COM组件新增加好友接口

CWeChatRobot/AddFriend.h

+#pragma once
+#include<windows.h>
+
+BOOL AddFriendByWxid(wchar_t* wxid, wchar_t* message);
+BOOL AddFriendByV3(wchar_t* v3, wchar_t* message,int AddType);
\ No newline at end of file

CWeChatRobot/AddFriendByV3.cpp

+#include "pch.h"
+
+struct AddFriendByV3Struct {
+    DWORD v3;
+    DWORD message;
+    DWORD AddType;
+};
+
+BOOL AddFriendByV3(wchar_t* v3, wchar_t* message,int AddType) {
+    if (!hProcess)
+        return 1;
+    DWORD WeChatRobotBase = GetWeChatRobotBase();
+    DWORD dwId = 0;
+    DWORD dwWriteSize = 0;
+    DWORD dwRet = 1;
+
+    LPVOID v3addr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
+    LPVOID messageaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
+    AddFriendByV3Struct* paramAndFunc = (AddFriendByV3Struct*)VirtualAllocEx(hProcess, 0, sizeof(AddFriendByV3Struct), MEM_COMMIT, PAGE_READWRITE);
+    if (!v3addr || !messageaddr || !paramAndFunc)
+        return 1;
+    WriteProcessMemory(hProcess, v3addr, v3, wcslen(v3) * 2 + 2, &dwWriteSize);
+    if(message)
+        WriteProcessMemory(hProcess, messageaddr, message, wcslen(message) * 2 + 2, &dwWriteSize);
+
+    AddFriendByV3Struct params = { 0 };
+    params.v3 = (DWORD)v3addr;
+    params.message = message ? (DWORD)messageaddr : 0;
+    params.AddType = AddType;
+    WriteProcessMemory(hProcess, paramAndFunc, &params, sizeof(params), &dwWriteSize);
+    DWORD AddFriendByV3Addr = WeChatRobotBase + AddFriendByV3RemoteOffset;
+    HANDLE hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)AddFriendByV3Addr, (LPVOID)paramAndFunc, 0, &dwId);
+    if (hThread) {
+        WaitForSingleObject(hThread, INFINITE);
+        GetExitCodeThread(hThread, &dwRet);
+        CloseHandle(hThread);
+    }
+
+    VirtualFreeEx(hProcess, v3addr, 0, MEM_RELEASE);
+    VirtualFreeEx(hProcess, messageaddr, 0, MEM_RELEASE);
+    VirtualFreeEx(hProcess, paramAndFunc, 0, MEM_RELEASE);
+    return dwRet == 0;
+}
\ No newline at end of file

CWeChatRobot/AddFriendByWxid.cpp

+#include "pch.h"
+
+struct AddFriendByWxidStruct {
+    DWORD wxid;
+    DWORD message;
+};
+
+BOOL AddFriendByWxid(wchar_t* wxid,wchar_t* message) {
+    if (!hProcess)
+        return 1;
+    DWORD WeChatRobotBase = GetWeChatRobotBase();
+    DWORD dwId = 0;
+    DWORD dwWriteSize = 0;
+    DWORD dwRet = 1;
+
+    LPVOID wxidaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
+    LPVOID messageaddr = VirtualAllocEx(hProcess, NULL, 1, MEM_COMMIT, PAGE_READWRITE);
+    AddFriendByWxidStruct* paramAndFunc = (AddFriendByWxidStruct*)VirtualAllocEx(hProcess, 0, sizeof(AddFriendByWxidStruct), MEM_COMMIT, PAGE_READWRITE);
+    if (!wxidaddr || !messageaddr || !paramAndFunc)
+        return 1;
+    WriteProcessMemory(hProcess, wxidaddr, wxid, wcslen(wxid) * 2 + 2, &dwWriteSize);
+    if(message)
+        WriteProcessMemory(hProcess, messageaddr, message, wcslen(message) * 2 + 2, &dwWriteSize);
+    
+    AddFriendByWxidStruct params = { 0 };
+    params.wxid = (DWORD)wxidaddr;
+    params.message = message ? (DWORD)messageaddr : 0;
+    WriteProcessMemory(hProcess, paramAndFunc, &params, sizeof(params), &dwWriteSize);
+    DWORD AddFriendByWxidAddr = WeChatRobotBase + AddFriendByWxidRemoteOffset;
+    HANDLE hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)AddFriendByWxidAddr, (LPVOID)paramAndFunc, 0, &dwId);
+    if (hThread) {
+        WaitForSingleObject(hThread, INFINITE);
+        GetExitCodeThread(hThread, &dwRet);
+        CloseHandle(hThread);
+    }
+
+    VirtualFreeEx(hProcess, wxidaddr, 0, MEM_RELEASE);
+    VirtualFreeEx(hProcess, messageaddr, 0, MEM_RELEASE);
+    VirtualFreeEx(hProcess, paramAndFunc, 0, MEM_RELEASE);
+    return dwRet == 0;
+}
\ No newline at end of file

CWeChatRobot/InjertDll.cpp

@@ -69,7 +69,10 @@ BOOL RemoveDll(DWORD dwId) {
         return 1;
     }
     CloseHandle(hThread);
-
+    if (!dwHandle) {
+        VirtualFreeEx(hProcess, pRemoteAddress, 0, MEM_RELEASE);
+        return 0;
+    }
     pFunc = FreeConsole;
     hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)pFunc, NULL, 0, &dwID);
     if (hThread) {

