From 82462dd6476aef3438c3c9c02bf59ef1cbb91eb8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=89=8B=E7=93=9C=E4=B8=80=E5=8D=81=E9=9B=AA?= Date: Sat, 13 Jul 2024 20:21:48 +0800 Subject: [PATCH] =?UTF-8?q?docs:=20=E8=A7=84=E5=88=92?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docs/develop/Android.md | 2 -- docs/develop/GetMemberExt.md | 42 ------------------------------- docs/develop/NC 1.6.X的计划.md | 16 ++++++++++++ docs/develop/参与开发.md | 24 ------------------ 4 files changed, 16 insertions(+), 68 deletions(-) delete mode 100644 docs/develop/Android.md delete mode 100644 docs/develop/GetMemberExt.md create mode 100644 docs/develop/NC 1.6.X的计划.md delete mode 100644 docs/develop/参与开发.md diff --git a/docs/develop/Android.md b/docs/develop/Android.md deleted file mode 100644 index eb52beb2..00000000 --- a/docs/develop/Android.md +++ /dev/null @@ -1,2 +0,0 @@ -# 开始 -jadx 跳转于 `com.tencent.qqnt.kernel.*` \ No newline at end of file diff --git a/docs/develop/GetMemberExt.md b/docs/develop/GetMemberExt.md deleted file mode 100644 index 415f1ab1..00000000 --- a/docs/develop/GetMemberExt.md +++ /dev/null @@ -1,42 +0,0 @@ - # Android - ```java - GroupMemberExtReq groupMemberExtReq = new GroupMemberExtReq(); - groupMemberExtReq.sourceType = MemberExtSourceType.TITLETYPE.ordinal(); - groupMemberExtReq.groupCode = longOrNull.longValue(); - groupMemberExtReq.beginUin = "0"; - groupMemberExtReq.dataTime = "0"; - Long[] lArr = new Long[1]; - AppInterface a2 = dVar.a(); - lArr[0] = Long.valueOf(a2 != null ? a2.getLongAccountUin() : 0L); - arrayListOf = CollectionsKt__CollectionsKt.arrayListOf(lArr); - groupMemberExtReq.uinList = arrayListOf; - MemberExtInfoFilter memberExtInfoFilter = new MemberExtInfoFilter(); - memberExtInfoFilter.memberLevelInfoUin = 1; - memberExtInfoFilter.memberLevelInfoPoint = 1; - memberExtInfoFilter.memberLevelInfoActiveDay = 1; - memberExtInfoFilter.memberLevelInfoLevel = 1; - memberExtInfoFilter.levelName = 1; - memberExtInfoFilter.dataTime = 1; - memberExtInfoFilter.sysShowFlag = 1; - memberExtInfoFilter.userShowFlag = 1; - memberExtInfoFilter.userShowFlagNew = 1; - memberExtInfoFilter.levelNameNew = 1; - Unit unit = Unit.INSTANCE; - groupMemberExtReq.memberExtFilter = memberExtInfoFilter; - troopLevelFrequencyControl.f(troopUin, new TroopListRepo$fetchTroopLevelInfo$2(b2, groupMemberExtReq, troopUin, new com.tencent.qqnt.troopmemberlist.report.c("fetchTroopLevelInfo"))); -``` -# Win -参数解析位于 sub_181456A10(24108) -> wrapper.node(24108)+1456A10 -IGroupService.GetMemberExt(param: object); -param展开如下 -``` -groupCode string -beginUin string -dataTime string -uinList Array -uinNum string -groupType string -richCardNameVer string -sourceType number -memberExtFilter object// 参数解析位于 sub_18145A6D0(24108) -> wrapper.node(24108)+145A6D0 -``` \ No newline at end of file diff --git a/docs/develop/NC 1.6.X的计划.md b/docs/develop/NC 1.6.X的计划.md new file mode 100644 index 00000000..2fe12013 --- /dev/null +++ b/docs/develop/NC 1.6.X的计划.md @@ -0,0 +1,16 @@ +# 开发方向 +方向一 NativeCall/Hook: +1. 崩溃检测机制的实现 +2. Api_Caller 的Hook 可以拿到Event/Handler 进一步提升NC 即时的拦截与处理一些事件比如ReCall拦截 +3. Node包装层 进一步分析,拿到脱离自带Listener/Adapter,可以拿到一些更加底层的数据变动 或许 包括更多二进制数据 + +方向二 全新的无头启动 Way01 +1. 基于Node启动原理,借助导出导出符号还原NodeMain + +方向三 发包与收包 +1. 参考 方向一/3 大概可以收包 +2. 发包 (暂时没有计划) + +方向四 版本控制 +1. 根据不同版本进行逻辑既然 +2. 某些参数的自动提取 \ No newline at end of file diff --git a/docs/develop/参与开发.md b/docs/develop/参与开发.md deleted file mode 100644 index 70032690..00000000 --- a/docs/develop/参与开发.md +++ /dev/null @@ -1,24 +0,0 @@ -# 前排提示 -由于Core未处于开源,非组织人员无法参与Core开发,此处为Core开发提示 - -# 准备工具 -frida ida-pro jadx x64dbg ce 内部调试脚本 - -## ida-pro -1. 用于快速分析入参和返回类型 -2. 通过静态QLog推测语义 -3. 提取Listener与Service (常用) -## frida -1. 用于动态获取QLog推测语义 -2. 捕捉Native函数 实际入参与数据 分析中间流程 - -## jadx -1. 通过其它平台实现 静态获取QLog推测语义 -2. 提供部分未调用代码 参考 - -## x64dbg -1. 验证IDA的Hook点 - -## 内部脚本 -1. 提取Listener与Service (不调用无类型 不推荐) -2. 获取NT调用流程