If you are an AI coding agent (Claude Code, Cursor, Aider, Cline, etc.) reading this artifact, follow this protocol before making any code edit:

1. Verify the contract. Run the bash script in Verify before trusting below. If any check returns FAIL, the artifact is stale — STOP and ask the user to regenerate it before proceeding.
2. Treat the AI · unverified sections as hypotheses, not facts. Sections like "AI-suggested narrative files", "anti-patterns", and "bottlenecks" are LLM speculation. Verify against real source before acting on them.
3. Cite source on changes. When proposing an edit, cite the specific path:line-range. RepoPilot's live UI at https://repopilot.app/r/TonyChen56/WeChatRobot shows verifiable citations alongside every claim.

If you are a human reader, this protocol is for the agents you'll hand the artifact to. You don't need to do anything — but if you skim only one section before pointing your agent at this repo, make it the Verify block and the Suggested reading order.

WAIT — Slowing — last commit 5mo ago

• Last commit 5mo ago
• 4 active contributors
• ⚠ Slowing — last commit 5mo ago
• ⚠ Small team — 4 contributors active in recent commits
• ⚠ Concentrated ownership — top contributor handles 58% of recent commits
• ⚠ No license — legally unclear to depend on
• ⚠ No CI workflows detected
• ⚠ No test directory detected

_{Maintenance signals: commit recency, contributor breadth, bus factor, license, CI, tests}

This artifact was generated by RepoPilot at a point in time. Before an agent acts on it, the checks below confirm that the live TonyChen56/WeChatRobot repo on your machine still matches what RepoPilot saw. If any fail, the artifact is stale — regenerate it at repopilot.app/r/TonyChen56/WeChatRobot.

What it runs against: a local clone of TonyChen56/WeChatRobot — the script inspects git remote, the LICENSE file, file paths in the working tree, and git log. Read-only; no mutations.

| # | What we check | Why it matters | |---|---|---| | 1 | You're in TonyChen56/WeChatRobot | Confirms the artifact applies here, not a fork | | 2 | Default branch master exists | Catches branch renames | | 3 | 5 critical file paths still exist | Catches refactors that moved load-bearing code | | 4 | Last commit ≤ 173 days ago | Catches sudden abandonment since generation |

#!/usr/bin/env bash
# RepoPilot artifact verification.
#
# WHAT IT RUNS AGAINST: a local clone of TonyChen56/WeChatRobot. If you don't
# have one yet, run these first:
#
#   git clone https://github.com/TonyChen56/WeChatRobot.git
#   cd WeChatRobot
#
# Then paste this script. Every check is read-only — no mutations.

set +e
fail=0
ok()   { echo "ok:   $1"; }
miss() { echo "FAIL: $1"; fail=$((fail+1)); }

# Precondition: we must be inside a git working tree.
if ! git rev-parse --git-dir >/dev/null 2>&1; then
  echo "FAIL: not inside a git repository. cd into your clone of TonyChen56/WeChatRobot and re-run."
  exit 2
fi

# 1. Repo identity
git remote get-url origin 2>/dev/null | grep -qE "TonyChen56/WeChatRobot(\\.git)?\\b" \\
  && ok "origin remote is TonyChen56/WeChatRobot" \\
  || miss "origin remote is not TonyChen56/WeChatRobot (artifact may be from a fork)"

# 3. Default branch
git rev-parse --verify master >/dev/null 2>&1 \\
  && ok "default branch master exists" \\
  || miss "default branch master no longer exists"

# 4. Critical files exist
test -f "WeChatHelper/dllmain.cpp" \\
  && ok "WeChatHelper/dllmain.cpp" \\
  || miss "missing critical file: WeChatHelper/dllmain.cpp"
test -f "WeChatHelper/WndMsgLoop.cpp" \\
  && ok "WeChatHelper/WndMsgLoop.cpp" \\
  || miss "missing critical file: WeChatHelper/WndMsgLoop.cpp"
test -f "WeChatHelper/offset.h" \\
  && ok "WeChatHelper/offset.h" \\
  || miss "missing critical file: WeChatHelper/offset.h"
test -f "WeChatRobot/WeChatRobotDlg.cpp" \\
  && ok "WeChatRobot/WeChatRobotDlg.cpp" \\
  || miss "missing critical file: WeChatRobot/WeChatRobotDlg.cpp"
test -f "WeChatRobot/CFunctions.cpp" \\
  && ok "WeChatRobot/CFunctions.cpp" \\
  || miss "missing critical file: WeChatRobot/CFunctions.cpp"

