微信3.1.0.41逆向-微信3.1.0.41HOOK接口(WeChatHelper3.1.0.41.dll)-VC++调用实例方法(win32)
WeChatHelper3.1.0.41.dll接口适用所有语言,今天我来讲一下用VC++(win32)来做个实例调用。
第一步:添加rapidjson类库
VC++用到的JSON库为:rapidjson,rapidjson头文件经在项目目录中了,我们把它包含到项目中:
第二步:创建HTTP类
VC++用wininet进行HTTP通信,
HttpHelper.h
#pragma once
#include <iostream>
#include <windows.h>
#include <wininet.h>
using namespace std;
//每次读取的字节数
#define READ_BUFFER_SIZE 4096
enum HttpInterfaceError
{
Hir_Success = 0, //成功
Hir_InitErr, //初始化失败
Hir_ConnectErr, //连接HTTP服务器失败
Hir_SendErr, //发送请求失败
Hir_QueryErr, //查询HTTP请求头失败
Hir_404, //页面不存在
Hir_IllegalUrl, //无效的URL
Hir_CreateFileErr, //创建文件失败
Hir_DownloadErr, //下载失败
Hir_QueryIPErr, //获取域名对应的地址失败
Hir_SocketErr, //套接字错误
Hir_UserCancel, //用户取消下载
Hir_BufferErr, //文件太大,缓冲区不足
Hir_HeaderErr, //HTTP请求头错误
Hir_ParamErr, //参数错误,空指针,空字符
Hir_UnknowErr,
};
enum HttpRequest
{
Hr_Get,
Hr_Post
};
class HttpHelper
{
public:
HttpHelper(void);
~HttpHelper(void);
public:
// 通过HTTP请求:Get或Post方式获取JSON信息
const std::string RequestData(const std::string& strUrl,
HttpRequest type = Hr_Get,
std::string lpHeader = "",
std::string lpPostData = "");
protected:
// 关闭句柄
void Release();
// 释放句柄
void ReleaseHandle(HINTERNET& hInternet);
// 解析URL地址
void ParseURLWeb(std::string strUrl, std::string& strHostName, std::string& strPageName, WORD& sPort);
private:
HINTERNET m_hSession;
HINTERNET m_hConnect;
HINTERNET m_hRequest;
HttpInterfaceError m_error;
};
HttpHelper.cpp
#include "HttpHelper.h"
#include <fstream>
#pragma comment(lib, "Wininet.lib")
#include <tchar.h>
HttpHelper::HttpHelper(void) :m_hSession(NULL), m_hConnect(NULL), m_hRequest(NULL)
{
}
HttpHelper::~HttpHelper(void)
{
Release();
}
// 通过HTTP请求:Get或Post方式获取JSON信息
const std::string HttpHelper::RequestData(const std::string& lpUrl,
HttpRequest type,
std::string strHeader,
std::string strPostData)
{
std::string strRet = "";
try
{
if (lpUrl.empty())
{
throw Hir_ParamErr;
}
Release();
m_hSession = InternetOpen(_T("Http-connect"), INTERNET_OPEN_TYPE_PRECONFIG, NULL, NULL, NULL); //局部
if (NULL == m_hSession)
{
throw Hir_InitErr;
}
INTERNET_PORT port = INTERNET_DEFAULT_HTTP_PORT;
std::string strHostName = "";
std::string strPageName = "";
ParseURLWeb(lpUrl, strHostName, strPageName, port);
printf("lpUrl:%s,\nstrHostName:%s,\nstrPageName:%s,\nport:%d\n", lpUrl.c_str(), strHostName.c_str(), strPageName.c_str(), (int)port);
m_hConnect = InternetConnectA(m_hSession, strHostName.c_str(), port, NULL, NULL, INTERNET_SERVICE_HTTP, NULL, NULL);
if (NULL == m_hConnect)
{
throw Hir_ConnectErr;
}
std::string strRequestType;
if (Hr_Get == type)
{
strRequestType = "GET";
}
else
{
strRequestType = "POST";
}
m_hRequest = HttpOpenRequestA(m_hConnect, strRequestType.c_str(), strPageName.c_str(), "HTTP/1.1", NULL, NULL, INTERNET_FLAG_RELOAD, NULL);
