Merge pull request #12 from ljc545w/3.7.0.26

适配微信3.7.0.26版本

Merge pull request #12 from ljc545w/3.7.0.26
适配微信3.7.0.26版本
18dc5dd9 · Jack Li · GitHub · 44599f26 · 0696e2ad · 18dc5dd9
20 changed file
--- a/DWeChatRobot/CheckFriendStatus.cpp
+++ b/DWeChatRobot/CheckFriendStatus.cpp
 #include "pch.h"
 // 检查好友状态CALL1偏移
-#define CheckFriendStatusCall1Offset 0x78861210 - 0x787A0000
+#define CheckFriendStatusCall1Offset 0x594944E0 - 0x593B0000
 // 检查好友状态CALL2偏移
-#define CheckFriendStatusCall2Offset 0x03521CD0 - 0x02E20000
+#define CheckFriendStatusCall2Offset 0x59B20890 - 0x593B0000
 // 检查好友状态CALL3偏移
-#define CheckFriendStatusCall3Offset 0x03521DC0 - 0x02E20000
+#define CheckFriendStatusCall3Offset 0x59B20980 - 0x593B0000
 // 检查好友状态CALL4偏移
-#define CheckFriendStatusCall4Offset 0x0321FB90 - 0x02E20000
+#define CheckFriendStatusCall4Offset 0x59813940 - 0x593B0000
 // 检查好友状态参数偏移
-#define CheckFriendStatusParamOffset 0x0504F3BC - 0x02E20000
+#define CheckFriendStatusParamOffset 0x5B7138F4 - 0x593B0000
 // 好友状态码HOOK地址偏移
-#define CheckFriendStatusHookOffset 0x5E0830B3 - 0x5DB60000
+#define CheckFriendStatusHookOffset 0x59937373 - 0x593B0000
 // HOOK的CALL偏移
-#define CheckFriendStatusNextCallOffset 0x5E083150 - 0x5DB60000
+#define CheckFriendStatusNextCallOffset 0x59937410 - 0x593B0000
 // HOOK跳转的地址偏移
-#define CheckFriendStatusHookJmpBackOffset 0x5E0830B8 - 0x5DB60000
+#define CheckFriendStatusHookJmpBackOffset 0x59937378 - 0x593B0000
 // HOOK的CALL地址
 DWORD CheckFriendStatusNextCallAddress = GetWeChatWinBase() + CheckFriendStatusNextCallOffset;

--- a/DWeChatRobot/DbBackup.cpp
+++ b/DWeChatRobot/DbBackup.cpp
@@ -112,7 +112,7 @@ VOID PatchSQLite3_Backup_Init() {
 	if (SQLite3_Backup_Init_Patched)
 		return;
 	// patch掉这块指令，绕过`backup is not supported with encrypted databases`
-	DWORD address_sqlite3_backup_init_patch_offset = OffsetFromIdaAddr(0x1131C110 + 0x52);
+	DWORD address_sqlite3_backup_init_patch_offset = OffsetFromIdaAddr(0x113E0470 + 0x52);
 	DWORD patchAddress = GetWeChatWinBase() + address_sqlite3_backup_init_patch_offset;
 	const int nopLen = 22;
 	BYTE nopData[nopLen];
@@ -148,15 +148,15 @@ int BackupSQLiteDB(DWORD DbHandle,const char* BackupFile)
 #ifdef _DEBUG
 	cout << "开始备份,文件保存至: " << BackupFile << endl;
 #endif
-	DWORD address_sqlite3_open = wxBaseAddress + OffsetFromIdaAddr(0x1138ACD0);
+	DWORD address_sqlite3_open = wxBaseAddress + OffsetFromIdaAddr(0x1144F000);
-	DWORD address_sqlite3_backup_init = wxBaseAddress + OffsetFromIdaAddr(0x1131C110);
+	DWORD address_sqlite3_backup_init = wxBaseAddress + OffsetFromIdaAddr(0x113E0470);
-	DWORD address_sqlite3_backup_step = wxBaseAddress + OffsetFromIdaAddr(0x1131C510);
+	DWORD address_sqlite3_backup_step = wxBaseAddress + OffsetFromIdaAddr(0x113E0870);
-	DWORD address_sqlite3_sleep = wxBaseAddress + OffsetFromIdaAddr(0x1138B510);
+	DWORD address_sqlite3_sleep = wxBaseAddress + OffsetFromIdaAddr(0x1144F840);
-	DWORD address_sqlite3_backup_finish = wxBaseAddress + OffsetFromIdaAddr(0x1131CB50);
+	DWORD address_sqlite3_backup_finish = wxBaseAddress + OffsetFromIdaAddr(0x113E0EB0);
-	DWORD address_sqlite3_close = wxBaseAddress + OffsetFromIdaAddr(0x113880A0);
+	DWORD address_sqlite3_close = wxBaseAddress + OffsetFromIdaAddr(0x1144C3D0);
-	DWORD address_sqlite3_backup_remaining = wxBaseAddress + OffsetFromIdaAddr(0x1131CC50);
+	DWORD address_sqlite3_backup_remaining = wxBaseAddress + OffsetFromIdaAddr(0x113E0FB0);
-	DWORD address_sqlite3_backup_pagecount = wxBaseAddress + OffsetFromIdaAddr(0x1131CC60);
+	DWORD address_sqlite3_backup_pagecount = wxBaseAddress + OffsetFromIdaAddr(0x113E0FC0);
-	DWORD address_sqlite3_errcode = wxBaseAddress + OffsetFromIdaAddr(0x11389970);
+	DWORD address_sqlite3_errcode = wxBaseAddress + OffsetFromIdaAddr(0x1144DCA0);
 	const char* myMain = "main";
 	int rc = backupDb(
 		DbHandle,

