• WX项目说明


    项目基本架构图示

    项目工程

    该项目主要模块如下

    服务端(C# net core)

    服务端主要完成的任务:
    1、接收客户端上传的数据,处理之后入库
    2、界面管理端请求数据时,将请求数据库处理并返回

    代码示例如下:

    C++ hook注入模块

    图示

    代码示例

    /*
        hook通讯录实现
    */
    DWORD aEax = 0;
    DWORD aEcx = 0;
    DWORD aEdx = 0;
    DWORD aEbx = 0;
    DWORD aEsp = 0;
    DWORD aEbp = 0;
    DWORD aEsi = 0;
    DWORD aEdi = 0;
    void GetAddressBook(DWORD userData) {
        DWORD dwWxidAddr = userData + 0x10;            //wxid
        DWORD dwUserIDAddr = userData + 0x44;        //微信号
        //DWORD wxidV1Add = userData + 0x58;
        DWORD dwNickNameAddr = userData + 0x8C;        //昵称
        //DWORD headPicAdd = userData + 0x11C;
    
        wchar_t wxid[0x100] = { 0 };
    
        if ((LPVOID *)dwWxidAddr) {
            swprintf_s(wxid, L"%s", *((LPVOID *)dwWxidAddr));
            int nRet = std::count(wxids.begin(), wxids.end(), wxid);
            if (nRet > 0) {    //过滤wxid
                return;
            }
            else {
                wxids.push_back(wxid);
            }
        }
    
        wchar_t nick[0x200] = { 0 };
        if ((LPVOID *)dwNickNameAddr) {
            swprintf_s(nick, L"%s", *((LPVOID *)dwNickNameAddr));
        }
    
        wchar_t wxuserID[0x200] = { 0 };
        if ((LPVOID *)dwUserIDAddr) {
            swprintf_s(wxuserID, L"%s", *((LPVOID *)dwUserIDAddr));
        }
        
        
        std::wstring info;
        info.append(L"{\"NickName\":\"");
        info.append(nick);
        info.append(L"\",\"WxID\":\"");
        info.append(wxid);
        info.append(L"\",\"WxName\":\"");
        info.append(wxuserID);
        info.append(L"\",\"ReMark\":\"\",\"Pid\":\"");
        info.append(szProcessID);
        info.append(L"\"}");
    
        char szWxid[0x500] = { 0 };
        char *p = wideCharToMultiByte(info.c_str());
        strcpy_s(szWxid, p);
        delete p;
        MsgToQueue(szWxid);    //hook信息到服务端 127.0.0.1:18600
    }

    hook记录(截选)

    版本 2.9.0.123

     _QQ_jc检索的数据:

    Executable modules, 条目 11
    基址=677C0000
    大小=01945000 (26497024.)
    入口=68514616 WeChatWi.<ModuleEntryPoint>
    名称=WeChatWi
    文件版本=2.9.0.112
    路径=C:\Program Files (x86)\Tencent\WeChat\WeChatWin.dll

    关键数据

    发消息

    微信ID地址

    esp+0x58

    消息地址

    esp+0x80

    hook地址

    getWechatWin() + 0x346074

    收消息

    微信ID地址

    esi-0x1D0

    消息地址

    esi-0x1A8

    hook地址

    getWechatWin() + 0x37845F

    发消息

    0F866020    899D 18FEFFFF   mov dword ptr ss:[ebp-0x1E8],ebx

    0F866026    8945 D8         mov dword ptr ss:[ebp-0x28],eax

    0F866029    8D8D E0FDFFFF   lea ecx,dword ptr ss:[ebp-0x220]

    0F86602F    8D45 18         lea eax,dword ptr ss:[ebp+0x18]

    0F866032    50              push eax

    0F866033    E8 C8EF1300     call WeChatWi.0F9A5000

    0F866038    8B85 18FEFFFF   mov eax,dword ptr ss:[ebp-0x1E8]