if (NULL == m_hRequest)
{
throw Hir_InitErr;
}
DWORD dwHeaderSize = (strHeader.empty()) ? 0 : strlen(strHeader.c_str());
BOOL bRet = FALSE;
if (Hr_Get == type)
{
bRet = HttpSendRequestA(m_hRequest, strHeader.c_str(), dwHeaderSize, NULL, 0);
}
else
{
DWORD dwSize = (strPostData.empty()) ? 0 : strlen(strPostData.c_str());
bRet = HttpSendRequestA(m_hRequest, strHeader.c_str(), dwHeaderSize, (LPVOID)strPostData.c_str(), dwSize);
}
if (!bRet)
{
throw Hir_SendErr;
}
char szBuffer[READ_BUFFER_SIZE + 1] = { 0 };
DWORD dwReadSize = READ_BUFFER_SIZE;
if (!HttpQueryInfoA(m_hRequest, HTTP_QUERY_RAW_HEADERS, szBuffer, &dwReadSize, NULL))
{
throw Hir_QueryErr;
}
if (NULL != strstr(szBuffer, "404"))
{
throw Hir_404;
}
while (true)
{
bRet = InternetReadFile(m_hRequest, szBuffer, READ_BUFFER_SIZE, &dwReadSize);
if (!bRet || (0 == dwReadSize))
{
break;
}
szBuffer[dwReadSize] = '\0';
strRet.append(szBuffer);
}
}
catch (HttpInterfaceError error)
{
m_error = error;
}
return std::move(strRet);
}
// 解析URL地址 [3/14/2017/shike]
void HttpHelper::ParseURLWeb(std::string strUrl, std::string& strHostName, std::string& strPageName, WORD& sPort)
{
sPort = 80;
string strTemp(strUrl);
std::size_t nPos = strTemp.find("http://");
if (nPos != std::string::npos)
{
strTemp = strTemp.substr(nPos + 7, strTemp.size() - nPos - 7);
}
nPos = strTemp.find('/');
if (nPos == std::string::npos) //没有找到
{
strHostName = strTemp;
}
else
{
strHostName = strTemp.substr(0, nPos);
}
std::size_t nPos1 = strHostName.find(':');
if (nPos1 != std::string::npos)
{
std::string strPort = strTemp.substr(nPos1 + 1, strHostName.size() - nPos1 - 1);
strHostName = strHostName.substr(0, nPos1);
sPort = (WORD)atoi(strPort.c_str());
}
if (nPos == std::string::npos)
{
return;
}
strPageName = strTemp.substr(nPos, strTemp.size() - nPos);
}
// 关闭句柄
void HttpHelper::Release()
{
ReleaseHandle(m_hRequest);
ReleaseHandle(m_hConnect);
ReleaseHandle(m_hSession);
}
// 释放句柄
void HttpHelper::ReleaseHandle(HINTERNET& hInternet)
{
if (hInternet)
{
InternetCloseHandle(hInternet);
hInternet = NULL;
}
}
第三步:解析JSON
和其它语言一样,我就用获取即时聊天数据为实例:
聊天记录对象是根据聊天记录数据和类型创建的,我们来看一下聊天记录的JSON数据结构:
{
"cmdid": 7,
"maxid": 5,
"count": 75,
"status": "ok",
"qq": "2376140244",
"data": [
{
"localId": 42,
"MsgSvrID": "2062239765205091112",
"StrTalker": "18618087204@chatroom",
