Refatoring

2024-07-02 21:12:21 +08:00 · 2024-07-02 21:12:21 +08:00 · 81c8a3b135
commit 81c8a3b135
parent db08382e56
5 changed files with 137 additions and 84 deletions
--- a/WeChatFerry/spy/chatroom_mgmt.cpp
+++ b/WeChatFerry/spy/chatroom_mgmt.cpp
@ -3,15 +3,17 @@
 #include <vector>

 #include "chatroom_mgmt.h"
-#include "load_calls.h"
 #include "log.h"
 #include "util.h"

 using namespace std;
-
-extern WxCalls_t g_WxCalls;
 extern QWORD g_WeChatWinDllAddr;

+#define OS_GET_CHATROOM_MGR 0x1C4E200
+#define OS_ADD_MEMBERS      0x221B8A0
+#define OS_DELETE_MEMBERS   0x221BEE0
+#define OS_INVITE_MEMBERS   0x221B280
+
 typedef QWORD (*GetChatRoomMgr_t)();
 typedef QWORD (*AddMemberToChatRoom_t)(QWORD, QWORD, QWORD, QWORD);
 typedef QWORD (*DelMemberFromChatRoom_t)(QWORD, QWORD, QWORD);
@ -26,8 +28,8 @@ int AddChatroomMember(string roomid, string wxids)
        return status;
    }

-    GetChatRoomMgr_t GetChatRoomMgr  = (GetChatRoomMgr_t)(g_WeChatWinDllAddr + g_WxCalls.arm.call1);
-    AddMemberToChatRoom_t AddMembers = (AddMemberToChatRoom_t)(g_WeChatWinDllAddr + g_WxCalls.arm.call2);
+    GetChatRoomMgr_t GetChatRoomMgr  = (GetChatRoomMgr_t)(g_WeChatWinDllAddr + OS_GET_CHATROOM_MGR);
+    AddMemberToChatRoom_t AddMembers = (AddMemberToChatRoom_t)(g_WeChatWinDllAddr + OS_ADD_MEMBERS);

    vector<wstring> vMembers;
    vector<WxString> vWxMembers;
@ -58,8 +60,8 @@ int DelChatroomMember(string roomid, string wxids)
        return status;
    }

-    GetChatRoomMgr_t GetChatRoomMgr    = (GetChatRoomMgr_t)(g_WeChatWinDllAddr + g_WxCalls.drm.call1);
-    DelMemberFromChatRoom_t DelMembers = (DelMemberFromChatRoom_t)(g_WeChatWinDllAddr + g_WxCalls.drm.call2);
+    GetChatRoomMgr_t GetChatRoomMgr    = (GetChatRoomMgr_t)(g_WeChatWinDllAddr + OS_GET_CHATROOM_MGR);
+    DelMemberFromChatRoom_t DelMembers = (DelMemberFromChatRoom_t)(g_WeChatWinDllAddr + OS_DELETE_MEMBERS);

    vector<wstring> vMembers;
    vector<WxString> vWxMembers;
@ -89,7 +91,7 @@ int InviteChatroomMember(string roomid, string wxids)
        return status;
    }

-    InviteMemberToChatRoom_t InviteMembers = (InviteMemberToChatRoom_t)(g_WeChatWinDllAddr + g_WxCalls.irm.call1);
+    InviteMemberToChatRoom_t InviteMembers = (InviteMemberToChatRoom_t)(g_WeChatWinDllAddr + OS_INVITE_MEMBERS);

    vector<wstring> vMembers;
    vector<WxString> vWxMembers;
--- a/WeChatFerry/spy/contact_mgmt.cpp
+++ b/WeChatFerry/spy/contact_mgmt.cpp
@ -1,14 +1,23 @@
 #pragma execution_character_set("utf-8")

 #include "contact_mgmt.h"
-#include "load_calls.h"
 #include "log.h"
 #include "util.h"

 using namespace std;
-extern WxCalls_t g_WxCalls;
 extern QWORD g_WeChatWinDllAddr;

