支持3.8.1.26版本

This commit is contained in:
Gy Hu 2022-12-26 16:44:14 +08:00
parent 7ced06fd6f
commit e62a37b354
13 changed files with 97 additions and 88 deletions

2
.gitignore vendored
View File

@ -30,3 +30,5 @@
#*.exe
*.out
*.app
/out
CMakePresets.json

View File

@ -1,18 +1,19 @@
# wxhelper
wechat hook .
wechat hook 。PC端微信逆向学习。支持3.8.0.413.8.1.26版本。
#### 免责声明:
本仓库发布的内容,仅用于学习研究,请勿用于非法用途和商业用途!如因此产生任何法律纠纷,均与作者无关!
#### 项目说明:
本项目是个人学习学习逆向的项目主要参考https://github.com/ttttupup/ComWeChatRobot在此基础上实现了wechat 3.8.0.41的版本的部分内容。
本项目是个人学习学习逆向的项目主要参考https://github.com/ttttupup/ComWeChatRobot在此基础上实现了微信的的其它版本的部分内容。
#### 使用说明:
支持的版本3.8.0.41目前是最新版本
支持的版本3.8.0.413.8.1.26
src:主要的dll代码
tool简单的注入工具一个是控制台一个是图形界面。
python: 简单的服务器,用以接收消息内容。
release编译好的dll。
0.首先安装对应的微信版本主分支是3.8.0.41版本3.8.1.26分支对应3.8.1.26版本。
1.通过cmake构建成功后将wxhelper.dll注入到微信本地启动tcp server监听19088端口。
2.通过http协议与dll通信方便客户端操作。
3.接口的url为http://127.0.0.1:19088注入成功后直接进行调用即可。
@ -22,10 +23,18 @@ release编译好的dll。
#### 编译环境
Visual Studio 2022(x86)
Visual Studio code
cmake
vcpkg
#### 更新说明
2022-12-26 增加3.8.1.26版本支持。
### 接口文档:
#### 0.检查微信登录**
@ -684,5 +693,7 @@ vcpkg
#### 感谢
https://github.com/ljc545w/ComWeChatRobot
https://github.com/NationalSecurityAgency/ghidra
https://github.com/x64dbg/x64dbg

View File

@ -4,17 +4,17 @@
#include "common.h"
#include "wechat_data.h"
#define WX_CHAT_ROOM_MGR_OFFSET 0x686e40
#define WX_GET_CHAT_ROOM_DETAIL_INFO_OFFSET 0xa70920
#define WX_NEW_CHAT_ROOM_INFO_OFFSET 0xd03ec0
#define WX_FREE_CHAT_ROOM_INFO_OFFSET 0x7226e0
#define WX_DEL_CHAT_ROOM_MEMBER_OFFSET 0xa668f0
#define WX_INIT_CHAT_MSG_OFFSET 0xdbcc40
#define WX_FREE_CHAT_MSG_OFFSET 0x651c40
#define WX_ADD_MEMBER_TO_CHAT_ROOM_OFFSET 0xa66400
#define WX_GET_MEMBER_FROM_CHAT_ROOM_OFFSET 0xa71650
#define WX_INIT_CHAT_ROOM_OFFSET 0xd01c30
#define WX_FREE_CHAT_ROOM_OFFSET 0xa79310
#define WX_CHAT_ROOM_MGR_OFFSET 0x67ee70
#define WX_GET_CHAT_ROOM_DETAIL_INFO_OFFSET 0xa73a80
#define WX_NEW_CHAT_ROOM_INFO_OFFSET 0xd07010
#define WX_FREE_CHAT_ROOM_INFO_OFFSET 0xd072f0
#define WX_DEL_CHAT_ROOM_MEMBER_OFFSET 0xa69a50
#define WX_INIT_CHAT_MSG_OFFSET 0xdbf380
#define WX_FREE_CHAT_MSG_OFFSET 0x649ac0
#define WX_ADD_MEMBER_TO_CHAT_ROOM_OFFSET 0xa69560
#define WX_GET_MEMBER_FROM_CHAT_ROOM_OFFSET 0xa749b0
#define WX_INIT_CHAT_ROOM_OFFSET 0xd04d80
#define WX_FREE_CHAT_ROOM_OFFSET 0xa7c620
int GetChatRoomDetailInfo(wchar_t* chat_room_id, ChatRoomInfoInner& room_info) {
int success = 0;
@ -24,7 +24,7 @@ int GetChatRoomDetailInfo(wchar_t* chat_room_id, ChatRoomInfoInner& room_info) {
DWORD get_chat_room_detail_addr = base + WX_GET_CHAT_ROOM_DETAIL_INFO_OFFSET;
DWORD create_chat_room_info_addr = base + WX_NEW_CHAT_ROOM_INFO_OFFSET;
DWORD free_chat_room_info_addr = base + WX_FREE_CHAT_ROOM_INFO_OFFSET;
char chat_room_info[0xA4] = {0};
char chat_room_info[0xDC] = {0};
__asm {
PUSHAD
LEA ECX,chat_room_info
@ -144,7 +144,7 @@ int GetMemberFromChatRoom(wchar_t* chat_room_id,ChatRoomInner & out){
int success = 0;
WeChatString chat_room(chat_room_id);
DWORD chat_room_ptr = (DWORD) &chat_room;
char buffer[0x1A0] = {0};
char buffer[0x1D4] = {0};
DWORD base = GetWeChatWinBase();
DWORD get_member_addr = base + WX_GET_MEMBER_FROM_CHAT_ROOM_OFFSET;
DWORD get_chat_room_mgr_addr = base + WX_CHAT_ROOM_MGR_OFFSET;

