支持3.8.1.26版本

This commit is contained in:
Gy Hu 2022-12-26 16:44:14 +08:00
parent 7ced06fd6f
commit e62a37b354
13 changed files with 97 additions and 88 deletions

2
.gitignore vendored
View File

@ -30,3 +30,5 @@
#*.exe #*.exe
*.out *.out
*.app *.app
/out
CMakePresets.json

View File

@ -1,18 +1,19 @@
# wxhelper # wxhelper
wechat hook . wechat hook 。PC端微信逆向学习。支持3.8.0.413.8.1.26版本。
#### 免责声明: #### 免责声明:
本仓库发布的内容,仅用于学习研究,请勿用于非法用途和商业用途!如因此产生任何法律纠纷,均与作者无关! 本仓库发布的内容,仅用于学习研究,请勿用于非法用途和商业用途!如因此产生任何法律纠纷,均与作者无关!
#### 项目说明: #### 项目说明:
本项目是个人学习学习逆向的项目主要参考https://github.com/ttttupup/ComWeChatRobot在此基础上实现了wechat 3.8.0.41的版本的部分内容。 本项目是个人学习学习逆向的项目主要参考https://github.com/ttttupup/ComWeChatRobot在此基础上实现了微信的的其它版本的部分内容。
#### 使用说明: #### 使用说明:
支持的版本3.8.0.41目前是最新版本 支持的版本3.8.0.413.8.1.26
src:主要的dll代码 src:主要的dll代码
tool简单的注入工具一个是控制台一个是图形界面。 tool简单的注入工具一个是控制台一个是图形界面。
python: 简单的服务器,用以接收消息内容。 python: 简单的服务器,用以接收消息内容。
release编译好的dll。 release编译好的dll。
0.首先安装对应的微信版本主分支是3.8.0.41版本3.8.1.26分支对应3.8.1.26版本。
1.通过cmake构建成功后将wxhelper.dll注入到微信本地启动tcp server监听19088端口。 1.通过cmake构建成功后将wxhelper.dll注入到微信本地启动tcp server监听19088端口。
2.通过http协议与dll通信方便客户端操作。 2.通过http协议与dll通信方便客户端操作。
3.接口的url为http://127.0.0.1:19088注入成功后直接进行调用即可。 3.接口的url为http://127.0.0.1:19088注入成功后直接进行调用即可。
@ -22,10 +23,18 @@ release编译好的dll。
#### 编译环境 #### 编译环境
Visual Studio 2022(x86) Visual Studio 2022(x86)
Visual Studio code Visual Studio code
cmake cmake
vcpkg vcpkg
#### 更新说明
2022-12-26 增加3.8.1.26版本支持。
### 接口文档: ### 接口文档:
#### 0.检查微信登录** #### 0.检查微信登录**
@ -684,5 +693,7 @@ vcpkg
#### 感谢 #### 感谢
https://github.com/ljc545w/ComWeChatRobot https://github.com/ljc545w/ComWeChatRobot
https://github.com/NationalSecurityAgency/ghidra https://github.com/NationalSecurityAgency/ghidra
https://github.com/x64dbg/x64dbg https://github.com/x64dbg/x64dbg

