From 53cf738e32fb31cbd997d7f5b877a9d1b72606e8 Mon Sep 17 00:00:00 2001 From: Changhua Date: Sat, 20 Aug 2022 17:39:21 +0800 Subject: [PATCH] Fix At member for text message sending --- App/App.cpp | 4 +- Rpc/rpc.idl | 4 +- SDK/rpc_client.cpp | 6 +-- SDK/rpc_client.h | 2 +- SDK/sdk.cpp | 12 ++--- SDK/sdk.h | 4 +- Spy/rpc_server.cpp | 16 +++--- Spy/send_msg.cpp | 120 +++++++++++++++++++++++++++++---------------- Spy/send_msg.h | 4 +- 9 files changed, 104 insertions(+), 68 deletions(-) diff --git a/App/App.cpp b/App/App.cpp index cc815aa..d301240 100644 --- a/App/App.cpp +++ b/App/App.cpp @@ -68,7 +68,7 @@ int main() for (auto it = WxMsgTypes.begin(); it != WxMsgTypes.end(); ++it) { wprintf(L"%d: %s\n", it->first, it->second.c_str()); } - Sleep(1000); // 等待1秒 + Sleep(1000); // 等待1秒 wprintf(L"Message: 接收通知中......\n"); WxEnableRecvMsg(onTextMsg); @@ -76,7 +76,7 @@ int main() // 测试发送消息 wprintf(L"测试发送消息\n"); - WxSendTextMsg(wxid, at_wxid, content); + WxSendTextMsg(wxid, content, at_wxid); Sleep(1000); // 等待1秒 // 测试发送照片 diff --git a/Rpc/rpc.idl b/Rpc/rpc.idl index 8c07bb4..99f8f5a 100644 --- a/Rpc/rpc.idl +++ b/Rpc/rpc.idl @@ -47,8 +47,8 @@ interface ISpy typedef RpcTables_t **PPRpcTables; int IsLogin(); - int SendTextMsg([ in, string ] const wchar_t *wxid, [ in, string ] const wchar_t *at_wxid, - [ in, string ] const wchar_t *msg); + int SendTextMsg([ in, string ] const wchar_t *wxid, [ in, string ] const wchar_t *msg, + [ in, unique, string ] const wchar_t *atWxids); int SendImageMsg([ in, string ] const wchar_t *wxid, [ in, string ] const wchar_t *path); int GetMsgTypes([out] int *pNum, [ out, size_is(, *pNum) ] PPRpcIntBstrPair *msgTypes); int GetContacts([out] int *pNum, [ out, size_is(, *pNum) ] PPRpcContact *contacts); diff --git a/SDK/rpc_client.cpp b/SDK/rpc_client.cpp index 2737df8..bf48835 100644 --- a/SDK/rpc_client.cpp +++ b/SDK/rpc_client.cpp @@ -66,7 +66,7 @@ int RpcDisableReceiveMsg() // UnHook Message receiving client_DisableReceiveMsg(); } - RpcExcept(1) + RpcExcept(1) { ulCode = RpcExceptionCode(); printf("RpcDisableReceiveMsg exception 0x%lx = %ld\n", ulCode, ulCode); @@ -96,12 +96,12 @@ int RpcIsLogin() return loginFlag; } -int RpcSendTextMsg(const wchar_t *wxid, const wchar_t *at_wxid, const wchar_t *msg) +int RpcSendTextMsg(const wchar_t *wxid, const wchar_t *msg, const wchar_t *atWxids) { int ret = 0; unsigned long ulCode = 0; - RpcTryExcept { ret = client_SendTextMsg(wxid, at_wxid, msg); } + RpcTryExcept { ret = client_SendTextMsg(wxid, msg, atWxids); } RpcExcept(1) { ulCode = RpcExceptionCode(); diff --git a/SDK/rpc_client.h b/SDK/rpc_client.h index 4d41ed0..002cb9f 100644 --- a/SDK/rpc_client.h +++ b/SDK/rpc_client.h @@ -8,7 +8,7 @@ RPC_STATUS RpcDisconnectServer(); int RpcEnableReceiveMsg(); int RpcDisableReceiveMsg(); int RpcIsLogin(); -int RpcSendTextMsg(const wchar_t *wxid, const wchar_t *at_wxid, const wchar_t *msg); +int RpcSendTextMsg(const wchar_t *wxid, const wchar_t *msg, const wchar_t *atWxids); int RpcSendImageMsg(const wchar_t *wxid, const wchar_t *path); PPRpcIntBstrPair RpcGetMsgTypes(int *pNum); PPRpcContact RpcGetContacts(int *pNum); diff --git a/SDK/sdk.cpp b/SDK/sdk.cpp index 9e99d5c..10ae259 100644 --- a/SDK/sdk.cpp +++ b/SDK/sdk.cpp @@ -51,8 +51,7 @@ int WxInitSDK() status = RpcIsLogin(); if (status == -1) { return status; - } - else if (status == 1) { + } else if (status == 1) { break; } Sleep(1000); @@ -66,8 +65,8 @@ int WxDestroySDK() WxDisableRecvMsg(); RpcDisconnectServer(); // 关闭 RPC,但不卸载 DLL,方便下次使用。 - //EjectDll(WeChatPID, SpyDllPath); - + // EjectDll(WeChatPID, SpyDllPath); + return ERROR_SUCCESS; } @@ -76,6 +75,7 @@ int WxEnableRecvMsg(const std::function &onMsg) if (onMsg) { HANDLE msgThread; g_cbReceiveTextMsg = onMsg; + msgThread = (HANDLE)CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)RpcEnableReceiveMsg, NULL, 0, NULL); if (msgThread == NULL) { printf("Failed to create innerWxRecvTextMsg.\n"); @@ -96,9 +96,9 @@ int WxDisableRecvMsg() return -1; } -int WxSendTextMsg(wstring wxid, wstring at_wxid, wstring msg) +int WxSendTextMsg(wstring wxid, wstring msg, wstring atWxids) { - return RpcSendTextMsg(wxid.c_str(), at_wxid.c_str(), msg.c_str()); + return RpcSendTextMsg(wxid.c_str(), msg.c_str(), atWxids.c_str()); } int WxSendImageMsg(wstring wxid, wstring path) { return RpcSendImageMsg(wxid.c_str(), path.c_str()); } diff --git a/SDK/sdk.h b/SDK/sdk.h index f8274d6..f73b430 100644 --- a/SDK/sdk.h +++ b/SDK/sdk.h @@ -37,11 +37,11 @@ typedef map MsgTypesMap_t; typedef map ContactMap_t; typedef vector DbTableVector_t; -int WxInitSDK(); +int WxInitSDK(); int WxDestroySDK(); int WxEnableRecvMsg(const std::function &onMsg); int WxDisableRecvMsg(); -int WxSendTextMsg(wstring wxid, wstring at_wxid, wstring msg); +int WxSendTextMsg(wstring wxid, wstring msg, wstring vAtWxids); int WxSendImageMsg(wstring wxid, wstring path); ContactMap_t WxGetContacts(); MsgTypesMap_t WxGetMsgTypes(); diff --git a/Spy/rpc_server.cpp b/Spy/rpc_server.cpp index 063b6d5..fd773cf 100644 --- a/Spy/rpc_server.cpp +++ b/Spy/rpc_server.cpp @@ -56,9 +56,9 @@ void server_DisableReceiveMsg() listenMsgFlag = false; } -int server_SendTextMsg(const wchar_t *wxid, const wchar_t *at_wxid, const wchar_t *msg) +int server_SendTextMsg(const wchar_t *wxid, const wchar_t *msg, const wchar_t *atWxids) { - SendTextMessage(wxid, at_wxid, msg); + SendTextMessage(wxid, msg, atWxids); return 0; } @@ -163,11 +163,11 @@ int server_GetDbTables(const wchar_t *db, int *pNum, PPRpcTables *tbls) int index = 0; for (auto it = tables.begin(); it != tables.end(); it++) { - PRpcTables p = (PRpcTables)midl_user_allocate(sizeof(RpcTables_t)); + PRpcTables p = (PRpcTables)midl_user_allocate(sizeof(RpcTables_t)); if (p == NULL) { printf("server_GetDbTables midl_user_allocate Failed for p\n"); return -3; - } + } p->table = it->table; p->sql = it->sql; @@ -217,13 +217,13 @@ int RpcStartServer() int RpcStopServer() { - RPC_STATUS status; + RPC_STATUS status; - UnListenMessage(); + UnListenMessage(); - listenMsgFlag = false; + listenMsgFlag = false; g_rpcKeepAlive = false; - status = RpcMgmtStopServerListening(NULL); + status = RpcMgmtStopServerListening(NULL); if (status) return status; diff --git a/Spy/send_msg.cpp b/Spy/send_msg.cpp index df05c4a..8825cc2 100644 --- a/Spy/send_msg.cpp +++ b/Spy/send_msg.cpp @@ -1,5 +1,7 @@ -#include "framework.h" +#include "framework.h" +#include #include +#include #include "spy_types.h" @@ -10,41 +12,75 @@ extern DWORD g_WeChatWinDllAddr; using namespace std; -void SendTextMessage(const wchar_t *wxid, const wchar_t *at_wxid, const