CWeChatRobot/ReceiveMessage.cpp

@@ -4,6 +4,7 @@ BOOL ReceiveMessageHooked = FALSE;
 
 struct GetRemoteMessageStruct {
     DWORD type;
+    BOOL isSendMessage;
     DWORD sender;
     DWORD l_sender;
     DWORD wxid;
@@ -12,10 +13,14 @@ struct GetRemoteMessageStruct {
     DWORD l_message;
     DWORD filepath;
     DWORD l_filepath;
+    DWORD time;
+    DWORD l_time;
 };
 
 struct MessageStruct {
     DWORD type;
+    BOOL isSendMessage;
+    wchar_t* time;
     wchar_t* sender;
     wchar_t* wxid;
     wchar_t* message;
@@ -42,8 +47,10 @@ BOOL StartReceiveMessage() {
 }
 
 BOOL StopReceiveMessage() {
-    if (!hProcess || !ReceiveMessageHooked)
+    if (!hProcess || !ReceiveMessageHooked) {
+        ReceiveMessageHooked = FALSE;
         return 1;
+    }
     DWORD WeChatRobotBase = GetWeChatRobotBase();
     DWORD dwId = 0;
 
@@ -107,10 +114,15 @@ SAFEARRAY* ReceiveMessage() {
     MessageStruct message = { 0 };
     HRESULT hr = S_OK;
     GetHeadMessage(&remotemessage);
+#ifdef _DEBUG
     printf("0x%X,0x%08X,0x%08X,0x%08X\n", remotemessage.type, remotemessage.sender, remotemessage.wxid, remotemessage.message);
+#endif
     DWORD dwInfoAddr = 0;
     if (remotemessage.type) {
         message.type = remotemessage.type;
+        message.isSendMessage = remotemessage.isSendMessage;
+        message.time = new wchar_t[remotemessage.l_time + 1];
+        ReadProcessMemory(hProcess, (LPCVOID)remotemessage.time, message.time, (remotemessage.l_time + 1) * sizeof(wchar_t), 0);
         message.sender = new wchar_t[remotemessage.l_sender + 1];
         ReadProcessMemory(hProcess, (LPCVOID)remotemessage.sender, message.sender, (remotemessage.l_sender + 1) * sizeof(wchar_t), 0);
         message.wxid = new wchar_t[remotemessage.l_wxid + 1];
@@ -129,44 +141,35 @@ SAFEARRAY* ReceiveMessage() {
     SAFEARRAY* psaValue;
     vector<wstring> MessageInfoKey = {
         L"type",
-        L"sender",
+        L"isSendMessage",
+        L"time",
+        message.isSendMessage ? L"sendto" : L"from",
         L"wxid",
         L"message",
         L"filepath",
     };
-    SAFEARRAYBOUND rgsaBound[2] = { {5,0},{2,0} };
+    SAFEARRAYBOUND rgsaBound[2] = { {MessageInfoKey.size(),0},{2,0} };
     psaValue = SafeArrayCreate(VT_VARIANT, 2, rgsaBound);
     long keyIndex[2] = { 0,0 };
     keyIndex[0] = 0; keyIndex[1] = 0;
-    hr = SafeArrayPutElement(psaValue, keyIndex, &(_variant_t)MessageInfoKey[0].c_str());
-    keyIndex[0] = 0; keyIndex[1] = 1;
-    hr = SafeArrayPutElement(psaValue, keyIndex, &(_variant_t)message.type);
-
-    keyIndex[0] = 1; keyIndex[1] = 0;
-    hr = SafeArrayPutElement(psaValue, keyIndex, &(_variant_t)MessageInfoKey[1].c_str());
-    keyIndex[0] = 1; keyIndex[1] = 1;
-    hr = SafeArrayPutElement(psaValue, keyIndex, &(_variant_t)message.sender);
+    for (unsigned int i = 0; i < MessageInfoKey.size(); i++) {
+        keyIndex[0] = i; keyIndex[1] = 0;
+        hr = SafeArrayPutElement(psaValue, keyIndex, &(_variant_t)MessageInfoKey[i].c_str());
+        keyIndex[0] = i; keyIndex[1] = 1;
+        if(i < 2)
+            hr = SafeArrayPutElement(psaValue, keyIndex, &(_variant_t)((DWORD*)&message)[i]);
+        else {
+            hr = SafeArrayPutElement(psaValue, keyIndex, &(_variant_t)((wchar_t**)&message)[i]);
+        }
+    }
+    delete[] message.time;
+    message.time = NULL;
     delete[] message.sender;
     message.sender = NULL;
-
-    keyIndex[0] = 2; keyIndex[1] = 0;
-    hr = SafeArrayPutElement(psaValue, keyIndex, &(_variant_t)MessageInfoKey[2].c_str());
-    keyIndex[0] = 2; keyIndex[1] = 1;
-    hr = SafeArrayPutElement(psaValue, keyIndex, &(_variant_t)message.wxid);
     delete[] message.wxid;
     message.wxid = NULL;
-
-    keyIndex[0] = 3; keyIndex[1] = 0;
-    hr = SafeArrayPutElement(psaValue, keyIndex, &(_variant_t)MessageInfoKey[3].c_str());
-    keyIndex[0] = 3; keyIndex[1] = 1;
-    hr = SafeArrayPutElement(psaValue, keyIndex, &(_variant_t)message.message);
     delete[] message.message;
     message.message = NULL;
-
-    keyIndex[0] = 4; keyIndex[1] = 0;
-    hr = SafeArrayPutElement(psaValue, keyIndex, &(_variant_t)MessageInfoKey[4].c_str());
-    keyIndex[0] = 4; keyIndex[1] = 1;
-    hr = SafeArrayPutElement(psaValue, keyIndex, &(_variant_t)message.filepath);
     delete[] message.filepath;
     message.filepath = NULL;
 

