支持3.8.1.26版本

2024-11-05 09:59:23 +08:00 · 2022-12-26 16:44:14 +08:00 · 2022-12-26 16:44:14 +08:00 · e62a37b354
commit e62a37b354
parent 7ced06fd6f
13 changed files with 97 additions and 88 deletions
--- a/.gitignore
+++ b/.gitignore
@ -30,3 +30,5 @@
 #*.exe
 *.out
 *.app
+/out
+CMakePresets.json
--- a/README.md
+++ b/README.md
@ -1,18 +1,19 @@
 # wxhelper
-wechat hook .
+wechat hook 。PC端微信逆向学习。支持3.8.0.41，3.8.1.26版本。
 #### 免责声明:
 本仓库发布的内容，仅用于学习研究，请勿用于非法用途和商业用途！如因此产生任何法律纠纷，均与作者无关！

 #### 项目说明：
-本项目是个人学习学习逆向的项目，主要参考https://github.com/ttttupup/ComWeChatRobot，在此基础上实现了wechat 3.8.0.41的版本的部分内容。
+本项目是个人学习学习逆向的项目，主要参考https://github.com/ttttupup/ComWeChatRobot，在此基础上实现了微信的的其它版本的部分内容。

 #### 使用说明：
-支持的版本3.8.0.41，目前是最新版本。
+支持的版本3.8.0.41，3.8.1.26。
 src:主要的dll代码
 tool：简单的注入工具，一个是控制台，一个是图形界面。
 python: 简单的服务器，用以接收消息内容。
 release：编译好的dll。

+0.首先安装对应的微信版本，主分支是3.8.0.41版本，3.8.1.26分支对应3.8.1.26版本。
 1.通过cmake构建成功后，将wxhelper.dll注入到微信，本地启动tcp server，监听19088端口。
 2.通过http协议与dll通信，方便客户端操作。
 3.接口的url为http://127.0.0.1:19088，注入成功后，直接进行调用即可。
@ -21,11 +22,19 @@ release：编译好的dll。

 #### 编译环境

-Visual Studio 2022(x86)
-Visual Studio code 
-cmake
+Visual Studio 2022(x86)  
+
+Visual Studio code   
+
+cmake  
+
 vcpkg

+
+#### 更新说明
+2022-12-26 ： 增加3.8.1.26版本支持。
+
+
 ### 接口文档：

 #### 0.检查微信登录**
@ -683,6 +692,8 @@ vcpkg


 #### 感谢
-https://github.com/ljc545w/ComWeChatRobot
-https://github.com/NationalSecurityAgency/ghidra
-https://github.com/x64dbg/x64dbg
+https://github.com/ljc545w/ComWeChatRobot  
+
+https://github.com/NationalSecurityAgency/ghidra  
+
+https://github.com/x64dbg/x64dbg  
--- a/src/chat_room.cc
+++ b/src/chat_room.cc
@ -4,17 +4,17 @@
 #include "common.h"

 #include "wechat_data.h"
-#define WX_CHAT_ROOM_MGR_OFFSET 0x686e40
-#define WX_GET_CHAT_ROOM_DETAIL_INFO_OFFSET 0xa70920
-#define WX_NEW_CHAT_ROOM_INFO_OFFSET 0xd03ec0
-#define WX_FREE_CHAT_ROOM_INFO_OFFSET 0x7226e0
-#define WX_DEL_CHAT_ROOM_MEMBER_OFFSET 0xa668f0
-#define WX_INIT_CHAT_MSG_OFFSET 0xdbcc40
-#define WX_FREE_CHAT_MSG_OFFSET 0x651c40
-#define WX_ADD_MEMBER_TO_CHAT_ROOM_OFFSET 0xa66400
-#define WX_GET_MEMBER_FROM_CHAT_ROOM_OFFSET 0xa71650
-#define WX_INIT_CHAT_ROOM_OFFSET 0xd01c30
-#define WX_FREE_CHAT_ROOM_OFFSET 0xa79310
+#define WX_CHAT_ROOM_MGR_OFFSET 0x67ee70
+#define WX_GET_CHAT_ROOM_DETAIL_INFO_OFFSET 0xa73a80
+#define WX_NEW_CHAT_ROOM_INFO_OFFSET 0xd07010
+#define WX_FREE_CHAT_ROOM_INFO_OFFSET 0xd072f0
+#define WX_DEL_CHAT_ROOM_MEMBER_OFFSET 0xa69a50
+#define WX_INIT_CHAT_MSG_OFFSET 0xdbf380
+#define WX_FREE_CHAT_MSG_OFFSET 0x649ac0
+#define WX_ADD_MEMBER_TO_CHAT_ROOM_OFFSET 0xa69560
+#define WX_GET_MEMBER_FROM_CHAT_ROOM_OFFSET 0xa749b0
+#define WX_INIT_CHAT_ROOM_OFFSET 0xd04d80
+#define WX_FREE_CHAT_ROOM_OFFSET 0xa7c620

