From 865d7ace3dd479d378b12185c608cb6455a7dfad Mon Sep 17 00:00:00 2001
From: Changhua <lichanghua0821@gmail.com>
Date: Mon, 23 Oct 2023 21:28:15 +0800
Subject: [PATCH] Get MSG.db and MediaMsg.db

---
 WeChatFerry/spy/exec_sql.cpp | 26 ++++++++++++++++++++++++--
 1 file changed, 24 insertions(+), 2 deletions(-)

diff --git a/WeChatFerry/spy/exec_sql.cpp b/WeChatFerry/spy/exec_sql.cpp
index 6fc3e3a..7ff4f3d 100644
--- a/WeChatFerry/spy/exec_sql.cpp
+++ b/WeChatFerry/spy/exec_sql.cpp
@@ -14,6 +14,7 @@
 #define OFFSET_DB_BIZCHAT_MSG  0x1120
 #define OFFSET_DB_FUNCTION_MSG 0x11B0
 #define OFFSET_DB_NAME         0x14
+#define OFFSET_DB_MSG_MGR      0x30403B8
 
 extern DWORD g_WeChatWinDllAddr;
 
@@ -25,14 +26,33 @@ static void GetDbHandle(DWORD base, DWORD offset)
     wchar_t *wsp;
     wsp           = (wchar_t *)(*(DWORD *)(base + offset + OFFSET_DB_NAME));
     string dbname = Wstring2String(wstring(wsp));
-    dbMap[dbname] = *(DWORD *)(base + offset);
+    dbMap[dbname] = GET_DWORD(base + offset);
+}
+
+static void GetMsgDbHandle(DWORD msgMgrAddr)
+{
+    DWORD dbIndex = GET_DWORD(msgMgrAddr + 0x38);
+    DWORD pStart  = GET_DWORD(msgMgrAddr + 0x2C);
+    for (uint32_t i = 0; i < dbIndex; i++) {
+        DWORD dbAddr = GET_DWORD(pStart + i * 0x04);
+        if (dbAddr) {
+            // MSGi.db
+            string dbname = Wstring2String(GET_WSTRING(dbAddr));
+            dbMap[dbname] = GET_DWORD(dbAddr + 0x60);
+
+            // MediaMsgi.db
+            DWORD mmdbAddr  = GET_DWORD(dbAddr + 0x14);
+            string mmdbname = Wstring2String(GET_WSTRING(mmdbAddr + 0x4C));
+            dbMap[mmdbname] = GET_DWORD(mmdbAddr + 0x38);
+        }
+    }
 }
 
 dbMap_t GetDbHandles()
 {
     dbMap.clear();
 
-    DWORD dbInstanceAddr = *(DWORD *)(g_WeChatWinDllAddr + OFFSET_DB_INSTANCE);
+    DWORD dbInstanceAddr = GET_DWORD(g_WeChatWinDllAddr + OFFSET_DB_INSTANCE);
 
     GetDbHandle(dbInstanceAddr, OFFSET_DB_MICROMSG);     // MicroMsg.db
     GetDbHandle(dbInstanceAddr, OFFSET_DB_CHAT_MSG);     // ChatMsg.db
@@ -41,6 +61,8 @@ dbMap_t GetDbHandles()
     GetDbHandle(dbInstanceAddr, OFFSET_DB_MEDIA);        // Media.db
     GetDbHandle(dbInstanceAddr, OFFSET_DB_FUNCTION_MSG); // Function.db
 
+    GetMsgDbHandle(GET_DWORD(g_WeChatWinDllAddr + OFFSET_DB_MSG_MGR)); // MSGi.db & MediaMsgi.db
+
     return dbMap;
 }