CWeChatRobot/WeChatRobot.cpp

@@ -250,4 +250,25 @@ STDMETHODIMP CWeChatRobot::CBackupSQLiteDB(DWORD DbHandle, BSTR savepath, int* _
 STDMETHODIMP CWeChatRobot::CVerifyFriendApply(BSTR v3, BSTR v4, int* __result) {
     *__result = VerifyFriendApply(v3, v4);
     return S_OK;
+}
+
+/*
+* 参数1：wxid
+* 参数2：附加信息
+* 参数3：预返回的值，调用时无需提供
+*/
+STDMETHODIMP CWeChatRobot::CAddFriendByWxid(BSTR wxid, BSTR message, int* __result) {
+    *__result = AddFriendByWxid(wxid, message);
+    return S_OK;
+}
+
+/*
+* 参数1：v3数据
+* 参数2：附加信息
+* 参数3：添加方式
+* 参数4：预返回的值，调用时无需提供
+*/
+STDMETHODIMP CWeChatRobot::CAddFriendByV3(BSTR v3, BSTR message,int AddType, int* __result) {
+    *__result = AddFriendByV3(v3, message,AddType);
+    return S_OK;
 }
\ No newline at end of file

CWeChatRobot/WeChatRobot.h

@@ -75,6 +75,8 @@ public:
 	STDMETHODIMP CExecuteSQL(DWORD DbHandle, BSTR sql, VARIANT* __result);
 	STDMETHODIMP CBackupSQLiteDB(DWORD DbHandle, BSTR savepath, int* __result);
 	STDMETHODIMP CVerifyFriendApply(BSTR v3, BSTR v4, int* __result);
+	STDMETHODIMP CAddFriendByWxid(BSTR wxid, BSTR message, int* __result);
+	STDMETHODIMP CAddFriendByV3(BSTR v3, BSTR message, int AddType, int* __result);
 };
 
 OBJECT_ENTRY_AUTO(__uuidof(WeChatRobot), CWeChatRobot)

CWeChatRobot/WeChatRobotCOM.idl

@@ -40,6 +40,8 @@ interface IWeChatRobot : IDispatch
 	[id(22)] HRESULT CExecuteSQL([in] DWORD DbHandle, [in] BSTR sql, [out, retval] VARIANT* __result);
 	[id(23)] HRESULT CBackupSQLiteDB([in] DWORD DbHandle, [in] BSTR savepath, [out, retval] int* __result);
 	[id(24)] HRESULT CVerifyFriendApply([in] BSTR v3, [in] BSTR v4, [out, retval] int* __result);
+	[id(25)] HRESULT CAddFriendByWxid([in] BSTR wxid, [in] BSTR message, [out, retval] int* __result);
+	[id(26)] HRESULT CAddFriendByV3([in] BSTR v3, [in] BSTR message, [in] int AddType, [out, retval] int* __result);
 };
 [
 	uuid(721abb35-141a-4aa2-94f2-762e2833fa6c),

CWeChatRobot/WeChatRobotCOM.vcxproj

@@ -211,6 +211,7 @@
     </Link>
   </ItemDefinitionGroup>
   <ItemGroup>
+    <ClInclude Include="AddFriend.h" />
     <ClInclude Include="CheckFriendStatus.h" />
     <ClInclude Include="DbBackup.h" />
     <ClInclude Include="DbExecuteSql.h" />
@@ -238,6 +239,8 @@
     <ClInclude Include="xdlldata.h" />
   </ItemGroup>
   <ItemGroup>
+    <ClCompile Include="AddFriendByV3.cpp" />
+    <ClCompile Include="AddFriendByWxid.cpp" />
     <ClCompile Include="CheckFriendStatus.cpp" />
     <ClCompile Include="DbBackup.cpp" />
     <ClCompile Include="DbExecuteSql.cpp" />

CWeChatRobot/WeChatRobotCOM.vcxproj.filters

@@ -80,6 +80,9 @@
     <Filter Include="好友相关\通过好友请求">
       <UniqueIdentifier>{ed2746cb-8d2d-4ad9-865d-d06563766571}</UniqueIdentifier>
     </Filter>
+    <Filter Include="好友相关\添加好友">
+      <UniqueIdentifier>{14bcc8af-c28c-4911-8be2-53280ec154ec}</UniqueIdentifier>
+    </Filter>
   </ItemGroup>
   <ItemGroup>
     <ClInclude Include="framework.h">
@@ -157,6 +160,9 @@
     <ClInclude Include="VerifyFriendApply.h">
       <Filter>好友相关\通过好友请求</Filter>
     </ClInclude>
+    <ClInclude Include="AddFriend.h">
+      <Filter>好友相关\添加好友</Filter>
+    </ClInclude>
   </ItemGroup>
   <ItemGroup>
     <ClCompile Include="WeChatRobotCOM.cpp">
@@ -225,6 +231,12 @@
     <ClCompile Include="VerifyFriendApply.cpp">
       <Filter>好友相关\通过好友请求</Filter>
     </ClCompile>
+    <ClCompile Include="AddFriendByWxid.cpp">
+      <Filter>好友相关\添加好友</Filter>
+    </ClCompile>
+    <ClCompile Include="AddFriendByV3.cpp">
+      <Filter>好友相关\添加好友</Filter>
+    </ClCompile>
   </ItemGroup>
   <ItemGroup>
     <ResourceCompile Include="WeChatRobotCOM.rc">