"StrContent": "<?xml version=\"1.0\"?>\n<msg>\n\t<img aeskey=\"611118464e36d48e86c891c79e25b07c\" encryver=\"1\" cdnthumbaeskey=\"611118464e36d48e86c891c79e25b07c\" cdnthumburl=\"3058020100044c304a0201000204be9026a302032f5d0302045938f0b702045fefffb90425617570696d675f383038376264343062646134646465335f31363039353634303839373537020401090a020201000405004c56fb00\" cdnthumblength=\"4043\" cdnthumbheight=\"140\" cdnthumbwidth=\"56\" cdnmidheight=\"0\" cdnmidwidth=\"0\" cdnhdheight=\"0\" cdnhdwidth=\"0\" cdnmidimgurl=\"3058020100044c304a0201000204be9026a302032f5d0302045938f0b702045fefffb90425617570696d675f383038376264343062646134646465335f31363039353634303839373537020401090a020201000405004c56fb00\" length=\"24332\" md5=\"692efd877bce4ad7dc41becca0d2278d\" hevc_mid_size=\"24332\" />\n</msg>\n",
"CreateTime": 1609564091,
"IsSender": 0,
"type": 3,
"SubType": 0,
"CompressContent": "",
"BytesExtra": {
"wxid": "wxid_y7hw81zn588b12",
"thumb": "keepmoving8\\FileStorage\\Image\\Thumb\\2021-01\\e03c67108d6c39c020c48696dbd36916_t.dat",
"image": "keepmoving8\\FileStorage\\Image\\2021-01\\4953c7f182c4741eec97c9ab6bfe1eb4.dat",
"video": ""
}
},
{
"localId": 43,
"MsgSvrID": "3036343329427015238",
"StrTalker": "2656683682@chatroom",
"StrContent": "收满不收弹头40",
"CreateTime": 1609564122,
"IsSender": 0,
"type": 1,
"SubType": 0,
"CompressContent": "",
"BytesExtra": {
"wxid": "wxid_87rw855vmv4h22",
"thumb": "",
"image": "",
"video": ""
}
},
{
"localId": 44,
"MsgSvrID": "6558585969683208319",
"StrTalker": "JI282940039",
"StrContent": "要的滴滴我",
"CreateTime": 1609564128,
"IsSender": 0,
"type": 1,
"SubType": 0,
"CompressContent": "",
"BytesExtra": {
"wxid": "",
"thumb": "",
"image": "",
"video": ""
}
}
]
}
上面记录中有三种记录:
1.群图片消息,群发送的微信ID和图片的地址已显示在扩展数据中。
2.群文本消息,群发送的微信ID显示在扩展数据中。
3.普通好友文本消息,扩展数据都是空。
根据JSON数据结构,我们在创建RecordObject对象
RecordObject.h
#pragma once
#include <list>
using namespace std;
struct RecordBytesExtra
{
char wxid[0x40] = { 0 };// 群消息时发送者微信ID"
char thumb[0x200] = { 0 }; // 图片类型时缩微图路径"
char image[0x200] = { 0 };// 图片或视频类型时图片路径"
char video[0x200] = { 0 };//视频类型时MP4路径
};
struct RecordData
{
int localId = 0;//记录ID
char MsgSvrID[255] = { 0 };//消息ID
char StrTalker[0x40] = { 0 };//消息微信ID
char StrContent[0x4000] = { 0 };//内容
int CreateTime = 0;//创建时间
int IsSender = 0;//是否自己发送
int type = 0;//消息类型
int SubType = 0;//子类型
char CompressContent[0x40] = { 0 }; //这里为转账金额信息,有+与-表示:收到与转出
RecordBytesExtra BytesExtra;//扩展消息
};
class RecordObject
{
public:
RecordObject();
RecordObject(const char * jsonData);
int cmdid = 0;
int maxid = 0;//记录索引
int count = 0;//信息条数
char qq[20] = { 0 };//本人QQ
char status[20] = { 0 };//状态
list<RecordData> data;//消息主体数组
};
RecordObject.cpp
#include "RecordObject.h"
#include <stdio.h>
#include <string.h>
#include<fstream>
#include<iostream>
#include <windows.h>
#include <tchar.h>
#include "rapidjson.h"
#include "document.h"
#include "stringbuffer.h"
#include "filereadstream.h"
#include "filewritestream.h"
#include "writer.h"
using namespace rapidjson;
RecordObject::RecordObject()
{
}
RecordObject::RecordObject(const char * jsonData)
