mirror of
https://github.com/ttttupup/wxhelper.git
synced 2024-11-25 03:39:24 +08:00
hook语音
This commit is contained in:
parent
67949e16fc
commit
19d146db99
178
README.md
178
README.md
@ -1,109 +1,3 @@
|
|||||||
# wxhelper
|
|
||||||
wechat hook 。PC端微信逆向学习。支持3.8.0.41,3.8.1.26,3.9.0.28版本。
|
|
||||||
#### 免责声明:
|
|
||||||
本仓库发布的内容,仅用于学习研究,请勿用于非法用途和商业用途!如因此产生任何法律纠纷,均与作者无关!
|
|
||||||
|
|
||||||
#### 项目说明:
|
|
||||||
本项目是个人学习学习逆向的项目,主要参考 https://github.com/ljc545w/ComWeChatRobot ,在此基础上实现了微信的的其它版本的部分内容。
|
|
||||||
|
|
||||||
#### 使用说明:
|
|
||||||
支持的版本3.8.0.41,3.8.1.26, 3.9.0.28。
|
|
||||||
src:主要的dll代码
|
|
||||||
tool:简单的注入工具,一个是控制台,一个是图形界面。
|
|
||||||
python: 简单的服务器,用以接收hook的消息内容。
|
|
||||||
|
|
||||||
|
|
||||||
0.首先安装对应的微信版本,主分支是3.8.0.41版本,分支对应相应的微信版本号.
|
|
||||||
1.通过cmake构建成功后,将wxhelper.dll注入到微信,本地启动tcp server,监听19088端口。
|
|
||||||
2.通过http协议与dll通信,方便客户端操作。
|
|
||||||
3.接口的url为http://127.0.0.1:19088,注入成功后,直接进行调用即可。
|
|
||||||
4.特别注意数据库查询接口需要先调用获取到句柄之后,才能进行查询。
|
|
||||||
5.相关功能只在win11环境下进行简单测试,其他环境无法保证。
|
|
||||||
6.注意个别接口在3.8.0.41版本没有实现,具体参考源码。
|
|
||||||
7.对应分支接口文档都是支持指定版本的,其他版本不支持,请特别注意版本。
|
|
||||||
8.相应分支的文档对应相应版本,带有删除线的接口表示该版本的暂未实现,其他版本有实现。后续会继续实现。
|
|
||||||
|
|
||||||
|
|
||||||
#### 编译环境
|
|
||||||
|
|
||||||
Visual Studio 2022(x86)
|
|
||||||
|
|
||||||
Visual Studio code
|
|
||||||
|
|
||||||
cmake
|
|
||||||
|
|
||||||
vcpkg
|
|
||||||
#### 构建步骤
|
|
||||||
以下是在vscode中操作,vs中的操作类似。
|
|
||||||
1.安装vcpkg,cmake,vscode
|
|
||||||
|
|
||||||
2.安装相应的库,如果安装的版本不同,则根据vcpkg安装成功后提示的find_package修改CMakeLists.txt内容即可。或者自己编译。
|
|
||||||
```
|
|
||||||
vcpkg install mongoose
|
|
||||||
vcpkg install nlohmann-json
|
|
||||||
```
|
|
||||||
3.vscode 配置CMakePresets.json,主要设置CMAKE_C_COMPILER 和CMAKE_CXX_COMPILER 为cl.exe.参考如下
|
|
||||||
```
|
|
||||||
{
|
|
||||||
"name": "x86-release",
|
|
||||||
"displayName": "x86-release",
|
|
||||||
"description": "Sets Ninja generator, build and install directory",
|
|
||||||
"generator": "Ninja",
|
|
||||||
"binaryDir": "${sourceDir}/out/build/${presetName}",
|
|
||||||
"architecture":{
|
|
||||||
"value": "x86",
|
|
||||||
"strategy": "external"
|
|
||||||
},
|
|
||||||
"cacheVariables": {
|
|
||||||
"CMAKE_C_COMPILER": "cl.exe",
|
|
||||||
"CMAKE_CXX_COMPILER": "cl.exe",
|
|
||||||
"CMAKE_BUILD_TYPE": "Release",
|
|
||||||
"CMAKE_INSTALL_PREFIX": "${sourceDir}/out/install/${presetName}",
|
|
||||||
"CMAKE_TOOLCHAIN_FILE": {
|
|
||||||
"value": "C:/soft/vcpkg/scripts/buildsystems/vcpkg.cmake",
|
|
||||||
"type": "FILEPATH"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"environment": {
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
||||||
```
|
|
||||||
4.vscode中右键configure all projects,在Terminal中点击Run Task,如没有先配置build任务,然后运行即可