+#define OS_GET_CONTACT_MGR  0x1C0BDE0
+#define OS_GET_CONTACT_LIST 0x2265540
+#define OS_CONTACT_BIN      0x200
+#define OS_CONTACT_BIN_LEN  0x208
+#define OS_CONTACT_WXID     0x10
+#define OS_CONTACT_CODE     0x30
+#define OS_CONTACT_REMARK   0x80
+#define OS_CONTACT_NAME     0xA0
+#define OS_CONTACT_GENDER   0x0E
+#define OS_CONTACT_STEP     0x6A8
+
 typedef QWORD (*GetContactMgr_t)();
 typedef QWORD (*GetContactList_t)(QWORD, QWORD);

@ -48,8 +57,8 @@ static string GetCntString(QWORD start, QWORD end, const uint8_t *feat, size_t l
 vector<RpcContact_t> GetContacts()
 {
    vector<RpcContact_t> contacts;
-    GetContactMgr_t funcGetContactMgr   = (GetContactMgr_t)(g_WeChatWinDllAddr + 0x1C0BDE0);
-    GetContactList_t funcGetContactList = (GetContactList_t)(g_WeChatWinDllAddr + 0x2265540);
+    GetContactMgr_t funcGetContactMgr   = (GetContactMgr_t)(g_WeChatWinDllAddr + OS_GET_CONTACT_MGR);
+    GetContactList_t funcGetContactList = (GetContactList_t)(g_WeChatWinDllAddr + OS_GET_CONTACT_LIST);

    QWORD mgr     = funcGetContactMgr();
    QWORD addr[3] = { 0 };
@ -62,13 +71,13 @@ vector<RpcContact_t> GetContacts()
    QWORD pend   = (QWORD)addr[2];
    while (pstart < pend) {
        RpcContact_t cnt;
-        QWORD pbin   = GET_QWORD(pstart + 0x200);
-        QWORD lenbin = GET_DWORD(pstart + 0x208);
+        QWORD pbin   = GET_QWORD(pstart + OS_CONTACT_BIN);
+        QWORD lenbin = GET_DWORD(pstart + OS_CONTACT_BIN_LEN);

-        cnt.wxid   = GetStringByWstrAddr(pstart + g_WxCalls.contact.wxId);     // 0x10
-        cnt.code   = GetStringByWstrAddr(pstart + g_WxCalls.contact.wxCode);   // 0x30
-        cnt.remark = GetStringByWstrAddr(pstart + g_WxCalls.contact.wxRemark); // 0x80
-        cnt.name   = GetStringByWstrAddr(pstart + g_WxCalls.contact.wxName);   // 0xA0
+        cnt.wxid   = GetStringByWstrAddr(pstart + OS_CONTACT_WXID);
+        cnt.code   = GetStringByWstrAddr(pstart + OS_CONTACT_CODE);
+        cnt.remark = GetStringByWstrAddr(pstart + OS_CONTACT_REMARK);
+        cnt.name   = GetStringByWstrAddr(pstart + OS_CONTACT_NAME);

        cnt.country  = GetCntString(pbin, pbin + lenbin, FEAT_COUNTRY, FEAT_LEN);
        cnt.province = GetCntString(pbin, pbin + lenbin, FEAT_PROVINCE, FEAT_LEN);
@ -77,11 +86,11 @@ vector<RpcContact_t> GetContacts()
        if (pbin == 0) {
            cnt.gender = 0;
        } else {
-            cnt.gender = (DWORD) * (uint8_t *)(pbin + g_WxCalls.contact.wxGender); // 0x0E
+            cnt.gender = (DWORD) * (uint8_t *)(pbin + OS_CONTACT_GENDER);
        }

        contacts.push_back(cnt);
-        pstart += 0x6A8; // 0x6A8
+        pstart += OS_CONTACT_STEP;
    }

    return contacts;
--- a/WeChatFerry/spy/funcs.cpp
+++ b/WeChatFerry/spy/funcs.cpp
@ -11,6 +11,12 @@
 #include "spy_types.h"
 #include "util.h"