{
rapidjson::Document document;
document.Parse(jsonData);
if (document.HasParseError())
{
return;
}
rapidjson::Value::ConstMemberIterator iter = document.FindMember("cmdid");
if (iter != document.MemberEnd()) {
cmdid = iter->value.GetInt();
}
iter = document.FindMember("cmdid");
if (iter != document.MemberEnd()) {
cmdid = iter->value.GetInt();
}
iter = document.FindMember("maxid");
if (iter != document.MemberEnd()) {
maxid = iter->value.GetInt();
}
iter = document.FindMember("count");
if (iter != document.MemberEnd()) {
count = iter->value.GetInt();
}
iter = document.FindMember("qq");
if (iter != document.MemberEnd()) {
sprintf_s(qq, "%s", iter->value.GetString());
}
iter = document.FindMember("status");
if (iter != document.MemberEnd()) {
sprintf_s(status, "%s", iter->value.GetString());
}
const rapidjson::Value& dataValue = document["data"];
if (dataValue.IsArray())
{
for (rapidjson::SizeType i = 0; i < dataValue.Size(); ++i)
{
const rapidjson::Value& obj = dataValue[i];
RecordData recordData;
recordData.localId = obj["localId"].GetInt();
sprintf_s(recordData.MsgSvrID, "%s", obj["MsgSvrID"].GetString());
sprintf_s(recordData.StrTalker, "%s", obj["StrTalker"].GetString());
sprintf_s(recordData.StrContent, "%s", obj["StrContent"].GetString());
recordData.CreateTime = obj["CreateTime"].GetInt();
recordData.IsSender = obj["IsSender"].GetInt();
recordData.type = obj["type"].GetInt();
recordData.SubType = obj["SubType"].GetInt();
sprintf_s(recordData.CompressContent, "%s", obj["CompressContent"].GetString());
const rapidjson::Value& subObj = obj["BytesExtra"];
if (subObj.IsObject())
{
sprintf_s(recordData.BytesExtra.wxid, "%s", subObj["wxid"].GetString());
sprintf_s(recordData.BytesExtra.thumb, "%s", subObj["thumb"].GetString());
sprintf_s(recordData.BytesExtra.image, "%s", subObj["image"].GetString());
sprintf_s(recordData.BytesExtra.video, "%s", subObj["video"].GetString());
}
data.push_back(recordData);
}
}
}
第四步:对数据编码和解码
因为 VC++是用 Unicode字符集,而Json都是用Utf-8,所以要对它们进行相互转码
Common.h
#pragma once
#include <vector>
#include <iostream>
#include <iterator>
#include <regex>
#include <ctime>
#include <string.h>
#include <io.h>
#include <direct.h>
#include <shlobj.h>
#include <string>
#include <codecvt>
#include <locale>
#include <iostream>
using namespace std;
char* UnicodeToUtf8(wchar_t* unicode);
char* UnicodeToUtf8(const wchar_t* unicode);
wchar_t* UTF8ToUnicode(char* str);
wchar_t* UTF8ToUnicode(const char* str);
wchar_t* UTF8ToUnicode(string text);
Common.cpp
#include "common.h"
/*
//unicode תUtf8
*/
char* UnicodeToUtf8(const wchar_t* unicode)
{
int len;
len = WideCharToMultiByte(CP_UTF8, 0, unicode, -1, NULL, 0, NULL, NULL);