--- a/DWeChatRobot/DbExecuteSql.cpp
+++ b/DWeChatRobot/DbExecuteSql.cpp
 #include "pch.h"
 // sqlite3_exec函数偏移
-#define sqlite3_execOffset 0x66176570 - 0x64E20000
+#define sqlite3_execOffset 0x141A8C0
 // sqlite3_callback函数指针
 typedef int(*sqlite3_callback)(

--- a/DWeChatRobot/FriendList.cpp
+++ b/DWeChatRobot/FriendList.cpp
@@ -2,7 +2,7 @@
 #include <vector> 
 // 通讯录左树偏移
-#define LeftTreeOffset 0x222F3BC
+#define LeftTreeOffset 0x23638F4
 /*
 * 保存单个好友信息的结构体

--- a/DWeChatRobot/GetChatRoomMemebers.cpp
+++ b/DWeChatRobot/GetChatRoomMemebers.cpp
 #include "pch.h"
 // 获取群成员CALL1偏移
-#define GetChatRoomMembersCall1Offset 0x6246BBB0 - 0x61E20000
+#define GetChatRoomMembersCall1Offset 0x54926F80 - 0x54270000
 // 获取群成员CALL2偏移
-#define GetChatRoomMembersCall2Offset 0x61EDF550 - 0x61E20000
+#define GetChatRoomMembersCall2Offset 0x54352990 - 0x54270000
 // 获取群成员CALL3偏移
-#define GetChatRoomMembersCall3Offset 0x622046D0 - 0x61E20000
+#define GetChatRoomMembersCall3Offset 0x546B88C0 - 0x54270000
 // 清空缓存CALL偏移
-#define DeleteGetChatRoomMembersCacheCallOffset 0x6246BDD0 - 0x61E20000
+#define DeleteGetChatRoomMembersCacheCallOffset 0x549271A0 - 0x54270000
 /*
 * 外部调用的返回类型
@@ -61,7 +61,7 @@ BOOL __stdcall GetChatRoomMembers(wchar_t* chatroomid) {
 	DWORD DeleteGetChatRoomMembersCacheCall = WeChatWinBase + DeleteGetChatRoomMembersCacheCallOffset;
 	WxBaseStruct wsChatRoomId(chatroomid);
-	char buffer[0x1B0] = { 0 };
+	char buffer[0x1E0] = { 0 };
 	DWORD isSuccess = 0x0;
 	DWORD DataAddr = 0x0;
@@ -83,6 +83,9 @@ BOOL __stdcall GetChatRoomMembers(wchar_t* chatroomid) {
 	}
 	if (isSuccess) {
 		char* members = (char*)(*(DWORD*)(DataAddr + 0x1C));
+#ifdef _DEBUG
+		cout << members << endl;
+#endif
 		wchar_t* wmembers = new wchar_t[strlen(members) + 1];
 		ZeroMemory(wmembers, (strlen(members) + 1) * 2);
 		MultiByteToWideChar(CP_ACP,0,members,-1,wmembers, strlen(members) + 1);

