微信基址-2.8.0.121.txt

小号
wxid_vju0phxgdhgp22
大号
Lemonice-cheng
能强
wxid_sbrnzc86ibft22

资料：
hook基址：441894
call 54594B70

0f080000
0F4F7A37    8945 EC         mov dword ptr ss:[ebp-0x14],eax
0F4F7A3A    C745 F0 0000000>mov dword ptr ss:[ebp-0x10],0x0
0F4F7A41    FF15 34722710   call dword ptr ds:[<&KERNEL32.EnterCriti>; ntdll.RtlEnterCriticalSection
0F4F7A47    8D45 08         lea eax,dword ptr ss:[ebp+0x8]
0F4F7A4A    C645 FC 01      mov byte ptr ss:[ebp-0x4],0x1
0F4F7A4E    8D9E 84000000   lea ebx,dword ptr ds:[esi+0x84]
0F4F7A54    50              push eax
0F4F7A55    8BCB            mov ecx,ebx
0F4F7A57    E8 449EBDFF     call WeChatWi.0F0D18A0
0F4F7A5C    8BF0            mov esi,eax
0F4F7A5E    3B33            cmp esi,dword ptr ds:[ebx]
0F4F7A60    74 1F           je short WeChatWi.0F4F7A81
0F4F7A62    8B46 10         mov eax,dword ptr ds:[esi+0x10]
0F4F7A65    85C0            test eax,eax
0F4F7A67    74 06           je short WeChatWi.0F4F7A6F
0F4F7A69    66:8338 00      cmp word ptr ds:[eax],0x0
0F4F7A6D    75 05           jnz short WeChatWi.0F4F7A74
0F4F7A6F    B8 A0A64910     mov eax,WeChatWi.1049A6A0
0F4F7A74    50              push eax
0F4F7A75    8D4D 08         lea ecx,dword ptr ss:[ebp+0x8]
//hook下面这行
0F4F7A78    E8 D3540600     call WeChatWi.0F55CF50
0F4F7A7D    85C0            test eax,eax


头像：
基址：57320000
5747B751    8BEC            mov ebp,esp
5747B753    6A FF           push -0x1
5747B755    68 6F7F1558     push WeChatWi.58157F6F
5747B75A    64:A1 00000000  mov eax,dword ptr fs:[0]
5747B760    50              push eax
5747B761    83EC 08         sub esp,0x8
5747B764    53              push ebx
5747B765    56              push esi
5747B766    57              push edi
5747B767    A1 C4805258     mov eax,dword ptr ds:[0x585280C4]
5747B76C    33C5            xor eax,ebp
5747B76E    50              push eax
5747B76F    8D45 F4         lea eax,dword ptr ss:[ebp-0xC]
5747B772    64:A3 00000000  mov dword ptr fs:[0],eax
5747B778    8BF9            mov edi,ecx
5747B77A    8B75 0C         mov esi,dword ptr ss:[ebp+0xC]
5747B77D    8D87 54010000   lea eax,dword ptr ds:[edi+0x154]
5747B783    50              push eax
5747B784    56              push esi
5747B785    8D87 80040000   lea eax,dword ptr ds:[edi+0x480]
5747B78B    50              push eax
5747B78C    FF15 ACC72058   call dword ptr ds:[<&USER32.IntersectRec>; user32.IntersectRect
5747B792    85C0            test eax,eax
5747B794    0F84 ED010000   je WeChatWi.5747B987
5747B79A    56              push esi
5747B79B    8B75 08         mov esi,dword ptr ss:[ebp+0x8]
5747B79E    8BCF            mov ecx,edi
5747B7A0    56              push esi
5747B7A1    E8 2C7D5800     call WeChatWi.57A034D2
5747B7A6    8D45 EC         lea eax,dword ptr ss:[ebp-0x14]
5747B7A9    6A 00           push 0x0
5747B7AB    50              push eax
5747B7AC    E8 1F719200     call WeChatWi.57DA28D0
5747B7B1    A1 B8DF5858     mov eax,dword ptr ds:[0x5858DFB8]
5747B7B6    83C4 08         add esp,0x8
5747B7B9    85C0            test eax,eax
5747B7BB    75 27           jnz short WeChatWi.5747B7E4
5747B7BD    6A 3C           push 0x3C
5747B7BF    E8 26F58E00     call WeChatWi.57D6ACEA
5747B7C4    83C4 04         add esp,0x4
5747B7C7    8945 0C         mov dword ptr ss:[ebp+0xC],eax
5747B7CA    8BC8            mov ecx,eax
5747B7CC    C745 FC 0000000>mov dword ptr ss:[ebp-0x4],0x0
5747B7D3    E8 180A0000     call WeChatWi.5747C1F0
5747B7D8    C745 FC FFFFFFF>mov dword ptr ss:[ebp-0x4],-0x1
5747B7DF    A3 B8DF5858     mov dword ptr ds:[0x5858DFB8],eax
5747B7E4    8D9F 4C090000   lea ebx,dword ptr ds:[edi+0x94C]
5747B7EA    8BC8            mov ecx,eax
5747B7EC    53              push ebx
5747B7ED    E8 5E270000     call WeChatWi.5747DF50
5747B7F2    84C0            test al,al
5747B7F4    0F85 0C010000   jnz WeChatWi.5747B906
5747B7FA    837B 04 00      cmp dword ptr ds:[ebx+0x4],0x0
5747B7FE    0F9EC0          setle al
5747B801    84C0            test al,al
5747B803    0F85 FD000000   jnz WeChatWi.5747B906
5747B809    83BF D8090000 0>cmp dword ptr ds:[edi+0x9D8],0x0
5747B810    7F 37           jg short WeChatWi.5747B849
5747B812    8D87 88090000   lea eax,dword ptr ds:[edi+0x988]
5747B818    50              push eax
5747B819    8D8F D4090000   lea ecx,dword ptr ds:[edi+0x9D4]
5747B81F    53              push ebx
5747B820    51              push ecx
5747B821    E8 9AE5F7FF     call WeChatWi.573F9DC0
5747B826    8BC8            mov ecx,eax
5747B828    E8 F3FC1400     call WeChatWi.575CB520
5747B82D    84C0            test al,al
5747B82F    74 18           je short WeChatWi.5747B849
5747B831    83EC 08         sub esp,0x8
5747B834    8D87 D4090000   lea eax,dword ptr ds:[edi+0x9D4]
5747B83A    8BCC            mov ecx,esp
5747B83C    50              push eax
5747B83D    E8 BE473200     call WeChatWi.577A0000                   ; 调用这行后，取ebx
5747B842    8BCF            mov ecx,edi
5747B844    E8 97FBFFFF     call WeChatWi.5747B3E0
5747B849    83BF E0090000 0>cmp dword ptr ds:[edi+0x9E0],0x0
5747B850    0F8F B0000000   jg WeChatWi.5747B906
5747B856    80BF CC090000 0>cmp byte ptr ds:[edi+0x9CC],0x0
5747B85D    0F84 A3000000   je WeChatWi.5747B906
5747B863    E8 4847EFFF     call WeChatWi.5736FFB0
5747B868    8BCB            mov ecx,ebx
5747B86A    E8 E17E1100     call WeChatWi.57593750
5747B86F    84C0            test al,al
5747B871    0F85 8F000000   jnz WeChatWi.5747B906
5747B877    0F1005 D03D3258 movups xmm0,dqword ptr ds:[0x58323DD0]
5747B87E    83EC 10         sub esp,0x10
5747B881    8DB7 9C090000   lea esi,dword ptr ds:[edi+0x99C]
5747B887    8BC4            mov eax,esp
5747B889    8BCE            mov ecx,esi
5747B88B    83EC 10         sub esp,0x10
5747B88E    0F1100          movups dqword ptr ds:[eax],xmm0
5747B891    8BC4            mov eax,esp
5747B893    83EC 10         sub esp,0x10
5747B896    0F1100          movups dqword ptr ds:[eax],xmm0
5747B899    8BC4            mov eax,esp
5747B89B    83EC 10         sub esp,0x10
5747B89E    0F1100          movups dqword ptr ds:[eax],xmm0
5747B8A1    8BC4            mov eax,esp
5747B8A3    0F1100          movups dqword ptr ds:[eax],xmm0
5747B8A6    E8 C5D0EFFF     call WeChatWi.57378970
5747B8AB    83EC 10         sub esp,0x10
5747B8AE    8BCC            mov ecx,esp
5747B8B0    C601 02         mov byte ptr ds:[ecx],0x2
5747B8B3    8941 08         mov dword ptr ds:[ecx+0x8],eax
5747B8B6    8BCB            mov ecx,ebx
5747B8B8    E8 B3D0EFFF     call WeChatWi.57378970
5747B8BD    83EC 10         sub esp,0x10
5747B8C0    BA 58C43658     mov edx,WeChatWi.5836C458                ; ASCII "01_ui\common\HeadImgUI.cpp"
5747B8C5    8BCC            mov ecx,esp
5747B8C7    68 1CC53658     push WeChatWi.5836C51C                   ; ASCII "DoPaint user: %s, url: %s"
5747B8CC    68 A8C43658     push WeChatWi.5836C4A8                   ; ASCII "HeadImgUI"
5747B8D1    C601 02         mov byte ptr ds:[ecx],0x2
5747B8D4    8941 08         mov dword ptr ds:[ecx+0x8],eax
5747B8D7    B9 02000000     mov ecx,0x2
5747B8DC    68 D4C43658     push WeChatWi.5836C4D4                   ; ASCII "HeadImgUI::DoPaint"
5747B8E1    68 1B010000     push 0x11B
5747B8E6    E8 55533200     call WeChatWi.577A0C40
5747B8EB    83C4 6C         add esp,0x6C
5747B8EE    8D87 DC090000   lea eax,dword ptr ds:[edi+0x9DC]
5747B8F4    56              push esi
5747B8F5    53              push ebx
5747B8F6    50              push eax
5747B8F7    E8 C4E4F7FF     call WeChatWi.573F9DC0
5747B8FC    8BC8            mov ecx,eax
5747B8FE    E8 2D101500     call WeChatWi.575CC930
5747B903    8B75 08         mov esi,dword ptr ss:[ebp+0x8]
5747B906    80BF E4090000 0>cmp byte ptr ds:[edi+0x9E4],0x0
5747B90D    74 44           je short WeChatWi.5747B953
5747B90F    83EC 08         sub esp,0x8
5747B912    8BF4            mov esi,esp
5747B914    C706 00000000   mov dword ptr ds:[esi],0x0
5747B91A    C746 04 0000000>mov dword ptr ds:[esi+0x4],0x0
5747B921    8B87 D4090000   mov eax,dword ptr ds:[edi+0x9D4]
5747B927    8B9F D8090000   mov ebx,dword ptr ds:[edi+0x9D8]
5747B92D    8945 0C         mov dword ptr ss:[ebp+0xC],eax
5747B930    85C0            test eax,eax
5747B932    74 1A           je short WeChatWi.5747B94E
5747B934    85DB            test ebx,ebx
5747B936    7E 16           jle short WeChatWi.5747B94E
5747B938    53              push ebx
5747B939    8BCE            mov ecx,esi
5747B93B    E8 D0473200     call WeChatWi.577A0110
5747B940    53              push ebx
5747B941    FF75 0C         push dword ptr ss:[ebp+0xC]
5747B944    FF36            push dword ptr ds:[esi]
5747B946    E8 65E5C800     call WeChatWi.58109EB0
5747B94B    83C4 0C         add esp,0xC
5747B94E    FF75 08         push dword ptr ss:[ebp+0x8]



个人ebx
036FF85C  0AFD6E28  UNICODE "wxid_8du0u27rttry22"
036FF860  00000013
036FF864  00000020
036FF868  00000000
036FF86C  00000000
036FF870  00000000
036FF874  00000000
036FF878  00000000
036FF87C  00000000
036FF880  00000000
036FF884  00000000
036FF888  00000000
036FF88C  00000000
036FF890  00000000
036FF894  00000000
036FF898  0AED82C8  UNICODE "http://wx.qlogo.cn/mmhead/ver_1/iaozoXP9ibb2XMWbH6"
036FF89C  00000094
036FF8A0  00000100
036FF8A4  00000000
036FF8A8  00000000
036FF8AC  0AED7E78  UNICODE "http://wx.qlogo.cn/mmhead/ver_1/iaozoXP9ibb2XMWbH6"
036FF8B0  00000092
036FF8B4  00000100
036FF8B8  00000000
036FF8BC  00000000
036FF8C0  0ADB4DCC
036FF8C4  00000000
036FF8C8  00000000
036FF8CC  00000000
036FF8D0  00000000
036FF8D4  00000000
036FF8D8  00000003

群ebx
036F4F34  0AFD7198  UNICODE "9199093107@chatroom"
036F4F38  00000013
036F4F3C  00000020
036F4F40  00000000
036F4F44  00000000
036F4F48  00000000
036F4F4C  00000000
036F4F50  00000000
036F4F54  00000000
036F4F58  00000000
036F4F5C  00000000
036F4F60  00000000
036F4F64  00000000
036F4F68  00000000
036F4F6C  00000000
036F4F70  0AEDA998  UNICODE "http://wx.qlogo.cn/mmcrhead/xxib5HEohdRiaO26jEOkqq"
036F4F74  00000084
036F4F78  00000100
036F4F7C  00000000
036F4F80  00000000
036F4F84  00000000
036F4F88  00000000
036F4F8C  00000000
036F4F90  00000000
036F4F94  00000000
036F4F98  0ADB4DCC
036F4F9C  00000000
036F4FA0  00000000
036F4FA4  00000000
036F4FA8  00000000
036F4FAC  00000000
036F4FB0  00000003

公众号ebx
0AE05934  02ED4CE8  UNICODE "gh_3dfda90e39d6"
0AE05938  0000000F
0AE0593C  00000010
0AE05940  00000000
0AE05944  00000000
0AE05948  00000000
0AE0594C  00000000
0AE05950  00000000
0AE05954  00000000
0AE05958  00000000
0AE0595C  00000000
0AE05960  00000000
0AE05964  00000000
0AE05968  00000000
0AE0596C  00000000
0AE05970  04A59430  UNICODE "http://wx.qlogo.cn/mmhead/Q3auHgzwzM6CtTmrloqERDq5"
0AE05974  00000056
0AE05978  00000080
0AE0597C  00000000
0AE05980  00000000
0AE05984  04A59890  UNICODE "http://wx.qlogo.cn/mmhead/Q3auHgzwzM6CtTmrloqERDq5"
0AE05988  00000054
0AE0598C  00000080
0AE05990  00000000
0AE05994  00000000
0AE05998  0ADB4DCC
0AE0599C  00000000
0AE059A0  00000000
0AE059A4  00000000
0AE059A8  00000000
0AE059AC  00000000
0AE059B0  00000002











同意加好友请求:

消息类型:好友确认
收到好友消息:
好友wxid：
fmessage


v1_63a5c79810b2f39abe44093512a11d03de8b383ae9f83a539d559fe68e1b1544@stranger

v2_679c6c2dd446a8f2f8d78a8447887527c58deb9778c87900ebefa4bf9894f27df3f9f67f5c9e59c7c297f3ca75985bce44130a20ebbce742bc71dcf063e75ad6fc52e55b8227b00eabd0df846512d8d9@stranger

消息内容：
<msg fromusername="Lemonice-cheng" encryptusername="v1_63a5c79810b2f39abe44093512a11d03de8b383ae9f83a539d559fe68e1b1544@stranger" fromnickname="Lemonice" content="" fullpy="Lemonice" shortpy="LEMONICE" imagestatus="3" scene="6" country="CN" province="Guangdong" city="Guangzhou" sign="怎么样的人就有怎么样的故事。。。" percard="1" sex="1" alias="" weibo="" albumflag="0" albumstyle="0" albumbgimgid="" snsflag="273" snsbgimgid="http://mmsns.qpic.cn/mmsns/PiajxSqBRaEKINstXA9yy06n206ibnut057ribI40rib8lmKDMibs3pXC4qNibO23GZXuE/0" snsbgobjectid="11795503932415816424" mhash="312995dae082495f25daa5168e520716" mfullhash="312995dae082495f25daa5168e520716" bigheadimgurl="http://wx.qlogo.cn/mmhead/ver_1/VM4Xs3LB7QmicNWs7qicYaP0aFVZ1mA6L2iaPLTAPRFiccfbdLSaU9laySQHNzfnicPicgWibH3UE17XicnfFL48WOXoGhOic4HH1YrReLtlQyicAgXCQ/0" smallheadimgurl="http://wx.qlogo.cn/mmhead/ver_1/VM4Xs3LB7QmicNWs7qicYaP0aFVZ1mA6L2iaPLTAPRFiccfbdLSaU9laySQHNzfnicPicgWibH3UE17XicnfFL48WOXoGhOic4HH1YrReLtlQyicAgXCQ/96" ticket="v2_679c6c2dd446a8f2f8d78a8447887527c58deb9778c87900ebefa4bf9894f27df3f9f67f5c9e59c7c297f3ca75985bce44130a20ebbce742bc71dcf063e75ad6fc52e55b8227b00eabd0df846512d8d9@stranger" opcode="2" googlecontact="" qrticket="" chatroomusername="" sourceusername="" sourcenickname="" sharecardusername="" sharecardnickname="" cardversion=""><brandlist count="0" ver="698484744"></brandlist></msg>


基址：56F30000
570CDCE0    55              push ebp
570CDCE1    8BEC            mov ebp,esp
570CDCE3    6A FF           push -0x1
570CDCE5    68 E8330358     push WeChatWi.580333E8
570CDCEA    64:A1 00000000  mov eax,dword ptr fs:[0]
570CDCF0    50              push eax
570CDCF1    83EC 18         sub esp,0x18
570CDCF4    56              push esi
570CDCF5    57              push edi
570CDCF6    A1 942B4F58     mov eax,dword ptr ds:[0x584F2B94]
570CDCFB    33C5            xor eax,ebp
570CDCFD    50              push eax
570CDCFE    8D45 F4         lea eax,dword ptr ss:[ebp-0xC]
570CDD01    64:A3 00000000  mov dword ptr fs:[0],eax
570CDD07    8BF9            mov edi,ecx
570CDD09    8B8F F0060000   mov ecx,dword ptr ds:[edi+0x6F0]
570CDD0F    FFB1 28040000   push dword ptr ds:[ecx+0x428]
570CDD15    83EC 14         sub esp,0x14
570CDD18    54              push esp
570CDD19    E8 32730000     call WeChatWi.570D5050                   ; 传入v2
570CDD1E    8B8F F0060000   mov ecx,dword ptr ds:[edi+0x6F0]
570CDD24    8D45 DC         lea eax,dword ptr ss:[ebp-0x24]
570CDD27    50              push eax
570CDD28    E8 93A8EAFF     call WeChatWi.56F785C0                   ; 传入v1
570CDD2D    8BF0            mov esi,eax
570CDD2F    83EC 08         sub esp,0x8
570CDD32    C745 FC 0000000>mov dword ptr ss:[ebp-0x4],0x0
570CDD39    8B0D E8CE5458   mov ecx,dword ptr ds:[0x5854CEE8]        ; 参数地址
570CDD3F    E8 7C7DF4FF     call WeChatWi.57015AC0                   ; 获取eax的值
570CDD44    8BD7            mov edx,edi
570CDD46    8D8F BC060000   lea ecx,dword ptr ds:[edi+0x6BC]
570CDD4C    F7DA            neg edx
570CDD4E    50              push eax                                 ; 这个是上面的call回来的
570CDD4F    1BD2            sbb edx,edx
570CDD51    23D1            and edx,ecx
570CDD53    8D8F F4060000   lea ecx,dword ptr ds:[edi+0x6F4]
570CDD59    52              push edx                                 ; 0x130大小的空缓冲区
570CDD5A    56              push esi                                 ; v1结构体
570CDD5B    E8 70BCFEFF     call WeChatWi.570B99D0                   ; 同意好友主要的call
570CDD60    8B45 DC         mov eax,dword ptr ss:[ebp-0x24]
570CDD63    85C0            test eax,eax
570CDD65    74 10           je short WeChatWi.570CDD77
570CDD67    50              push eax
570CDD68    E8 C7C4F300     call WeChatWi.5800A234
570CDD6D    83C4 04         add esp,0x4
570CDD70    C745 DC 0000000>mov dword ptr ss:[ebp-0x24],0x0
570CDD77    8B45 E8         mov eax,dword ptr ss:[ebp-0x18]          ; user32.73DE4F8A
570CDD7A    C745 E4 0000000>mov dword ptr ss:[ebp-0x1C],0x0
570CDD81    C745 E0 0000000>mov dword ptr ss:[ebp-0x20],0x0
570CDD88    85C0            test eax,eax
570CDD8A    74 09           je short WeChatWi.570CDD95
570CDD8C    50              push eax
570CDD8D    E8 A2C4F300     call WeChatWi.5800A234
570CDD92    83C4 04         add esp,0x4
570CDD95    B0 01           mov al,0x1
570CDD97    8B4D F4         mov ecx,dword ptr ss:[ebp-0xC]
570CDD9A    64:890D 0000000>mov dword ptr fs:[0],ecx
570CDDA1    59              pop ecx                                  ; user32.73DE4F8A
570CDDA2    5F              pop edi                                  ; user32.73DE4F8A
570CDDA3    5E              pop esi                                  ; user32.73DE4F8A
570CDDA4    8BE5            mov esp,ebp
570CDDA6    5D              pop ebp                                  ; user32.73DE4F8A
570CDDA7    C3              retn
570CDDA8    CC              int3
570CDDA9    CC              int3
570CDDAA    CC              int3
570CDDAB    CC              int3
570CDDAC    CC              int3
570CDDAD    CC              int3
570CDDAE    CC              int3
570CDDAF    CC              int3
570CDDB0    55              push ebp
570CDDB1    8BEC            mov ebp,esp
570CDDB3    6A FF           push -0x1
570CDDB5    68 E8330358     push WeChatWi.580333E8
570CDDBA    64:A1 00000000  mov eax,dword ptr fs:[0]
570CDDC0    50              push eax
570CDDC1    83EC 1C         sub esp,0x1C
570CDDC4    56              push esi
570CDDC5    A1 942B4F58     mov eax,dword ptr ds:[0x584F2B94]
570CDDCA    33C5            xor eax,ebp
570CDDCC    50              push eax
570CDDCD    8D45 F4         lea eax,dword ptr ss:[ebp-0xC]
570CDDD0    64:A3 00000000  mov dword ptr fs:[0],eax
570CDDD6    8BF1            mov esi,ecx
570CDDD8    83EC 14         sub esp,0x14
570CDDDB    8BCC            mov ecx,esp
570CDDDD    6A FF           push -0x1
570CDDDF    C701 00000000   mov dword ptr ds:[ecx],0x0
570CDDE5    C741 04 0000000>mov dword ptr ds:[ecx+0x4],0x0
570CDDEC    C741 08 0000000>mov dword ptr ds:[ecx+0x8],0x0
570CDDF3    68 08892958     push WeChatWi.58298908
570CDDF8    C741 0C 0000000>mov dword ptr ds:[ecx+0xC],0x0
570CDDFF    C741 10 0000000>mov dword ptr ds:[ecx+0x10],0x0
570CDE06    E8 A5123400     call WeChatWi.5740F0B0
570CDE0B    83EC 14         sub esp,0x14
570CDE0E    8BCC            mov ecx,esp
570CDE10    6A FF           push -0x1
570CDE12    C701 00000000   mov dword ptr ds:[ecx],0x0
570CDE18    C741 04 0000000>mov dword ptr ds:[ecx+0x4],0x0
570CDE1F    C741 08 0000000>mov dword ptr ds:[ecx+0x8],0x0
570CDE26    68 08892958     push WeChatWi.58298908
570CDE2B    C741 0C 0000000>mov dword ptr ds:[ecx+0xC],0x0
570CDE32    C741 10 0000000>mov dword ptr ds:[ecx+0x10],0x0
570CDE39    E8 72123400     call WeChatWi.5740F0B0
570CDE3E    8B8E F0060000   mov ecx,dword ptr ds:[esi+0x6F0]
570CDE44    8D45 DC         lea eax,dword ptr ss:[ebp-0x24]
570CDE47    50              push eax
570CDE48    E8 73A7EAFF     call WeChatWi.56F785C0
570CDE4D    8BD0            mov edx,eax
570CDE4F    C745 FC 0000000>mov dword ptr ss:[ebp-0x4],0x0
570CDE56    8B8E F0060000   mov ecx,dword ptr ds:[esi+0x6F0]
570CDE5C    6A 01           push 0x1
570CDE5E    FFB1 28040000   push dword ptr ds:[ecx+0x428]
570CDE64    8B0D E8CE5458   mov ecx,dword ptr ds:[0x5854CEE8]
570CDE6A    6A 01           push 0x1
570CDE6C    E8 4F7CF4FF     call WeChatWi.57015AC0
570CDE71    8BCE            mov ecx,esi
570CDE73    F7D9            neg ecx
570CDE75    50              push eax
570CDE76    1BC9            sbb ecx,ecx
570CDE78    8D86 BC060000   lea eax,dword ptr ds:[esi+0x6BC]
570CDE7E    23C8            and ecx,eax
570CDE80    51              push ecx
570CDE81    52              push edx
570CDE82    8D8E F4060000   lea ecx,dword ptr ds:[esi+0x6F4]
570CDE88    E8 B3B8FEFF     call WeChatWi.570B9740
570CDE8D    8B45 DC         mov eax,dword ptr ss:[ebp-0x24]
570CDE90    85C0            test eax,eax