CWeChatRobot/WeChatRobotCOM_i.h

@@ -185,6 +185,17 @@ EXTERN_C const IID IID_IWeChatRobot;
             /* [in] */ BSTR v4,
             /* [retval][out] */ int *__result) = 0;
         
+        virtual /* [id] */ HRESULT STDMETHODCALLTYPE CAddFriendByWxid( 
+            /* [in] */ BSTR wxid,
+            /* [in] */ BSTR message,
+            /* [retval][out] */ int *__result) = 0;
+        
+        virtual /* [id] */ HRESULT STDMETHODCALLTYPE CAddFriendByV3( 
+            /* [in] */ BSTR v3,
+            /* [in] */ BSTR message,
+            /* [in] */ int AddType,
+            /* [retval][out] */ int *__result) = 0;
+        
     };
     
     
@@ -364,6 +375,19 @@ EXTERN_C const IID IID_IWeChatRobot;
             /* [in] */ BSTR v4,
             /* [retval][out] */ int *__result);
         
+        /* [id] */ HRESULT ( STDMETHODCALLTYPE *CAddFriendByWxid )( 
+            IWeChatRobot * This,
+            /* [in] */ BSTR wxid,
+            /* [in] */ BSTR message,
+            /* [retval][out] */ int *__result);
+        
+        /* [id] */ HRESULT ( STDMETHODCALLTYPE *CAddFriendByV3 )( 
+            IWeChatRobot * This,
+            /* [in] */ BSTR v3,
+            /* [in] */ BSTR message,
+            /* [in] */ int AddType,
+            /* [retval][out] */ int *__result);
+        
         END_INTERFACE
     } IWeChatRobotVtbl;
 
@@ -472,6 +496,12 @@ EXTERN_C const IID IID_IWeChatRobot;
 #define IWeChatRobot_CVerifyFriendApply(This,v3,v4,__result)	\
     ( (This)->lpVtbl -> CVerifyFriendApply(This,v3,v4,__result) ) 
 
+#define IWeChatRobot_CAddFriendByWxid(This,wxid,message,__result)	\
+    ( (This)->lpVtbl -> CAddFriendByWxid(This,wxid,message,__result) ) 
+
+#define IWeChatRobot_CAddFriendByV3(This,v3,message,AddType,__result)	\
+    ( (This)->lpVtbl -> CAddFriendByV3(This,v3,message,AddType,__result) ) 
+
 #endif /* COBJMACROS */
 
 

CWeChatRobot/WeChatRobotCOM_p.c

@@ -49,7 +49,7 @@
 #include "WeChatRobotCOM_i.h"
 
 #define TYPE_FORMAT_STRING_SIZE   1239                              
-#define PROC_FORMAT_STRING_SIZE   1015                              
+#define PROC_FORMAT_STRING_SIZE   1117                              
 #define EXPR_FORMAT_STRING_SIZE   1                                 
 #define TRANSMIT_AS_TABLE_SIZE    0            
 #define WIRE_MARSHAL_TABLE_SIZE   2            
@@ -994,6 +994,99 @@ static const WeChatRobotCOM_MIDL_PROC_FORMAT_STRING WeChatRobotCOM__MIDL_ProcFor
 /* 1012 */	0x8,		/* FC_LONG */
 			0x0,		/* 0 */
 
