ttttupup / wxhelper Goto Github PK

View Code? Open in Web Editor NEW

1.6K 33.0 500.0 1.53 MB

Hook WeChat / 微信逆向

License: MIT License

CMake 0.23% Python 2.90% C++ 40.52% C 46.28% Java 9.76% Assembly 0.16% Go 0.09% JavaScript 0.06%

hook reverse wechat weixin

wxhelper's Introduction

wxhelper

wechat hook 。PC端微信逆向学习。支持3.8.0.41，3.8.1.26, 3.9.0.28, 3.9.2.23,3.9.2.26版本。

免责声明:

本仓库发布的内容，仅用于学习研究，请勿用于非法用途和商业用途！如因此产生任何法律纠纷，均与作者无关！

项目说明：

本项目是逆向练习项目，可能会造成封号等后果。请自行承担风险。仅用于学习研究，请勿于非法用途。

实现原理：

逆向分析PC端微信客户端，定位相关功能关键Call，编写dll调用关键Call。然后将该dll文件注入到微信进程。
dll在注入成功时，创建了一个默认端口为19088的http服务端，然后所有的功能直接可以通过http协议调用。


                                      |----------------
--------------------------    注入    |  WeChat.exe    |
| ConsoleApplication.exe  |————————>  |----------------           --------------    访问      ---------
|                         |           | wxhelper.dll   |————————>| 启动http服务  | <----------| clent |
|--------------------------           |-----------------          --------------              --------

使用说明：

支持的版本3.8.0.41、3.8.1.26、3.9.0.28、3.9.2.23、3.9.2.26 、3.9.5.81。
源码和主要实现在相应的分支内。
src:主要的dll代码
tool：简单的注入工具，一个是控制台，一个是图形界面。
python: tcpserver.py: 简单的服务器，用以接收消息内容。decrpty.py: 微信数据库解密工具。 http_server.py：http server端。
source: 简单的命令行远程注入源码。
其他目录：热心作者提供的一些客户端。

0.首先安装对应的版本的微信，分支名称即代表的是微信对应的版本。dll的前缀都会带有微信版本。

1.使用注入工具注入wxhelper.dll,注入成功后，即可通过postman直接调用对应的接口。

2.可以使用python/clent.py进行简单测试。

特别注意：

1.hook相关的接口都需要先调用对应的hook接口，server端才会收到相应消息。

2.注意个别接口在一些版本没有实现，功能预览里没有的功能就是没有实现。

3.如果注入不成功，请先检查注入工具，或者使用其他注入工具。

4.相关功能只在win11环境下进行简单测试，其他环境无法保证。

参与项目

个人精力和水平有限，项目还有许多不足，欢迎提出 issues 或 pr。期待你的贡献。

问题讨论

个人常用的方法，请参考https://github.com/ttttupup/wxhelper/wiki
使用上的问题，可查询https://github.com/ttttupup/wxhelper/discussions
数据库解密，请参考https://github.com/ttttupup/wxhelper/wiki
个人精力有限，只维护最新版本，旧版本的bug会在新版本中修复，不维护旧版本。

编译环境

Visual Studio 2022(x86)

Visual Studio code

cmake

vcpkg

编译构建

先准备好编译环境。

以下是x86环境构建，3.9.5.81是x64环境，具体参考对应分支。

cd wxhelper  
mkdir build  
cd build  
cmake -DCMAKE_C_COMPILER=cl.exe  \
-DCMAKE_CXX_COMPILER=cl.exe \
-DCMAKE_BUILD_TYPE=Debug \
-DCMAKE_INSTALL_PREFIX=C:/other/codeSource/windows/wxhelper/out/install/x86-debug \
-DCMAKE_TOOLCHAIN_FILE:FILEPATH=C:/vcpkg/scripts/buildsystems/vcpkg.cmake \
-SC:/wxhelper \
-BC:/wxhelper/build/x86-debug\
-G Ninja

cmake --build ..

以下是在vscode中操作，vs中的操作类似。
1.安装vcpkg，cmake，vscode

2.安装相应的库，如果安装的版本不同，则根据vcpkg安装成功后提示的find_package修改CMakeLists.txt内容即可。或者自己编译。

    vcpkg  install mongoose  
    vcpkg  install nlohmann-json

3.vscode 配置CMakePresets.json,主要设置CMAKE_C_COMPILER 和CMAKE_CXX_COMPILER 为cl.exe.参考如下

 {
            "name": "x86-release",
            "displayName": "x86-release",
            "description": "Sets Ninja generator, build and install directory",
            "generator": "Ninja",
            "binaryDir": "${sourceDir}/out/build/${presetName}",
            "architecture":{
                "value": "x86",
                "strategy": "external"
            },
            "cacheVariables": {
                "CMAKE_C_COMPILER": "cl.exe",
                "CMAKE_CXX_COMPILER": "cl.exe",
                "CMAKE_BUILD_TYPE": "Release",
                "CMAKE_INSTALL_PREFIX": "${sourceDir}/out/install/${presetName}",
                "CMAKE_TOOLCHAIN_FILE": {
                    "value": "C:/soft/vcpkg/scripts/buildsystems/vcpkg.cmake",
                     "type": "FILEPATH"
                  }
            },
            "environment": {

            }
          
        }

4.执行cmake build vscode中右键configure all projects,在Terminal中点击Run Task，如没有先配置build任务，然后运行即可

5.命令行注入工具，注入命令

    //-i  注入程序名   -p 注入dll路径   
    // -u 卸载程序名   -d 卸载dll名称
    // -m pid  关闭微信互斥体，多开微信
    // -P port 指定http端口，需要使用 specify-port 分支的生成的dll
    // -I 注入程序的pid
    //注入  
    ConsoleInject.exe  -i demo.exe -p E:\testInject.dll
    //卸载 
    ConsoleInject.exe  -u demo.exe -d  testInject.dll
    //多开
    ConsoleInject.exe  -m 1222
    // 注入并指定http端口
    ConsoleInject.exe  -i demo.exe -p E:\testInject.dll  -P  18888   
    // 注入指定pid并关闭多开限制
    ConsoleInject.exe  -I 15048 -p E:\testInject.dll  -m 15048

6.如果想改变端口，可以在微信目录下创建config.ini配置文件,修改端口即可。不创建则默认端口19088。

[config]
port=19099

更新说明

2022-12-26 ：增加3.8.1.26版本支持。

2022-12-29 ：新增提取文字功能。

2023-01-02 ：退出微信登录。

2023-01-31 ：新增修改群昵称（仅支持3.8.1.26）。

2023-02-01 ：新增拍一拍（仅支持3.8.1.26）。

2023-02-04 ：新增群消息置顶和取消置顶。

2023-02-06 ：新增确认收款。

2023-02-08 ：新增朋友圈消息。

2023-02-09 ：新增3.9.0.28版本基础功能。

2023-02-13 ：新增群昵称和微信名称。

2023-02-17 : 新增通过wxid添加好友,搜索查找微信。

2023-03-02 ：新增发送@消息

2023-03-04 ：新增消息附件下载

2023-03-21 ：新增hook语音

2023-03-30 ：新增获取语音文件(推荐使用这个非hook接口)

2023-04-08 : 3.9.2.23版本功能更新

2023-06-05 ：3.9.2.26版本更新

2023-07-07 ：3.9.5.81版本更新

功能预览：

0.检查是否登录
1.获取登录微信信息
2.发送文本
3.发送@文本
5.发送图片
6.发送文件
9.hook消息
10.取消hook消息
11.hook图片
12.取消hook图片
13.hook语音
14.取消hook语音
17.删除好友
19.通过手机或qq查找微信
20.通过wxid添加好友
23.通过好友申请
25.获取群成员
26.获取群成员昵称
27.删除群成员
28.增加群成员
31.修改群昵称
32.获取数据库句柄
34.查询数据库
35.hook日志
36.取消hook日志
40.转发消息
44.退出登录
45.确认收款
46.联系人列表
47.获取群详情
48.获取解密图片
49.图片提取文字ocr
50.拍一拍
51.群消息置顶消息
52.群消息取消置顶
53.朋友圈首页
54.朋友圈下一页
55.获取联系人或者群名称
56.获取消息附件（图片，视频，文件）
57.获取语音文件(silk3格式)
58.登录二维码
59.邀请入群
60.获取群/群成员详情
61.撤回消息
62.发送公众号消息
63.转发公众号消息
64.发送小程序
65.退款
66.下载头像(勿用,没什么用)

