Fix At member for text message sending

App/App.cpp

@@ -68,7 +68,7 @@ int main()
     for (auto it = WxMsgTypes.begin(); it != WxMsgTypes.end(); ++it) {
         wprintf(L"%d: %s\n", it->first, it->second.c_str());
     }
-    Sleep(1000); // 等待1秒
+    Sleep(1000); // 等待1秒
 
     wprintf(L"Message: 接收通知中......\n");
     WxEnableRecvMsg(onTextMsg);
@@ -76,7 +76,7 @@ int main()
 
     // 测试发送消息
     wprintf(L"测试发送消息\n");
-    WxSendTextMsg(wxid, at_wxid, content);
+    WxSendTextMsg(wxid, content, at_wxid);
     Sleep(1000); // 等待1秒
 
     // 测试发送照片

Rpc/rpc.idl

@@ -47,8 +47,8 @@ interface ISpy
     typedef RpcTables_t **PPRpcTables;
 
     int IsLogin();
-    int SendTextMsg([ in, string ] const wchar_t *wxid, [ in, string ] const wchar_t *at_wxid,
+    int SendTextMsg([ in, string ] const wchar_t *wxid, [ in, string ] const wchar_t *msg,
-                    [ in, string ] const wchar_t *msg);
+                    [ in, unique, string ] const wchar_t *atWxids);
     int SendImageMsg([ in, string ] const wchar_t *wxid, [ in, string ] const wchar_t *path);
     int GetMsgTypes([out] int *pNum, [ out, size_is(, *pNum) ] PPRpcIntBstrPair *msgTypes);
     int GetContacts([out] int *pNum, [ out, size_is(, *pNum) ] PPRpcContact *contacts);

SDK/rpc_client.cpp

@@ -66,7 +66,7 @@ int RpcDisableReceiveMsg()
         // UnHook Message receiving
         client_DisableReceiveMsg();
     }
-        RpcExcept(1)
+    RpcExcept(1)
     {
         ulCode = RpcExceptionCode();
         printf("RpcDisableReceiveMsg exception 0x%lx = %ld\n", ulCode, ulCode);
@@ -96,12 +96,12 @@ int RpcIsLogin()
     return loginFlag;
 }
 
-int RpcSendTextMsg(const wchar_t *wxid, const wchar_t *at_wxid, const wchar_t *msg)
+int RpcSendTextMsg(const wchar_t *wxid, const wchar_t *msg, const wchar_t *atWxids)
 {
     int ret              = 0;
     unsigned long ulCode = 0;
 
-    RpcTryExcept { ret = client_SendTextMsg(wxid, at_wxid, msg); }
+    RpcTryExcept { ret = client_SendTextMsg(wxid, msg, atWxids); }
     RpcExcept(1)
     {
         ulCode = RpcExceptionCode();

SDK/rpc_client.h

@@ -8,7 +8,7 @@ RPC_STATUS RpcDisconnectServer();
 int RpcEnableReceiveMsg();
 int RpcDisableReceiveMsg();
 int RpcIsLogin();
-int RpcSendTextMsg(const wchar_t *wxid, const wchar_t *at_wxid, const wchar_t *msg);
+int RpcSendTextMsg(const wchar_t *wxid, const wchar_t *msg, const wchar_t *atWxids);
 int RpcSendImageMsg(const wchar_t *wxid, const wchar_t *path);
 PPRpcIntBstrPair RpcGetMsgTypes(int *pNum);
 PPRpcContact RpcGetContacts(int *pNum);

SDK/sdk.cpp

@@ -51,8 +51,7 @@ int WxInitSDK()
         status = RpcIsLogin();
         if (status == -1) {
             return status;
-        }
+        } else if (status == 1) {
-        else if (status == 1) {
             break;
         }
         Sleep(1000);
@@ -66,8 +65,8 @@ int WxDestroySDK()
     WxDisableRecvMsg();
     RpcDisconnectServer();
     // 关闭 RPC，但不卸载 DLL，方便下次使用。
-    //EjectDll(WeChatPID, SpyDllPath);
+    // EjectDll(WeChatPID, SpyDllPath);
-
+
     return ERROR_SUCCESS;
 }
 
