|
|
Posted on
2009-02-17 16:34
SQH工作室
阅读( 2225)
评论()
收藏
举报
代码:
/**
* @file 2005beta2-IQQData_IQQCore_IDynamicData.txt
*
* @brief 2005beta2-IQQData_IQQCore_IDynamicData.txt,v1.0 2005/09/08 23:58:18 sunwang
*
* QQ的核心接口分析 IQQData IQQCore IDynamicData,主要集中在BasicCtrlDll.dll QQHelperDll.dll,找几个引出函数分析分析
* 如 CreateQQData IsFriendOnline GetFriendQQVer etc... 这些接口除了00 04 08是IUnknown以外,其他只有分析代码了
* void __cdecl CreateQQData(struct IQQData * *)
* int __cdecl IsFriendOnline(struct IQQCore *,unsigned long)[*]
* int __cdecl GetFriendQQData(struct IQQCore *,unsigned long,struct IQQData * *)[*]
* int __cdecl GetCurrentUin(struct IQQCore *,unsigned long *)
* void __cdecl GetCurrentUserData(struct IQQCore *,struct IQQData * *)
* int __cdecl GetFriendStat(struct IQQCore *,unsigned long)
* long __cdecl GetQQDataBuf(struct IQQData *,char const *,class CString &)[*] //<-------刚开始不知道有这个函数,好累
* long __cdecl GetQQDataStr(struct IQQData *,char const *,class CString &)[*] //<-------刚开始不知道有这个函数,好累
*
* 两个问题: 其他的都可以通过上面的函数搞定!
* 1.IQQCore* 哪里得到?
* 1.1 找一个不接口上不需要IQQCore*的函数分析,起内部肯定有引用,看这个引用在哪里,就可以得到了。嘿嘿。
* int __cdecl IsFriend3GUser(unsigned long) //<--------分析太苦难了,自己找苦头
* 1.2 hook一个带IQQCore*为参数的函数,就可以得到了,如
* int __cdecl InitQQShow(struct IQQCore *)[*]
* 1.3 得到IQQCore*指针后,根据需要,拼凑vtbl就可以了
*
* 2.FriendUID 哪里得到? unsigned long 都是uin。tnnd。难点! 和 hook CQQCtrlBarWndEx wndproc一样困难。
* 2.1 总会有函数初始化这个东西,并放在哪里的,要找准函数分析了
* 2.1.1 CQQBarCtrlWndEx,只能依赖这个对象的偏移了,它的某个偏移肯定有uid
* 2.1.2 CQQAllInOneDlg,只能依赖这个对象的偏移了,它的某个偏移肯定有uid。前面分析过CQQAllInStatusBar,上面有拼凑nickname(uid):xxx
* 的代码,可能有用。void __thiscall CAllInOneStatusBar::GenStrShow(void),便宜340h就是!!!。[*]
* 第一次WM_CREATE时候,得到偏移,此时肯定没有uid,以后得到消息就重新取,并增加自定义消息发给窗口来刷新显示了
* 2.2 hook函数拦截参数? 呵呵,不合适。我们要在对话框窗口出来和在CQQBarCtrlWndEx出来的时候,就能得到friend uin,呵呵
*
* @author sunwang<sunwangme@hotmail.com>
*/
/* BasicCtrlDll.dll
.text:10001C05 ; Exported entry 42. ?CreateQQData@@YAXPAPAUIQQData@@@Z
.text:10001C05
.text:10001C05 ; 圹圹圹圹圹圹圹?S U B R O U T I N E 圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹?