感谢

https://github.com/ljc545w/ComWeChatRobot

https://github.com/NationalSecurityAgency/ghidra

https://github.com/x64dbg/x64dbg

讨论组

https://t.me/+LmvAauweyUpjYzJl

wxhelper's People

Contributors

Stargazers

Watchers

Forkers

hanson 1175937339 yeslevon yuningovo match567 aixed yisin2015 estinfo wangwh27 xuelainiao igo9go supermoonie ljmxy masteryang7 zz00773344 rpa2y lanybass lcl101 bangenlanbai sxyseo meaoo7 he-jin maxnova zhangyuyun hailiangchen 0honus0 luhongweiyu frozenzj qq-war mmcabc dayerqq wongsyrone lihongbin99 yangjinhui sanjiangxueyuan liutian1998 18982185329 simonxiao86 cyonjan hi-why realdenny tlxfif webees huddhudd bekidd ryanfu zhr1991 justseemore you4728 huinan168 unionfab l040610 q592850 zaincheung kayorlian michaelwanggithub2 hgh741 vikieow lian-up eriolsoong my-calm-heart 157276303 sendling darianzhuproject wang794778872 ttt602 asalibra reidentify lngwu11 chaoyi996 joe12801 degangliu huchundong hqucsx zhiying8710 codingman chenpython dj714330240 minry musicking wangxiaohui0312 tigertan880 gowsp linju1997 yufengsoft leanfly kongfei605 springmint zirandu dragon-zg alanchenup uotogk msojocs scriptxiaozi hcaihao uulll fengjixuchui wms888 bmync jjboyaj

wxhelper's Issues

建议增加图片路径解密功能

https://github.com/ljc545w/ComWeChatRobot，您参考的ComWeChatRobot里面的接收图片消息多了个 filepath和thumb_path。
filepath比较关键。这样可以找到对应人员发送的图片

v6编译错误，提示少confirm_receipt.h

confirm_receipt.h忘记上传了吧？

消息来时数据库里面BytesExtra 没有下载。有什么办法能让他下载吗？点开看一次就下载了

数据库里面BytesExtra 没有下载。有什么办法能让他下载吗？点开看一次就下载了

能否增加个接收转账的功能？

能否增加个接收转账的功能，也就是ljc545w/ComWeChatRobot版中的收款功能！

找call的一些问题

大佬好，我学了一些课程，勉强能找到call了，但感觉很费劲。请问大佬怎么学的找call或有什么技巧吗？
我小程序code的call没啥思路，找到了也是限制生成的，请问大佬研究过小程序code的寻找吗

建议增加多开

可以参考这个项目
SuperWeChatPC

ConsoleInject 注入不了

MFCApplication.exe
填写
进程名：WeChat.exe
dll 文件路径： C:\xx\wxhelper.dll
确定直接退出
可以注入上

cmd -> ConsoleInject.exe Wechat.exe wxhelper.dll 无提示，注入不了，有参数吗？

Tool 注入工具可以开源吗？

请问多开后，如何监听每个进程的 http 接口呢？

多开后，如何监听每个进程的 http 接口呢？

接口返回错误

通过/api/?type=0接口，返回的数据为{"msg":"not support method","result":"ERROR"} 是哪里没操作对呢？

API文档有吗

api/?type=1主程序异常报错

登录后获取当前登录用户信息(type=1)3.9.0.28异常退出
log：
Windows 10 Home China [Build 10.0.22623]
CPU: AMD Ryzen 7 4800H with Radeon Graphics
微信 3.90.0028 2023/2/28 14:19:11

Type: EXCEPTION_ACCESS_VIOLATION
Error: Read address 0x6B697A74
Address: 6F724437

CallStack:
VCRUNTIME140D + 0x00004437: (0x1676B31C,0x6B697A74,0x00000006,0x1676B470,0xE164C297)
wxhelper + 0x0001C57D: (0x6B697A74,0x00000006,0xCCCCCCCC,0x1676B318,0xE164C297)
wxhelper + 0x00038194: (0x6B697A74,0x00000006,0x1676F30C,0x1676B460,0xE164C297)
wxhelper + 0x0007CDB5: (0x1676EEFC,0x1676F474,0x1676F49C,0xCCCCCCCC,0xE164C297)
wxhelper + 0x0000D5A2: (0x1676F4CC,0x17CD1790,0x1676F42C,0xA2D471ED,0xE164C297)
wxhelper + 0x00013D59: (0x17CD1790,0x0000000A,0x1676F4CC,0x1676F7F0,0xE164C297)
wxhelper + 0x00081F5A: (0x17CD1790,0x0000000A,0x1676F4CC,0x1676F758,0xE164C297)
wxhelper + 0x0008BF2A: (0x17CD1790,0x00000007,0x1676F768,0x00000000,0xE164C297)
wxhelper + 0x00081F8A: (0x17CD1790,0x00000007,0x1676F768,0x1676F7D8,0xE164C297)
wxhelper + 0x00093470: (0x17CD1790,0x15630170,0x00000102,0x00000001,0xE164C297)
wxhelper + 0x000936EB: (0x17CD1790,0x1676F878,0xCCCCCCCC,0xCCCCCCCC,0xE164C297)
wxhelper + 0x000823BB: (0x1676F7F0,0x000003E8,0x7AB8105A,0xCCCCCCCC,0xE164C297)
wxhelper + 0x00014054: (0x00004A90,0x75267D50,0x1676F8E0,0x771AB74B,0xE164C297)
KERNEL32 + 0x00017D69: (0x00004A90,0x5CCE4B71,0x00000000,0x00000000,0xE164C297)
ntdll + 0x0006B74B: (0xFFFFFFFF,0x771D8654,0x00000000,0x00000000,0xE164C297)

Regs:
EAX=00000006, EBX=00004A90, ECX=00000001, EDX=00000006
ESI=6B697A74, EDI=1676B31C, EBP=1676B134, ESP=1676B11C, EIP=6F724437

DWORD_PTRs at CS:EIP:
1789168B 8304C783 E98304C6 8BF17501 03E183C8 068A1374 47460788 8DF77549
pid=00007828 init_tid=000023E0 crashtid=000021A0

DWORD_PTRs at teb:
1676A0FC 16770000 16763000 00000000 00001E00 00000000 00A8E000 00000000 00007828 000021A0 00000000 17CD22D8 00A97000 00000000 00000000 00000000 00000000