@@ -76,6 +75,7 @@ int WxEnableRecvMsg(const std::function<int(WxMessage_t)> &onMsg)
     if (onMsg) {
         HANDLE msgThread;
         g_cbReceiveTextMsg = onMsg;
+
         msgThread = (HANDLE)CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)RpcEnableReceiveMsg, NULL, 0, NULL);
         if (msgThread == NULL) {
             printf("Failed to create innerWxRecvTextMsg.\n");
@@ -96,9 +96,9 @@ int WxDisableRecvMsg()
     return -1;
 }
 
-int WxSendTextMsg(wstring wxid, wstring at_wxid, wstring msg)
+int WxSendTextMsg(wstring wxid, wstring msg, wstring atWxids)
 {
-    return RpcSendTextMsg(wxid.c_str(), at_wxid.c_str(), msg.c_str());
+    return RpcSendTextMsg(wxid.c_str(), msg.c_str(), atWxids.c_str());
 }
 
 int WxSendImageMsg(wstring wxid, wstring path) { return RpcSendImageMsg(wxid.c_str(), path.c_str()); }

SDK/sdk.h

@@ -37,11 +37,11 @@ typedef map<int, wstring> MsgTypesMap_t;
 typedef map<wstring, WxContact_t> ContactMap_t;
 typedef vector<WxDbTable_t> DbTableVector_t;
 
-int WxInitSDK();
+int WxInitSDK();
 int WxDestroySDK();
 int WxEnableRecvMsg(const std::function<int(WxMessage_t)> &onMsg);
 int WxDisableRecvMsg();
-int WxSendTextMsg(wstring wxid, wstring at_wxid, wstring msg);
+int WxSendTextMsg(wstring wxid, wstring msg, wstring vAtWxids);
 int WxSendImageMsg(wstring wxid, wstring path);
 ContactMap_t WxGetContacts();
 MsgTypesMap_t WxGetMsgTypes();

Spy/rpc_server.cpp

@@ -56,9 +56,9 @@ void server_DisableReceiveMsg()
     listenMsgFlag = false;
 }
 
-int server_SendTextMsg(const wchar_t *wxid, const wchar_t *at_wxid, const wchar_t *msg)
+int server_SendTextMsg(const wchar_t *wxid, const wchar_t *msg, const wchar_t *atWxids)
 {
-    SendTextMessage(wxid, at_wxid, msg);
+    SendTextMessage(wxid, msg, atWxids);
 
     return 0;
 }
@@ -163,11 +163,11 @@ int server_GetDbTables(const wchar_t *db, int *pNum, PPRpcTables *tbls)
 
     int index = 0;
     for (auto it = tables.begin(); it != tables.end(); it++) {
-        PRpcTables p = (PRpcTables)midl_user_allocate(sizeof(RpcTables_t));
+        PRpcTables p = (PRpcTables)midl_user_allocate(sizeof(RpcTables_t));
         if (p == NULL) {
             printf("server_GetDbTables midl_user_allocate Failed for p\n");
             return -3;
-        }
+        }
 
         p->table    = it->table;
         p->sql      = it->sql;
@@ -217,13 +217,13 @@ int RpcStartServer()
 
 int RpcStopServer()
 {
-    RPC_STATUS status;
+    RPC_STATUS status;
 
-    UnListenMessage();
+    UnListenMessage();
 
-    listenMsgFlag = false;
+    listenMsgFlag  = false;
     g_rpcKeepAlive = false;
-    status        = RpcMgmtStopServerListening(NULL);
+    status         = RpcMgmtStopServerListening(NULL);
     if (status)
         return status;
 

Spy/send_msg.cpp

@@ -1,5 +1,7 @@
-#include "framework.h"
+#include "framework.h"
+#include <sstream>
 #include <string>
+#include <vector>
 
 #include "spy_types.h"
 
@@ -10,41 +12,75 @@ extern DWORD g_WeChatWinDllAddr;
 
 using namespace std;
 
-void SendTextMessage(const wchar_t *wxid, const wchar_t *at_wxid, const wchar_t *msg)
+typedef struct AtList {
-{
+    DWORD start;
-    if (g_WeChatWinDllAddr == 0) {
+    DWORD end1;
-        return;
+    DWORD end2;
-    }
+} AtList_t;
-    char buffer[0x5F0]     = { 0 };
-    TextStruct_t txtWxid   = { 0 };
-    TextStruct_t txtAtWxid = { 0 };
-    TextStruct_t txtMsg    = { 0 };
 
