From e62a37b3542c2f7abc1a396b3aae067b0233a1c8 Mon Sep 17 00:00:00 2001 From: Gy Hu Date: Mon, 26 Dec 2022 16:44:14 +0800 Subject: [PATCH] =?UTF-8?q?=E6=94=AF=E6=8C=813.8.1.26=E7=89=88=E6=9C=AC?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .gitignore | 2 ++ README.md | 29 ++++++++++++++++++++--------- src/chat_room.cc | 26 +++++++++++++------------- src/contact.cc | 16 ++++++---------- src/forward.cc | 8 ++++---- src/get_db_handle.cc | 10 +++++----- src/hook_img.cc | 6 +++--- src/hook_recv_msg.cc | 4 ++-- src/new_sqlite3.h | 36 ++++++++++++++++++------------------ src/self_info.cc | 26 +++++++++++++------------- src/send_file.cc | 8 ++++---- src/send_image.cc | 8 ++++---- src/send_text.cc | 6 +++--- 13 files changed, 97 insertions(+), 88 deletions(-) diff --git a/.gitignore b/.gitignore index 39cc024..807a2c0 100644 --- a/.gitignore +++ b/.gitignore @@ -30,3 +30,5 @@ #*.exe *.out *.app +/out +CMakePresets.json \ No newline at end of file diff --git a/README.md b/README.md index 89f57ed..bd3a2a9 100644 --- a/README.md +++ b/README.md @@ -1,18 +1,19 @@ # wxhelper -wechat hook . +wechat hook 。PC端微信逆向学习。支持3.8.0.41,3.8.1.26版本。 #### 免责声明: 本仓库发布的内容,仅用于学习研究,请勿用于非法用途和商业用途!如因此产生任何法律纠纷,均与作者无关! #### 项目说明: -本项目是个人学习学习逆向的项目,主要参考https://github.com/ttttupup/ComWeChatRobot,在此基础上实现了wechat 3.8.0.41的版本的部分内容。 +本项目是个人学习学习逆向的项目,主要参考https://github.com/ttttupup/ComWeChatRobot,在此基础上实现了微信的的其它版本的部分内容。 #### 使用说明: -支持的版本3.8.0.41,目前是最新版本。 +支持的版本3.8.0.41,3.8.1.26。 src:主要的dll代码 tool:简单的注入工具,一个是控制台,一个是图形界面。 python: 简单的服务器,用以接收消息内容。 release:编译好的dll。 +0.首先安装对应的微信版本,主分支是3.8.0.41版本,3.8.1.26分支对应3.8.1.26版本。 1.通过cmake构建成功后,将wxhelper.dll注入到微信,本地启动tcp server,监听19088端口。 2.通过http协议与dll通信,方便客户端操作。 3.接口的url为http://127.0.0.1:19088,注入成功后,直接进行调用即可。 @@ -21,11 +22,19 @@ release:编译好的dll。 #### 编译环境 -Visual Studio 2022(x86) -Visual Studio code -cmake +Visual Studio 2022(x86) + +Visual Studio code + +cmake + vcpkg + +#### 更新说明 +2022-12-26 : 增加3.8.1.26版本支持。 + + ### 接口文档: #### 0.检查微信登录** @@ -683,6 +692,8 @@ vcpkg #### 感谢 -https://github.com/ljc545w/ComWeChatRobot -https://github.com/NationalSecurityAgency/ghidra -https://github.com/x64dbg/x64dbg \ No newline at end of file +https://github.com/ljc545w/ComWeChatRobot + +https://github.com/NationalSecurityAgency/ghidra + +https://github.com/x64dbg/x64dbg diff --git a/src/chat_room.cc b/src/chat_room.cc index b07e2f8..52662e9 100644 --- a/src/chat_room.cc +++ b/src/chat_room.cc @@ -4,17 +4,17 @@ #include "common.h" #include "wechat_data.h" -#define WX_CHAT_ROOM_MGR_OFFSET 0x686e40 -#define WX_GET_CHAT_ROOM_DETAIL_INFO_OFFSET 0xa70920 -#define WX_NEW_CHAT_ROOM_INFO_OFFSET 0xd03ec0 -#define WX_FREE_CHAT_ROOM_INFO_OFFSET 0x7226e0 -#define WX_DEL_CHAT_ROOM_MEMBER_OFFSET 0xa668f0 -#define WX_INIT_CHAT_MSG_OFFSET 0xdbcc40 -#define WX_FREE_CHAT_MSG_OFFSET 0x651c40 -#define WX_ADD_MEMBER_TO_CHAT_ROOM_OFFSET 0xa66400 -#define WX_GET_MEMBER_FROM_CHAT_ROOM_OFFSET 0xa71650 -#define WX_INIT_CHAT_ROOM_OFFSET 0xd01c30 -#define WX_FREE_CHAT_ROOM_OFFSET 0xa79310 +#define WX_CHAT_ROOM_MGR_OFFSET 0x67ee70 +#define WX_GET_CHAT_ROOM_DETAIL_INFO_OFFSET 0xa73a80 +#define WX_NEW_CHAT_ROOM_INFO_OFFSET 0xd07010 +#define WX_FREE_CHAT_ROOM_INFO_OFFSET 0xd072f0 +#define WX_DEL_CHAT_ROOM_MEMBER_OFFSET 0xa69a50 +#define WX_INIT_CHAT_MSG_OFFSET 0xdbf380 +#define WX_FREE_CHAT_MSG_OFFSET 0x649ac0 +#define WX_ADD_MEMBER_TO_CHAT_ROOM_OFFSET 0xa69560 +#define WX_GET_MEMBER_FROM_CHAT_ROOM_OFFSET 0xa749b0 +#define WX_INIT_CHAT_ROOM_OFFSET 0xd04d80 +#define WX_FREE_CHAT_ROOM_OFFSET 0xa7c620 int GetChatRoomDetailInfo(wchar_t* chat_room_id, ChatRoomInfoInner& room_info) { int success = 0; @@ -24,7 +24,7 @@ int GetChatRoomDetailInfo(wchar_t* chat_room_id, ChatRoomInfoInner& room_info) { DWORD get_chat_room_detail_addr = base + WX_GET_CHAT_ROOM_DETAIL_INFO_OFFSET; DWORD create_chat_room_info_addr = base + WX_NEW_CHAT_ROOM_INFO_OFFSET; DWORD free_chat_room_info_addr = base + WX_FREE_CHAT_ROOM_INFO_OFFSET; - char chat_room_info[0xA4] = {0}; + char chat_room_info[0xDC] = {0}; __asm { PUSHAD LEA ECX,chat_room_info @@ -144,7 +144,7 @@ int GetMemberFromChatRoom(wchar_t* chat_room_id,ChatRoomInner & out){ int success = 0; WeChatString chat_room(chat_room_id); DWORD chat_room_ptr = (DWORD) &chat_room; - char buffer[0x1A0] = {0}; + char buffer[0x1D4] = {0}; DWORD base = GetWeChatWinBase(); DWORD get_member_addr = base + WX_GET_MEMBER_FROM_CHAT_ROOM_OFFSET; DWORD get_chat_room_mgr_addr = base + WX_CHAT_ROOM_MGR_OFFSET; diff --git a/src/contact.cc b/src/contact.cc index 608cae9..0ba1ca3 100644 --- a/src/contact.cc +++ b/src/contact.cc @@ -4,15 +4,11 @@ #include "common.h" #include "wechat_data.h" -#define WX_CONTACT_MGR_INSTANCE_OFFSET 0x655d60 -#define WX_CONTACT_GET_LIST_OFFSET 0xa97da0 -#define WX_CONTACT_DEL_OFFSET 0xa9bd10 -#define WX_INIT_CHAT_MSG_OFFSET 0xdbcc40 -#define WX_DB_QUERY_OFFSET 0xa9ba20 -#define WX_SYNC_MGR_OFFSET 0x993fa0 -#define WX_SYNC_MGR_OFFSET 0x993fa0 -#define WX_DO_DEL_CONTACT_OFFSET 0xb9a750 -#define WX_DEL_CONTACT_VTABLE_OFFSET 0x2886990 +#define WX_CONTACT_MGR_INSTANCE_OFFSET 0x64dc30 +#define WX_CONTACT_GET_LIST_OFFSET 0xa9b000 +#define WX_CONTACT_DEL_OFFSET 0xa9ef40 +#define