Modules(By Load Order):
[003B0000,096000] D:\WeChat\WeChat.exe [3.9.0.28,2023-01-31 09:05:48 GMT] [610696]
[77140000,1AF000] C:\WINDOWS\SYSTEM32\ntdll.dll [10.0.22621.1325,2016-01-30 07:41:32 GMT] [1747392]
[75250000,0F0000] C:\WINDOWS\System32\KERNEL32.DLL [10.0.22621.1325,2024-08-17 14:01:40 GMT] [674904]
[75B90000,26B000] C:\WINDOWS\System32\KERNELBASE.dll [10.0.22621.1325,1973-06-27 20:48:43 GMT] [2539672]
[76EC0000,1A7000] C:\WINDOWS\System32\USER32.dll [10.0.22621.1325,1976-11-10 11:41:45 GMT] [1735112]
[764E0000,01A000] C:\WINDOWS\System32\win32u.dll [10.0.22621.436,2013-03-29 09:01:42 GMT] [103288]
[765D0000,022000] C:\WINDOWS\System32\GDI32.dll [10.0.22621.436,2035-12-15 09:18:01 GMT] [132232]
[76C70000,0DE000] C:\WINDOWS\System32\gdi32full.dll [10.0.22621.1325,2005-04-13 23:11:18 GMT] [902312]
[751D0000,079000] C:\WINDOWS\System32\msvcp_win.dll [10.0.22621.436,0000-00-00 00:00:00 GMT] [492208]
[74E70000,112000] C:\WINDOWS\System32\ucrtbase.dll [10.0.22621.436,0000-00-00 00:00:00 GMT] [1128512]
[758A0000,07C000] C:\WINDOWS\System32\ADVAPI32.dll [10.0.22621.436,2003-04-17 18:52:51 GMT] [502552]
[76500000,0C4000] C:\WINDOWS\System32\msvcrt.dll [7.0.22621.436,0000-00-00 00:00:00 GMT] [797464]
[75E00000,082000] C:\WINDOWS\System32\sechost.dll [10.0.22621.436,2006-12-06 04:47:19 GMT] [529448]
[77070000,0B9000] C:\WINDOWS\System32\RPCRT4.dll [10.0.22621.1325,0000-00-00 00:00:00 GMT] [761280]
[76600000,662000] C:\WINDOWS\System32\SHELL32.dll [10.0.22621.1325,2010-04-25 18:57:01 GMT] [6725896]
[75080000,14D000] C:\WINDOWS\System32\ole32.dll [10.0.22621.436,0000-00-00 00:00:00 GMT] [1368176]
[75340000,27B000] C:\WINDOWS\System32\combase.dll [10.0.22621.1325,1970-09-18 03:26:27 GMT] [2616736]
[75020000,04B000] C:\WINDOWS\System32\SHLWAPI.dll [10.0.22621.436,2004-06-27 01:15:21 GMT] [302672]
[74350000,008000] C:\WINDOWS\SYSTEM32\VERSION.dll [10.0.22621.1,1984-01-11 08:24:59 GMT] [28912]
[74F90000,025000] C:\WINDOWS\System32\IMM32.DLL [10.0.22621.1325,2011-08-02 02:56:32 GMT] [149968]
[71D00000,6CE000] C:\WINDOWS\SYSTEM32\windows.storage.dll [10.0.22621.1325,2000-06-23 06:27:45 GMT] [7174720]
[71A20000,0C7000] C:\WINDOWS\SYSTEM32\wintypes.dll [10.0.22621.870,2009-11-21 01:00:28 GMT] [815040]
[75A30000,0C0000] C:\WINDOWS\System32\SHCORE.dll [10.0.22621.885,2010-06-15 13:42:00 GMT] [786616]
[71C90000,013000] C:\WINDOWS\SYSTEM32\kernel.appcore.dll [10.0.22621.1,0000-00-00 00:00:00 GMT] [69752]
[75690000,062000] C:\WINDOWS\System32\bcryptPrimitives.dll [10.0.22621.1175,2023-10-23 15:42:04 GMT] [398264]
[72F40000,07F000] C:\WINDOWS\system32\uxtheme.dll [10.0.22621.885,2004-04-09 04:49:44 GMT] [500224]
[75AF0000,09C000] C:\WINDOWS\System32\OLEAUT32.dll [10.0.22621.436,2015-12-09 23:51:29 GMT] [631680]
[73410000,03D000] C:\WINDOWS\SYSTEM32\CFGMGR32.dll [10.0.22621.746,1995-12-01 15:48:48 GMT] [246360]
[75FA0000,082000] C:\WINDOWS\System32\clbcatq.dll [2001.12.10941.16384,1987-05-06 02:59:48 GMT] [521616]
[70B70000,0C6000] C:\WINDOWS\system32\propsys.dll [7.0.22621.436,1998-01-18 07:22:14 GMT] [813480]
[714D0000,019000] C:\WINDOWS\SYSTEM32\profapi.dll [10.0.22621.1,2004-09-20 22:59:50 GMT] [93520]
[709F0000,0A5000] C:\WINDOWS\SYSTEM32\apphelp.dll [10.0.22621.1325,2035-04-11 08:19:54 GMT] [670448]
[568C0000,3324000] D:\WeChat[3.9.0.28]\WeChatWin.dll [3.9.0.28,2023-01-31 09:17:32 GMT] [53229448]
[76480000,05F000] C:\WINDOWS\System32\WS2_32.dll [10.0.22621.1,0000-00-00 00:00:00 GMT] [389440]
[76040000,43D000] C:\WINDOWS\System32\SETUPAPI.dll [10.0.22621.1325,0000-00-00 00:00:00 GMT] [4477528]
[75980000,0B0000] C:\WINDOWS\System32\COMDLG32.dll [10.0.22621.1017,2013-11-18 12:35:39 GMT] [695296]
[75920000,05D000] C:\WINDOWS\System32\WLDAP32.dll [10.0.22621.1245,0000-00-00 00:00:00 GMT] [361984]
[69850000,224000] C:\WINDOWS\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.436_none_f0ef7eb2d589ad1a\COMCTL32.dll [6.10.22621.436,0000-00-00 00:00:00 GMT] [2231136]
[73D50000,031000] C:\WINDOWS\SYSTEM32\WINMM.dll [10.0.22621.436,1978-11-01 05:03:40 GMT] [189056]
[75E90000,103000] C:\WINDOWS\System32\CRYPT32.dll [10.0.22621.870,1995-06-01 04:39:15 GMT] [1051072]
[566A0000,121000] D:\WeChat[3.9.0.28]\dbghelp.dll [6.11.1.404,2009-02-26 01:55:30 GMT] [1080656]
[567D0000,0EB000] C:\WINDOWS\SYSTEM32\DDRAW.dll [10.0.22621.1,2001-06-24 06:18:02 GMT] [535552]
[71550000,237000] C:\WINDOWS\SYSTEM32\d3d11.dll [10.0.22621.1325,0000-00-00 00:00:00 GMT] [2336296]
[55A70000,C25000] D:\WeChat[3.9.0.28]\VoipEngine.dll [3.7.5.183,2022-12-30 08:17:23 GMT] [10672520]
[72D70000,16D000] C:\WINDOWS\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.22621.891_none_21d576e630209eb7\gdiplus.dll [10.0.22621.891,0000-00-00 00:00:00 GMT] [1476096]
[6FD50000,1A2000] C:\WINDOWS\SYSTEM32\urlmon.dll [11.0.22621.1325,1995-01-09 14:21:32 GMT] [1653760]
[72FC0000,006000] C:\WINDOWS\SYSTEM32\MSIMG32.dll [10.0.22621.436,0000-00-00 00:00:00 GMT] [7168]
[74D00000,0D6000] C:\WINDOWS\SYSTEM32\WINHTTP.dll [10.0.22621.436,0000-00-00 00:00:00 GMT] [872360]
[74E30000,01F000] C:\WINDOWS\SYSTEM32\USERENV.dll [10.0.22621.1,0000-00-00 00:00:00 GMT] [121368]
[733F0000,01A000] C:\WINDOWS\SYSTEM32\bcrypt.dll [10.0.22621.1175,0000-00-00 00:00:00 GMT] [101240]
[74DE0000,024000] C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [10.0.22621.1,2010-10-04 11:17:18 GMT] [138464]
[53FD0000,1A96000] D:\WeChat[3.9.0.28]\libFFmpeg.dll [1.0.1.31,2022-05-10 09:30:51 GMT] [17212920]
[73190000,008000] C:\WINDOWS\SYSTEM32\WSOCK32.dll [10.0.22621.1,1994-06-05 05:37:29 GMT] [16384]
[53F10000,0B5000] D:\WeChat[3.9.0.28]\mmtcmalloc.dll [,2022-12-19 12:54:05 GMT] [369544]
[72EE0000,054000] C:\WINDOWS\SYSTEM32\OLEACC.dll [7.2.22621.1,0000-00-00 00:00:00 GMT] [324608]
[73450000,488000] C:\WINDOWS\SYSTEM32\WININET.dll [11.0.22621.436,1971-03-06 20:30:59 GMT] [4770408]
[538A0000,661000] D:\WeChat[3.9.0.28]\andromeda.dll [1.1.13.17,2023-01-12 04:02:01 GMT] [6512008]
[75070000,006000] C:\WINDOWS\System32\PSAPI.DLL [10.0.22621.1,2035-07-26 07:01:49 GMT] [18080]
[71900000,0CA000] C:\WINDOWS\SYSTEM32\dxgi.dll [10.0.22621.1325,0000-00-00 00:00:00 GMT] [821936]
[6F7C0000,007000] C:\WINDOWS\SYSTEM32\DCIMAN32.dll [10.0.22621.436,2026-10-01 10:32:57 GMT] [11776]
[6F950000,01D000] C:\WINDOWS\SYSTEM32\srvcli.dll [10.0.22621.1,1993-11-17 08:22:16 GMT] [80072]
[6F970000,22E000] C:\WINDOWS\SYSTEM32\iertutil.dll [11.0.22621.870,2005-02-06 05:46:43 GMT] [2282440]
[73340000,00B000] C:\WINDOWS\SYSTEM32\netutils.dll [10.0.22621.870,1982-10-14 00:31:06 GMT] [39232]
[74360000,00A000] C:\WINDOWS\SYSTEM32\Secur32.dll [10.0.22621.1,0000-00-00 00:00:00 GMT] [20992]
[69B20000,02D000] C:\WINDOWS\SYSTEM32\dxcore.dll [10.0.22621.436,0000-00-00 00:00:00 GMT] [166368]
[71AF0000,00B000] C:\WINDOWS\SYSTEM32\CRYPTBASE.DLL [10.0.22621.1,0000-00-00 00:00:00 GMT] [33144]
[74020000,025000] C:\WINDOWS\SYSTEM32\SSPICLI.DLL [10.0.22621.870,2003-04-04 23:01:17 GMT] [143592]
[53680000,212000] D:\WeChat[3.9.0.28]\mmmojo.dll [109.0.5414.75,2023-01-03 23:06:55 GMT] [2077064]
[718D0000,029000] C:\WINDOWS\SYSTEM32\ntmarta.dll [10.0.22621.1,0000-00-00 00:00:00 GMT] [155488]
[6F680000,07D000] C:\WINDOWS\system32\Riched20.dll [5.31.23.1231,2012-05-22 12:01:45 GMT] [497664]
[6F590000,017000] C:\WINDOWS\SYSTEM32\USP10.dll [10.0.22621.1,1972-01-28 20:16:25 GMT] [78336]
[6F740000,02C000] C:\WINDOWS\SYSTEM32\msls31.dll [3.10.349.0,2035-10-24 06:18:09 GMT] [163328]