View File

@ -4,17 +4,17 @@
#include "common.h" #include "common.h"
#include "wechat_data.h" #include "wechat_data.h"
#define WX_CHAT_ROOM_MGR_OFFSET 0x686e40 #define WX_CHAT_ROOM_MGR_OFFSET 0x67ee70
#define WX_GET_CHAT_ROOM_DETAIL_INFO_OFFSET 0xa70920 #define WX_GET_CHAT_ROOM_DETAIL_INFO_OFFSET 0xa73a80
#define WX_NEW_CHAT_ROOM_INFO_OFFSET 0xd03ec0 #define WX_NEW_CHAT_ROOM_INFO_OFFSET 0xd07010
#define WX_FREE_CHAT_ROOM_INFO_OFFSET 0x7226e0 #define WX_FREE_CHAT_ROOM_INFO_OFFSET 0xd072f0
#define WX_DEL_CHAT_ROOM_MEMBER_OFFSET 0xa668f0 #define WX_DEL_CHAT_ROOM_MEMBER_OFFSET 0xa69a50
#define WX_INIT_CHAT_MSG_OFFSET 0xdbcc40 #define WX_INIT_CHAT_MSG_OFFSET 0xdbf380
#define WX_FREE_CHAT_MSG_OFFSET 0x651c40 #define WX_FREE_CHAT_MSG_OFFSET 0x649ac0
#define WX_ADD_MEMBER_TO_CHAT_ROOM_OFFSET 0xa66400 #define WX_ADD_MEMBER_TO_CHAT_ROOM_OFFSET 0xa69560
#define WX_GET_MEMBER_FROM_CHAT_ROOM_OFFSET 0xa71650 #define WX_GET_MEMBER_FROM_CHAT_ROOM_OFFSET 0xa749b0
#define WX_INIT_CHAT_ROOM_OFFSET 0xd01c30 #define WX_INIT_CHAT_ROOM_OFFSET 0xd04d80
#define WX_FREE_CHAT_ROOM_OFFSET 0xa79310 #define WX_FREE_CHAT_ROOM_OFFSET 0xa7c620
int GetChatRoomDetailInfo(wchar_t* chat_room_id, ChatRoomInfoInner& room_info) { int GetChatRoomDetailInfo(wchar_t* chat_room_id, ChatRoomInfoInner& room_info) {
int success = 0; int success = 0;
@ -24,7 +24,7 @@ int GetChatRoomDetailInfo(wchar_t* chat_room_id, ChatRoomInfoInner& room_info) {
DWORD get_chat_room_detail_addr = base + WX_GET_CHAT_ROOM_DETAIL_INFO_OFFSET; DWORD get_chat_room_detail_addr = base + WX_GET_CHAT_ROOM_DETAIL_INFO_OFFSET;
DWORD create_chat_room_info_addr = base + WX_NEW_CHAT_ROOM_INFO_OFFSET; DWORD create_chat_room_info_addr = base + WX_NEW_CHAT_ROOM_INFO_OFFSET;
DWORD free_chat_room_info_addr = base + WX_FREE_CHAT_ROOM_INFO_OFFSET; DWORD free_chat_room_info_addr = base + WX_FREE_CHAT_ROOM_INFO_OFFSET;
char chat_room_info[0xA4] = {0}; char chat_room_info[0xDC] = {0};
__asm { __asm {
PUSHAD PUSHAD
LEA ECX,chat_room_info LEA ECX,chat_room_info
@ -144,7 +144,7 @@ int GetMemberFromChatRoom(wchar_t* chat_room_id,ChatRoomInner & out){
int success = 0; int success = 0;
WeChatString chat_room(chat_room_id); WeChatString chat_room(chat_room_id);
DWORD chat_room_ptr = (DWORD) &chat_room; DWORD chat_room_ptr = (DWORD) &chat_room;
char buffer[0x1A0] = {0}; char buffer[0x1D4] = {0};
DWORD base = GetWeChatWinBase(); DWORD base = GetWeChatWinBase();
DWORD get_member_addr = base + WX_GET_MEMBER_FROM_CHAT_ROOM_OFFSET; DWORD get_member_addr = base + WX_GET_MEMBER_FROM_CHAT_ROOM_OFFSET;
DWORD get_chat_room_mgr_addr = base + WX_CHAT_ROOM_MGR_OFFSET; DWORD get_chat_room_mgr_addr = base + WX_CHAT_ROOM_MGR_OFFSET;

View File

@ -4,15 +4,11 @@
#include "common.h" #include "common.h"
#include "wechat_data.h" #include "wechat_data.h"
#define WX_CONTACT_MGR_INSTANCE_OFFSET 0x655d60 #define WX_CONTACT_MGR_INSTANCE_OFFSET 0x64dc30
#define WX_CONTACT_GET_LIST_OFFSET 0xa97da0 #define WX_CONTACT_GET_LIST_OFFSET 0xa9b000
#define WX_CONTACT_DEL_OFFSET 0xa9bd10 #define WX_CONTACT_DEL_OFFSET 0xa9ef40
#define WX_INIT_CHAT_MSG_OFFSET 0xdbcc40 #define WX_INIT_CHAT_MSG_OFFSET 0xdbf380
#define WX_DB_QUERY_OFFSET 0xa9ba20 #define WX_DB_QUERY_OFFSET 0xa9ec40
#define WX_SYNC_MGR_OFFSET 0x993fa0
#define WX_SYNC_MGR_OFFSET 0x993fa0
#define WX_DO_DEL_CONTACT_OFFSET 0xb9a750
#define WX_DEL_CONTACT_VTABLE_OFFSET 0x2886990
int GetAllContact(vector<Contact> &vec) { int GetAllContact(vector<Contact> &vec) {
DWORD base = GetWeChatWinBase(); DWORD base = GetWeChatWinBase();
DWORD get_instance = base + WX_CONTACT_MGR_INSTANCE_OFFSET; DWORD get_instance = base + WX_CONTACT_MGR_INSTANCE_OFFSET;
@ -66,7 +62,7 @@ int GetAllContact(vector<Contact> &vec) {
temp.type = *(DWORD *)(start + 0x50); temp.type = *(DWORD *)(start + 0x50);
temp.verify_flag = *(DWORD *)(start + 0x54); temp.verify_flag = *(DWORD *)(start + 0x54);
vec.push_back(temp); vec.push_back(temp);
start += 0x3E8; start += 0x438;
} }
return success; return success;
} }

