这是微信通讯的XML:
<msg fromusername="wxid_0ojxufnztgnr22" encryptusername="v3_020b3826fd0301000000000087de3255bad3b6000000501ea9a3dba12f95f6b60a0536a1adb6b4d6b90308c17550336cc3cb0dfc183b2979f9988e9f7b80f5ada580513895594bec3726809fabd47e3890d30e8f5ae70f1a0e80866183e177de817d44@stranger" fromnickname="ABC的" content="加我呀" fullpy="ABCde" shortpy="ABCD" imagestatus="3" scene="6"country="" province="" city="" sign="" percard="0" sex="1" alias="gulumiha" weibo="" albumflag="0" albumstyle="0" albumbgimgid="" snsflag="256" snsbgimgid="http://shmmsns.qpic.cn/mmsns/uchmtWQh7iapUrYlBseDgJmicxZ3g5BxOr6PiaCda3r3RDjKQVs8nRLZ644KuNPSr8WIJMz8WunlD8/0" snsbgobjectid="12970871503333953733" mhash="0940aeaf7810628dfa0d1115198c9ce4" mfullhash="0940aeaf7810628dfa0d1115198c9ce4" bigheadimgurl="http://wx.qlogo.cn/mmhead/ver_1/RtvTzjrPU9IJP6KHnHJ0znVQT8VMTGZ3OD6NsHTHlNFzaXqd5OhsKVrx7Z6z3PL7tokNw3icwJWpY0sBHZOZvJWHpbBWPt4pK1DfyaNyM2nM/0" smallheadimgurl="http://wx.qlogo.cn/mmhead/ver_1/RtvTzjrPU9IJP6KHnHJ0znVQT8VMTGZ3OD6NsHTHlNFzaXqd5OhsKVrx7Z6z3PL7tokNw3icwJWpY0sBHZOZvJWHpbBWPt4pK1DfyaNyM2nM/132" ticket="v4_000b708f0b0400000100000000007b41b1b242dd870f3fd75e03fd5f1000000050ded0b020927e3c97896a09d47e6e9e143fb24151eaa11f6a66e5a6540bfc311db0c61d8f28e10982a3784b4ee27993cf96884c23f1e6206386eda12aa65633ccd8650389f0445d4be7bb1c7f465d4d89e081ebe4da657a2282234113833a8f7da8a58773ece7379862eb32d21c6fe3a02ebb4532d2fd5eb5@stranger" opcode="2" googlecontact="" qrticket="" chatroomusername=""sourceusername="" sourcenickname="" sharecardusername="" sharecardnickname="" cardversion=""><brandlist count="0" ver="727332477"></brandlist></msg>
//自动同意好友
pushad
mov ecx, dword [ebp-0x1C] //V1
push dword [ecx+0x00000428]
sub esp, 0x14
push esp
call dword [ebp-0x04] //第一个CALL
mov ecx, dword [ebp-0x1C]//V1
mov eax, dword [ebp-0x28]//Buff24
push eax
call dword [ebp-0x08]//第二个CALL
mov esi, eax
sub esp, 0x08
mov ecx, dword [ebp-0x14]//Eaxadd
call dword [ebp-0x0C]//第三个CALL
mov edi, dword [ebp-0x2C]//BuffEdi
mov edx, edi
lea ecx, dword [edi+0x00000514]
neg edx
push eax
sbb edx, edx
and edx, ecx
lea ecx, dword [edi+0x0000054C]
push edx
push esi
call dword [ebp-0x10]//第四个CALL
popad
cankao:全套微信HOOK教程地址:https://www.bilibili.com/video/BV1it411F7w8?p=18
本文转载自:https://www.tgee.cn/微信计数器.html
本文转载自:https://www.tgee.cn/微信计数器.html