View File

@ -4,15 +4,11 @@
#include "common.h"
#include "wechat_data.h"
#define WX_CONTACT_MGR_INSTANCE_OFFSET 0x655d60
#define WX_CONTACT_GET_LIST_OFFSET 0xa97da0
#define WX_CONTACT_DEL_OFFSET 0xa9bd10
#define WX_INIT_CHAT_MSG_OFFSET 0xdbcc40
#define WX_DB_QUERY_OFFSET 0xa9ba20
#define WX_SYNC_MGR_OFFSET 0x993fa0
#define WX_SYNC_MGR_OFFSET 0x993fa0
#define WX_DO_DEL_CONTACT_OFFSET 0xb9a750
#define WX_DEL_CONTACT_VTABLE_OFFSET 0x2886990
#define WX_CONTACT_MGR_INSTANCE_OFFSET 0x64dc30
#define WX_CONTACT_GET_LIST_OFFSET 0xa9b000
#define WX_CONTACT_DEL_OFFSET 0xa9ef40
#define WX_INIT_CHAT_MSG_OFFSET 0xdbf380
#define WX_DB_QUERY_OFFSET 0xa9ec40
int GetAllContact(vector<Contact> &vec) {
DWORD base = GetWeChatWinBase();
DWORD get_instance = base + WX_CONTACT_MGR_INSTANCE_OFFSET;
@ -66,7 +62,7 @@ int GetAllContact(vector<Contact> &vec) {
temp.type = *(DWORD *)(start + 0x50);
temp.verify_flag = *(DWORD *)(start + 0x54);
vec.push_back(temp);
start += 0x3E8;
start += 0x438;
}
return success;
}

View File

@ -4,8 +4,8 @@
#include "common.h"
#include "get_db_handle.h"
#include "wechat_data.h"
#define WX_FORWARD_MSG_OFFSET 0xb68c80
#define WX_INIT_CHAT_MSG_OFFSET 0xdbcc40
#define WX_FORWARD_MSG_OFFSET 0xb6a4e0
#define WX_INIT_CHAT_MSG_OFFSET 0xdbf380
int ForwardMsg(wchar_t *wxid, unsigned long long msgid) {
int success = 0;
@ -27,11 +27,11 @@ int ForwardMsg(wchar_t *wxid, unsigned long long msgid) {
PUSH EAX
SUB ESP,0x14
MOV ECX,ESP
LEA ESI, to_user;
LEA ESI,to_user
PUSH ESI
CALL init_chat_msg_addr
CALL forward_msg_addr
MOVZX EAX,AL;
MOVZX EAX,AL
MOV success,EAX
ADD ESP,0x1c
POPFD

View File

@ -5,7 +5,7 @@
#include "new_sqlite3.h"
#include "pch.h"
#include "wechat_data.h"
#define CONTACT_G_PINSTANCE 0x2bee928
#define CONTACT_G_PINSTANCE 0x2c42e78
#define DB_MICRO_MSG_OFFSET 0x68
#define DB_CHAT_MSG_OFFSET 0x1C0
#define DB_MISC_OFFSET 0x3D8
@ -15,10 +15,10 @@
#define DB_FUNCTION_MSG_OFFSET 0x11B0
#define DB_NAME_OFFSET 0x14
#define PUBLIC_MSG_MGR_OFFSET 0x2c294c0
#define MULTI_DB_MSG_MGR_OFFSET 0x2c2aff4
#define FAVORITE_STORAGE_MGR_OFFSET 0x2c2aa14
#define FTS_FAVORITE_MGR_OFFSET 0x2bef468
#define PUBLIC_MSG_MGR_OFFSET 0x2c7ec88
#define MULTI_DB_MSG_MGR_OFFSET 0x2c807d0
#define FAVORITE_STORAGE_MGR_OFFSET 0x2c801f8
#define FTS_FAVORITE_MGR_OFFSET 0x2c439b8
using namespace std;
map<wstring, DatabaseInfo> dbmap;