char* szUtf8 = (char*)malloc(len + 1);
if (szUtf8 != 0) {
memset(szUtf8, 0, len + 1);
}
WideCharToMultiByte(CP_UTF8, 0, unicode, -1, szUtf8, len, NULL, NULL);
return szUtf8;
}
char* UnicodeToUtf8(wchar_t* unicode)
{
int len;
len = WideCharToMultiByte(CP_UTF8, 0, unicode, -1, NULL, 0, NULL, NULL);
char* szUtf8 = (char*)malloc(len + 1);
if (szUtf8 != 0) {
memset(szUtf8, 0, len + 1);
}
WideCharToMultiByte(CP_UTF8, 0, unicode, -1, szUtf8, len, NULL, NULL);
return szUtf8;
}
/*
//Utf8תunicode
*/
wchar_t* UTF8ToUnicode(const char* str)
{
int textlen = 0;
wchar_t* result;
textlen = MultiByteToWideChar(CP_UTF8, 0, str, -1, NULL, 0);
result = (wchar_t*)malloc((textlen + 1) * sizeof(wchar_t));
if (result != 0)
{
memset(result, 0, (textlen + 1) * sizeof(wchar_t));
}
MultiByteToWideChar(CP_UTF8, 0, str, -1, (LPWSTR)result, textlen);
return result;
}
wchar_t* UTF8ToUnicode(char* str)
{
int textlen = 0;
wchar_t* result;
textlen = MultiByteToWideChar(CP_UTF8, 0, str, -1, NULL, 0);
result = (wchar_t*)malloc((textlen + 1) * sizeof(wchar_t));
if (result != 0)
{
memset(result, 0, (textlen + 1) * sizeof(wchar_t));
}
MultiByteToWideChar(CP_UTF8, 0, str, -1, (LPWSTR)result, textlen);
return result;
}
wchar_t* UTF8ToUnicode(string text)
{
const char * str = text.c_str();
int textlen = 0;
wchar_t* result;
textlen = MultiByteToWideChar(CP_UTF8, 0, str, -1, NULL, 0);
result = (wchar_t*)malloc((textlen + 1) * sizeof(wchar_t));
if (result != 0)
{
memset(result, 0, (textlen + 1) * sizeof(wchar_t));
}
MultiByteToWideChar(CP_UTF8, 0, str, -1, (LPWSTR)result, textlen);
return result;
}
第五步:在主程序中应用
在vc++中我们用SetTimer来定时刷新即时聊天记录
// CWechatHelper.cpp : 定义应用程序的入口点。
//
#include "framework.h"
#include "CWechatHelper.h"
#include "resource.h"
#include "common.h"
#include "HttpHelper.h"
#include "RecordObject.h"
#define MAX_LOADSTRING 100
INT_PTR CALLBACK DialogProc(HWND, UINT, WPARAM, LPARAM);
HWND hwndDlg;
int APIENTRY wWinMain(_In_ HINSTANCE hInstance,
_In_opt_ HINSTANCE hPrevInstance,
_In_ LPWSTR lpCmdLine,
_In_ int nCmdShow)
{
UNREFERENCED_PARAMETER(hPrevInstance);
UNREFERENCED_PARAMETER(lpCmdLine);
//加载窗口
DialogBox(hInstance, MAKEINTRESOURCE(IDD_DIALOG1), NULL, DialogProc);
MSG msg = {};
// 5.1获取消息
while (GetMessage(&msg, 0, 0, 0))
{
// 5.2翻译消息
TranslateMessage(&msg);
// 5.3转发到消息回调函数
DispatchMessage(&msg);
}
}
//追加文本
void AppendText(const TCHAR *newText)
{
int outLength = GetWindowTextLength(GetDlgItem(hwndDlg, IDC_EDIT_RECORD));
TCHAR * buf = new TCHAR[outLength+1];
GetDlgItemText(hwndDlg, IDC_EDIT_RECORD, buf, outLength + 1);
wstring text(buf);
text.append(newText).append(L"\r\n");
//_tcscat_s(buf, outLength + 1, newText);
SetDlgItemText(hwndDlg, IDC_EDIT_RECORD, text.c_str());
}
//回调刷新即时聊天记录