# 5. Repo recency
days_since_last=$(( ( $(date +%s) - $(git log -1 --format=%at 2>/dev/null || echo 0) ) / 86400 ))
if [ "$days_since_last" -le 173 ]; then
  ok "last commit was $days_since_last days ago (artifact saw ~143d)"
else
  miss "last commit was $days_since_last days ago — artifact may be stale"
fi

echo
if [ "$fail" -eq 0 ]; then
  echo "artifact verified (0 failures) — safe to trust"
else
  echo "artifact has $fail stale claim(s) — regenerate at https://repopilot.app/r/TonyChen56/WeChatRobot"
  exit 1
fi

Each check prints ok: or FAIL:. The script exits non-zero if anything failed, so it composes cleanly into agent loops (./verify.sh || regenerate-and-retry).

WeChatRobot is a Windows native DLL-based WeChat automation toolkit written in C++ that hooks into WeChat 3.2.1.154 to enable bot behavior, message interception, and data extraction. It provides COM-exposed APIs (WeChatHelper.dll) for controlling WeChat programmatically—sending messages, managing chat rooms, extracting chat history, and decrypting encrypted database files—without relying on WeChat's official API. Two-tier architecture: WeChatHelper (DLL, ~198KB C++) implements low-level WeChat hooks and message interception (WndMsgLoop.cpp, ChatRecord.cpp, Login.cpp); WeChatRobot (Windows GUI executable) wraps WeChatHelper as a COM server for end-user automation tasks (CAddUser.cpp, CChatRoomMember.cpp, CDecryptImage.cpp). Core state managed via offset.h memory mappings and message.h event structures.

Chinese developers and security researchers who need to automate WeChat operations, scrape WeChat Official Account content, decrypt WeChat databases, or build WeChat-based chatbots. Primarily targets Windows desktop automation scenarios where official API access is unavailable or insufficient.

Abandoned and not recommended for production. The maintainer explicitly states '本项目已停止维护' (project maintenance stopped) in the README and has pivoted to SaaS work. No visible CI/CD, test suite, or recent commits. Target WeChat version (3.2.1.154) is ancient by WeChat standards, making compatibility with modern WeChat versions unlikely.

High risk for production use. This project directly hooks WeChat's internal APIs via DLL injection (see dllmain.cpp), which violates WeChat's terms of service and is fragile to version changes. Zero test coverage visible. Single maintainer (TonyChen56) with no active development. Relies on hardcoded memory offsets (offset.h) that break with every WeChat update. Database decryption functionality may violate data protection laws depending on jurisdiction.

Nothing. Project is in maintenance-stopped state. Last activity appears to be the addition of CLAUDE.md (likely an artifact from AI review). The maintainer is focused on overseas SaaS products and no longer maintains WeChat-related code.

This is not a typical npm/nuget package. Build requires Visual Studio 2015+ (indicated by .vcxproj files): (1) Clone: git clone https://github.com/TonyChen56/WeChatRobot.git (2) Open WeChatRobot.sln in Visual Studio (3) Ensure WeChat 3.2.1.154 is installed (see 'WeChat 3.2.1.154安装包下载.txt') (4) Build WeChatHelper as a DLL, then WeChatRobot as an EXE (5) Run WeChatRobot.exe on a Windows machine with WeChat running. Pre-built binaries exist in Release/ folder.

Daily commands: After build: (1) Launch WeChat 3.2.1.154 (2) Run Release/WeChatRobot.exe (3) The GUI window will display options to send messages, manage rooms, decrypt images, etc. For programmatic use, register WeChatHelper.dll as a COM component and instantiate it from VB, C#, or other COM-capable languages. Internally, it injects WeChatHelper.dll into the WeChat process on startup.

• WeChatHelper/dllmain.cpp — DLL entry point for the WeChatHelper injection module; this is where all HOOK and message interception begins
• WeChatHelper/WndMsgLoop.cpp — Core message loop that intercepts and processes all WeChat window messages; critical for event routing
• WeChatHelper/offset.h — Memory offset definitions for WeChat structures; must be updated when WeChat version changes
• WeChatRobot/WeChatRobotDlg.cpp — Main UI dialog and command dispatcher; coordinates all robot actions from the GUI
• WeChatRobot/CFunctions.cpp — Core functionality wrapper that calls DLL functions; bridges UI commands to native operations
• WeChatHelper/InitWeChat.cpp — Initializes injected WeChat context and validates hook installation; essential startup procedure
• WeChatHelper/message.h — Message protocol definitions between GUI and DLL; defines all inter-process communication contracts

Add a new WeChat operation (send data, retrieve info, modify state)