加好友：
基址：56F30000
570B303D    8D95 3CFFFFFF   lea edx,dword ptr ss:[ebp-0xC4]
570B3043    52              push edx
570B3044    8B01            mov eax,dword ptr ds:[ecx]
570B3046    FF50 04         call dword ptr ds:[eax+0x4]
570B3049    68 50372B58     push WeChatWi.582B3750                   ; UNICODE "okbtn"
570B304E    8BC8            mov ecx,eax
570B3050    E8 2B916800     call WeChatWi.5773C180
570B3055    50              push eax
570B3056    E8 B38FF400     call WeChatWi.57FFC00E
570B305B    83C4 08         add esp,0x8
570B305E    8D8D 3CFFFFFF   lea ecx,dword ptr ss:[ebp-0xC4]
570B3064    85C0            test eax,eax
570B3066    0F94C3          sete bl
570B3069    E8 AB916800     call WeChatWi.5773C219
570B306E    84DB            test bl,bl
570B3070    0F84 8C010000   je WeChatWi.570B3202
570B3076    83BE 44030000 0>cmp dword ptr ds:[esi+0x344],0x0
570B307D    0F84 57030000   je WeChatWi.570B33DA
570B3083    6A FF           push -0x1
570B3085    68 08892958     push WeChatWi.58298908
570B308A    8D8D 28FFFFFF   lea ecx,dword ptr ss:[ebp-0xD8]
570B3090    E8 1BBD3500     call WeChatWi.5740EDB0
570B3095    C745 FC 0000000>mov dword ptr ss:[ebp-0x4],0x0
570B309C    C745 E4 0000000>mov dword ptr ss:[ebp-0x1C],0x0
570B30A3    C745 E8 0000000>mov dword ptr ss:[ebp-0x18],0x0
570B30AA    C745 EC 0000000>mov dword ptr ss:[ebp-0x14],0x0
570B30B1    8D45 E4         lea eax,dword ptr ss:[ebp-0x1C]
570B30B4    C645 FC 01      mov byte ptr ss:[ebp-0x4],0x1
570B30B8    8B8E 44030000   mov ecx,dword ptr ds:[esi+0x344]
570B30BE    50              push eax
570B30BF    E8 BCE8F2FF     call WeChatWi.56FE1980
570B30C4    8B4D E8         mov ecx,dword ptr ss:[ebp-0x18]          ; user32.73DE4F8A
570B30C7    B8 398EE338     mov eax,0x38E38E39
570B30CC    8B7D E4         mov edi,dword ptr ss:[ebp-0x1C]          ; user32.73DE895C
570B30CF    2BCF            sub ecx,edi
570B30D1    F7E9            imul ecx
570B30D3    C1FA 03         sar edx,0x3
570B30D6    8BC2            mov eax,edx
570B30D8    C1E8 1F         shr eax,0x1F
570B30DB    03C2            add eax,edx
570B30DD    74 14           je short WeChatWi.570B30F3
570B30DF    833F 01         cmp dword ptr ds:[edi],0x1
570B30E2    75 0F           jnz short WeChatWi.570B30F3
570B30E4    8D47 04         lea eax,dword ptr ds:[edi+0x4]
570B30E7    50              push eax
570B30E8    8D8D 28FFFFFF   lea ecx,dword ptr ss:[ebp-0xD8]
570B30EE    E8 EDC13500     call WeChatWi.5740F2E0
570B30F3    8BBD 28FFFFFF   mov edi,dword ptr ss:[ebp-0xD8]
570B30F9    8D8E 48030000   lea ecx,dword ptr ds:[esi+0x348]
570B30FF    85FF            test edi,edi
570B3101    74 08           je short WeChatWi.570B310B
570B3103    66:833F 00      cmp word ptr ds:[edi],0x0
570B3107    8BC7            mov eax,edi
570B3109    75 05           jnz short WeChatWi.570B3110
570B310B    B8 08892958     mov eax,WeChatWi.58298908
570B3110    FFB5 2CFFFFFF   push dword ptr ss:[ebp-0xD4]
570B3116    50              push eax
570B3117    E8 94BF3500     call WeChatWi.5740F0B0
570B311C    8D9E 24030000   lea ebx,dword ptr ds:[esi+0x324]
570B3122    8BCB            mov ecx,ebx
570B3124    E8 47E85800     call WeChatWi.57641970
570B3129    84C0            test al,al
570B312B    74 3A           je short WeChatWi.570B3167
570B312D    6A 00           push 0x0
570B312F    8D86 68030000   lea eax,dword ptr ds:[esi+0x368]
570B3135    50              push eax
570B3136    8D4D C4         lea ecx,dword ptr ss:[ebp-0x3C]
570B3139    E8 C2BD3500     call WeChatWi.5740EF00
570B313E    8D45 C4         lea eax,dword ptr ss:[ebp-0x3C]
570B3141    C645 FC 02      mov byte ptr ss:[ebp-0x4],0x2
570B3145    50              push eax
570B3146    8D85 28FFFFFF   lea eax,dword ptr ss:[ebp-0xD8]
570B314C    50              push eax
570B314D    53              push ebx
570B314E    E8 BD5DEFFF     call WeChatWi.56FA8F10
570B3153    8BC8            mov ecx,eax
570B3155    E8 36F85800     call WeChatWi.57642990
570B315A    8D4D C4         lea ecx,dword ptr ss:[ebp-0x3C]
570B315D    E8 3E9EECFF     call WeChatWi.56F7CFA0
570B3162    E9 83000000     jmp WeChatWi.570B31EA
570B3167    83EC 18         sub esp,0x18
570B316A    8BCC            mov ecx,esp
570B316C    89A5 24FFFFFF   mov dword ptr ss:[ebp-0xDC],esp
570B3172    68 949C2958     push WeChatWi.58299C94                   ; 参数地址
570B3177    E8 D4F3ECFF     call WeChatWi.56F82550                   ; 调用1
570B317C    83EC 18         sub esp,0x18
570B317F    C645 FC 03      mov byte ptr ss:[ebp-0x4],0x3
570B3183    8D86 68030000   lea eax,dword ptr ds:[esi+0x368]
570B3189    89A5 1CFFFFFF   mov dword ptr ss:[ebp-0xE4],esp
570B318F    8BCC            mov ecx,esp
570B3191    50              push eax
570B3192    E8 79B7EEFF     call WeChatWi.56F9E910                   ; 调用2
570B3197    FFB6 64030000   push dword ptr ds:[esi+0x364]
570B319D    85FF            test edi,edi
570B319F    74 06           je short WeChatWi.570B31A7
570B31A1    66:833F 00      cmp word ptr ds:[edi],0x0
570B31A5    75 05           jnz short WeChatWi.570B31AC
570B31A7    BF 08892958     mov edi,WeChatWi.58298908
570B31AC    83EC 14         sub esp,0x14
570B31AF    8BCC            mov ecx,esp
570B31B1    89A5 18FFFFFF   mov dword ptr ss:[ebp-0xE8],esp
570B31B7    6A FF           push -0x1
570B31B9    57              push edi
570B31BA    E8 F1BB3500     call WeChatWi.5740EDB0                   ; 调用3
570B31BF    FFB6 5C030000   push dword ptr ds:[esi+0x35C]
570B31C5    83EC 14         sub esp,0x14
570B31C8    8BCC            mov ecx,esp
570B31CA    89A5 20FFFFFF   mov dword ptr ss:[ebp-0xE0],esp
570B31D0    53              push ebx
570B31D1    E8 1ABC3500     call WeChatWi.5740EDF0                   ; 调用4
570B31D6    C645 FC 06      mov byte ptr ss:[ebp-0x4],0x6
570B31DA    E8 41B5ECFF     call WeChatWi.56F7E720                   ; 调用5
570B31DF    8BC8            mov ecx,eax
570B31E1    C645 FC 01      mov byte ptr ss:[ebp-0x4],0x1
570B31E5    E8 867D1200     call WeChatWi.571DAF70                   ; 调用6
570B31EA    8D4D E4         lea ecx,dword ptr ss:[ebp-0x1C]
570B31ED    E8 2E2AF3FF     call WeChatWi.56FE5C20
570B31F2    8D8D 28FFFFFF   lea ecx,dword ptr ss:[ebp-0xD8]
570B31F8    E8 A39DECFF     call WeChatWi.56F7CFA0
570B31FD    E9 D8010000     jmp WeChatWi.570B33DA
570B3202    8B8F 08010000   mov ecx,dword ptr ds:[edi+0x108]         ; ntdll.770B562E
570B3208    8D95 3CFFFFFF   lea edx,dword ptr ss:[ebp-0xC4]
570B320E    52              push edx
570B320F    8B01            mov eax,dword ptr ds:[ecx]
570B3211    FF50 04         call dword ptr ds:[eax+0x4]
570B3214    68 04212B58     push WeChatWi.582B2104                   ; UNICODE "cancelbtn"
570B3219    8BC8            mov ecx,eax
570B321B    E8 608F6800     call WeChatWi.5773C180
570B3220    50              push eax
570B3221    E8 E88DF400     call WeChatWi.57FFC00E
570B3226    83C4 08         add esp,0x8
570B3229    8D8D 3CFFFFFF   lea ecx,dword ptr ss:[ebp-0xC4]
570B322F    85C0            test eax,eax
570B3231    0F94C3          sete bl
570B3234    E8 E08F6800     call WeChatWi.5773C219
570B3239    84DB            test bl,bl
570B323B    75 3F           jnz short WeChatWi.570B327C
570B323D    8B8F 08010000   mov ecx,dword ptr ds:[edi+0x108]         ; ntdll.770B562E
570B3243    8D95 3CFFFFFF   lea edx,dword ptr ss:[ebp-0xC4]
570B3249    52              push edx
570B324A    8B01            mov eax,dword ptr ds:[ecx]
570B324C    FF50 04         call dword ptr ds:[eax+0x4]
570B324F    68 10E32158     push WeChatWi.5821E310                   ; UNICODE "closebtn"
570B3254    8BC8            mov ecx,eax
570B3256    E8 258F6800     call WeChatWi.5773C180
570B325B    50              push eax
570B325C    E8 AD8DF400     call WeChatWi.57FFC00E
570B3261    83C4 08         add esp,0x8
570B3264    8D8D 3CFFFFFF   lea ecx,dword ptr ss:[ebp-0xC4]
570B326A    85C0            test eax,eax
570B326C    0F94C3          sete bl
570B326F    E8 A58F6800     call WeChatWi.5773C219
570B3274    84DB            test bl,bl
570B3276    0F84 56010000   je WeChatWi.570B33D2
570B327C    8B46 E0         mov eax,dword ptr ds:[esi-0x20]          ; WeChatWi.57741459
570B327F    8D4E E0         lea ecx,dword ptr ds:[esi-0x20]
570B3282    6A 02           push 0x2
570B3284    FF10            call dword ptr ds:[eax]
570B3286    E9 4F010000     jmp WeChatWi.570B33DA
570B328B    68 1CE72958     push WeChatWi.5829E71C                   ; UNICODE "textchanged"
570B3290    8BCF            mov ecx,edi
570B3292    E8 E98E6800     call WeChatWi.5773C180
570B3297    50              push eax
570B3298    E8 718DF400     call WeChatWi.57FFC00E
570B329D    83C4 08         add esp,0x8
570B32A0    85C0            test eax,eax
570B32A2    0F85 2A010000   jnz WeChatWi.570B33D2
570B32A8    8B8F 08010000   mov ecx,dword ptr ds:[edi+0x108]         ; ntdll.770B562E
570B32AE    8D95 3CFFFFFF   lea edx,dword ptr ss:[ebp-0xC4]
570B32B4    52              push edx
570B32B5    8B01            mov eax,dword ptr ds:[ecx]
570B32B7    FF50 04         call dword ptr ds:[eax+0x4]
570B32BA    68 68EB2958     push WeChatWi.5829EB68                   ; UNICODE "contendEdit"
570B32BF    8BC8            mov ecx,eax
570B32C1    E8 BA8E6800     call WeChatWi.5773C180
570B32C6    50              push eax
570B32C7    E8 428DF400     call WeChatWi.57FFC00E
570B32CC    83C4 08         add esp,0x8
570B32CF    8D8D 3CFFFFFF   lea ecx,dword ptr ss:[ebp-0xC4]
570B32D5    85C0            test eax,eax
570B32D7    0F94C3          sete bl
570B32DA    E8 3A8F6800     call WeChatWi.5773C219
570B32DF    84DB            test bl,bl
570B32E1    0F84 EB000000   je WeChatWi.570B33D2
570B32E7    8B8E 44030000   mov ecx,dword ptr ds:[esi+0x344]
570B32ED    8D95 3CFFFFFF   lea edx,dword ptr ss:[ebp-0xC4]
570B32F3    52              push edx
570B32F4    8B01            mov eax,dword ptr ds:[ecx]
570B32F6    FF50 3C         call dword ptr ds:[eax+0x3C]
570B32F9    6A FF           push -0x1
570B32FB    8BC8            mov ecx,eax
570B32FD    E8 7E8E6800     call WeChatWi.5773C180
570B3302    50              push eax
570B3303    8D8D 28FFFFFF   lea ecx,dword ptr ss:[ebp-0xD8]
570B3309    E8 A2BA3500     call WeChatWi.5740EDB0
570B330E    8D8D 3CFFFFFF   lea ecx,dword ptr ss:[ebp-0xC4]
570B3314    C745 FC 0700000>mov dword ptr ss:[ebp-0x4],0x7
570B331B    E8 F98E6800     call WeChatWi.5773C219
570B3320    8B9D 2CFFFFFF   mov ebx,dword ptr ss:[ebp-0xD4]
570B3326    83FB 14         cmp ebx,0x14
570B3329    0F8E 91000000   jle WeChatWi.570B33C0
570B332F    83EC 14         sub esp,0x14
570B3332    8D85 28FFFFFF   lea eax,dword ptr ss:[ebp-0xD8]
570B3338    8BCC            mov ecx,esp
570B333A    50              push eax
570B333B    E8 B0BA3500     call WeChatWi.5740EDF0
570B3340    E8 0BFCFFFF     call WeChatWi.570B2F50
570B3345    83C4 14         add esp,0x14
570B3348    83F8 28         cmp eax,0x28
570B334B    7E 73           jle short WeChatWi.570B33C0
570B334D    8B85 28FFFFFF   mov eax,dword ptr ss:[ebp-0xD8]
570B3353    85C0            test eax,eax
570B3355    74 06           je short WeChatWi.570B335D
570B3357    66:8338 00      cmp word ptr ds:[eax],0x0
570B335B    75 05           jnz short WeChatWi.570B3362
570B335D    B8 08892958     mov eax,WeChatWi.58298908
570B3362    50              push eax
570B3363    8D4D C0         lea ecx,dword ptr ss:[ebp-0x40]
570B3366    E8 6591EEFF     call WeChatWi.56F9C4D0
570B336B    C645 FC 08      mov byte ptr ss:[ebp-0x4],0x8
570B336F    8D4D C0         lea ecx,dword ptr ss:[ebp-0x40]
570B3372    8B45 D0         mov eax,dword ptr ss:[ebp-0x30]
570B3375    48              dec eax
570B3376    50              push eax
570B3377    6A 00           push 0x0
570B3379    8D45 D8         lea eax,dword ptr ss:[ebp-0x28]
570B337C    50              push eax
570B337D    E8 7E5FFAFF     call WeChatWi.57059300
570B3382    8BD0            mov edx,eax
570B3384    C645 FC 09      mov byte ptr ss:[ebp-0x4],0x9
570B3388    837A 14 08      cmp dword ptr ds:[edx+0x14],0x8
570B338C    72 02           jb short WeChatWi.570B3390
570B338E    8B12            mov edx,dword ptr ds:[edx]
570B3390    8B8E 44030000   mov ecx,dword ptr ds:[esi+0x344]
570B3396    52              push edx
570B3397    8B01            mov eax,dword ptr ds:[ecx]
570B3399    FF50 40         call dword ptr ds:[eax+0x40]
570B339C    8D4D D8         lea ecx,dword ptr ss:[ebp-0x28]
570B339F    C645 FC 08      mov byte ptr ss:[ebp-0x4],0x8
570B33A3    E8 58B6EEFF     call WeChatWi.56F9EA00
570B33A8    8B8E 44030000   mov ecx,dword ptr ds:[esi+0x344]





获取好友详情：22905167168@chatroom
基址：56F30000
571556D9    33C5            xor eax,ebp
571556DB    8945 F0         mov dword ptr ss:[ebp-0x10],eax
571556DE    53              push ebx
571556DF    56              push esi
571556E0    57              push edi
571556E1    50              push eax
571556E2    8D45 F4         lea eax,dword ptr ss:[ebp-0xC]
571556E5    64:A3 00000000  mov dword ptr fs:[0],eax
571556EB    8BF1            mov esi,ecx
571556ED    C745 FC 0000000>mov dword ptr ss:[ebp-0x4],0x0
571556F4    8B86 480A0000   mov eax,dword ptr ds:[esi+0xA48]
571556FA    85C0            test eax,eax
571556FC    74 10           je short WeChatWi.5715570E
571556FE    B2 01           mov dl,0x1
57155700    C680 890B0000 0>mov byte ptr ds:[eax+0xB89],0x0
57155707    32C9            xor cl,cl
57155709    E8 825DE5FF     call WeChatWi.56FAB490
5715570E    8B8E AC0B0000   mov ecx,dword ptr ds:[esi+0xBAC]
57155714    6A 00           push 0x0
57155716    8B01            mov eax,dword ptr ds:[ecx]
57155718    FF90 EC000000   call dword ptr ds:[eax+0xEC]
5715571E    8B5D 0C         mov ebx,dword ptr ss:[ebp+0xC]
57155721    85DB            test ebx,ebx
57155723    0F9EC0          setle al
57155726    84C0            test al,al
57155728    0F85 FC020000   jnz WeChatWi.57155A2A
5715572E    A1 14625558     mov eax,dword ptr ds:[0x58556214]
57155733    85C0            test eax,eax
57155735    74 06           je short WeChatWi.5715573D
57155737    66:8338 00      cmp word ptr ds:[eax],0x0
5715573B    75 05           jnz short WeChatWi.57155742
5715573D    B8 08892958     mov eax,WeChatWi.58298908
57155742    50              push eax
57155743    8D4D 08         lea ecx,dword ptr ss:[ebp+0x8]
57155746    E8 C59C2B00     call WeChatWi.5740F410
5715574B    8B7D 08         mov edi,dword ptr ss:[ebp+0x8]
5715574E    85C0            test eax,eax
57155750    0F84 4F020000   je WeChatWi.571559A5
57155756    85FF            test edi,edi
57155758    74 08           je short WeChatWi.57155762
5715575A    66:833F 00      cmp word ptr ds:[edi],0x0
5715575E    8BC7            mov eax,edi
57155760    75 05           jnz short WeChatWi.57155767
57155762    B8 08892958     mov eax,WeChatWi.58298908
57155767    50              push eax
57155768    B9 28625558     mov ecx,WeChatWi.58556228
5715576D    E8 9E9C2B00     call WeChatWi.5740F410
57155772    85C0            test eax,eax
57155774    0F84 2B020000   je WeChatWi.571559A5
5715577A    85FF            test edi,edi
5715577C    74 08           je short WeChatWi.57155786
5715577E    66:833F 00      cmp word ptr ds:[edi],0x0
57155782    8BC7            mov eax,edi
57155784    75 05           jnz short WeChatWi.5715578B
57155786    B8 08892958     mov eax,WeChatWi.58298908
5715578B    50              push eax
5715578C    B9 3C625558     mov ecx,WeChatWi.5855623C
57155791    E8 7A9C2B00     call WeChatWi.5740F410
57155796    85C0            test eax,eax
57155798    0F84 07020000   je WeChatWi.571559A5
5715579E    E8 7D8FE2FF     call WeChatWi.56F7E720
571557A3    8D45 08         lea eax,dword ptr ss:[ebp+0x8]
571557A6    50              push eax
571557A7    E8 54930800     call WeChatWi.571DEB00
571557AC    83F8 02         cmp eax,0x2
571557AF    0F84 EA010000   je WeChatWi.5715599F
571557B5    8DBE 500C0000   lea edi,dword ptr ds:[esi+0xC50]
571557BB    57              push edi
571557BC    83EC 14         sub esp,0x14
571557BF    8D45 08         lea eax,dword ptr ss:[ebp+0x8]
571557C2    8BCC            mov ecx,esp
571557C4    8965 D4         mov dword ptr ss:[ebp-0x2C],esp
571557C7    50              push eax
571557C8    E8 23962B00     call WeChatWi.5740EDF0                   ; call1
571557CD    C645 FC 01      mov byte ptr ss:[ebp-0x4],0x1
571557D1    E8 4A8FE2FF     call WeChatWi.56F7E720                   ; call2
571557D6    C645 FC 00      mov byte ptr ss:[ebp-0x4],0x0
571557DA    E8 A1720800     call WeChatWi.571DCA80                   ; call3
571557DF    84C0            test al,al
571557E1    0F84 43020000   je WeChatWi.57155A2A
571557E7    81EC E0030000   sub esp,0x3E0
571557ED    8BCC            mov ecx,esp
571557EF    57              push edi
571557F0    E8 1B51EDFF     call WeChatWi.5702A910
571557F5    8BCE            mov ecx,esi
571557F7    E8 84020000     call WeChatWi.57155A80
571557FC    8D45 C0         lea eax,dword ptr ss:[ebp-0x40]
571557FF    8BCF            mov ecx,edi
57155801    50              push eax
57155802    E8 B968E5FF     call WeChatWi.56FAC0C0
57155807    8DBE 58100000   lea edi,dword ptr ds:[esi+0x1058]
5715580D    50              push eax
5715580E    8BCF            mov ecx,edi
57155810    E8 7BA02B00     call WeChatWi.5740F890
57155815    8D4D C0         lea ecx,dword ptr ss:[ebp-0x40]
57155818    E8 8377E2FF     call WeChatWi.56F7CFA0
5715581D    6A 00           push 0x0
5715581F    8BCE            mov ecx,esi
57155821    E8 BA1A0000     call WeChatWi.571572E0
57155826    8BCF            mov ecx,edi
57155828    E8 23780800     call WeChatWi.571DD050
5715582D    84C0            test al,al
5715582F    0F84 01010000   je WeChatWi.57155936
57155835    8D45 D8         lea eax,dword ptr ss:[ebp-0x28]
57155838    50              push eax
57155839    E8 72CBE2FF     call WeChatWi.56F823B0
5715583E    8BC8            mov ecx,eax
57155840    E8 FB962100     call WeChatWi.5736EF40
57155845    6A 00           push 0x0
57155847    50              push eax
57155848    8D4D C0         lea ecx,dword ptr ss:[ebp-0x40]
5715584B    E8 B0962B00     call WeChatWi.5740EF00
57155850    8D4D D8         lea ecx,dword ptr ss:[ebp-0x28]
57155853    C645 FC 02      mov byte ptr ss:[ebp-0x4],0x2
57155857    E8 047AE2FF     call WeChatWi.56F7D260
5715585C    E8 DF0AE4FF     call WeChatWi.56F96340
57155861    8D45 C0         lea eax,dword ptr ss:[ebp-0x40]
57155864    50              push eax
57155865    57              push edi
57155866    E8 35A20700     call WeChatWi.571CFAA0
5715586B    84C0            test al,al
5715586D    74 1E           je short WeChatWi.5715588D
5715586F    57              push edi
57155870    8BCE            mov ecx,esi
57155872    E8 19140000     call WeChatWi.57156C90
57155877    6A 05           push 0x5
57155879    8BCE            mov ecx,esi
5715587B    E8 90270000     call WeChatWi.57158010
57155880    8D4D C0         lea ecx,dword ptr ss:[ebp-0x40]
57155883    E8 1877E2FF     call WeChatWi.56F7CFA0
57155888    E9 9D010000     jmp WeChatWi.57155A2A
5715588D    8B8E 7C0A0000   mov ecx,dword ptr ds:[esi+0xA7C]
57155893    6A 00           push 0x0
57155895    8B01            mov eax,dword ptr ds:[ecx]
57155897    FF90 EC000000   call dword ptr ds:[eax+0xEC]
5715589D    6A 00           push 0x0
5715589F    8BCE            mov ecx,esi
571558A1    E8 3A1A0000     call WeChatWi.571572E0
571558A6    8B8E 900A0000   mov ecx,dword ptr ds:[esi+0xA90]
571558AC    6A 00           push 0x0
571558AE    8B01            mov eax,dword ptr ds:[ecx]
571558B0    FF90 EC000000   call dword ptr ds:[eax+0xEC]
571558B6    8B8E A80B0000   mov ecx,dword ptr ds:[esi+0xBA8]
571558BC    6A 00           push 0x0
571558BE    8B01            mov eax,dword ptr ds:[ecx]
571558C0    FF90 EC000000   call dword ptr ds:[eax+0xEC]
571558C6    8B8E 080B0000   mov ecx,dword ptr ds:[esi+0xB08]
571558CC    85C9            test ecx,ecx
571558CE    74 0A           je short WeChatWi.571558DA
571558D0    8B01            mov eax,dword ptr ds:[ecx]
571558D2    6A 00           push 0x0
571558D4    FF90 EC000000   call dword ptr ds:[eax+0xEC]
571558DA    8B8E 7C0A0000   mov ecx,dword ptr ds:[esi+0xA7C]
571558E0    6A 01           push 0x1
571558E2    8B01            mov eax,dword ptr ds:[ecx]
571558E4    FF90 EC000000   call dword ptr ds:[eax+0xEC]
571558EA    8BCE            mov ecx,esi
571558EC    E8 AF150000     call WeChatWi.57156EA0
571558F1    83EC 14         sub esp,0x14
571558F4    BA 22040000     mov edx,0x422
571558F9    8BCC            mov ecx,esp
571558FB    8965 D4         mov dword ptr ss:[ebp-0x2C],esp
571558FE    32DB            xor bl,bl
57155900    E8 DBA32B00     call WeChatWi.5740FCE0
57155905    83EC 14         sub esp,0x14
57155908    C645 FC 03      mov byte ptr ss:[ebp-0x4],0x3
5715590C    BA 0E040000     mov edx,0x40E
57155911    8BCC            mov ecx,esp
57155913    E8 C8A32B00     call WeChatWi.5740FCE0
57155918    C645 FC 02      mov byte ptr ss:[ebp-0x4],0x2
5715591C    8AD3            mov dl,bl
5715591E    8B4E 04         mov ecx,dword ptr ds:[esi+0x4]
57155921    E8 7A5DF0FF     call WeChatWi.5705B6A0
57155926    83C4 28         add esp,0x28
57155929    8D4D C0         lea ecx,dword ptr ss:[ebp-0x40]
5715592C    E8 6F76E2FF     call WeChatWi.56F7CFA0
57155931    E9 F4000000     jmp WeChatWi.57155A2A
57155936    8B8E 7C0A0000   mov ecx,dword ptr ds:[esi+0xA7C]
5715593C    6A 00           push 0x0
5715593E    8B01            mov eax,dword ptr ds:[ecx]
57155940    FF90 EC000000   call dword ptr ds:[eax+0xEC]
57155946    6A 00           push 0x0
57155948    8BCE            mov ecx,esi
5715594A    E8 91190000     call WeChatWi.571572E0






个人edi
0D589BB0  00000000
0D589BB4  00000000
0D589BB8  0D8CFDC0  UNICODE "wxid_ex8vs2ew6u5j12"  0x8
0D589BBC  00000013
0D589BC0  00000020
0D589BC4  00000000
0D589BC8  00000000
0D589BCC  0DB7B730  UNICODE "yfsx5201314"  0x1C
0D589BD0  0000000B
0D589BD4  00000010
0D589BD8  00000000
0D589BDC  00000000
0D589BE0  0D871910  UNICODE "v1_d0bebd57db3ead25fdc4c9632853fe0a6a11f06cc4c3b29"   0x30
0D589BE4  0000006C
0D589BE8  00000080
0D589BEC  00000000
0D589BF0  00000000
0D589BF4  00000000
0D589BF8  00000001
0D589BFC  00000000
0D589C00  0DB715A8  UNICODE "瓷肌-森贤"  0x50
0D589C04  00000005
0D589C08  00000008
0D589C0C  00000000
0D589C10  00000000
0D589C14  0DA15B40  UNICODE "雨雪纷飞"  0x64
0D589C18  00000004
0D589C1C  00000008
0D589C20  00000000
0D589C24  00000000
0D589C28  00000000
0D589C2C  00000000
0D589C30  00000000
0D589C34  00000000
0D589C38  00000000
0D589C3C  00000000
0D589C40  00000000
0D589C44  00000000
0D589C48  00000000
0D589C4C  00000000
0D589C50  00000001
0D589C54  0DA15A20  UNICODE "YXFF"
0D589C58  00000004
0D589C5C  00000008
0D589C60  00000000
0D589C64  00000000
0D589C68  0DA51A08  UNICODE "yuxuefenfei"
0D589C6C  0000000B
0D589C70  00000010
0D589C74  00000000
0D589C78  00000000
0D589C7C  0DC69890  UNICODE "CJSX"
0D589C80  00000004
0D589C84  00000004
0D589C88  00000000
0D589C8C  00000000
0D589C90  0DB7B7C0  UNICODE "cijisenxian"
0D589C94  0000000B
0D589C98  00000010
0D589C9C  00000000
0D589CA0  00000000
0D589CA4  0D842E90  UNICODE "http://wx.qlogo.cn/mmhead/ver_1/59RvVaxnaqKNgiaNT3"
0D589CA8  00000093
0D589CAC  00000100
0D589CB0  00000000
0D589CB4  00000000
0D589CB8  0DC2C2B0  UNICODE "http://wx.qlogo.cn/mmhead/ver_1/59RvVaxnaqKNgiaNT3"  0x108
0D589CBC  00000095
0D589CC0  00000100
0D589CC4  00000000
0D589CC8  00000000
0D589CCC  0DB929D0  ASCII "747e527aec4b24b1f1ca46779ddbd49a"
0D589CD0  01010101
0D589CD4  01010101
0D589CD8  01010101
0D589CDC  00000020
0D589CE0  0000002F
0D589CE4  00000000

群edi
0D589BB0  00000000
0D589BB4  00000000
0D589BB8  0D8CFDC0  UNICODE "22905167168@chatroom"
0D589BBC  00000014
0D589BC0  00000020
0D589BC4  00000000
0D589BC8  00000000
0D589BCC  0DB7BB20
0D589BD0  00000000
0D589BD4  00000000
0D589BD8  00000000
0D589BDC  00000000
0D589BE0  0D871910  UNICODE "v1_ea7731173e71074c543ba3ea16c35d5b30f48fed5b7a445"
0D589BE4  0000006C
0D589BE8  00000080
0D589BEC  00000000
0D589BF0  00000000
0D589BF4  00000000
0D589BF8  00000003
0D589BFC  00000000
0D589C00  0DB71228
0D589C04  00000000
0D589C08  00000000
0D589C0C  00000000
0D589C10  00000000
0D589C14  0DA15B40  UNICODE "机器人测试群"
0D589C18  00000006
0D589C1C  00000008
0D589C20  00000000
0D589C24  00000000
0D589C28  00000000
0D589C2C  00000000
0D589C30  00000000
0D589C34  00000000
0D589C38  00000000
0D589C3C  00000000
0D589C40  00000000
0D589C44  00000000
0D589C48  00000000
0D589C4C  00000000
0D589C50  00000001
0D589C54  0DA15A20  UNICODE "JQRCSQ"
0D589C58  00000006
0D589C5C  00000008
0D589C60  00000000
0D589C64  00000000
0D589C68  0DA51A08  UNICODE "jiqirenceshiqun"
0D589C6C  0000000F
0D589C70  00000010
0D589C74  00000000
0D589C78  00000000
0D589C7C  0DC69B00
0D589C80  00000000
0D589C84  00000000
0D589C88  00000000
0D589C8C  00000000
0D589C90  0DB7BBE0
0D589C94  00000000
0D589C98  00000000
0D589C9C  00000000
0D589CA0  00000000
0D589CA4  0DC2BE60
0D589CA8  00000000
0D589CAC  00000000
0D589CB0  00000000
0D589CB4  00000000
0D589CB8  0DC2C2B0  UNICODE "http://wx.qlogo.cn/mmcrhead/0ZyuZuQycibGWZddg404UX"
0D589CBC  00000083
0D589CC0  00000100
0D589CC4  00000000
0D589CC8  00000000
0D589CCC  0DB929D0
0D589CD0  01010101
0D589CD4  01010101
0D589CD8  01010101
0D589CDC  00000000





发送群公告：群:22905167168@chatroom
基址：56F30000
56F9F830   /0F84 42010000   je WeChatWi.56F9F978
56F9F836   |C785 30FFFFFF 0>mov dword ptr ss:[ebp-0xD0],0x0
56F9F840   |C785 34FFFFFF 0>mov dword ptr ss:[ebp-0xCC],0x0
56F9F84A   |C785 38FFFFFF 0>mov dword ptr ss:[ebp-0xC8],0x0
56F9F854   |8D8D A0FEFFFF   lea ecx,dword ptr ss:[ebp-0x160]
56F9F85A   |E8 71C43F00     call WeChatWi.5739BCD0
56F9F85F   |68 248E2958     push WeChatWi.58298E24                   ; UNICODE ""
56F9F864   |68 28ED2958     push WeChatWi.5829ED28                   ; UNICODE "\r"
56F9F869   |8D8D 18FFFFFF   lea ecx,dword ptr ss:[ebp-0xE8]
56F9F86F   |C645 FC 12      mov byte ptr ss:[ebp-0x4],0x12
56F9F873   |E8 E8054700     call WeChatWi.5740FE60
56F9F878   |68 248E2958     push WeChatWi.58298E24                   ; UNICODE ""
56F9F87D   |68 30ED2958     push WeChatWi.5829ED30                   ; UNICODE "\r"
56F9F882   |8D8D 18FFFFFF   lea ecx,dword ptr ss:[ebp-0xE8]
56F9F888   |E8 D3054700     call WeChatWi.5740FE60
56F9F88D   |8D85 18FFFFFF   lea eax,dword ptr ss:[ebp-0xE8]
56F9F893   |50              push eax
56F9F894   |8D8D A0FEFFFF   lea ecx,dword ptr ss:[ebp-0x160]
56F9F89A   |E8 51302400     call WeChatWi.571E28F0
56F9F89F   |8D85 00FFFFFF   lea eax,dword ptr ss:[ebp-0x100]
56F9F8A5   |50              push eax
56F9F8A6   |8D8E 28030000   lea ecx,dword ptr ds:[esi+0x328]
56F9F8AC   |E8 AF11FFFF     call WeChatWi.56F90A60
56F9F8B1   |50              push eax
56F9F8B2   |8D8D A0FEFFFF   lea ecx,dword ptr ss:[ebp-0x160]
56F9F8B8   |E8 F38E1F00     call WeChatWi.571987B0
56F9F8BD   |8D8D 00FFFFFF   lea ecx,dword ptr ss:[ebp-0x100]
56F9F8C3   |E8 D8D6FDFF     call WeChatWi.56F7CFA0
56F9F8C8   |8D85 44FFFFFF   lea eax,dword ptr ss:[ebp-0xBC]
56F9F8CE   |50              push eax
56F9F8CF   |E8 DC2AFEFF     call WeChatWi.56F823B0
56F9F8D4   |8BC8            mov ecx,eax
56F9F8D6   |E8 65F63C00     call WeChatWi.5736EF40
56F9F8DB   |6A 00           push 0x0
56F9F8DD   |50              push eax
56F9F8DE   |8D8D 00FFFFFF   lea ecx,dword ptr ss:[ebp-0x100]
56F9F8E4   |E8 17F64600     call WeChatWi.5740EF00
56F9F8E9   |8D8D 44FFFFFF   lea ecx,dword ptr ss:[ebp-0xBC]
56F9F8EF   |C645 FC 13      mov byte ptr ss:[ebp-0x4],0x13
56F9F8F3   |E8 68D9FDFF     call WeChatWi.56F7D260
56F9F8F8   |8D85 00FFFFFF   lea eax,dword ptr ss:[ebp-0x100]
56F9F8FE   |50              push eax
56F9F8FF   |8D8D A0FEFFFF   lea ecx,dword ptr ss:[ebp-0x160]
56F9F905   |E8 B62F2400     call WeChatWi.571E28C0
56F9F90A   |6A 00           push 0x0
56F9F90C   |E8 126A0601     call WeChatWi.58006323
56F9F911   |83C4 04         add esp,0x4
56F9F914   |8985 E0FEFFFF   mov dword ptr ss:[ebp-0x120],eax
56F9F91A   |8D85 A0FEFFFF   lea eax,dword ptr ss:[ebp-0x160]
56F9F920   |8D8D 30FFFFFF   lea ecx,dword ptr ss:[ebp-0xD0]
56F9F926   |50              push eax
56F9F927   |E8 B40B0000     call WeChatWi.56FA04E0
56F9F92C   |E8 0F6AFFFF     call WeChatWi.56F96340
56F9F931   |8D85 30FFFFFF   lea eax,dword ptr ss:[ebp-0xD0]
56F9F937   |50              push eax
56F9F938   |E8 03292300     call WeChatWi.571D2240                   ; 调用地址
56F9F93D   |8B46 E0         mov eax,dword ptr ds:[esi-0x20]          ; WeChatWi.57741459
56F9F940   |8D4E E0         lea ecx,dword ptr ds:[esi-0x20]
56F9F943   |6A 01           push 0x1
56F9F945   |FF10            call dword ptr ds:[eax]
56F9F947   |8D8D 00FFFFFF   lea ecx,dword ptr ss:[ebp-0x100]
56F9F94D   |E8 4ED6FDFF     call WeChatWi.56F7CFA0
56F9F952   |8D8D A0FEFFFF   lea ecx,dword ptr ss:[ebp-0x160]
56F9F958   |E8 33C43F00     call WeChatWi.5739BD90
56F9F95D   |8D8D 30FFFFFF   lea ecx,dword ptr ss:[ebp-0xD0]
56F9F963   |E8 080C0000     call WeChatWi.56FA0570
56F9F968   |8D8D 18FFFFFF   lea ecx,dword ptr ss:[ebp-0xE8]
56F9F96E   |E8 2DD6FDFF     call WeChatWi.56F7CFA0
56F9F973   |E9 18030000     jmp WeChatWi.56F9FC90
56F9F978   \6A 01           push 0x1
56F9F97A    FF76 E4         push dword ptr ds:[esi-0x1C]
56F9F97D    FF15 28A91258   call dword ptr ds:[<&USER32.EnableWindow>; user32.EnableWindow
56F9F983    FF76 E4         push dword ptr ds:[esi-0x1C]
56F9F986    FF15 24A91258   call dword ptr ds:[<&USER32.SetFocus>]   ; user32.SetFocus
56F9F98C    8D8D 18FFFFFF   lea ecx,dword ptr ss:[ebp-0xE8]
56F9F992    E8 09D6FDFF     call WeChatWi.56F7CFA0
56F9F997    E9 F4020000     jmp WeChatWi.56F9FC90
56F9F99C    68 04E32158     push WeChatWi.5821E304                   ; UNICODE "timer"
56F9F9A1    8BCF            mov ecx,edi
56F9F9A3    E8 D8C77900     call WeChatWi.5773C180
56F9F9A8    50              push eax
56F9F9A9    E8 60C60501     call WeChatWi.57FFC00E
56F9F9AE    83C4 08         add esp,0x8
56F9F9B1    85C0            test eax,eax
56F9F9B3    75 48           jnz short WeChatWi.56F9F9FD
56F9F9B5    81BF 18010000 5>cmp dword ptr ds:[edi+0x118],0x45A
56F9F9BF    0F85 CB020000   jnz WeChatWi.56F9FC90
56F9F9C5    FF76 E4         push dword ptr ds:[esi-0x1C]
56F9F9C8    FF15 24A91258   call dword ptr ds:[<&USER32.SetFocus>]   ; user32.SetFocus
56F9F9CE    8B86 90030000   mov eax,dword ptr ds:[esi+0x390]
56F9F9D4    85C0            test eax,eax
56F9F9D6    74 0D           je short WeChatWi.56F9F9E5
56F9F9D8    6A 00           push 0x0
56F9F9DA    6A 00           push 0x0
56F9F9DC    50              push eax
56F9F9DD    8D4E 10         lea ecx,dword ptr ds:[esi+0x10]
56F9F9E0    E8 9E1A7A00     call WeChatWi.57741483
56F9F9E5    68 5A040000     push 0x45A
56F9F9EA    FFB6 90030000   push dword ptr ds:[esi+0x390]
56F9F9F0    8D4E 10         lea ecx,dword ptr ds:[esi+0x10]
56F9F9F3    E8 7E1D7A00     call WeChatWi.57741776
56F9F9F8    E9 93020000     jmp WeChatWi.56F9FC90
56F9F9FD    68 1CE72958     push WeChatWi.5829E71C                   ; UNICODE "textchanged"
56F9FA02    8BCF            mov ecx,edi
56F9FA04    E8 77C77900     call WeChatWi.5773C180
56F9FA09    50              push eax
56F9FA0A    E8 FFC50501     call WeChatWi.57FFC00E
56F9FA0F    83C4 08         add esp,0x8
56F9FA12    85C0            test eax,eax
56F9FA14    0F85 D1000000   jnz WeChatWi.56F9FAEB
56F9FA1A    8B8F 08010000   mov ecx,dword ptr ds:[edi+0x108]         ; ntdll.770B562E
56F9FA20    8D95 5CFFFFFF   lea edx,dword ptr ss:[ebp-0xA4]
56F9FA26    52              push edx
56F9FA27    8B01            mov eax,dword ptr ds:[ecx]
56F9FA29    FF50 04         call dword ptr ds:[eax+0x4]
56F9FA2C    68 68EB2958     push WeChatWi.5829EB68                   ; UNICODE "contendEdit"
56F9FA31    8BC8            mov ecx,eax
56F9FA33    E8 48C77900     call WeChatWi.5773C180
56F9FA38    50              push eax
56F9FA39    E8 D0C50501     call WeChatWi.57FFC00E
56F9FA3E    83C4 08         add esp,0x8
56F9FA41    8D8D 5CFFFFFF   lea ecx,dword ptr ss:[ebp-0xA4]
56F9FA47    85C0            test eax,eax
56F9FA49    0F94C3          sete bl
56F9FA4C    E8 C8C77900     call WeChatWi.5773C219
56F9FA51    84DB            test bl,bl
56F9FA53    0F84 37020000   je WeChatWi.56F9FC90
56F9FA59    8B8E 90030000   mov ecx,dword ptr ds:[esi+0x390]
56F9FA5F    8D95 5CFFFFFF   lea edx,dword ptr ss:[ebp-0xA4]
56F9FA65    52              push edx
56F9FA66    8B01            mov eax,dword ptr ds:[ecx]
56F9FA68    FF50 3C         call dword ptr ds:[eax+0x3C]
56F9FA6B    6A FF           push -0x1
56F9FA6D    8BC8            mov ecx,eax
56F9FA6F    E8 0CC77900     call WeChatWi.5773C180
56F9FA74    50              push eax
56F9FA75    8D8D 18FFFFFF   lea ecx,dword ptr ss:[ebp-0xE8]
56F9FA7B    E8 30F34600     call WeChatWi.5740EDB0
56F9FA80    8D8D 5CFFFFFF   lea ecx,dword ptr ss:[ebp-0xA4]
56F9FA86    C745 FC 1400000>mov dword ptr ss:[ebp-0x4],0x14
56F9FA8D    E8 87C77900     call WeChatWi.5773C219
56F9FA92    8D8D 18FFFFFF   lea ecx,dword ptr ss:[ebp-0xE8]
56F9FA98    E8 63A64700     call WeChatWi.5741A100
56F9FA9D    8D86 B8030000   lea eax,dword ptr ds:[esi+0x3B8]
56F9FAA3    50              push eax
56F9FAA4    8D8D 18FFFFFF   lea ecx,dword ptr ss:[ebp-0xE8]
56F9FAAA    E8 91F84600     call WeChatWi.5740F340
56F9FAAF    8B8E A0030000   mov ecx,dword ptr ds:[esi+0x3A0]
56F9FAB5    84C0            test al,al
56F9FAB7    8B01            mov eax,dword ptr ds:[ecx]
56F9FAB9    74 18           je short WeChatWi.56F9FAD3
56F9FABB    6A 00           push 0x0
56F9FABD    FF90 F8000000   call dword ptr ds:[eax+0xF8]
56F9FAC3    8D8D 18FFFFFF   lea ecx,dword ptr ss:[ebp-0xE8]