--- a/DWeChatRobot/GetDbHandles.cpp
+++ b/DWeChatRobot/GetDbHandles.cpp
 #include "pch.h"
 // 联系人相关库偏移
-#define SqlHandleMicroMsgOffset 0x222F3FC
+#define SqlHandleMicroMsgOffset 0x2363934
 // 公众号相关库偏移
-#define SqlHandlePublicMsgOffset 0x22553D0
+#define SqlHandlePublicMsgOffset 0x239B3C8
 // 保存数据库信息的容器
 vector<DbInfoStruct> dbs;
@@ -47,7 +47,7 @@ void GetDbHandles() {
 	__asm {
 		mov eax, [SqlHandleBaseAddr];
 		mov ecx, [eax];
-		add ecx, 0x1888;
+		add ecx, 0x1428;
 		mov eax, [ecx];
 		mov SqlHandleBeginAddr, eax;
 		mov eax, [ecx + 0x4];
@@ -60,26 +60,26 @@ void GetDbHandles() {
 		SqlHandleBeginAddr += 0x4;
 		if (SqlHandleBeginAddr == SqlHandleEndAddr)
 			break;
-		if(dbnames.find((wchar_t*)(*(DWORD*)(dwHandle + 0x78)),0) != wstring::npos)
+		if(dbnames.find((wchar_t*)(*(DWORD*)(dwHandle + 0x50)),0) != wstring::npos)
 			continue;
 		DbInfoStruct db = { 0 };
-		dbnames += (wchar_t*)(*(DWORD*)(dwHandle + 0x78));
+		dbnames += (wchar_t*)(*(DWORD*)(dwHandle + 0x50));
-		db.dbname = (wchar_t*)(*(DWORD*)(dwHandle + 0x78));
+		db.dbname = (wchar_t*)(*(DWORD*)(dwHandle + 0x50));
 		db.l_dbname = wcslen(db.dbname);
-		db.handle = *(DWORD*)(dwHandle + 0x64);
+		db.handle = *(DWORD*)(dwHandle + 0x3C);
-		ExecuteSQL(*(DWORD*)(dwHandle + 0x64), "select * from sqlite_master where type=\"table\";",(DWORD)GetDbInfo,&db);
+		ExecuteSQL(*(DWORD*)(dwHandle + 0x3C), "select * from sqlite_master where type=\"table\";",(DWORD)GetDbInfo,&db);
 		dbs.push_back(db);
 	}
 	for (int i = 1; i < 4; i++) {
 		dwHandle = *((DWORD*)(SqlHandlePublicMsgAddr + i * 0x4));
-		if (dbnames.find((wchar_t*)(*(DWORD*)(dwHandle + 0x78)), 0) != wstring::npos)
+		if (dbnames.find((wchar_t*)(*(DWORD*)(dwHandle + 0x50)), 0) != wstring::npos)
 			continue;
 		DbInfoStruct db = { 0 };
-		dbnames += (wchar_t*)(*(DWORD*)(dwHandle + 0x78));
+		dbnames += (wchar_t*)(*(DWORD*)(dwHandle + 0x50));
-		db.dbname = (wchar_t*)(*(DWORD*)(dwHandle + 0x78));
+		db.dbname = (wchar_t*)(*(DWORD*)(dwHandle + 0x50));
 		db.l_dbname = wcslen(db.dbname);
-		db.handle = *(DWORD*)(dwHandle + 0x64);
+		db.handle = *(DWORD*)(dwHandle + 0x3C);
-		ExecuteSQL(*(DWORD*)(dwHandle + 0x64), "select * from sqlite_master where type=\"table\";", (DWORD)GetDbInfo, &db);
+		ExecuteSQL(*(DWORD*)(dwHandle + 0x3C), "select * from sqlite_master where type=\"table\";", (DWORD)GetDbInfo, &db);
 		dbs.push_back(db);
 	}
 	// 添加一个空结构体，作为读取结束标志

--- a/DWeChatRobot/LogMsgInfo.cpp
+++ b/DWeChatRobot/LogMsgInfo.cpp
 #include "pch.h"
 // 微信日志HOOK地址偏移
-#define HookLogMsgInfoAddrOffset 0x103408A4 - 0x0FC40000
+#define HookLogMsgInfoAddrOffset 0x549DF444 - 0x54270000
 // HOOK的CALL偏移
-#define HookLogMsgInfoNextCallOffset 0x11586DFC - 0x0FC40000
+#define HookLogMsgInfoNextCallOffset 0x55C7E50E - 0x54270000
 // HOOK的跳转地址偏移
-#define HookLogMsgJmpBackOffset 0x103408A9 - 0x0FC40000
+#define HookLogMsgJmpBackOffset 0x549DF449 - 0x54270000
 // 微信日志HOOK地址
 DWORD HookLogMsgInfoAddr = GetWeChatWinBase() + HookLogMsgInfoAddrOffset;