View File

@ -4,8 +4,8 @@
#include "common.h" #include "common.h"
#include "get_db_handle.h" #include "get_db_handle.h"
#include "wechat_data.h" #include "wechat_data.h"
#define WX_FORWARD_MSG_OFFSET 0xb68c80 #define WX_FORWARD_MSG_OFFSET 0xb6a4e0
#define WX_INIT_CHAT_MSG_OFFSET 0xdbcc40 #define WX_INIT_CHAT_MSG_OFFSET 0xdbf380
int ForwardMsg(wchar_t *wxid, unsigned long long msgid) { int ForwardMsg(wchar_t *wxid, unsigned long long msgid) {
int success = 0; int success = 0;
@ -27,11 +27,11 @@ int ForwardMsg(wchar_t *wxid, unsigned long long msgid) {
PUSH EAX PUSH EAX
SUB ESP,0x14 SUB ESP,0x14
MOV ECX,ESP MOV ECX,ESP
LEA ESI, to_user; LEA ESI,to_user
PUSH ESI PUSH ESI
CALL init_chat_msg_addr CALL init_chat_msg_addr
CALL forward_msg_addr CALL forward_msg_addr
MOVZX EAX,AL; MOVZX EAX,AL
MOV success,EAX MOV success,EAX
ADD ESP,0x1c ADD ESP,0x1c
POPFD POPFD

View File

@ -5,7 +5,7 @@
#include "new_sqlite3.h" #include "new_sqlite3.h"
#include "pch.h" #include "pch.h"
#include "wechat_data.h" #include "wechat_data.h"
#define CONTACT_G_PINSTANCE 0x2bee928 #define CONTACT_G_PINSTANCE 0x2c42e78
#define DB_MICRO_MSG_OFFSET 0x68 #define DB_MICRO_MSG_OFFSET 0x68
#define DB_CHAT_MSG_OFFSET 0x1C0 #define DB_CHAT_MSG_OFFSET 0x1C0
#define DB_MISC_OFFSET 0x3D8 #define DB_MISC_OFFSET 0x3D8
@ -15,10 +15,10 @@
#define DB_FUNCTION_MSG_OFFSET 0x11B0 #define DB_FUNCTION_MSG_OFFSET 0x11B0
#define DB_NAME_OFFSET 0x14 #define DB_NAME_OFFSET 0x14
#define PUBLIC_MSG_MGR_OFFSET 0x2c294c0 #define PUBLIC_MSG_MGR_OFFSET 0x2c7ec88
#define MULTI_DB_MSG_MGR_OFFSET 0x2c2aff4 #define MULTI_DB_MSG_MGR_OFFSET 0x2c807d0
#define FAVORITE_STORAGE_MGR_OFFSET 0x2c2aa14 #define FAVORITE_STORAGE_MGR_OFFSET 0x2c801f8
#define FTS_FAVORITE_MGR_OFFSET 0x2bef468 #define FTS_FAVORITE_MGR_OFFSET 0x2c439b8
using namespace std; using namespace std;
map<wstring, DatabaseInfo> dbmap; map<wstring, DatabaseInfo> dbmap;

View File

@ -6,9 +6,9 @@
// #define WX_HOOK_IMG_OFFSET 0xd7eaa5 // #define WX_HOOK_IMG_OFFSET 0xd7eaa5
// #define WX_HOOK_IMG_NEXT_OFFSET 0xda56e0 // #define WX_HOOK_IMG_NEXT_OFFSET 0xda56e0
#define WX_HOOK_IMG_OFFSET 0xc63ebc #define WX_HOOK_IMG_OFFSET 0xc672cc
#define WX_HOOK_IMG_NEXT_OFFSET 0xd7e9e0 #define WX_HOOK_IMG_NEXT_OFFSET 0xd82370
#define WX_SELF_ID_OFFSET 0x2BEE08C #define WX_SELF_ID_OFFSET 0x2C42A38
#define BUFSIZE 1024 #define BUFSIZE 1024
#define JPEG0 0xFF #define JPEG0 0xFF