[04080000,F8F000] D:\WeChat[3.9.0.28]\WeChatResource.dll [3.9.0.28,2023-01-31 09:05:43 GMT] [16318856]
[71CE0000,015000] C:\WINDOWS\SYSTEM32\CRYPTSP.dll [10.0.22621.1,2006-02-15 15:35:22 GMT] [81600]
[757A0000,0DB000] C:\WINDOWS\System32\MSCTF.dll [10.0.22621.1325,2018-05-08 06:37:35 GMT] [892704]
[71CB0000,030000] C:\WINDOWS\system32\rsaenh.dll [10.0.22621.1,2024-04-19 19:26:49 GMT] [189048]
[5A000000,014000] C:\WINDOWS\SYSTEM32\ondemandconnroutehelper.dll [10.0.22621.1,1995-09-16 18:06:02 GMT] [61440]
[755C0000,007000] C:\WINDOWS\System32\NSI.dll [10.0.22621.1,0000-00-00 00:00:00 GMT] [21728]
[71790000,051000] C:\WINDOWS\system32\mswsock.dll [10.0.22621.1,2012-09-12 14:33:47 GMT] [321376]
[6F470000,00A000] C:\WINDOWS\SYSTEM32\WINNSI.DLL [10.0.22621.1,1984-03-05 07:15:58 GMT] [31032]
[714F0000,016000] C:\WINDOWS\SYSTEM32\dhcpcsvc6.DLL [10.0.22621.1325,1971-07-04 21:45:52 GMT] [75616]
[714B0000,017000] C:\WINDOWS\SYSTEM32\dhcpcsvc.DLL [10.0.22621.1325,0000-00-00 00:00:00 GMT] [89648]
[724A0000,0B9000] C:\WINDOWS\SYSTEM32\DNSAPI.dll [10.0.22621.1245,0000-00-00 00:00:00 GMT] [755608]
[53270000,402000] D:\WeChat[3.9.0.28]\wcprobe.dll [2.0.0.6,2022-11-09 06:23:23 GMT] [4187528]
[74FC0000,058000] C:\WINDOWS\System32\WINTRUST.dll [10.0.22621.1245,1989-10-29 20:37:39 GMT] [351736]
[723F0000,00E000] C:\WINDOWS\SYSTEM32\MSASN1.dll [10.0.22621.891,2020-05-28 17:00:40 GMT] [52176]
[6F600000,03D000] D:\WeChat[3.9.0.28]\WeUIResource.dll [3.9.0.28,2023-01-31 09:08:41 GMT] [250248]
[6AED0000,0E4000] C:\WINDOWS\SYSTEM32\textinputframework.dll [10.0.22621.1325,1987-11-11 01:56:56 GMT] [928688]
[10000000,DE0000] C:\Program Files (x86)\Sangfor\SSL\ClientComponent\SangforNsp.dll [7.6.6.301,2020-04-03 08:03:24 GMT] [14531272]
[6FCD0000,074000] C:\WINDOWS\SYSTEM32\MSVCP60.dll [7.0.22621.1,1999-11-08 17:46:53 GMT] [460800]
[6FF00000,13D000] C:\WINDOWS\SYSTEM32\MFC42.DLL [6.6.8063.0,0000-00-00 00:00:00 GMT] [1269760]
[718C0000,00E000] C:\WINDOWS\system32\wbem\wbemprox.dll [10.0.22621.1,1994-04-11 01:31:46 GMT] [38400]
[71850000,067000] C:\WINDOWS\SYSTEM32\wbemcomn.dll [10.0.22621.1,2017-11-05 20:17:32 GMT] [398336]
[6F900000,012000] C:\WINDOWS\system32\napinsp.dll [10.0.22621.1,1986-03-15 02:07:33 GMT] [68696]
[6F8C0000,016000] C:\WINDOWS\system32\pnrpnsp.dll [10.0.22621.1,0000-00-00 00:00:00 GMT] [71680]
[6F810000,00E000] C:\WINDOWS\System32\winrnr.dll [10.0.22621.1,0000-00-00 00:00:00 GMT] [45496]
[6F7F0000,011000] C:\WINDOWS\system32\wshbth.dll [10.0.22621.1,0000-00-00 00:00:00 GMT] [54272]
[6F7D0000,018000] C:\WINDOWS\system32\nlansp_c.dll [10.0.22621.1,2001-05-30 05:39:33 GMT] [82432]
[6BCB0000,064000] C:\WINDOWS\system32\Wlanapi.dll [10.0.22621.436,0000-00-00 00:00:00 GMT] [405456]
[6BC90000,019000] C:\WINDOWS\SYSTEM32\MobileNetworking.dll [10.0.22621.1,0000-00-00 00:00:00 GMT] [81920]
[71200000,011000] C:\WINDOWS\system32\wbem\wbemsvc.dll [10.0.22621.1,2021-09-24 09:48:14 GMT] [49152]
[59C10000,160000] C:\WINDOWS\SYSTEM32\WindowsCodecs.dll [10.0.22621.436,2032-11-05 05:49:01 GMT] [1450304]
[71130000,0CC000] C:\WINDOWS\system32\wbem\fastprox.dll [10.0.22621.436,0000-00-00 00:00:00 GMT] [815104]
[75880000,01B000] C:\WINDOWS\System32\imagehlp.dll [10.0.22621.1,2015-09-08 03:59:27 GMT] [101752]
[70EA0000,015000] C:\WINDOWS\SYSTEM32\amsi.dll [10.0.22621.1,2027-04-29 12:59:30 GMT] [71680]
[70DF0000,07B000] C:\Program Files\McAfee\MfeAV\AMSIExt_x86.dll [23.2.199.0,2020-06-09 14:38:14 GMT] [505752]
[6BC60000,02E000] C:\Program Files (x86)\Sangfor\SSL\SangforPW\SangforUDProtect.dll [1.0.0.1,2020-07-18 10:18:57 GMT] [175208]
[74370000,00F000] C:\WINDOWS\SYSTEM32\WTSAPI32.dll [10.0.22621.1,0000-00-00 00:00:00 GMT] [54760]
[5A380000,218000] C:\WINDOWS\SYSTEM32\dwrite.dll [10.0.22621.436,0000-00-00 00:00:00 GMT] [2151424]
[6DE40000,095000] C:\WINDOWS\SYSTEM32\TextShaping.dll [10.0.22621.436,0000-00-00 00:00:00 GMT] [611008]
[53050000,19B000] C:\Users\froz\AppData\Roaming\Tencent\WeChat\XPlugin\Plugins\RadiumWMPF\6500\extracted\host\wmpf_host_export.dll [,2022-11-04 07:45:18 GMT] [1599368]
[0DBB0000,349000] C:\WINDOWS\SYSTEM32\uiautomationcore.dll [7.2.22621.436,1989-06-23 17:55:36 GMT] [3407872]
[69070000,08B000] C:\WINDOWS\SYSTEM32\sxs.dll [10.0.22621.1037,0000-00-00 00:00:00 GMT] [564544]
[59BF0000,011000] C:\Windows\System32\threadpoolwinrt.dll [10.0.22621.1,2026-12-01 06:37:55 GMT] [58368]
[6F500000,05D000] C:\WINDOWS\System32\fwpuclnt.dll [10.0.22621.586,0000-00-00 00:00:00 GMT] [361984]
[69B10000,008000] C:\Windows\System32\rasadhlp.dll [10.0.22621.1,0000-00-00 00:00:00 GMT] [13312]
[70E70000,021000] C:\WINDOWS\SYSTEM32\gpapi.dll [10.0.22621.436,0000-00-00 00:00:00 GMT] [123456]
[70C40000,027000] C:\Windows\System32\cryptnet.dll [10.0.22621.1,1999-07-13 03:28:28 GMT] [149296]
[653F0000,0CD000] C:\WINDOWS\SYSTEM32\CoreMessaging.dll [10.0.22621.746,2008-06-22 08:44:46 GMT] [834160]
[59D70000,290000] C:\WINDOWS\SYSTEM32\CoreUIComponents.dll [10.0.22621.436,1970-10-27 18:53:59 GMT] [2699264]
[51E30000,2B4000] C:\WINDOWS\SYSTEM32\msftedit.dll [10.0.22621.436,1999-02-28 21:08:45 GMT] [2805760]
[51AA0000,14E000] C:\Windows\System32\Windows.Globalization.dll [10.0.22621.436,0000-00-00 00:00:00 GMT] [1352704]
[51A70000,022000] C:\WINDOWS\SYSTEM32\globinputhost.dll [10.0.22621.436,1986-01-31 22:14:50 GMT] [118272]
[51A20000,049000] C:\WINDOWS\SYSTEM32\Bcp47Langs.dll [10.0.22621.436,0000-00-00 00:00:00 GMT] [294392]
[51C00000,07C000] C:\WINDOWS\System32\MMDevApi.dll [10.0.22621.436,0000-00-00 00:00:00 GMT] [495352]
[6F820000,024000] C:\WINDOWS\System32\DEVOBJ.dll [10.0.22621.1325,0000-00-00 00:00:00 GMT] [145312]
[522F0000,04C000] C:\WINDOWS\system32\dataexchange.dll [10.0.22621.436,0000-00-00 00:00:00 GMT] [295424]
[52120000,1CF000] C:\WINDOWS\system32\twinapi.appcore.dll [10.0.22621.726,2024-08-04 18:02:29 GMT] [1902768]
[719D0000,04F000] C:\WINDOWS\SYSTEM32\WINSTA.dll [10.0.22621.436,0000-00-00 00:00:00 GMT] [306280]
[77300000,01F000] C:\WINDOWS\SYSTEM32\winmmbase.dll [10.0.22621.1,0000-00-00 00:00:00 GMT] [117792]
[7B4A0000,03B000] C:\WINDOWS\SYSTEM32\wdmaud.drv [10.0.22621.1,1976-02-23 08:23:21 GMT] [220160]
[772F0000,007000] C:\WINDOWS\SYSTEM32\ksuser.dll [10.0.22621.1,2017-06-30 20:04:53 GMT] [23744]
[7B4E0000,009000] C:\WINDOWS\SYSTEM32\AVRT.dll [10.0.22621.436,1989-02-27 21:19:56 GMT] [29968]
[7B4F0000,18A000] C:\WINDOWS\SYSTEM32\AUDIOSES.DLL [10.0.22621.1017,2029-02-23 17:24:41 GMT] [1605888]
[7B680000,00B000] C:\WINDOWS\SYSTEM32\msacm32.drv [10.0.22621.1,0000-00-00 00:00:00 GMT] [26624]
[7B690000,019000] C:\WINDOWS\SYSTEM32\MSACM32.dll [10.0.22621.1,0000-00-00 00:00:00 GMT] [97088]
[7B6B0000,008000] C:\WINDOWS\SYSTEM32\midimap.dll [10.0.22621.1,0000-00-00 00:00:00 GMT] [21504]
[51D20000,10A000] C:\Windows\System32\Windows.UI.dll [10.0.22621.436,2037-02-02 17:33:56 GMT] [1096504]
[7B6C0000,010000] C:\WINDOWS\SYSTEM32\resourcepolicyclient.dll [10.0.22621.1,0000-00-00 00:00:00 GMT] [57840]
[7AB80000,0D2000] D:\codes\wxhelper-3.9.0.28-V7\build\lib\Debug\wxhelper.dll [,2023-02-28 04:07:33 GMT] [838144]
[7AC60000,0B4000] C:\WINDOWS\SYSTEM32\MSVCP140D.dll [14.34.31938.0,0000-00-00 00:00:00 GMT] [738704]
[6F720000,01E000] C:\WINDOWS\SYSTEM32\VCRUNTIME140D.dll [14.34.31938.0,0000-00-00 00:00:00 GMT] [126832]
[7AD20000,1A4000] C:\WINDOWS\SYSTEM32\ucrtbased.dll [10.0.22000.832,1984-12-11 21:12:54 GMT] [1710568]