void CALLBACK TimerProc(HWND hWnd, UINT nMsg, UINT nTimerid, DWORD dwTime)
{
HttpHelper* http = new HttpHelper();
string data = http->RequestData("http://127.0.0.1/?cmdid=7");
RecordObject *recordObj = new RecordObject(data.c_str());
for (auto record : recordObj->data)
{
AppendText(UTF8ToUnicode(record.StrContent));
}
delete http;
delete recordObj;
}
//窗口消息回调
INT_PTR CALLBACK DialogProc(HWND hDlg, UINT message, WPARAM wParam, LPARAM lParam)
{
UNREFERENCED_PARAMETER(lParam);
switch (message)
{
//窗口初始化
case WM_INITDIALOG:
{
hwndDlg = hDlg;
//定时器
SetTimer(hDlg, 1, 3000, TimerProc);
SendMessage(GetDlgItem(hDlg,IDC_COMBO_TYPE), CB_ADDSTRING, 0, (LPARAM)(L"GET"));
SendMessage(GetDlgItem(hDlg, IDC_COMBO_TYPE), CB_ADDSTRING, 0, (LPARAM)(L"POST"));
SendMessage(GetDlgItem(hDlg, IDC_COMBO_TYPE), CB_SETCURSEL, 0, 0);
SetDlgItemText(hwndDlg, IDC_EDIT1, TEXT("http://127.0.0.1/"));
break;
}
case WM_COMMAND:
{
int wmId = LOWORD(wParam);
// 分析菜单选择:
switch (wmId)
{
case IDC_BUTTON_REQUEST:
{
int i = SendMessage(GetDlgItem(hDlg, IDC_COMBO_TYPE), CB_GETCURSEL,0, 0);
string data;
WCHAR wurl[500] = { 0 };
GetDlgItemText(hwndDlg, IDC_EDIT1, wurl, sizeof(wurl));
string url =UnicodeToUtf8(wurl);
WCHAR wparam[2000] = { 0 };
GetDlgItemText(hwndDlg, IDC_EDIT_PARAM, wparam, sizeof(wparam));
string param = UnicodeToUtf8(wparam);
HttpHelper* http = new HttpHelper();
if (i == 0)
{
data = http->RequestData(url);
}
else
{
data = http->RequestData(url,HttpRequest::Hr_Post,"content-type:application/json;charset:utf-8;", param);
}
SetDlgItemText(hwndDlg, IDC_EDIT_RESPOSE,UTF8ToUnicode(data));
delete http;
break;
}
case IDM_EXIT:
DestroyWindow(hDlg);
break;
default:
return DefWindowProc(hDlg, message, wParam, lParam);
}
}
break;
case WM_PAINT:
{
PAINTSTRUCT ps;
HDC hdc = BeginPaint(hDlg, &ps);
// TODO: 在此处添加使用 hdc 的任何绘图代码...
EndPaint(hDlg, &ps);
}
break;
case WM_DESTROY:
PostQuitMessage(0);
break;
}
return DefWindowProc(hDlg, message, wParam, lParam);
}
现在看看效果:
到时,vc++的调用方法结束,对其它的数据结构依照这个实例都能写出来!
源码下载地址(vs2017):http://download.csdn.net/download/keepmoving0407/14017024
也可以进**流下载:(交流群:561112477)
「其他文章」
- Flink/Blink 原理漫谈(六)容错机制(fault tolerance)详解
- 这是阿里技术专家对 SRE 和稳定性保障的理解
- html中meta标签
- Obsuite:混合云可观测性中台
- 聊聊职业规划,怀疑人生的那种!
- 程序员成长思维:把自己当做产品来发展
- Flink 有状态算子和应用Demo详解
- Hello World!--Skyline的第一篇博客
- 【Bilibili直播源】浏览器抓取真实直播源地址(纯前端JS & PHP解析源码)
- 新的侧通道攻击可以从硬件 2FA 密钥中获得加密密钥
- JavaWeb学习-案例练习-图书管理后台- 9 -分页操作
- 微信3.1.0.41逆向-微信3.1.0.41HOOK接口(WeChatHelper3.1.0.41.dll)-VC 调用实例方法(win32)
- 关于Zookeeper集群搭建节点数量为什么是2n 1个问题
- 看完这篇文章,别再说二叉树了,树根都给你拔起来了(图解 代码 详细思路)
- 微信扫码访问网站调用默认浏览器打开如何实现?
- 前端常用网站汇总
- 关于算法笔试,labuladong 说点套路
- styled-components v4测试版发布:原生支持 ref,性能提升25%
- 对RecyclerView的适配器的封装
- 【Java进阶面试系列之一】哥们,你们的系统架构中为什么要引入消息中间件?