diff --git a/WeChatFerry/spy/Spy.vcxproj b/WeChatFerry/spy/Spy.vcxproj
index 0b34661..973b9d2 100644
--- a/WeChatFerry/spy/Spy.vcxproj
+++ b/WeChatFerry/spy/Spy.vcxproj
@@ -227,13 +227,12 @@ $(SolutionDir)rpc\tool\protoc --nanopb_out=. wcf.proto</Command>
     <ClInclude Include="..\rpc\pb_util.h" />
     <ClInclude Include="..\rpc\proto\wcf.pb.h" />
     <ClInclude Include="chatroom_mgmt.h" />
-    <ClInclude Include="decrypt_image.h" />
+    <ClInclude Include="funcs.h" />
     <ClInclude Include="exec_sql.h" />
     <ClInclude Include="framework.h" />
     <ClInclude Include="contact_mgmt.h" />
     <ClInclude Include="load_calls.h" />
     <ClInclude Include="log.h" />
-    <ClInclude Include="pyq.h" />
     <ClInclude Include="receive_msg.h" />
     <ClInclude Include="receive_transfer.h" />
     <ClInclude Include="resource.h" />
@@ -252,13 +251,12 @@ $(SolutionDir)rpc\tool\protoc --nanopb_out=. wcf.proto</Command>
     <ClCompile Include="..\rpc\pb_util.cpp" />
     <ClCompile Include="..\rpc\proto\wcf.pb.c" />
     <ClCompile Include="chatroom_mgmt.cpp" />
-    <ClCompile Include="decrypt_image.cpp" />
+    <ClCompile Include="funcs.cpp" />
     <ClCompile Include="dllmain.cpp" />
     <ClCompile Include="exec_sql.cpp" />
     <ClCompile Include="contact_mgmt.cpp" />
     <ClCompile Include="load_calls.cpp" />
     <ClCompile Include="log.cpp" />
-    <ClCompile Include="pyq.cpp" />
     <ClCompile Include="receive_msg.cpp" />
     <ClCompile Include="receive_transfer.cpp" />
     <ClCompile Include="rpc_server.cpp" />
diff --git a/WeChatFerry/spy/Spy.vcxproj.filters b/WeChatFerry/spy/Spy.vcxproj.filters
index 967ac9d..f8b47c4 100644
--- a/WeChatFerry/spy/Spy.vcxproj.filters
+++ b/WeChatFerry/spy/Spy.vcxproj.filters
@@ -81,7 +81,7 @@
     <ClInclude Include="resource.h">
       <Filter>头文件</Filter>
     </ClInclude>
-    <ClInclude Include="decrypt_image.h">
+    <ClInclude Include="funcs.h">
       <Filter>头文件</Filter>
     </ClInclude>
     <ClInclude Include="receive_transfer.h">
@@ -90,9 +90,6 @@
     <ClInclude Include="sqlite3.h">
       <Filter>头文件</Filter>
     </ClInclude>
-    <ClInclude Include="pyq.h">
-      <Filter>头文件</Filter>
-    </ClInclude>
   </ItemGroup>
   <ItemGroup>
     <ClCompile Include="dllmain.cpp">
@@ -146,15 +143,12 @@
     <ClCompile Include="user_info.cpp">
       <Filter>源文件</Filter>
     </ClCompile>
-    <ClCompile Include="decrypt_image.cpp">
+    <ClCompile Include="funcs.cpp">
       <Filter>源文件</Filter>
     </ClCompile>
     <ClCompile Include="receive_transfer.cpp">
       <Filter>源文件</Filter>
     </ClCompile>
-    <ClCompile Include="pyq.cpp">
-      <Filter>源文件</Filter>
-    </ClCompile>
   </ItemGroup>
   <ItemGroup>
     <None Include="spy.def">
diff --git a/WeChatFerry/spy/decrypt_image.cpp b/WeChatFerry/spy/funcs.cpp
similarity index 50%
rename from WeChatFerry/spy/decrypt_image.cpp
rename to WeChatFerry/spy/funcs.cpp
index 8be811d..aa940cd 100644
--- a/WeChatFerry/spy/decrypt_image.cpp
+++ b/WeChatFerry/spy/funcs.cpp
@@ -1,9 +1,12 @@
-#pragma warning( disable: 4244 )
+#pragma warning(disable : 4244)
 
+#include "framework.h"
 #include <fstream>
 
-#include "decrypt_image.h"
+#include "funcs.h"
 #include "log.h"
+#include "spy_types.h"
+#include "util.h"
 
 #define HEADER_PNG1 0x89
 #define HEADER_PNG2 0x50
@@ -14,6 +17,16 @@
 
 using namespace std;
 