.text:10001C05
.text:10001C05
.text:10001C05 ; void __cdecl CreateQQData(struct IQQData * *)
.text:10001C05 public ?CreateQQData@@YAXPAPAUIQQData@@@Z
.text:10001C05 ?CreateQQData@@YAXPAPAUIQQData@@@Z proc near
.text:10001C05
.text:10001C05 arg_0 = dword ptr 8
.text:10001C05
.text:10001C05 push edi
.text:10001C06 mov edi, [esp+arg_0]
.text:10001C0A test edi, edi
.text:10001C0C jz short loc_10001C33
.text:10001C0E push esi
.text:10001C0F mov ecx, offset off_100229E8
.text:10001C14 call ?CreateObject@CRuntimeClass@@QAEPAVCObject@@XZ ; CRuntimeClass::CreateObject(void)
.text:10001C19 mov esi, eax
.text:10001C1B test esi, esi
.text:10001C1D jnz short loc_10001C24
.text:10001C1F call ?AfxThrowMemoryException@@YGXXZ ; AfxThrowMemoryException(void)
.text:10001C24
.text:10001C24 loc_10001C24: ; CODE XREF: CreateQQData(IQQData * *)+18�j
.text:10001C24 push offset clsid_IQQData
.text:10001C29 mov ecx, esi
.text:10001C2B call ?GetInterface@CCmdTarget@@QAEPAUIUnknown@@PBX@Z ; CCmdTarget::GetInterface(void const *)
.text:10001C30 mov [edi], eax ; *(void**)=IQQData*
.text:10001C32 pop esi
.text:10001C33
.text:10001C33 loc_10001C33: ; CODE XREF: CreateQQData(IQQData * *)+7�j
.text:10001C33 pop edi
.text:10001C34 retn
.text:10001C34 ?CreateQQData@@YAXPAPAUIQQData@@@Z endp
*/
/* BasicCtrlDll.dll
.rdata:100229C8 clsid_IQQData db 1Eh ; DATA XREF: CreateQQData(IQQData * *):loc_10001C24�o
.rdata:100229C8 ; GetFriendNetwork(IQQCore *,ulong,int &,ulong &,ulong &,int &)+9A�o ...
.rdata:100229C9 db 3Ah ; :
.rdata:100229CA db 86h ; ?
.rdata:100229CB db 0BAh ; ?
.rdata:100229CC db 79h ; y
.rdata:100229CD db 0C9h ; ?
.rdata:100229CE db 8Ah ; ?
.rdata:100229CF db 49h ; I
.rdata:100229D0 db 97h ; ?
.rdata:100229D1 db 5Ch ; \
.rdata:100229D2 db 0C5h ; ?
.rdata:100229D3 db 0
.rdata:100229D4 db 1Ch
.rdata:100229D5 db 4Fh ; O
.rdata:100229D6 db 31h ; 1
.rdata:100229D7 db 0A3h ; ?
*/
/* BasicCtrlDll.dll
static CLSID clsid_QQData=
{
0xBA863A1E,
0x0C979,
0x498A,
0x97, 0x5C, 0x0C5, 0, 0x1C, 0x4F, 0x31, 0x0A3
};
*/
/* QQHelperDll.dll 怎么使用CreateQQData(IQQData * *)的产生的接口IQQData
.text:60865BD5 loc_60865BD5: ; CODE XREF: sub_60865939+291�j
.text:60865BD5 lea eax, [ebp+8]
.text:60865BD8 push eax
.text:60865BD9 call ?CreateQQData@@YAXPAPAUIQQData@@@Z ; CreateQQData(IQQData * *)
.text:60865BDE mov eax, [ebp+8] ; eax=IQQData*
.text:60865BE1 pop ecx
.text:60865BE2 push dword ptr [ebp-2Ch] ; var_ID
.text:60865BE5 mov ecx, [eax] ; IQQData->vtbl
.text:60865BE7 push offset aId ; param_str_ID
.text:60865BEC push eax ; (IData*)this
.text:60865BED call dword ptr [ecx+20h] ; IQQData->vf_20h(param_str_ID,(void*)&var_ID)