wchar_t *msg) -{ - if (g_WeChatWinDllAddr == 0) { - return; - } - char buffer[0x5F0] = { 0 }; - TextStruct_t txtWxid = { 0 }; - TextStruct_t txtAtWxid = { 0 }; - TextStruct_t txtMsg = { 0 }; +typedef struct AtList { + DWORD start; + DWORD end1; + DWORD end2; +} AtList_t; - wstring wsWxid = wxid; - wstring wsAtWxid = at_wxid; - wstring wsMsg = msg; +void SendTextMessage(const wchar_t *wxid, const wchar_t *msg, const wchar_t *atWxids) +{ + char buffer[0x3B0] = { 0 }; + AtList_t atList = { 0 }; + TextStruct_t txtMsg = { 0 }; + TextStruct_t txtWxid = { 0 }; + TextStruct_t *tsArray = NULL; + + wstring wsMsg = msg; + wstring wsWxid = wxid; // 发送消息Call地址 = 微信基址 + 偏移 DWORD sendCallAddress = g_WeChatWinDllAddr + g_WxCalls.sendTextMsg; - txtWxid.text = (wchar_t *)wsWxid.c_str(); - txtWxid.size = wsWxid.size(); - txtWxid.capacity = wsWxid.capacity(); - txtMsg.text = (wchar_t *)wsMsg.c_str(); txtMsg.size = wsMsg.size(); txtMsg.capacity = wsMsg.capacity(); - __asm { - lea edx, txtWxid - lea edi, txtAtWxid - lea ebx, txtMsg - push 0x01 - push edi - push ebx + txtWxid.text = (wchar_t *)wsWxid.c_str(); + txtWxid.size = wsWxid.size(); + txtWxid.capacity = wsWxid.capacity(); + + wstring tmp = atWxids; + if (!tmp.empty()) { + int i = 0; + wstring wstr; + vector vAtWxids; + wstringstream wss(tmp); + while (wss.good()) { + getline(wss, wstr, L','); + vAtWxids.push_back(wstr); + } + tsArray = new TextStruct_t[vAtWxids.size() + 1]; + // memset(tsArray, 0, (vAtWxids.size() + 1) * sizeof(TextStruct_t)); + for (auto it = vAtWxids.begin(); it != vAtWxids.end(); it++) { + tsArray[i].text = (wchar_t *)it->c_str(); + tsArray[i].size = it->size(); + tsArray[i].capacity = it->capacity(); + i++; + } + + atList.start = (DWORD)tsArray; + atList.end1 = (DWORD)&tsArray[i]; + atList.end2 = (DWORD)&tsArray[i]; + } + + __asm + { + lea eax, atList; + push 0x01; + push eax; + lea edi, txtMsg; + push edi; + lea edx, txtWxid; lea ecx, buffer; - call sendCallAddress - add esp, 0xC + call sendCallAddress; + add esp, 0xC; + } + + if (tsArray) + { + delete[] tsArray; + tsArray = NULL; } } @@ -52,7 +88,7 @@ void SendImageMessage(const wchar_t *wxid, const wchar_t *path) { if (g_WeChatWinDllAddr == 0) { return; - } + } DWORD tmpEAX = 0; char buf1[0x48] = { 0 }; char buf2[0x3B0] = { 0 }; @@ -77,21 +113,21 @@ void SendImageMessage(const wchar_t *wxid, const wchar_t *path) __asm { pushad - call sendCall1 - sub esp, 0x14 - mov tmpEAX, eax - lea eax, buf1 - mov ecx, esp - lea edi, imgPath - push eax - call sendCall2 - mov ecx, dword ptr [tmpEAX] - lea eax, imgWxid - push edi - push eax - lea eax, buf2 - push eax - call sendCall3 + call sendCall1 + sub esp, 0x14 + mov tmpEAX, eax + lea eax, buf1 + mov ecx, esp + lea edi, imgPath + push eax + call sendCall2 + mov ecx, dword ptr[tmpEAX] + lea eax, imgWxid + push edi + push eax + lea eax, buf2 + push eax + call sendCall3 popad } } diff --git a/Spy/send_msg.h b/Spy/send_msg.h index 9853676..f68e5e6 100644 --- a/Spy/send_msg.h +++ b/Spy/send_msg.h @@ -1,4 +1,4 @@ -#pragma once +#pragma once -void SendTextMessage(const wchar_t *wxid, const wchar_t *at_wxid, const wchar_t *msg); +void SendTextMessage(const wchar_t *wxid, const wchar_t *msg, const wchar_t *atWxids); void SendImageMessage(const wchar_t *wxid, const wchar_t *path);