View File

@ -6,9 +6,9 @@
// #define WX_HOOK_IMG_OFFSET 0xd7eaa5
// #define WX_HOOK_IMG_NEXT_OFFSET 0xda56e0
#define WX_HOOK_IMG_OFFSET 0xc63ebc
#define WX_HOOK_IMG_NEXT_OFFSET 0xd7e9e0
#define WX_SELF_ID_OFFSET 0x2BEE08C
#define WX_HOOK_IMG_OFFSET 0xc672cc
#define WX_HOOK_IMG_NEXT_OFFSET 0xd82370
#define WX_SELF_ID_OFFSET 0x2C42A38
#define BUFSIZE 1024
#define JPEG0 0xFF

View File

@ -10,8 +10,8 @@
using namespace nlohmann;
using namespace std;
#define WX_RECV_MSG_HOOK_OFFSET 0xb94796
#define WX_RECV_MSG_HOOK_NEXT_OFFSET 0x6fe2c0
#define WX_RECV_MSG_HOOK_OFFSET 0xb97126
#define WX_RECV_MSG_HOOK_NEXT_OFFSET 0x6fc850
// SyncMgr::addMsgListToDB
// #define WX_RECV_MSG_HOOK_OFFSET 0xB9C919

View File

@ -135,24 +135,24 @@
#define SQLITE_NULL 5
#define SQLITE_TEXT 3
#define SQLITE3_EXEC_OFFSET 0x1b623b0
#define SQLITE3_BACKUP_INIT_OFFSET 0x1b27d50
#define SQLITE3_PREPARE_OFFSET 0x1b68d00
#define SQLITE3_OPEN_OFFSET 0x1b96cf0
#define SQLITE3_BACKUP_STEP_OFFSET 0x1b28150
#define SQLITE3_BACKUP_REMAINING_OFFSET 0x1b28890
#define SQLITE3_BACKUP_PAGECOUNT_OFFSET 0x1b288a0
#define SQLITE3_BACKUP_FINISH_OFFSET 0x1b28790
#define SQLITE3_SLEEP_OFFSET 0x1b97530
#define SQLITE3_ERRCODE_OFFSET 0x1b95990
#define SQLITE3_CLOSE_OFFSET 0x1b94110
#define SQLITE3_STEP_OFFSET 0x1b30bc0
#define SQLITE3_COLUMN_COUNT_OFFSET 0x1b310d0
#define SQLITE3_COLUMN_NAME_OFFSET 0x1b319c0
#define SQLITE3_COLUMN_TYPE_OFFSET 0x1b31860
#define SQLITE3_COLUMN_BLOB_OFFSET 0x1b31110
#define SQLITE3_COLUMN_BYTES_OFFSET 0x1b311f0
#define SQLITE3_FINALIZE_OFFSET 0x1b2fb90
#define SQLITE3_EXEC_OFFSET 0x1ba9de0
#define SQLITE3_BACKUP_INIT_OFFSET 0x1b6f760
#define SQLITE3_PREPARE_OFFSET 0x1bb0730
#define SQLITE3_OPEN_OFFSET 0x1bde730
#define SQLITE3_BACKUP_STEP_OFFSET 0x1b6fb60
#define SQLITE3_BACKUP_REMAINING_OFFSET 0x1b702a0
#define SQLITE3_BACKUP_PAGECOUNT_OFFSET 0x1b702b0
#define SQLITE3_BACKUP_FINISH_OFFSET 0x1b701a0
#define SQLITE3_SLEEP_OFFSET 0x1bdef70
#define SQLITE3_ERRCODE_OFFSET 0x1bdd3d0
#define SQLITE3_CLOSE_OFFSET 0x1bdbb20
#define SQLITE3_STEP_OFFSET 0x1b785d0
#define SQLITE3_COLUMN_COUNT_OFFSET 0x1b78ae0
#define SQLITE3_COLUMN_NAME_OFFSET 0x1b793d0
#define SQLITE3_COLUMN_TYPE_OFFSET 0x1b79270
#define SQLITE3_COLUMN_BLOB_OFFSET 0x1b78b20
#define SQLITE3_COLUMN_BYTES_OFFSET 0x1b78c00
#define SQLITE3_FINALIZE_OFFSET 0x1b775a0
typedef int (*Sqlite3_callback)(void*, int, char**, char**);