+extern bool gIsListeningPyq;
+extern WxCalls_t g_WxCalls;
+extern DWORD g_WeChatWinDllAddr;
+
+typedef struct RawVector {
+    DWORD start;
+    DWORD finish;
+    DWORD end;
+} RawVector_t;
+
 static string get_key(uint8_t header1, uint8_t header2, uint8_t *key)
 {
     // PNG?
@@ -77,3 +90,65 @@ bool DecryptImage(string src, string dst)
 
     return true;
 }
+
+static int GetFirstPage()
+{
+    int rv         = -1;
+    DWORD pyqCall1 = g_WeChatWinDllAddr + g_WxCalls.pyq.call1;
+    DWORD pyqCall2 = g_WeChatWinDllAddr + g_WxCalls.pyq.call2;
+
+    char buf[0xB44] = { 0 };
+    __asm {
+        pushad;
+        call pyqCall1;
+        push 0x1;
+        lea ecx, buf;
+        push ecx;
+        mov ecx, eax;
+        call pyqCall2;
+        mov rv, eax;
+        popad;
+    }
+
+    return rv;
+}
+
+static int GetNextPage(uint64_t id)
+{
+    int rv         = -1;
+    DWORD pyqCall1 = g_WeChatWinDllAddr + g_WxCalls.pyq.call1;
+    DWORD pyqCall3 = g_WeChatWinDllAddr + g_WxCalls.pyq.call3;
+
+    RawVector_t tmp = { 0 };
+
+    __asm {
+        pushad;
+        call pyqCall1;
+        lea ecx, tmp;
+        push ecx;
+        mov ebx, dword ptr [id + 0x04];
+        push ebx;
+        mov edi, dword ptr [id]
+        push edi;
+        mov ecx, eax;
+        call pyqCall3;
+        mov rv, eax;
+        popad;
+    }
+
+    return rv;
+}
+
+int RefreshPyq(uint64_t id)
+{
+    if (!gIsListeningPyq) {
+        LOG_ERROR("没有启动朋友圈消息接收，参考：enable_receiving_msg");
+        return -1;
+    }
+
+    if (id == 0) {
+        return GetFirstPage();
+    }
+
+    return GetNextPage(id);
+}
diff --git a/WeChatFerry/spy/decrypt_image.h b/WeChatFerry/spy/funcs.h
similarity index 63%
rename from WeChatFerry/spy/decrypt_image.h
rename to WeChatFerry/spy/funcs.h
index 727726c..7c4f739 100644
--- a/WeChatFerry/spy/decrypt_image.h
+++ b/WeChatFerry/spy/funcs.h
@@ -1,5 +1,7 @@
 #pragma once
 
+#include "stdint.h"
 #include <string>
 
 bool DecryptImage(std::string src, std::string dst);
+int RefreshPyq(uint64_t id);
diff --git a/WeChatFerry/spy/pyq.cpp b/WeChatFerry/spy/pyq.cpp
deleted file mode 100644
index 7172318..0000000
--- a/WeChatFerry/spy/pyq.cpp
+++ /dev/null
@@ -1,77 +0,0 @@
-#include "framework.h"
-
-#include "log.h"
-#include "spy_types.h"
-#include "util.h"
-
-extern bool gIsListeningPyq;
-extern WxCalls_t g_WxCalls;
-extern DWORD g_WeChatWinDllAddr;
-
-typedef struct RawVector {
-    DWORD start;
-    DWORD finish;
-    DWORD end;
-} RawVector_t;
-
-static int GetFirstPage()
-{
-    int rv         = -1;
-    DWORD pyqCall1 = g_WeChatWinDllAddr + g_WxCalls.pyq.call1;
-    DWORD pyqCall2 = g_WeChatWinDllAddr + g_WxCalls.pyq.call2;
-
-    char buf[0xB44] = { 0 };
-    __asm {
-        pushad;
-        call pyqCall1;
-        push 0x1;
-        lea ecx, buf;
-        push ecx;
-        mov ecx, eax;
-        call pyqCall2;
-        mov rv, eax;
-        popad;
-    }
-
-    return rv;
-}
-
-static int GetNextPage(uint64_t id)
-{
-    int rv         = -1;
-    DWORD pyqCall1 = g_WeChatWinDllAddr + g_WxCalls.pyq.call1;
-    DWORD pyqCall3 = g_WeChatWinDllAddr + g_WxCalls.pyq.call3;
-
-    RawVector_t tmp = { 0 };
-
-    __asm {
-        pushad;
-        call pyqCall1;
-        lea ecx, tmp;
-        push ecx;
-        mov ebx, dword ptr [id + 0x04];
-        push ebx;
-        mov edi, dword ptr [id]
-        push edi;
-        mov ecx, eax;
-        call pyqCall3;
-        mov rv, eax;
-        popad;
-    }
-
-    return rv;
-}
-
-int RefreshPyq(uint64_t id)
-{
-    if (!gIsListeningPyq) {
-        LOG_ERROR("没有启动朋友圈消息接收，参考：enable_receiving_msg");
-        return -1;
-    }
-
-    if (id == 0) {
-        return GetFirstPage();
-    }
-
-    return GetNextPage(id);
-}
diff --git a/WeChatFerry/spy/pyq.h b/WeChatFerry/spy/pyq.h
deleted file mode 100644
index 13d7eeb..0000000
--- a/WeChatFerry/spy/pyq.h
+++ /dev/null
@@ -1,5 +0,0 @@
-#pragma once
-
-#include "stdint.h"
-
-int RefreshPyq(uint64_t id);
diff --git a/WeChatFerry/spy/rpc_server.cpp b/WeChatFerry/spy/rpc_server.cpp
index 32a1686..2e08bae 100644
--- a/WeChatFerry/spy/rpc_server.cpp
+++ b/WeChatFerry/spy/rpc_server.cpp
@@ -18,12 +18,11 @@
 
 #include "chatroom_mgmt.h"
 #include "contact_mgmt.h"
-#include "decrypt_image.h"
 #include "exec_sql.h"
+#include "funcs.h"
 #include "log.h"
 #include "pb_types.h"
 #include "pb_util.h"
-#include "pyq.h"
 #include "receive_msg.h"
 #include "receive_transfer.h"
 #include "rpc_server.h"