退出群聊：群:22905167168@chatroom
基址：56F30000
5714A338    50              push eax
5714A339    8D4B 04         lea ecx,dword ptr ds:[ebx+0x4]
5714A33C    E8 FF4F2C00     call WeChatWi.5740F340
5714A341    84C0            test al,al
5714A343    0F84 0A130000   je WeChatWi.5714B653
5714A349    83EC 14         sub esp,0x14
5714A34C    8BCC            mov ecx,esp
5714A34E    6A FF           push -0x1
5714A350    68 08892958     push WeChatWi.58298908
5714A355    E8 564A2C00     call WeChatWi.5740EDB0
5714A35A    8D8F C4FCFFFF   lea ecx,dword ptr ds:[edi-0x33C]
5714A360    E8 5B160100     call WeChatWi.5715B9C0
5714A365    8B87 0C070000   mov eax,dword ptr ds:[edi+0x70C]
5714A36B    B2 01           mov dl,0x1
5714A36D    8ACA            mov cl,dl
5714A36F    C680 890B0000 0>mov byte ptr ds:[eax+0xB89],0x0
5714A376    E8 1511E6FF     call WeChatWi.56FAB490
5714A37B    83EC 1C         sub esp,0x1C
5714A37E    8BCC            mov ecx,esp
5714A380    6A FF           push -0x1
5714A382    68 08892958     push WeChatWi.58298908
5714A387    E8 244A2C00     call WeChatWi.5740EDB0
5714A38C    8D8F C4FCFFFF   lea ecx,dword ptr ds:[edi-0x33C]
5714A392    E8 A9BA0000     call WeChatWi.57155E40
5714A397    E9 B7120000     jmp WeChatWi.5714B653
5714A39C    85DB            test ebx,ebx
5714A39E    0F84 AF120000   je WeChatWi.5714B653
5714A3A4    83C3 04         add ebx,0x4
5714A3A7    53              push ebx
5714A3A8    E8 F3BFE4FF     call WeChatWi.56F963A0
5714A3AD    8BC8            mov ecx,eax
5714A3AF    E8 1C2AEDFF     call WeChatWi.5701CDD0
5714A3B4    85C0            test eax,eax
5714A3B6    74 08           je short WeChatWi.5714A3C0
5714A3B8    8B10            mov edx,dword ptr ds:[eax]
5714A3BA    8BC8            mov ecx,eax
5714A3BC    6A 01           push 0x1
5714A3BE    FF12            call dword ptr ds:[edx]
5714A3C0    8B87 0C070000   mov eax,dword ptr ds:[edi+0x70C]
5714A3C6    B2 01           mov dl,0x1
5714A3C8    8ACA            mov cl,dl
5714A3CA    C680 890B0000 0>mov byte ptr ds:[eax+0xB89],0x0
5714A3D1    E8 BA10E6FF     call WeChatWi.56FAB490
5714A3D6    8BCB            mov ecx,ebx
5714A3D8    E8 F36F3D00     call WeChatWi.575213D0
5714A3DD    84C0            test al,al
5714A3DF    0F84 93000000   je WeChatWi.5714A478
5714A3E5    83EC 14         sub esp,0x14
5714A3E8    8BCC            mov ecx,esp
5714A3EA    8965 EC         mov dword ptr ss:[ebp-0x14],esp
5714A3ED    53              push ebx
5714A3EE    E8 FD492C00     call WeChatWi.5740EDF0
5714A3F3    C745 FC 3700000>mov dword ptr ss:[ebp-0x4],0x37
5714A3FA    E8 3128EDFF     call WeChatWi.5701CC30
5714A3FF    C745 FC FFFFFFF>mov dword ptr ss:[ebp-0x4],-0x1
5714A406    E8 45053E00     call WeChatWi.5752A950
5714A40B    8DB7 080D0000   lea esi,dword ptr ds:[edi+0xD08]
5714A411    8BCB            mov ecx,ebx
5714A413    56              push esi
5714A414    E8 274F2C00     call WeChatWi.5740F340
5714A419    84C0            test al,al
5714A41B    0F84 32120000   je WeChatWi.5714B653
5714A421    6A FF           push -0x1
5714A423    68 08892958     push WeChatWi.58298908
5714A428    8D8D 68F2FFFF   lea ecx,dword ptr ss:[ebp-0xD98]
5714A42E    E8 7D492C00     call WeChatWi.5740EDB0
5714A433    C745 FC 3800000>mov dword ptr ss:[ebp-0x4],0x38
5714A43A    E8 E142E3FF     call WeChatWi.56F7E720
5714A43F    8D85 68F2FFFF   lea eax,dword ptr ss:[ebp-0xD98]
5714A445    50              push eax
5714A446    56              push esi
5714A447    E8 94470900     call WeChatWi.571DEBE0
5714A44C    83EC 1C         sub esp,0x1C
5714A44F    8D85 68F2FFFF   lea eax,dword ptr ss:[ebp-0xD98]
5714A455    8BCC            mov ecx,esp
5714A457    50              push eax
5714A458    E8 93492C00     call WeChatWi.5740EDF0
5714A45D    8D8F C4FCFFFF   lea ecx,dword ptr ds:[edi-0x33C]
5714A463    E8 D8B90000     call WeChatWi.57155E40
5714A468    8D8D 68F2FFFF   lea ecx,dword ptr ss:[ebp-0xD98]
5714A46E    E8 2D2BE3FF     call WeChatWi.56F7CFA0
5714A473    E9 DB110000     jmp WeChatWi.5714B653
5714A478    E8 C3BEE4FF     call WeChatWi.56F96340
5714A47D    53              push ebx
5714A47E    E8 9D500800     call WeChatWi.571CF520                   ; 调用这行
5714A483    8D87 080D0000   lea eax,dword ptr ds:[edi+0xD08]
5714A489    8BCB            mov ecx,ebx
5714A48B    50              push eax
5714A48C    E8 AF4E2C00     call WeChatWi.5740F340
5714A491    84C0            test al,al
5714A493    0F84 BA110000   je WeChatWi.5714B653
5714A499    83EC 14         sub esp,0x14
5714A49C    8BCC            mov ecx,esp
5714A49E    6A FF           push -0x1
5714A4A0    68 08892958     push WeChatWi.58298908
5714A4A5    E8 06492C00     call WeChatWi.5740EDB0
5714A4AA    8D8F C4FCFFFF   lea ecx,dword ptr ds:[edi-0x33C]
5714A4B0    E8 0B150100     call WeChatWi.5715B9C0
5714A4B5  ^ E9 C1FEFFFF     jmp WeChatWi.5714A37B
5714A4BA    E8 E1BEE4FF     call WeChatWi.56F963A0
5714A4BF    8D87 340D0000   lea eax,dword ptr ds:[edi+0xD34]
5714A4C5    81C7 F40C0000   add edi,0xCF4
5714A4CB    50              push eax
5714A4CC    57              push edi
5714A4CD    53              push ebx
5714A4CE    56              push esi
5714A4CF    E8 7C37EDFF     call WeChatWi.5701DC50
5714A4D4    E9 7A110000     jmp WeChatWi.5714B653
5714A4D9    8B87 C8FCFFFF   mov eax,dword ptr ds:[edi-0x338]
5714A4DF    8985 00F3FFFF   mov dword ptr ss:[ebp-0xD00],eax
5714A4E5    8BC6            mov eax,esi
5714A4E7    0B85 FCF2FFFF   or eax,dword ptr ss:[ebp-0xD04]
5714A4ED    74 06           je short WeChatWi.5714A4F5
5714A4EF    89B5 00F3FFFF   mov dword ptr ss:[ebp-0xD00],esi
5714A4F5    85DB            test ebx,ebx
5714A4F7    0F84 56110000   je WeChatWi.5714B653
5714A4FD    837B 08 01      cmp dword ptr ds:[ebx+0x8],0x1
5714A501    0F85 B4000000   jnz WeChatWi.5714A5BB
5714A507    837B 0C 00      cmp dword ptr ds:[ebx+0xC],0x0
5714A50B    0F85 AA000000   jnz WeChatWi.5714A5BB
5714A511    8D87 080D0000   lea eax,dword ptr ds:[edi+0xD08]
5714A517    50              push eax
5714A518    8D8D 54F2FFFF   lea ecx,dword ptr ss:[ebp-0xDAC]
5714A51E    E8 CD482C00     call WeChatWi.5740EDF0
5714A523    C745 FC 3B00000>mov dword ptr ss:[ebp-0x4],0x3B
5714A52A    8B9D 00F3FFFF   mov ebx,dword ptr ss:[ebp-0xD00]
5714A530    3B9F C8FCFFFF   cmp ebx,dword ptr ds:[edi-0x338]
5714A536    74 2B           je short WeChatWi.5714A563
5714A538    8D85 14F1FFFF   lea eax,dword ptr ss:[ebp-0xEEC]
5714A53E    53              push ebx
5714A53F    50              push eax
5714A540    E8 5BBEE4FF     call WeChatWi.56F963A0
5714A545    8BC8            mov ecx,eax
5714A547    E8 5436EDFF     call WeChatWi.5701DBA0
5714A54C    50              push eax
5714A54D    8D8D 54F2FFFF   lea ecx,dword ptr ss:[ebp-0xDAC]
5714A553    E8 38532C00     call WeChatWi.5740F890
5714A558    8D8D 14F1FFFF   lea ecx,dword ptr ss:[ebp-0xEEC]
5714A55E    E8 3D2AE3FF     call WeChatWi.56F7CFA0
5714A563    68 E00C0000     push 0xCE0
5714A568    E8 80FAAB00     call WeChatWi.57C09FED
5714A56D    8BF0            mov esi,eax
5714A56F    83C4 04         add esp,0x4
5714A572    89B5 F8F2FFFF   mov dword ptr ss:[ebp-0xD08],esi
5714A578    C645 FC 3C      mov byte ptr ss:[ebp-0x4],0x3C
5714A57C    8D85 54F2FFFF   lea eax,dword ptr ss:[ebp-0xDAC]
5714A582    8B8F 84070000   mov ecx,dword ptr ds:[edi+0x784]
5714A588    6A 01           push 0x1
5714A58A    6A 00           push 0x0
5714A58C    FFB1 A40E0000   push dword ptr ds:[ecx+0xEA4]
5714A592    83EC 14         sub esp,0x14
5714A595    8BCC            mov ecx,esp
5714A597    50              push eax
5714A598    E8 53482C00     call WeChatWi.5740EDF0
5714A59D    53              push ebx
5714A59E    8BCE            mov ecx,esi
5714A5A0    E8 5BBEE4FF     call WeChatWi.56F96400
5714A5A5    8D8D 54F2FFFF   lea ecx,dword ptr ss:[ebp-0xDAC]
5714A5AB    C745 FC FFFFFFF>mov dword ptr ss:[ebp-0x4],-0x1
5714A5B2    8BF0            mov esi,eax
5714A5B4    E8 E729E3FF     call WeChatWi.56F7CFA0
5714A5B9    EB 54           jmp short WeChatWi.5714A60F
5714A5BB    68 E00C0000     push 0xCE0
5714A5C0    E8 28FAAB00     call WeChatWi.57C09FED
5714A5C5    8BF0            mov esi,eax
5714A5C7    83C4 04         add esp,0x4
5714A5CA    89B5 F8F2FFFF   mov dword ptr ss:[ebp-0xD08],esi
5714A5D0    6A 01           push 0x1
5714A5D2    C745 FC 3D00000>mov dword ptr ss:[ebp-0x4],0x3D
5714A5D9    8B8F 84070000   mov ecx,dword ptr ds:[edi+0x784]
5714A5DF    6A 00           push 0x0
5714A5E1    FFB1 A40E0000   push dword ptr ds:[ecx+0xEA4]
5714A5E7    83EC 14         sub esp,0x14
5714A5EA    8BCC            mov ecx,esp
5714A5EC    6A FF           push -0x1
5714A5EE    68 08892958     push WeChatWi.58298908
5714A5F3    E8 B8472C00     call WeChatWi.5740EDB0
5714A5F8    8B9D 00F3FFFF   mov ebx,dword ptr ss:[ebp-0xD00]
5714A5FE    8BCE            mov ecx,esi
5714A600    53              push ebx
5714A601    E8 FABDE4FF     call WeChatWi.56F96400
5714A606    8BF0            mov esi,eax
5714A608    C745 FC FFFFFFF>mov dword ptr ss:[ebp-0x4],-0x1
5714A60F    8B45 EC         mov eax,dword ptr ss:[ebp-0x14]
5714A612    0B85 FCF2FFFF   or eax,dword ptr ss:[ebp-0xD04]
5714A618    74 25           je short WeChatWi.5714A63F
5714A61A    8D4D E0         lea ecx,dword ptr ss:[ebp-0x20]
5714A61D    E8 54185F00     call WeChatWi.5773BE76
5714A622    8BC1            mov eax,ecx
5714A624    50              push eax
5714A625    53              push ebx
5714A626    FF15 04A91258   call dword ptr ds:[<&USER32.GetWindowRec>; user32.GetWindowRect



删除好友：
基址：56F30000
570C0824    8BCC            mov ecx,esp
570C0826    8965 E4         mov dword ptr ss:[ebp-0x1C],esp
570C0829    6A FF           push -0x1
570C082B    68 08892958     push WeChatWi.58298908
570C0830    E8 7BE53400     call WeChatWi.5740EDB0
570C0835    8B45 98         mov eax,dword ptr ss:[ebp-0x68]          ; user32.73DC6531
570C0838    85C0            test eax,eax
570C083A    74 06           je short WeChatWi.570C0842
570C083C    66:8338 00      cmp word ptr ds:[eax],0x0
570C0840    75 05           jnz short WeChatWi.570C0847
570C0842    B8 08892958     mov eax,WeChatWi.58298908
570C0847    83EC 14         sub esp,0x14
570C084A    8BCC            mov ecx,esp
570C084C    8965 E0         mov dword ptr ss:[ebp-0x20],esp
570C084F    6A FF           push -0x1
570C0851    50              push eax
570C0852    E8 59E53400     call WeChatWi.5740EDB0
570C0857    83EC 14         sub esp,0x14
570C085A    C645 FC 0A      mov byte ptr ss:[ebp-0x4],0xA
570C085E    BA 5C040000     mov edx,0x45C
570C0863    8BCC            mov ecx,esp
570C0865    E8 76F43400     call WeChatWi.5740FCE0
570C086A    8B8B 9C020000   mov ecx,dword ptr ds:[ebx+0x29C]
570C0870    E8 0BB96700     call WeChatWi.5773C180
570C0875    BA 01000000     mov edx,0x1
570C087A    C645 FC 05      mov byte ptr ss:[ebp-0x4],0x5
570C087E    8BC8            mov ecx,eax
570C0880    E8 1BCBF9FF     call WeChatWi.5705D3A0
570C0885    83C4 6C         add esp,0x6C
570C0888    84C0            test al,al
570C088A    0F84 CD000000   je WeChatWi.570C095D
570C0890    E8 1B1BECFF     call WeChatWi.56F823B0
570C0895    8A80 44050000   mov al,byte ptr ds:[eax+0x544]
570C089B    84C0            test al,al
570C089D    0F84 BA000000   je WeChatWi.570C095D
570C08A3    8BCF            mov ecx,edi
570C08A5    E8 C6105800     call WeChatWi.57641970
570C08AA    84C0            test al,al
570C08AC    74 18           je short WeChatWi.570C08C6
570C08AE    E8 5D86EEFF     call WeChatWi.56FA8F10
570C08B3    E8 18E95700     call WeChatWi.5763F1D0
570C08B8    57              push edi
570C08B9    E8 72455800     call WeChatWi.57644E30
570C08BE    8D4D 98         lea ecx,dword ptr ss:[ebp-0x68]
570C08C1    E9 1E050000     jmp WeChatWi.570C0DE4
570C08C6    0F1005 E0882958 movups xmm0,dqword ptr ds:[0x582988E0]
570C08CD    83EC 10         sub esp,0x10
570C08D0    8BC4            mov eax,esp
570C08D2    83EC 10         sub esp,0x10
570C08D5    0F1100          movups dqword ptr ds:[eax],xmm0
570C08D8    8BC4            mov eax,esp
570C08DA    83EC 10         sub esp,0x10
570C08DD    0F1100          movups dqword ptr ds:[eax],xmm0
570C08E0    8BC4            mov eax,esp
570C08E2    83EC 10         sub esp,0x10
570C08E5    0F1100          movups dqword ptr ds:[eax],xmm0
570C08E8    8BC4            mov eax,esp
570C08EA    83EC 10         sub esp,0x10
570C08ED    0F1100          movups dqword ptr ds:[eax],xmm0
570C08F0    8BC4            mov eax,esp
570C08F2    83EC 14         sub esp,0x14
570C08F5    8BCC            mov ecx,esp
570C08F7    57              push edi
570C08F8    0F1100          movups dqword ptr ds:[eax],xmm0
570C08FB    E8 F0E43400     call WeChatWi.5740EDF0
570C0900    8D8D 34FFFFFF   lea ecx,dword ptr ss:[ebp-0xCC]
570C0906    E8 A5293600     call WeChatWi.574232B0
570C090B    83C4 14         add esp,0x14
570C090E    8BC8            mov ecx,eax
570C0910    E8 9BD7EDFF     call WeChatWi.56F9E0B0
570C0915    83EC 10         sub esp,0x10
570C0918    BA ECD52E58     mov edx,WeChatWi.582ED5EC                ; ASCII 30,"1_ui\contact\ContactListUI.cpp"
570C091D    8BCC            mov ecx,esp
570C091F    68 0CD62E58     push WeChatWi.582ED60C                   ; ASCII 4D,"enuCmdDeleteFriend username = %s"
570C0924    68 30D62E58     push WeChatWi.582ED630                   ; ASCII 43,"ontactListUI"
570C0929    C601 02         mov byte ptr ds:[ecx],0x2
570C092C    8941 08         mov dword ptr ds:[ecx+0x8],eax
570C092F    B9 02000000     mov ecx,0x2
570C0934    68 60D62E58     push WeChatWi.582ED660                   ; ASCII 43,"ontactListUI::OnMenuItemClicked"
570C0939    68 EE000000     push 0xEE
570C093E    E8 BDD73400     call WeChatWi.5740E100
570C0943    83C4 70         add esp,0x70
570C0946    8D8D 34FFFFFF   lea ecx,dword ptr ss:[ebp-0xCC]
570C094C    E8 4FC6EBFF     call WeChatWi.56F7CFA0
570C0951    E8 CADDEBFF     call WeChatWi.56F7E720
570C0956    51              push ecx
570C0957    57              push edi
570C0958    E8 03D61100     call WeChatWi.571DDF60                   ; 调用这行
570C095D    8D4D 98         lea ecx,dword ptr ss:[ebp-0x68]
570C0960    E9 7F040000     jmp WeChatWi.570C0DE4
570C0965    8B4D 08         mov ecx,dword ptr ss:[ebp+0x8]
570C0968    68 E8D42E58     push WeChatWi.582ED4E8                   ; UNICODE "menuCmdDeletePublicUser"
570C096D    E8 9EEA3400     call WeChatWi.5740F410
570C0972    85C0            test eax,eax
570C0974    0F85 FF000000   jnz WeChatWi.570C0A79
570C097A    83EC 14         sub esp,0x14
570C097D    8BCC            mov ecx,esp
570C097F    6A FF           push -0x1
570C0981    68 08892958     push WeChatWi.58298908
570C0986    E8 25E43400     call WeChatWi.5740EDB0
570C098B    8B8B 9C020000   mov ecx,dword ptr ds:[ebx+0x29C]
570C0991    83EC 08         sub esp,0x8
570C0994    6A 01           push 0x1
570C0996    6A 00           push 0x0
570C0998    6A 00           push 0x0
570C099A    68 60040000     push 0x460
570C099F    E8 DCB76700     call WeChatWi.5773C180
570C09A4    BA 5E040000     mov edx,0x45E
570C09A9    8BC8            mov ecx,eax
570C09AB    E8 10C7F9FF     call WeChatWi.5705D0C0
570C09B0    83C4 2C         add esp,0x2C
570C09B3    84C0            test al,al
570C09B5    0F84 2E040000   je WeChatWi.570C0DE9
570C09BB    E8 F019ECFF     call WeChatWi.56F823B0
570C09C0    8A80 44050000   mov al,byte ptr ds:[eax+0x544]
570C09C6    84C0            test al,al
570C09C8    0F84 1B040000   je WeChatWi.570C0DE9
570C09CE    0F1005 E0882958 movups xmm0,dqword ptr ds:[0x582988E0]
570C09D5    83EC 10         sub esp,0x10
570C09D8    8BC4            mov eax,esp
570C09DA    83EC 10         sub esp,0x10
570C09DD    0F1100          movups dqword ptr ds:[eax],xmm0
570C09E0    8BC4            mov eax,esp
570C09E2    83EC 10         sub esp,0x10
570C09E5    0F1100          movups dqword ptr ds:[eax],xmm0
570C09E8    8BC4            mov eax,esp
570C09EA    83EC 10         sub esp,0x10
570C09ED    0F1100          movups dqword ptr ds:[eax],xmm0
570C09F0    8BC4            mov eax,esp
570C09F2    83EC 10         sub esp,0x10
570C09F5    0F1100          movups dqword ptr ds:[eax],xmm0
570C09F8    8BC4            mov eax,esp
570C09FA    83EC 14         sub esp,0x14
570C09FD    8BCC            mov ecx,esp
570C09FF    57              push edi
570C0A00    0F1100          movups dqword ptr ds:[eax],xmm0
570C0A03    E8 E8E33400     call WeChatWi.5740EDF0
570C0A08    8D8D 20FFFFFF   lea ecx,dword ptr ss:[ebp-0xE0]
570C0A0E    E8 9D283600     call WeChatWi.574232B0
570C0A13    83C4 14         add esp,0x14
570C0A16    8BC8            mov ecx,eax
570C0A18    E8 93D6EDFF     call WeChatWi.56F9E0B0
570C0A1D    83EC 10         sub esp,0x10
570C0A20    BA ECD52E58     mov edx,WeChatWi.582ED5EC                ; ASCII 30,"1_ui\contact\ContactListUI.cpp"
570C0A25    8BCC            mov ecx,esp
570C0A27    68 84D62E58     push WeChatWi.582ED684
570C0A2C    68 30D62E58     push WeChatWi.582ED630                   ; ASCII 43,"ontactListUI"
570C0A31    C601 02         mov byte ptr ds:[ecx],0x2
570C0A34    8941 08         mov dword ptr ds:[ecx+0x8],eax
570C0A37    B9 02000000     mov ecx,0x2
570C0A3C    68 60D62E58     push WeChatWi.582ED660                   ; ASCII 43,"ontactListUI::OnMenuItemClicked"
570C0A41    68 FB000000     push 0xFB
570C0A46    E8 B5D63400     call WeChatWi.5740E100
570C0A4B    83C4 70         add esp,0x70
570C0A4E    8D8D 20FFFFFF   lea ecx,dword ptr ss:[ebp-0xE0]
570C0A54    E8 47C5EBFF     call WeChatWi.56F7CFA0
570C0A59    E8 C2DCEBFF     call WeChatWi.56F7E720
570C0A5E    51              push ecx
570C0A5F    57              push edi
570C0A60    E8 FBD41100     call WeChatWi.571DDF60
570C0A65    8B4D F4         mov ecx,dword ptr ss:[ebp-0xC]
570C0A68    64:890D 0000000>mov dword ptr fs:[0],ecx
570C0A6F    59              pop ecx                                  ; user32.73DE4F8A
570C0A70    5F              pop edi                                  ; user32.73DE4F8A
570C0A71    5E              pop esi                                  ; user32.73DE4F8A
570C0A72    5B              pop ebx                                  ; user32.73DE4F8A
570C0A73    8BE5            mov esp,ebp
570C0A75    5D              pop ebp                                  ; user32.73DE4F8A
570C0A76    C2 0800         retn 0x8
570C0A79    8B4D 08         mov ecx,dword ptr ss:[ebp+0x8]
570C0A7C    68 74D42E58     push WeChatWi.582ED474                   ; UNICODE "menuCmdModifyRoomName"
570C0A81    E8 8AE93400     call WeChatWi.5740F410
570C0A86    85C0            test eax,eax
570C0A88    75 6E           jnz short WeChatWi.570C0AF8
570C0A8A    50              push eax
570C0A8B    8D8B 00F4FFFF   lea ecx,dword ptr ds:[ebx-0xC00]
570C0A91    F7D9            neg ecx
570C0A93    8D43 04         lea eax,dword ptr ds:[ebx+0x4]
570C0A96    6A 20           push 0x20
570C0A98    1BC9            sbb ecx,ecx
570C0A9A    23C8            and ecx,eax
570C0A9C    8D86 FC030000   lea eax,dword ptr ds:[esi+0x3FC]
570C0AA2    51              push ecx
570C0AA3    83EC 14         sub esp,0x14
570C0AA6    8BCC            mov ecx,esp
570C0AA8    50              push eax
570C0AA9    E8 42E33400     call WeChatWi.5740EDF0
570C0AAE    83EC 14         sub esp,0x14
570C0AB1    8BCC            mov ecx,esp
570C0AB3    57              push edi
570C0AB4    E8 37E33400     call WeChatWi.5740EDF0
570C0AB9    83EC 14         sub esp,0x14
570C0ABC    8BCC            mov ecx,esp
570C0ABE    6A FF           push -0x1