|
|
||||||
|
|
||||||
5.命令行注入工具,注入命令
|
|
||||||
``` javascript
|
|
||||||
//-i 注入程序名 -p 注入dll路径
|
|
||||||
// -u 卸载程序名 -d 卸载dll名称
|
|
||||||
//注入
|
|
||||||
ConsoleInject.exe -i demo.exe -p E:\testInject.dll
|
|
||||||
//卸载
|
|
||||||
ConsoleInject.exe -u demo.exe -d testInject.dll
|
|
||||||
```
|
|
||||||
|
|
||||||
#### 更新说明
|
|
||||||
2022-12-26 : 增加3.8.1.26版本支持。
|
|
||||||
|
|
||||||
2022-12-29 : 新增提取文字功能。
|
|
||||||
|
|
||||||
2023-01-02 : 退出微信登录。
|
|
||||||
|
|
||||||
2023-01-31 : 新增修改群昵称(仅支持3.8.1.26)。
|
|
||||||
|
|
||||||
2023-02-01 : 新增拍一拍(仅支持3.8.1.26)。
|
|
||||||
|
|
||||||
2023-02-04 : 新增群消息置顶和取消置顶。
|
|
||||||
|
|
||||||
2023-02-06 : 新增确认收款。
|
|
||||||
|
|
||||||
2023-02-08 : 新增朋友圈消息。
|
|
||||||
|
|
||||||
2023-02-09 : 新增3.9.0.28版本基础功能。
|
|
||||||
|
|
||||||
2023-02-13 : 新增查询联系人昵称功能。
|
|
||||||
|
|
||||||
2023-02-17 : 新增通过wxid添加好友和查找微信。
|
|
||||||
|
|
||||||
#### 功能预览:
|
#### 功能预览:
|
||||||
0.检查是否登录
|
0.检查是否登录
|
||||||
@ -115,6 +9,8 @@ vcpkg
|
|||||||
10.取消hook消息
|
10.取消hook消息
|
||||||
11.hook图片
|
11.hook图片
|
||||||
12.取消hook图片
|
12.取消hook图片
|
||||||
|
13.hook语音
|
||||||
|
14.取消hook语音
|
||||||
17.删除好友
|
17.删除好友
|
||||||
19.通过手机或qq查找微信
|
19.通过手机或qq查找微信
|
||||||
20.通过wxid添加好友
|
20.通过wxid添加好友
|
||||||
@ -517,6 +413,76 @@ vcpkg
|
|||||||
{"code":1,"result":"OK"}
|
{"code":1,"result":"OK"}
|
||||||
```
|
```
|
||||||
|
|
||||||
|
#### 13.hook语音**
|
||||||
|
###### 接口功能
|
||||||
|
> hook语音
|
||||||
|
|
||||||
|
###### 接口地址
|
||||||
|
> [/api/?type=13](/api/?type=13)
|
||||||
|
|
||||||
|
###### HTTP请求方式
|
||||||
|
> POST JSON
|
||||||
|
|
||||||
|
###### 请求参数
|
||||||
|
|参数|必选|类型|说明|
|
||||||
|
|---|---|---|---|
|
||||||
|
|voiceDir |true |string| 语音保存的目录 |
|
||||||
|
|
||||||
|
|
||||||
|
###### 返回字段
|
||||||
|
|返回字段|字段类型|说明 |
|
||||||
|
|---|---|---|
|
||||||
|
|code|int|返回状态,1成功, 0失败|
|
||||||
|
|result|string|成功提示|
|
||||||
|
|
||||||
|
|
||||||
|
###### 接口示例
|
||||||
|
入参:
|
||||||
|
``` javascript
|
||||||
|
{
|
||||||
|
"voiceDir":"C:\\other"
|
||||||
|
}
|
||||||
|
```
|
||||||
|
响应:
|
||||||
|
``` javascript
|
||||||
|
{"code":1,"result":"OK"}
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
|
#### 14.取消hook语音**
|
||||||
|
###### 接口功能
|
||||||
|
> 取消hook语音
|
||||||
|
|
||||||
|
###### 接口地址
|
||||||
|
> [/api/?type=14](/api/?type=14)
|
||||||
|
|
||||||
|
###### HTTP请求方式
|
||||||
|
> POST JSON
|
||||||
|
|
||||||
|
###### 请求参数
|
||||||
|
|参数|必选|类型|说明|
|
||||||
|
|---|---|---|---|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
###### 返回字段
|
||||||
|
|返回字段|字段类型|说明 |
|
||||||
|
|---|---|---|
|
||||||
|
|code|int|返回状态,1成功, 0失败|
|
||||||
|
|result|string|成功提示|
|
||||||
|
|
||||||
|
|
||||||
|
###### 接口示例
|
||||||
|
入参:
|
||||||
|
``` javascript