+using namespace std;
+namespace fs = std::filesystem;
+
+extern bool gIsListeningPyq;
+extern QWORD g_WeChatWinDllAddr;
+
 #define HEADER_PNG1 0x89
 #define HEADER_PNG2 0x50
 #define HEADER_JPG1 0xFF
@ -18,12 +24,16 @@
 #define HEADER_GIF1 0x47
 #define HEADER_GIF2 0x49

-using namespace std;
-namespace fs = std::filesystem;
-
-extern bool gIsListeningPyq;
-extern WxCalls_t g_WxCalls;
-extern QWORD g_WeChatWinDllAddr;
+#define OS_GET_SNS_DATA_MGR           0x22A91C0
+#define OS_GET_SNS_FIRST_PAGE         0x2ED9080
+#define OS_GET_SNS_TIMELINE_MGR       0x2E6B110
+#define OS_GET_SNS_NEXT_PAGE          0x2EFEC00
+#define OS_NEW_CHAT_MSG               0x1C28800
+#define OS_FREE_CHAT_MSG              0x1C1FF10
+#define OS_GET_CHAT_MGR               0x1C51CF0
+#define OS_GET_MGR_BY_PREFIX_LOCAL_ID 0x2206280
+#define OS_GET_PRE_DOWNLOAD_MGR       0x1CD87E0
+#define OS_PUSH_ATTACH_TASK           0x1DA69C0

 typedef QWORD (*GetSNSDataMgr_t)();
 typedef QWORD (*GetSnsTimeLineMgr_t)();
@ -131,8 +141,8 @@ static int GetFirstPage()
 {
    int status = -1;

-    GetSNSDataMgr_t GetSNSDataMgr     = (GetSNSDataMgr_t)(g_WeChatWinDllAddr + 0x22A91C0);
-    GetSNSFirstPage_t GetSNSFirstPage = (GetSNSFirstPage_t)(g_WeChatWinDllAddr + 0x2ED9080);
+    GetSNSDataMgr_t GetSNSDataMgr     = (GetSNSDataMgr_t)(g_WeChatWinDllAddr + OS_GET_SNS_DATA_MGR);
+    GetSNSFirstPage_t GetSNSFirstPage = (GetSNSFirstPage_t)(g_WeChatWinDllAddr + OS_GET_SNS_FIRST_PAGE);

    QWORD buff[16] = { 0 };
    QWORD mgr      = GetSNSDataMgr();
@ -145,8 +155,8 @@ static int GetNextPage(QWORD id)
 {
    int status = -1;

-    GetSnsTimeLineMgr_t GetSnsTimeLineMgr     = (GetSnsTimeLineMgr_t)(g_WeChatWinDllAddr + 0x2E6B110);
-    GetSNSNextPageScene_t GetSNSNextPageScene = (GetSNSNextPageScene_t)(g_WeChatWinDllAddr + 0x2EFEC00);
+    GetSnsTimeLineMgr_t GetSnsTimeLineMgr     = (GetSnsTimeLineMgr_t)(g_WeChatWinDllAddr + OS_GET_SNS_TIMELINE_MGR);
+    GetSNSNextPageScene_t GetSNSNextPageScene = (GetSNSNextPageScene_t)(g_WeChatWinDllAddr + OS_GET_SNS_NEXT_PAGE);

    QWORD mgr = GetSnsTimeLineMgr();
    status    = (int)GetSNSNextPageScene(mgr, id);
@ -191,12 +201,13 @@ int DownloadAttach(QWORD id, string thumb, string extra)
        return status;
    }