 int GetChatRoomDetailInfo(wchar_t* chat_room_id, ChatRoomInfoInner& room_info) {
  int success = 0;
@ -24,7 +24,7 @@ int GetChatRoomDetailInfo(wchar_t* chat_room_id, ChatRoomInfoInner& room_info) {
  DWORD get_chat_room_detail_addr = base + WX_GET_CHAT_ROOM_DETAIL_INFO_OFFSET;
  DWORD create_chat_room_info_addr = base + WX_NEW_CHAT_ROOM_INFO_OFFSET;
  DWORD free_chat_room_info_addr = base + WX_FREE_CHAT_ROOM_INFO_OFFSET;
-  char chat_room_info[0xA4] = {0};
+  char chat_room_info[0xDC] = {0};
  __asm {
         PUSHAD
         LEA        ECX,chat_room_info
@ -144,7 +144,7 @@ int GetMemberFromChatRoom(wchar_t* chat_room_id,ChatRoomInner & out){
  int success = 0;
   WeChatString chat_room(chat_room_id);
   DWORD chat_room_ptr = (DWORD) &chat_room;
-  char buffer[0x1A0] = {0};
+  char buffer[0x1D4] = {0};
  DWORD base = GetWeChatWinBase();
  DWORD get_member_addr =  base + WX_GET_MEMBER_FROM_CHAT_ROOM_OFFSET;
  DWORD get_chat_room_mgr_addr = base + WX_CHAT_ROOM_MGR_OFFSET;
--- a/src/contact.cc
+++ b/src/contact.cc
@ -4,15 +4,11 @@
 #include "common.h"
 #include "wechat_data.h"

-#define WX_CONTACT_MGR_INSTANCE_OFFSET 0x655d60
-#define WX_CONTACT_GET_LIST_OFFSET 0xa97da0
-#define WX_CONTACT_DEL_OFFSET 0xa9bd10
-#define WX_INIT_CHAT_MSG_OFFSET 0xdbcc40
-#define WX_DB_QUERY_OFFSET 0xa9ba20
-#define WX_SYNC_MGR_OFFSET 0x993fa0
-#define WX_SYNC_MGR_OFFSET 0x993fa0
-#define WX_DO_DEL_CONTACT_OFFSET 0xb9a750
-#define WX_DEL_CONTACT_VTABLE_OFFSET  0x2886990
+#define WX_CONTACT_MGR_INSTANCE_OFFSET 0x64dc30
+#define WX_CONTACT_GET_LIST_OFFSET 0xa9b000
+#define WX_CONTACT_DEL_OFFSET 0xa9ef40
+#define WX_INIT_CHAT_MSG_OFFSET 0xdbf380
+#define WX_DB_QUERY_OFFSET 0xa9ec40
 int GetAllContact(vector<Contact> &vec) {
  DWORD base = GetWeChatWinBase();
  DWORD get_instance = base + WX_CONTACT_MGR_INSTANCE_OFFSET;
@ -66,7 +62,7 @@ int GetAllContact(vector<Contact> &vec) {
   temp.type = *(DWORD *)(start + 0x50);
   temp.verify_flag = *(DWORD *)(start + 0x54);
   vec.push_back(temp);
-   start += 0x3E8;
+   start += 0x438;
    }
    return success;
 }
--- a/src/forward.cc
+++ b/src/forward.cc
@ -4,8 +4,8 @@
 #include "common.h"
 #include "get_db_handle.h"
 #include "wechat_data.h"
-#define WX_FORWARD_MSG_OFFSET 0xb68c80
-#define WX_INIT_CHAT_MSG_OFFSET 0xdbcc40
+#define WX_FORWARD_MSG_OFFSET 0xb6a4e0
+#define WX_INIT_CHAT_MSG_OFFSET 0xdbf380