发xml消息（发送名片）：
消息格式：
<?xml version="1.0"?>
<msg 
	 bigheadimgurl="http://wx.qlogo.cn/mmhead/ver_1/7IiaGRVxyprWcBA9v2IA1NLRa1K5YbEX5dBzmcEKw4OupNxsYuYSBt1zG91O6p07XlIOQIFhPCC3hU1icJMk3z28Ygh6IhfZrV4oYtXZXEU5A/0" 
	 smallheadimgurl="http://wx.qlogo.cn/mmhead/ver_1/7IiaGRVxyprWcBA9v2IA1NLRa1K5YbEX5dBzmcEKw4OupNxsYuYSBt1zG91O6p07XlIOQIFhPCC3hU1icJMk3z28Ygh6IhfZrV4oYtXZXEU5A/132" 
	 username="%s" nickname="%s" fullpy="?" shortpy="" alias="%s" imagestatus="3" 
	 scene="17" province="北京" city="中国" sign="" sex="2" certflag="0" 
	 certinfo="" brandIconUrl="" brandHomeUrl="" brandSubscriptConfigUrl= "" 
	 brandFlags="0" regionCode="CN_BeiJing_BeiJing"
/>
基址：56F30000
56F8079B    E8 00DF2300     call WeChatWi.571BE6A0
56F807A0    C645 FC 02      mov byte ptr ss:[ebp-0x4],0x2
56F807A4    B8 67666666     mov eax,0x66666667
56F807A9    8B7D 20         mov edi,dword ptr ss:[ebp+0x20]
56F807AC    8BCF            mov ecx,edi
56F807AE    8B75 1C         mov esi,dword ptr ss:[ebp+0x1C]          ; WeChat.01390000
56F807B1    2BCE            sub ecx,esi
56F807B3    F7E9            imul ecx
56F807B5    C1FA 03         sar edx,0x3
56F807B8    8BC2            mov eax,edx
56F807BA    C1E8 1F         shr eax,0x1F
56F807BD    03C2            add eax,edx
56F807BF    0F84 C4000000   je WeChatWi.56F80889
56F807C5    3BF7            cmp esi,edi
56F807C7    0F84 BC000000   je WeChatWi.56F80889
56F807CD    0F1F            ???                                      ; 未知命令
56F807CF    006A FF         add byte ptr ds:[edx-0x1],ch
56F807D2    0F57C0          xorps xmm0,xmm0
56F807D5    C745 EC 0000000>mov dword ptr ss:[ebp-0x14],0x0
56F807DC    68 94952958     push WeChatWi.58299594                   ; UNICODE "ForwardShareCard"
56F807E1    8D4D DC         lea ecx,dword ptr ss:[ebp-0x24]
56F807E4    0F1145 DC       movups dqword ptr ss:[ebp-0x24],xmm0
56F807E8    E8 C3E84800     call WeChatWi.5740F0B0
56F807ED    8B5D DC         mov ebx,dword ptr ss:[ebp-0x24]
56F807F0    85DB            test ebx,ebx
56F807F2    74 08           je short WeChatWi.56F807FC
56F807F4    66:833B 00      cmp word ptr ds:[ebx],0x0
56F807F8    8BC3            mov eax,ebx
56F807FA    75 05           jnz short WeChatWi.56F80801
56F807FC    B8 08892958     mov eax,WeChatWi.58298908
56F80801    50              push eax
56F80802    8D4D 08         lea ecx,dword ptr ss:[ebp+0x8]
56F80805    E8 06EC4800     call WeChatWi.5740F410
56F8080A    8945 F0         mov dword ptr ss:[ebp-0x10],eax
56F8080D    85DB            test ebx,ebx
56F8080F    74 09           je short WeChatWi.56F8081A
56F80811    53              push ebx
56F80812    E8 1D9A0801     call WeChatWi.5800A234
56F80817    83C4 04         add esp,0x4
56F8081A    8B45 E8         mov eax,dword ptr ss:[ebp-0x18]          ; user32.73DE4F8A
56F8081D    85C0            test eax,eax
56F8081F    74 09           je short WeChatWi.56F8082A
56F80821    50              push eax
56F80822    E8 0D9A0801     call WeChatWi.5800A234
56F80827    83C4 04         add esp,0x4
56F8082A    837D F0 00      cmp dword ptr ss:[ebp-0x10],0x0
56F8082E    75 4E           jnz short WeChatWi.56F8087E
56F80830    A1 60CD5458     mov eax,dword ptr ds:[0x5854CD60]
56F80835    A8 01           test al,0x1
56F80837    75 22           jnz short WeChatWi.56F8085B
56F80839    83C8 01         or eax,0x1
56F8083C    A3 60CD5458     mov dword ptr ds:[0x5854CD60],eax
56F80841    C645 FC 03      mov byte ptr ss:[ebp-0x4],0x3
56F80845    E8 B6232D00     call WeChatWi.57252C00
56F8084A    68 B04B0F58     push WeChatWi.580F4BB0
56F8084F    E8 049BC800     call WeChatWi.57C0A358
56F80854    83C4 04         add esp,0x4
56F80857    C645 FC 02      mov byte ptr ss:[ebp-0x4],0x2
56F8085B    6A 2A           push 0x2A
56F8085D    8D45 C8         lea eax,dword ptr ss:[ebp-0x38]
56F80860    8BD6            mov edx,esi
56F80862    6A 00           push 0x0
56F80864    50              push eax
56F80865    8D8D E8FDFFFF   lea ecx,dword ptr ss:[ebp-0x218]
56F8086B    E8 80932D00     call WeChatWi.57259BF0                   ; 调用这里
56F80870    83C4 0C         add esp,0xC
56F80873    8D8D E8FDFFFF   lea ecx,dword ptr ss:[ebp-0x218]
56F80879    E8 7280FFFF     call WeChatWi.56F788F0
56F8087E    83C6 14         add esi,0x14
56F80881    3BF7            cmp esi,edi
56F80883  ^ 0F85 47FFFFFF   jnz WeChatWi.56F807D0
56F80889    8B45 C8         mov eax,dword ptr ss:[ebp-0x38]          ; WeChatRe.02CD24A6
56F8088C    85C0            test eax,eax
56F8088E    74 09           je short WeChatWi.56F80899
56F80890    50              push eax
56F80891    E8 9E990801     call WeChatWi.5800A234
56F80896    83C4 04         add esp,0x4
56F80899    8B45 D4         mov eax,dword ptr ss:[ebp-0x2C]
56F8089C    85C0            test eax,eax
56F8089E    74 09           je short WeChatWi.56F808A9
56F808A0    50              push eax
56F808A1    E8 8E990801     call WeChatWi.5800A234
56F808A6    83C4 04         add esp,0x4
56F808A9    8B45 08         mov eax,dword ptr ss:[ebp+0x8]
56F808AC    85C0            test eax,eax
56F808AE    74 10           je short WeChatWi.56F808C0
56F808B0    50              push eax
56F808B1    E8 7E990801     call WeChatWi.5800A234
56F808B6    83C4 04         add esp,0x4
56F808B9    C745 08 0000000>mov dword ptr ss:[ebp+0x8],0x0
56F808C0    8B45 14         mov eax,dword ptr ss:[ebp+0x14]
56F808C3    C745 10 0000000>mov dword ptr ss:[ebp+0x10],0x0
56F808CA    C745 0C 0000000>mov dword ptr ss:[ebp+0xC],0x0
56F808D1    85C0            test eax,eax
56F808D3    74 17           je short WeChatWi.56F808EC
56F808D5    50              push eax
56F808D6    E8 59990801     call WeChatWi.5800A234
56F808DB    83C4 04         add esp,0x4
56F808DE    C745 14 0000000>mov dword ptr ss:[ebp+0x14],0x0
56F808E5    C745 18 0000000>mov dword ptr ss:[ebp+0x18],0x0
56F808EC    8B75 1C         mov esi,dword ptr ss:[ebp+0x1C]          ; WeChat.01390000
56F808EF    85F6            test esi,esi
56F808F1    74 33           je short WeChatWi.56F80926
56F808F3    FF75 24         push dword ptr ss:[ebp+0x24]
56F808F6    8B55 20         mov edx,dword ptr ss:[ebp+0x20]
56F808F9    51              push ecx
56F808FA    8BCE            mov ecx,esi
56F808FC    E8 1F7FFFFF     call WeChatWi.56F78820
56F80901    8B4D 24         mov ecx,dword ptr ss:[ebp+0x24]
56F80904    B8 67666666     mov eax,0x66666667
56F80909    8B75 1C         mov esi,dword ptr ss:[ebp+0x1C]          ; WeChat.01390000
56F8090C    2BCE            sub ecx,esi
56F8090E    F7E9            imul ecx
56F80910    6A 14           push 0x14
56F80912    C1FA 03         sar edx,0x3
56F80915    8BC2            mov eax,edx
56F80917    C1E8 1F         shr eax,0x1F
56F8091A    03C2            add eax,edx
56F8091C    50              push eax
56F8091D    56              push esi
56F8091E    E8 9D32FFFF     call WeChatWi.56F73BC0
56F80923    83C4 14         add esp,0x14
56F80926    B0 01           mov al,0x1
56F80928    8B4D F4         mov ecx,dword ptr ss:[ebp-0xC]
56F8092B    64:890D 0000000>mov dword ptr fs:[0],ecx


修改群名称：群:22905167168@chatroom
基址：56F30000
56FA7180    0F94C0          sete al
56FA7183    84C0            test al,al
56FA7185    0F84 94000000   je WeChatWi.56FA721F
56FA718B    8D8D 1CFBFFFF   lea ecx,dword ptr ss:[ebp-0x4E4]
56FA7191    E8 8AC85800     call WeChatWi.57533A20
56FA7196    C645 FC 02      mov byte ptr ss:[ebp-0x4],0x2
56FA719A    E8 9100FDFF     call WeChatWi.56F77230
56FA719F    8BF0            mov esi,eax
56FA71A1    8BCE            mov ecx,esi
56FA71A3    E8 68605800     call WeChatWi.5752D210
56FA71A8    8B4E 24         mov ecx,dword ptr ds:[esi+0x24]
56FA71AB    8D85 1CFBFFFF   lea eax,dword ptr ss:[ebp-0x4E4]
56FA71B1    50              push eax
56FA71B2    57              push edi
56FA71B3    E8 D8C35800     call WeChatWi.57533590
56FA71B8    84C0            test al,al
56FA71BA    74 49           je short WeChatWi.56FA7205
56FA71BC    8D85 DCFBFFFF   lea eax,dword ptr ss:[ebp-0x424]
56FA71C2    50              push eax
56FA71C3    8D8D 1CFBFFFF   lea ecx,dword ptr ss:[ebp-0x4E4]
56FA71C9    E8 F22A0000     call WeChatWi.56FA9CC0
56FA71CE    8D8D F4FBFFFF   lea ecx,dword ptr ss:[ebp-0x40C]
56FA71D4    51              push ecx
56FA71D5    8BC8            mov ecx,eax
56FA71D7    E8 64814600     call WeChatWi.5740F340
56FA71DC    8D8D DCFBFFFF   lea ecx,dword ptr ss:[ebp-0x424]
56FA71E2    8AD8            mov bl,al
56FA71E4    E8 B75DFDFF     call WeChatWi.56F7CFA0
56FA71E9    84DB            test bl,bl
56FA71EB    75 12           jnz short WeChatWi.56FA71FF
56FA71ED    E8 7EF5FCFF     call WeChatWi.56F76770
56FA71F2    8D85 F4FBFFFF   lea eax,dword ptr ss:[ebp-0x40C]
56FA71F8    50              push eax
56FA71F9    57              push edi
56FA71FA    E8 91D15700     call WeChatWi.57524390
56FA71FF    8B9D 08FCFFFF   mov ebx,dword ptr ss:[ebp-0x3F8]
56FA7205    8D8D 1CFBFFFF   lea ecx,dword ptr ss:[ebp-0x4E4]
56FA720B    C645 FC 00      mov byte ptr ss:[ebp-0x4],0x0
56FA720F    E8 BCB6FFFF     call WeChatWi.56FA28D0
56FA7214    8D85 F4FBFFFF   lea eax,dword ptr ss:[ebp-0x40C]
56FA721A    E9 9F000000     jmp WeChatWi.56FA72BE
56FA721F    8D8D 0CFCFFFF   lea ecx,dword ptr ss:[ebp-0x3F4]
56FA7225    E8 06DA3F00     call WeChatWi.573A4C30
56FA722A    8D85 0CFCFFFF   lea eax,dword ptr ss:[ebp-0x3F4]
56FA7230    50              push eax
56FA7231    83EC 14         sub esp,0x14
56FA7234    8BCC            mov ecx,esp
56FA7236    89A5 F0FBFFFF   mov dword ptr ss:[ebp-0x410],esp
56FA723C    57              push edi
56FA723D    E8 AE7B4600     call WeChatWi.5740EDF0
56FA7242    C645 FC 04      mov byte ptr ss:[ebp-0x4],0x4
56FA7246    E8 D574FDFF     call WeChatWi.56F7E720
56FA724B    C645 FC 03      mov byte ptr ss:[ebp-0x4],0x3
56FA724F    E8 2C582300     call WeChatWi.571DCA80
56FA7254    84C0            test al,al
56FA7256    74 49           je short WeChatWi.56FA72A1
56FA7258    8D85 DCFBFFFF   lea eax,dword ptr ss:[ebp-0x424]
56FA725E    50              push eax
56FA725F    8D8D 0CFCFFFF   lea ecx,dword ptr ss:[ebp-0x3F4]
56FA7265    E8 16DD3D00     call WeChatWi.57384F80
56FA726A    8D8D F4FBFFFF   lea ecx,dword ptr ss:[ebp-0x40C]
56FA7270    51              push ecx
56FA7271    8BC8            mov ecx,eax
56FA7273    E8 C8804600     call WeChatWi.5740F340
56FA7278    8D8D DCFBFFFF   lea ecx,dword ptr ss:[ebp-0x424]
56FA727E    8AD8            mov bl,al
56FA7280    E8 1B5DFDFF     call WeChatWi.56F7CFA0
56FA7285    84DB            test bl,bl
56FA7287    75 12           jnz short WeChatWi.56FA729B
56FA7289    E8 B2F0FEFF     call WeChatWi.56F96340
56FA728E    8D95 F4FBFFFF   lea edx,dword ptr ss:[ebp-0x40C]
56FA7294    8BCF            mov ecx,edi
56FA7296    E8 55772200     call WeChatWi.571CE9F0                   ; 调用这行
56FA729B    8B9D 08FCFFFF   mov ebx,dword ptr ss:[ebp-0x3F8]
56FA72A1    8D8D 0CFCFFFF   lea ecx,dword ptr ss:[ebp-0x3F4]
56FA72A7    C645 FC 00      mov byte ptr ss:[ebp-0x4],0x0
56FA72AB    E8 40E23F00     call WeChatWi.573A54F0
56FA72B0    8D85 F4FBFFFF   lea eax,dword ptr ss:[ebp-0x40C]
56FA72B6    EB 06           jmp short WeChatWi.56FA72BE
56FA72B8    8D83 BC080000   lea eax,dword ptr ds:[ebx+0x8BC]
56FA72BE    50              push eax
56FA72BF    8BCB            mov ecx,ebx
56FA72C1    E8 FAF5FFFF     call WeChatWi.56FA68C0
56FA72C6    8B85 F4FBFFFF   mov eax,dword ptr ss:[ebp-0x40C]
56FA72CC    85C0            test eax,eax
56FA72CE    74 09           je short WeChatWi.56FA72D9
56FA72D0    50              push eax
56FA72D1    E8 5E2F0601     call WeChatWi.5800A234
56FA72D6    83C4 04         add esp,0x4
56FA72D9    8B85 00FCFFFF   mov eax,dword ptr ss:[ebp-0x400]
56FA72DF    85C0            test eax,eax
56FA72E1    74 09           je short WeChatWi.56FA72EC
56FA72E3    50              push eax
56FA72E4    E8 4B2F0601     call WeChatWi.5800A234
56FA72E9    83C4 04         add esp,0x4
56FA72EC    8B4D F4         mov ecx,dword ptr ss:[ebp-0xC]
56FA72EF    64:890D 0000000>mov dword ptr fs:[0],ecx
56FA72F6    59              pop ecx                                  ; 0018EFE0
56FA72F7    5F              pop edi                                  ; 0018EFE0
56FA72F8    5E              pop esi                                  ; 0018EFE0
56FA72F9    5B              pop ebx                                  ; 0018EFE0
56FA72FA    8B4D EC         mov ecx,dword ptr ss:[ebp-0x14]          ; WeChatWi.573EB624
56FA72FD    33CD            xor ecx,ebp
56FA72FF    E8 A72CC600     call WeChatWi.57C09FAB
56FA7304    8BE5            mov esp,ebp
56FA7306    5D              pop ebp                                  ; 0018EFE0
56FA7307    C2 0400         retn 0x4
56FA730A    CC              int3
56FA730B    CC              int3
56FA730C    CC              int3
56FA730D    CC              int3
56FA730E    CC              int3
56FA730F    CC              int3
56FA7310    55              push ebp
56FA7311    8BEC            mov ebp,esp
56FA7313    6A FF           push -0x1
56FA7315    68 4C460358     push WeChatWi.5803464C
56FA731A    64:A1 00000000  mov eax,dword ptr fs:[0]
56FA7320    50              push eax
56FA7321    83EC 44         sub esp,0x44
56FA7324    A1 942B4F58     mov eax,dword ptr ds:[0x584F2B94]




获取群成员微信ID：
基址：56F30000
57156D04    81C1 48060000   add ecx,0x648
57156D0A    FF56 14         call dword ptr ds:[esi+0x14]
57156D0D    8B8F 70110000   mov ecx,dword ptr ds:[edi+0x1170]
57156D13    6A 01           push 0x1
57156D15    8B01            mov eax,dword ptr ds:[ecx]
57156D17    FF90 EC000000   call dword ptr ds:[eax+0xEC]
57156D1D    A1 14625558     mov eax,dword ptr ds:[0x58556214]
57156D22    85C0            test eax,eax
57156D24    74 06           je short WeChatWi.57156D2C
57156D26    66:8338 00      cmp word ptr ds:[eax],0x0
57156D2A    75 05           jnz short WeChatWi.57156D31
57156D2C    B8 08892958     mov eax,WeChatWi.58298908
57156D31    50              push eax
57156D32    8BCB            mov ecx,ebx
57156D34    E8 D7862B00     call WeChatWi.5740F410
57156D39    85C0            test eax,eax
57156D3B    75 1D           jnz short WeChatWi.57156D5A
57156D3D    8B87 C00A0000   mov eax,dword ptr ds:[edi+0xAC0]         ; WeChat.<ModuleEntryPoint>
57156D43    8B8F 70110000   mov ecx,dword ptr ds:[edi+0x1170]
57156D49    FFB0 A40E0000   push dword ptr ds:[eax+0xEA4]
57156D4F    53              push ebx
57156D50    E8 8B34F6FF     call WeChatWi.570BA1E0
57156D55    E9 28010000     jmp WeChatWi.57156E82
57156D5A    833D 20CF5458 0>cmp dword ptr ds:[0x5854CF20],0x0
57156D61    75 2A           jnz short WeChatWi.57156D8D
57156D63    6A 48           push 0x48
57156D65    E8 8332AB00     call WeChatWi.57C09FED
57156D6A    83C4 04         add esp,0x4
57156D6D    8985 98FEFFFF   mov dword ptr ss:[ebp-0x168],eax
57156D73    8BC8            mov ecx,eax
57156D75    C745 FC 0000000>mov dword ptr ss:[ebp-0x4],0x0
57156D7C    E8 6F3B0800     call WeChatWi.571DA8F0
57156D81    C745 FC FFFFFFF>mov dword ptr ss:[ebp-0x4],-0x1
57156D88    A3 20CF5458     mov dword ptr ds:[0x5854CF20],eax
57156D8D    53              push ebx
57156D8E    E8 6D7D0800     call WeChatWi.571DEB00
57156D93    83F8 02         cmp eax,0x2
57156D96    75 1D           jnz short WeChatWi.57156DB5
57156D98    8B87 C00A0000   mov eax,dword ptr ds:[edi+0xAC0]         ; WeChat.<ModuleEntryPoint>
57156D9E    8B8F 70110000   mov ecx,dword ptr ds:[edi+0x1170]
57156DA4    FFB0 A40E0000   push dword ptr ds:[eax+0xEA4]
57156DAA    53              push ebx
57156DAB    E8 3035F6FF     call WeChatWi.570BA2E0
57156DB0    E9 CD000000     jmp WeChatWi.57156E82
57156DB5    8D8D 9CFEFFFF   lea ecx,dword ptr ss:[ebp-0x164]
57156DBB    E8 20142400     call WeChatWi.573981E0                   ; call1
57156DC0    C745 FC 0100000>mov dword ptr ss:[ebp-0x4],0x1
57156DC7    C785 8CFEFFFF 0>mov dword ptr ss:[ebp-0x174],0x0
57156DD1    C785 90FEFFFF 0>mov dword ptr ss:[ebp-0x170],0x0
57156DDB    C785 94FEFFFF 0>mov dword ptr ss:[ebp-0x16C],0x0
57156DE5    8D85 9CFEFFFF   lea eax,dword ptr ss:[ebp-0x164]
57156DEB    C645 FC 02      mov byte ptr ss:[ebp-0x4],0x2
57156DEF    50              push eax
57156DF0    53              push ebx
57156DF1    E8 3A170D00     call WeChatWi.57228530                   ; call2拿到数据库句柄
57156DF6    8BC8            mov ecx,eax
57156DF8    E8 037D2400     call WeChatWi.5739EB00                   ; call3获取列表
57156DFD    8D85 8CFEFFFF   lea eax,dword ptr ss:[ebp-0x174]
57156E03    50              push eax
57156E04    8D8D 9CFEFFFF   lea ecx,dword ptr ss:[ebp-0x164]
57156E0A    E8 C11E2400     call WeChatWi.57398CD0                   ; call4拿到处理好的群用户列表
57156E0F    83EC 0C         sub esp,0xC
57156E12    8D85 8CFEFFFF   lea eax,dword ptr ss:[ebp-0x174]
57156E18    8BCC            mov ecx,esp
57156E1A    89A5 98FEFFFF   mov dword ptr ss:[ebp-0x168],esp
57156E20    50              push eax
57156E21    E8 7AAAE2FF     call WeChatWi.56F818A0
57156E26    C645 FC 03      mov byte ptr ss:[ebp-0x4],0x3
57156E2A    833D 20CF5458 0>cmp dword ptr ds:[0x5854CF20],0x0
57156E31    75 24           jnz short WeChatWi.57156E57
57156E33    6A 48           push 0x48
57156E35    E8 B331AB00     call WeChatWi.57C09FED
57156E3A    83C4 04         add esp,0x4
57156E3D    8985 88FEFFFF   mov dword ptr ss:[ebp-0x178],eax
57156E43    8BC8            mov ecx,eax
57156E45    C645 FC 04      mov byte ptr ss:[ebp-0x4],0x4
57156E49    E8 A23A0800     call WeChatWi.571DA8F0
57156E4E    C645 FC 03      mov byte ptr ss:[ebp-0x4],0x3
57156E52    A3 20CF5458     mov dword ptr ds:[0x5854CF20],eax
57156E57    C645 FC 02      mov byte ptr ss:[ebp-0x4],0x2
57156E5B    E8 B0890800     call WeChatWi.571DF810
57156E60    8B8F 70110000   mov ecx,dword ptr ds:[edi+0x1170]
57156E66    53              push ebx
57156E67    E8 8432F6FF     call WeChatWi.570BA0F0
57156E6C    8D8D 8CFEFFFF   lea ecx,dword ptr ss:[ebp-0x174]
57156E72    E8 091AE2FF     call WeChatWi.56F78880
57156E77    8D8D 9CFEFFFF   lea ecx,dword ptr ss:[ebp-0x164]
57156E7D    E8 3E152400     call WeChatWi.573983C0
57156E82    8B4D F4         mov ecx,dword ptr ss:[ebp-0xC]
57156E85    64:890D 0000000>mov dword ptr fs:[0],ecx
57156E8C    59              pop ecx                                  ; user32.73DE4F8A
57156E8D    5F              pop edi                                  ; user32.73DE4F8A
57156E8E    5E              pop esi                                  ; user32.73DE4F8A
57156E8F    5B              pop ebx                                  ; user32.73DE4F8A
57156E90    8B4D EC         mov ecx,dword ptr ss:[ebp-0x14]
57156E93    33CD            xor ecx,ebp
57156E95    E8 1131AB00     call WeChatWi.57C09FAB
57156E9A    8BE5            mov esp,ebp
57156E9C    5D              pop ebp                                  ; user32.73DE4F8A
57156E9D    C2 0400         retn 0x4
57156EA0    56              push esi
57156EA1    8BF1            mov esi,ecx
57156EA3    8B8E 70110000   mov ecx,dword ptr ds:[esi+0x1170]
57156EA9    85C9            test ecx,ecx
57156EAB    74 30           je short WeChatWi.57156EDD
57156EAD    8B01            mov eax,dword ptr ds:[ecx]
57156EAF    6A 00           push 0x0
57156EB1    FF90 EC000000   call dword ptr ds:[eax+0xEC]
57156EB7    8B96 70110000   mov edx,dword ptr ds:[esi+0x1170]
57156EBD    85D2            test edx,edx
57156EBF    74 1C           je short WeChatWi.57156EDD
57156EC1    8B8E 840A0000   mov ecx,dword ptr ds:[esi+0xA84]
57156EC7    81C1 48060000   add ecx,0x648
57156ECD    52              push edx
57156ECE    8B01            mov eax,dword ptr ds:[ecx]
57156ED0    FF50 18         call dword ptr ds:[eax+0x18]
57156ED3    C786 70110000 0>mov dword ptr ds:[esi+0x1170],0x0
57156EDD    5E              pop esi                                  ; user32.73DE4F8A
57156EDE    C3              retn
57156EDF    CC              int3
57156EE0    55              push ebp
57156EE1    8BEC            mov ebp,esp
57156EE3    56              push esi
57156EE4    8BF1            mov esi,ecx
57156EE6    6A 00           push 0x0
57156EE8    8B8E 7C0A0000   mov ecx,dword ptr ds:[esi+0xA7C]
57156EEE    8B01            mov eax,dword ptr ds:[ecx]
57156EF0    FF90 EC000000   call dword ptr ds:[eax+0xEC]
57156EF6    6A 00           push 0x0
57156EF8    8BCE            mov ecx,esi
57156EFA    E8 E1030000     call WeChatWi.571572E0
57156EFF    8B8E 900A0000   mov ecx,dword ptr ds:[esi+0xA90]
57156F05    6A 00           push 0x0


添加群成员：群:22905167168@chatroom  能强:wxid_sbrnzc86ibft22
基址：56F30000
56F9A480    55              push ebp
56F9A481    8BEC            mov ebp,esp
56F9A483    6A FF           push -0x1
56F9A485    68 B3370358     push WeChatWi.580337B3
56F9A48A    64:A1 00000000  mov eax,dword ptr fs:[0]
56F9A490    50              push eax
56F9A491    83EC 34         sub esp,0x34
56F9A494    53              push ebx
56F9A495    56              push esi
56F9A496    57              push edi
56F9A497    A1 942B4F58     mov eax,dword ptr ds:[0x584F2B94]
56F9A49C    33C5            xor eax,ebp
56F9A49E    50              push eax
56F9A49F    8D45 F4         lea eax,dword ptr ss:[ebp-0xC]
56F9A4A2    64:A3 00000000  mov dword ptr fs:[0],eax
56F9A4A8    8BD9            mov ebx,ecx
56F9A4AA    C745 E8 0000000>mov dword ptr ss:[ebp-0x18],0x0
56F9A4B1    83BB 9C0C0000 0>cmp dword ptr ds:[ebx+0xC9C],0x0
56F9A4B8    75 18           jnz short WeChatWi.56F9A4D2
56F9A4BA    8B03            mov eax,dword ptr ds:[ebx]
56F9A4BC    6A 01           push 0x1
56F9A4BE    FF10            call dword ptr ds:[eax]
56F9A4C0    8B4D F4         mov ecx,dword ptr ss:[ebp-0xC]
56F9A4C3    64:890D 0000000>mov dword ptr fs:[0],ecx
56F9A4CA    59              pop ecx                                  ; user32.73DE4F8A
56F9A4CB    5F              pop edi                                  ; user32.73DE4F8A
56F9A4CC    5E              pop esi                                  ; user32.73DE4F8A
56F9A4CD    5B              pop ebx                                  ; user32.73DE4F8A
56F9A4CE    8BE5            mov esp,ebp
56F9A4D0    5D              pop ebp                                  ; user32.73DE4F8A
56F9A4D1    C3              retn
56F9A4D2    FF75 E8         push dword ptr ss:[ebp-0x18]             ; user32.73DE4F8A
56F9A4D5    8B93 A40C0000   mov edx,dword ptr ds:[ebx+0xCA4]
56F9A4DB    8DB3 A00C0000   lea esi,dword ptr ds:[ebx+0xCA0]
56F9A4E1    51              push ecx
56F9A4E2    8B0E            mov ecx,dword ptr ds:[esi]
56F9A4E4    E8 37E3FDFF     call WeChatWi.56F78820
56F9A4E9    8B06            mov eax,dword ptr ds:[esi]
56F9A4EB    83C4 08         add esp,0x8
56F9A4EE    8946 04         mov dword ptr ds:[esi+0x4],eax
56F9A4F1    8B83 980C0000   mov eax,dword ptr ds:[ebx+0xC98]
56F9A4F7    8B00            mov eax,dword ptr ds:[eax]
56F9A4F9    8945 EC         mov dword ptr ss:[ebp-0x14],eax
56F9A4FC    3B83 980C0000   cmp eax,dword ptr ds:[ebx+0xC98]
56F9A502    74 1E           je short WeChatWi.56F9A522
56F9A504    83C0 10         add eax,0x10
56F9A507    8BCE            mov ecx,esi
56F9A509    50              push eax
56F9A50A    E8 E11D0000     call WeChatWi.56F9C2F0                   ; 调用第一个
56F9A50F    8D4D EC         lea ecx,dword ptr ss:[ebp-0x14]
56F9A512    E8 C928FEFF     call WeChatWi.56F7CDE0
56F9A517    8B45 EC         mov eax,dword ptr ss:[ebp-0x14]
56F9A51A    3B83 980C0000   cmp eax,dword ptr ds:[ebx+0xC98]
56F9A520  ^ 75 E2           jnz short WeChatWi.56F9A504
56F9A522    8D8B B0080000   lea ecx,dword ptr ds:[ebx+0x8B0]
56F9A528    E8 732B2400     call WeChatWi.571DD0A0
56F9A52D    84C0            test al,al
56F9A52F    75 24           jnz short WeChatWi.56F9A555
56F9A531    8D45 C0         lea eax,dword ptr ss:[ebp-0x40]
56F9A534    50              push eax
56F9A535    8D8B B0080000   lea ecx,dword ptr ds:[ebx+0x8B0]
56F9A53B    E8 801B0100     call WeChatWi.56FAC0C0                   ; 调用第三个
56F9A540    B9 01000000     mov ecx,0x1
56F9A545    8378 04 00      cmp dword ptr ds:[eax+0x4],0x0
56F9A549    0F9EC0          setle al
56F9A54C    84C0            test al,al
56F9A54E    75 08           jnz short WeChatWi.56F9A558
56F9A550    884D F3         mov byte ptr ss:[ebp-0xD],cl
56F9A553    EB 07           jmp short WeChatWi.56F9A55C
56F9A555    8B4D E8         mov ecx,dword ptr ss:[ebp-0x18]          ; user32.73DE4F8A
56F9A558    C645 F3 00      mov byte ptr ss:[ebp-0xD],0x0
56F9A55C    F6C1 01         test cl,0x1
56F9A55F    74 08           je short WeChatWi.56F9A569
56F9A561    8D4D C0         lea ecx,dword ptr ss:[ebp-0x40]
56F9A564    E8 372AFEFF     call WeChatWi.56F7CFA0
56F9A569    807D F3 00      cmp byte ptr ss:[ebp-0xD],0x0
56F9A56D    74 26           je short WeChatWi.56F9A595
56F9A56F    8D45 C0         lea eax,dword ptr ss:[ebp-0x40]
56F9A572    50              push eax
56F9A573    8D8B B0080000   lea ecx,dword ptr ds:[ebx+0x8B0]
56F9A579    E8 421B0100     call WeChatWi.56FAC0C0                   ; 调用第三个
56F9A57E    50              push eax
56F9A57F    8BCE            mov ecx,esi
56F9A581    C745 FC 0000000>mov dword ptr ss:[ebp-0x4],0x0
56F9A588    E8 731E0000     call WeChatWi.56F9C400
56F9A58D    8D4D C0         lea ecx,dword ptr ss:[ebp-0x40]
56F9A590    E8 0B2AFEFF     call WeChatWi.56F7CFA0
56F9A595    A1 CCC75458     mov eax,dword ptr ds:[0x5854C7CC]
56F9A59A    A8 01           test al,0x1
56F9A59C    75 21           jnz short WeChatWi.56F9A5BF
56F9A59E    83C8 01         or eax,0x1
56F9A5A1    A3 CCC75458     mov dword ptr ds:[0x5854C7CC],eax
56F9A5A6    C745 FC 0100000>mov dword ptr ss:[ebp-0x4],0x1
56F9A5AD    E8 AE443D00     call WeChatWi.5736EA60
56F9A5B2    68 D04B0F58     push WeChatWi.580F4BD0
56F9A5B7    E8 9CFDC600     call WeChatWi.57C0A358
56F9A5BC    83C4 04         add esp,0x4
56F9A5BF    6A 00           push 0x0
56F9A5C1    68 14C85458     push WeChatWi.5854C814                   ; 第一个参数地址
56F9A5C6    8D4D C0         lea ecx,dword ptr ss:[ebp-0x40]
56F9A5C9    E8 32494700     call WeChatWi.5740EF00                   ; 调用第二个
56F9A5CE    C745 FC 0200000>mov dword ptr ss:[ebp-0x4],0x2
56F9A5D5    8B36            mov esi,dword ptr ds:[esi]
56F9A5D7    8BBB A40C0000   mov edi,dword ptr ds:[ebx+0xCA4]
56F9A5DD    3BF7            cmp esi,edi
56F9A5DF    74 29           je short WeChatWi.56F9A60A
56F9A5E1    8B45 C0         mov eax,dword ptr ss:[ebp-0x40]
56F9A5E4    85C0            test eax,eax
56F9A5E6    74 06           je short WeChatWi.56F9A5EE
56F9A5E8    66:8338 00      cmp word ptr ds:[eax],0x0
56F9A5EC    75 05           jnz short WeChatWi.56F9A5F3
56F9A5EE    B8 08892958     mov eax,WeChatWi.58298908
56F9A5F3    50              push eax
56F9A5F4    8BCE            mov ecx,esi
56F9A5F6    E8 154E4700     call WeChatWi.5740F410
56F9A5FB    85C0            test eax,eax
56F9A5FD    0F84 D0000000   je WeChatWi.56F9A6D3
56F9A603    83C6 14         add esi,0x14
56F9A606    3BF7            cmp esi,edi
56F9A608  ^ 75 D7           jnz short WeChatWi.56F9A5E1
56F9A60A    8DB3 A00C0000   lea esi,dword ptr ds:[ebx+0xCA0]
56F9A610    8D45 D4         lea eax,dword ptr ss:[ebp-0x2C]
56F9A613    50              push eax
56F9A614    8D8B B0080000   lea ecx,dword ptr ds:[ebx+0x8B0]
56F9A61A    E8 A11A0100     call WeChatWi.56FAC0C0                   ; 调用第三个A
56F9A61F    8378 04 00      cmp dword ptr ds:[eax+0x4],0x0
56F9A623    0F9EC0          setle al
56F9A626    84C0            test al,al
56F9A628    75 13           jnz short WeChatWi.56F9A63D
56F9A62A    8D8B B0080000   lea ecx,dword ptr ds:[ebx+0x8B0]
56F9A630    E8 6B2A2400     call WeChatWi.571DD0A0
56F9A635    C645 F3 01      mov byte ptr ss:[ebp-0xD],0x1
56F9A639    84C0            test al,al
56F9A63B    75 04           jnz short WeChatWi.56F9A641
56F9A63D    C645 F3 00      mov byte ptr ss:[ebp-0xD],0x0
56F9A641    8B45 D4         mov eax,dword ptr ss:[ebp-0x2C]
56F9A644    85C0            test eax,eax
56F9A646    74 10           je short WeChatWi.56F9A658
56F9A648    50              push eax
56F9A649    E8 E6FB0601     call WeChatWi.5800A234
56F9A64E    83C4 04         add esp,0x4
56F9A651    C745 D4 0000000>mov dword ptr ss:[ebp-0x2C],0x0
56F9A658    8B45 E0         mov eax,dword ptr ss:[ebp-0x20]
56F9A65B    C745 DC 0000000>mov dword ptr ss:[ebp-0x24],0x0
56F9A662    C745 D8 0000000>mov dword ptr ss:[ebp-0x28],0x0
56F9A669    85C0            test eax,eax
56F9A66B    74 09           je short WeChatWi.56F9A676
56F9A66D    50              push eax
56F9A66E    E8 C1FB0601     call WeChatWi.5800A234
56F9A673    83C4 04         add esp,0x4
56F9A676    807D F3 00      cmp byte ptr ss:[ebp-0xD],0x0
56F9A67A    74 6E           je short WeChatWi.56F9A6EA
56F9A67C    83EC 14         sub esp,0x14
56F9A67F    8D8B B0080000   lea ecx,dword ptr ds:[ebx+0x8B0]
56F9A685    8BC4            mov eax,esp
56F9A687    8965 E8         mov dword ptr ss:[ebp-0x18],esp
56F9A68A    50              push eax
56F9A68B    E8 301A0100     call WeChatWi.56FAC0C0                   ; 调用第三个B
56F9A690    C645 FC 03      mov byte ptr ss:[ebp-0x4],0x3
56F9A694    A1 2C3E5658     mov eax,dword ptr ds:[0x58563E2C]
56F9A699    A8 01           test al,0x1
56F9A69B    75 22           jnz short WeChatWi.56F9A6BF
56F9A69D    83C8 01         or eax,0x1
56F9A6A0    A3 2C3E5658     mov dword ptr ds:[0x58563E2C],eax
56F9A6A5    C645 FC 04      mov byte ptr ss:[ebp-0x4],0x4
56F9A6A9    E8 82EE2200     call WeChatWi.571C9530
56F9A6AE    68 90580F58     push WeChatWi.580F5890
56F9A6B3    E8 A0FCC600     call WeChatWi.57C0A358
56F9A6B8    83C4 04         add esp,0x4
56F9A6BB    C645 FC 03      mov byte ptr ss:[ebp-0x4],0x3
56F9A6BF    56              push esi
56F9A6C0    B9 203D5658     mov ecx,WeChatWi.58563D20                ; 第二个参数地址
56F9A6C5    C645 FC 02      mov byte ptr ss:[ebp-0x4],0x2
56F9A6C9    E8 02FA2200     call WeChatWi.571CA0D0                   ; 调用第四个
56F9A6CE    E9 70010000     jmp WeChatWi.56F9A843
56F9A6D3    56              push esi
56F9A6D4    8D45 E8         lea eax,dword ptr ss:[ebp-0x18]
56F9A6D7    8DB3 A00C0000   lea esi,dword ptr ds:[ebx+0xCA0]
56F9A6DD    50              push eax
56F9A6DE    8BCE            mov ecx,esi
56F9A6E0    E8 AB1B0000     call WeChatWi.56F9C290
56F9A6E5  ^ E9 26FFFFFF     jmp WeChatWi.56F9A610
56F9A6EA    8B4E 04         mov ecx,dword ptr ds:[esi+0x4]
56F9A6ED    B8 67666666     mov eax,0x66666667
56F9A6F2    2B0E            sub ecx,dword ptr ds:[esi]
56F9A6F4    F7E9            imul ecx
56F9A6F6    C1FA 03         sar edx,0x3
56F9A6F9    8BC2            mov eax,edx
56F9A6FB    C1E8 1F         shr eax,0x1F
56F9A6FE    03C2            add eax,edx
56F9A700    83F8 01         cmp eax,0x1
56F9A703    0F85 01010000   jnz WeChatWi.56F9A80A
56F9A709    80BB D40C0000 0>cmp byte ptr ds:[ebx+0xCD4],0x0
56F9A710    0F84 82000000   je WeChatWi.56F9A798
56F9A716    6A 58           push 0x58
56F9A718    E8 D0F8C600     call WeChatWi.57C09FED
56F9A71D    8BF8            mov edi,eax
56F9A71F    83C4 04         add esp,0x4
56F9A722    897D E8         mov dword ptr ss:[ebp-0x18],edi
56F9A725    C645 FC 05      mov byte ptr ss:[ebp-0x4],0x5
56F9A729    B8 67666666     mov eax,0x66666667
56F9A72E    8B4E 04         mov ecx,dword ptr ds:[esi+0x4]
56F9A731    2B0E            sub ecx,dword ptr ds:[esi]
56F9A733    F7E9            imul ecx
56F9A735    C1FA 03         sar edx,0x3
56F9A738    8BC2            mov eax,edx
56F9A73A    C1E8 1F         shr eax,0x1F
56F9A73D    03C2            add eax,edx
56F9A73F    75 0A           jnz short WeChatWi.56F9A74B
56F9A741    68 C8EA2958     push WeChatWi.5829EAC8                   ; ASCII "invalid vector<T> subscript"
56F9A746    E8 6699C500     call WeChatWi.57BF40B1
56F9A74B    FF36            push dword ptr ds:[esi]
56F9A74D    8BCF            mov ecx,edi
56F9A74F    E8 2C0B3100     call WeChatWi.572AB280
56F9A754    8BF8            mov edi,eax
56F9A756    C645 FC 02      mov byte ptr ss:[ebp-0x4],0x2
56F9A75A    A1 88CF5458     mov eax,dword ptr ds:[0x5854CF88]
56F9A75F    85C0            test eax,eax
56F9A761    75 24           jnz short WeChatWi.56F9A787
56F9A763    68 84000000     push 0x84
56F9A768    E8 80F8C600     call WeChatWi.57C09FED
56F9A76D    83C4 04         add esp,0x4
56F9A770    8945 E8         mov dword ptr ss:[ebp-0x18],eax
56F9A773    8BC8            mov ecx,eax
56F9A775    C645 FC 06      mov byte ptr ss:[ebp-0x4],0x6
56F9A779    E8 D2DB3000     call WeChatWi.572A8350
56F9A77E    C645 FC 02      mov byte ptr ss:[ebp-0x4],0x2
56F9A782    A3 88CF5458     mov dword ptr ds:[0x5854CF88],eax
56F9A787    57              push edi
56F9A788    6A 00           push 0x0
56F9A78A    6A 00           push 0x0
56F9A78C    68 01030000     push 0x301
56F9A791    8BC8            mov ecx,eax
56F9A793    E8 38EF3000     call WeChatWi.572A96D0
56F9A798    83BB D00C0000 0>cmp dword ptr ds:[ebx+0xCD0],0x0
56F9A79F    74 5F           je short WeChatWi.56F9A800
56F9A7A1    8B4E 04         mov ecx,dword ptr ds:[esi+0x4]
56F9A7A4    B8 67666666     mov eax,0x66666667
56F9A7A9    8B3E            mov edi,dword ptr ds:[esi]
56F9A7AB    2BCF            sub ecx,edi
56F9A7AD    F7E9            imul ecx
56F9A7AF    C1FA 03         sar edx,0x3
56F9A7B2    8BC2            mov eax,edx
56F9A7B4    C1E8 1F         shr eax,0x1F
56F9A7B7    03C2            add eax,edx
56F9A7B9    75 0A           jnz short WeChatWi.56F9A7C5
56F9A7BB    68 C8EA2958     push WeChatWi.5829EAC8                   ; ASCII "invalid vector<T> subscript"
56F9A7C0    E8 EC98C500     call WeChatWi.57BF40B1
56F9A7C5    83EC 14         sub esp,0x14
56F9A7C8    8BCC            mov ecx,esp
56F9A7CA    6A FF           push -0x1
56F9A7CC    C701 00000000   mov dword ptr ds:[ecx],0x0
56F9A7D2    C741 04 0000000>mov dword ptr ds:[ecx+0x4],0x0