.text:60865BF0 mov eax, [ebp+8] ; eax=IQQData*
.text:60865BF3 lea edx, [ebp-218h] ; var_NUMBER
.text:60865BF9 push edx
.text:60865BFA push offset aNumber ; "NUMBER"
.text:60865BFF mov ecx, [eax]
.text:60865C01 push eax
.text:60865C02 call dword ptr [ecx+20h] ; IQQData->vf_20h(param_str_NUMBER,(void*)&var_NUMBER)
.text:60865C05 mov eax, [ebp+8]
.text:60865C08 lea edx, [ebp-218h]
.text:60865C0E push edx
.text:60865C0F push offset aNumsave ; "NUMSAVE"
.text:60865C14 mov ecx, [eax]
.text:60865C16 push eax
.text:60865C17 call dword ptr [ecx+20h] ; IQQData->vf_20h(param_str_NUMSAVE,(void*)&var_NUMSAVE)
.text:60865C1A mov eax, [ebp+8]
.text:60865C1D lea edx, [ebp-248h]
.text:60865C23 push edx
.text:60865C24 push offset aName ; "NAME"
.text:60865C29 mov ecx, [eax]
.text:60865C2B push eax
.text:60865C2C call dword ptr [ecx+20h] ; IQQData->vf_20h(param_str_NAME,(void*)&var_NAME)
.text:60865C2F mov eax, [ebp+8] ; eax=IQQData*
.text:60865C32 mov esi, eax ; esi=IQQData*
.text:60865C34 mov edi, [eax] ; edi=IQQData*->vtbl
.text:60865C36 lea eax, [ebp-228h] ; var_UIN
.text:60865C3C push eax ; char *
.text:60865C3D call ds:atol
.text:60865C43 pop ecx
.text:60865C44 push eax ; var_UIN
.text:60865C45 push offset aUin ; "UIN"
.text:60865C4A push esi ; (IQQData*)this
.text:60865C4B call dword ptr [edi+18h] ; IQQData*->vf_18h(var_UIN,str_UIN)
.text:60865C4E mov eax, [ebp+8]
.text:60865C51 push dword ptr [ebp-25Ch]
.text:60865C57 mov ecx, [eax]
.text:60865C59 push offset aType ; "TYPE"
.text:60865C5E push eax
.text:60865C5F call dword ptr [ecx+10h] ; IQQData*->vf_10h(str_TYPE,var_TYPE)
.text:60865C62 mov eax, [ebp+8]
.text:60865C65 push dword ptr [ebp-25Bh]
.text:60865C6B mov ecx, [eax]
.text:60865C6D push offset aImage ; "IMAGE"
.text:60865C72 push eax
.text:60865C73 call dword ptr [ecx+10h] ; IQQData*->vf_10h(str_IMAGE,var_IMAGE)
.text:60865C76 mov eax, [ebp+8]
.text:60865C79 push dword ptr [ebp-250h]
.text:60865C7F mov ecx, [eax]
.text:60865C81 push offset aGender ; "GENDER"
.text:60865C86 push eax
.text:60865C87 call dword ptr [ecx+0Ch] ; IQQData*->vf_0ch(str_GENDER,var_GENDER)
.text:60865C8A mov eax, [ebp+8]
.text:60865C8D push dword ptr [ebp-254h]
.text:60865C93 mov ecx, [eax]
.text:60865C95 push offset aFace ; "FACE"
.text:60865C9A push eax
.text:60865C9B call dword ptr [ecx+14h] ; IQQData*->vf_14h(str_FACE,var_FACE)
.text:60865C9E mov eax, [ebp+8]
.text:60865CA1 push dword ptr [ebp-24Ch]
.text:60865CA7 mov ecx, [eax]
.text:60865CA9 push offset aLantype ; "LANTYPE"
.text:60865CAE push eax
.text:60865CAF call dword ptr [ecx+0Ch] ; IQQData*->vf_0ch(str_LANTYPE,var_LANTYPE)