c++苦手，连debug都不会的那种，看过 #28 (comment) @estinfo 的issue，反正就一毛一样，但是后续不会继续了，麻烦各路大佬支个招

3.8.1.26 崩溃，你们有遇到吗？

我测试 3.8.1.26 无法使用，崩溃，你们有遇到吗？

卸载dll无效

使用命令
.\ConsoleInject.exe -i WeChat.exe -d wxhelper.dll
卸载dll 无效

注册的后台服务依然运行

缺少 unofficial-mongoose ，请指教

你好，对c++不是很熟悉，编译卡在了unofficial-mongoose 这个地方，网上也搜不到，还请指教指教，不胜感激

请问有什么方法可以验证注入程序的有效性吗?

怀疑是本地的问题,想排除一下注入程序的因素干扰

能否增加发xml消息、通过加好友请求、邀请好友进群呢？

not support method

3.8.1.26注入成功访问url

{
"msg": "not support method",
"result": "ERROR"
}

发送文本消息时，中文需要如何转码？

如果发送中文文本消息，会返回错误，中文需要如何转码？

还有同意别人加我好友、邀请好友进群，能实现了最好！

删不掉

hook接收文本消息，图片消息，群消息.该接口将hook的消息通过tcp回传给本地的端口

/api/?type=9

建议增加必填参数 IP.
入参：
{
"ip":"127.0.0.1"
"port": "19099"
}

可以直接使用release的wxhelper.dll吗

ConsoleInject.exe -i WeChat.exe -p wxhelper.dll之后服务起来没啥现象

能增加群@吗，还有群@所有人

dll的窗口已经打开了,但是访问仍然没有反应?

3.9.0.28版本
请求是这样的:
data = {"wxid": "文件传输助手", "msg": "hello,world"}
response = requests.post("http://127.0.0.1:19088/api/?type=2", data=json.dumps(data))

能否增加个转发消息功能？ComWeChatRobot中已经有了！

dll 无法注入呢

建议通过wechat 的版本使用对应的内存地址

每次更新似乎就是内存地址不同，通过注入的版本号进行判断内存地址。
微信版本： 3.8.1.26
微信基址： 0x00260000
内存地址: 0x00B90000
成功注入: wxhelper.dll

以后只需要维护支持的版本的内存地址变量就可以实现通用？

能否增加接受转账、领取红包功能呢？

要是能通过hook接受转账、或者领取红包就太好了，就可以多加群自动抢红包了[坏笑]

请教

readme里面的更新说明的时间搞错了应该是2023，写成了2022，能不能分享下找call的思路，我这边也在试这个，没有搞动打开微信浏览器后怎么样找call

问题

这个方法新版本封号没有

登录后获取当前登录用户信息(type=1)3.9.0.28异常退出

确认登录以后：

未确认登录可以正常获取

建议增加指定wxid消息清空

视频号的功能是不是比较难搞啊？

翻遍github,也没见一个hook视频号的。

多开wx 注入

多开的wx注入后仅首次注入的有效应该是端口占用了

不知道大佬有没有办法解决多开问题

type code 9 bug

dll版本：3.9.0.28V10
情况描述：post type code=9时，传入post 和 ip参数后，弹出崩溃信息界面。

日志信息：
Windows 10 Home China [Build 10.0.22623]
CPU: AMD Ryzen 7 4800H with Radeon Graphics
微信 3.90.0028 2023/3/2 16:17:30

Type: EXCEPTION_BREAKPOINT
Address: 18D112B0

CallStack:
ucrtbased + 0x000B12B0: (0x18C737D4,0x1890B634,0x1890B664,0x00004A90,0x2E916696)
ucrtbased + 0x000B1451: (0x18C737D4,0x00000003,0x1890B518,0x1600EEF9,0x2E916696)
ucrtbased + 0x000C3A3A: (0x1890B664,0x00000003,0x1890B52C,0x15FFBBD4,0x2E916696)
wxhelper + 0x0002EEF9: (0x147542D8,0x1890B550,0x16096158,0x1890B53C,0x2E916696)
wxhelper + 0x0001BBD4: (0x147542D8,0x1890B550,0x1890B55C,0x1600F1FE,0x2E916696)
wxhelper + 0x0002ED5F: (0x147542D8,0x1890B550,0xCCCCCCCC,0x00000000,0x2E916696)
wxhelper + 0x0002F1FE: (0x000000CC,0xCCCCCCCC,0x147542D8,0x1890B644,0x2E916696)
wxhelper + 0x0002EF94: (0xCF533B25,0x1890F6D4,0x1890B664,0x00004A90,0x2E916696)
wxhelper + 0x0000C80D: (0x1890F894,0x16018901,0x1890F6D4,0x06400C40,0x2E916696)
wxhelper + 0x0000E691: (0x1890F894,0x18347780,0x1890F7F4,0xCF53752D,0x2E916696)
wxhelper + 0x000141C9: (0x18347780,0x0000000A,0x1890F894,0x1890FBB8,0x2E916696)
wxhelper + 0x00082E4A: (0x18347780,0x0000000A,0x1890F894,0x1890FB20,0x2E916696)
wxhelper + 0x0008CE1A: (0x18347780,0x00000007,0x1890FB30,0x00000000,0x2E916696)
wxhelper + 0x00082E7A: (0x18347780,0x00000007,0x1890FB30,0x1890FBA0,0x2E916696)
wxhelper + 0x00094360: (0x18347780,0x064BCCC0,0x00000154,0x00000001,0x2E916696)
wxhelper + 0x000945DB: (0x18347780,0x1890FC40,0xCCCCCCCC,0xCCCCCCCC,0x2E916696)
wxhelper + 0x000832AB: (0x1890FBB8,0x000003E8,0x15FE105A,0xCCCCCCCC,0x2E916696)
wxhelper + 0x000144C4: (0x00004A90,0x76497D50,0x1890FCA8,0x771AB74B,0x2E916696)
KERNEL32 + 0x00017D69: (0x00004A90,0xDF627255,0x00000000,0x00000000,0x2E916696)
ntdll + 0x0006B74B: (0xFFFFFFFF,0x771D865F,0x00000000,0x00000000,0x2E916696)

