfo
();
#endif
break
;
}
...
...
Python/wxRobot.py
浏览文件 @
18dc5dd9
...
...
@@ -60,7 +60,6 @@ class WeChatRobot():
myinfo
=
ast
.
literal_eval
(
myinfo
)
except
SyntaxError
:
return
{}
myinfo
[
'wxBigAvatar'
]
=
myinfo
[
'wxBigAvatar'
].
replace
(
"/132"
,
"/0"
)
self
.
myinfo
=
myinfo
return
self
.
myinfo
...
...
Release/CWeChatRobot.exe
浏览文件 @
18dc5dd9
无法预览此类型文件
Release/DWeChatRobot.dll
浏览文件 @
18dc5dd9
无法预览此类型文件
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录