删除群成员：
基址：56F30000
5705F492   /75 05           jnz short WeChatWi.5705F499
5705F494   |BA 08892958     mov edx,WeChatWi.58298908
5705F499   \0F1085 14FEFFFF movups xmm0,dqword ptr ss:[ebp-0x1EC]
5705F4A0    8B85 24FEFFFF   mov eax,dword ptr ss:[ebp-0x1DC]         ; user32.73DC70AC
5705F4A6    83EC 14         sub esp,0x14
5705F4A9    8BCC            mov ecx,esp
5705F4AB    52              push edx
5705F4AC    0F1101          movups dqword ptr ds:[ecx],xmm0
5705F4AF    8941 10         mov dword ptr ds:[ecx+0x10],eax
5705F4B2    8D85 40FEFFFF   lea eax,dword ptr ss:[ebp-0x1C0]
5705F4B8    50              push eax
5705F4B9    E8 D2023B00     call WeChatWi.5740F790
5705F4BE    83C4 08         add esp,0x8
5705F4C1    8BCC            mov ecx,esp
5705F4C3    89A5 54FEFFFF   mov dword ptr ss:[ebp-0x1AC],esp
5705F4C9    6A FF           push -0x1
5705F4CB    68 08892958     push WeChatWi.58298908
5705F4D0    E8 DBF83A00     call WeChatWi.5740EDB0
5705F4D5    6A 00           push 0x0
5705F4D7    6A 00           push 0x0
5705F4D9    83EC 14         sub esp,0x14
5705F4DC    C645 FC 06      mov byte ptr ss:[ebp-0x4],0x6
5705F4E0    BA 7C040000     mov edx,0x47C
5705F4E5    89A5 60FEFFFF   mov dword ptr ss:[ebp-0x1A0],esp
5705F4EB    8BCC            mov ecx,esp
5705F4ED    E8 EE073B00     call WeChatWi.5740FCE0
5705F4F2    83EC 14         sub esp,0x14
5705F4F5    C645 FC 07      mov byte ptr ss:[ebp-0x4],0x7
5705F4F9    BA FB0C0000     mov edx,0xCFB
5705F4FE    8BCC            mov ecx,esp
5705F500    E8 DB073B00     call WeChatWi.5740FCE0
5705F505    83EC 14         sub esp,0x14
5705F508    8D85 40FEFFFF   lea eax,dword ptr ss:[ebp-0x1C0]
5705F50E    8BCC            mov ecx,esp
5705F510    50              push eax
5705F511    E8 DAF83A00     call WeChatWi.5740EDF0
5705F516    83EC 14         sub esp,0x14
5705F519    8BCC            mov ecx,esp
5705F51B    6A FF           push -0x1
5705F51D    68 08892958     push WeChatWi.58298908
5705F522    E8 89F83A00     call WeChatWi.5740EDB0
5705F527    C645 FC 05      mov byte ptr ss:[ebp-0x4],0x5
5705F52B    BA 01000000     mov edx,0x1
5705F530    8B4B E4         mov ecx,dword ptr ds:[ebx-0x1C]
5705F533    E8 68DEFFFF     call WeChatWi.5705D3A0
5705F538    83C4 6C         add esp,0x6C
5705F53B    84C0            test al,al
5705F53D    74 3B           je short WeChatWi.5705F57A
5705F53F    83EC 14         sub esp,0x14
5705F542    8D83 80040000   lea eax,dword ptr ds:[ebx+0x480]
5705F548    8BCC            mov ecx,esp
5705F54A    89A5 58FEFFFF   mov dword ptr ss:[ebp-0x1A8],esp
5705F550    50              push eax
5705F551    E8 9AF83A00     call WeChatWi.5740EDF0                   ; 调用1
5705F556    57              push edi
5705F557    C645 FC 08      mov byte ptr ss:[ebp-0x4],0x8
5705F55B    E8 E06DF3FF     call WeChatWi.56F96340                   ; 调用2
5705F560    8BC8            mov ecx,eax
5705F562    C645 FC 05      mov byte ptr ss:[ebp-0x4],0x5
5705F566    E8 85AD1600     call WeChatWi.571CA2F0                   ; 调用3
5705F56B    8BBD 5CFEFFFF   mov edi,dword ptr ss:[ebp-0x1A4]
5705F571    C687 A4040000 0>mov byte ptr ds:[edi+0x4A4],0x1
5705F578    EB 06           jmp short WeChatWi.5705F580
5705F57A    8BBD 5CFEFFFF   mov edi,dword ptr ss:[ebp-0x1A4]
5705F580    8B47 E0         mov eax,dword ptr ds:[edi-0x20]
5705F583    8D4F E0         lea ecx,dword ptr ds:[edi-0x20]
5705F586    6A 01           push 0x1
5705F588    FF10            call dword ptr ds:[eax]
5705F58A    8D8D 40FEFFFF   lea ecx,dword ptr ss:[ebp-0x1C0]
5705F590    E8 0BDAF1FF     call WeChatWi.56F7CFA0
5705F595    8D8D 14FEFFFF   lea ecx,dword ptr ss:[ebp-0x1EC]
5705F59B    C745 FC FFFFFFF>mov dword ptr ss:[ebp-0x4],-0x1
5705F5A2    E8 F9D9F1FF     call WeChatWi.56F7CFA0
5705F5A7    8BB5 3CFEFFFF   mov esi,dword ptr ss:[ebp-0x1C4]
5705F5AD    E9 94020000     jmp WeChatWi.5705F846
5705F5B2    8B8E 08010000   mov ecx,dword ptr ds:[esi+0x108]
5705F5B8    8D95 6CFFFFFF   lea edx,dword ptr ss:[ebp-0x94]
5705F5BE    52              push edx
5705F5BF    8B01            mov eax,dword ptr ds:[ecx]
5705F5C1    FF50 04         call dword ptr ds:[eax+0x4]
5705F5C4    68 ECE62958     push WeChatWi.5829E6EC                   ; UNICODE "cancel_btn"
5705F5C9    8BC8            mov ecx,eax
5705F5CB    E8 B0CB6D00     call WeChatWi.5773C180
5705F5D0    50              push eax
5705F5D1    E8 38CAF900     call WeChatWi.57FFC00E
5705F5D6    83C4 08         add esp,0x8
5705F5D9    8D8D 6CFFFFFF   lea ecx,dword ptr ss:[ebp-0x94]
5705F5DF    85C0            test eax,eax
5705F5E1    0F94C3          sete bl
5705F5E4    E8 30CC6D00     call WeChatWi.5773C219
5705F5E9    84DB            test bl,bl
5705F5EB    0F84 55020000   je WeChatWi.5705F846
5705F5F1    8B47 E0         mov eax,dword ptr ds:[edi-0x20]
5705F5F4    8D4F E0         lea ecx,dword ptr ds:[edi-0x20]
5705F5F7    6A 01           push 0x1
5705F5F9    FF10            call dword ptr ds:[eax]
5705F5FB    E9 46020000     jmp WeChatWi.5705F846
5705F600    68 1CE72958     push WeChatWi.5829E71C                   ; UNICODE "textchanged"
5705F605    8BCE            mov ecx,esi
5705F607    E8 74CB6D00     call WeChatWi.5773C180
5705F60C    50              push eax
5705F60D    E8 FCC9F900     call WeChatWi.57FFC00E
5705F612    83C4 08         add esp,0x8
5705F615    85C0            test eax,eax
5705F617    0F85 29020000   jnz WeChatWi.5705F846
5705F61D    8B8E 08010000   mov ecx,dword ptr ds:[esi+0x108]
5705F623    8D95 6CFFFFFF   lea edx,dword ptr ss:[ebp-0x94]
5705F629    52              push edx
5705F62A    8B01            mov eax,dword ptr ds:[ecx]
5705F62C    FF50 04         call dword ptr ds:[eax+0x4]
5705F62F    68 04E52958     push WeChatWi.5829E504                   ; UNICODE "search_bar"
5705F634    8BC8            mov ecx,eax
5705F636    E8 45CB6D00     call WeChatWi.5773C180
5705F63B    50              push eax
5705F63C    E8 CDC9F900     call WeChatWi.57FFC00E
5705F641    83C4 08         add esp,0x8
5705F644    8D8D 6CFFFFFF   lea ecx,dword ptr ss:[ebp-0x94]
5705F64A    85C0            test eax,eax
5705F64C    0F94C3          sete bl
5705F64F    E8 C5CB6D00     call WeChatWi.5773C219
5705F654    84DB            test bl,bl
5705F656    0F84 EA010000   je WeChatWi.5705F846
5705F65C    8B8F A8040000   mov ecx,dword ptr ds:[edi+0x4A8]
5705F662    8D95 E8FEFFFF   lea edx,dword ptr ss:[ebp-0x118]
5705F668    52              push edx
5705F669    8B01            mov eax,dword ptr ds:[ecx]
5705F66B    FF50 3C         call dword ptr ds:[eax+0x3C]
5705F66E    6A FF           push -0x1
5705F670    8BC8            mov ecx,eax
5705F672    E8 09CB6D00     call WeChatWi.5773C180
5705F677    50              push eax
5705F678    8D8D 40FEFFFF   lea ecx,dword ptr ss:[ebp-0x1C0]
5705F67E    E8 2DF73A00     call WeChatWi.5740EDB0
5705F683    8D8D E8FEFFFF   lea ecx,dword ptr ss:[ebp-0x118]
5705F689    C745 FC 0900000>mov dword ptr ss:[ebp-0x4],0x9
5705F690    E8 84CB6D00     call WeChatWi.5773C219
5705F695    83EC 14         sub esp,0x14
5705F698    8D85 40FEFFFF   lea eax,dword ptr ss:[ebp-0x1C0]
5705F69E    8BCC            mov ecx,esp
5705F6A0    50              push eax
5705F6A1    E8 4AF73A00     call WeChatWi.5740EDF0
5705F6A6    8D4F E0         lea ecx,dword ptr ds:[edi-0x20]
5705F6A9    E8 C20C0000     call WeChatWi.57060370
5705F6AE    E9 81010000     jmp WeChatWi.5705F834
5705F6B3    8B8E 08010000   mov ecx,dword ptr ds:[esi+0x108]
5705F6B9    8B01            mov eax,dword ptr ds:[ecx]
5705F6BB    FF50 24         call dword ptr ds:[eax+0x24]
5705F6BE    8BC8            mov ecx,eax
5705F6C0    8B10            mov edx,dword ptr ds:[eax]
5705F6C2    FF52 24         call dword ptr ds:[edx+0x24]
5705F6C5    8D8D 64FEFFFF   lea ecx,dword ptr ss:[ebp-0x19C]
5705F6CB    51              push ecx
5705F6CC    8BC8            mov ecx,eax
5705F6CE    8B10            mov edx,dword ptr ds:[eax]
5705F6D0    FF52 04         call dword ptr ds:[edx+0x4]
5705F6D3    B9 01000000     mov ecx,0x1
5705F6D8    C745 FC 0000000>mov dword ptr ss:[ebp-0x4],0x0
5705F6DF    898D 60FEFFFF   mov dword ptr ss:[ebp-0x1A0],ecx
5705F6E5    898D 54FEFFFF   mov dword ptr ss:[ebp-0x1AC],ecx
5705F6EB    8BC8            mov ecx,eax
5705F6ED    68 14512B58     push WeChatWi.582B5114                   ; UNICODE "member_list"
5705F6F2    E8 89CA6D00     call WeChatWi.5773C180
5705F6F7    50              push eax
5705F6F8    E8 11C9F900     call WeChatWi.57FFC00E
5705F6FD    83C4 08         add esp,0x8
5705F700    85C0            test eax,eax
5705F702    74 47           je short WeChatWi.5705F74B
5705F704    8B8E 08010000   mov ecx,dword ptr ds:[esi+0x108]
5705F70A    8B01            mov eax,dword ptr ds:[ecx]




发送图片消息：
基址：56F30000
发送的call：
57013119    83F8 01         cmp eax,0x1
5701311C    0F85 24010000   jnz WeChatWi.57013246
57013122    6A 00           push 0x0
57013124    6A 00           push 0x0
57013126    6A 00           push 0x0
57013128    68 15030000     push 0x315
5701312D    E8 1E532900     call WeChatWi.572A8450
57013132    8BC8            mov ecx,eax
57013134    E8 97652900     call WeChatWi.572A96D0
57013139    8D4D 88         lea ecx,dword ptr ss:[ebp-0x78]
5701313C    C745 FC FFFFFFF>mov dword ptr ss:[ebp-0x4],-0x1
57013143    E8 589EF6FF     call WeChatWi.56F7CFA0
57013148    E9 8C070000     jmp WeChatWi.570138D9
5701314D    E8 8EB6F6FF     call WeChatWi.56F7E7E0
57013152    8B55 B0         mov edx,dword ptr ss:[ebp-0x50]
57013155    8D43 14         lea eax,dword ptr ds:[ebx+0x14]
57013158    6A 01           push 0x1
5701315A    50              push eax
5701315B    53              push ebx
5701315C    8D8D 84F7FFFF   lea ecx,dword ptr ss:[ebp-0x87C]
57013162    E8 896A2400     call WeChatWi.57259BF0
57013167    83C4 0C         add esp,0xC
5701316A    50              push eax
5701316B    8D8D 44FBFFFF   lea ecx,dword ptr ss:[ebp-0x4BC]
57013171    C645 FC 01      mov byte ptr ss:[ebp-0x4],0x1
57013175    E8 A630F6FF     call WeChatWi.56F76220
5701317A    8D8D 84F7FFFF   lea ecx,dword ptr ss:[ebp-0x87C]
57013180    C645 FC 03      mov byte ptr ss:[ebp-0x4],0x3
57013184    E8 6757F6FF     call WeChatWi.56F788F0
57013189    E8 624E1A00     call WeChatWi.571B7FF0
5701318E    8BC8            mov ecx,eax
57013190    E8 1BB33700     call WeChatWi.5738E4B0
57013195    8D8D 44FBFFFF   lea ecx,dword ptr ss:[ebp-0x4BC]
5701319B    8955 B8         mov dword ptr ss:[ebp-0x48],edx
5701319E    8BF8            mov edi,eax
570131A0    E8 0BB33700     call WeChatWi.5738E4B0
570131A5    3BC7            cmp eax,edi
570131A7    75 09           jnz short WeChatWi.570131B2
570131A9    3B55 B8         cmp edx,dword ptr ss:[ebp-0x48]
570131AC    0F84 89000000   je WeChatWi.5701323B
570131B2    8B7D AC         mov edi,dword ptr ss:[ebp-0x54]
570131B5    8BCF            mov ecx,edi
570131B7    E8 04220000     call WeChatWi.570153C0
570131BC    84C0            test al,al
570131BE    74 7B           je short WeChatWi.5701323B
570131C0    8D8D 24FDFFFF   lea ecx,dword ptr ss:[ebp-0x2DC]
570131C6    E8 C55DF6FF     call WeChatWi.56F78F90
570131CB    0F57C0          xorps xmm0,xmm0
570131CE    66:C785 04FFFFF>mov word ptr ss:[ebp-0xFC],0x0
570131D7    0F1185 08FFFFFF movups dqword ptr ss:[ebp-0xF8],xmm0
570131DE    C785 18FFFFFF 0>mov dword ptr ss:[ebp-0xE8],0x0
570131E8    8D85 44FBFFFF   lea eax,dword ptr ss:[ebp-0x4BC]
570131EE    C645 FC 05      mov byte ptr ss:[ebp-0x4],0x5
570131F2    50              push eax
570131F3    8D8D 24FDFFFF   lea ecx,dword ptr ss:[ebp-0x2DC]
570131F9    C785 1CFFFFFF F>mov dword ptr ss:[ebp-0xE4],-0x1
57013203    E8 58D7F8FF     call WeChatWi.56FA0960
57013208    6A 01           push 0x1
5701320A    8D85 24FDFFFF   lea eax,dword ptr ss:[ebp-0x2DC]
57013210    C645 FC 06      mov byte ptr ss:[ebp-0x4],0x6
57013214    50              push eax
57013215    8BCF            mov ecx,edi
57013217    E8 04120000     call WeChatWi.57014420
5701321C    8D8D 24FDFFFF   lea ecx,dword ptr ss:[ebp-0x2DC]
57013222    C645 FC 03      mov byte ptr ss:[ebp-0x4],0x3
57013226    E8 0592FBFF     call WeChatWi.56FCC430
5701322B    8D45 88         lea eax,dword ptr ss:[ebp-0x78]
5701322E    50              push eax
5701322F    E8 8CC4FFFF     call WeChatWi.5700F6C0
57013234    8BC8            mov ecx,eax
57013236    E8 35471A00     call WeChatWi.571B7970
5701323B    8D8D 44FBFFFF   lea ecx,dword ptr ss:[ebp-0x4BC]
57013241    E8 AA56F6FF     call WeChatWi.56F788F0
57013246    8D4D 88         lea ecx,dword ptr ss:[ebp-0x78]
57013249    C745 FC FFFFFFF>mov dword ptr ss:[ebp-0x4],-0x1
57013250    E8 4B9DF6FF     call WeChatWi.56F7CFA0
57013255    E9 7F060000     jmp WeChatWi.570138D9
5701325A    53              push ebx
5701325B    FF75 B0         push dword ptr ss:[ebp-0x50]
5701325E    8D85 44FBFFFF   lea eax,dword ptr ss:[ebp-0x4BC]
57013264    50              push eax
57013265    51              push ecx
57013266    E8 75B5F6FF     call WeChatWi.56F7E7E0                   ; 图片call1
5701326B    83C4 04         add esp,0x4
5701326E    8BC8            mov ecx,eax
57013270    E8 6B632400     call WeChatWi.572595E0                   ; 图片call2
57013275    C745 FC 0700000>mov dword ptr ss:[ebp-0x4],0x7
5701327C    E8 6F4D1A00     call WeChatWi.571B7FF0
57013281    8BC8            mov ecx,eax
57013283    E8 28B23700     call WeChatWi.5738E4B0
57013288    8D8D 44FBFFFF   lea ecx,dword ptr ss:[ebp-0x4BC]
5701328E    8955 B8         mov dword ptr ss:[ebp-0x48],edx
57013291    8BF8            mov edi,eax
57013293    E8 18B23700     call WeChatWi.5738E4B0
57013298    3BC7            cmp eax,edi
5701329A    75 4A           jnz short WeChatWi.570132E6
5701329C    3B55 B8         cmp edx,dword ptr ss:[ebp-0x48]
5701329F    75 45           jnz short WeChatWi.570132E6
570132A1    E8 9AB5F6FF     call WeChatWi.56F7E840
570132A6    6A 00           push 0x0
570132A8    6A 01           push 0x1
570132AA    6A 01           push 0x1
570132AC    6A 0D           push 0xD
570132AE    6A 5F           push 0x5F
570132B0    E8 5B62C000     call WeChatWi.57C19510
570132B5    83C4 14         add esp,0x14
570132B8    E8 83B5F6FF     call WeChatWi.56F7E840
570132BD    6A 00           push 0x0
570132BF    6A 01           push 0x1
570132C1    6A 01           push 0x1
570132C3    6A 10           push 0x10
570132C5    6A 5F           push 0x5F
570132C7    E8 4462C000     call WeChatWi.57C19510
570132CC    83C4 14         add esp,0x14
570132CF    C745 FC FFFFFFF>mov dword ptr ss:[ebp-0x4],-0x1
570132D6    8D8D 44FBFFFF   lea ecx,dword ptr ss:[ebp-0x4BC]
570132DC    E8 0F56F6FF     call WeChatWi.56F788F0
570132E1    E9 F3050000     jmp WeChatWi.570138D9
570132E6    8B7D AC         mov edi,dword ptr ss:[ebp-0x54]
570132E9    8B8F 68040000   mov ecx,dword ptr ds:[edi+0x468]
570132EF    85C9            test ecx,ecx
570132F1    75 04           jnz short WeChatWi.570132F7
570132F3    B0 01           mov al,0x1
570132F5    EB 07           jmp short WeChatWi.570132FE
570132F7    8B01            mov eax,dword ptr ds:[ecx]
570132F9    8B40 24         mov eax,dword ptr ds:[eax+0x24]
570132FC    FFD0            call eax
570132FE    84C0            test al,al
57013300    74 67           je short WeChatWi.57013369
57013302    8D8D 24FDFFFF   lea ecx,dword ptr ss:[ebp-0x2DC]
57013308    E8 835CF6FF     call WeChatWi.56F78F90
5701330D    0F57C0          xorps xmm0,xmm0
57013310    66:C785 04FFFFF>mov word ptr ss:[ebp-0xFC],0x0
57013319    0F1185 08FFFFFF movups dqword ptr ss:[ebp-0xF8],xmm0
57013320    C785 18FFFFFF 0>mov dword ptr ss:[ebp-0xE8],0x0
5701332A    8D85 44FBFFFF   lea eax,dword ptr ss:[ebp-0x4BC]
57013330    C645 FC 09      mov byte ptr ss:[ebp-0x4],0x9
57013334    50              push eax
57013335    8D8D 24FDFFFF   lea ecx,dword ptr ss:[ebp-0x2DC]
5701333B    C785 1CFFFFFF F>mov dword ptr ss:[ebp-0xE4],-0x1
57013345    E8 16D6F8FF     call WeChatWi.56FA0960
5701334A    6A 01           push 0x1
5701334C    8D85 24FDFFFF   lea eax,dword ptr ss:[ebp-0x2DC]
57013352    C645 FC 0A      mov byte ptr ss:[ebp-0x4],0xA
57013356    50              push eax
57013357    8BCF            mov ecx,edi
57013359    E8 C2100000     call WeChatWi.57014420
5701335E    8D8D 24FDFFFF   lea ecx,dword ptr ss:[ebp-0x2DC]
57013364    E8 C790FBFF     call WeChatWi.56FCC430
57013369    8D8D 44FBFFFF   lea ecx,dword ptr ss:[ebp-0x4BC]
5701336F    C745 FC FFFFFFF>mov dword ptr ss:[ebp-0x4],-0x1
57013376    E8 7555F6FF     call WeChatWi.56F788F0
5701337B    E9 59050000     jmp WeChatWi.570138D9
57013380    53              push ebx
57013381    8D4D 88         lea ecx,dword ptr ss:[ebp-0x78]
57013384    E8 67BA3F00     call WeChatWi.5740EDF0
57013389    8D4D 88         lea ecx,dword ptr ss:[ebp-0x78]
5701338C    C745 FC 0B00000>mov dword ptr ss:[ebp-0x4],0xB
57013393    E8 C8C63E00     call WeChatWi.573FFA60
57013398    84C0            test al,al
5701339A    0F84 6A010000   je WeChatWi.5701350A
570133A0    8D8D 50FFFFFF   lea ecx,dword ptr ss:[ebp-0xB0]
570133A6    C645 B7 00      mov byte ptr ss:[ebp-0x49],0x0
570133AA    E8 B19E3E00     call WeChatWi.573FD260
570133AF    8B85 50FFFFFF   mov eax,dword ptr ss:[ebp-0xB0]
570133B5    85C0            test eax,eax
570133B7    74 06           je short WeChatWi.570133BF
570133B9    66:8338 00      cmp word ptr ds:[eax],0x0
570133BD    75 05           jnz short WeChatWi.570133C4
570133BF    B8 08892958     mov eax,WeChatWi.58298908
570133C4    50              push eax
570133C5    8D4D 88         lea ecx,dword ptr ss:[ebp-0x78]
570133C8    E8 E3C13F00     call WeChatWi.5740F5B0
570133CD    0FB64D B7       movzx ecx,byte ptr ss:[ebp-0x49]
570133D1    84C0            test al,al
570133D3    0F45CF          cmovne ecx,edi
570133D6    884D A4         mov byte ptr ss:[ebp-0x5C],cl