 int ForwardMsg(wchar_t *wxid, unsigned long long msgid) {
  int success = 0;
@ -27,11 +27,11 @@ int ForwardMsg(wchar_t *wxid, unsigned long long msgid) {
    PUSH       EAX
    SUB        ESP,0x14
    MOV        ECX,ESP
-    LEA        ESI, to_user;
+    LEA        ESI,to_user
    PUSH       ESI
    CALL       init_chat_msg_addr                                
    CALL       forward_msg_addr
-    MOVZX      EAX,AL;
+    MOVZX      EAX,AL
    MOV        success,EAX
    ADD        ESP,0x1c
    POPFD
--- a/src/get_db_handle.cc
+++ b/src/get_db_handle.cc
@ -5,7 +5,7 @@
 #include "new_sqlite3.h"
 #include "pch.h"
 #include "wechat_data.h"
-#define CONTACT_G_PINSTANCE 0x2bee928
+#define CONTACT_G_PINSTANCE 0x2c42e78
 #define DB_MICRO_MSG_OFFSET 0x68
 #define DB_CHAT_MSG_OFFSET 0x1C0
 #define DB_MISC_OFFSET 0x3D8
@ -15,10 +15,10 @@
 #define DB_FUNCTION_MSG_OFFSET 0x11B0
 #define DB_NAME_OFFSET 0x14

-#define PUBLIC_MSG_MGR_OFFSET  0x2c294c0
-#define MULTI_DB_MSG_MGR_OFFSET  0x2c2aff4
-#define FAVORITE_STORAGE_MGR_OFFSET  0x2c2aa14
-#define FTS_FAVORITE_MGR_OFFSET  0x2bef468
+#define PUBLIC_MSG_MGR_OFFSET  0x2c7ec88
+#define MULTI_DB_MSG_MGR_OFFSET  0x2c807d0
+#define FAVORITE_STORAGE_MGR_OFFSET  0x2c801f8
+#define FTS_FAVORITE_MGR_OFFSET  0x2c439b8

 using namespace std;
 map<wstring, DatabaseInfo> dbmap;
--- a/src/hook_img.cc
+++ b/src/hook_img.cc
@ -6,9 +6,9 @@

 // #define WX_HOOK_IMG_OFFSET 0xd7eaa5
 // #define WX_HOOK_IMG_NEXT_OFFSET 0xda56e0
-#define WX_HOOK_IMG_OFFSET 0xc63ebc
-#define WX_HOOK_IMG_NEXT_OFFSET 0xd7e9e0
-#define WX_SELF_ID_OFFSET 0x2BEE08C
+#define WX_HOOK_IMG_OFFSET 0xc672cc
+#define WX_HOOK_IMG_NEXT_OFFSET 0xd82370
+#define WX_SELF_ID_OFFSET 0x2C42A38
 #define BUFSIZE 1024

 #define JPEG0 0xFF
--- a/src/hook_recv_msg.cc
+++ b/src/hook_recv_msg.cc
@ -10,8 +10,8 @@
 using namespace nlohmann;

 using namespace std;
-#define WX_RECV_MSG_HOOK_OFFSET 0xb94796
-#define WX_RECV_MSG_HOOK_NEXT_OFFSET 0x6fe2c0
+#define WX_RECV_MSG_HOOK_OFFSET 0xb97126
+#define WX_RECV_MSG_HOOK_NEXT_OFFSET 0x6fc850