View File

@ -10,8 +10,8 @@
using namespace nlohmann; using namespace nlohmann;
using namespace std; using namespace std;
#define WX_RECV_MSG_HOOK_OFFSET 0xb94796 #define WX_RECV_MSG_HOOK_OFFSET 0xb97126
#define WX_RECV_MSG_HOOK_NEXT_OFFSET 0x6fe2c0 #define WX_RECV_MSG_HOOK_NEXT_OFFSET 0x6fc850
// SyncMgr::addMsgListToDB // SyncMgr::addMsgListToDB
// #define WX_RECV_MSG_HOOK_OFFSET 0xB9C919 // #define WX_RECV_MSG_HOOK_OFFSET 0xB9C919

View File

@ -135,24 +135,24 @@
#define SQLITE_NULL 5 #define SQLITE_NULL 5
#define SQLITE_TEXT 3 #define SQLITE_TEXT 3
#define SQLITE3_EXEC_OFFSET 0x1b623b0 #define SQLITE3_EXEC_OFFSET 0x1ba9de0
#define SQLITE3_BACKUP_INIT_OFFSET 0x1b27d50 #define SQLITE3_BACKUP_INIT_OFFSET 0x1b6f760
#define SQLITE3_PREPARE_OFFSET 0x1b68d00 #define SQLITE3_PREPARE_OFFSET 0x1bb0730
#define SQLITE3_OPEN_OFFSET 0x1b96cf0 #define SQLITE3_OPEN_OFFSET 0x1bde730
#define SQLITE3_BACKUP_STEP_OFFSET 0x1b28150 #define SQLITE3_BACKUP_STEP_OFFSET 0x1b6fb60
#define SQLITE3_BACKUP_REMAINING_OFFSET 0x1b28890 #define SQLITE3_BACKUP_REMAINING_OFFSET 0x1b702a0
#define SQLITE3_BACKUP_PAGECOUNT_OFFSET 0x1b288a0 #define SQLITE3_BACKUP_PAGECOUNT_OFFSET 0x1b702b0
#define SQLITE3_BACKUP_FINISH_OFFSET 0x1b28790 #define SQLITE3_BACKUP_FINISH_OFFSET 0x1b701a0
#define SQLITE3_SLEEP_OFFSET 0x1b97530 #define SQLITE3_SLEEP_OFFSET 0x1bdef70
#define SQLITE3_ERRCODE_OFFSET 0x1b95990 #define SQLITE3_ERRCODE_OFFSET 0x1bdd3d0
#define SQLITE3_CLOSE_OFFSET 0x1b94110 #define SQLITE3_CLOSE_OFFSET 0x1bdbb20
#define SQLITE3_STEP_OFFSET 0x1b30bc0 #define SQLITE3_STEP_OFFSET 0x1b785d0
#define SQLITE3_COLUMN_COUNT_OFFSET 0x1b310d0 #define SQLITE3_COLUMN_COUNT_OFFSET 0x1b78ae0
#define SQLITE3_COLUMN_NAME_OFFSET 0x1b319c0 #define SQLITE3_COLUMN_NAME_OFFSET 0x1b793d0
#define SQLITE3_COLUMN_TYPE_OFFSET 0x1b31860 #define SQLITE3_COLUMN_TYPE_OFFSET 0x1b79270
#define SQLITE3_COLUMN_BLOB_OFFSET 0x1b31110 #define SQLITE3_COLUMN_BLOB_OFFSET 0x1b78b20
#define SQLITE3_COLUMN_BYTES_OFFSET 0x1b311f0 #define SQLITE3_COLUMN_BYTES_OFFSET 0x1b78c00
#define SQLITE3_FINALIZE_OFFSET 0x1b2fb90 #define SQLITE3_FINALIZE_OFFSET 0x1b775a0
typedef int (*Sqlite3_callback)(void*, int, char**, char**); typedef int (*Sqlite3_callback)(void*, int, char**, char**);