|
||||||
|
|
||||||
|
```
|
||||||
|
响应:
|
||||||
|
``` javascript
|
||||||
|
{"code":1,"result":"OK"}
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
#### 17.删除好友**
|
#### 17.删除好友**
|
||||||
###### 接口功能
|
###### 接口功能
|
||||||
> 删除好友,该接口不够完善,删除后,只会在通讯录里删除,如果点击聊天记录,又会重新加回来,删除的不彻底。
|
> 删除好友,该接口不够完善,删除后,只会在通讯录里删除,如果点击聊天记录,又会重新加回来,删除的不彻底。
|
||||||
|
@ -25,6 +25,7 @@
|
|||||||
#include "search_contact.h"
|
#include "search_contact.h"
|
||||||
#include "download.h"
|
#include "download.h"
|
||||||
#include "hook_log.h"
|
#include "hook_log.h"
|
||||||
|
#include "hook_voice.h"
|
||||||
|
|
||||||
#pragma comment(lib, "ws2_32.lib")
|
#pragma comment(lib, "ws2_32.lib")
|
||||||
using namespace std;
|
using namespace std;
|
||||||
@ -310,9 +311,16 @@ void api_handle(mg_http_message *hm, struct mg_connection *c, string &ret) {
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case WECHAT_MSG_START_VOICE_HOOK: {
|
case WECHAT_MSG_START_VOICE_HOOK: {
|
||||||
|
wstring voice_dir = get_http_req_param(hm, j_param, "voiceDir", is_post);
|
||||||
|
int success = HookVoice(voice_dir);
|
||||||
|
json ret_data = {{"code", success}, {"result", "OK"}};
|
||||||
|
ret = ret_data.dump();
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case WECHAT_MSG_STOP_VOICE_HOOK: {
|
case WECHAT_MSG_STOP_VOICE_HOOK: {
|
||||||
|
int success = UnHookVoice();
|
||||||
|
json ret_data = {{"code", success}, {"result", "OK"}};
|
||||||
|
ret = ret_data.dump();
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case WECHAT_CONTACT_GET_LIST: {
|
case WECHAT_CONTACT_GET_LIST: {
|
||||||
|
88
src/hook_voice.cc
Normal file
88
src/hook_voice.cc
Normal file
@ -0,0 +1,88 @@
|
|||||||
|
#include "pch.h"
|
||||||
|
#include "hook_voice.h"
|
||||||
|
|
||||||
|
#include "common.h"
|
||||||
|
|
||||||
|
using namespace std;
|
||||||
|
|
||||||
|
#define WX_HOOK_VOICE_OFFSET 0xccd561
|
||||||
|
#define WX_HOOK_VOICE_NEXT_OFFSET 0x1f74560
|
||||||
|
#define WX_SELF_ID_OFFSET 0x2E2CD3C
|
||||||
|
|
||||||
|
static wstring kVoiceStorePath = L"";
|
||||||
|
static int kVoiceHooked = FALSE;
|
||||||
|
static DWORD kWeChatWinBase = GetWeChatWinBase();
|
||||||
|
static char kOriginVoiceAsmCode[5] = {0};
|
||||||
|
|
||||||
|
static DWORD kHookVoiceNextAddress = kWeChatWinBase + WX_HOOK_VOICE_NEXT_OFFSET;
|
||||||
|
static DWORD kHookVoiceJmpBackAddress =
|
||||||
|
kWeChatWinBase + WX_HOOK_VOICE_OFFSET + 0x5;
|
||||||
|
|
||||||
|
void OnHookVoice(DWORD buff,int len , DWORD msg_addr) {
|
||||||
|
DWORD wxid_addr = GetWeChatWinBase() + WX_SELF_ID_OFFSET;
|
||||||
|
string wxid = string(*(char **)wxid_addr, *(DWORD *)(wxid_addr + 0x10));
|
||||||
|
wstring self_id = utf8_to_unicode(wxid.c_str());
|
||||||
|
