From 9f7b1dd2735c3ba0e7d63e0488d8751a37bba00a Mon Sep 17 00:00:00 2001 From: hugy <504650082@qq.com> Date: Thu, 16 Mar 2023 12:02:44 +0800 Subject: [PATCH] =?UTF-8?q?=E6=96=B0=E5=A2=9E=E6=97=A5=E5=BF=97hook?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/api.cc | 7 +++++ src/hook_log.cc | 78 +++++++++++++++++++++++++++++++++++++++++++++++++ src/hook_log.h | 8 +++++ 3 files changed, 93 insertions(+) create mode 100644 src/hook_log.cc create mode 100644 src/hook_log.h diff --git a/src/api.cc b/src/api.cc index 4183138..97a8a0a 100644 --- a/src/api.cc +++ b/src/api.cc @@ -24,6 +24,7 @@ #include "sns.h" #include "search_contact.h" #include "download.h" +#include "hook_log.h" #pragma comment(lib, "ws2_32.lib") using namespace std; @@ -486,9 +487,15 @@ void api_handle(mg_http_message *hm, struct mg_connection *c, string &ret) { break; } case WECHAT_LOG_START_HOOK: { + int success = HookLog(); + json ret_data = {{"code", success}, {"result", "OK"}}; + ret = ret_data.dump(); break; } case WECHAT_LOG_STOP_HOOK: { + int success = UnHookLog(); + json ret_data = {{"code", success}, {"result", "OK"}}; + ret = ret_data.dump(); break; } case WECHAT_BROWSER_OPEN_WITH_URL: { diff --git a/src/hook_log.cc b/src/hook_log.cc new file mode 100644 index 0000000..bffe7b0 --- /dev/null +++ b/src/hook_log.cc @@ -0,0 +1,78 @@ +#include "pch.h" +#include "hook_log.h" + +#include "common.h" + +using namespace std; + +#define WX_HOOK_LOG_OFFSET 0xed1675 +#define WX_HOOK_LOG_NEXT_OFFSET 0x2344832 + +static int kLogHooked = FALSE; +static DWORD kWeChatWinBase = GetWeChatWinBase(); +static char kOriginLogAsmCode[5] = {0}; + +static DWORD kHookLogAddress = kWeChatWinBase + WX_HOOK_LOG_OFFSET; +static DWORD kHookLogNextAddress = kWeChatWinBase + WX_HOOK_LOG_NEXT_OFFSET; +static DWORD kHookLogJmpBackAddress = kWeChatWinBase + WX_HOOK_LOG_OFFSET + 0x5; + +void log_print(DWORD addr) { + if (!addr) { + return; + } + DWORD dwId = 0; + char *msg = (char *)addr; + int size = MultiByteToWideChar(CP_UTF8, 0, msg, -1, 0, 0); + wchar_t *w_msg = new wchar_t[size + 1]; + memset(w_msg, 0, (size + 1) * 2); + MultiByteToWideChar(CP_UTF8, 0, msg, -1, w_msg, size); + size = WideCharToMultiByte(CP_ACP, 0, w_msg, -1, 0, 0, 0, 0); + char *ansi_message = new char[size + 1]; + memset(ansi_message, 0, size + 1); + WideCharToMultiByte(CP_ACP, 0, w_msg, -1, ansi_message, size, 0, 0); + delete[] w_msg; + w_msg = NULL; + cout << ansi_message; + delete[] ansi_message; + ansi_message = NULL; +} + +_declspec(naked) void handle_log() { + __asm { + PUSHAD + PUSHFD + PUSH EAX + CALL log_print + ADD ESP, 0x4 + POPFD + POPAD + CALL kHookLogNextAddress + JMP kHookLogJmpBackAddress + } +} + +int HookLog() { + kWeChatWinBase = GetWeChatWinBase(); + if (!kWeChatWinBase) { + return -1; + } + if (kLogHooked) { + return 2; + } + kHookLogAddress = kWeChatWinBase + WX_HOOK_LOG_OFFSET; + kHookLogNextAddress = kWeChatWinBase + WX_HOOK_LOG_NEXT_OFFSET; + kHookLogJmpBackAddress = kHookLogAddress + 0x5; + HookAnyAddress(kHookLogAddress, (LPVOID)handle_log, kOriginLogAsmCode); + kLogHooked = TRUE; + return 1; +} + +int UnHookLog() { + if (!kLogHooked) { + return 1; + } + DWORD hook_img_addr = kWeChatWinBase + WX_HOOK_LOG_OFFSET; + UnHookAnyAddress(hook_img_addr, kOriginLogAsmCode); + kLogHooked = FALSE; + return 1; +} \ No newline at end of file diff --git a/src/hook_log.h b/src/hook_log.h new file mode 100644 index 0000000..5dcad93 --- /dev/null +++ b/src/hook_log.h @@ -0,0 +1,8 @@ +#ifndef HOOK_LOG_H_ +#define HOOK_LOG_H_ +#include "windows.h" + +int HookLog(); +int UnHookLog(); + +#endif \ No newline at end of file