+	/* Procedure CAddFriendByWxid */
+
+/* 1014 */	0x33,		/* FC_AUTO_HANDLE */
+			0x6c,		/* Old Flags:  object, Oi2 */
+/* 1016 */	NdrFcLong( 0x0 ),	/* 0 */
+/* 1020 */	NdrFcShort( 0x1f ),	/* 31 */
+/* 1022 */	NdrFcShort( 0x14 ),	/* x86 Stack size/offset = 20 */
+/* 1024 */	NdrFcShort( 0x0 ),	/* 0 */
+/* 1026 */	NdrFcShort( 0x24 ),	/* 36 */
+/* 1028 */	0x46,		/* Oi2 Flags:  clt must size, has return, has ext, */
+			0x4,		/* 4 */
+/* 1030 */	0x8,		/* 8 */
+			0x45,		/* Ext Flags:  new corr desc, srv corr check, has range on conformance */
+/* 1032 */	NdrFcShort( 0x0 ),	/* 0 */
+/* 1034 */	NdrFcShort( 0x1 ),	/* 1 */
+/* 1036 */	NdrFcShort( 0x0 ),	/* 0 */
+
+	/* Parameter wxid */
+
+/* 1038 */	NdrFcShort( 0x8b ),	/* Flags:  must size, must free, in, by val, */
+/* 1040 */	NdrFcShort( 0x4 ),	/* x86 Stack size/offset = 4 */
+/* 1042 */	NdrFcShort( 0x2a ),	/* Type Offset=42 */
+
+	/* Parameter message */
+
+/* 1044 */	NdrFcShort( 0x8b ),	/* Flags:  must size, must free, in, by val, */
+/* 1046 */	NdrFcShort( 0x8 ),	/* x86 Stack size/offset = 8 */
+/* 1048 */	NdrFcShort( 0x2a ),	/* Type Offset=42 */
+
+	/* Parameter __result */
+
+/* 1050 */	NdrFcShort( 0x2150 ),	/* Flags:  out, base type, simple ref, srv alloc size=8 */
+/* 1052 */	NdrFcShort( 0xc ),	/* x86 Stack size/offset = 12 */
+/* 1054 */	0x8,		/* FC_LONG */
+			0x0,		/* 0 */
+
+	/* Return value */
+
+/* 1056 */	NdrFcShort( 0x70 ),	/* Flags:  out, return, base type, */
+/* 1058 */	NdrFcShort( 0x10 ),	/* x86 Stack size/offset = 16 */
+/* 1060 */	0x8,		/* FC_LONG */
+			0x0,		/* 0 */
+
+	/* Procedure CAddFriendByV3 */
+
+/* 1062 */	0x33,		/* FC_AUTO_HANDLE */
+			0x6c,		/* Old Flags:  object, Oi2 */
+/* 1064 */	NdrFcLong( 0x0 ),	/* 0 */
+/* 1068 */	NdrFcShort( 0x20 ),	/* 32 */
+/* 1070 */	NdrFcShort( 0x18 ),	/* x86 Stack size/offset = 24 */
+/* 1072 */	NdrFcShort( 0x8 ),	/* 8 */
+/* 1074 */	NdrFcShort( 0x24 ),	/* 36 */
+/* 1076 */	0x46,		/* Oi2 Flags:  clt must size, has return, has ext, */
+			0x5,		/* 5 */
+/* 1078 */	0x8,		/* 8 */
+			0x45,		/* Ext Flags:  new corr desc, srv corr check, has range on conformance */
+/* 1080 */	NdrFcShort( 0x0 ),	/* 0 */
+/* 1082 */	NdrFcShort( 0x1 ),	/* 1 */
+/* 1084 */	NdrFcShort( 0x0 ),	/* 0 */
+
+	/* Parameter v3 */
+
+/* 1086 */	NdrFcShort( 0x8b ),	/* Flags:  must size, must free, in, by val, */
+/* 1088 */	NdrFcShort( 0x4 ),	/* x86 Stack size/offset = 4 */
+/* 1090 */	NdrFcShort( 0x2a ),	/* Type Offset=42 */
+
+	/* Parameter message */
+
+/* 1092 */	NdrFcShort( 0x8b ),	/* Flags:  must size, must free, in, by val, */
+/* 1094 */	NdrFcShort( 0x8 ),	/* x86 Stack size/offset = 8 */
+/* 1096 */	NdrFcShort( 0x2a ),	/* Type Offset=42 */
+
+	/* Parameter AddType */
+
+/* 1098 */	NdrFcShort( 0x48 ),	/* Flags:  in, base type, */
+/* 1100 */	NdrFcShort( 0xc ),	/* x86 Stack size/offset = 12 */
+/* 1102 */	0x8,		/* FC_LONG */
+			0x0,		/* 0 */
+
+	/* Parameter __result */
+
+/* 1104 */	NdrFcShort( 0x2150 ),	/* Flags:  out, base type, simple ref, srv alloc size=8 */
+/* 1106 */	NdrFcShort( 0x10 ),	/* x86 Stack size/offset = 16 */
+/* 1108 */	0x8,		/* FC_LONG */
+			0x0,		/* 0 */
+
+	/* Return value */
+
+/* 1110 */	NdrFcShort( 0x70 ),	/* Flags:  out, return, base type, */
+/* 1112 */	NdrFcShort( 0x14 ),	/* x86 Stack size/offset = 20 */
+/* 1114 */	0x8,		/* FC_LONG */
+			0x0,		/* 0 */
+
 			0x0
         }
     };
@@ -1862,7 +1955,9 @@ static const unsigned short IWeChatRobot_FormatStringOffsetTable[] =
     834,
     870,
     918,
-    966
+    966,
+    1014,
+    1062
     };
 
 static const MIDL_STUBLESS_PROXY_INFO IWeChatRobot_ProxyInfo =
@@ -1886,7 +1981,7 @@ static const MIDL_SERVER_INFO IWeChatRobot_ServerInfo =
     0,
     0,
     0};
-CINTERFACE_PROXY_VTABLE(31) _IWeChatRobotProxyVtbl = 
+CINTERFACE_PROXY_VTABLE(33) _IWeChatRobotProxyVtbl = 
 {
     &IWeChatRobot_ProxyInfo,
     &IID_IWeChatRobot,
@@ -1920,7 +2015,9 @@ CINTERFACE_PROXY_VTABLE(31) _IWeChatRobotProxyVtbl =
     (void *) (INT_PTR) -1 /* IWeChatRobot::CGetDbHandles */ ,
     (void *) (INT_PTR) -1 /* IWeChatRobot::CExecuteSQL */ ,
     (void *) (INT_PTR) -1 /* IWeChatRobot::CBackupSQLiteDB */ ,
-    (void *) (INT_PTR) -1 /* IWeChatRobot::CVerifyFriendApply */
+    (void *) (INT_PTR) -1 /* IWeChatRobot::CVerifyFriendApply */ ,
+    (void *) (INT_PTR) -1 /* IWeChatRobot::CAddFriendByWxid */ ,
+    (void *) (INT_PTR) -1 /* IWeChatRobot::CAddFriendByV3 */
 };
 
 
@@ -1953,6 +2050,8 @@ static const PRPC_STUB_FUNCTION IWeChatRobot_table[] =
     NdrStubCall2,
     NdrStubCall2,
     NdrStubCall2,
+    NdrStubCall2,
+    NdrStubCall2,
     NdrStubCall2
 };
 