--- a/DWeChatRobot/ReceiveMessage.cpp
+++ b/DWeChatRobot/ReceiveMessage.cpp
@@ -2,9 +2,9 @@
 #include <vector>
 // 接收消息的HOOK地址偏移
-#define ReceiveMessageHookOffset 0x034A4F60 - 0x02FE0000
+#define ReceiveMessageHookOffset 0x547C0F4C - 0x54270000
 // HOOK的CALL偏移
-#define ReceiveMessageNextCallOffset 0x034A0CE0 - 0x02FE0000
+#define ReceiveMessageNextCallOffset 0x54D04E60 - 0x54270000
 /*
 * 保存单条信息的结构
@@ -47,9 +47,6 @@ DWORD JmpBackAddress = ReceiveMessageHookAddress + 0x5;
 */
 VOID ReceiveMessage(DWORD messageAddr) {
 	// 此处用于区别是发送的还是接收的消息，发送的消息会被过滤
-	DWORD isSendMessage = *(DWORD*)(messageAddr + 0x3C);
-	if (isSendMessage)
-		return;
 	messageStruct message = { 0 };
 	message.messagetype = *(DWORD*)(messageAddr + 0x38);
@@ -124,8 +121,8 @@ _declspec(naked) void dealReceiveMessage() {
 	__asm {
 		pushad;
 		pushfd;
-		mov edi, [eax];
+		mov eax, [edi];
-		push edi;
+		push eax;
 		call ReceiveMessage;
 		add esp, 0x4;
 		popfd;

--- a/DWeChatRobot/SelfInfo.cpp
+++ b/DWeChatRobot/SelfInfo.cpp
@@ -21,16 +21,16 @@ struct SelfInfoStruct {
 DWORD GetSelfInfoRemote() {
 	DWORD WeChatWinBase = GetWeChatWinBase();
 	vector<DWORD> SelfInfoAddr = {
-		WeChatWinBase + 0x222EB3C,
+		WeChatWinBase + 0x236307C,
-		WeChatWinBase + 0x222ED30,
+		WeChatWinBase + 0x2363548,
-		WeChatWinBase + 0x222EBB4,
+		WeChatWinBase + 0x23630F4,
-		*(DWORD*)(WeChatWinBase + 0x222ECEC),
+		*(DWORD*)(WeChatWinBase + 0x236322C),
-		*(DWORD*)(WeChatWinBase + 0x222EE94),
+		*(DWORD*)(WeChatWinBase + 0x239E11C),
-		*(DWORD*)(WeChatWinBase + 0x222EEAC),
+		*(DWORD*)(WeChatWinBase + 0x23633D4),
-		WeChatWinBase + 0x222EF30,
+		WeChatWinBase + 0x23632E8,
-		WeChatWinBase + 0x222ECBC,
+		WeChatWinBase + 0x23631FC,
-		WeChatWinBase + 0x222ECD4,
+		WeChatWinBase + 0x2363214,
-		WeChatWinBase + 0x222EBE8
+		WeChatWinBase + 0x2363128
 	};
 	vector<wstring> SelfInfoKey = {