-    wstring wsWxid   = wxid;
+void SendTextMessage(const wchar_t *wxid, const wchar_t *msg, const wchar_t *atWxids)
-    wstring wsAtWxid = at_wxid;
+{
-    wstring wsMsg    = msg;
+    char buffer[0x3B0]    = { 0 };
+    AtList_t atList       = { 0 };
+    TextStruct_t txtMsg   = { 0 };
+    TextStruct_t txtWxid  = { 0 };
+    TextStruct_t *tsArray = NULL;
+
+    wstring wsMsg  = msg;
+    wstring wsWxid = wxid;
 
     // 发送消息Call地址 = 微信基址 + 偏移
     DWORD sendCallAddress = g_WeChatWinDllAddr + g_WxCalls.sendTextMsg;
 
-    txtWxid.text     = (wchar_t *)wsWxid.c_str();
-    txtWxid.size     = wsWxid.size();
-    txtWxid.capacity = wsWxid.capacity();
-
     txtMsg.text     = (wchar_t *)wsMsg.c_str();
     txtMsg.size     = wsMsg.size();
     txtMsg.capacity = wsMsg.capacity();
 
-    __asm {
+    txtWxid.text     = (wchar_t *)wsWxid.c_str();
-        lea edx, txtWxid
+    txtWxid.size     = wsWxid.size();
-        lea edi, txtAtWxid
+    txtWxid.capacity = wsWxid.capacity();
-        lea ebx, txtMsg
+
-        push 0x01
+    wstring tmp = atWxids;
-        push edi
+    if (!tmp.empty()) {
-        push ebx
+        int i = 0;
+        wstring wstr;
+        vector<wstring> vAtWxids;
+        wstringstream wss(tmp);
+        while (wss.good()) {
+            getline(wss, wstr, L',');
+            vAtWxids.push_back(wstr);
+        }
+        tsArray = new TextStruct_t[vAtWxids.size() + 1];
+        // memset(tsArray, 0, (vAtWxids.size() + 1) * sizeof(TextStruct_t));
+        for (auto it = vAtWxids.begin(); it != vAtWxids.end(); it++) {
+            tsArray[i].text     = (wchar_t *)it->c_str();
+            tsArray[i].size     = it->size();
+            tsArray[i].capacity = it->capacity();
+            i++;
+        }
+
+        atList.start = (DWORD)tsArray;
+        atList.end1  = (DWORD)&tsArray[i];
+        atList.end2  = (DWORD)&tsArray[i];
+    }
+
+    __asm
+    {
+        lea eax, atList;
+        push 0x01;
+        push eax;
+        lea edi, txtMsg;
+        push edi;
+        lea edx, txtWxid;
         lea ecx, buffer;
-        call sendCallAddress
+        call sendCallAddress;
-            add esp, 0xC
+        add esp, 0xC;
+    }
+
+    if (tsArray)
+    {
+        delete[] tsArray;
+        tsArray = NULL;
     }
 }
 
@@ -52,7 +88,7 @@ void SendImageMessage(const wchar_t *wxid, const wchar_t *path)
 {
     if (g_WeChatWinDllAddr == 0) {
         return;
-    }
+    }
     DWORD tmpEAX         = 0;
     char buf1[0x48]      = { 0 };
     char buf2[0x3B0]     = { 0 };
@@ -77,21 +113,21 @@ void SendImageMessage(const wchar_t *wxid, const wchar_t *path)
 
     __asm {
         pushad
-        call sendCall1
+        call sendCall1
-        sub esp, 0x14
+        sub esp, 0x14
-        mov tmpEAX, eax
+        mov tmpEAX, eax
-        lea eax, buf1
+        lea eax, buf1
-        mov ecx, esp
+        mov ecx, esp
-        lea edi, imgPath
+        lea edi, imgPath
-        push eax
+        push eax
-        call sendCall2
+        call sendCall2
-        mov ecx, dword ptr [tmpEAX]
+        mov ecx, dword ptr[tmpEAX]
-        lea eax, imgWxid
+        lea eax, imgWxid
-        push edi
+        push edi
-        push eax
+        push eax
-        lea eax, buf2
+        lea eax, buf2
-        push eax
+        push eax
-        call sendCall3
+        call sendCall3
         popad
     }
 }

Spy/send_msg.h

@@ -1,4 +1,4 @@
-#pragma once
+#pragma once
 
-void SendTextMessage(const wchar_t *wxid, const wchar_t *at_wxid, const wchar_t *msg);
+void SendTextMessage(const wchar_t *wxid, const wchar_t *msg, const wchar_t *atWxids);
 void SendImageMessage(const wchar_t *wxid, const wchar_t *path);