@@ -1960,7 +2059,7 @@ CInterfaceStubVtbl _IWeChatRobotStubVtbl =
 {
     &IID_IWeChatRobot,
     &IWeChatRobot_ServerInfo,
-    31,
+    33,
     &IWeChatRobot_table[-3],
     CStdStubBuffer_DELEGATING_METHODS
 };

CWeChatRobot/pch.cpp

@@ -37,6 +37,9 @@ DWORD GetDbHandlesRemoteOffset = 0x0;
 DWORD ExecuteSQLRemoteOffset = 0x0;
 DWORD BackupSQLiteDBRemoteOffset = 0x0;
 
+DWORD AddFriendByWxidRemoteOffset = 0x0;
+DWORD AddFriendByV3RemoteOffset = 0x0;
+
 wstring SelfInfoString = L"";
 
 HANDLE hProcess = NULL;
@@ -83,19 +86,20 @@ DWORD GetWeChatRobotBase() {
     return dwHandle;
 }
 
-void GetProcOffset(wchar_t* workPath) {
+BOOL GetProcOffset(wchar_t* workPath) {
     wchar_t* dllpath = new wchar_t[MAX_PATH];
+    memset(dllpath, 0, MAX_PATH * 2);
     swprintf_s(dllpath, MAX_PATH, L"%ws%ws%ws", workPath, L"\\", dllname);
     string name = _com_util::ConvertBSTRToString((BSTR)dllpath);
     if (!isFileExists_stat(name)) {
         MessageBoxA(NULL, name.c_str(), "文件不存在", MB_ICONWARNING);
-        return;
+        return 0;
+    }
+    HMODULE hd = LoadLibrary(dllpath);
+    if (!hd) {
+        return 0;
     }
-    HMODULE hd = LoadLibraryW(dllpath);
-    if (!hd)
-        return;
     DWORD WeChatBase = (DWORD)GetModuleHandleW(dllname);
-
     DWORD SendImageProcAddr = (DWORD)GetProcAddress(hd, SendImageRemote);
     SendImageOffset = SendImageProcAddr - WeChatBase;
     DWORD SendTextProcAddr = (DWORD)GetProcAddress(hd, SendTextRemote);
@@ -155,9 +159,15 @@ void GetProcOffset(wchar_t* workPath) {
     DWORD BackupSQLiteDBRemoteAddr = (DWORD)GetProcAddress(hd, BackupSQLiteDBRemote);
     BackupSQLiteDBRemoteOffset = BackupSQLiteDBRemoteAddr - WeChatBase;
 
+    DWORD AddFriendByWxidRemoteAddr = (DWORD)GetProcAddress(hd, AddFriendByWxidRemote);
+    AddFriendByWxidRemoteOffset = AddFriendByWxidRemoteAddr - WeChatBase;
+    DWORD AddFriendByV3RemoteAddr = (DWORD)GetProcAddress(hd, AddFriendByV3Remote);
+    AddFriendByV3RemoteOffset = AddFriendByV3RemoteAddr - WeChatBase;
+
     FreeLibrary(hd);
     delete[] dllpath;
     dllpath = NULL;
+    return 1;
 }
 
 DWORD GetWeChatPid() {
@@ -179,6 +189,12 @@ DWORD StartRobotService() {
     }
     wstring wworkPath = GetComWorkPath();
     wchar_t* workPath = (wchar_t*)wworkPath.c_str();
+    if (!GetProcOffset(workPath)) {
+        wchar_t info[200] = { 0 };
+        swprintf_s(info, 200, L"COM无法加载位于%ws的%ws!", workPath, dllname);
+        MessageBox(NULL, info, L"致命错误!", MB_ICONWARNING);
+        return 1;
+    };
     if(!hProcess)
         hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, wxPid);
     bool status = Injert(wxPid, workPath);
@@ -186,20 +202,20 @@ DWORD StartRobotService() {
         CloseHandle(hProcess);
         return status;
     }
-    GetProcOffset(workPath);
     return status;
 }
 
 DWORD StopRobotService() {
     DWORD cpid = GetCurrentProcessId();
-    if (!hProcess)
-        return cpid;
     DWORD wxPid = GetWeChatPid();
-    CheckFriendStatusFinish();
-    StopReceiveMessage();
+    if (!wxPid)
+        return cpid;
+    if (!hProcess)
+        hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, wxPid);
     RemoveDll(wxPid);
     ZeroMemory((wchar_t*)SelfInfoString.c_str(), SelfInfoString.length() * 2 + 2);
     CloseHandle(hProcess);
+    StopReceiveMessage();
     return cpid;
 }
 

CWeChatRobot/robotdata.h

@@ -16,6 +16,7 @@
 #include "DbExecuteSql.h"
 #include "DbBackup.h"
 #include "VerifyFriendApply.h"
+#include "AddFriend.h"
 
 extern HANDLE hProcess;
 extern DWORD SendImageOffset;
@@ -53,6 +54,9 @@ extern DWORD GetDbHandlesRemoteOffset;
 extern DWORD ExecuteSQLRemoteOffset;
 extern DWORD BackupSQLiteDBRemoteOffset;
 
+extern DWORD AddFriendByWxidRemoteOffset;
+extern DWORD AddFriendByV3RemoteOffset;
+
 
 #define dllname L"DWeChatRobot.dll"
 
@@ -88,4 +92,7 @@ extern DWORD BackupSQLiteDBRemoteOffset;
 