--- a/DWeChatRobot/SendArticle.cpp
+++ b/DWeChatRobot/SendArticle.cpp
 #include "pch.h"
 // 发送文章CALL1偏移
-#define SendArticleCall1Offset 0x0F7454F0 - 0x0F6B0000
+#define SendArticleCall1Offset 0x54328A10 - 0x54270000
 // 发送文章CALL2偏移
-#define SendArticleCall2Offset 0x0FA41F80 - 0x0F6B0000
+#define SendArticleCall2Offset 0x5465D5E0 - 0x54270000
 // 发送文章CALL3偏移
-#define SendArticleCall3Offset 0x0F7794A0 - 0x0F6B0000
+#define SendArticleCall3Offset 0x54377EB0 - 0x54270000
 // 发送文章CALL4偏移
-#define SendArticleCall4Offset 0x0FA42150 - 0x0F6B0000
+#define SendArticleCall4Offset 0x5465D7B0 - 0x54270000
 // 发送文章CALL参数偏移
-#define SendArticleParamOffset 0x118EEC34 - 0x0F6B0000
+#define SendArticleParamOffset 0x565F3FE4 - 0x54270000
 // 清空缓存CALL1偏移
-#define SendArticleClearCacheCall1Offset 0x0FCEB4F0 - 0x0F6B0000
+#define SendArticleClearCacheCall1Offset 0x54916450 - 0x54270000
 // 清空缓存CALL2偏移
-#define SendArticleClearCacheCall2Offset 0x0F744200 - 0x0F6B0000
+#define SendArticleClearCacheCall2Offset 0x54327720 - 0x54270000
 /*
 * 外部调用时传递的参数结构
@@ -49,7 +49,7 @@ VOID SendArticleRemote(LPVOID lparameter) {
 * return：DWORD，个人wxid保存地址
 */
 DWORD GetSelfWxIdAddr() {
-	DWORD baseAddr = GetWeChatWinBase() + 0x222EB3C;
+	DWORD baseAddr = GetWeChatWinBase() + 0x236307C;
 	char wxidbuffer[0x100] = { 0 };
 	DWORD SelfWxIdAddr = 0x0;
 	sprintf_s(wxidbuffer, "%s", (char*)baseAddr);
@@ -86,7 +86,7 @@ BOOL __stdcall SendArticle(wchar_t* wxid,wchar_t* title, wchar_t* abstract, wcha
 	// 自己的wxid，发送者
 	char* sselfwxid = (char*)GetSelfWxIdAddr();
 	wchar_t* wselfwxid = new wchar_t[strlen(sselfwxid) + 1];
-	MultiByteToWideChar(CP_ACP, MB_COMPOSITE, sselfwxid, -1, wselfwxid, strlen(sselfwxid) + 1);
+	MultiByteToWideChar(CP_ACP, 0, sselfwxid, -1, wselfwxid, strlen(sselfwxid) + 1);
 	// 构造xml数据
 	wchar_t* xmlbuffer = new wchar_t[0x2000];
 	ZeroMemory(xmlbuffer, 0x2000 * 2);
@@ -100,7 +100,7 @@ BOOL __stdcall SendArticle(wchar_t* wxid,wchar_t* title, wchar_t* abstract, wcha
 	WxBaseStruct pReceiver(wxid);
 	WxString imgbuffer = { 0 };
 	WxString nullStruct = { 0 };
-	char buffer[0xF90] = { 0 };
+	char buffer[0xFF0] = { 0 };
 	DWORD isSuccess = 0x0;
 	__asm {
 		pushad;

--- a/DWeChatRobot/SendAtText.cpp
+++ b/DWeChatRobot/SendAtText.cpp
 #include "pch.h"
 // 发送艾特消息CALL偏移
-#define SendAtTextCallOffset 0x6782E7B0 - 0x67370000
+#define SendAtTextCallOffset 0x67391D30 - 0x66E70000
 // 清空缓存CALL偏移
-#define DeleteAtTextCacheCallOffset 0x67404200 - 0x67370000
+#define DeleteAtTextCacheCallOffset 0x54327720 - 0x54270000
 /*
 * 外部调用时传递的参数结构

--- a/DWeChatRobot/SendCard.cpp
+++ b/DWeChatRobot/SendCard.cpp
 #include "pch.h"
 // 发送名片的CALL偏移
-#define SendCardCallOffset 0x644FE7B0 - 0x64040000
+#define SendCardCallOffset 0x54791D30 - 0x54270000
 // 清空缓存的CALL偏移
-#define DeleteCardCacheCallOffset 0x640D4200 - 0x64040000
+#define DeleteCardCacheCallOffset 0x54327720 - 0x54270000
 /*
 * 外部调用时提供的参数结构