Regs:
EAX=00000001, EBX=00004A90, ECX=DDA2257A, EDX=006C0000
ESI=1890B510, EDI=1890B634, EBP=1890B4E0, ESP=1890B4DC, EIP=18D112B0

DWORD_PTRs at CS:EIP:
EB01B0CC EB01B006 8BC03202 CCC35DE5 CCCCCCCC CCCCCCCC CCCCCCCC CCCCCCCC
pid=00003200 init_tid=00006E64 crashtid=00005004

DWORD_PTRs at teb:
1890A4BC 18910000 188FD000 00000000 00001E00 00000000 002EF000 00000000 00003200 00005004 00000000 18347C48 00264000 00000000 00000000 00000000 00000000

Modules(By Load Order):
[00F90000,096000] D:\WeChat\WeChat.exe [3.9.0.28,2023-01-31 09:05:48 GMT] [610696]
[77140000,1AF000] C:\WINDOWS\SYSTEM32\ntdll.dll [10.0.22621.1325,2016-01-30 07:41:32 GMT] [1747392]
[76480000,0F0000] C:\WINDOWS\System32\KERNEL32.DLL [10.0.22621.1325,2024-08-17 14:01:40 GMT] [674904]
[752C0000,26B000] C:\WINDOWS\System32\KERNELBASE.dll [10.0.22621.1325,1973-06-27 20:48:43 GMT] [2539672]
[76EC0000,1A7000] C:\WINDOWS\System32\USER32.dll [10.0.22621.1325,1976-11-10 11:41:45 GMT] [1735112]
[751C0000,01A000] C:\WINDOWS\System32\win32u.dll [10.0.22621.436,2013-03-29 09:01:42 GMT] [103288]
[75190000,022000] C:\WINDOWS\System32\GDI32.dll [10.0.22621.436,2035-12-15 09:18:01 GMT] [132232]
[76070000,0DE000] C:\WINDOWS\System32\gdi32full.dll [10.0.22621.1325,2005-04-13 23:11:18 GMT] [902312]
[76570000,079000] C:\WINDOWS\System32\msvcp_win.dll [10.0.22621.436,0000-00-00 00:00:00 GMT] [492208]
[74FD0000,112000] C:\WINDOWS\System32\ucrtbase.dll [10.0.22621.436,0000-00-00 00:00:00 GMT] [1128512]
[75D50000,07C000] C:\WINDOWS\System32\ADVAPI32.dll [10.0.22621.436,2003-04-17 18:52:51 GMT] [502552]
[74E70000,0C4000] C:\WINDOWS\System32\msvcrt.dll [7.0.22621.436,0000-00-00 00:00:00 GMT] [797464]
[75590000,082000] C:\WINDOWS\System32\sechost.dll [10.0.22621.436,2006-12-06 04:47:19 GMT] [529448]
[77070000,0B9000] C:\WINDOWS\System32\RPCRT4.dll [10.0.22621.1325,0000-00-00 00:00:00 GMT] [761280]
[76650000,662000] C:\WINDOWS\System32\SHELL32.dll [10.0.22621.1325,2010-04-25 18:57:01 GMT] [6725896]
[76D30000,14D000] C:\WINDOWS\System32\ole32.dll [10.0.22621.436,0000-00-00 00:00:00 GMT] [1368176]
[75AD0000,27B000] C:\WINDOWS\System32\combase.dll [10.0.22621.1325,1970-09-18 03:26:27 GMT] [2616736]
[761F0000,04B000] C:\WINDOWS\System32\SHLWAPI.dll [10.0.22621.436,2004-06-27 01:15:21 GMT] [302672]
[74250000,008000] C:\WINDOWS\SYSTEM32\VERSION.dll [10.0.22621.1,1984-01-11 08:24:59 GMT] [28912]
[76E90000,025000] C:\WINDOWS\System32\IMM32.DLL [10.0.22621.1325,2011-08-02 02:56:32 GMT] [149968]
[71C10000,6CE000] C:\WINDOWS\SYSTEM32\windows.storage.dll [10.0.22621.1325,2000-06-23 06:27:45 GMT] [7174720]
[71B30000,0C7000] C:\WINDOWS\SYSTEM32\wintypes.dll [10.0.22621.870,2009-11-21 01:00:28 GMT] [815040]
[75DD0000,0C0000] C:\WINDOWS\System32\SHCORE.dll [10.0.22621.885,2010-06-15 13:42:00 GMT] [786616]
[71B10000,013000] C:\WINDOWS\SYSTEM32\kernel.appcore.dll [10.0.22621.1,0000-00-00 00:00:00 GMT] [69752]
[76CC0000,062000] C:\WINDOWS\System32\bcryptPrimitives.dll [10.0.22621.1175,2023-10-23 15:42:04 GMT] [398264]
[72610000,07F000] C:\WINDOWS\system32\uxtheme.dll [10.0.22621.885,2004-04-09 04:49:44 GMT] [500224]
[750F0000,09C000] C:\WINDOWS\System32\OLEAUT32.dll [10.0.22621.436,2015-12-09 23:51:29 GMT] [631680]
[731C0000,03D000] C:\WINDOWS\SYSTEM32\CFGMGR32.dll [10.0.22621.746,1995-12-01 15:48:48 GMT] [246360]
[74F40000,082000] C:\WINDOWS\System32\clbcatq.dll [2001.12.10941.16384,1987-05-06 02:59:48 GMT] [521616]
[6FB80000,0C6000] C:\WINDOWS\system32\propsys.dll [7.0.22621.436,1998-01-18 07:22:14 GMT] [813480]
[71A90000,019000] C:\WINDOWS\SYSTEM32\profapi.dll [10.0.22621.1,2004-09-20 22:59:50 GMT] [93520]
[74DC0000,0A5000] C:\WINDOWS\SYSTEM32\apphelp.dll [10.0.22621.1325,2035-04-11 08:19:54 GMT] [670448]
[783C0000,3324000] D:\WeChat[3.9.0.28]\WeChatWin.dll [3.9.0.28,2023-01-31 09:17:32 GMT] [53229448]
[76250000,05F000] C:\WINDOWS\System32\WS2_32.dll [10.0.22621.1,0000-00-00 00:00:00 GMT] [389440]
[75620000,43D000] C:\WINDOWS\System32\SETUPAPI.dll [10.0.22621.1325,0000-00-00 00:00:00 GMT] [4477528]
[75E90000,0B0000] C:\WINDOWS\System32\COMDLG32.dll [10.0.22621.1017,2013-11-18 12:35:39 GMT] [695296]
[75530000,05D000] C:\WINDOWS\System32\WLDAP32.dll [10.0.22621.1245,0000-00-00 00:00:00 GMT] [361984]
[6A330000,224000] C:\WINDOWS\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.436_none_f0ef7eb2d589ad1a\COMCTL32.dll [6.10.22621.436,0000-00-00 00:00:00 GMT] [2231136]
[75F60000,103000] C:\WINDOWS\System32\CRYPT32.dll [10.0.22621.870,1995-06-01 04:39:15 GMT] [1051072]
[77C10000,121000] D:\WeChat[3.9.0.28]\dbghelp.dll [6.11.1.404,2009-02-26 01:55:30 GMT] [1080656]
[77B20000,0EB000] C:\WINDOWS\SYSTEM32\DDRAW.dll [10.0.22621.1,2001-06-24 06:18:02 GMT] [535552]
[711A0000,237000] C:\WINDOWS\SYSTEM32\d3d11.dll [10.0.22621.1325,0000-00-00 00:00:00 GMT] [2336296]
[73310000,031000] C:\WINDOWS\SYSTEM32\WINMM.dll [10.0.22621.436,1978-11-01 05:03:40 GMT] [189056]
[701E0000,1A2000] C:\WINDOWS\SYSTEM32\urlmon.dll [11.0.22621.1325,1995-01-09 14:21:32 GMT] [1653760]
[72350000,16D000] C:\WINDOWS\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.22621.891_none_21d576e630209eb7\gdiplus.dll [10.0.22621.891,0000-00-00 00:00:00 GMT] [1476096]
[72520000,006000] C:\WINDOWS\SYSTEM32\MSIMG32.dll [10.0.22621.436,0000-00-00 00:00:00 GMT] [7168]
[749D0000,0D6000] C:\WINDOWS\SYSTEM32\WINHTTP.dll [10.0.22621.436,0000-00-00 00:00:00 GMT] [872360]
[742D0000,01F000] C:\WINDOWS\SYSTEM32\USERENV.dll [10.0.22621.1,0000-00-00 00:00:00 GMT] [121368]
[74D90000,024000] C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [10.0.22621.1,2010-10-04 11:17:18 GMT] [138464]
[725F0000,01A000] C:\WINDOWS\SYSTEM32\bcrypt.dll [10.0.22621.1175,0000-00-00 00:00:00 GMT] [101240]
[725E0000,008000] C:\WINDOWS\SYSTEM32\WSOCK32.dll [10.0.22621.1,1994-06-05 05:37:29 GMT] [16384]
[50190000,0B5000] D:\WeChat[3.9.0.28]\mmtcmalloc.dll [,2022-12-19 12:54:05 GMT] [369544]
[724C0000,054000] C:\WINDOWS\SYSTEM32\OLEACC.dll [7.2.22621.1,0000-00-00 00:00:00 GMT] [324608]
[72D30000,488000] C:\WINDOWS\SYSTEM32\WININET.dll [11.0.22621.436,1971-03-06 20:30:59 GMT] [4770408]
[76240000,006000] C:\WINDOWS\System32\PSAPI.DLL [10.0.22621.1,2035-07-26 07:01:49 GMT] [18080]
[713E0000,0CA000] C:\WINDOWS\SYSTEM32\dxgi.dll [10.0.22621.1325,0000-00-00 00:00:00 GMT] [821936]
[6FDE0000,22E000] C:\WINDOWS\SYSTEM32\iertutil.dll [11.0.22621.870,2005-02-06 05:46:43 GMT] [2282440]
[61100000,007000] C:\WINDOWS\SYSTEM32\DCIMAN32.dll [10.0.22621.436,2026-10-01 10:32:57 GMT] [11776]
[70010000,01D000] C:\WINDOWS\SYSTEM32\srvcli.dll [10.0.22621.1,1993-11-17 08:22:16 GMT] [80072]
[72790000,00B000] C:\WINDOWS\SYSTEM32\netutils.dll [10.0.22621.870,1982-10-14 00:31:06 GMT] [39232]
[69170000,02D000] C:\WINDOWS\SYSTEM32\dxcore.dll [10.0.22621.436,0000-00-00 00:00:00 GMT] [166368]
[02C90000,C25000] D:\WeChat[3.9.0.28]\VoipEngine.dll [3.7.5.183,2022-12-30 08:17:23 GMT] [10672520]
[038C0000,1A96000] D:\WeChat[3.9.0.28]\libFFmpeg.dll [1.0.1.31,2022-05-10 09:30:51 GMT] [17212920]
[05360000,661000] D:\WeChat[3.9.0.28]\andromeda.dll [1.1.13.17,2023-01-12 04:02:01 GMT] [6512008]
[71C00000,00B000] C:\WINDOWS\SYSTEM32\CRYPTBASE.DLL [10.0.22621.1,0000-00-00 00:00:00 GMT] [33144]
[74240000,00A000] C:\WINDOWS\SYSTEM32\Secur32.dll [10.0.22621.1,0000-00-00 00:00:00 GMT] [20992]
[741A0000,025000] C:\WINDOWS\SYSTEM32\SSPICLI.DLL [10.0.22621.870,2003-04-04 23:01:17 GMT] [143592]
[77900000,212000] D:\WeChat[3.9.0.28]\mmmojo.dll [109.0.5414.75,2023-01-03 23:06:55 GMT] [2077064]
[71550000,029000] C:\WINDOWS\SYSTEM32\ntmarta.dll [10.0.22621.1,0000-00-00 00:00:00 GMT] [155488]