 #define GetDbHandlesRemote "GetDbHandlesRemote"
 #define ExecuteSQLRemote "ExecuteSQLRemote"
-#define BackupSQLiteDBRemote "BackupSQLiteDBRemote"
\ No newline at end of file
+#define BackupSQLiteDBRemote "BackupSQLiteDBRemote"
+
+#define AddFriendByWxidRemote "AddFriendByWxidRemote"
+#define AddFriendByV3Remote "AddFriendByV3Remote"
\ No newline at end of file

DWeChatRobot/ReceiveMessage.cpp

@@ -3,9 +3,14 @@
 
 // 接收消息的HOOK地址偏移
 #define ReceiveMessageHookOffset 0x547C0F4C - 0x54270000
-// HOOK的CALL偏移
+// 接收消息HOOK的CALL偏移
 #define ReceiveMessageNextCallOffset 0x54D04E60 - 0x54270000
 
+// 发送消息的HOOK地址偏移
+#define SendMessageHookOffset 0x102C8E32 - 0x0FDE0000
+// 发送消息HOOK的CALL偏移
+#define SendMessageNextCallOffset 0x101E8170 - 0x0FDE0000
+
 /*
 * 保存单条信息的结构
 * messagetype：消息类型
@@ -16,6 +21,7 @@
 */
 struct messageStruct {
 	DWORD messagetype;
+	BOOL isSendMessage;
 	wchar_t* sender;
 	DWORD l_sender;
 	wchar_t* wxid;
@@ -24,6 +30,8 @@ struct messageStruct {
 	DWORD l_message;
 	wchar_t* filepath;
 	DWORD l_filepath;
+	wchar_t* time;
+	DWORD l_time;
 };
 
 // 保存多条信息的动态数组
@@ -33,12 +41,19 @@ vector<messageStruct> messageVector;
 BOOL ReceiveMessageHooked = false;
 // 保存HOOK前的字节码，用于恢复
 char OldReceiveMessageAsmCode[5] = { 0 };
+char OldSendMessageAsmCode[5] = { 0 };
 // 接收消息HOOK地址
 DWORD ReceiveMessageHookAddress = GetWeChatWinBase() + ReceiveMessageHookOffset;
-// HOOK的CALL地址
+// 接收消息HOOK的CALL地址
 DWORD ReceiveMessageNextCall = GetWeChatWinBase() + ReceiveMessageNextCallOffset;
-// HOOK的跳转地址
-DWORD JmpBackAddress = ReceiveMessageHookAddress + 0x5;
+// 接收HOOK的跳转地址
+DWORD ReceiveMessageJmpBackAddress = ReceiveMessageHookAddress + 0x5;
+// 发送消息HOOK地址
+DWORD SendMessageHookAddress = GetWeChatWinBase() + SendMessageHookOffset;
+// 发送消息HOOK的CALL地址
+DWORD SendMessageNextCall = GetWeChatWinBase() + SendMessageNextCallOffset;
+// 发送HOOK的跳转地址
+DWORD SendMessageJmpBackAddress = SendMessageHookAddress + 0x5;
 
 /*
 * 消息处理函数，根据消息缓冲区组装结构并存入容器
@@ -46,8 +61,13 @@ DWORD JmpBackAddress = ReceiveMessageHookAddress + 0x5;
 * return：void
 */
 VOID ReceiveMessage(DWORD messageAddr) {
-	// 此处用于区别是发送的还是接收的消息，发送的消息会被过滤
+	// 此处用于区别是发送的还是接收的消息
+	BOOL isSendMessage = *(BOOL*)(messageAddr + 0x3C);
+
 	messageStruct message = { 0 };
+	message.isSendMessage = isSendMessage;
+	message.time = GetTimeW();
+	message.l_time = wcslen(message.time);
 	message.messagetype = *(DWORD*)(messageAddr + 0x38);
 	
 	DWORD length = *(DWORD*)(messageAddr + 0x48 + 0x4);
@@ -81,6 +101,9 @@ VOID ReceiveMessage(DWORD messageAddr) {
 	ZeroMemory(message.filepath, (length + 1) * 2);
 	memcpy(message.filepath, (wchar_t*)(*(DWORD*)(messageAddr + 0x1AC)), length * 2);
 	message.l_filepath = length;
+#ifdef _DEBUG
+	wcout << message.time << endl;
+#endif
 
 	messageVector.push_back(message);
 }
@@ -110,6 +133,8 @@ VOID PopHeadMessage() {
 	messageVector[0].wxid = NULL;
 	delete[] messageVector[0].filepath;
 	messageVector[0].filepath = NULL;
+	delete[] messageVector[0].time;
+	messageVector[0].time = NULL;
 	vector<messageStruct>::iterator k = messageVector.begin();
 	messageVector.erase(k);
 }
@@ -128,7 +153,24 @@ _declspec(naked) void dealReceiveMessage() {
 		popfd;
 		popad;
 		call ReceiveMessageNextCall;
-		jmp JmpBackAddress;
+		jmp ReceiveMessageJmpBackAddress;
+	}
+}
+
+/*
+* HOOK的具体实现，发送消息后调用处理函数
+*/
+_declspec(naked) void dealSendMessage() {
+	__asm {
+		pushad;
+		pushfd;
+		push edi;
+		call ReceiveMessage;
+		add esp, 0x4;
+		popfd;
+		popad;
+		call SendMessageNextCall;
+		jmp SendMessageJmpBackAddress;
 	}
 }
 