WX_INIT_CHAT_MSG_OFFSET 0xdbf380 +#define WX_DB_QUERY_OFFSET 0xa9ec40 int GetAllContact(vector &vec) { DWORD base = GetWeChatWinBase(); DWORD get_instance = base + WX_CONTACT_MGR_INSTANCE_OFFSET; @@ -66,7 +62,7 @@ int GetAllContact(vector &vec) { temp.type = *(DWORD *)(start + 0x50); temp.verify_flag = *(DWORD *)(start + 0x54); vec.push_back(temp); - start += 0x3E8; + start += 0x438; } return success; } diff --git a/src/forward.cc b/src/forward.cc index 62a421d..3ec3b0d 100644 --- a/src/forward.cc +++ b/src/forward.cc @@ -4,8 +4,8 @@ #include "common.h" #include "get_db_handle.h" #include "wechat_data.h" -#define WX_FORWARD_MSG_OFFSET 0xb68c80 -#define WX_INIT_CHAT_MSG_OFFSET 0xdbcc40 +#define WX_FORWARD_MSG_OFFSET 0xb6a4e0 +#define WX_INIT_CHAT_MSG_OFFSET 0xdbf380 int ForwardMsg(wchar_t *wxid, unsigned long long msgid) { int success = 0; @@ -27,11 +27,11 @@ int ForwardMsg(wchar_t *wxid, unsigned long long msgid) { PUSH EAX SUB ESP,0x14 MOV ECX,ESP - LEA ESI, to_user; + LEA ESI,to_user PUSH ESI CALL init_chat_msg_addr CALL forward_msg_addr - MOVZX EAX,AL; + MOVZX EAX,AL MOV success,EAX ADD ESP,0x1c POPFD diff --git a/src/get_db_handle.cc b/src/get_db_handle.cc index 015a395..58a5cbe 100644 --- a/src/get_db_handle.cc +++ b/src/get_db_handle.cc @@ -5,7 +5,7 @@ #include "new_sqlite3.h" #include "pch.h" #include "wechat_data.h" -#define CONTACT_G_PINSTANCE 0x2bee928 +#define CONTACT_G_PINSTANCE 0x2c42e78 #define DB_MICRO_MSG_OFFSET 0x68 #define DB_CHAT_MSG_OFFSET 0x1C0 #define DB_MISC_OFFSET 0x3D8 @@ -15,10 +15,10 @@ #define DB_FUNCTION_MSG_OFFSET 0x11B0 #define DB_NAME_OFFSET 0x14 -#define PUBLIC_MSG_MGR_OFFSET 0x2c294c0 -#define MULTI_DB_MSG_MGR_OFFSET 0x2c2aff4 -#define FAVORITE_STORAGE_MGR_OFFSET 0x2c2aa14 -#define FTS_FAVORITE_MGR_OFFSET 0x2bef468 +#define PUBLIC_MSG_MGR_OFFSET 0x2c7ec88 +#define MULTI_DB_MSG_MGR_OFFSET 0x2c807d0 +#define FAVORITE_STORAGE_MGR_OFFSET 0x2c801f8 +#define FTS_FAVORITE_MGR_OFFSET 0x2c439b8 using namespace std; map dbmap; diff --git a/src/hook_img.cc b/src/hook_img.cc index 656f915..afb977e 100644 --- a/src/hook_img.cc +++ b/src/hook_img.cc @@ -6,9 +6,9 @@ // #define WX_HOOK_IMG_OFFSET 0xd7eaa5 // #define WX_HOOK_IMG_NEXT_OFFSET 0xda56e0 -#define WX_HOOK_IMG_OFFSET 0xc63ebc -#define WX_HOOK_IMG_NEXT_OFFSET 0xd7e9e0 -#define WX_SELF_ID_OFFSET 0x2BEE08C +#define WX_HOOK_IMG_OFFSET 0xc672cc +#define WX_HOOK_IMG_NEXT_OFFSET 0xd82370 +#define WX_SELF_ID_OFFSET 0x2C42A38 #define BUFSIZE 1024 #define JPEG0 0xFF diff --git a/src/hook_recv_msg.cc b/src/hook_recv_msg.cc index 7043a4b..5728370 100644 --- a/src/hook_recv_msg.cc +++ b/src/hook_recv_msg.cc @@ -10,8 +10,8 @@ using namespace nlohmann; using namespace std; -#define WX_RECV_MSG_HOOK_OFFSET 0xb94796 -#define WX_RECV_MSG_HOOK_NEXT_OFFSET 0x6fe2c0 +#define WX_RECV_MSG_HOOK_OFFSET 0xb97126 +#define WX_RECV_MSG_HOOK_NEXT_OFFSET 0x6fc850 // SyncMgr::addMsgListToDB // #define WX_RECV_MSG_HOOK_OFFSET 0xB9C919 diff --git a/src/new_sqlite3.h b/src/new_sqlite3.h index 4ea593c..a27713f 100644 --- a/src/new_sqlite3.h +++ b/src/new_sqlite3.h @@ -135,24 +135,24 @@ #define SQLITE_NULL 5 #define SQLITE_TEXT 3 -#define SQLITE3_EXEC_OFFSET 0x1b623b0 -#define SQLITE3_BACKUP_INIT_OFFSET 0x1b27d50 -#define SQLITE3_PREPARE_OFFSET 0x1b68d00 -#define SQLITE3_OPEN_OFFSET 0x1b96cf0 -#define SQLITE3_BACKUP_STEP_OFFSET 0x1b28150 -#define SQLITE3_BACKUP_REMAINING_OFFSET 0x1b28890 -#define SQLITE3_BACKUP_PAGECOUNT_OFFSET 0x1b288a0 -#define SQLITE3_BACKUP_FINISH_OFFSET 0x1b28790 -#define SQLITE3_SLEEP_OFFSET 0x1b97530 -#define SQLITE3_ERRCODE_OFFSET 0x1b95990 -#define SQLITE3_CLOSE_OFFSET 0x1b94110 -#define SQLITE3_STEP_OFFSET 0x1b30bc0 -#define SQLITE3_COLUMN_COUNT_OFFSET 0x1b310d0 -#define SQLITE3_COLUMN_NAME_OFFSET 0x1b319c0 -#define SQLITE3_COLUMN_TYPE_OFFSET 0x1b31860 -#define SQLITE3_COLUMN_BLOB_OFFSET 0x1b31110 -#define SQLITE3_COLUMN_BYTES_OFFSET 0x1b311f0 -#define SQLITE3_FINALIZE_OFFSET 0x1b2fb90 +#define SQLITE3_EXEC_OFFSET 0x1ba9de0 +#define SQLITE3_BACKUP_INIT_OFFSET 0x1b6f760 +#define SQLITE3_PREPARE_OFFSET 0x1bb0730 +#define SQLITE3_OPEN_OFFSET 0x1bde730 +#define SQLITE3_BACKUP_STEP_OFFSET 0x1b6fb60 +#define SQLITE3_BACKUP_REMAINING_OFFSET 0x1b702a0 +#define SQLITE3_BACKUP_PAGECOUNT_OFFSET 0x1b702b0 +#define SQLITE3_BACKUP_FINISH_OFFSET 0x1b701a0 +#define SQLITE3_SLEEP_OFFSET 0x1bdef70 +#define SQLITE3_ERRCODE_OFFSET 0x1bdd3d0 +#define SQLITE3_CLOSE_OFFSET 0x1bdbb20 +#define SQLITE3_STEP_OFFSET 0x1b785d0 +#define SQLITE3_COLUMN_COUNT_OFFSET 0x1b78ae0 +#define SQLITE3_COLUMN_NAME_OFFSET 0x1b793d0 +#define SQLITE3_COLUMN_TYPE_OFFSET 0x1b79270 +#define SQLITE3_COLUMN_BLOB_OFFSET 0x1b78b20 +#define SQLITE3_COLUMN_BYTES_OFFSET 0x1b78c00 +#define SQLITE3_FINALIZE_OFFSET 0x1b775a0 typedef int (*Sqlite3_callback)(void*, int, char**, char**); diff --git a/src/self_info.cc b/src/self_info.cc index 561da22..bb150ca 100644 --- a/src/self_info.cc +++ b/src/self_info.cc @@ -5,19 +5,19 @@ #include "wechat_data.h" -#define WX_SELF_NAME_OFFSET 0x2bee198 -#define WX_SELF_MOBILE_OFFSET 0x2BEE108 -#define WX_SELF_CITY_OFFSET 0x2BEE168 -#define WX_SELF_PROVINCE_OFFSET 0x2BEE150 -#define WX_SELF_COUNTRY_OFFSET 