From 395d2adee391fc7116578b214e6b87d9f381bc7a Mon Sep 17 00:00:00 2001
From: Changhua <lichanghua0821@gmail.com>
Date: Wed, 19 Apr 2023 23:17:15 +0800
Subject: [PATCH] Impl ReceiveTransfer

---
 spy/load_calls.cpp       |  2 +-
 spy/receive_transfer.cpp | 31 ++++++++++++++++++-------------
 spy/spy_types.h          |  7 ++++++-
 3 files changed, 25 insertions(+), 15 deletions(-)

diff --git a/spy/load_calls.cpp b/spy/load_calls.cpp
index f1686ce..b0c0bc5 100644
--- a/spy/load_calls.cpp
+++ b/spy/load_calls.cpp
@@ -23,7 +23,7 @@ WxCalls_t wxCalls = {
     { 0x141BDF0, 0x2366934, 0x1428, 0x142C, 0x3C, 0x50 },
     { 0x771980, 0x2AE8D0, 0x1EE40E0 }, // Accept New Friend application
     { 0xE29F0, 0x771980, 0x43D8D0 },   // Add chatroom members
-    { 0xCD2A90 }                       // Receive transfer
+    { 0x771980, 0xCD2A90 }             // Receive transfer
 };
 
 int LoadCalls(const wchar_t *version, WxCalls_t *calls)
diff --git a/spy/receive_transfer.cpp b/spy/receive_transfer.cpp
index 6820858..80346c2 100644
--- a/spy/receive_transfer.cpp
+++ b/spy/receive_transfer.cpp
@@ -11,23 +11,28 @@ extern DWORD g_WeChatWinDllAddr;
 int ReceiveTransfer(string wxid, string transferid)
 {
     int rv                  = 0;
-    DWORD recvTransferCall = g_WeChatWinDllAddr + g_WxCalls.tf;
+    DWORD recvTransferCall  = g_WeChatWinDllAddr + g_WxCalls.tf.call1;
+    DWORD recvTransferCall2 = g_WeChatWinDllAddr + g_WxCalls.tf.call2;
 
-    WxString_t wxWxid = { 0 };
-    wstring wsWxid    = String2Wstring(wxid);
-    wxWxid.text       = (wchar_t *)wsWxid.c_str();
-    wxWxid.size       = wsWxid.size();
-    wxWxid.capacity   = wsWxid.capacity();
-
-    WxString_t wxTid = { 0 };
-    wstring wsTid    = String2Wstring(wxid);
-    wxTid.text       = (wchar_t *)wsTid.c_str();
-    wxTid.size       = wsTid.size();
-    wxTid.capacity   = wsTid.capacity();
+    wstring wsWxid = String2Wstring(wxid);
+    wstring wsTid  = String2Wstring(transferid);
 
     LOG_DEBUG("Receiving transfer, from: {}, transferid: {}", wxid, transferid);
     __asm {
-
+        pushad
+        sub esp, 0x30
+        mov ecx, esp
+        lea eax, wsTid
+        push eax
+        call recvTransferCall
+        lea ecx, dword ptr ds:[esp+0x14]
+        lea eax, wsWxid
+        push eax
+        call recvTransferCall
+        call recvTransferCall2
+        add esp, 0x30
+        mov rv, eax
+        popad
     }
 
     return rv;
diff --git a/spy/spy_types.h b/spy/spy_types.h
index e67b398..e11860e 100644
--- a/spy/spy_types.h
+++ b/spy/spy_types.h
@@ -71,6 +71,11 @@ typedef struct Xml {
     DWORD param;
 } Xml_t;
 
+typedef struct TF {
+    DWORD call1;
+    DWORD call2;
+} TF_t;
+
 typedef struct WxCalls {
     DWORD login;         // 登录状态
     UserInfoCall_t ui;   // 用户信息
@@ -84,7 +89,7 @@ typedef struct WxCalls {
     Sql_t sql;           // 执行 SQL
     NewFriend_t anf;     // 通过好友申请
     RoomMember_t arm;    // 添加群成员
-    DWORD tf;            // 接收转账
+    TF_t tf;             // 接收转账
 } WxCalls_t;
 
 typedef struct WxString {