[77880000,07D000] C:\WINDOWS\system32\Riched20.dll [5.31.23.1231,2012-05-22 12:01:45 GMT] [497664]
[6F4A0000,017000] C:\WINDOWS\SYSTEM32\USP10.dll [10.0.22621.1,1972-01-28 20:16:25 GMT] [78336]
[51370000,02C000] C:\WINDOWS\SYSTEM32\msls31.dll [3.10.349.0,2035-10-24 06:18:09 GMT] [163328]
[06520000,F8F000] D:\WeChat[3.9.0.28]\WeChatResource.dll [3.9.0.28,2023-01-31 09:05:43 GMT] [16318856]
[72310000,015000] C:\WINDOWS\SYSTEM32\CRYPTSP.dll [10.0.22621.1,2006-02-15 15:35:22 GMT] [81600]
[751E0000,0DB000] C:\WINDOWS\System32\MSCTF.dll [10.0.22621.1325,2018-05-08 06:37:35 GMT] [892704]
[722E0000,030000] C:\WINDOWS\system32\rsaenh.dll [10.0.22621.1,2024-04-19 19:26:49 GMT] [189048]
[6F640000,014000] C:\WINDOWS\SYSTEM32\ondemandconnroutehelper.dll [10.0.22621.1,1995-09-16 18:06:02 GMT] [61440]
[76E80000,007000] C:\WINDOWS\System32\NSI.dll [10.0.22621.1,0000-00-00 00:00:00 GMT] [21728]
[714E0000,051000] C:\WINDOWS\system32\mswsock.dll [10.0.22621.1,2012-09-12 14:33:47 GMT] [321376]
[6A320000,00A000] C:\WINDOWS\SYSTEM32\WINNSI.DLL [10.0.22621.1,1984-03-05 07:15:58 GMT] [31032]
[71A20000,016000] C:\WINDOWS\SYSTEM32\dhcpcsvc6.DLL [10.0.22621.1325,1971-07-04 21:45:52 GMT] [75616]
[71870000,017000] C:\WINDOWS\SYSTEM32\dhcpcsvc.DLL [10.0.22621.1325,0000-00-00 00:00:00 GMT] [89648]
[090B0000,402000] D:\WeChat[3.9.0.28]\wcprobe.dll [2.0.0.6,2022-11-09 06:23:23 GMT] [4187528]
[762B0000,058000] C:\WINDOWS\System32\WINTRUST.dll [10.0.22621.1245,1989-10-29 20:37:39 GMT] [351736]
[72340000,00E000] C:\WINDOWS\SYSTEM32\MSASN1.dll [10.0.22621.891,2020-05-28 17:00:40 GMT] [52176]
[73650000,0B9000] C:\WINDOWS\SYSTEM32\DNSAPI.dll [10.0.22621.1245,0000-00-00 00:00:00 GMT] [755608]
[77840000,03D000] D:\WeChat[3.9.0.28]\WeUIResource.dll [3.9.0.28,2023-01-31 09:08:41 GMT] [250248]
[699A0000,064000] C:\WINDOWS\system32\Wlanapi.dll [10.0.22621.436,0000-00-00 00:00:00 GMT] [405456]
[69980000,019000] C:\WINDOWS\SYSTEM32\MobileNetworking.dll [10.0.22621.1,0000-00-00 00:00:00 GMT] [81920]
[10000000,DE0000] C:\Program Files (x86)\Sangfor\SSL\ClientComponent\SangforNsp.dll [7.6.6.301,2020-04-03 08:03:24 GMT] [14531272]
[70160000,074000] C:\WINDOWS\SYSTEM32\MSVCP60.dll [7.0.22621.1,1999-11-08 17:46:53 GMT] [460800]
[70820000,13D000] C:\WINDOWS\SYSTEM32\MFC42.DLL [6.6.8063.0,0000-00-00 00:00:00 GMT] [1269760]
[6FB50000,012000] C:\WINDOWS\system32\napinsp.dll [10.0.22621.1,1986-03-15 02:07:33 GMT] [68696]
[6FB20000,016000] C:\WINDOWS\system32\pnrpnsp.dll [10.0.22621.1,0000-00-00 00:00:00 GMT] [71680]
[681C0000,0E4000] C:\WINDOWS\SYSTEM32\textinputframework.dll [10.0.22621.1325,1987-11-11 01:56:56 GMT] [928688]
[6FA70000,00E000] C:\WINDOWS\System32\winrnr.dll [10.0.22621.1,0000-00-00 00:00:00 GMT] [45496]
[6FA20000,011000] C:\WINDOWS\system32\wshbth.dll [10.0.22621.1,0000-00-00 00:00:00 GMT] [54272]
[6FA00000,018000] C:\WINDOWS\system32\nlansp_c.dll [10.0.22621.1,2001-05-30 05:39:33 GMT] [82432]
[65250000,0CD000] C:\WINDOWS\SYSTEM32\CoreMessaging.dll [10.0.22621.746,2008-06-22 08:44:46 GMT] [834160]
[5E820000,290000] C:\WINDOWS\SYSTEM32\CoreUIComponents.dll [10.0.22621.436,1970-10-27 18:53:59 GMT] [2699264]
[75F40000,01B000] C:\WINDOWS\System32\imagehlp.dll [10.0.22621.1,2015-09-08 03:59:27 GMT] [101752]
[70A60000,00E000] C:\WINDOWS\system32\wbem\wbemprox.dll [10.0.22621.1,1994-04-11 01:31:46 GMT] [38400]
[707B0000,067000] C:\WINDOWS\SYSTEM32\wbemcomn.dll [10.0.22621.1,2017-11-05 20:17:32 GMT] [398336]
[6FC50000,011000] C:\WINDOWS\system32\wbem\wbemsvc.dll [10.0.22621.1,2021-09-24 09:48:14 GMT] [49152]
[6F930000,0CC000] C:\WINDOWS\system32\wbem\fastprox.dll [10.0.22621.436,0000-00-00 00:00:00 GMT] [815104]
[70E60000,015000] C:\WINDOWS\SYSTEM32\amsi.dll [10.0.22621.1,2027-04-29 12:59:30 GMT] [71680]
[6F7D0000,07B000] C:\Program Files\McAfee\MfeAV\AMSIExt_x86.dll [23.2.199.0,2020-06-09 14:38:14 GMT] [505752]
[54650000,160000] C:\WINDOWS\SYSTEM32\WindowsCodecs.dll [10.0.22621.436,2032-11-05 05:49:01 GMT] [1450304]
[6E030000,02E000] C:\Program Files (x86)\Sangfor\SSL\SangforPW\SangforUDProtect.dll [1.0.0.1,2020-07-18 10:18:57 GMT] [175208]
[742C0000,00F000] C:\WINDOWS\SYSTEM32\WTSAPI32.dll [10.0.22621.1,0000-00-00 00:00:00 GMT] [54760]
[61670000,218000] C:\WINDOWS\SYSTEM32\dwrite.dll [10.0.22621.436,0000-00-00 00:00:00 GMT] [2151424]
[776A0000,19B000] C:\Users\froz\AppData\Roaming\Tencent\WeChat\XPlugin\Plugins\RadiumWMPF\6500\extracted\host\wmpf_host_export.dll [,2022-11-04 07:45:18 GMT] [1599368]
[6F6D0000,095000] C:\WINDOWS\SYSTEM32\TextShaping.dll [10.0.22621.436,0000-00-00 00:00:00 GMT] [611008]
[5F630000,349000] C:\WINDOWS\SYSTEM32\uiautomationcore.dll [7.2.22621.436,1989-06-23 17:55:36 GMT] [3407872]
[686A0000,08B000] C:\WINDOWS\SYSTEM32\sxs.dll [10.0.22621.1037,0000-00-00 00:00:00 GMT] [564544]
[714B0000,021000] C:\WINDOWS\SYSTEM32\gpapi.dll [10.0.22621.436,0000-00-00 00:00:00 GMT] [123456]
[70A30000,027000] C:\Windows\System32\cryptnet.dll [10.0.22621.1,1999-07-13 03:28:28 GMT] [149296]
[5F610000,011000] C:\Windows\System32\threadpoolwinrt.dll [10.0.22621.1,2026-12-01 06:37:55 GMT] [58368]
[6F1E0000,05D000] C:\WINDOWS\System32\fwpuclnt.dll [10.0.22621.586,0000-00-00 00:00:00 GMT] [361984]
[69010000,008000] C:\Windows\System32\rasadhlp.dll [10.0.22621.1,0000-00-00 00:00:00 GMT] [13312]
[54390000,2B4000] C:\WINDOWS\SYSTEM32\msftedit.dll [10.0.22621.436,1999-02-28 21:08:45 GMT] [2805760]
[54240000,14E000] C:\Windows\System32\Windows.Globalization.dll [10.0.22621.436,0000-00-00 00:00:00 GMT] [1352704]
[69140000,022000] C:\WINDOWS\SYSTEM32\globinputhost.dll [10.0.22621.436,1986-01-31 22:14:50 GMT] [118272]
[65660000,049000] C:\WINDOWS\SYSTEM32\Bcp47Langs.dll [10.0.22621.436,0000-00-00 00:00:00 GMT] [294392]
[5FE00000,07C000] C:\WINDOWS\System32\MMDevApi.dll [10.0.22621.436,0000-00-00 00:00:00 GMT] [495352]
[6FA40000,024000] C:\WINDOWS\System32\DEVOBJ.dll [10.0.22621.1325,0000-00-00 00:00:00 GMT] [145312]
[61A60000,04C000] C:\WINDOWS\system32\dataexchange.dll [10.0.22621.436,0000-00-00 00:00:00 GMT] [295424]
[61890000,1CF000] C:\WINDOWS\system32\twinapi.appcore.dll [10.0.22621.726,2024-08-04 18:02:29 GMT] [1902768]
[71AB0000,04F000] C:\WINDOWS\SYSTEM32\WINSTA.dll [10.0.22621.436,0000-00-00 00:00:00 GMT] [306280]
[15FE0000,0D3000] D:\codes\wxhelper-3.9.0.28-V10\build\lib\Debug\wxhelper.dll [,2023-03-02 08:06:52 GMT] [842240]
[77360000,01E000] C:\WINDOWS\SYSTEM32\VCRUNTIME140D.dll [14.34.31938.0,0000-00-00 00:00:00 GMT] [126832]
[161D0000,0B4000] C:\WINDOWS\SYSTEM32\MSVCP140D.dll [14.34.31938.0,0000-00-00 00:00:00 GMT] [738704]
[18C60000,1A4000] C:\WINDOWS\SYSTEM32\ucrtbased.dll [10.0.22000.832,1984-12-11 21:12:54 GMT] [1710568]
[69760000,01F000] C:\WINDOWS\SYSTEM32\winmmbase.dll [10.0.22621.1,0000-00-00 00:00:00 GMT] [117792]
[5FDC0000,03B000] C:\WINDOWS\SYSTEM32\wdmaud.drv [10.0.22621.1,1976-02-23 08:23:21 GMT] [220160]
[67A20000,007000] C:\WINDOWS\SYSTEM32\ksuser.dll [10.0.22621.1,2017-06-30 20:04:53 GMT] [23744]
[67A10000,009000] C:\WINDOWS\SYSTEM32\AVRT.dll [10.0.22621.436,1989-02-27 21:19:56 GMT] [29968]
[5FC30000,18A000] C:\WINDOWS\SYSTEM32\AUDIOSES.DLL [10.0.22621.1017,2029-02-23 17:24:41 GMT] [1605888]
[679D0000,00B000] C:\WINDOWS\SYSTEM32\msacm32.drv [10.0.22621.1,0000-00-00 00:00:00 GMT] [26624]
[5FC10000,019000] C:\WINDOWS\SYSTEM32\MSACM32.dll [10.0.22621.1,0000-00-00 00:00:00 GMT] [97088]
[65650000,008000] C:\WINDOWS\SYSTEM32\midimap.dll [10.0.22621.1,0000-00-00 00:00:00 GMT] [21504]
[50250000,10A000] C:\Windows\System32\Windows.UI.dll [10.0.22621.436,2037-02-02 17:33:56 GMT] [1096504]
[6F470000,010000] C:\WINDOWS\SYSTEM32\resourcepolicyclient.dll [10.0.22621.1,0000-00-00 00:00:00 GMT] [57840]