.text:60865CB2 mov eax, [ebp+8]
.text:60865CB5 lea edx, [ebp-1F8h]
.text:60865CBB push edx
.text:60865CBC push offset aNote ; "NOTE"
.text:60865CC1 mov ecx, [eax]
.text:60865CC3 push eax
.text:60865CC4 call dword ptr [ecx+20h]
.text:60865CC7 mov eax, [ebp+8]
.text:60865CCA mov ecx, [eax]
.text:60865CCC lea edx, [ebp-178h]
.text:60865CD2 push edx
.text:60865CD3 push offset aState ; "STATE"
.text:60865CD8 push eax
.text:60865CD9 call dword ptr [ecx+20h]
.text:60865CDC mov eax, [ebp+8]
.text:60865CDF push dword ptr [ebp-0F8h]
.text:60865CE5 mov ecx, [eax]
.text:60865CE7 push offset aGrpclr ; "GRPCLR"
.text:60865CEC push eax
.text:60865CED call dword ptr [ecx+18h]
.text:60865CF0 mov eax, [ebp-34h]
.text:60865CF3 cmp [eax+20h], ebx
.text:60865CF6 mov eax, [ebp+8]
.text:60865CF9 mov ecx, [eax]
.text:60865CFB jz loc_60865E50
.text:60865D01 push dword ptr [ebp-0F4h]
.text:60865D07 push offset aMbltype ; "MBLTYPE"
.text:60865D0C push eax
.text:60865D0D call dword ptr [ecx+1Ch]
.text:60865D10 mov eax, [ebp+8]
.text:60865D13 push dword ptr [ebp-0F0h]
.text:60865D19 mov ecx, [eax]
.text:60865D1B push offset aMbrand ; "MBRAND"
.text:60865D20 push eax
.text:60865D21 call dword ptr [ecx+1Ch]
.text:60865D24 mov eax, [ebp+8]
.text:60865D27 lea edx, [ebp-0ECh]
.text:60865D2D push edx
.text:60865D2E mov ecx, [eax]
.text:60865D30 jmp loc_60865E75
.text:60865D35 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
*/
/* QQHelperDll.dll 怎么使用CreateQQData(IQQData * *)的产生的接口IQQData
ext:6087289F ; Exported entry 352. ?IsFriendOnline@@YAHPAUIQQCore@@K@Z
.text:6087289F
.text:6087289F ; 圹圹圹圹圹圹圹?S U B R O U T I N E 圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹?
.text:6087289F
.text:6087289F
.text:6087289F ; int __cdecl IsFriendOnline(struct IQQCore *,unsigned long)
.text:6087289F public ?IsFriendOnline@@YAHPAUIQQCore@@K@Z
.text:6087289F ?IsFriendOnline@@YAHPAUIQQCore@@K@Z proc near
.text:6087289F ; CODE XREF: IsAllowAddToGAudioChat(ulong,int,HWND__ *)+18F�p
.text:6087289F ; IsAllowAddToInGAudioChat(ulong,ulong,int,HWND__ *)+125�p
.text:6087289F mov eax, offset loc_60895A2C
.text:608728A4 call __EH_prolog
.text:608728A9 push ecx
.text:608728AA push ebx
.text:608728AB xor ebx, ebx
.text:608728AD mov [ebp-10h], ebx ; ebx = 0
.text:608728B0 lea eax, [ebp-10h] ; var_IQQData**
.text:608728B3 mov [ebp-4], ebx
.text:608728B6 push eax ; var_IQQData**
.text:608728B7 push dword ptr [ebp+0Ch] ; arg_QQID
.text:608728BA push dword ptr [ebp+8] ; arg_IQQCore*
.text:608728BD call ?GetFriendQQData@@YAHPAUIQQCore@@KPAPAUIQQData@@@Z ; GetFriendQQData(IQQCore *,ulong,IQQData * *)
.text:608728C2 add esp, 0Ch