--- a/DWeChatRobot/SendFile.cpp
+++ b/DWeChatRobot/SendFile.cpp
 #include "pch.h"
 // 发送文件CALL1偏移
-#define SendFileCall1Offset (0x67A71DC0 - 0x67370000)
+#define SendFileCall1Offset (0x549E0980 - 0x54270000)
 // 发送文件CALL2偏移
-#define SendFileCall2Offset (0x68D81C83 - 0x67370000)
+#define SendFileCall2Offset (0x549E0980 - 0x54270000)
 // 发送文件CALL3偏移
-#define SendFileCall3Offset (0x68D8047A - 0x67370000)
+#define SendFileCall3Offset (0x5465D8C0 - 0x54270000)
 // 发送文件CALL4偏移
-#define SendFileCall4Offset (0x67702260 - 0x67370000)
+#define SendFileCall4Offset (0x54698270 - 0x54270000)
 // 发送文件参数偏移
-#define SendFileParamsOffset (0x6959F170 - 0x67370000)
+#define SendFileParamsOffset (0x565D36B0 - 0x54270000)
 // 清空缓存CALL偏移
-#define DeleteSendFileCacheCallOffset (0x67404200 - 0x67370000)
+#define DeleteSendFileCacheCallOffset (0x54327720 - 0x54270000)
 /*
 * 外部调用时传递的参数结构
@@ -86,13 +86,6 @@ void __stdcall SendFile(wchar_t* receiver, wchar_t* FilePath) {
 	__asm {
 		pushad;
 		pushfd;
-		lea esi, esi_;
-		push 0;
-		push 0;
-		push 0;
-		push 0;
-		push 0;
-		push 0x005A0000;
 		sub esp, 0x14;
 		mov edi, esp;
 		mov dword ptr ds : [edi] , 0x0;
@@ -100,54 +93,28 @@ void __stdcall SendFile(wchar_t* receiver, wchar_t* FilePath) {
 		mov dword ptr ds : [edi + 0x8] , 0x0;
 		mov dword ptr ds : [edi + 0xC] , 0x0;
 		mov dword ptr ds : [edi + 0x10] , 0x0;
+		push 0x00DBE200;
+		sub esp, 0x14;
+		mov edi, esp;
+		mov dword ptr ds : [edi] , 0x0;
+		mov dword ptr ds : [edi + 0x4] , 0x0;
+		mov dword ptr ds : [edi + 0x8] , 0x0;
+		mov dword ptr ds : [edi + 0xC] , 0x0;
+		mov dword ptr ds : [edi + 0x10] , 0x0;
 		sub esp, 0x14;
-		lea eax, dword ptr ds : [esi + 0x4] ;
+		lea eax, pFilePath;
 		mov ecx, esp;
 		push eax;
 		call WxSendFileCall1;
 		sub esp, 0x14;
+		lea eax, pReceiver;
 		mov ecx, esp;
-		mov dword ptr ds : [ecx] , 0x0;
-		mov dword ptr ds : [ecx + 0x4] , 0x0;
-		mov dword ptr ds : [ecx + 0x8] , 0x0;
-		mov dword ptr ds : [ecx + 0xC] , 0x0;
-		mov dword ptr ds : [ecx + 0x10] , 0x0;
-		lea edx, pReceiver;
-		mov eax, [edx];
-		mov edi, edi_;
-		lea eax, dword ptr ds : [edi * 2 + 0x2] ;
-		mov tempecx, ecx;
 		push eax;
-		push dword ptr ds : [ecx] ;
 		call WxSendFileCall2;
-		mov ecx, [tempecx];
+		mov ecx, [WxSendFileParams];
-		mov edx, eax;
-		add esp, 0x8;
-		mov eax, dword ptr ds : [ecx + 0x4] ;
-		mov dword ptr ds : [ecx] , edx;
-		mov dword ptr ds : [ecx + 0x8] , edi;
-		mov tempecx, ecx;
-		push edi;
-		push ptrReceiver;
-		push dword ptr ds : [ecx] ;
-		call WxSendFileCall3;
-		mov ecx, [tempecx];
-		add esp, 0xC;
-		mov edx, 0x0;
-		mov eax, dword ptr ds : [ecx] ;
-		mov word ptr ds : [eax + edi * 2] , 0x0;
-		mov dword ptr ds : [ecx + 0x4] , edi;
-		mov ecx, WxSendFileParams;
 		lea eax, buffer;
 		push eax;
-		call WxSendFileCall4;
+		call WxSendFileCall3;
 		lea ecx, buffer;
 		call DeleteSendFileCacheCall;
 		popfd;

--- a/DWeChatRobot/SendImage.cpp
+++ b/DWeChatRobot/SendImage.cpp
 #include "pch.h"
 // 发送图片CALL1偏移
-#define SendImageCall1Offset (0x6740A1C0 - 0x67370000)
+#define SendImageCall1Offset (0x5432D730 - 0x54270000)
 // 发送图片CALL2偏移
-#define SendImageCall2Offset (0x67A71DC0 - 0x67370000)
+#define SendImageCall2Offset (0x549E0980 - 0x54270000)
 // 发送图片CALL3偏移
-#define SendImageCall3Offset (0x6782E160 - 0x67370000)
+#define SendImageCall3Offset (0x54791640 - 0x54270000)
 // 清空缓存的CALL偏移
-#define DeleteSendImageCacheCallOffset (0x67404200 - 0x67370000)
+#define DeleteSendImageCacheCallOffset (0x54327720 - 0x54270000)
 /*
 * 外部调用时传递的参数结构