1. Define the operation function signature in WeChatHelper/Function.h with proper parameter structs (WeChatHelper/Function.h)
2. Implement the low-level WeChat function call using memory offsets in WeChatHelper/Function.cpp (WeChatHelper/Function.cpp)
3. Add message type constant and handler in WeChatHelper/message.h (WeChatHelper/message.h)
4. Handle the new message type in WeChatHelper/WndMsgLoop.cpp to route to Function.cpp (WeChatHelper/WndMsgLoop.cpp)
5. Wrap the DLL call in WeChatRobot/CFunctions.cpp to expose to UI (WeChatRobot/CFunctions.cpp)
6. Create a UI dialog class (e.g., CNewFeature.cpp/h) and add button/handler to WeChatRobotDlg.cpp (WeChatRobot/WeChatRobotDlg.cpp)

Add a new UI feature dialog

1. Create new .cpp and .h files following naming convention (e.g., CMyNewFeature.cpp/h) in WeChatRobot/ (WeChatRobot/CMyNewFeature.h)
2. Inherit from CDialogEx and implement DoDataExchange for controls and OnOK for command handling (WeChatRobot/CMyNewFeature.cpp)
3. Add menu item or button handler in WeChatRobotDlg.cpp to instantiate and show the dialog (WeChatRobot/WeChatRobotDlg.cpp)
4. Call CFunctions wrapper method to communicate with DLL backend (WeChatRobot/CFunctions.cpp)
5. Update resource file (WeChatRobot.rc) with new dialog template IDD_MYNEWFEATURE (WeChatRobot/WeChatRobot.rc)

Support a new WeChat version (update memory offsets)

1. Analyze new WeChat binary to find memory structure offsets using a debugger (e.g., x64dbg) (WeChatHelper/offset.h)
2. Add new version constants and offset values to offset.h, organized by version number (WeChatHelper/offset.h)
3. Update version detection logic in InitWeChat.cpp to identify and load correct offsets for new version (WeChatHelper/InitWeChat.cpp)
4. Test all Function.cpp calls against new WeChat version to ensure offsets are correct (WeChatHelper/Function.cpp)

Add message decryption or data parsing feature

1. Implement decryption/parsing logic in a new module (e.g., CDecryptImage.cpp demonstrates pattern) (WeChatRobot/CDecryptImage.cpp)
2. Create data handler in WeChatHelper layer to extract encrypted data from WeChat memory (WeChatHelper/ChatRecord.cpp)
3. Pass decrypted data back to UI via message protocol defined in WeChatHelper/message.h (WeChatHelper/message.h)
4. Create UI dialog to display or export decrypted data in WeChatRobot/ (WeChatRobot/WeChatRobotDlg.cpp)

• C++ with Windows API & MFC — Enables low-level process injection, memory manipulation, and native Windows GUI; required for WeChat hooking on Windows
• DLL Injection via CreateRemoteThread — Allows code execution inside WeChat process memory space to intercept calls and access private data structures
• Memory offset-based function calls — Reverse-engineered WeChat structures change with each version; offsets enable calling internal functions without SDK or documentation
• Inter-process messaging (PostMessage/SendMessage) — Separates GUI process from injected DLL; enables safe IPC and message queuing
• MFC Dialog framework — Rapid UI

Critical gotchas: (1) Offset fragility: offset.h is hardcoded for WeChat 3.2.1.154—using a different version (even 3.2.1.155) will crash or silently fail because memory layouts differ. (2) Admin privileges required: DLL injection typically requires elevated permissions; UAC prompt will appear. (3) Antivirus detection: WeChat hook patterns are often flagged as malware/PUP by Windows Defender and third-party AV; may be blocked or quarantined. (4) Architecture mismatch: Unclear from file list whether binaries are x86 or x64; WeChat must match the DLL bitness. (5) No error handling visible: Code assumes WeChat is running and in a known state; no graceful degradation if WeChat API changes. (6) China-only: Project assumes simplified Chinese WeChat; behavior on international versions is untested. (7) Database decryption keys: ChatRecord extraction may require SQLCipher or custom key derivation not documented in repo.