-    NewChatMsg_t NewChatMsg                       = (NewChatMsg_t)(g_WeChatWinDllAddr + 0x1C28800);
-    FreeChatMsg_t FreeChatMsg                     = (FreeChatMsg_t)(g_WeChatWinDllAddr + 0x1C1FF10);
-    GetChatMgr_t GetChatMgr                       = (GetChatMgr_t)(g_WeChatWinDllAddr + 0x1C51CF0);
-    GetMgrByPrefixLocalId_t GetMgrByPrefixLocalId = (GetMgrByPrefixLocalId_t)(g_WeChatWinDllAddr + 0x2206280);
-    GetPreDownLoadMgr_t GetPreDownLoadMgr         = (GetPreDownLoadMgr_t)(g_WeChatWinDllAddr + 0x1CD87E0);
-    PushAttachTask_t PushAttachTask               = (PushAttachTask_t)(g_WeChatWinDllAddr + 0x1DA69C0);
+    NewChatMsg_t NewChatMsg               = (NewChatMsg_t)(g_WeChatWinDllAddr + OS_NEW_CHAT_MSG);
+    FreeChatMsg_t FreeChatMsg             = (FreeChatMsg_t)(g_WeChatWinDllAddr + OS_FREE_CHAT_MSG);
+    GetChatMgr_t GetChatMgr               = (GetChatMgr_t)(g_WeChatWinDllAddr + OS_GET_CHAT_MGR);
+    GetPreDownLoadMgr_t GetPreDownLoadMgr = (GetPreDownLoadMgr_t)(g_WeChatWinDllAddr + OS_GET_PRE_DOWNLOAD_MGR);
+    PushAttachTask_t PushAttachTask       = (PushAttachTask_t)(g_WeChatWinDllAddr + OS_PUSH_ATTACH_TASK);
+    GetMgrByPrefixLocalId_t GetMgrByPrefixLocalId
+        = (GetMgrByPrefixLocalId_t)(g_WeChatWinDllAddr + OS_GET_MGR_BY_PREFIX_LOCAL_ID);

    LARGE_INTEGER l;
    l.HighPart = dbIdx;
--- a/WeChatFerry/spy/receive_msg.cpp
+++ b/WeChatFerry/spy/receive_msg.cpp
@ -6,7 +6,6 @@
 #include <mutex>
 #include <queue>

-#include "load_calls.h"
 #include "log.h"
 #include "receive_msg.h"
 #include "user_info.h"
@ -19,9 +18,29 @@ extern condition_variable gCV;
 extern queue<WxMsg_t> gMsgQueue;

 // Defined in spy.cpp
-extern WxCalls_t g_WxCalls;
 extern QWORD g_WeChatWinDllAddr;

+#define OS_RECV_MSG_ID      0x30
+#define OS_RECV_MSG_TYPE    0x38
+#define OS_RECV_MSG_SELF    0x3C
+#define OS_RECV_MSG_TS      0x44
+#define OS_RECV_MSG_ROOMID  0x48
+#define OS_RECV_MSG_CONTENT 0x88
+#define OS_RECV_MSG_WXID    0x240
+#define OS_RECV_MSG_SIGN    0x260
+#define OS_RECV_MSG_THUMB   0x280
+#define OS_RECV_MSG_EXTRA   0x2A0
+#define OS_RECV_MSG_XML     0x308
+#define OS_RECV_MSG_CALL    0x2205510
+#define OS_PYQ_MSG_START    0x30
+#define OS_PYQ_MSG_END      0x38
+#define OS_PYQ_MSG_TS       0x38
+#define OS_PYQ_MSG_XML      0x9B8
+#define OS_PYQ_MSG_SENDER   0x18
+#define OS_PYQ_MSG_CONTENT  0x48
+#define OS_PYQ_MSG_CALL     0x2EFAA10
+#define OS_WXLOG            0x26DA2D0
+
 typedef QWORD (*RecvMsg_t)(QWORD, QWORD);
 typedef QWORD (*WxLog_t)(QWORD, QWORD, QWORD, QWORD, QWORD, QWORD, QWORD, QWORD, QWORD, QWORD, QWORD, QWORD);
 typedef QWORD (*RecvPyq_t)(QWORD, QWORD, QWORD);
@ -79,22 +98,22 @@ static QWORD DispatchMsg(QWORD arg1, QWORD arg2)
 {
    WxMsg_t wxMsg = { 0 };
    try {
-        wxMsg.id      = GET_QWORD(arg2 + g_WxCalls.recvMsg.msgId);
-        wxMsg.type    = GET_DWORD(arg2 + g_WxCalls.recvMsg.type);
-        wxMsg.is_self = GET_DWORD(arg2 + g_WxCalls.recvMsg.isSelf);
-        wxMsg.ts      = GET_DWORD(arg2 + g_WxCalls.recvMsg.ts);
-        wxMsg.content = GetStringByWstrAddr(arg2 + g_WxCalls.recvMsg.content);
-        wxMsg.sign    = GetStringByWstrAddr(arg2 + g_WxCalls.recvMsg.sign);
-        wxMsg.xml     = GetStringByWstrAddr(arg2 + g_WxCalls.recvMsg.msgXml);
+        wxMsg.id      = GET_QWORD(arg2 + OS_RECV_MSG_ID);
+        wxMsg.type    = GET_DWORD(arg2 + OS_RECV_MSG_TYPE);
+        wxMsg.is_self = GET_DWORD(arg2 + OS_RECV_MSG_SELF);
+        wxMsg.ts      = GET_DWORD(arg2 + OS_RECV_MSG_TS);
+        wxMsg.content = GetStringByWstrAddr(arg2 + OS_RECV_MSG_CONTENT);
+        wxMsg.sign    = GetStringByWstrAddr(arg2 + OS_RECV_MSG_SIGN);
+        wxMsg.xml     = GetStringByWstrAddr(arg2 + OS_RECV_MSG_XML);