.text:608728C5 test eax, eax ; if(IQQData* == NULL)
.text:608728C7 jz short loc_60872933
.text:608728C9 mov [ebp+0Ch], ebx ; arg_QQID = 0
.text:608728CC mov eax, [ebp-10h] ; eax = IQQData*
.text:608728CF lea edx, [ebp+0Ch] ; edx = &arg_QQID,IDynamicData*
.text:608728D2 push edx
.text:608728D3 push offset clsid_IQQData
.text:608728D8 mov ecx, [eax] ; ecx = IQQData*->vtbl
.text:608728DA push offset aQquser_dynamic ; "QQUSER_DYNAMIC_DATA"
.text:608728DF push eax ; (IQQData*)this
.text:608728E0 mov byte ptr [ebp-4], 1 ; *var_4 = 1
.text:608728E4 call dword ptr [ecx+54h] ; IQQData*->vf_54h(str_QQUSER_DYNAMIC_DATA,clsid_IQQData,void*)
.text:608728E7 mov eax, [ebp+0Ch] ; if(IDynamicData* == 0)
.text:608728EA cmp eax, ebx
.text:608728EC jz short loc_60872933
.text:608728EE mov ecx, [eax] ; ecx = IDynamicData*->vtbl
.text:608728F0 lea edx, [ebp+8] ; &var_8
.text:608728F3 push edx
.text:608728F4 push offset aQqdd_status ; "QQDD_STATUS"
.text:608728F9 push eax ; (IDynamicData*)this
.text:608728FA call dword ptr [ecx+38h] ; IDynamicData*->vf_38h(str_QQDD_STATUS,void*)
.text:608728FD cmp dword ptr [ebp+8], 14h ; if(var_8 == 14h)
.text:60872901 mov eax, [ebp+0Ch] ; eax = IDynamicData*
.text:60872904 mov [ebp-4], bl
.text:60872907 jz short loc_60872929
.text:60872909 cmp eax, ebx ; if (IDynamicData* == 0),操,没有优化的代码
.text:6087290B jz short loc_60872913 ; eax = IQQData*
.text:6087290D mov ecx, [eax] ; ecx = IDynamicData*->vtbl
.text:6087290F push eax ; (IDynamicData*)this
.text:60872910 call dword ptr [ecx+8] ; IDynamicData*->vf_08h_Release()
.text:60872913
.text:60872913 loc_60872913: ; CODE XREF: IsFriendOnline(IQQCore *,ulong)+6C�j
.text:60872913 mov eax, [ebp-10h] ; eax = IQQData*
.text:60872916 or dword ptr [ebp-4], 0FFFFFFFFh
.text:6087291A cmp eax, ebx
.text:6087291C jz short loc_60872924
.text:6087291E mov ecx, [eax] ; ecx = IQQData*->vtbl
.text:60872920 push eax ; (IQQData*)this
.text:60872921 call dword ptr [ecx+8] ; IQQData*->vf_08h_Release()
.text:60872924
.text:60872924 loc_60872924: ; CODE XREF: IsFriendOnline(IQQCore *,ulong)+7D�j
.text:60872924 push 1
.text:60872926 pop eax
.text:60872927 jmp short loc_60872946
.text:60872929 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
.text:60872929
.text:60872929 loc_60872929: ; CODE XREF: IsFriendOnline(IQQCore *,ulong)+68�j
.text:60872929 cmp eax, ebx
.text:6087292B jz short loc_60872933
.text:6087292D mov ecx, [eax]
.text:6087292F push eax
.text:60872930 call dword ptr [ecx+8]
.text:60872933
.text:60872933 loc_60872933: ; CODE XREF: IsFriendOnline(IQQCore *,ulong)+28�j
.text:60872933 ; IsFriendOnline(IQQCore *,ulong)+4D�j ...