    0F86603E    83F8 02         cmp eax,0x2

    0F866041    74 23           je XWeChatWi.0F866066

    0F866043    83F8 05         cmp eax,0x5

    0F866046    74 1E           je XWeChatWi.0F866066

    0F866048    83F8 06         cmp eax,0x6

    0F86604B    74 19           je XWeChatWi.0F866066

    0F86604D    83F8 07         cmp eax,0x7

    0F866050    74 14           je XWeChatWi.0F866066

    0F866052    E8 098FD2FF     call WeChatWi.0F58EF60

    0F866057    51              push ecx

    0F866058    8D85 E0FDFFFF   lea eax,dword ptr ss:[ebp-0x220]

    0F86605E    50              push eax

    0F86605F    E8 FCCEF6FF     call WeChatWi.0F7D2F60

    0F866064    EB 77           jmp XWeChatWi.0F8660DD

    0F866066    E8 F58ED2FF     call WeChatWi.0F58EF60

    0F86606B    6A 01           push 0x1

    0F86606D    8D85 E0FDFFFF   lea eax,dword ptr ss:[ebp-0x220]      

    0F866073    50              push eax

    0F866074    E8 47CEF6FF     call WeChatWi.0F7D2EC0                                ; 位置

    0F866079    EB 62           jmp XWeChatWi.0F8660DD

    0F86607B    0F1005 E0AD9010 movups xmm0,dqword ptr ds:[0x1090ADE0]

    0F866082    83EC 10         sub esp,0x10

    0F866085    8BC4            mov eax,esp

    0F866087    83EC 10         sub esp,0x10

    0F86608A    0F1100          movups dqword ptr ds:[eax],xmm0

    0F86608D    8BC4            mov eax,esp

    0F86608F    83EC 10         sub esp,0x10

    0F866092    0F1100          movups dqword ptr ds:[eax],xmm0

    0F866095    8BC4            mov eax,esp

    0F866097    83EC 10         sub esp,0x10

    0F86609A    0F1100          movups dqword ptr ds:[eax],xmm0

    0F86609D    8BC4            mov eax,esp

    0F86609F    83EC 10         sub esp,0x10

    0F8660A2    0F1100          movups dqword ptr ds:[eax],xmm0

    0F8660A5    8BC4            mov eax,esp

    0F8660A7    83EC 10         sub esp,0x10

    0F8660AA    8BCC            mov ecx,esp

    0F8660AC    FF75 0C         push dword ptr ss:[ebp+0xC]

    0F8660AF    0F1100          movups dqword ptr ds:[eax],xmm0

    0F8660B2    FF75 08         push dword ptr ss:[ebp+0x8]

    0F8660B5    E8 866CD1FF     call WeChatWi.0F57CD40

    0F8660BA    68 34949710     push WeChatWi.10979434                            ; ASCII "not found send msg msgId=%d"

    0F8660BF    68 387B9810     push WeChatWi.10987B38                                ; ASCII "SendMessageMgr"

    0F8660C4    68 447C9810     push WeChatWi.10987C44                                ; ASCII "updateMsgState"

    0F8660C9    6A 6B           push 0x6B

    0F8660CB    BA 687B9810     mov edx,WeChatWi.10987B68                     ; ASCII "02_manager\SendMessageMgr.cpp"

    0F8660D0    B9 04000000     mov ecx,0x4

    0F8660D5    E8 56161C00     call WeChatWi.0FA27730

    特征码

    push 0x1

    lea eax,dword ptr ss:[ebp-0x220]

    push eax

    Hook地址

    项目概览

    线上运行示例

  • 相关阅读:
    Linux下tar-rar-unrar解压/压缩缩命令大全
    Linux文件和目录权限详细讲解
    Mac版PhpStorm之XAMPP整合apache服务器配置
    android adb pull push
    Android刷机教程之LG Nexus 5X线刷官方Nexus系列教程
    Android RecyclerView.Adapter notifyDataSetChanged 不起作用
    Android Gradle Build Error:Some file crunching failed, see logs for details解决办法
    Mac平台与Windows平台下AndroidStudio增量升级
    Android与JS之间跨平台异步调用
    Android Studio 打包签名发布New Key Store
  • 原文地址:https://www.cnblogs.com/tinaluo/p/15636271.html
Copyright © 2020-2023  润新知