--- a/DWeChatRobot/SendText.cpp
+++ b/DWeChatRobot/SendText.cpp
 #include "pch.h"
 // 发送文本消息的CALL偏移
-#define SendTextCallOffset 0x6782E7B0 - 0x67370000
+#define SendTextCallOffset 0x67391D30 - 0x66E70000
 // 清空缓存的CALL偏移
-#define DeleteTextCacheCallOffset 0x67404200 - 0x67370000
+#define DeleteTextCacheCallOffset 0x54327720 - 0x54270000
 /*
 * 外部调用时传递的参数结构

--- a/DWeChatRobot/UserInfo.cpp
+++ b/DWeChatRobot/UserInfo.cpp
@@ -3,19 +3,16 @@
 #include <string>
 #include <vector>
-// 获取好友信息CALL0偏移
-#define GetUserInfoCall0Offset 0x6740A000 - 0x67370000
 // 获取好友信息CALL1偏移
-#define GetUserInfoCall1Offset 0x679C9840 - 0x67370000
+#define GetUserInfoCall1Offset 0x5946D570 - 0x593B0000
 // 获取好友信息CALL2偏移
-#define GetUserInfoCall2Offset 0x67A71DC0 - 0x67370000
+#define GetUserInfoCall2Offset 0x59B20980 - 0x593B0000
 // 获取好友信息CALL3偏移
-#define GetUserInfoCall3Offset 0x677724A0 - 0x67370000
+#define GetUserInfoCall3Offset 0x59816270 - 0x593B0000
+// 清理好友信息缓存参数
-// 清空缓存CALL1偏移
+#define DeleteUserInfoCacheCall1Offset 0x59A752B0 - 0x593B0000
-#define DeleteUserInfoCacheCall1Offset 0x67775990 - 0x67370000
+// 清理好友信息缓存CALL2
-// 清空缓存CALL2偏移
+#define DeleteUserInfoCacheCall2Offset 0x5946E680 - 0x593B0000
-#define DeleteUserInfoCacheCall2Offset 0x679CA340 - 0x67370000
 /*
 * 外部调用时的返回类型
@@ -117,12 +114,11 @@ VOID DeleteUserInfoCacheRemote() {
 */
 BOOL __stdcall GetUserInfoByWxId(wchar_t* wxid) {
 	DWORD WeChatWinBase = GetWeChatWinBase();
-	DWORD WxGetUserInfoCall0 = WeChatWinBase + GetUserInfoCall0Offset;
 	DWORD WxGetUserInfoCall1 = WeChatWinBase + GetUserInfoCall1Offset;
 	DWORD WxGetUserInfoCall2 = WeChatWinBase + GetUserInfoCall2Offset;
 	DWORD WxGetUserInfoCall3 = WeChatWinBase + GetUserInfoCall3Offset;
-	DWORD DeleteUserInofCacheCall1 = WeChatWinBase + DeleteUserInfoCacheCall1Offset;
+	DWORD DeleteUserInfoCacheCall1 = WeChatWinBase + DeleteUserInfoCacheCall1Offset;
-	DWORD DeleteUserInofCacheCall2 = WeChatWinBase + DeleteUserInfoCacheCall2Offset;
+	DWORD DeleteUserInfoCacheCall2 = WeChatWinBase + DeleteUserInfoCacheCall2Offset;
 	char buffer[0x3FC] = { 0 };
 	WxBaseStruct pWxid(wxid);
 	DWORD address = 0;
@@ -130,33 +126,32 @@ BOOL __stdcall GetUserInfoByWxId(wchar_t* wxid) {
 	__asm
 	{
 		pushad;
-		call WxGetUserInfoCall0;
-		mov edi, eax;
-		lea ecx, buffer;
 		call WxGetUserInfoCall1;
-		lea eax, buffer;
+		lea ebx, buffer;
-		mov address, eax;
+		push ebx;
-		push eax;
 		sub esp, 0x14;
+		mov esi, eax;
+		lea eax, pWxid;
 		mov ecx, esp;
-		lea esi, pWxid;
+		push eax;
-		push esi;
 		call WxGetUserInfoCall2;
-		mov ecx, edi;
+		mov ecx, esi;
 		call WxGetUserInfoCall3;
 		mov isSuccess, eax;
+		mov address, ebx;
 		popad;
 	}
 	if(isSuccess)
 		WxUserInfo(address);
+	char deletebuffer[0x410] = { 0 };
 	__asm {
 		pushad;
-		lea eax, buffer;
+		lea ecx, deletebuffer;
+		call DeleteUserInfoCacheCall1;
 		push eax;
-		call DeleteUserInofCacheCall1;
+		lea ebx,buffer;
-		lea ecx, buffer;
+		mov ecx, ebx;