去掉锁文件：
57256287    E8 146DD2FF     call WeChatWi.56F7CFA0
5725628C    8D4D C8         lea ecx,dword ptr ss:[ebp-0x38]
5725628F    E8 0C6DD2FF     call WeChatWi.56F7CFA0
57256294    8D4D 9C         lea ecx,dword ptr ss:[ebp-0x64]
57256297    E8 046DD2FF     call WeChatWi.56F7CFA0
5725629C    8D8D 40FFFFFF   lea ecx,dword ptr ss:[ebp-0xC0]
572562A2    E8 F96CD2FF     call WeChatWi.56F7CFA0
572562A7    8BC6            mov eax,esi
572562A9    E9 BB040000     jmp WeChatWi.57256769
572562AE    8D8D F8FBFFFF   lea ecx,dword ptr ss:[ebp-0x408]
572562B4    E8 D72CD2FF     call WeChatWi.56F78F90
572562B9    8B85 C4FDFFFF   mov eax,dword ptr ss:[ebp-0x23C]
572562BF    8D8D 00FFFFFF   lea ecx,dword ptr ss:[ebp-0x100]
572562C5    83E0 10         and eax,0x10
572562C8    C785 28FCFFFF 0>mov dword ptr ss:[ebp-0x3D8],0x3
572562D2    83E0 20         and eax,0x20
572562D5    C785 2CFCFFFF 0>mov dword ptr ss:[ebp-0x3D4],0x1
572562DF    8985 C4FDFFFF   mov dword ptr ss:[ebp-0x23C],eax
572562E5    E8 E6E3E0FF     call WeChatWi.570646D0
572562EA    FFB5 64FFFFFF   push dword ptr ss:[ebp-0x9C]
572562F0    C645 FC 14      mov byte ptr ss:[ebp-0x4],0x14
572562F4    8D85 00FFFFFF   lea eax,dword ptr ss:[ebp-0x100]
572562FA    FF75 E8         push dword ptr ss:[ebp-0x18]             ; user32.73DE4F8A
572562FD    68 F0143158     push WeChatWi.583114F0                   ; UNICODE "<msg><img length="%d" hdlength="0" /><commenturl><"
57256302    50              push eax
57256303    E8 88941B00     call WeChatWi.5740F790
57256308    83C4 10         add esp,0x10
5725630B    8D85 00FFFFFF   lea eax,dword ptr ss:[ebp-0x100]
57256311    8D8D F8FBFFFF   lea ecx,dword ptr ss:[ebp-0x408]
57256317    50              push eax
57256318    E8 237ED4FF     call WeChatWi.56F9E140
5725631D    8B73 0C         mov esi,dword ptr ds:[ebx+0xC]
57256320    8D8D F8FBFFFF   lea ecx,dword ptr ss:[ebp-0x408]
57256326    56              push esi
57256327    E8 547ED4FF     call WeChatWi.56F9E180
5725632C    8B85 C4FDFFFF   mov eax,dword ptr ss:[ebp-0x23C]
57256332    8B4D C4         mov ecx,dword ptr ss:[ebp-0x3C]
57256335    83E0 40         and eax,0x40
57256338    898D 34FCFFFF   mov dword ptr ss:[ebp-0x3CC],ecx
5725633E    25 80000000     and eax,0x80
57256343    8D8D F8FBFFFF   lea ecx,dword ptr ss:[ebp-0x408]
57256349    C785 30FCFFFF 0>mov dword ptr ss:[ebp-0x3D0],0x1
57256353    8985 C4FDFFFF   mov dword ptr ss:[ebp-0x23C],eax
57256359    E8 A2D8E7FF     call WeChatWi.570D3C00
5725635E    8D55 C8         lea edx,dword ptr ss:[ebp-0x38]
57256361    8D8D 00FEFFFF   lea ecx,dword ptr ss:[ebp-0x200]
57256367    E8 64521A00     call WeChatWi.573FB5D0
5725636C    50              push eax
5725636D    8D8D F8FBFFFF   lea ecx,dword ptr ss:[ebp-0x408]
57256373    C645 FC 15      mov byte ptr ss:[ebp-0x4],0x15
57256377    E8 B423F4FF     call WeChatWi.57198730
5725637C    8D8D 00FEFFFF   lea ecx,dword ptr ss:[ebp-0x200]
57256382    C645 FC 14      mov byte ptr ss:[ebp-0x4],0x14
57256386    E8 156CD2FF     call WeChatWi.56F7CFA0
5725638B    8D95 7CFFFFFF   lea edx,dword ptr ss:[ebp-0x84]
57256391    8D8D ECFDFFFF   lea ecx,dword ptr ss:[ebp-0x214]
57256397    E8 34521A00     call WeChatWi.573FB5D0
5725639C    50              push eax
5725639D    8D8D F8FBFFFF   lea ecx,dword ptr ss:[ebp-0x408]
572563A3    C645 FC 16      mov byte ptr ss:[ebp-0x4],0x16
572563A7    E8 0423F4FF     call WeChatWi.571986B0
572563AC    8D8D ECFDFFFF   lea ecx,dword ptr ss:[ebp-0x214]
572563B2    C645 FC 14      mov byte ptr ss:[ebp-0x4],0x14
572563B6    E8 E56BD2FF     call WeChatWi.56F7CFA0
572563BB    8BCF            mov ecx,edi
572563BD    E8 1E311B00     call WeChatWi.574094E0                   ; 图片patch, 修改574094E0方法，不调用
572563C2    84C0            test al,al
572563C4    74 6A           je short WeChatWi.57256430
572563C6    E8 157DD4FF     call WeChatWi.56F9E0E0
572563CB    83EC 14         sub esp,0x14
572563CE    8D8D F8FBFFFF   lea ecx,dword ptr ss:[ebp-0x408]
572563D4    54              push esp
572563D5    E8 66A4D4FF     call WeChatWi.56FA0840
572563DA    8D8D D8FDFFFF   lea ecx,dword ptr ss:[ebp-0x228]
572563E0    E8 3B42F6FF     call WeChatWi.571BA620
572563E5    83C4 14         add esp,0x14
572563E8    8BD0            mov edx,eax
572563EA    C645 FC 17      mov byte ptr ss:[ebp-0x4],0x17
572563EE    8D8D ECFEFFFF   lea ecx,dword ptr ss:[ebp-0x114]
572563F4    E8 B74C1A00     call WeChatWi.573FB0B0
572563F9    8D8D D8FDFFFF   lea ecx,dword ptr ss:[ebp-0x228]
572563FF    C645 FC 19      mov byte ptr ss:[ebp-0x4],0x19
57256403    E8 986BD2FF     call WeChatWi.56F7CFA0
57256408    8D95 ECFEFFFF   lea edx,dword ptr ss:[ebp-0x114]
5725640E    8D4D B0         lea ecx,dword ptr ss:[ebp-0x50]
57256411    E8 0AA31A00     call WeChatWi.57400720
57256416    8D8D ECFEFFFF   lea ecx,dword ptr ss:[ebp-0x114]
5725641C    E8 9FF21800     call WeChatWi.573E56C0
57256421    8D8D ECFEFFFF   lea ecx,dword ptr ss:[ebp-0x114]
57256427    C645 FC 14      mov byte ptr ss:[ebp-0x4],0x14
5725642B    E8 706BD2FF     call WeChatWi.56F7CFA0
57256430    8BCE            mov ecx,esi
57256432    E8 99AF2C00     call WeChatWi.575213D0
57256437    84C0            test al,al
57256439    74 56           je short WeChatWi.57256491
5725643B    E8 3003D2FF     call WeChatWi.56F76770
57256440    6A 00           push 0x0
57256442    8D85 F8FBFFFF   lea eax,dword ptr ss:[ebp-0x408]
57256448    50              push eax
57256449    8D85 D8FEFFFF   lea eax,dword ptr ss:[ebp-0x128]
5725644F    50              push eax
57256450    E8 FBB52C00     call WeChatWi.57521A50
57256455    C645 FC 1A      mov byte ptr ss:[ebp-0x4],0x1A
57256459    E8 1203D2FF     call WeChatWi.56F76770
5725645E    6A 01           push 0x1
57256460    8D8D F8FBFFFF   lea ecx,dword ptr ss:[ebp-0x408]
57256466    51              push ecx
57256467    8B10            mov edx,dword ptr ds:[eax]
57256469    8BC8            mov ecx,eax
5725646B    FF52 04         call dword ptr ds:[edx+0x4]
5725646E    8D85 D8FEFFFF   lea eax,dword ptr ss:[ebp-0x128]
57256474    50              push eax
57256475    8D8D F8FBFFFF   lea ecx,dword ptr ss:[ebp-0x408]
5725647B    E8 007DD4FF     call WeChatWi.56F9E180
57256480    8D8D D8FEFFFF   lea ecx,dword ptr ss:[ebp-0x128]
57256486    C645 FC 14      mov byte ptr ss:[ebp-0x4],0x14
5725648A    E8 116BD2FF     call WeChatWi.56F7CFA0
5725648F    EB 15           jmp short WeChatWi.572564A6
57256491    E8 4A7CD4FF     call WeChatWi.56F9E0E0
57256496    6A 01           push 0x1
57256498    8D8D F8FBFFFF   lea ecx,dword ptr ss:[ebp-0x408]
5725649E    51              push ecx
5725649F    8B10            mov edx,dword ptr ds:[eax]
572564A1    8BC8            mov ecx,eax
572564A3    FF52 14         call dword ptr ds:[edx+0x14]
572564A6    8D8D F8FBFFFF   lea ecx,dword ptr ss:[ebp-0x408]
572564AC    E8 FF7F1300     call WeChatWi.5738E4B0
572564B1    8BBD 60FFFFFF   mov edi,dword ptr ss:[ebp-0xA0]
572564B7    8985 18FFFFFF   mov dword ptr ss:[ebp-0xE8],eax
572564BD    8B85 30FFFFFF   mov eax,dword ptr ss:[ebp-0xD0]
572564C3    8985 20FFFFFF   mov dword ptr ss:[ebp-0xE0],eax
572564C9    8B85 34FFFFFF   mov eax,dword ptr ss:[ebp-0xCC]          ; user32.73DC6B08
572564CF    8D4F 10         lea ecx,dword ptr ds:[edi+0x10]
572564D2    8985 24FFFFFF   mov dword ptr ss:[ebp-0xDC],eax
572564D8    8D85 18FFFFFF   lea eax,dword ptr ss:[ebp-0xE8]
572564DE    50              push eax
572564DF    8995 1CFFFFFF   mov dword ptr ss:[ebp-0xE4],edx
572564E5    E8 564E0000     call WeChatWi.5725B340
572564EA    50              push eax
572564EB    83C0 10         add eax,0x10
572564EE    50              push eax
572564EF    51              push ecx
572564F0    8D85 D0FEFFFF   lea eax,dword ptr ss:[ebp-0x130]
572564F6    50              push eax
572564F7    8D4F 10         lea ecx,dword ptr ds:[edi+0x10]
572564FA    E8 41EBDEFF     call WeChatWi.57045040
572564FF    FF47 18         inc dword ptr ds:[edi+0x18]
57256502    807D EE 00      cmp byte ptr ss:[ebp-0x12],0x0
57256506    0F84 07010000   je WeChatWi.57256613
5725650C    E8 2F83D2FF     call WeChatWi.56F7E840
57256511    6A 00           push 0x0
57256513    6A 01           push 0x1
57256515    6A 01           push 0x1
57256517    6A 0B           push 0xB
57256519    6A 5F           push 0x5F
5725651B    E8 F02F9C00     call WeChatWi.57C19510



接收消息：
基址：56F30000
57284961    8BF8            mov edi,eax
57284963    83C4 04         add esp,0x4
57284966    C707 00000000   mov dword ptr ds:[edi],0x0
5728496C    C747 04 0000000>mov dword ptr ds:[edi+0x4],0x0
57284973    C747 08 0000000>mov dword ptr ds:[edi+0x8],0x0
5728497A    893D 8C5D5658   mov dword ptr ds:[0x58565D8C],edi
57284980    8B77 04         mov esi,dword ptr ds:[edi+0x4]           ; WeChatWi.5771B53E
57284983    F6C3 01         test bl,0x1
57284986    75 2F           jnz short WeChatWi.572849B7
57284988    83CB 01         or ebx,0x1
5728498B    891D 305D5658   mov dword ptr ds:[0x58565D30],ebx
57284991    C745 FC 0200000>mov dword ptr ss:[ebp-0x4],0x2
57284998    E8 4372FFFF     call WeChatWi.5727BBE0
5728499D    68 A0121058     push WeChatWi.581012A0
572849A2    E8 B1599800     call WeChatWi.57C0A358
572849A7    C745 FC FFFFFFF>mov dword ptr ss:[ebp-0x4],-0x1
572849AE    83C4 04         add esp,0x4
572849B1    8B3D 8C5D5658   mov edi,dword ptr ds:[0x58565D8C]
572849B7    85FF            test edi,edi
572849B9    75 26           jnz short WeChatWi.572849E1
572849BB    6A 0C           push 0xC
572849BD    E8 2B569800     call WeChatWi.57C09FED
572849C2    8BF8            mov edi,eax
572849C4    83C4 04         add esp,0x4
572849C7    C707 00000000   mov dword ptr ds:[edi],0x0
572849CD    C747 04 0000000>mov dword ptr ds:[edi+0x4],0x0
572849D4    C747 08 0000000>mov dword ptr ds:[edi+0x8],0x0
572849DB    893D 8C5D5658   mov dword ptr ds:[0x58565D8C],edi
572849E1    8A45 EC         mov al,byte ptr ss:[ebp-0x14]
572849E4    8B0F            mov ecx,dword ptr ds:[edi]
572849E6    8BFE            mov edi,esi
572849E8    8845 F0         mov byte ptr ss:[ebp-0x10],al
572849EB    2BF9            sub edi,ecx
572849ED    8D45 F0         lea eax,dword ptr ss:[ebp-0x10]
572849F0    50              push eax
572849F1    B8 89888888     mov eax,0x88888889
572849F6    F7EF            imul edi
572849F8    03D7            add edx,edi
572849FA    C1FA 08         sar edx,0x8
572849FD    8BC2            mov eax,edx
572849FF    C1E8 1F         shr eax,0x1F
57284A02    03C2            add eax,edx
57284A04    8BD6            mov edx,esi
57284A06    50              push eax
57284A07    E8 D4D0D1FF     call WeChatWi.56FA1AE0
57284A0C    A1 903C5658     mov eax,dword ptr ds:[0x58563C90]
57284A11    83C4 08         add esp,0x8
57284A14    A8 01           test al,0x1
57284A16    75 28           jnz short WeChatWi.57284A40
57284A18    83C8 01         or eax,0x1
57284A1B    A3 903C5658     mov dword ptr ds:[0x58563C90],eax
57284A20    C745 FC 0300000>mov dword ptr ss:[ebp-0x4],0x3
57284A27    E8 943CF3FF     call WeChatWi.571B86C0
57284A2C    68 70590F58     push WeChatWi.580F5970
57284A31    E8 22599800     call WeChatWi.57C0A358
57284A36    83C4 04         add esp,0x4
57284A39    C745 FC FFFFFFF>mov dword ptr ss:[ebp-0x4],-0x1
57284A40    A1 305D5658     mov eax,dword ptr ds:[0x58565D30]
57284A45    A8 01           test al,0x1
57284A47    75 28           jnz short WeChatWi.57284A71
57284A49    83C8 01         or eax,0x1
57284A4C    A3 305D5658     mov dword ptr ds:[0x58565D30],eax
57284A51    C745 FC 0400000>mov dword ptr ss:[ebp-0x4],0x4
57284A58    E8 8371FFFF     call WeChatWi.5727BBE0
57284A5D    68 A0121058     push WeChatWi.581012A0
57284A62    E8 F1589800     call WeChatWi.57C0A358
57284A67    83C4 04         add esp,0x4
57284A6A    C745 FC FFFFFFF>mov dword ptr ss:[ebp-0x4],-0x1
57284A71    A1 8C5D5658     mov eax,dword ptr ds:[0x58565D8C]
57284A76    85C0            test eax,eax
57284A78    75 23           jnz short WeChatWi.57284A9D
57284A7A    6A 0C           push 0xC
57284A7C    E8 6C559800     call WeChatWi.57C09FED
57284A81    83C4 04         add esp,0x4
57284A84    C700 00000000   mov dword ptr ds:[eax],0x0
57284A8A    C740 04 0000000>mov dword ptr ds:[eax+0x4],0x0
57284A91    C740 08 0000000>mov dword ptr ds:[eax+0x8],0x0
57284A98    A3 8C5D5658     mov dword ptr ds:[0x58565D8C],eax
57284A9D    50              push eax
57284A9E    A1 983C5658     mov eax,dword ptr ds:[0x58563C98]
57284AA3    B9 983C5658     mov ecx,WeChatWi.58563C98                ; Hook这行
57284AA8    FF50 08         call dword ptr ds:[eax+0x8]
57284AAB    8B1D 305D5658   mov ebx,dword ptr ds:[0x58565D30]
57284AB1    F6C3 01         test bl,0x1
57284AB4    75 2F           jnz short WeChatWi.57284AE5
57284AB6    83CB 01         or ebx,0x1
57284AB9    891D 305D5658   mov dword ptr ds:[0x58565D30],ebx
57284ABF    C745 FC 0500000>mov dword ptr ss:[ebp-0x4],0x5
57284AC6    E8 1571FFFF     call WeChatWi.5727BBE0
57284ACB    68 A0121058     push WeChatWi.581012A0
57284AD0    E8 83589800     call WeChatWi.57C0A358
57284AD5    C745 FC FFFFFFF>mov dword ptr ss:[ebp-0x4],-0x1
57284ADC    83C4 04         add esp,0x4
57284ADF    8B1D 305D5658   mov ebx,dword ptr ds:[0x58565D30]
57284AE5    8B3D 8C5D5658   mov edi,dword ptr ds:[0x58565D8C]
57284AEB    85FF            test edi,edi
57284AED    75 2C           jnz short WeChatWi.57284B1B
57284AEF    6A 0C           push 0xC
57284AF1    E8 F7549800     call WeChatWi.57C09FED
57284AF6    8B1D 305D5658   mov ebx,dword ptr ds:[0x58565D30]
57284AFC    8BF8            mov edi,eax
57284AFE    83C4 04         add esp,0x4
57284B01    C707 00000000   mov dword ptr ds:[edi],0x0
57284B07    C747 04 0000000>mov dword ptr ds:[edi+0x4],0x0
57284B0E    C747 08 0000000>mov dword ptr ds:[edi+0x8],0x0
57284B15    893D 8C5D5658   mov dword ptr ds:[0x58565D8C],edi
57284B1B    8B47 04         mov eax,dword ptr ds:[edi+0x4]           ; WeChatWi.5771B53E
57284B1E    8B37            mov esi,dword ptr ds:[edi]
57284B20    8945 E8         mov dword ptr ss:[ebp-0x18],eax
57284B23    3BF0            cmp esi,eax
57284B25    74 20           je short WeChatWi.57284B47
57284B27    8BD8            mov ebx,eax
57284B29    0F1F            ???                                      ; 未知命令
57284B2B    8000 00         add byte ptr ds:[eax],0x0
57284B2E    0000            add byte ptr ds:[eax],al
57284B30    8BCE            mov ecx,esi
57284B32    E8 B93DCFFF     call WeChatWi.56F788F0
57284B37    81C6 E0010000   add esi,0x1E0
57284B3D    3BF3            cmp esi,ebx
57284B3F  ^ 75 EF           jnz short WeChatWi.57284B30
57284B41    8B1D 305D5658   mov ebx,dword ptr ds:[0x58565D30]
57284B47    8B07            mov eax,dword ptr ds:[edi]
57284B49    8947 04         mov dword ptr ds:[edi+0x4],eax
57284B4C    F6C3 01         test bl,0x1
57284B4F    75 2F           jnz short WeChatWi.57284B80
57284B51    83CB 01         or ebx,0x1
57284B54    891D 305D5658   mov dword ptr ds:[0x58565D30],ebx
57284B5A    C745 FC 0600000>mov dword ptr ss:[ebp-0x4],0x6
57284B61    E8 7A70FFFF     call WeChatWi.5727BBE0
57284B66    68 A0121058     push WeChatWi.581012A0
57284B6B    E8 E8579800     call WeChatWi.57C0A358
57284B70    C745 FC FFFFFFF>mov dword ptr ss:[ebp-0x4],-0x1
57284B77    83C4 04         add esp,0x4
57284B7A    8B1D 305D5658   mov ebx,dword ptr ds:[0x58565D30]
57284B80    8B3D 905D5658   mov edi,dword ptr ds:[0x58565D90]
57284B86    85FF            test edi,edi
57284B88    75 2C           jnz short WeChatWi.57284BB6
57284B8A    6A 0C           push 0xC
57284B8C    E8 5C549800     call WeChatWi.57C09FED
57284B91    8B1D 305D5658   mov ebx,dword ptr ds:[0x58565D30]
57284B97    8BF8            mov edi,eax
57284B99    83C4 04         add esp,0x4
57284B9C    C707 00000000   mov dword ptr ds:[edi],0x0
57284BA2    C747 04 0000000>mov dword ptr ds:[edi+0x4],0x0
57284BA9    C747 08 0000000>mov dword ptr ds:[edi+0x8],0x0
57284BB0    893D 905D5658   mov dword ptr ds:[0x58565D90],edi
57284BB6    8B4F 04         mov ecx,dword ptr ds:[edi+0x4]           ; WeChatWi.5771B53E
57284BB9    B8 89888888     mov eax,0x88888889
57284BBE    2B0F            sub ecx,dword ptr ds:[edi]
57284BC0    F7E9            imul ecx
57284BC2    03D1            add edx,ecx
57284BC4    C1FA 08         sar edx,0x8
57284BC7    8BC2            mov eax,edx
57284BC9    C1E8 1F         shr eax,0x1F
57284BCC    03C2            add eax,edx
57284BCE    0F84 F7020000   je WeChatWi.57284ECB
57284BD4    F6C3 01         test bl,0x1
57284BD7    75 35           jnz short WeChatWi.57284C0E
57284BD9    83CB 01         or ebx,0x1
57284BDC    891D 305D5658   mov dword ptr ds:[0x58565D30],ebx
57284BE2    C745 FC 0700000>mov dword ptr ss:[ebp-0x4],0x7
57284BE9    E8 F26FFFFF     call WeChatWi.5727BBE0
57284BEE    68 A0121058     push WeChatWi.581012A0
57284BF3    E8 60579800     call WeChatWi.57C0A358
57284BF8    C745 FC FFFFFFF>mov dword ptr ss:[ebp-0x4],-0x1
57284BFF    83C4 04         add esp,0x4
57284C02    8B1D 305D5658   mov ebx,dword ptr ds:[0x58565D30]



登录二维码URL值：
基址：56F30000
57250BEE    CC              int3
57250BEF    CC              int3
57250BF0    56              push esi
57250BF1    8BF1            mov esi,ecx
57250BF3    6A 00           push 0x0
57250BF5    68 949C2958     push WeChatWi.58299C94
57250BFA    8D4E 08         lea ecx,dword ptr ds:[esi+0x8]
57250BFD    C646 04 00      mov byte ptr ds:[esi+0x4],0x0
57250C01    E8 0A18D3FF     call WeChatWi.56F82410                   ; 断点这里，获取ecx的值
57250C06    6A 00           push 0x0
57250C08    68 949C2958     push WeChatWi.58299C94
57250C0D    8D4E 2C         lea ecx,dword ptr ds:[esi+0x2C]
57250C10    C746 28 0000000>mov dword ptr ds:[esi+0x28],0x0
57250C17    E8 F417D3FF     call WeChatWi.56F82410
57250C1C    6A 00           push 0x0
57250C1E    68 949C2958     push WeChatWi.58299C94
57250C23    8D4E 44         lea ecx,dword ptr ds:[esi+0x44]
57250C26    C746 24 0000000>mov dword ptr ds:[esi+0x24],0x0
57250C2D    E8 DE17D3FF     call WeChatWi.56F82410
57250C32    6A 00           push 0x0
57250C34    68 949C2958     push WeChatWi.58299C94
57250C39    8D4E 5C         lea ecx,dword ptr ds:[esi+0x5C]
57250C3C    E8 CF17D3FF     call WeChatWi.56F82410
57250C41    83EC 10         sub esp,0x10
57250C44    C646 74 00      mov byte ptr ds:[esi+0x74],0x0
57250C48    0F1005 E0882958 movups xmm0,dqword ptr ds:[0x582988E0]
57250C4F    8BC4            mov eax,esp
57250C51    BA CC0E3158     mov edx,WeChatWi.58310ECC                ; ASCII "02_manager\QRCodeLoginMgr.cpp"
57250C56    83EC 10         sub esp,0x10
57250C59    B9 02000000     mov ecx,0x2
57250C5E    0F1100          movups dqword ptr ds:[eax],xmm0
57250C61    8BC4            mov eax,esp
57250C63    83EC 10         sub esp,0x10
57250C66    0F1100          movups dqword ptr ds:[eax],xmm0
57250C69    8BC4            mov eax,esp
57250C6B    83EC 10         sub esp,0x10
57250C6E    0F1100          movups dqword ptr ds:[eax],xmm0
57250C71    8BC4            mov eax,esp
57250C73    83EC 10         sub esp,0x10
57250C76    0F1100          movups dqword ptr ds:[eax],xmm0
57250C79    8BC4            mov eax,esp
57250C7B    83EC 10         sub esp,0x10
57250C7E    0F1100          movups dqword ptr ds:[eax],xmm0
57250C81    8BC4            mov eax,esp
57250C83    68 580E3158     push WeChatWi.58310E58                   ; ASCII "qrCodeLogin mgr reset()"
57250C88    68 9C0E3158     push WeChatWi.58310E9C                   ; ASCII "QRCodeLoginMgr"
57250C8D    68 700E3158     push WeChatWi.58310E70                   ; ASCII "QRCodeLoginMgr::reset"
57250C92    6A 45           push 0x45
57250C94    0F1100          movups dqword ptr ds:[eax],xmm0
57250C97    E8 64D41B00     call WeChatWi.5740E100
57250C9C    0F57C0          xorps xmm0,xmm0
57250C9F    83C4 70         add esp,0x70
57250CA2    0F1186 8C000000 movups dqword ptr ds:[esi+0x8C],xmm0
57250CA9    0F1186 9C000000 movups dqword ptr ds:[esi+0x9C],xmm0
57250CB0    C786 AC000000 0>mov dword ptr ds:[esi+0xAC],0x0
57250CBA    5E              pop esi                                  ; user32.73DE4F8A
57250CBB    C3              retn



调用显示登录二维码：
基址：56F30000
57143B20    55              push ebp
57143B21    8BEC            mov ebp,esp
57143B23    6A FF           push -0x1
57143B25    68 280F0358     push WeChatWi.58030F28
57143B2A    64:A1 00000000  mov eax,dword ptr fs:[0]
57143B30    50              push eax
57143B31    83EC 14         sub esp,0x14
57143B34    56              push esi
57143B35    A1 942B4F58     mov eax,dword ptr ds:[0x584F2B94]
57143B3A    33C5            xor eax,ebp
57143B3C    50              push eax
57143B3D    8D45 F4         lea eax,dword ptr ss:[ebp-0xC]
57143B40    64:A3 00000000  mov dword ptr fs:[0],eax
57143B46    8BF1            mov esi,ecx
57143B48    8B8E 54030000   mov ecx,dword ptr ds:[esi+0x354]
57143B4E    85C9            test ecx,ecx
57143B50    0F84 9E000000   je WeChatWi.57143BF4
57143B56    83BE 58030000 0>cmp dword ptr ds:[esi+0x358],0x0
57143B5D    0F84 91000000   je WeChatWi.57143BF4
57143B63    83BE 5C030000 0>cmp dword ptr ds:[esi+0x35C],0x0
57143B6A    0F84 84000000   je WeChatWi.57143BF4
57143B70    83BE 70030000 0>cmp dword ptr ds:[esi+0x370],0x0
57143B77    74 7B           je short WeChatWi.57143BF4
57143B79    6A 01           push 0x1
57143B7B    6A 01           push 0x1
57143B7D    E8 FFFD5F00     call WeChatWi.57743981
57143B82    8B8E 5C030000   mov ecx,dword ptr ds:[esi+0x35C]
57143B88    6A 00           push 0x0
57143B8A    8B01            mov eax,dword ptr ds:[ecx]
57143B8C    FF90 EC000000   call dword ptr ds:[eax+0xEC]
57143B92    8B8E 58030000   mov ecx,dword ptr ds:[esi+0x358]
57143B98    6A 01           push 0x1
57143B9A    6A 00           push 0x0
57143B9C    E8 E0FD5F00     call WeChatWi.57743981
57143BA1    BA 07040000     mov edx,0x407
57143BA6    C686 79030000 0>mov byte ptr ds:[esi+0x379],0x0
57143BAD    8D4D E0         lea ecx,dword ptr ss:[ebp-0x20]
57143BB0    E8 2BC12C00     call WeChatWi.5740FCE0
57143BB5    C745 FC 0000000>mov dword ptr ss:[ebp-0x4],0x0
57143BBC    8B10            mov edx,dword ptr ds:[eax]
57143BBE    85D2            test edx,edx
57143BC0    74 06           je short WeChatWi.57143BC8
57143BC2    66:833A 00      cmp word ptr ds:[edx],0x0
57143BC6    75 05           jnz short WeChatWi.57143BCD
57143BC8    BA 08892958     mov edx,WeChatWi.58298908
57143BCD    8B8E 70030000   mov ecx,dword ptr ds:[esi+0x370]
57143BD3    52              push edx
57143BD4    8B01            mov eax,dword ptr ds:[ecx]
57143BD6    FF50 40         call dword ptr ds:[eax+0x40]
57143BD9    8D4D E0         lea ecx,dword ptr ss:[ebp-0x20]
57143BDC    C745 FC FFFFFFF>mov dword ptr ss:[ebp-0x4],-0x1
57143BE3    E8 B893E3FF     call WeChatWi.56F7CFA0
57143BE8    E8 93C6FFFF     call WeChatWi.57140280                   ; 调用1
57143BED    8BC8            mov ecx,eax
57143BEF    E8 6CDA1000     call WeChatWi.57251660                   ; 调用2
57143BF4    8B4D F4         mov ecx,dword ptr ss:[ebp-0xC]
57143BF7    64:890D 0000000>mov dword ptr fs:[0],ecx
57143BFE    59              pop ecx                                  ; user32.73DE4F8A
57143BFF    5E              pop esi                                  ; user32.73DE4F8A
57143C00    8BE5            mov esp,ebp
57143C02    5D              pop ebp                                  ; user32.73DE4F8A
57143C03    C3              retn


好友列表：
基址：56F30000
573A9EB0    55              push ebp
573A9EB1    8BEC            mov ebp,esp
573A9EB3    6A FF           push -0x1
573A9EB5    68 30C60758     push WeChatWi.5807C630
573A9EBA    64:A1 00000000  mov eax,dword ptr fs:[0]
573A9EC0    50              push eax
573A9EC1    83EC 08         sub esp,0x8
573A9EC4    53              push ebx
573A9EC5    56              push esi
573A9EC6    A1 942B4F58     mov eax,dword ptr ds:[0x584F2B94]
573A9ECB    33C5            xor eax,ebp
573A9ECD    50              push eax
573A9ECE    8D45 F4         lea eax,dword ptr ss:[ebp-0xC]
573A9ED1    64:A3 00000000  mov dword ptr fs:[0],eax
573A9ED7    8BF1            mov esi,ecx
573A9ED9    8D86 B4000000   lea eax,dword ptr ds:[esi+0xB4]
573A9EDF    C745 FC 0000000>mov dword ptr ss:[ebp-0x4],0x0
573A9EE6    50              push eax
573A9EE7    8945 EC         mov dword ptr ss:[ebp-0x14],eax
573A9EEA    C745 F0 0000000>mov dword ptr ss:[ebp-0x10],0x0
573A9EF1    FF15 34A21258   call dword ptr ds:[<&KERNEL32.EnterCriti>; ntdll.RtlEnterCriticalSection
573A9EF7    8D45 08         lea eax,dword ptr ss:[ebp+0x8]
573A9EFA    C645 FC 01      mov byte ptr ss:[ebp-0x4],0x1
573A9EFE    8D9E 84000000   lea ebx,dword ptr ds:[esi+0x84]
573A9F04    50              push eax
573A9F05    8BCB            mov ecx,ebx
573A9F07    E8 847CBDFF     call WeChatWi.56F81B90
573A9F0C    8BF0            mov esi,eax
573A9F0E    3B33            cmp esi,dword ptr ds:[ebx]
573A9F10    74 1F           je short WeChatWi.573A9F31
573A9F12    8B46 10         mov eax,dword ptr ds:[esi+0x10]
573A9F15    85C0            test eax,eax
573A9F17    74 06           je short WeChatWi.573A9F1F
573A9F19    66:8338 00      cmp word ptr ds:[eax],0x0
573A9F1D    75 05           jnz short WeChatWi.573A9F24
573A9F1F    B8 08892958     mov eax,WeChatWi.58298908
573A9F24    50              push eax
573A9F25    8D4D 08         lea ecx,dword ptr ss:[ebp+0x8]
573A9F28    E8 E3540600     call WeChatWi.5740F410                   ; Hook这行，取esi
573A9F2D    85C0            test eax,eax
573A9F2F    79 02           jns short WeChatWi.573A9F33
573A9F31    8B33            mov esi,dword ptr ds:[ebx]
573A9F33    3B33            cmp esi,dword ptr ds:[ebx]
573A9F35    74 10           je short WeChatWi.573A9F47
573A9F37    8B4D 1C         mov ecx,dword ptr ss:[ebp+0x1C]          ; WeChat.00910000
573A9F3A    83C6 28         add esi,0x28
573A9F3D    56              push esi
573A9F3E    E8 CD55BDFF     call WeChatWi.56F7F510
573A9F43    B3 01           mov bl,0x1
573A9F45    EB 02           jmp short WeChatWi.573A9F49
573A9F47    32DB            xor bl,bl
573A9F49    FF75 EC         push dword ptr ss:[ebp-0x14]
573A9F4C    FF15 30A21258   call dword ptr ds:[<&KERNEL32.LeaveCriti>; ntdll.RtlLeaveCriticalSection
573A9F52    8B45 08         mov eax,dword ptr ss:[ebp+0x8]
573A9F55    85C0            test eax,eax
573A9F57    74 10           je short WeChatWi.573A9F69
573A9F59    50              push eax
573A9F5A    E8 D502C600     call WeChatWi.5800A234
573A9F5F    83C4 04         add esp,0x4
573A9F62    C745 08 0000000>mov dword ptr ss:[ebp+0x8],0x0
573A9F69    8B45 14         mov eax,dword ptr ss:[ebp+0x14]
573A9F6C    C745 10 0000000>mov dword ptr ss:[ebp+0x10],0x0
573A9F73    C745 0C 0000000>mov dword ptr ss:[ebp+0xC],0x0
573A9F7A    85C0            test eax,eax
573A9F7C    74 09           je short WeChatWi.573A9F87
573A9F7E    50              push eax
573A9F7F    E8 B002C600     call WeChatWi.5800A234
573A9F84    83C4 04         add esp,0x4
573A9F87    8AC3            mov al,bl
573A9F89    8B4D F4         mov ecx,dword ptr ss:[ebp-0xC]
573A9F8C    64:890D 0000000>mov dword ptr fs:[0],ecx
573A9F93    59              pop ecx                                  ; user32.73DE4F8A
573A9F94    5E              pop esi                                  ; user32.73DE4F8A
573A9F95    5B              pop ebx                                  ; user32.73DE4F8A
573A9F96    8BE5            mov esp,ebp
573A9F98    5D              pop ebp                                  ; user32.73DE4F8A
573A9F99    C2 1800         retn 0x18