0x2BEE138 -#define WX_SELF_ACCOUNT_OFFSET 0x2BEE0F0 -#define WX_SELF_ID_OFFSET 0x2BEE08C -#define WX_SELF_SMALL_IMG_OFFSET 0x2BEE34C -#define WX_SELF_BIG_IMG_OFFSET 0x2BEE364 -#define WX_LOGIN_STATUS_OFFSET 0x2BEE4C0 -#define WX_APP_DATA_ROOT_PATH_OFFSET 0x2c2f478 -#define WX_APP_DATA_SAVE_PATH_OFFSET 0x2C10D04 -#define WX_CURRENT_DATA_PATH_OFFSET 0x2C0EC38 +#define WX_SELF_NAME_OFFSET 0x2C426E8 +#define WX_SELF_MOBILE_OFFSET 0x2C42658 +#define WX_SELF_CITY_OFFSET 0x2C426B8 +#define WX_SELF_PROVINCE_OFFSET 0x2C426A0 +#define WX_SELF_COUNTRY_OFFSET 0x2C42688 +#define WX_SELF_ACCOUNT_OFFSET 0x2C42640 +#define WX_SELF_ID_OFFSET 0x2C42A38 +#define WX_SELF_SMALL_IMG_OFFSET 0x2C4289C +#define WX_SELF_BIG_IMG_OFFSET 0x2C428B4 +#define WX_LOGIN_STATUS_OFFSET 0x2c42a10 +#define WX_APP_DATA_ROOT_PATH_OFFSET 0x2c84ae0 +#define WX_APP_DATA_SAVE_PATH_OFFSET 0x2c65728 +#define WX_CURRENT_DATA_PATH_OFFSET 0x2c636fc diff --git a/src/send_file.cc b/src/send_file.cc index a33727c..11f12e9 100644 --- a/src/send_file.cc +++ b/src/send_file.cc @@ -3,10 +3,10 @@ #include "common.h" #include "wechat_data.h" -#define WX_APP_MSG_MGR_OFFSET 0x665f60 -#define WX_SEND_FILE_OFFSET 0xa0ce20 -#define WX_INIT_CHAT_MSG_OFFSET 0xdbcc40 -#define WX_FREE_CHAT_MSG_OFFSET 0x651c40 +#define WX_APP_MSG_MGR_OFFSET 0x65df50 +#define WX_SEND_FILE_OFFSET 0xa10190 +#define WX_INIT_CHAT_MSG_OFFSET 0xdbf380 +#define WX_FREE_CHAT_MSG_OFFSET 0x649ac0 int SendFile(wchar_t *wxid, wchar_t *file_path){ int success = 0; diff --git a/src/send_image.cc b/src/send_image.cc index 29a358a..24f40f1 100644 --- a/src/send_image.cc +++ b/src/send_image.cc @@ -3,10 +3,10 @@ #include "common.h" #include "wechat_data.h" -#define WX_SEND_IMAGE_OFFSET 0xb68b90 -#define WX_SEND_MESSAGE_MGR_OFFSET 0x663320 -#define WX_INIT_CHAT_MSG_OFFSET 0xdbcc40 -#define WX_FREE_CHAT_MSG_OFFSET 0x651c40 +#define WX_SEND_IMAGE_OFFSET 0xb6a3f0 +#define WX_SEND_MESSAGE_MGR_OFFSET 0x65b2a0 +#define WX_INIT_CHAT_MSG_OFFSET 0xdbf380 +#define WX_FREE_CHAT_MSG_OFFSET 0x649ac0 int SendImage(wchar_t *wxid, wchar_t *image_path){ diff --git a/src/send_text.cc b/src/send_text.cc index 6ba20cc..995fdd8 100644 --- a/src/send_text.cc +++ b/src/send_text.cc @@ -5,11 +5,11 @@ #include "common.h" #include "wechat_data.h" -#define WX_SEND_TEXT_OFFSET 0xb690a0 +#define WX_SEND_TEXT_OFFSET 0xb6a930 -#define WX_SEND_MESSAGE_MGR_OFFSET 0x663320 +#define WX_SEND_MESSAGE_MGR_OFFSET 0x65b2a0 -#define WX_FREE_CHAT_MSG_OFFSET 0x651c40 +#define WX_FREE_CHAT_MSG_OFFSET 0x649ac0 /// @brief 发生文本消息 /// @param wxid wxid /// @param msg 文本消息