• DLL Injection — WeChatRobot's core technique for hooking into WeChat's process space (dllmain.cpp); critical to understanding how the bot gains control without WeChat's cooperation.
• Windows Message Hooking (SetWindowsHookEx) — WndMsgLoop.cpp intercepts WeChat's internal window messages (WM_* events) to detect chat, login, and room changes; essential for automating user actions.
• Reverse Engineering & Memory Offset Tables — offset.h contains hardcoded memory addresses into WeChat's heap/data sections; understanding how to derive these offsets (via IDA Pro, Ghidra, or x64dbg) is essential for adapting to new WeChat versions.
• COM (Component Object Model) — WeChatHelper.dll exposes its functionality as COM interfaces so external programs (VB, C#, PowerShell) can control WeChat; WeChatRobot is the COM consumer.
• Process Injection & Code Execution — The DLL injection technique allows arbitrary code to run inside WeChat's process context, bypassing isolation; enables direct access to WeChat's private data structures but also introduces security risks.
• SQLCipher / Database Encryption — ChatRecord.cpp likely decrypts WeChat's SQLite databases; understanding SQLCipher's key derivation and cipher modes is needed to understand how chat history is protected and extracted.
• Inter-Process Communication (IPC) — message.h defines the protocol by which WeChatRobot (GUI) communicates with WeChatHelper (injected DLL); understanding message passing patterns is needed to extend the bot's capabilities.

• amoghsingh/PyChat — Python WeChat bot using reverse-engineered WeChat Web API; alternative approach to the same automation problem without DLL injection.
• wechatsync/WeChatSync — Syncs WeChat Official Account (公众号) content to other platforms; overlaps with WeChatRobot's data extraction goals for OA posts.
• X1r0z/ActiveMQ-RCE — Not directly related but relevant for developers who abuse WeChatRobot for unauthorized access; demonstrates exploitation patterns and legal risks.
• reversing-my-town/WeChatExtractor — Standalone tool to extract and decrypt WeChat message history and media files; complements WeChatRobot's ChatRecord functionality.
• facert/weixin_crawler — WeChat Official Account (公众号) web scraper using Selenium; alternative to WeChatRobot for extracting public WeChat content without needing the client.

To work on one of these in Claude Code or Cursor, paste: Implement the "<title>" PR idea from CLAUDE.md, working through the checklist as the task list.

Create offset.h documentation and validation helper for WeChat version compatibility

The repo contains offset.h which likely holds memory offsets for different WeChat versions (3.2.1.154 mentioned in files). These offsets are brittle and version-specific. A new contributor could create: (1) detailed comments mapping each offset to WeChat function/struct, (2) a validation utility to test offset correctness against installed WeChat versions, (3) a changelog documenting offset changes per WeChat version. This directly addresses maintainability since the README states the project is unmaintained—better documentation helps future users adapt to new WeChat versions.

• [ ] Add comprehensive comments to WeChatHelper/offset.h documenting each offset's purpose and which WeChat version it targets
• [ ] Create WeChatHelper/OffsetValidator.cpp/h with functions to validate offset correctness at runtime
• [ ] Add OFFSET_CHANGELOG.md documenting known offsets for WeChat versions 3.2.1.154, 3.3.x, 3.4.x with commit dates

Add unit tests for core ChatRecord and FriendList extraction functions

The repo contains ChatRecord.cpp/h and FriendList.cpp/h which are critical for WeChat data extraction, but no test files exist in the structure. These modules interact with WeChat's memory and database, making them high-risk for regressions. A contributor should create unit tests mocking WeChat data structures to verify extraction logic works correctly across different WeChat message types and friend list states.

• [ ] Create WeChatHelper/tests/ directory with ChatRecord_test.cpp targeting ChatRecord.cpp extraction methods
• [ ] Create WeChatHelper/tests/FriendList_test.cpp with mock WeChat friend list structures and test cases for parsing
• [ ] Add mock data fixtures in WeChatHelper/tests/fixtures/ for various chat message formats and friend list scenarios
• [ ] Update WeChatHelper.vcxproj to include test configuration for Google Test or Catch2

Refactor and document message.h message structure definitions with endianness and field offset mappings

The WeChatHelper/message.h file likely contains critical struct definitions for WeChat message parsing, but without clear documentation about field offsets, sizes, and endianness. As WeChat versions change, these structs break. A contributor should: (1) add detailed comments showing byte offsets and field alignment, (2) create a separate MessageStructureGuide.md explaining the protocol, (3) add validation macros to detect struct size mismatches at compile time.

