From 76f4e7697abc3be2a1b1a68f230db42f12ed17f6 Mon Sep 17 00:00:00 2001
From: xaoyaoo <xaoyaoo@qq.com>
Date: Wed, 6 Dec 2023 09:57:45 +0800
Subject: [PATCH] =?UTF-8?q?=E6=9B=B4=E6=96=B0=E6=96=87=E6=A1=A3?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README.md                       |  2 +-
 doc/FAQ.md                      | 31 ++++++++++++++++++++++
 doc/UserGuide.md                |  1 +
 pywxdump/wx_info/get_wx_info.py | 46 +++++++++++++++++++++------------
 4 files changed, 63 insertions(+), 17 deletions(-)
 create mode 100644 doc/FAQ.md
 create mode 100644 doc/UserGuide.md

diff --git a/README.md b/README.md
index fa261f9..7a6cd35 100644
--- a/README.md
+++ b/README.md
@@ -55,7 +55,7 @@
 </details>
 
 
-**更新计划**
+**更新计划【由于家里有事，这些计划(除8、9、1)将会在12.30号前统一更新】**
 
 * 1.每个人聊天记录分析，生成词云。
 * 2.分析每个人每天的聊天数量，生成折线图（天-聊天数量）
diff --git a/doc/FAQ.md b/doc/FAQ.md
new file mode 100644
index 0000000..5532094
--- /dev/null
+++ b/doc/FAQ.md
@@ -0,0 +1,31 @@
+## 怎么下载
+
+方法一：进入链接[releases](https://github.com/xaoyaoo/PyWxDump/releases)下载最新版本exe文件
+
+方法二：（本地安装有python环境）使用pip安装
+```
+pip install PyWxDump
+```
+
+## 怎么使用
+
+1. 打开微信电脑版，登录微信
+2. 进入下载的exe文件所在目录,使用pip安装，跳过此步
+3. 按住shift键，同时鼠标右键，选择“在此处打开命令窗口”，或者“在此处打开powershell窗口”
+4. 在命令窗口中输入`PyWxDump`，按回车键（pip安装输入`wxdump`）
+5. 接着根据提示输入参数，回车键确认
+
+## 每台电脑上微信账户的key是不是永远不会变？
+
+同一设备，同一微信，不删除数据情况下，key（密钥）相同
+
+## 刚打开就闪退的问题
+
+1. 请检查是否由cmd或powershell打开，不要直接双击exe文件
+2. 如果使用方法二安装，请检查是否已经安装了python环境（如果使用pip安装，命令行直接输入wxdump即可）
+3. 如果使用方法二安装，检查是否将python安装目录添加到了环境变量中，如果没有，请添加
+
+## 如果遇到其他问题
+
+截图或复制错误信息，请全截图或全复制，不要只截一部分或复制部分信息。
+通过issue反馈问题，或者加入QQ群：[加入QQ群](https://s.xaoyo.top/gOLUDl)
diff --git a/doc/UserGuide.md b/doc/UserGuide.md
new file mode 100644
index 0000000..9da8ef7
--- /dev/null
+++ b/doc/UserGuide.md
@@ -0,0 +1 @@
+ 用户指南
\ No newline at end of file
diff --git a/pywxdump/wx_info/get_wx_info.py b/pywxdump/wx_info/get_wx_info.py
index 49b9316..c9b1d13 100644
--- a/pywxdump/wx_info/get_wx_info.py
+++ b/pywxdump/wx_info/get_wx_info.py
@@ -53,19 +53,31 @@ def pattern_scan_all(handle, pattern, *, return_multiple=False, find_num=100):
 
 
 def get_info_wxid(h_process):
+    # find_num = 1000
+    # addrs = pattern_scan_all(h_process, br'\\FileStorage', return_multiple=True, find_num=find_num)
+    # wxids = []
+    # for addr in addrs:
+    #     array = ctypes.create_string_buffer(33)
+    #     if ReadProcessMemory(h_process, void_p(addr - 21), array, 33, 0) == 0: return "None"
+    #     array = bytes(array)  # .decode('utf-8', errors='ignore')
+    #     array = array.split(br'\FileStorage')[0]
+    #     for part in [b'}', b'\x7f', b'\\']:
+    #         if part in array:
+    #             array = array.split(part)[1]
+    #             wxids.append(array.decode('utf-8', errors='ignore'))
+    #             break
+    # wxid = max(wxids, key=wxids.count) if wxids else "None"
+
     find_num = 100
-    addrs = pattern_scan_all(h_process, br'\\FileStorage', return_multiple=True, find_num=find_num)
+    addrs = pattern_scan_all(h_process, br'\\Msg\\FTSContact', return_multiple=True, find_num=find_num)
     wxids = []
     for addr in addrs:
-        array = ctypes.create_string_buffer(33)
-        if ReadProcessMemory(h_process, void_p(addr - 21), array, 33, 0) == 0: return "None"
-        array = bytes(array)  # .decode('utf-8', errors='ignore')
-        array = array.split(br'\FileStorage')[0]
-        for part in [b'}', b'\x7f', b'\\']:
-            if part in array:
-                array = array.split(part)[1]
-                wxids.append(array.decode('utf-8', errors='ignore'))
-                break
+        array = ctypes.create_string_buffer(80)
+        if ReadProcessMemory(h_process, void_p(addr - 30), array, 80, 0) == 0: return "None"
+        array = bytes(array)  # .split(b"\\")[0]
+        array = array.split(b"\\Msg")[0]
+        array = array.split(b"\\")[-1]
+        wxids.append(array.decode('utf-8', errors='ignore'))
     wxid = max(wxids, key=wxids.count) if wxids else "None"
     return wxid
 
@@ -82,13 +94,14 @@ def get_info_filePath(wxid="all"):
         # 获取文档实际目录
         try:
             # 打开注册表路径
-            key = winreg.OpenKey(winreg.HKEY_CURRENT_USER,r"Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders")
-            documents_path = winreg.QueryValueEx(key, "Personal")[0]# 读取文档实际目录路径
-            winreg.CloseKey(key) # 关闭注册表
+            key = winreg.OpenKey(winreg.HKEY_CURRENT_USER,
+                                 r"Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders")
+            documents_path = winreg.QueryValueEx(key, "Personal")[0]  # 读取文档实际目录路径
+            winreg.CloseKey(key)  # 关闭注册表
             documents_paths = os.path.split(documents_path)
             if "%" in documents_paths[0]:
-                w_dir = os.environ.get(documents_paths[0].replace("%",""))
-                w_dir = os.path.join(w_dir,os.path.join(*documents_paths[1:]))
+                w_dir = os.environ.get(documents_paths[0].replace("%", ""))
+                w_dir = os.path.join(w_dir, os.path.join(*documents_paths[1:]))
             else:
                 w_dir = documents_path
         except Exception as e:
@@ -182,6 +195,7 @@ def read_info(version_list, is_logging=False):
 
     return result
 
+
 def get_wechat_db(require_list: Union[List[str], str] = "all", msg_dir: str = None, wxid: Union[List[str], str] = None,
                   is_logging: bool = False):
     if not msg_dir:
@@ -241,4 +255,4 @@ def get_wechat_db(require_list: Union[List[str], str] = "all", msg_dir: str = No
         print("-" * 32)
         print(f"[+] 共 {len(user_dirs)} 个微信账号")
 
-    return user_dirs
\ No newline at end of file
+    return user_dirs