-		mov esi, eax;
+		call DeleteUserInfoCacheCall2;
-		call DeleteUserInofCacheCall2;
 		popad;
 	}
 	return isSuccess;
@@ -169,12 +164,11 @@ BOOL __stdcall GetUserInfoByWxId(wchar_t* wxid) {
 */
 wchar_t* __stdcall GetUserNickNameByWxId(wchar_t* wxid) {
 	DWORD WeChatWinBase = GetWeChatWinBase();
-	DWORD WxGetUserInfoCall0 = WeChatWinBase + GetUserInfoCall0Offset;
 	DWORD WxGetUserInfoCall1 = WeChatWinBase + GetUserInfoCall1Offset;
 	DWORD WxGetUserInfoCall2 = WeChatWinBase + GetUserInfoCall2Offset;
 	DWORD WxGetUserInfoCall3 = WeChatWinBase + GetUserInfoCall3Offset;
-	DWORD DeleteUserInofCacheCall1 = WeChatWinBase + DeleteUserInfoCacheCall1Offset;
+	DWORD DeleteUserInfoCacheCall1 = WeChatWinBase + DeleteUserInfoCacheCall1Offset;
-	DWORD DeleteUserInofCacheCall2 = WeChatWinBase + DeleteUserInfoCacheCall2Offset;
+	DWORD DeleteUserInfoCacheCall2 = WeChatWinBase + DeleteUserInfoCacheCall2Offset;
 	char buffer[0x3FC] = { 0 };
 	WxBaseStruct pWxid(wxid);
 	DWORD address = 0;
@@ -182,21 +176,19 @@ wchar_t* __stdcall GetUserNickNameByWxId(wchar_t* wxid) {
 	__asm
 	{
 		pushad;
-		call WxGetUserInfoCall0;
-		mov edi, eax;
-		lea ecx, buffer;
 		call WxGetUserInfoCall1;
-		lea eax, buffer;
+		lea ebx, buffer;
-		mov address, eax;
+		push ebx;
-		push eax;
 		sub esp, 0x14;
+		mov esi, eax;
+		lea eax, pWxid;
 		mov ecx, esp;
-		lea esi, pWxid;
+		push eax;
-		push esi;
 		call WxGetUserInfoCall2;
-		mov ecx, edi;
+		mov ecx, esi;
 		call WxGetUserInfoCall3;
 		mov isSuccess, eax;
+		mov address, ebx;
 		popad;
 	}
 	wchar_t* NickName = NULL;
@@ -206,14 +198,15 @@ wchar_t* __stdcall GetUserNickNameByWxId(wchar_t* wxid) {
 		ZeroMemory(NickName, (length + 1) * 2);
 		memcpy(NickName, (wchar_t*)(*(DWORD*)(address + 0x6C)), length * 2);
 	}
+	char deletebuffer[0x410] = { 0 };
 	__asm {
 		pushad;
-		lea eax, buffer;
+		lea ecx, deletebuffer;
+		call DeleteUserInfoCacheCall1;
 		push eax;
-		call DeleteUserInofCacheCall1;
+		lea ebx, buffer;
-		lea ecx, buffer;
+		mov ecx, ebx;
-		mov esi, eax;
+		call DeleteUserInfoCacheCall2;
-		call DeleteUserInofCacheCall2;
 		popad;
 	}
 	return NickName;

--- a/DWeChatRobot/dllmain.cpp
+++ b/DWeChatRobot/dllmain.cpp
@@ -24,7 +24,6 @@ BOOL APIENTRY DllMain( HMODULE hModule,
        printf("GetChatRoomMembers 0x%08X\n", (DWORD)GetChatRoomMembers);
        printf("ExecuteSql 0x%08X\n", (DWORD)ExecuteSQL);
        printf("BackupSQLiteDB 0x%08X\n", (DWORD)BackupSQLiteDBRemote);
-        HookLogMsgInfo();
 #endif
        break;
    }

--- a/Python/wxRobot.py
+++ b/Python/wxRobot.py
@@ -60,7 +60,6 @@ class WeChatRobot():
            myinfo = ast.literal_eval(myinfo)
        except SyntaxError:
            return {}
-        myinfo['wxBigAvatar'] = myinfo['wxBigAvatar'].replace("/132","/0")
        self.myinfo = myinfo
        return self.myinfo

--- a/Release/CWeChatRobot.exe
+++ b/Release/CWeChatRobot.exe
--- a/Release/DWeChatRobot.dll
+++ b/Release/DWeChatRobot.dll