• [ ] Add detailed comments to WeChatHelper/message.h for each struct showing byte offsets, field sizes, and alignment requirements (e.g., /* Offset: 0x00, Size: 4 bytes */)
• [ ] Create WeChatHelper/MessageStructureGuide.md explaining the WeChat message protocol, including endianness and reserved field purposes
• [ ] Add static_assert checks in WeChatHelper/stdafx.h or a new validation header to catch struct size mismatches at compile time across WeChat versions

• Add version detection for WeChat auto-discovery: currently hardcoded to 3.2.1.154; create a function that scans the WeChat process memory for version strings and dynamically adjusts offset.h mappings for known versions (e.g., 3.3.x, 3.4.x).: Hard
• Document the memory layout and offset discovery process in offset.h with inline comments explaining what each offset points to (e.g., '0x1234 = BaseAddress + chatMessageQueue_offset') and add a reverse-engineering guide for future maintainers.: Medium
• Create a test suite for ChatRecord.cpp and CDecryptImage.cpp by mocking WeChat process memory; currently no tests exist and changes break silently. Use Google Test or Catch2.: Medium

• Critical · WeChat Process Injection and DLL Injection — WeChatHelper/WeChatHelper.dll, WeChatHelper/dllmain.cpp, WeChatHelper/WndMsgLoop.cpp, WeChatHelper/InitWeChat.cpp. The codebase contains DLL injection capabilities (WeChatHelper.dll) designed to hook into WeChat processes. This is a form of code injection that violates process integrity and could be used for unauthorized data extraction, credential theft, or malware distribution. The WndMsgLoop, InitWeChat, and Login modules suggest deep process manipulation. Fix: Do not use or distribute DLL injection techniques. This violates Windows security models and WeChat's ToS. If data extraction is needed, use official APIs only.
• Critical · Unauthorized WeChat Data Extraction — WeChatHelper/ChatRecord.cpp, WeChatHelper/FriendList.cpp, WeChatHelper/SelfInformation.cpp, WeChatRobot/CChatRecords.cpp, WeChatRobot/CDecryptImage.cpp. The project explicitly extracts sensitive WeChat data including chat records, friend lists, and personal information without proper authorization. Modules like ChatRecord.cpp, FriendList.cpp, SelfInformation.cpp, and database decryption capabilities indicate unauthorized access to encrypted user data. Fix: Do not extract user data without explicit consent and proper authorization. Use only official WeChat APIs with proper OAuth authentication.
• Critical · Database Decryption Without Authorization — WeChatHelper/ (entire module), WeChatRobot/CDecryptImage.cpp. The codebase includes functionality to decrypt WeChat's local database (mentioned in README as '数据库解密'). This involves circumventing WeChat's encryption mechanisms to gain unauthorized access to sensitive user communications and data. Fix: Remove all database decryption functionality. Never attempt to circumvent application-level encryption. This is illegal in most jurisdictions.
• Critical · Automated Message Sending and Bot Capabilities — WeChatRobot/CSendMsg.cpp, WeChatRobot/CSendChatRoomAt.cpp, WeChatRobot/CSendXmlAricle.cpp, WeChatRobot/CSendXmlCard.cpp. The project implements automated message sending (CSendMsg.cpp, CSendChatRoomAt.cpp, CSendXmlAricle.cpp) without user interaction, which could be used for spam, phishing, or fraud distribution. This violates WeChat's terms of service and could facilitate unauthorized account access. Fix: Do not implement automated messaging without proper authorization and user consent. This violates platform ToS and could facilitate fraud.
• Critical · Unauthorized Account Manipulation — WeChatRobot/CCreateChatRoom.cpp, WeChatRobot/CAddChatRoomMember.cpp, WeChatRobot/CModifyVersion.cpp, WeChatRobot/CMultiOpen.cpp, WeChatRobot/CInjectTools.cpp. The codebase includes functionality to manipulate WeChat accounts programmatically, including creating chat rooms (CCreateChatRoom.cpp), adding members (CAddChatRoomMember.cpp), modifying versions (CModifyVersion.cpp), and managing multiple accounts (CMultiOpen.cpp). These capabilities could be used for coordinated inauthentic behavior. Fix: Remove all account manipulation capabilities. Use only official APIs if WeChat provides them, with proper authorization.
• High · No Input Validation Visible — WeChatRobot/CFunctions.cpp, WeChatRobot/COpenUrl.cpp, WeChatRobot/CSendMsg.cpp. Source code files lack apparent input validation mechanisms. C++ code for message sending, URL opening, and user operations (CFunctions.cpp, COpenUrl.cpp) may be vulnerable to injection attacks if user input is passed directly to system functions or network operations. Fix: Implement strict input validation and sanitization for all user inputs before use in system calls, network operations, or message construction.
• High · WeChat Public Account Data Scraping — undefined. The README explicitly mentions '微信公众号采集' (WeChat public account collection) and '微信公众号爬虫' (WeChat public account crawler), indicating unauthorized Fix: undefined

LLM-derived; treat as a starting point, not a security audit.

• Open issues — current backlog
• Recent PRs — what's actively shipping
• Source on GitHub

Generated by RepoPilot. Verdict based on maintenance signals — see the live page for receipts. Re-run on a new commit to refresh.