wstring save_path = kVoiceStorePath + self_id;
|
||||||
|
if (!FindOrCreateDirectoryW(save_path.c_str())) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
unsigned long long msgid = *(unsigned long long *)(msg_addr + 0x30);
|
||||||
|
save_path = save_path + L"\\" + to_wstring(msgid) + L".amr";
|
||||||
|
HANDLE file_handle = CreateFileW(save_path.c_str(), GENERIC_ALL, 0, NULL,
|
||||||
|
CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
|
||||||
|
if (file_handle == INVALID_HANDLE_VALUE) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
DWORD bytes_write = 0;
|
||||||
|
WriteFile(file_handle, (LPCVOID)buff, len, &bytes_write, 0);
|
||||||
|
CloseHandle(file_handle);
|
||||||
|
}
|
||||||
|
|
||||||
|
/// @brief hook voice implement
|
||||||
|
_declspec(naked) void handle_voice() {
|
||||||
|
__asm {
|
||||||
|
PUSHAD
|
||||||
|
PUSHFD
|
||||||
|
PUSH EDI
|
||||||
|
PUSH EDX
|
||||||
|
PUSH EAX
|
||||||
|
CALL OnHookVoice
|
||||||
|
ADD ESP, 0xC
|
||||||
|
POPFD
|
||||||
|
POPAD
|
||||||
|
CALL kHookVoiceNextAddress
|
||||||
|
JMP kHookVoiceJmpBackAddress
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
int HookVoice(std::wstring save_path) {
|
||||||
|
kWeChatWinBase = GetWeChatWinBase();
|
||||||
|
if (!kWeChatWinBase) {
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
if (kVoiceHooked) {
|
||||||
|
return 2;
|
||||||
|
}
|
||||||
|
kVoiceStorePath = save_path;
|
||||||
|
if (kVoiceStorePath.back() != '\\') {
|
||||||
|
kVoiceStorePath += L"\\";
|
||||||
|
}
|
||||||
|
wstring createpath = kVoiceStorePath.substr(0, kVoiceStorePath.length() - 1);
|
||||||
|
if (!FindOrCreateDirectoryW(createpath.c_str())) {
|
||||||
|
return -2;
|
||||||
|
}
|
||||||
|
DWORD hook_voice_addr = kWeChatWinBase + WX_HOOK_VOICE_OFFSET;
|
||||||
|
kHookVoiceNextAddress = kWeChatWinBase + WX_HOOK_VOICE_NEXT_OFFSET;
|
||||||
|
static DWORD kHookVoiceJmpBackAddress = hook_voice_addr + 0x5;
|
||||||
|
HookAnyAddress(hook_voice_addr, (LPVOID)handle_voice, kOriginVoiceAsmCode);
|
||||||
|
kVoiceHooked = TRUE;
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
int UnHookVoice() {
|
||||||
|
if (!kVoiceHooked) return 1;
|
||||||
|
DWORD hook_voice_addr = kWeChatWinBase + WX_HOOK_VOICE_OFFSET;
|
||||||
|
UnHookAnyAddress(hook_voice_addr, kOriginVoiceAsmCode);
|
||||||
|
kVoiceHooked = FALSE;
|
||||||
|
return 1;
|
||||||
|
}
|
8
src/hook_voice.h
Normal file
8
src/hook_voice.h
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
#ifndef HOOK_VOICE_H_
|
||||||
|
#define HOOK_VOICE_H_
|
||||||
|
#include <string>
|
||||||
|
|
||||||
|
int HookVoice(std::wstring save_path);
|
||||||
|
|
||||||
|
int UnHookVoice();
|
||||||
|
#endif
|
Loading…
Reference in New Issue
Block a user