-        string roomid = GetStringByWstrAddr(arg2 + g_WxCalls.recvMsg.roomId);
+        string roomid = GetStringByWstrAddr(arg2 + OS_RECV_MSG_ROOMID);
        wxMsg.roomid  = roomid;
        if (roomid.find("@chatroom") != string::npos) { // 群 ID 的格式为 xxxxxxxxxxx@chatroom
            wxMsg.is_group = true;
            if (wxMsg.is_self) {
                wxMsg.sender = GetSelfWxid();
            } else {
-                wxMsg.sender = GetStringByWstrAddr(arg2 + g_WxCalls.recvMsg.wxid);
+                wxMsg.sender = GetStringByWstrAddr(arg2 + OS_RECV_MSG_WXID);
            }
        } else {
            wxMsg.is_group = false;
@ -105,13 +124,13 @@ static QWORD DispatchMsg(QWORD arg1, QWORD arg2)
            }
        }

-        wxMsg.thumb = GetStringByWstrAddr(arg2 + g_WxCalls.recvMsg.thumb);
+        wxMsg.thumb = GetStringByWstrAddr(arg2 + OS_RECV_MSG_THUMB);
        if (!wxMsg.thumb.empty()) {
            wxMsg.thumb = GetHomePath() + wxMsg.thumb;
            replace(wxMsg.thumb.begin(), wxMsg.thumb.end(), '\\', '/');
        }

-        wxMsg.extra = GetStringByWstrAddr(arg2 + g_WxCalls.recvMsg.extra);
+        wxMsg.extra = GetStringByWstrAddr(arg2 + OS_RECV_MSG_EXTRA);
        if (!wxMsg.extra.empty()) {
            wxMsg.extra = GetHomePath() + wxMsg.extra;
            replace(wxMsg.extra.begin(), wxMsg.extra.end(), '\\', '/');
@ -146,8 +165,8 @@ static QWORD PrintWxLog(QWORD a1, QWORD a2, QWORD a3, QWORD a4, QWORD a5, QWORD

 static void DispatchPyq(QWORD arg1, QWORD arg2, QWORD arg3)
 {
-    QWORD startAddr = *(QWORD *)(arg2 + 0x30);
-    QWORD endAddr   = *(QWORD *)(arg2 + 0x38);
+    QWORD startAddr = *(QWORD *)(arg2 + OS_PYQ_MSG_START);
+    QWORD endAddr   = *(QWORD *)(arg2 + OS_PYQ_MSG_END);