@@ -140,6 +182,7 @@ VOID HookReceiveMessage() {
 	if (ReceiveMessageHooked)
 		return;
 	HookAnyAddress(ReceiveMessageHookAddress,(LPVOID)dealReceiveMessage,OldReceiveMessageAsmCode);
+	HookAnyAddress(SendMessageHookAddress, (LPVOID)dealSendMessage, OldSendMessageAsmCode);
 	ReceiveMessageHooked = TRUE;
 }
 
@@ -151,5 +194,6 @@ VOID UnHookReceiveMessage() {
 	if (!ReceiveMessageHooked)
 		return;
 	UnHookAnyAddress(ReceiveMessageHookAddress,OldReceiveMessageAsmCode);
+	UnHookAnyAddress(SendMessageHookAddress, OldSendMessageAsmCode);
 	ReceiveMessageHooked = FALSE;
 }
\ No newline at end of file

DWeChatRobot/dllmain.cpp

@@ -13,7 +13,6 @@ BOOL APIENTRY DllMain( HMODULE hModule,
 #ifdef _DEBUG
         PrintProcAddr();
 #endif
-        SearchContactByNet((wchar_t*)L"ljc545w");
         break;
     }
     case DLL_THREAD_ATTACH:

DWeChatRobot/pch.cpp

@@ -138,6 +138,21 @@ wstring wreplace(wstring source, wchar_t replaced, wstring replaceto) {
     return temp;
 }
 
+/*
+* 获取当前时间
+*/
+wchar_t* GetTimeW() {
+    wchar_t* wstr = new wchar_t[20];
+    memset(wstr, 0, 20 * 2);
+    time_t cTime = time(NULL);
+    tm tm_out;
+    localtime_s(&tm_out, &cTime);
+    swprintf_s(wstr,20, L"%04d-%02d-%02d %02d:%02d:%02d",
+        1900 + tm_out.tm_year, tm_out.tm_mon + 1, tm_out.tm_mday,
+        tm_out.tm_hour, tm_out.tm_min, tm_out.tm_sec);
+    return wstr;
+}
+
 void PrintProcAddr() {
     CreateConsole();
     printf("SendImage 0x%08X\n", (DWORD)SendImage);

DWeChatRobot/pch.h

@@ -83,3 +83,4 @@ void UnHookAnyAddress(DWORD dwHookAddr, char* originalRecieveCode);
 DLLEXPORT void UnHookAll();
 wstring wreplace(wstring source, wchar_t replaced, wstring replaceto);
 void PrintProcAddr();
+wchar_t* GetTimeW();

Python/test.py

@@ -9,25 +9,13 @@ from wxRobot import WeChatRobot
 
 # 一个示例回调，将收到的文本消息转发给filehelper
 def ReceiveMessageCallBack(robot,message):
-    if message['type'] == 1 and message['sender'] != 'filehelper':
+    chatwith = message.get('sendto') or message.get('from')
+    if message['type'] == 1 and not message['isSendMessage'] and chatwith != 'filehelper':
         robot.robot.CSendText('filehelper',message['message'])
-    wxSender = robot.GetWxUserInfo(message['sender'])
-    sender = wxSender['wxNickName'] if wxSender['wxNickName'] != 'null' else message['sender']
-    if '@chatroom' in message['sender']:
-        wxUser = robot.GetWxUserInfo(message['wxid'])
-        print("来自 {} {},type {}".format(sender,wxUser['wxNickName'],message['type']))
-    else:
-        print("来自 {},type {}".format(sender,message['type']))
-    if message['type'] == 1:
-        print(message['message'])
-    elif message['type'] == 3:
-        print(message['message'])
-        print(message['filepath'])
-    elif message['type'] == 49:
-        print(message['message'])
-        if not message['filepath']: print(message['filepath'])
-    else:
-        print(message['message'])
+    chatwith = message.get('sendto') or message.get('from')
+    wxSender = robot.GetWxUserInfo(chatwith)
+    sender = wxSender['wxNickName'] if wxSender['wxNickName'] != 'null' else chatwith
+    print("来自 {}\n".format(sender),message)
     
 def test_SendText():
     import os
@@ -74,13 +62,14 @@ def test_FriendStatus():
 def test_ReceiveMessage():
     wx = WeChatRobot()
     wx.StartService()
+    wx.robot.CStartReceiveMessage()
     wx.StartReceiveMessage(CallBackFunc = ReceiveMessageCallBack)
     try:
         while True:
             time.sleep(1)
     except KeyboardInterrupt:
         pass
-    wx.StopService(wx)
+    wx.StopService()
     
 def test_ExecuteSQL():
     wx = WeChatRobot()

Python/wxRobot.py

@@ -232,4 +232,18 @@ class WeChatRobot():
         return status
         
     def VerifyFriendApply(self,v3,v4):
-        return self.robot.CVerifyFriendApply(v3,v4)
\ No newline at end of file
+        return self.robot.CVerifyFriendApply(v3,v4)
+    
+    def AddFriendByWxid(self,wxid,message):
+        return self.robot.CAddFriendByWxid(wxid,message)
+    
+    def AddFriendByV3(self,v3,message,AddType):
+        """
+        v3 : str
+            要添加的人的V3数据.
+        message : str
+            附加信息.
+        AddType : int
+            手机号: 0xF;微信号: 0x3;QQ号: 0x1;朋友验证消息: 0x6.
+        """
+        return self.robot.CAddFriendByV3(v3,message,AddType)
\ No newline at end of file