 // SyncMgr::addMsgListToDB
 // #define WX_RECV_MSG_HOOK_OFFSET 0xB9C919
--- a/src/new_sqlite3.h
+++ b/src/new_sqlite3.h
@ -135,24 +135,24 @@
 #define SQLITE_NULL     5
 #define SQLITE_TEXT     3

-#define SQLITE3_EXEC_OFFSET 0x1b623b0
-#define SQLITE3_BACKUP_INIT_OFFSET 0x1b27d50
-#define SQLITE3_PREPARE_OFFSET 0x1b68d00
-#define SQLITE3_OPEN_OFFSET 0x1b96cf0
-#define SQLITE3_BACKUP_STEP_OFFSET 0x1b28150
-#define SQLITE3_BACKUP_REMAINING_OFFSET 0x1b28890
-#define SQLITE3_BACKUP_PAGECOUNT_OFFSET 0x1b288a0
-#define SQLITE3_BACKUP_FINISH_OFFSET 0x1b28790
-#define SQLITE3_SLEEP_OFFSET 0x1b97530
-#define SQLITE3_ERRCODE_OFFSET 0x1b95990
-#define SQLITE3_CLOSE_OFFSET 0x1b94110
-#define SQLITE3_STEP_OFFSET 0x1b30bc0
-#define SQLITE3_COLUMN_COUNT_OFFSET 0x1b310d0
-#define SQLITE3_COLUMN_NAME_OFFSET 0x1b319c0
-#define SQLITE3_COLUMN_TYPE_OFFSET 0x1b31860
-#define SQLITE3_COLUMN_BLOB_OFFSET 0x1b31110
-#define SQLITE3_COLUMN_BYTES_OFFSET 0x1b311f0
-#define SQLITE3_FINALIZE_OFFSET 0x1b2fb90
+#define SQLITE3_EXEC_OFFSET 0x1ba9de0
+#define SQLITE3_BACKUP_INIT_OFFSET 0x1b6f760
+#define SQLITE3_PREPARE_OFFSET 0x1bb0730
+#define SQLITE3_OPEN_OFFSET 0x1bde730
+#define SQLITE3_BACKUP_STEP_OFFSET 0x1b6fb60
+#define SQLITE3_BACKUP_REMAINING_OFFSET 0x1b702a0
+#define SQLITE3_BACKUP_PAGECOUNT_OFFSET 0x1b702b0
+#define SQLITE3_BACKUP_FINISH_OFFSET 0x1b701a0
+#define SQLITE3_SLEEP_OFFSET 0x1bdef70
+#define SQLITE3_ERRCODE_OFFSET 0x1bdd3d0
+#define SQLITE3_CLOSE_OFFSET 0x1bdbb20
+#define SQLITE3_STEP_OFFSET 0x1b785d0
+#define SQLITE3_COLUMN_COUNT_OFFSET 0x1b78ae0
+#define SQLITE3_COLUMN_NAME_OFFSET 0x1b793d0
+#define SQLITE3_COLUMN_TYPE_OFFSET 0x1b79270
+#define SQLITE3_COLUMN_BLOB_OFFSET 0x1b78b20
+#define SQLITE3_COLUMN_BYTES_OFFSET 0x1b78c00
+#define SQLITE3_FINALIZE_OFFSET 0x1b775a0

 typedef int (*Sqlite3_callback)(void*, int, char**, char**);

--- a/src/self_info.cc
+++ b/src/self_info.cc
@ -5,19 +5,19 @@

 #include "wechat_data.h"