    if (startAddr == 0) {
        return;
@ -160,10 +179,10 @@ static void DispatchPyq(QWORD arg1, QWORD arg2, QWORD arg3)
        wxMsg.is_self  = false;
        wxMsg.is_group = false;
        wxMsg.id       = GET_QWORD(startAddr);
-        wxMsg.ts       = GET_DWORD(startAddr + 0x38);
-        wxMsg.xml      = GetStringByWstrAddr(startAddr + 0x9B8);
-        wxMsg.sender   = GetStringByWstrAddr(startAddr + 0x18);
-        wxMsg.content  = GetStringByWstrAddr(startAddr + 0x48);
+        wxMsg.ts       = GET_DWORD(startAddr + OS_PYQ_MSG_TS);
+        wxMsg.xml      = GetStringByWstrAddr(startAddr + OS_PYQ_MSG_XML);
+        wxMsg.sender   = GetStringByWstrAddr(startAddr + OS_PYQ_MSG_SENDER);
+        wxMsg.content  = GetStringByWstrAddr(startAddr + OS_PYQ_MSG_CONTENT);

        {
            unique_lock<mutex> lock(gMutex);
@ -179,11 +198,11 @@ static void DispatchPyq(QWORD arg1, QWORD arg2, QWORD arg3)
 void EnableLog()
 {
    MH_STATUS status = MH_UNKNOWN;
-    if (g_WeChatWinDllAddr == 0) {
-        LOG_WARN("g_WeChatWinDllAddr == 0");
+    if (gIsLogging) {
+        LOG_WARN("gIsLogging");
        return;
    }
-    WxLog_t funcWxLog = (WxLog_t)(g_WeChatWinDllAddr + 0x26DA2D0);
+    WxLog_t funcWxLog = (WxLog_t)(g_WeChatWinDllAddr + OS_WXLOG);

    if (!isMH_Initialized) {
        status = MH_Initialize();
@ -234,11 +253,11 @@ void DisableLog()
 void ListenMessage()
 {
    MH_STATUS status = MH_UNKNOWN;
-    if (gIsListening || (g_WeChatWinDllAddr == 0)) {
-        LOG_WARN("gIsListening || (g_WeChatWinDllAddr == 0)");
+    if (gIsListening) {
+        LOG_WARN("gIsListening");
        return;
    }
-    funcRecvMsg = (RecvMsg_t)(g_WeChatWinDllAddr + g_WxCalls.recvMsg.call);
+    funcRecvMsg = (RecvMsg_t)(g_WeChatWinDllAddr + OS_RECV_MSG_CALL);

    if (!isMH_Initialized) {
        status = MH_Initialize();
@ -296,11 +315,11 @@ void UnListenMessage()
 void ListenPyq()
 {
    MH_STATUS status = MH_UNKNOWN;
-    if (gIsListeningPyq || (g_WeChatWinDllAddr == 0)) {
-        LOG_WARN("gIsListeningPyq || (g_WeChatWinDllAddr == 0)");
+    if (gIsListeningPyq) {
+        LOG_WARN("gIsListeningPyq");
        return;
    }
-    funcRecvPyq = (RecvPyq_t)(g_WeChatWinDllAddr + 0x2EFAA10);
+    funcRecvPyq = (RecvPyq_t)(g_WeChatWinDllAddr + OS_PYQ_MSG_CALL);

    if (!isMH_Initialized) {
        status = MH_Initialize();
--- a/WeChatFerry/spy/send_msg.cpp
+++ b/WeChatFerry/spy/send_msg.cpp
@ -9,15 +9,28 @@
 #include "util.h"

 extern HANDLE g_hEvent;
-extern WxCalls_t g_WxCalls;
 extern QWORD g_WeChatWinDllAddr;
 extern string GetSelfWxid(); // Defined in spy.cpp