退出微信：
基址：0F790000
0FBCF7A0    E5 00           in eax,0x0
0FBCF7A2    0000            add byte ptr ds:[eax],al
0FBCF7A4    006A 0A         add byte ptr ds:[edx+0xA],ch
0FBCF7A7    51              push ecx
0FBCF7A8    50              push eax
0FBCF7A9    66:C745 E9 0000 mov word ptr ss:[ebp-0x17],0x0
0FBCF7AF    E8 D9ADC900     call WeChatWi.1086A58D
0FBCF7B4    83C4 0C         add esp,0xC
0FBCF7B7    8D45 DC         lea eax,dword ptr ss:[ebp-0x24]
0FBCF7BA    8D4D C0         lea ecx,dword ptr ss:[ebp-0x40]
0FBCF7BD    6A FF           push -0x1
0FBCF7BF    6A 00           push 0x0
0FBCF7C1    50              push eax
0FBCF7C2    E8 B9F60900     call WeChatWi.0FC6EE80
0FBCF7C7    6A 01           push 0x1
0FBCF7C9    6A 01           push 0x1
0FBCF7CB    C745 FC 0000000>mov dword ptr ss:[ebp-0x4],0x0
0FBCF7D2    83EC 14         sub esp,0x14
0FBCF7D5    8B7D C0         mov edi,dword ptr ss:[ebp-0x40]
0FBCF7D8    8BCC            mov ecx,esp
0FBCF7DA    8965 D8         mov dword ptr ss:[ebp-0x28],esp
0FBCF7DD    6A FF           push -0x1
0FBCF7DF    C701 00000000   mov dword ptr ds:[ecx],0x0
0FBCF7E5    C741 04 0000000>mov dword ptr ds:[ecx+0x4],0x0
0FBCF7EC    C741 08 0000000>mov dword ptr ds:[ecx+0x8],0x0
0FBCF7F3    57              push edi
0FBCF7F4    C741 0C 0000000>mov dword ptr ds:[ecx+0xC],0x0
0FBCF7FB    C741 10 0000000>mov dword ptr ds:[ecx+0x10],0x0
0FBCF802    E8 A9F80900     call WeChatWi.0FC6F0B0
0FBCF807    C645 FC 01      mov byte ptr ss:[ebp-0x4],0x1
0FBCF80B    A1 1CCDDA10     mov eax,dword ptr ds:[0x10DACD1C]
0FBCF810    A8 01           test al,0x1
0FBCF812    75 22           jnz short WeChatWi.0FBCF836
0FBCF814    83C8 01         or eax,0x1
0FBCF817    A3 1CCDDA10     mov dword ptr ds:[0x10DACD1C],eax
0FBCF81C    C645 FC 02      mov byte ptr ss:[ebp-0x4],0x2
0FBCF820    E8 FBFDEAFF     call WeChatWi.0FA7F620
0FBCF825    68 C04B9510     push WeChatWi.10954BC0
0FBCF82A    E8 29AB8900     call WeChatWi.1046A358
0FBCF82F    83C4 04         add esp,0x4
0FBCF832    C645 FC 01      mov byte ptr ss:[ebp-0x4],0x1
0FBCF836    68 422B0000     push 0x2B42
0FBCF83B    C645 FC 00      mov byte ptr ss:[ebp-0x4],0x0
0FBCF83F    E8 5CFFEAFF     call WeChatWi.0FA7F7A0
0FBCF844    C745 FC FFFFFFF>mov dword ptr ss:[ebp-0x4],-0x1
0FBCF84B    85FF            test edi,edi
0FBCF84D    74 09           je short WeChatWi.0FBCF858
0FBCF84F    57              push edi
0FBCF850    E8 DFA9C900     call WeChatWi.1086A234
0FBCF855    83C4 04         add esp,0x4
0FBCF858    8B45 CC         mov eax,dword ptr ss:[ebp-0x34]
0FBCF85B    85C0            test eax,eax
0FBCF85D    74 09           je short WeChatWi.0FBCF868
0FBCF85F    50              push eax
0FBCF860    E8 CFA9C900     call WeChatWi.1086A234
0FBCF865    83C4 04         add esp,0x4
0FBCF868    8A06            mov al,byte ptr ds:[esi]
0FBCF86A    0F1005 E088AF10 movups xmm0,dqword ptr ds:[0x10AF88E0]
0FBCF871    83EC 10         sub esp,0x10
0FBCF874    BA 082BB910     mov edx,WeChatWi.10B92B08                ; ASCII "03_service\service\AccountService.cpp"
0FBCF879    84C0            test al,al
0FBCF87B    B9 02000000     mov ecx,0x2
0FBCF880    8BC4            mov eax,esp
0FBCF882    0F1100          movups dqword ptr ds:[eax],xmm0
0FBCF885    75 49           jnz short WeChatWi.0FBCF8D0
0FBCF887    83EC 10         sub esp,0x10
0FBCF88A    8BC4            mov eax,esp
0FBCF88C    83EC 10         sub esp,0x10
0FBCF88F    0F1100          movups dqword ptr ds:[eax],xmm0
0FBCF892    8BC4            mov eax,esp
0FBCF894    83EC 10         sub esp,0x10
0FBCF897    0F1100          movups dqword ptr ds:[eax],xmm0
0FBCF89A    8BC4            mov eax,esp
0FBCF89C    83EC 10         sub esp,0x10
0FBCF89F    0F1100          movups dqword ptr ds:[eax],xmm0
0FBCF8A2    8BC4            mov eax,esp
0FBCF8A4    83EC 10         sub esp,0x10
0FBCF8A7    0F1100          movups dqword ptr ds:[eax],xmm0
0FBCF8AA    8BC4            mov eax,esp
0FBCF8AC    68 982AB910     push WeChatWi.10B92A98                   ; ASCII "Already Logout!!"
0FBCF8B1    68 E02AB910     push WeChatWi.10B92AE0                   ; ASCII "AccountService"
0FBCF8B6    68 C82AB910     push WeChatWi.10B92AC8                   ; ASCII "AccountService::logout"
0FBCF8BB    68 5D010000     push 0x15D
0FBCF8C0    0F1100          movups dqword ptr ds:[eax],xmm0
0FBCF8C3    E8 38E80900     call WeChatWi.0FC6E100
0FBCF8C8    83C4 70         add esp,0x70
0FBCF8CB    E9 9F010000     jmp WeChatWi.0FBCFA6F
0FBCF8D0    83EC 10         sub esp,0x10
0FBCF8D3    8BC4            mov eax,esp
0FBCF8D5    83EC 10         sub esp,0x10
0FBCF8D8    0F1100          movups dqword ptr ds:[eax],xmm0
0FBCF8DB    8BC4            mov eax,esp
0FBCF8DD    83EC 10         sub esp,0x10
0FBCF8E0    0F1100          movups dqword ptr ds:[eax],xmm0
0FBCF8E3    8BC4            mov eax,esp
0FBCF8E5    83EC 10         sub esp,0x10
0FBCF8E8    0F1100          movups dqword ptr ds:[eax],xmm0
0FBCF8EB    8BC4            mov eax,esp
0FBCF8ED    83EC 10         sub esp,0x10
0FBCF8F0    807D 08 00      cmp byte ptr ss:[ebp+0x8],0x0
0FBCF8F4    0F1100          movups dqword ptr ds:[eax],xmm0
0FBCF8F7    8BC4            mov eax,esp
0FBCF8F9    0F1100          movups dqword ptr ds:[eax],xmm0
0FBCF8FC    75 23           jnz short WeChatWi.0FBCF921
0FBCF8FE    68 BC2AB910     push WeChatWi.10B92ABC                   ; ASCII "User Logout"
0FBCF903    68 E02AB910     push WeChatWi.10B92AE0                   ; ASCII "AccountService"
0FBCF908    68 C82AB910     push WeChatWi.10B92AC8                   ; ASCII "AccountService::logout"
0FBCF90D    68 63010000     push 0x163
0FBCF912    E8 E9E70900     call WeChatWi.0FC6E100
0FBCF917    83C4 6C         add esp,0x6C
0FBCF91A    E8 01070000     call WeChatWi.0FBD0020                   ; 调用call
0FBCF91F    EB 1C           jmp short WeChatWi.0FBCF93D
0FBCF921    68 EC2BB910     push WeChatWi.10B92BEC                   ; ASCII "Kicked by Srv Logout onLogout(0,0,0)"
0FBCF926    68 E02AB910     push WeChatWi.10B92AE0                   ; ASCII "AccountService"
0FBCF92B    68 C82AB910     push WeChatWi.10B92AC8                   ; ASCII "AccountService::logout"
0FBCF930    68 68010000     push 0x168
0FBCF935    E8 C6E70900     call WeChatWi.0FC6E100
0FBCF93A    83C4 70         add esp,0x70
0FBCF93D    32C0            xor al,al
0FBCF93F    8606            xchg byte ptr ds:[esi],al
0FBCF941    A1 10DEDA10     mov eax,dword ptr ds:[0x10DADE10]
0FBCF946    85C0            test eax,eax
0FBCF948    75 19           jnz short WeChatWi.0FBCF963
0FBCF94A    6A 40           push 0x40
0FBCF94C    E8 9CA68900     call WeChatWi.10469FED
0FBCF951    83C4 04         add esp,0x4
0FBCF954    8945 D8         mov dword ptr ss:[ebp-0x28],eax
0FBCF957    8BC8            mov ecx,eax
0FBCF959    E8 12AD2F00     call WeChatWi.0FECA670
0FBCF95E    A3 10DEDA10     mov dword ptr ds:[0x10DADE10],eax
0FBCF963    8BC8            mov ecx,eax
0FBCF965    E8 56AE2F00     call WeChatWi.0FECA7C0
0FBCF96A    A1 4854DC10     mov eax,dword ptr ds:[0x10DC5448]
0FBCF96F    A8 01           test al,0x1
0FBCF971    75 29           jnz short WeChatWi.0FBCF99C
0FBCF973    83C8 01         or eax,0x1
0FBCF976    A3 4854DC10     mov dword ptr ds:[0x10DC5448],eax
0FBCF97B    51              push ecx
0FBCF97C    C745 FC 0300000>mov dword ptr ss:[ebp-0x4],0x3
0FBCF983    E8 683B3300     call WeChatWi.0FF034F0
0FBCF988    68 90959510     push WeChatWi.10959590
0FBCF98D    E8 C6A98900     call WeChatWi.1046A358
0FBCF992    83C4 04         add esp,0x4
0FBCF995    C745 FC FFFFFFF>mov dword ptr ss:[ebp-0x4],-0x1
0FBCF99C    B9 C845DC10     mov ecx,WeChatWi.10DC45C8
0FBCF9A1    E8 BA5B3300     call WeChatWi.0FF05560
0FBCF9A6    A1 F45DDC10     mov eax,dword ptr ds:[0x10DC5DF4]
0FBCF9AB    A8 01           test al,0x1
0FBCF9AD    75 1C           jnz short WeChatWi.0FBCF9CB
0FBCF9AF    83C8 01         or eax,0x1
0FBCF9B2    C605 F05DDC10 0>mov byte ptr ds:[0x10DC5DF0],0x0
0FBCF9B9    68 801C9610     push WeChatWi.10961C80
0FBCF9BE    A3 F45DDC10     mov dword ptr ds:[0x10DC5DF4],eax
0FBCF9C3    E8 90A98900     call WeChatWi.1046A358
0FBCF9C8    83C4 04         add esp,0x4
0FBCF9CB    833D B8CEDA10 0>cmp dword ptr ds:[0x10DACEB8],0x0
0FBCF9D2    74 1D           je short WeChatWi.0FBCF9F1
0FBCF9D4    803D F05DDC10 0>cmp byte ptr ds:[0x10DC5DF0],0x0
0FBCF9DB    75 14           jnz short WeChatWi.0FBCF9F1
0FBCF9DD    E8 9E4CDCFF     call WeChatWi.0F994680
0FBCF9E2    6A 01           push 0x1
0FBCF9E4    8BC8            mov ecx,eax
0FBCF9E6    8B10            mov edx,dword ptr ds:[eax]
0FBCF9E8    FF12            call dword ptr ds:[edx]
0FBCF9EA    C605 F05DDC10 0>mov byte ptr ds:[0x10DC5DF0],0x1
0FBCF9F1    6A 01           push 0x1
0FBCF9F3    6A 33           push 0x33
0FBCF9F5    E8 A6140600     call WeChatWi.0FC30EA0
0FBCF9FA    8BC8            mov ecx,eax
0FBCF9FC    E8 1F370300     call WeChatWi.0FC03120
0FBCFA01    A1 88CFDA10     mov eax,dword ptr ds:[0x10DACF88]
0FBCFA06    85C0            test eax,eax
0FBCFA08    75 2A           jnz short WeChatWi.0FBCFA34
0FBCFA0A    68 84000000     push 0x84
0FBCFA0F    E8 D9A58900     call WeChatWi.10469FED
0FBCFA14    83C4 04         add esp,0x4
0FBCFA17    8945 D8         mov dword ptr ss:[ebp-0x28],eax
0FBCFA1A    8BC8            mov ecx,eax
0FBCFA1C    C745 FC 0500000>mov dword ptr ss:[ebp-0x4],0x5
0FBCFA23    E8 2889F3FF     call WeChatWi.0FB08350
0FBCFA28    C745 FC FFFFFFF>mov dword ptr ss:[ebp-0x4],-0x1
0FBCFA2F    A3 88CFDA10     mov dword ptr ds:[0x10DACF88],eax
0FBCFA34    51              push ecx
0FBCFA35    6A 00           push 0x0
0FBCFA37    6A 00           push 0x0
0FBCFA39    68 A2020000     push 0x2A2
0FBCFA3E    8BC8            mov ecx,eax
0FBCFA40    E8 CB9CF3FF     call WeChatWi.0FB09710
0FBCFA45    83EC 08         sub esp,0x8
0FBCFA48    E8 D3020000     call WeChatWi.0FBCFD20
0FBCFA4D    A1 30D0DA10     mov eax,dword ptr ds:[0x10DAD030]
0FBCFA52    83C4 08         add esp,0x8
0FBCFA55    85C0            test eax,eax
0FBCFA57    74 11           je short WeChatWi.0FBCFA6A
0FBCFA59    50              push eax



发送xml文章、小程序：
基址：0F780000
0F9E039D    E8 FECBDEFF     call WeChatWi.0F7CCFA0
0F9E03A2    8D95 64FFFFFF   lea edx,dword ptr ss:[ebp-0x9C]
0F9E03A8    8D8D 34FFFFFF   lea ecx,dword ptr ss:[ebp-0xCC]
0F9E03AE    E8 6D032700     call WeChatWi.0FC50720
0F9E03B3    84C0            test al,al
0F9E03B5    75 07           jnz short WeChatWi.0F9E03BE
0F9E03B7    32DB            xor bl,bl
0F9E03B9    E9 31040000     jmp WeChatWi.0F9E07EF
0F9E03BE    6A FF           push -0x1
0F9E03C0    68 0889AE10     push WeChatWi.10AE8908
0F9E03C5    8D8D 78FFFFFF   lea ecx,dword ptr ss:[ebp-0x88]
0F9E03CB    E8 E0E92700     call WeChatWi.0FC5EDB0
0F9E03D0    8D45 A0         lea eax,dword ptr ss:[ebp-0x60]
0F9E03D3    C645 FC 11      mov byte ptr ss:[ebp-0x4],0x11
0F9E03D7    50              push eax
0F9E03D8    8BCE            mov ecx,esi
0F9E03DA    E8 6104E1FF     call WeChatWi.0F7F0840
0F9E03DF    8BD0            mov edx,eax
0F9E03E1    C645 FC 12      mov byte ptr ss:[ebp-0x4],0x12
0F9E03E5    8D8D 50FFFFFF   lea ecx,dword ptr ss:[ebp-0xB0]
0F9E03EB    E8 C0AC2600     call WeChatWi.0FC4B0B0
0F9E03F0    8D4D A0         lea ecx,dword ptr ss:[ebp-0x60]
0F9E03F3    C645 FC 14      mov byte ptr ss:[ebp-0x4],0x14
0F9E03F7    E8 A4CBDEFF     call WeChatWi.0F7CCFA0
0F9E03FC    83BD 54FFFFFF 0>cmp dword ptr ss:[ebp-0xAC],0x0
0F9E0403    0F9EC0          setle al
0F9E0406    84C0            test al,al
0F9E0408    0F85 B2000000   jnz WeChatWi.0F9E04C0
0F9E040E    8D8D 50FFFFFF   lea ecx,dword ptr ss:[ebp-0xB0]
0F9E0414    E8 47F62600     call WeChatWi.0FC4FA60
0F9E0419    84C0            test al,al
0F9E041B    0F84 9F000000   je WeChatWi.0F9E04C0
0F9E0421    E8 9A0DE2FF     call WeChatWi.0F8011C0
0F9E0426    6A 00           push 0x0
0F9E0428    8D85 F0F5FFFF   lea eax,dword ptr ss:[ebp-0xA10]
0F9E042E    50              push eax
0F9E042F    8D85 28FDFFFF   lea eax,dword ptr ss:[ebp-0x2D8]
0F9E0435    50              push eax
0F9E0436    8D45 B4         lea eax,dword ptr ss:[ebp-0x4C]
0F9E0439    50              push eax
0F9E043A    E8 41391E00     call WeChatWi.0FBC3D80
0F9E043F    50              push eax
0F9E0440    8D8D 78FFFFFF   lea ecx,dword ptr ss:[ebp-0x88]
0F9E0446    E8 45F42700     call WeChatWi.0FC5F890
0F9E044B    8D4D B4         lea ecx,dword ptr ss:[ebp-0x4C]
0F9E044E    E8 4DCBDEFF     call WeChatWi.0F7CCFA0
0F9E0453    83BD 6CF6FFFF 0>cmp dword ptr ss:[ebp-0x994],0x6
0F9E045A    75 4F           jnz short WeChatWi.0F9E04AB
0F9E045C    80BE C8010000 0>cmp byte ptr ds:[esi+0x1C8],0x0
0F9E0463    75 19           jnz short WeChatWi.0F9E047E
0F9E0465    8D86 84000000   lea eax,dword ptr ds:[esi+0x84]
0F9E046B    50              push eax
0F9E046C    8D8E DC000000   lea ecx,dword ptr ds:[esi+0xDC]
0F9E0472    E8 B9DB1F00     call WeChatWi.0FBDE030
0F9E0477    C686 C8010000 0>mov byte ptr ds:[esi+0x1C8],0x1
0F9E047E    F686 94010000 0>test byte ptr ds:[esi+0x194],0x1
0F9E0485    74 24           je short WeChatWi.0F9E04AB
0F9E0487    68 2028B510     push WeChatWi.10B52820                   ; UNICODE ".tmp"
0F9E048C    8D8D 78FFFFFF   lea ecx,dword ptr ss:[ebp-0x88]
0F9E0492    E8 B9F02700     call WeChatWi.0FC5F550
0F9E0497    84C0            test al,al
0F9E0499    75 10           jnz short WeChatWi.0F9E04AB
0F9E049B    68 2028B510     push WeChatWi.10B52820                   ; UNICODE ".tmp"
0F9E04A0    8D8D 78FFFFFF   lea ecx,dword ptr ss:[ebp-0x88]
0F9E04A6    E8 85ED2700     call WeChatWi.0FC5F230
0F9E04AB    8D95 78FFFFFF   lea edx,dword ptr ss:[ebp-0x88]
0F9E04B1    8D8D 50FFFFFF   lea ecx,dword ptr ss:[ebp-0xB0]
0F9E04B7    E8 64022700     call WeChatWi.0FC50720
0F9E04BC    84C0            test al,al
0F9E04BE    74 34           je short WeChatWi.0F9E04F4
0F9E04C0    FFB5 6CF6FFFF   push dword ptr ss:[ebp-0x994]            ; ntdll.7708B6F2
0F9E04C6    8D85 78FFFFFF   lea eax,dword ptr ss:[ebp-0x88]
0F9E04CC    50              push eax
0F9E04CD    8D85 64FFFFFF   lea eax,dword ptr ss:[ebp-0x9C]
0F9E04D3    50              push eax
0F9E04D4    8D85 20FFFFFF   lea eax,dword ptr ss:[ebp-0xE0]
0F9E04DA    50              push eax
0F9E04DB    53              push ebx
0F9E04DC    8D95 48F7FFFF   lea edx,dword ptr ss:[ebp-0x8B8]
0F9E04E2    8D8D 28FDFFFF   lea ecx,dword ptr ss:[ebp-0x2D8]
0F9E04E8    E8 D3DDFFFF     call WeChatWi.0F9DE2C0                   ; call1
0F9E04ED    83C4 14         add esp,0x14
0F9E04F0    84C0            test al,al
0F9E04F2    75 07           jnz short WeChatWi.0F9E04FB
0F9E04F4    32DB            xor bl,bl
0F9E04F6    E9 DE020000     jmp WeChatWi.0F9E07D9
0F9E04FB    8D85 0CFFFFFF   lea eax,dword ptr ss:[ebp-0xF4]
0F9E0501    32DB            xor bl,bl
0F9E0503    50              push eax
0F9E0504    8D8D 28FDFFFF   lea ecx,dword ptr ss:[ebp-0x2D8]
0F9E050A    895D CC         mov dword ptr ss:[ebp-0x34],ebx
0F9E050D    E8 2E03E1FF     call WeChatWi.0F7F0840                   ; call2
0F9E0512    8BD0            mov edx,eax
0F9E0514    C645 FC 15      mov byte ptr ss:[ebp-0x4],0x15
0F9E0518    8D4D A0         lea ecx,dword ptr ss:[ebp-0x60]
0F9E051B    E8 90AB2600     call WeChatWi.0FC4B0B0                   ; call3
0F9E0520    8D8D 0CFFFFFF   lea ecx,dword ptr ss:[ebp-0xF4]
0F9E0526    C645 FC 17      mov byte ptr ss:[ebp-0x4],0x17
0F9E052A    E8 71CADEFF     call WeChatWi.0F7CCFA0                   ; call4
0F9E052F    837D A4 00      cmp dword ptr ss:[ebp-0x5C],0x0
0F9E0533    0F9EC0          setle al
0F9E0536    84C0            test al,al
0F9E0538    75 18           jnz short WeChatWi.0F9E0552
0F9E053A    8D4D A0         lea ecx,dword ptr ss:[ebp-0x60]
0F9E053D    E8 1EF52600     call WeChatWi.0FC4FA60                   ; call5
0F9E0542    84C0            test al,al
0F9E0544    0FB6DB          movzx ebx,bl
0F9E0547    B9 01000000     mov ecx,0x1
0F9E054C    0F45D9          cmovne ebx,ecx
0F9E054F    895D CC         mov dword ptr ss:[ebp-0x34],ebx
0F9E0552    8D8D 78FFFFFF   lea ecx,dword ptr ss:[ebp-0x88]
0F9E0558    E8 63482500     call WeChatWi.0FC34DC0                   ; call6
0F9E055D    84C0            test al,al
0F9E055F    75 2E           jnz short WeChatWi.0F9E058F
0F9E0561    8D8D 64FFFFFF   lea ecx,dword ptr ss:[ebp-0x9C]
0F9E0567    E8 54482500     call WeChatWi.0FC34DC0                   ; call6
0F9E056C    84C0            test al,al
0F9E056E    75 1F           jnz short WeChatWi.0F9E058F
0F9E0570    68 A497DA10     push WeChatWi.10DA97A4                   ; 参数
0F9E0575    68 A497DA10     push WeChatWi.10DA97A4
0F9E057A    8AD3            mov dl,bl
0F9E057C    8D8D 28FDFFFF   lea ecx,dword ptr ss:[ebp-0x2D8]
0F9E0582    E8 49DFFFFF     call WeChatWi.0F9DE4D0                   ; call7
0F9E0587    83C4 08         add esp,0x8
0F9E058A    E9 18020000     jmp WeChatWi.0F9E07A7
0F9E058F    8D85 78FFFFFF   lea eax,dword ptr ss:[ebp-0x88]
0F9E0595    50              push eax
0F9E0596    8D4D B4         lea ecx,dword ptr ss:[ebp-0x4C]
0F9E0599    E8 52E82700     call WeChatWi.0FC5EDF0
0F9E059E    C645 FC 18      mov byte ptr ss:[ebp-0x4],0x18
0F9E05A2    E8 39DBE0FF     call WeChatWi.0F7EE0E0
0F9E05A7    E8 24260300     call WeChatWi.0FA12BD0
0F9E05AC    8D4D DC         lea ecx,dword ptr ss:[ebp-0x24]
0F9E05AF    8BF8            mov edi,eax
0F9E05B1    8BF2            mov esi,edx
0F9E05B3    E8 18AE0900     call WeChatWi.0FA7B3D0
0F9E05B8    8BD8            mov ebx,eax
0F9E05BA    56              push esi
0F9E05BB    57              push edi
0F9E05BC    8D4D 8C         lea ecx,dword ptr ss:[ebp-0x74]
0F9E05BF    C645 FC 19      mov byte ptr ss:[ebp-0x4],0x19
0F9E05C3    E8 C8AB0900     call WeChatWi.0FA7B190
0F9E05C8    83C4 08         add esp,0x8
0F9E05CB    8BD0            mov edx,eax
0F9E05CD    8BCB            mov ecx,ebx
0F9E05CF    C645 FC 1A      mov byte ptr ss:[ebp-0x4],0x1A
0F9E05D3    E8 E8EC2700     call WeChatWi.0FC5F2C0
0F9E05D8    50              push eax
0F9E05D9    8BCA            mov ecx,edx
0F9E05DB    E8 E0EC2700     call WeChatWi.0FC5F2C0
0F9E05E0    50              push eax
0F9E05E1    8D4D B4         lea ecx,dword ptr ss:[ebp-0x4C]
0F9E05E4    E8 77F82700     call WeChatWi.0FC5FE60
0F9E05E9    8D4D 8C         lea ecx,dword ptr ss:[ebp-0x74]
0F9E05EC    E8 AFC9DEFF     call WeChatWi.0F7CCFA0
0F9E05F1    8D4D DC         lea ecx,dword ptr ss:[ebp-0x24]
0F9E05F4    C645 FC 18      mov byte ptr ss:[ebp-0x4],0x18
0F9E05F8    E8 A3C9DEFF     call WeChatWi.0F7CCFA0
0F9E05FD    6A 00           push 0x0
0F9E05FF    83EC 14         sub esp,0x14
0F9E0602    8D45 B4         lea eax,dword ptr ss:[ebp-0x4C]
0F9E0605    8BCC            mov ecx,esp
0F9E0607    50              push eax
0F9E0608    E8 E3E72700     call WeChatWi.0FC5EDF0
0F9E060D    8D95 78FFFFFF   lea edx,dword ptr ss:[ebp-0x88]
0F9E0613    8D4D DC         lea ecx,dword ptr ss:[ebp-0x24]
0F9E0616    E8 15562500     call WeChatWi.0FC35C30
0F9E061B    83C4 18         add esp,0x18
0F9E061E    8BC8            mov ecx,eax
0F9E0620    E8 9BEC2700     call WeChatWi.0FC5F2C0
0F9E0625    8D4D DC         lea ecx,dword ptr ss:[ebp-0x24]
0F9E0628    8BF0            mov esi,eax
0F9E062A    E8 71C9DEFF     call WeChatWi.0F7CCFA0
0F9E062F    85F6            test esi,esi
0F9E0631    75 61           jnz short WeChatWi.0F9E0694
0F9E0633    0F1005 E088AE10 movups xmm0,dqword ptr ds:[0x10AE88E0]
0F9E063A    83EC 10         sub esp,0x10
0F9E063D    8BC4            mov eax,esp
0F9E063F    83EC 10         sub esp,0x10
0F9E0642    0F1100          movups dqword ptr ds:[eax],xmm0
0F9E0645    8BC4            mov eax,esp
0F9E0647    83EC 10         sub esp,0x10
0F9E064A    0F1100          movups dqword ptr ds:[eax],xmm0
0F9E064D    8BC4            mov eax,esp
0F9E064F    83EC 10         sub esp,0x10
0F9E0652    0F1100          movups dqword ptr ds:[eax],xmm0
0F9E0655    8BC4            mov eax,esp
0F9E0657    83EC 10         sub esp,0x10
0F9E065A    0F1100          movups dqword ptr ds:[eax],xmm0
0F9E065D    8BC4            mov eax,esp
0F9E065F    83EC 10         sub esp,0x10
0F9E0662    8BCC            mov ecx,esp
0F9E0664    0F1100          movups dqword ptr ds:[eax],xmm0
0F9E0667    8D45 B4         lea eax,dword ptr ss:[ebp-0x4C]
0F9E066A    50              push eax
0F9E066B    E8 D0C0E2FF     call WeChatWi.0F80C740
0F9E0670    68 A82BB510     push WeChatWi.10B52BA8                   ; ASCII "move temp image file fail. %s"
0F9E0675    68 DC27B510     push WeChatWi.10B527DC                   ; ASCII "AppMsgMgr"
0F9E067A    68 002BB510     push WeChatWi.10B52B00                   ; ASCII "AppMsgMgr::forwardAppMsg"
0F9E067F    68 B9050000     push 0x5B9
0F9E0684    BA 2C28B510     mov edx,WeChatWi.10B5282C                ; ASCII "02_manager\AppMsgMgr.cpp"
0F9E0689    8D4E 02         lea ecx,dword ptr ds:[esi+0x2]
0F9E068C    E8 6FDA2700     call WeChatWi.0FC5E100
0F9E0691    83C4 70         add esp,0x70
0F9E0694    8D85 64FFFFFF   lea eax,dword ptr ss:[ebp-0x9C]
0F9E069A    50              push eax