-#define WX_SELF_NAME_OFFSET 0x2bee198
-#define WX_SELF_MOBILE_OFFSET 0x2BEE108
-#define WX_SELF_CITY_OFFSET 0x2BEE168
-#define WX_SELF_PROVINCE_OFFSET 0x2BEE150
-#define WX_SELF_COUNTRY_OFFSET 0x2BEE138
-#define WX_SELF_ACCOUNT_OFFSET 0x2BEE0F0
-#define WX_SELF_ID_OFFSET 0x2BEE08C
-#define WX_SELF_SMALL_IMG_OFFSET 0x2BEE34C
-#define WX_SELF_BIG_IMG_OFFSET 0x2BEE364
-#define WX_LOGIN_STATUS_OFFSET 0x2BEE4C0
-#define WX_APP_DATA_ROOT_PATH_OFFSET 0x2c2f478
-#define WX_APP_DATA_SAVE_PATH_OFFSET 0x2C10D04
-#define WX_CURRENT_DATA_PATH_OFFSET 0x2C0EC38
+#define WX_SELF_NAME_OFFSET 0x2C426E8
+#define WX_SELF_MOBILE_OFFSET 0x2C42658
+#define WX_SELF_CITY_OFFSET 0x2C426B8
+#define WX_SELF_PROVINCE_OFFSET 0x2C426A0
+#define WX_SELF_COUNTRY_OFFSET 0x2C42688
+#define WX_SELF_ACCOUNT_OFFSET 0x2C42640
+#define WX_SELF_ID_OFFSET 0x2C42A38
+#define WX_SELF_SMALL_IMG_OFFSET 0x2C4289C
+#define WX_SELF_BIG_IMG_OFFSET 0x2C428B4
+#define WX_LOGIN_STATUS_OFFSET 0x2c42a10
+#define WX_APP_DATA_ROOT_PATH_OFFSET 0x2c84ae0
+#define WX_APP_DATA_SAVE_PATH_OFFSET 0x2c65728
+#define WX_CURRENT_DATA_PATH_OFFSET 0x2c636fc



--- a/src/send_file.cc
+++ b/src/send_file.cc
@ -3,10 +3,10 @@
 #include "common.h"
 #include "wechat_data.h"

-#define WX_APP_MSG_MGR_OFFSET   0x665f60
-#define WX_SEND_FILE_OFFSET     0xa0ce20
-#define WX_INIT_CHAT_MSG_OFFSET 0xdbcc40
-#define WX_FREE_CHAT_MSG_OFFSET 0x651c40
+#define WX_APP_MSG_MGR_OFFSET   0x65df50
+#define WX_SEND_FILE_OFFSET     0xa10190
+#define WX_INIT_CHAT_MSG_OFFSET 0xdbf380
+#define WX_FREE_CHAT_MSG_OFFSET 0x649ac0

 int  SendFile(wchar_t *wxid, wchar_t *file_path){
  int success = 0;
--- a/src/send_image.cc
+++ b/src/send_image.cc
@ -3,10 +3,10 @@
 #include "common.h"
 #include "wechat_data.h"

-#define WX_SEND_IMAGE_OFFSET  0xb68b90
-#define WX_SEND_MESSAGE_MGR_OFFSET 0x663320
-#define WX_INIT_CHAT_MSG_OFFSET  0xdbcc40
-#define WX_FREE_CHAT_MSG_OFFSET 0x651c40
+#define WX_SEND_IMAGE_OFFSET  0xb6a3f0
+#define WX_SEND_MESSAGE_MGR_OFFSET 0x65b2a0
+#define WX_INIT_CHAT_MSG_OFFSET  0xdbf380
+#define WX_FREE_CHAT_MSG_OFFSET 0x649ac0

 int SendImage(wchar_t *wxid, wchar_t *image_path){

--- a/src/send_text.cc
+++ b/src/send_text.cc
@ -5,11 +5,11 @@
 #include "common.h"
 #include "wechat_data.h"

-#define WX_SEND_TEXT_OFFSET 0xb690a0
+#define WX_SEND_TEXT_OFFSET 0xb6a930

-#define WX_SEND_MESSAGE_MGR_OFFSET 0x663320
+#define WX_SEND_MESSAGE_MGR_OFFSET 0x65b2a0

-#define WX_FREE_CHAT_MSG_OFFSET 0x651c40
+#define WX_FREE_CHAT_MSG_OFFSET 0x649ac0
 /// @brief 发生文本消息
 /// @param wxid wxid
 /// @param msg  文本消息