View File

@ -5,19 +5,19 @@
#include "wechat_data.h" #include "wechat_data.h"
#define WX_SELF_NAME_OFFSET 0x2bee198 #define WX_SELF_NAME_OFFSET 0x2C426E8
#define WX_SELF_MOBILE_OFFSET 0x2BEE108 #define WX_SELF_MOBILE_OFFSET 0x2C42658
#define WX_SELF_CITY_OFFSET 0x2BEE168 #define WX_SELF_CITY_OFFSET 0x2C426B8
#define WX_SELF_PROVINCE_OFFSET 0x2BEE150 #define WX_SELF_PROVINCE_OFFSET 0x2C426A0
#define WX_SELF_COUNTRY_OFFSET 0x2BEE138 #define WX_SELF_COUNTRY_OFFSET 0x2C42688
#define WX_SELF_ACCOUNT_OFFSET 0x2BEE0F0 #define WX_SELF_ACCOUNT_OFFSET 0x2C42640
#define WX_SELF_ID_OFFSET 0x2BEE08C #define WX_SELF_ID_OFFSET 0x2C42A38
#define WX_SELF_SMALL_IMG_OFFSET 0x2BEE34C #define WX_SELF_SMALL_IMG_OFFSET 0x2C4289C
#define WX_SELF_BIG_IMG_OFFSET 0x2BEE364 #define WX_SELF_BIG_IMG_OFFSET 0x2C428B4
#define WX_LOGIN_STATUS_OFFSET 0x2BEE4C0 #define WX_LOGIN_STATUS_OFFSET 0x2c42a10
#define WX_APP_DATA_ROOT_PATH_OFFSET 0x2c2f478 #define WX_APP_DATA_ROOT_PATH_OFFSET 0x2c84ae0
#define WX_APP_DATA_SAVE_PATH_OFFSET 0x2C10D04 #define WX_APP_DATA_SAVE_PATH_OFFSET 0x2c65728
#define WX_CURRENT_DATA_PATH_OFFSET 0x2C0EC38 #define WX_CURRENT_DATA_PATH_OFFSET 0x2c636fc

View File

@ -3,10 +3,10 @@
#include "common.h" #include "common.h"
#include "wechat_data.h" #include "wechat_data.h"
#define WX_APP_MSG_MGR_OFFSET 0x665f60 #define WX_APP_MSG_MGR_OFFSET 0x65df50
#define WX_SEND_FILE_OFFSET 0xa0ce20 #define WX_SEND_FILE_OFFSET 0xa10190
#define WX_INIT_CHAT_MSG_OFFSET 0xdbcc40 #define WX_INIT_CHAT_MSG_OFFSET 0xdbf380
#define WX_FREE_CHAT_MSG_OFFSET 0x651c40 #define WX_FREE_CHAT_MSG_OFFSET 0x649ac0
int SendFile(wchar_t *wxid, wchar_t *file_path){ int SendFile(wchar_t *wxid, wchar_t *file_path){
int success = 0; int success = 0;

View File

@ -3,10 +3,10 @@
#include "common.h" #include "common.h"
#include "wechat_data.h" #include "wechat_data.h"
#define WX_SEND_IMAGE_OFFSET 0xb68b90 #define WX_SEND_IMAGE_OFFSET 0xb6a3f0
#define WX_SEND_MESSAGE_MGR_OFFSET 0x663320 #define WX_SEND_MESSAGE_MGR_OFFSET 0x65b2a0
#define WX_INIT_CHAT_MSG_OFFSET 0xdbcc40 #define WX_INIT_CHAT_MSG_OFFSET 0xdbf380
#define WX_FREE_CHAT_MSG_OFFSET 0x651c40 #define WX_FREE_CHAT_MSG_OFFSET 0x649ac0
int SendImage(wchar_t *wxid, wchar_t *image_path){ int SendImage(wchar_t *wxid, wchar_t *image_path){

View File

@ -5,11 +5,11 @@
#include "common.h" #include "common.h"
#include "wechat_data.h" #include "wechat_data.h"
#define WX_SEND_TEXT_OFFSET 0xb690a0 #define WX_SEND_TEXT_OFFSET 0xb6a930
#define WX_SEND_MESSAGE_MGR_OFFSET 0x663320 #define WX_SEND_MESSAGE_MGR_OFFSET 0x65b2a0
#define WX_FREE_CHAT_MSG_OFFSET 0x651c40 #define WX_FREE_CHAT_MSG_OFFSET 0x649ac0
/// @brief 发生文本消息 /// @brief 发生文本消息
/// @param wxid wxid /// @param wxid wxid
/// @param msg 文本消息 /// @param msg 文本消息