+#define SRTM_SIZE 0x3F0
+
+#define OS_NEW             0x1C28800
+#define OS_FREE            0x1C1FF10
+#define OS_SEND_MSG_MGR    0x1C1E690
+#define OS_SEND_TEXT       0x238DDD0
+#define OS_SEND_IMAGE      0x2383560
+#define OS_GET_APP_MSG_MGR 0x1C23630
+#define OS_SEND_FILE       0x21969E0
+#define OS_RTM_NEW         0x1C27D50
+#define OS_RTM_FREE        0x1C27120
+#define OS_SEND_RICH_TEXT  0x21A09C0
+#define OS_SEND_PAT_MSG    0x2D669B0
+#define OS_FORWARD_MSG     0x238D350
+
 typedef QWORD (*New_t)(QWORD);
 typedef QWORD (*Free_t)(QWORD);
 typedef QWORD (*SendMsgMgr_t)();
 typedef QWORD (*GetAppMsgMgr_t)();
-
 typedef QWORD (*SendTextMsg_t)(QWORD, QWORD, QWORD, QWORD, QWORD, QWORD, QWORD, QWORD);
 typedef QWORD (*SendImageMsg_t)(QWORD, QWORD, QWORD, QWORD, QWORD);
 typedef QWORD (*SendFileMsg_t)(QWORD, QWORD, QWORD, QWORD, QWORD, QWORD *, QWORD, QWORD *, QWORD, QWORD *, QWORD,
@ -53,9 +66,9 @@ void SendTextMessage(string wxid, string msg, string atWxids)
    QWORD wxAters = (QWORD) & ((RawVector_t *)&vWxAtWxids)->start;

    char buffer[0x460]            = { 0 };
-    SendMsgMgr_t funcSendMsgMgr   = (SendMsgMgr_t)(g_WeChatWinDllAddr + g_WxCalls.sendText.call1);
-    SendTextMsg_t funcSendTextMsg = (SendTextMsg_t)(g_WeChatWinDllAddr + g_WxCalls.sendText.call2);
-    Free_t funcFree               = (Free_t)(g_WeChatWinDllAddr + g_WxCalls.sendText.call3);
+    SendMsgMgr_t funcSendMsgMgr   = (SendMsgMgr_t)(g_WeChatWinDllAddr + OS_SEND_MSG_MGR);
+    SendTextMsg_t funcSendTextMsg = (SendTextMsg_t)(g_WeChatWinDllAddr + OS_SEND_TEXT);
+    Free_t funcFree               = (Free_t)(g_WeChatWinDllAddr + OS_FREE);
    funcSendMsgMgr();
    success = funcSendTextMsg((QWORD)(&buffer), (QWORD)(&wxWxid), (QWORD)(&wxMsg), wxAters, 1, 1, 0, 0);
    funcFree((QWORD)(&buffer));
@ -69,10 +82,10 @@ void SendImageMessage(string wxid, string path)
    WxString wxWxid(wsWxid);
    WxString wxPath(wsPath);

-    New_t funcNew                = (New_t)(g_WeChatWinDllAddr + g_WxCalls.sendImg.call1);
-    Free_t funcFree              = (Free_t)(g_WeChatWinDllAddr + g_WxCalls.sendImg.call2);
-    SendMsgMgr_t funcSendMsgMgr  = (SendMsgMgr_t)(g_WeChatWinDllAddr + g_WxCalls.sendImg.call3);
-    SendImageMsg_t funcSendImage = (SendImageMsg_t)(g_WeChatWinDllAddr + g_WxCalls.sendImg.call4);
+    New_t funcNew                = (New_t)(g_WeChatWinDllAddr + OS_NEW);
+    Free_t funcFree              = (Free_t)(g_WeChatWinDllAddr + OS_FREE);
+    SendMsgMgr_t funcSendMsgMgr  = (SendMsgMgr_t)(g_WeChatWinDllAddr + OS_SEND_MSG_MGR);
+    SendImageMsg_t funcSendImage = (SendImageMsg_t)(g_WeChatWinDllAddr + OS_SEND_IMAGE);

    char msg[0x460]    = { 0 };
    char msgTmp[0x460] = { 0 };
@ -99,10 +112,10 @@ void SendFileMessage(string wxid, string path)
    WxString wxWxid(wsWxid);
    WxString wxPath(wsPath);

