diff --git a/spy/load_calls.cpp b/spy/load_calls.cpp
index 606811d..c0ebe7d 100644
--- a/spy/load_calls.cpp
+++ b/spy/load_calls.cpp
@@ -12,7 +12,7 @@ WxCalls_t wxCalls = {
           Hook,   call,   type, self,   id, msgXml, roomId, wxId, content, thumb, extra */
     { 0x550F4C, 0xA96350, 0x38, 0x3C, 0x184, 0x1EC, 0x48, 0x170, 0x70, 0x198, 0x1AC },
     { 0x768140, 0XF59E40, 0XCE6640, 0x756960 },           // Send Image Message
-    { 0xC3B70, 0x771980, 0x3ED8C0 },                      // Send File Message
+    { 0x76AE20, 0xF59E40, 0xB6D1F0, 0x756960 },           // Send File Message
     { 0xB8A70, 0x3ED5E0, 0x107F00, 0x3ED7B0, 0x2386FE4 }, // Send xml Message
     { 0x771980, 0x4777E0, 0x239E888 },                    // Send Emotion Message
     /* Get Contacts:
diff --git a/spy/rpc_server.cpp b/spy/rpc_server.cpp
index 5aa0c48..c297bf9 100644
--- a/spy/rpc_server.cpp
+++ b/spy/rpc_server.cpp
@@ -589,12 +589,12 @@ static bool dispatcher(uint8_t *in, size_t in_len, uint8_t *out, size_t *out_len
             ret = func_send_img(req.msg.file.path, req.msg.file.receiver, out, out_len);
             break;
         }
-#if 0
         case Functions_FUNC_SEND_FILE: {
             LOG_DEBUG("[Functions_FUNC_SEND_FILE]");
             ret = func_send_file(req.msg.file.path, req.msg.file.receiver, out, out_len);
             break;
         }
+#if 0
         case Functions_FUNC_SEND_XML: {
             LOG_DEBUG("[Functions_FUNC_SEND_XML]");
             ret = func_send_xml(req.msg.xml, out, out_len);
diff --git a/spy/send_msg.cpp b/spy/send_msg.cpp
index 737280b..a53e306 100644
--- a/spy/send_msg.cpp
+++ b/spy/send_msg.cpp
@@ -78,12 +78,12 @@ void SendImageMessage(string wxid, string path)
     if (g_WeChatWinDllAddr == 0) {
         return;
     }
-    int success        = 0;
-    DWORD tmpEAX       = 0;
-    char buf[0x2D8]    = { 0 };
-    WxString_t imgWxid = { 0 };
-    WxString_t imgPath = { 0 };
-    WxString_t unkObj  = { 0 };
+    int success           = 0;
+    DWORD tmpEAX          = 0;
+    char buf[0x2D8]       = { 0 };
+    WxString_t imgWxid    = { 0 };
+    WxString_t imgPath    = { 0 };
+    WxString_t nullbuffer = { 0 };
 
     wstring wsWxid = String2Wstring(wxid);
     wstring wspath = String2Wstring(path);
@@ -107,7 +107,7 @@ void SendImageMessage(string wxid, string path)
         call       sendCall1;
         sub        esp,0x14;
         mov        tmpEAX,eax;
-        lea        eax,unkObj;
+        lea        eax,nullbuffer;
         mov        ecx,esp;
         lea        edi,imgPath;
         push       eax;
@@ -131,8 +131,9 @@ void SendFileMessage(string wxid, string path)
     if (g_WeChatWinDllAddr == 0) {
         return;
     }
+    int success           = 0;
     DWORD tmpEAX          = 0;
-    char buffer[0x3B0]    = { 0 };
+    char buffer[0x2D8]    = { 0 };
     WxString_t fileWxid   = { 0 };
     WxString_t filePath   = { 0 };
     WxString_t nullbuffer = { 0 };
@@ -152,46 +153,49 @@ void SendFileMessage(string wxid, string path)
     DWORD sendCall1 = g_WeChatWinDllAddr + g_WxCalls.sendFile.call1;
     DWORD sendCall2 = g_WeChatWinDllAddr + g_WxCalls.sendFile.call2;
     DWORD sendCall3 = g_WeChatWinDllAddr + g_WxCalls.sendFile.call3;
+    DWORD sendCall4 = g_WeChatWinDllAddr + g_WxCalls.sendFile.call4;
 
     __asm {
-		pushad;
-		pushfd;
-		call sendCall1;
-		sub esp, 0x14;
-		mov tmpEAX, eax;
-		lea eax, nullbuffer;
-		mov ecx, esp;
-		push eax;
-		call sendCall2;
-		push 0x00DBE200;
-		sub esp, 0x14;
-		mov edi, esp;
-		mov dword ptr ds : [edi] , 0x0;
-		mov dword ptr ds : [edi + 0x4] , 0x0;
-		mov dword ptr ds : [edi + 0x8] , 0x0;
-		mov dword ptr ds : [edi + 0xC] , 0x0;
-		mov dword ptr ds : [edi + 0x10] , 0x0;
-		sub esp, 0x14;
-		lea eax, filePath;
-		mov ecx, esp;
-		push eax;
-		call sendCall2;
-		sub esp, 0x14;
-		lea eax, fileWxid;
-		mov ecx, esp;
-		push eax;
-		call sendCall2;
-		mov ecx, dword ptr [tmpEAX];
-		lea eax, buffer;
-		push eax;
-		call sendCall3;
-		mov al,byte ptr [eax + 0x38];
-		movzx eax,al;
-		popfd;
-		popad;
+        pushad;
+        pushfd;
+        call sendCall1;
+        sub esp, 0x14;
+        mov tmpEAX, eax;
+        lea eax, nullbuffer;
+        mov ecx, esp;
+        push eax;
+        call sendCall2;
+        push 0x0;
+        sub esp, 0x14;
+        mov edi, esp;
+        mov dword ptr[edi], 0;
+        mov dword ptr[edi + 0x4], 0;
+        mov dword ptr[edi + 0x8], 0;
+        mov dword ptr[edi + 0xc], 0;
+        mov dword ptr[edi + 0x10], 0;
+        sub esp, 0x14;
+        lea eax, filePath;
+        mov ecx, esp;
+        push eax;
+        call sendCall2;
+        sub esp, 0x14;
+        lea eax, fileWxid;
+        mov ecx, esp;
+        push eax;
+        call sendCall2;
+        mov ecx, dword ptr[tmpEAX];
+        lea eax, buffer;
+        push eax;
+        call sendCall3;
+        mov al, byte ptr[eax + 0x38];
+        movzx eax, al;
+        mov success, eax;
+        lea ecx, buffer;
+        call sendCall4;
+        popfd;
+        popad;
     }
 }
-
 void SendXmlMessage(string receiver, string xml, string path, int type)
 {
     if (g_WeChatWinDllAddr == 0) {