From 103c29e9fe345b23a8357111a17b4bdd44a2e85c Mon Sep 17 00:00:00 2001
From: xaoyaoo <xaoyaoo@qq.com>
Date: Tue, 5 Dec 2023 11:53:46 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E5=A4=9A=E5=BE=AE=E4=BF=A1?=
 =?UTF-8?q?=E8=8E=B7=E5=8F=96wxid=E9=94=99=E8=AF=AF=E3=80=82=20#33?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 pywxdump/wx_info/get_wx_info.py | 32 ++++++++++++++++++++++----------
 1 file changed, 22 insertions(+), 10 deletions(-)

diff --git a/pywxdump/wx_info/get_wx_info.py b/pywxdump/wx_info/get_wx_info.py
index 4c723bd..47e7746 100644
--- a/pywxdump/wx_info/get_wx_info.py
+++ b/pywxdump/wx_info/get_wx_info.py
@@ -52,19 +52,31 @@ def pattern_scan_all(handle, pattern, *, return_multiple=False, find_num=100):
 
 
 def get_info_wxid(h_process):
+    # find_num = 1000
+    # addrs = pattern_scan_all(h_process, br'\\FileStorage', return_multiple=True, find_num=find_num)
+    # wxids = []
+    # for addr in addrs:
+    #     array = ctypes.create_string_buffer(33)
+    #     if ReadProcessMemory(h_process, void_p(addr - 21), array, 33, 0) == 0: return "None"
+    #     array = bytes(array)  # .decode('utf-8', errors='ignore')
+    #     array = array.split(br'\FileStorage')[0]
+    #     for part in [b'}', b'\x7f', b'\\']:
+    #         if part in array:
+    #             array = array.split(part)[1]
+    #             wxids.append(array.decode('utf-8', errors='ignore'))
+    #             break
+    # wxid = max(wxids, key=wxids.count) if wxids else "None"
+
     find_num = 100
-    addrs = pattern_scan_all(h_process, br'\\FileStorage', return_multiple=True, find_num=find_num)
+    addrs = pattern_scan_all(h_process, br'\\Msg\\FTSContact', return_multiple=True, find_num=find_num)
     wxids = []
     for addr in addrs:
-        array = ctypes.create_string_buffer(33)
-        if ReadProcessMemory(h_process, void_p(addr - 21), array, 33, 0) == 0: return "None"
-        array = bytes(array)  # .decode('utf-8', errors='ignore')
-        array = array.split(br'\FileStorage')[0]
-        for part in [b'}', b'\x7f', b'\\']:
-            if part in array:
-                array = array.split(part)[1]
-                wxids.append(array.decode('utf-8', errors='ignore'))
-                break
+        array = ctypes.create_string_buffer(80)
+        if ReadProcessMemory(h_process, void_p(addr - 30), array, 80, 0) == 0: return "None"
+        array = bytes(array)  # .split(b"\\")[0]
+        array = array.split(b"\\Msg")[0]
+        array = array.split(b"\\")[-1]
+        wxids.append(array.decode('utf-8', errors='ignore'))
     wxid = max(wxids, key=wxids.count) if wxids else "None"
     return wxid