-    New_t funcNew                   = (New_t)(g_WeChatWinDllAddr + g_WxCalls.sendFile.call1);
-    Free_t funcFree                 = (Free_t)(g_WeChatWinDllAddr + g_WxCalls.sendFile.call2);
-    GetAppMsgMgr_t funcGetAppMsgMgr = (GetAppMsgMgr_t)(g_WeChatWinDllAddr + g_WxCalls.sendFile.call3);
-    SendFileMsg_t funcSendFile      = (SendFileMsg_t)(g_WeChatWinDllAddr + g_WxCalls.sendFile.call4);
+    New_t funcNew                   = (New_t)(g_WeChatWinDllAddr + OS_NEW);
+    Free_t funcFree                 = (Free_t)(g_WeChatWinDllAddr + OS_FREE);
+    GetAppMsgMgr_t funcGetAppMsgMgr = (GetAppMsgMgr_t)(g_WeChatWinDllAddr + OS_GET_APP_MSG_MGR);
+    SendFileMsg_t funcSendFile      = (SendFileMsg_t)(g_WeChatWinDllAddr + OS_SEND_FILE);

    char msg[0x460] = { 0 };
    QWORD tmp1[4]   = { 0 };
@ -117,13 +130,12 @@ void SendFileMessage(string wxid, string path)

 int SendRichTextMessage(RichText_t &rt)
 { // TODO: Fix memory leak
-#define SRTM_SIZE 0x3F0
    QWORD status = -1;

-    New_t funcNew                          = (New_t)(g_WeChatWinDllAddr + g_WxCalls.rt.call1);
-    Free_t funcFree                        = (Free_t)(g_WeChatWinDllAddr + g_WxCalls.rt.call2);
-    GetAppMsgMgr_t funcGetAppMsgMgr        = (GetAppMsgMgr_t)(g_WeChatWinDllAddr + g_WxCalls.rt.call3);
-    SendRichTextMsg_t funcForwordPublicMsg = (SendRichTextMsg_t)(g_WeChatWinDllAddr + g_WxCalls.rt.call4);
+    New_t funcNew                          = (New_t)(g_WeChatWinDllAddr + OS_RTM_NEW);
+    Free_t funcFree                        = (Free_t)(g_WeChatWinDllAddr + OS_RTM_FREE);
+    GetAppMsgMgr_t funcGetAppMsgMgr        = (GetAppMsgMgr_t)(g_WeChatWinDllAddr + OS_GET_APP_MSG_MGR);
+    SendRichTextMsg_t funcForwordPublicMsg = (SendRichTextMsg_t)(g_WeChatWinDllAddr + OS_SEND_RICH_TEXT);

    char *buff = (char *)HeapAlloc(GetProcessHeap(), 0, SRTM_SIZE);
    if (buff == NULL) {
@ -164,7 +176,7 @@ int SendPatMessage(string roomid, string wxid)
    WxString wxRoomid(wsRoomid);
    WxString wxWxid(wsWxid);

-    SendPatMsg_t funcSendPatMsg = (SendPatMsg_t)(g_WeChatWinDllAddr + g_WxCalls.pm.call1);
+    SendPatMsg_t funcSendPatMsg = (SendPatMsg_t)(g_WeChatWinDllAddr + OS_SEND_PAT_MSG);

    status = funcSendPatMsg((QWORD)(&wxRoomid), (QWORD)(&wxWxid));
    return (int)status;
@ -176,7 +188,7 @@ int ForwardMessage(QWORD msgid, string receiver)
    uint32_t dbIdx = 0;
    QWORD localId  = 0;

-    ForwardMsg_t funcForwardMsg = (ForwardMsg_t)(g_WeChatWinDllAddr + g_WxCalls.fm.call1);
+    ForwardMsg_t funcForwardMsg = (ForwardMsg_t)(g_WeChatWinDllAddr + OS_FORWARD_MSG);
    if (GetLocalIdandDbidx(msgid, &localId, &dbIdx) != 0) {
        LOG_ERROR("Failed to get localId, Please check id: {}", to_string(msgid));
        return status;