自动收款：
基址：0F790000
0FF3A0E0    55              push ebp
0FF3A0E1    8BEC            mov ebp,esp
0FF3A0E3    6A FF           push -0x1
0FF3A0E5    68 1B7F9010     push WeChatWi.10907F1B
0FF3A0EA    64:A1 00000000  mov eax,dword ptr fs:[0]
0FF3A0F0    50              push eax
0FF3A0F1    83EC 50         sub esp,0x50
0FF3A0F4    A1 942BD510     mov eax,dword ptr ds:[0x10D52B94]
0FF3A0F9    33C5            xor eax,ebp
0FF3A0FB    50              push eax
0FF3A0FC    8D45 F4         lea eax,dword ptr ss:[ebp-0xC]
0FF3A0FF    64:A3 00000000  mov dword ptr fs:[0],eax
0FF3A105    C745 FC 0000000>mov dword ptr ss:[ebp-0x4],0x0
0FF3A10C    0F57C0          xorps xmm0,xmm0
0FF3A10F    C745 C8 0000000>mov dword ptr ss:[ebp-0x38],0x0
0FF3A116    0F1145 A8       movups dqword ptr ss:[ebp-0x58],xmm0
0FF3A11A    C745 CC 0000000>mov dword ptr ss:[ebp-0x34],0x0
0FF3A121    0F1145 B8       movups dqword ptr ss:[ebp-0x48],xmm0
0FF3A125    6A 00           push 0x0
0FF3A127    8D85 38010000   lea eax,dword ptr ss:[ebp+0x138]
0FF3A12D    C645 FC 02      mov byte ptr ss:[ebp-0x4],0x2
0FF3A131    50              push eax
0FF3A132    8D4D DC         lea ecx,dword ptr ss:[ebp-0x24]
0FF3A135    E8 C64DD3FF     call WeChatWi.0FC6EF00
0FF3A13A    8D45 DC         lea eax,dword ptr ss:[ebp-0x24]
0FF3A13D    50              push eax
0FF3A13E    8D4D BC         lea ecx,dword ptr ss:[ebp-0x44]
0FF3A141    E8 4A57D3FF     call WeChatWi.0FC6F890
0FF3A146    8B45 DC         mov eax,dword ptr ss:[ebp-0x24]
0FF3A149    85C0            test eax,eax
0FF3A14B    74 09           je short WeChatWi.0FF3A156
0FF3A14D    50              push eax
0FF3A14E    E8 E1009300     call WeChatWi.1086A234
0FF3A153    83C4 04         add esp,0x4
0FF3A156    8B45 E8         mov eax,dword ptr ss:[ebp-0x18]          ; user32.73DE4F8A
0FF3A159    85C0            test eax,eax
0FF3A15B    74 09           je short WeChatWi.0FF3A166
0FF3A15D    50              push eax
0FF3A15E    E8 D1009300     call WeChatWi.1086A234
0FF3A163    83C4 04         add esp,0x4
0FF3A166    8B45 3C         mov eax,dword ptr ss:[ebp+0x3C]
0FF3A169    85C0            test eax,eax
0FF3A16B    74 06           je short WeChatWi.0FF3A173
0FF3A16D    66:8338 00      cmp word ptr ds:[eax],0x0
0FF3A171    75 05           jnz short WeChatWi.0FF3A178
0FF3A173    B8 0889AF10     mov eax,WeChatWi.10AF8908
0FF3A178    FF75 40         push dword ptr ss:[ebp+0x40]
0FF3A17B    8D4D A8         lea ecx,dword ptr ss:[ebp-0x58]
0FF3A17E    50              push eax
0FF3A17F    E8 2C4FD3FF     call WeChatWi.0FC6F0B0
0FF3A184    8B45 34         mov eax,dword ptr ss:[ebp+0x34]
0FF3A187    83EC 30         sub esp,0x30
0FF3A18A    8945 D0         mov dword ptr ss:[ebp-0x30],eax
0FF3A18D    8BCC            mov ecx,esp
0FF3A18F    8D45 A8         lea eax,dword ptr ss:[ebp-0x58]
0FF3A192    C745 D4 0000000>mov dword ptr ss:[ebp-0x2C],0x0
0FF3A199    50              push eax
0FF3A19A    E8 51000000     call WeChatWi.0FF3A1F0                   ; call1
0FF3A19F    E8 CC000000     call WeChatWi.0FF3A270                   ; call2
0FF3A1A4    83C4 30         add esp,0x30
0FF3A1A7    8D4D A8         lea ecx,dword ptr ss:[ebp-0x58]
0FF3A1AA    E8 D1408CFF     call WeChatWi.0F7FE280
0FF3A1AF    8D4D 08         lea ecx,dword ptr ss:[ebp+0x8]
0FF3A1B2    E8 694F8EFF     call WeChatWi.0F81F120
0FF3A1B7    8B85 4C010000   mov eax,dword ptr ss:[ebp+0x14C]
0FF3A1BD    83F8 10         cmp eax,0x10
0FF3A1C0    72 12           jb short WeChatWi.0FF3A1D4
0FF3A1C2    6A 01           push 0x1
0FF3A1C4    40              inc eax
0FF3A1C5    50              push eax
0FF3A1C6    FFB5 38010000   push dword ptr ss:[ebp+0x138]
0FF3A1CC    E8 EF9989FF     call WeChatWi.0F7D3BC0
0FF3A1D1    83C4 0C         add esp,0xC
0FF3A1D4    8B4D F4         mov ecx,dword ptr ss:[ebp-0xC]
0FF3A1D7    64:890D 0000000>mov dword ptr fs:[0],ecx
0FF3A1DE    59              pop ecx                                  ; user32.73DE4F8A
0FF3A1DF    8BE5            mov esp,ebp
0FF3A1E1    5D              pop ebp                                  ; user32.73DE4F8A
0FF3A1E2    C3              retn



通过名片加好友：
基址：0F790000
0F912FF3    8BCF            mov ecx,edi
0F912FF5    68 CCE2A710     push WeChatWi.10A7E2CC                   ; UNICODE "windowinit"
0F912FFA    E8 81916800     call WeChatWi.0FF9C180
0F912FFF    50              push eax
0F913000    E8 0990F400     call WeChatWi.1085C00E
0F913005    83C4 08         add esp,0x8
0F913008    85C0            test eax,eax
0F91300A    75 0E           jnz short WeChatWi.0F91301A
0F91300C    51              push ecx
0F91300D    8D4E E0         lea ecx,dword ptr ds:[esi-0x20]
0F913010    E8 EB030000     call WeChatWi.0F913400
0F913015    E9 B8030000     jmp WeChatWi.0F9133D2
0F91301A    68 E4E2A710     push WeChatWi.10A7E2E4                   ; UNICODE "click"
0F91301F    8BCF            mov ecx,edi
0F913021    E8 5A916800     call WeChatWi.0FF9C180
0F913026    50              push eax
0F913027    E8 E28FF400     call WeChatWi.1085C00E
0F91302C    83C4 08         add esp,0x8
0F91302F    85C0            test eax,eax
0F913031    0F85 54020000   jnz WeChatWi.0F91328B
0F913037    8B8F 08010000   mov ecx,dword ptr ds:[edi+0x108]
0F91303D    8D95 3CFFFFFF   lea edx,dword ptr ss:[ebp-0xC4]
0F913043    52              push edx
0F913044    8B01            mov eax,dword ptr ds:[ecx]
0F913046    FF50 04         call dword ptr ds:[eax+0x4]
0F913049    68 5037B110     push WeChatWi.10B13750                   ; UNICODE "okbtn"
0F91304E    8BC8            mov ecx,eax
0F913050    E8 2B916800     call WeChatWi.0FF9C180
0F913055    50              push eax
0F913056    E8 B38FF400     call WeChatWi.1085C00E
0F91305B    83C4 08         add esp,0x8
0F91305E    8D8D 3CFFFFFF   lea ecx,dword ptr ss:[ebp-0xC4]
0F913064    85C0            test eax,eax
0F913066    0F94C3          sete bl
0F913069    E8 AB916800     call WeChatWi.0FF9C219
0F91306E    84DB            test bl,bl
0F913070    0F84 8C010000   je WeChatWi.0F913202
0F913076    83BE 44030000 0>cmp dword ptr ds:[esi+0x344],0x0
0F91307D    0F84 57030000   je WeChatWi.0F9133DA
0F913083    6A FF           push -0x1
0F913085    68 0889AF10     push WeChatWi.10AF8908
0F91308A    8D8D 28FFFFFF   lea ecx,dword ptr ss:[ebp-0xD8]
0F913090    E8 1BBD3500     call WeChatWi.0FC6EDB0
0F913095    C745 FC 0000000>mov dword ptr ss:[ebp-0x4],0x0
0F91309C    C745 E4 0000000>mov dword ptr ss:[ebp-0x1C],0x0
0F9130A3    C745 E8 0000000>mov dword ptr ss:[ebp-0x18],0x0
0F9130AA    C745 EC 0000000>mov dword ptr ss:[ebp-0x14],0x0
0F9130B1    8D45 E4         lea eax,dword ptr ss:[ebp-0x1C]
0F9130B4    C645 FC 01      mov byte ptr ss:[ebp-0x4],0x1
0F9130B8    8B8E 44030000   mov ecx,dword ptr ds:[esi+0x344]
0F9130BE    50              push eax
0F9130BF    E8 BCE8F2FF     call WeChatWi.0F841980
0F9130C4    8B4D E8         mov ecx,dword ptr ss:[ebp-0x18]          ; user32.73DE4F8A
0F9130C7    B8 398EE338     mov eax,0x38E38E39
0F9130CC    8B7D E4         mov edi,dword ptr ss:[ebp-0x1C]          ; user32.73DE895C
0F9130CF    2BCF            sub ecx,edi
0F9130D1    F7E9            imul ecx
0F9130D3    C1FA 03         sar edx,0x3
0F9130D6    8BC2            mov eax,edx
0F9130D8    C1E8 1F         shr eax,0x1F
0F9130DB    03C2            add eax,edx
0F9130DD    74 14           je short WeChatWi.0F9130F3
0F9130DF    833F 01         cmp dword ptr ds:[edi],0x1
0F9130E2    75 0F           jnz short WeChatWi.0F9130F3
0F9130E4    8D47 04         lea eax,dword ptr ds:[edi+0x4]
0F9130E7    50              push eax
0F9130E8    8D8D 28FFFFFF   lea ecx,dword ptr ss:[ebp-0xD8]
0F9130EE    E8 EDC13500     call WeChatWi.0FC6F2E0
0F9130F3    8BBD 28FFFFFF   mov edi,dword ptr ss:[ebp-0xD8]
0F9130F9    8D8E 48030000   lea ecx,dword ptr ds:[esi+0x348]
0F9130FF    85FF            test edi,edi
0F913101    74 08           je short WeChatWi.0F91310B
0F913103    66:833F 00      cmp word ptr ds:[edi],0x0
0F913107    8BC7            mov eax,edi
0F913109    75 05           jnz short WeChatWi.0F913110
0F91310B    B8 0889AF10     mov eax,WeChatWi.10AF8908
0F913110    FFB5 2CFFFFFF   push dword ptr ss:[ebp-0xD4]
0F913116    50              push eax
0F913117    E8 94BF3500     call WeChatWi.0FC6F0B0
0F91311C    8D9E 24030000   lea ebx,dword ptr ds:[esi+0x324]
0F913122    8BCB            mov ecx,ebx
0F913124    E8 47E85800     call WeChatWi.0FEA1970
0F913129    84C0            test al,al
0F91312B    74 3A           je short WeChatWi.0F913167
0F91312D    6A 00           push 0x0
0F91312F    8D86 68030000   lea eax,dword ptr ds:[esi+0x368]
0F913135    50              push eax
0F913136    8D4D C4         lea ecx,dword ptr ss:[ebp-0x3C]
0F913139    E8 C2BD3500     call WeChatWi.0FC6EF00
0F91313E    8D45 C4         lea eax,dword ptr ss:[ebp-0x3C]
0F913141    C645 FC 02      mov byte ptr ss:[ebp-0x4],0x2
0F913145    50              push eax
0F913146    8D85 28FFFFFF   lea eax,dword ptr ss:[ebp-0xD8]
0F91314C    50              push eax
0F91314D    53              push ebx
0F91314E    E8 BD5DEFFF     call WeChatWi.0F808F10
0F913153    8BC8            mov ecx,eax
0F913155    E8 36F85800     call WeChatWi.0FEA2990
0F91315A    8D4D C4         lea ecx,dword ptr ss:[ebp-0x3C]
0F91315D    E8 3E9EECFF     call WeChatWi.0F7DCFA0
0F913162    E9 83000000     jmp WeChatWi.0F9131EA
0F913167    83EC 18         sub esp,0x18
0F91316A    8BCC            mov ecx,esp
0F91316C    89A5 24FFFFFF   mov dword ptr ss:[ebp-0xDC],esp
0F913172    68 949CAF10     push WeChatWi.10AF9C94                   ; 参数
0F913177    E8 D4F3ECFF     call WeChatWi.0F7E2550                   ; call1
0F91317C    83EC 18         sub esp,0x18
0F91317F    C645 FC 03      mov byte ptr ss:[ebp-0x4],0x3
0F913183    8D86 68030000   lea eax,dword ptr ds:[esi+0x368]
0F913189    89A5 1CFFFFFF   mov dword ptr ss:[ebp-0xE4],esp
0F91318F    8BCC            mov ecx,esp
0F913191    50              push eax
0F913192    E8 79B7EEFF     call WeChatWi.0F7FE910                   ; call2
0F913197    FFB6 64030000   push dword ptr ds:[esi+0x364]
0F91319D    85FF            test edi,edi
0F91319F    74 06           je short WeChatWi.0F9131A7
0F9131A1    66:833F 00      cmp word ptr ds:[edi],0x0
0F9131A5    75 05           jnz short WeChatWi.0F9131AC
0F9131A7    BF 0889AF10     mov edi,WeChatWi.10AF8908
0F9131AC    83EC 14         sub esp,0x14
0F9131AF    8BCC            mov ecx,esp
0F9131B1    89A5 18FFFFFF   mov dword ptr ss:[ebp-0xE8],esp
0F9131B7    6A FF           push -0x1
0F9131B9    57              push edi
0F9131BA    E8 F1BB3500     call WeChatWi.0FC6EDB0                   ; call3
0F9131BF    FFB6 5C030000   push dword ptr ds:[esi+0x35C]
0F9131C5    83EC 14         sub esp,0x14
0F9131C8    8BCC            mov ecx,esp
0F9131CA    89A5 20FFFFFF   mov dword ptr ss:[ebp-0xE0],esp
0F9131D0    53              push ebx
0F9131D1    E8 1ABC3500     call WeChatWi.0FC6EDF0                   ; call4
0F9131D6    C645 FC 06      mov byte ptr ss:[ebp-0x4],0x6
0F9131DA    E8 41B5ECFF     call WeChatWi.0F7DE720
0F9131DF    8BC8            mov ecx,eax
0F9131E1    C645 FC 01      mov byte ptr ss:[ebp-0x4],0x1
0F9131E5    E8 867D1200     call WeChatWi.0FA3AF70                   ; call5
0F9131EA    8D4D E4         lea ecx,dword ptr ss:[ebp-0x1C]
0F9131ED    E8 2E2AF3FF     call WeChatWi.0F845C20
0F9131F2    8D8D 28FFFFFF   lea ecx,dword ptr ss:[ebp-0xD8]
0F9131F8    E8 A39DECFF     call WeChatWi.0F7DCFA0
0F9131FD    E9 D8010000     jmp WeChatWi.0F9133DA
0F913202    8B8F 08010000   mov ecx,dword ptr ds:[edi+0x108]
0F913208    8D95 3CFFFFFF   lea edx,dword ptr ss:[ebp-0xC4]
0F91320E    52              push edx
0F91320F    8B01            mov eax,dword ptr ds:[ecx]
0F913211    FF50 04         call dword ptr ds:[eax+0x4]
0F913214    68 0421B110     push WeChatWi.10B12104                   ; UNICODE "cancelbtn"
0F913219    8BC8            mov ecx,eax
0F91321B    E8 608F6800     call WeChatWi.0FF9C180
0F913220    50              push eax
0F913221    E8 E88DF400     call WeChatWi.1085C00E
0F913226    83C4 08         add esp,0x8
0F913229    8D8D 3CFFFFFF   lea ecx,dword ptr ss:[ebp-0xC4]
0F91322F    85C0            test eax,eax
0F913231    0F94C3          sete bl
0F913234    E8 E08F6800     call WeChatWi.0FF9C219
0F913239    84DB            test bl,bl
0F91323B    75 3F           jnz short WeChatWi.0F91327C
0F91323D    8B8F 08010000   mov ecx,dword ptr ds:[edi+0x108]
0F913243    8D95 3CFFFFFF   lea edx,dword ptr ss:[ebp-0xC4]
0F913249    52              push edx
0F91324A    8B01            mov eax,dword ptr ds:[ecx]
0F91324C    FF50 04         call dword ptr ds:[eax+0x4]
0F91324F    68 10E3A710     push WeChatWi.10A7E310                   ; UNICODE "closebtn"
0F913254    8BC8            mov ecx,eax
0F913256    E8 258F6800     call WeChatWi.0FF9C180
0F91325B    50              push eax
0F91325C    E8 AD8DF400     call WeChatWi.1085C00E
0F913261    83C4 08         add esp,0x8
0F913264    8D8D 3CFFFFFF   lea ecx,dword ptr ss:[ebp-0xC4]
0F91326A    85C0            test eax,eax
0F91326C    0F94C3          sete bl
0F91326F    E8 A58F6800     call WeChatWi.0FF9C219
0F913274    84DB            test bl,bl
0F913276    0F84 56010000   je WeChatWi.0F9133D2
0F91327C    8B46 E0         mov eax,dword ptr ds:[esi-0x20]          ; WeChatWi.0FFA1459
0F91327F    8D4E E0         lea ecx,dword ptr ds:[esi-0x20]
0F913282    6A 02           push 0x2
0F913284    FF10            call dword ptr ds:[eax]
0F913286    E9 4F010000     jmp WeChatWi.0F9133DA
0F91328B    68 1CE7AF10     push WeChatWi.10AFE71C                   ; UNICODE "textchanged"
0F913290    8BCF            mov ecx,edi
0F913292    E8 E98E6800     call WeChatWi.0FF9C180
0F913297    50              push eax
0F913298    E8 718DF400     call WeChatWi.1085C00E
0F91329D    83C4 08         add esp,0x8
0F9132A0    85C0            test eax,eax
0F9132A2    0F85 2A010000   jnz WeChatWi.0F9133D2
0F9132A8    8B8F 08010000   mov ecx,dword ptr ds:[edi+0x108]
0F9132AE    8D95 3CFFFFFF   lea edx,dword ptr ss:[ebp-0xC4]
0F9132B4    52              push edx
0F9132B5    8B01            mov eax,dword ptr ds:[ecx]
0F9132B7    FF50 04         call dword ptr ds:[eax+0x4]
0F9132BA    68 68EBAF10     push WeChatWi.10AFEB68                   ; UNICODE "contendEdit"
0F9132BF    8BC8            mov ecx,eax
0F9132C1    E8 BA8E6800     call WeChatWi.0FF9C180
0F9132C6    50              push eax
0F9132C7    E8 428DF400     call WeChatWi.1085C00E
0F9132CC    83C4 08         add esp,0x8
0F9132CF    8D8D 3CFFFFFF   lea ecx,dword ptr ss:[ebp-0xC4]
0F9132D5    85C0            test eax,eax
0F9132D7    0F94C3          sete bl
0F9132DA    E8 3A8F6800     call WeChatWi.0FF9C219
0F9132DF    84DB            test bl,bl
0F9132E1    0F84 EB000000   je WeChatWi.0F9133D2
0F9132E7    8B8E 44030000   mov ecx,dword ptr ds:[esi+0x344]
0F9132ED    8D95 3CFFFFFF   lea edx,dword ptr ss:[ebp-0xC4]
0F9132F3    52              push edx
0F9132F4    8B01            mov eax,dword ptr ds:[ecx]
0F9132F6    FF50 3C         call dword ptr ds:[eax+0x3C]
0F9132F9    6A FF           push -0x1
0F9132FB    8BC8            mov ecx,eax
0F9132FD    E8 7E8E6800     call WeChatWi.0FF9C180
0F913302    50              push eax
0F913303    8D8D 28FFFFFF   lea ecx,dword ptr ss:[ebp-0xD8]
0F913309    E8 A2BA3500     call WeChatWi.0FC6EDB0
0F91330E    8D8D 3CFFFFFF   lea ecx,dword ptr ss:[ebp-0xC4]
0F913314    C745 FC 0700000>mov dword ptr ss:[ebp-0x4],0x7



发送附件：
基址：0F790000
0F873291    8BF8            mov edi,eax
0F873293    E8 18B23700     call WeChatWi.0FBEE4B0
0F873298    3BC7            cmp eax,edi
0F87329A    75 4A           jnz short WeChatWi.0F8732E6
0F87329C    3B55 B8         cmp edx,dword ptr ss:[ebp-0x48]
0F87329F    75 45           jnz short WeChatWi.0F8732E6
0F8732A1    E8 9AB5F6FF     call WeChatWi.0F7DE840
0F8732A6    6A 00           push 0x0
0F8732A8    6A 01           push 0x1
0F8732AA    6A 01           push 0x1
0F8732AC    6A 0D           push 0xD
0F8732AE    6A 5F           push 0x5F
0F8732B0    E8 5B62C000     call WeChatWi.10479510
0F8732B5    83C4 14         add esp,0x14
0F8732B8    E8 83B5F6FF     call WeChatWi.0F7DE840
0F8732BD    6A 00           push 0x0
0F8732BF    6A 01           push 0x1
0F8732C1    6A 01           push 0x1
0F8732C3    6A 10           push 0x10
0F8732C5    6A 5F           push 0x5F
0F8732C7    E8 4462C000     call WeChatWi.10479510
0F8732CC    83C4 14         add esp,0x14
0F8732CF    C745 FC FFFFFFF>mov dword ptr ss:[ebp-0x4],-0x1
0F8732D6    8D8D 44FBFFFF   lea ecx,dword ptr ss:[ebp-0x4BC]
0F8732DC    E8 0F56F6FF     call WeChatWi.0F7D88F0
0F8732E1    E9 F3050000     jmp WeChatWi.0F8738D9
0F8732E6    8B7D AC         mov edi,dword ptr ss:[ebp-0x54]
0F8732E9    8B8F 68040000   mov ecx,dword ptr ds:[edi+0x468]
0F8732EF    85C9            test ecx,ecx
0F8732F1    75 04           jnz short WeChatWi.0F8732F7
0F8732F3    B0 01           mov al,0x1
0F8732F5    EB 07           jmp short WeChatWi.0F8732FE
0F8732F7    8B01            mov eax,dword ptr ds:[ecx]
0F8732F9    8B40 24         mov eax,dword ptr ds:[eax+0x24]
0F8732FC    FFD0            call eax
0F8732FE    84C0            test al,al
0F873300    74 67           je short WeChatWi.0F873369
0F873302    8D8D 24FDFFFF   lea ecx,dword ptr ss:[ebp-0x2DC]
0F873308    E8 835CF6FF     call WeChatWi.0F7D8F90
0F87330D    0F57C0          xorps xmm0,xmm0
0F873310    66:C785 04FFFFF>mov word ptr ss:[ebp-0xFC],0x0
0F873319    0F1185 08FFFFFF movups dqword ptr ss:[ebp-0xF8],xmm0
0F873320    C785 18FFFFFF 0>mov dword ptr ss:[ebp-0xE8],0x0
0F87332A    8D85 44FBFFFF   lea eax,dword ptr ss:[ebp-0x4BC]
0F873330    C645 FC 09      mov byte ptr ss:[ebp-0x4],0x9
0F873334    50              push eax
0F873335    8D8D 24FDFFFF   lea ecx,dword ptr ss:[ebp-0x2DC]
0F87333B    C785 1CFFFFFF F>mov dword ptr ss:[ebp-0xE4],-0x1
0F873345    E8 16D6F8FF     call WeChatWi.0F800960
0F87334A    6A 01           push 0x1
0F87334C    8D85 24FDFFFF   lea eax,dword ptr ss:[ebp-0x2DC]
0F873352    C645 FC 0A      mov byte ptr ss:[ebp-0x4],0xA
0F873356    50              push eax
0F873357    8BCF            mov ecx,edi
0F873359    E8 C2100000     call WeChatWi.0F874420
0F87335E    8D8D 24FDFFFF   lea ecx,dword ptr ss:[ebp-0x2DC]
0F873364    E8 C790FBFF     call WeChatWi.0F82C430
0F873369    8D8D 44FBFFFF   lea ecx,dword ptr ss:[ebp-0x4BC]
0F87336F    C745 FC FFFFFFF>mov dword ptr ss:[ebp-0x4],-0x1
0F873376    E8 7555F6FF     call WeChatWi.0F7D88F0
0F87337B    E9 59050000     jmp WeChatWi.0F8738D9
0F873380    53              push ebx
0F873381    8D4D 88         lea ecx,dword ptr ss:[ebp-0x78]
0F873384    E8 67BA3F00     call WeChatWi.0FC6EDF0
0F873389    8D4D 88         lea ecx,dword ptr ss:[ebp-0x78]
0F87338C    C745 FC 0B00000>mov dword ptr ss:[ebp-0x4],0xB
0F873393    E8 C8C63E00     call WeChatWi.0FC5FA60
0F873398    84C0            test al,al
0F87339A    0F84 6A010000   je WeChatWi.0F87350A
0F8733A0    8D8D 50FFFFFF   lea ecx,dword ptr ss:[ebp-0xB0]
0F8733A6    C645 B7 00      mov byte ptr ss:[ebp-0x49],0x0
0F8733AA    E8 B19E3E00     call WeChatWi.0FC5D260
0F8733AF    8B85 50FFFFFF   mov eax,dword ptr ss:[ebp-0xB0]
0F8733B5    85C0            test eax,eax
0F8733B7    74 06           je short WeChatWi.0F8733BF
0F8733B9    66:8338 00      cmp word ptr ds:[eax],0x0
0F8733BD    75 05           jnz short WeChatWi.0F8733C4
0F8733BF    B8 0889AF10     mov eax,WeChatWi.10AF8908
0F8733C4    50              push eax
0F8733C5    8D4D 88         lea ecx,dword ptr ss:[ebp-0x78]
0F8733C8    E8 E3C13F00     call WeChatWi.0FC6F5B0
0F8733CD    0FB64D B7       movzx ecx,byte ptr ss:[ebp-0x49]
0F8733D1    84C0            test al,al
0F8733D3    0F45CF          cmovne ecx,edi
0F8733D6    884D A4         mov byte ptr ss:[ebp-0x5C],cl
0F8733D9    FF75 A4         push dword ptr ss:[ebp-0x5C]
0F8733DC    83EC 14         sub esp,0x14
0F8733DF    8BCC            mov ecx,esp
0F8733E1    8965 B8         mov dword ptr ss:[ebp-0x48],esp
0F8733E4    6A FF           push -0x1
0F8733E6    68 0889AF10     push WeChatWi.10AF8908                   ; 参数
0F8733EB    E8 C0B93F00     call WeChatWi.0FC6EDB0                   ; call1
0F8733F0    83EC 14         sub esp,0x14
0F8733F3    8BCC            mov ecx,esp
0F8733F5    8965 A0         mov dword ptr ss:[ebp-0x60],esp
0F8733F8    53              push ebx
0F8733F9    E8 F2B93F00     call WeChatWi.0FC6EDF0                   ; call2
0F8733FE    83EC 14         sub esp,0x14
0F873401    8BCC            mov ecx,esp
0F873403    8965 9C         mov dword ptr ss:[ebp-0x64],esp
0F873406    FF75 B0         push dword ptr ss:[ebp-0x50]
0F873409    E8 E2B93F00     call WeChatWi.0FC6EDF0                   ; call2
0F87340E    8D85 44FBFFFF   lea eax,dword ptr ss:[ebp-0x4BC]
0F873414    C645 FC 0F      mov byte ptr ss:[ebp-0x4],0xF
0F873418    50              push eax
0F873419    E8 C212F7FF     call WeChatWi.0F7E46E0                   ; call3
0F87341E    8BC8            mov ecx,eax
0F873420    C645 FC 0C      mov byte ptr ss:[ebp-0x4],0xC
0F873424    E8 97B11700     call WeChatWi.0F9EE5C0                   ; call4
0F873429    C645 FC 10      mov byte ptr ss:[ebp-0x4],0x10
0F87342D    E8 BE4B1A00     call WeChatWi.0FA17FF0
0F873432    8BC8            mov ecx,eax
0F873434    E8 77B03700     call WeChatWi.0FBEE4B0
0F873439    8D8D 44FBFFFF   lea ecx,dword ptr ss:[ebp-0x4BC]
0F87343F    8955 B8         mov dword ptr ss:[ebp-0x48],edx
0F873442    8BF8            mov edi,eax
0F873444    E8 67B03700     call WeChatWi.0FBEE4B0
0F873449    3BC7            cmp eax,edi
0F87344B    75 09           jnz short WeChatWi.0F873456
0F87344D    3B55 B8         cmp edx,dword ptr ss:[ebp-0x48]
0F873450    0F84 9E000000   je WeChatWi.0F8734F4
0F873456    8D8D 44FBFFFF   lea ecx,dword ptr ss:[ebp-0x4BC]
0F87345C    E8 4FB03700     call WeChatWi.0FBEE4B0
0F873461    8B7D AC         mov edi,dword ptr ss:[ebp-0x54]
0F873464    8985 64FFFFFF   mov dword ptr ss:[ebp-0x9C],eax
0F87346A    8D85 64FFFFFF   lea eax,dword ptr ss:[ebp-0x9C]
0F873470    50              push eax
0F873471    8995 68FFFFFF   mov dword ptr ss:[ebp-0x98],edx
0F873477    8D8F 40040000   lea ecx,dword ptr ds:[edi+0x440]
0F87347D    E8 3E200000     call WeChatWi.0F8754C0
0F873482    8BCF            mov ecx,edi
0F873484    E8 371F0000     call WeChatWi.0F8753C0
0F873489    84C0            test al,al
0F87348B    74 67           je short WeChatWi.0F8734F4
0F87348D    8D8D 24FDFFFF   lea ecx,dword ptr ss:[ebp-0x2DC]
0F873493    E8 F85AF6FF     call WeChatWi.0F7D8F90
0F873498    0F57C0          xorps xmm0,xmm0
0F87349B    66:C785 04FFFFF>mov word ptr ss:[ebp-0xFC],0x0
0F8734A4    0F1185 08FFFFFF movups dqword ptr ss:[ebp-0xF8],xmm0
0F8734AB    C785 18FFFFFF 0>mov dword ptr ss:[ebp-0xE8],0x0
0F8734B5    8D85 44FBFFFF   lea eax,dword ptr ss:[ebp-0x4BC]
0F8734BB    C645 FC 12      mov byte ptr ss:[ebp-0x4],0x12
0F8734BF    50              push eax
0F8734C0    8D8D 24FDFFFF   lea ecx,dword ptr ss:[ebp-0x2DC]
0F8734C6    C785 1CFFFFFF F>mov dword ptr ss:[ebp-0xE4],-0x1
0F8734D0    E8 8BD4F8FF     call WeChatWi.0F800960
0F8734D5    6A 01           push 0x1
0F8734D7    8D85 24FDFFFF   lea eax,dword ptr ss:[ebp-0x2DC]
0F8734DD    C645 FC 13      mov byte ptr ss:[ebp-0x4],0x13
0F8734E1    50              push eax
0F8734E2    8BCF            mov ecx,edi
0F8734E4    E8 370F0000     call WeChatWi.0F874420
0F8734E9    8D8D 24FDFFFF   lea ecx,dword ptr ss:[ebp-0x2DC]
0F8734EF    E8 3C8FFBFF     call WeChatWi.0F82C430
0F8734F4    8D8D 44FBFFFF   lea ecx,dword ptr ss:[ebp-0x4BC]
0F8734FA    E8 F153F6FF     call WeChatWi.0F7D88F0
0F8734FF    8D8D 50FFFFFF   lea ecx,dword ptr ss:[ebp-0xB0]
0F873505    E8 969AF6FF     call WeChatWi.0F7DCFA0
0F87350A    8D4D 88         lea ecx,dword ptr ss:[ebp-0x78]
0F87350D    C745 FC FFFFFFF>mov dword ptr ss:[ebp-0x4],-0x1
0F873514    E8 879AF6FF     call WeChatWi.0F7DCFA0
0F873519    E9 BB030000     jmp WeChatWi.0F8738D9
0F87351E    8B7D B0         mov edi,dword ptr ss:[ebp-0x50]
0F873521    8BCF            mov ecx,edi
0F873523    E8 A8DE5000     call WeChatWi.0FD813D0
0F873528    84C0            test al,al
0F87352A    0F85 A9030000   jnz WeChatWi.0F8738D9
0F873530    8BCB            mov ecx,ebx
0F873532    E8 29C53E00     call WeChatWi.0FC5FA60
0F873537    84C0            test al,al
0F873539    0F84 9A030000   je WeChatWi.0F8738D9
0F87353F    E8 FCB2F6FF     call WeChatWi.0F7DE840
0F873544    6A 02           push 0x2
0F873546    E8 B5DD2000     call WeChatWi.0FA81300
0F87354B    6A 00           push 0x0
0F87354D    83EC 14         sub esp,0x14
0F873550    8BCC            mov ecx,esp
0F873552    8965 9C         mov dword ptr ss:[ebp-0x64],esp
0F873555    6A FF           push -0x1
0F873557    68 0889AF10     push WeChatWi.10AF8908
0F87355C    E8 4FB83F00     call WeChatWi.0FC6EDB0
0F873561    6A 02           push 0x2
0F873563    83EC 14         sub esp,0x14
0F873566    C745 FC 1400000>mov dword ptr ss:[ebp-0x4],0x14
0F87356D    8BCC            mov ecx,esp
0F87356F    8965 A0         mov dword ptr ss:[ebp-0x60],esp
0F873572    57              push edi
0F873573    E8 78B83F00     call WeChatWi.0FC6EDF0
0F873578    83EC 14         sub esp,0x14
0F87357B    8BCC            mov ecx,esp
0F87357D    8965 B8         mov dword ptr ss:[ebp-0x48],esp
0F873580    6A FF           push -0x1
0F873582    68 0889AF10     push WeChatWi.10AF8908
0F873587    E8 24B83F00     call WeChatWi.0FC6EDB0
0F87358C    83EC 14         sub esp,0x14
0F87358F    8BCC            mov ecx,esp
0F873591    8965 A8         mov dword ptr ss:[ebp-0x58],esp
0F873594    53              push ebx
0F873595    E8 56B83F00     call WeChatWi.0FC6EDF0
0F87359A    C645 FC 17      mov byte ptr ss:[ebp-0x4],0x17
0F87359E    E8 9DDAF9FF     call WeChatWi.0F811040
0F8735A3    8BC8            mov ecx,eax
0F8735A5    C745 FC FFFFFFF>mov dword ptr ss:[ebp-0x4],-0x1
0F8735AC    E8 CF1F1D00     call WeChatWi.0FA45580
0F8735B1    E9 23030000     jmp WeChatWi.0F8738D9
0F8735B6    8B7D B0         mov edi,dword ptr ss:[ebp-0x50]
0F8735B9    8BCF            mov ecx,edi