View File

@ -5,19 +5,19 @@
#include "wechat_data.h"
#define WX_SELF_NAME_OFFSET 0x2bee198
#define WX_SELF_MOBILE_OFFSET 0x2BEE108
#define WX_SELF_CITY_OFFSET 0x2BEE168
#define WX_SELF_PROVINCE_OFFSET 0x2BEE150
#define WX_SELF_COUNTRY_OFFSET 0x2BEE138
#define WX_SELF_ACCOUNT_OFFSET 0x2BEE0F0
#define WX_SELF_ID_OFFSET 0x2BEE08C
#define WX_SELF_SMALL_IMG_OFFSET 0x2BEE34C
#define WX_SELF_BIG_IMG_OFFSET 0x2BEE364
#define WX_LOGIN_STATUS_OFFSET 0x2BEE4C0
#define WX_APP_DATA_ROOT_PATH_OFFSET 0x2c2f478
#define WX_APP_DATA_SAVE_PATH_OFFSET 0x2C10D04
#define WX_CURRENT_DATA_PATH_OFFSET 0x2C0EC38
#define WX_SELF_NAME_OFFSET 0x2C426E8
#define WX_SELF_MOBILE_OFFSET 0x2C42658
#define WX_SELF_CITY_OFFSET 0x2C426B8
#define WX_SELF_PROVINCE_OFFSET 0x2C426A0
#define WX_SELF_COUNTRY_OFFSET 0x2C42688
#define WX_SELF_ACCOUNT_OFFSET 0x2C42640
#define WX_SELF_ID_OFFSET 0x2C42A38
#define WX_SELF_SMALL_IMG_OFFSET 0x2C4289C
#define WX_SELF_BIG_IMG_OFFSET 0x2C428B4
#define WX_LOGIN_STATUS_OFFSET 0x2c42a10
#define WX_APP_DATA_ROOT_PATH_OFFSET 0x2c84ae0
#define WX_APP_DATA_SAVE_PATH_OFFSET 0x2c65728
#define WX_CURRENT_DATA_PATH_OFFSET 0x2c636fc

View File

@ -3,10 +3,10 @@
#include "common.h"
#include "wechat_data.h"
#define WX_APP_MSG_MGR_OFFSET 0x665f60
#define WX_SEND_FILE_OFFSET 0xa0ce20
#define WX_INIT_CHAT_MSG_OFFSET 0xdbcc40
#define WX_FREE_CHAT_MSG_OFFSET 0x651c40
#define WX_APP_MSG_MGR_OFFSET 0x65df50
#define WX_SEND_FILE_OFFSET 0xa10190
#define WX_INIT_CHAT_MSG_OFFSET 0xdbf380
#define WX_FREE_CHAT_MSG_OFFSET 0x649ac0
int SendFile(wchar_t *wxid, wchar_t *file_path){
int success = 0;

View File

@ -3,10 +3,10 @@
#include "common.h"
#include "wechat_data.h"
#define WX_SEND_IMAGE_OFFSET 0xb68b90
#define WX_SEND_MESSAGE_MGR_OFFSET 0x663320
#define WX_INIT_CHAT_MSG_OFFSET 0xdbcc40
#define WX_FREE_CHAT_MSG_OFFSET 0x651c40
#define WX_SEND_IMAGE_OFFSET 0xb6a3f0
#define WX_SEND_MESSAGE_MGR_OFFSET 0x65b2a0
#define WX_INIT_CHAT_MSG_OFFSET 0xdbf380
#define WX_FREE_CHAT_MSG_OFFSET 0x649ac0
int SendImage(wchar_t *wxid, wchar_t *image_path){

View File

@ -5,11 +5,11 @@
#include "common.h"
#include "wechat_data.h"
#define WX_SEND_TEXT_OFFSET 0xb690a0
#define WX_SEND_TEXT_OFFSET 0xb6a930
#define WX_SEND_MESSAGE_MGR_OFFSET 0x663320
#define WX_SEND_MESSAGE_MGR_OFFSET 0x65b2a0
#define WX_FREE_CHAT_MSG_OFFSET 0x651c40
#define WX_FREE_CHAT_MSG_OFFSET 0x649ac0
/// @brief 发生文本消息
/// @param wxid wxid
/// @param msg 文本消息