75d4709 编译有报错

<title></title> <style type="text/css"> p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 9.0px Helvetica} p.p2 {margin: 0.0px 0.0px 0.0px 0.0px; font: 9.0px Helvetica; min-height: 11.0px} table.t1 {border-style: solid; border-width: 0.5px 0.5px 0.5px 0.5px; border-color: #bfbfbf #bfbfbf #bfbfbf #bfbfbf; border-collapse: collapse} td.td1 {border-style: solid; border-width: 0.5px 0.5px 0.5px 0.5px; border-color: #7f7f7f #7f7f7f #7f7f7f #7f7f7f; padding: 0.0px 5.0px 0.0px 5.0px} </style>

严重性	代码	说明	项目	文件	行	禁止显示状态
错误(活动)	E0992	命令行错误: 宏定义无效: '0_UNICODE'	wxhelper.dll (lib\wxhelper.dll) - x86-Debug	D:\02Code\04GitHub\wxhelper\src\dllMain.cc	1

消息中返回的type 是什么意思？

{'content': '123', 'fromGroup': 'filehelper', 'fromUser': 'filehelper', 'isSendByPhone': 1, 'isSendMsg': 1, 'msgId': 56297380280xx4558, 'pid': 44256, 'sign': '22209414b261XXb5e27a4dfb855e4d7', 'signature': '\n\tv1_RUfxxo8\n\n', 'time': '2023-02-01 19:31:40', 'timestamp': 1675251100, 'type': 1}

type = 0 # 发送的消息类型
type = 1 # 接收到的消息类型
type = 49
type = 51

...........

建议有时间了修复下！

win10 64位、两个微信版本都试了，都有同样的问题！

我把wxhelper.dll移到ConsoleInject.exe 同目录
执行ConsoleInject.exe -i D:\Program Files (x86)\Tencent\WeChat\WeChat.exe -p wxhelper.dll
重新登录微信，测试http，没反应