.text:60872933 mov eax, [ebp-10h]
.text:60872936 or dword ptr [ebp-4], 0FFFFFFFFh
.text:6087293A cmp eax, ebx
.text:6087293C jz short loc_60872944
.text:6087293E mov ecx, [eax]
.text:60872940 push eax
.text:60872941 call dword ptr [ecx+8]
.text:60872944
.text:60872944 loc_60872944: ; CODE XREF: IsFriendOnline(IQQCore *,ulong)+9D�j
.text:60872944 xor eax, eax
.text:60872946
.text:60872946 loc_60872946: ; CODE XREF: IsFriendOnline(IQQCore *,ulong)+88�j
.text:60872946 mov ecx, [ebp-0Ch]
.text:60872949 pop ebx
.text:6087294A mov large fs:0, ecx
.text:60872951 leave
.text:60872952 retn
.text:60872952 ?IsFriendOnline@@YAHPAUIQQCore@@K@Z endp ; sp = 4
*/
/*
.text:6087E8F2 ; Exported entry 349. ?IsFriend3GUser@@YAHK@Z
.text:6087E8F2
.text:6087E8F2 ; 圹圹圹圹圹圹圹?S U B R O U T I N E 圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹?
.text:6087E8F2
.text:6087E8F2
.text:6087E8F2 ; int __cdecl IsFriend3GUser(unsigned long)
.text:6087E8F2 public ?IsFriend3GUser@@YAHK@Z
.text:6087E8F2 ?IsFriend3GUser@@YAHK@Z proc near ; CODE XREF: StartTrayAnimate(IQQCore *)+708�p
.text:6087E8F2 mov eax, offset loc_60897220
.text:6087E8F7 call __EH_prolog
.text:6087E8FC sub esp, 10h
.text:6087E8FF push ebx
.text:6087E900 xor ebx, ebx
.text:6087E902 push esi
.text:6087E903 mov [ebp-18h], ebx
.text:6087E906 mov [ebp-4], ebx
.text:6087E909 call ?AfxGetAppModuleState@@YGPAVAFX_MODULE_STATE@@XZ ; AfxGetAppModuleState(void)
.text:6087E90E mov eax, [eax+4]
.text:6087E911 lea ecx, [ebp-18h]
.text:6087E914 push ecx ; var_IQQData*
.text:6087E915 push dword ptr [ebp+8] ; arg_UIN
.text:6087E918 mov eax, [eax+0D4h]
.text:6087E91E push eax ; IQQCore*
.text:6087E91F call ?GetFriendQQData@@YAHPAUIQQCore@@KPAPAUIQQData@@@Z ; GetFriendQQData(IQQCore *,ulong,IQQData * *)
.text:6087E924 add esp, 0Ch
.text:6087E927 test eax, eax
.text:6087E929 jz loc_6087E9E7
.text:6087E92F mov [ebp-1Ch], ebx
.text:6087E932 mov [ebp-0Dh], bl
.text:6087E935 mov [ebp-14h], ebx
.text:6087E938 mov eax, [ebp-18h]
.text:6087E93B lea edx, [ebp-0Dh]
.text:6087E93E mov esi, offset aQquser_dynamic ; "QQUSER_DYNAMIC_DATA"
.text:6087E943 push edx
.text:6087E944 mov ecx, [eax]
.text:6087E946 push esi
.text:6087E947 push eax
.text:6087E948 mov byte ptr [ebp-4], 1
.text:6087E94C call dword ptr [ecx+70h]
.text:6087E94F test eax, eax
.text:6087E951 jl loc_6087E9D7
.text:6087E957 cmp byte ptr [ebp-0Dh], 8
.text:6087E95B jnz short loc_6087E9D7
.text:6087E95D mov eax, [ebp-14h]
.text:6087E960 cmp eax, ebx
.text:6087E962 jz short loc_6087E96D
.text:6087E964 mov ecx, [eax]
.text:6087E966 push eax
.text:6087E967 call dword ptr [ecx+8]
.text:6087E96A mov [ebp-14h], ebx
.text:6087E96D
.text:6087E96D loc_6087E96D: ; CODE XREF: IsFriend3GUser(ulong)+70�j
.text:6087E96D mov eax, [ebp-18h]
.text:6087E970 lea edx, [ebp-14h]
.text:6087E973 push edx
.text:6087E974 push offset clsid_IQQData
.text:6087E979 mov ecx, [eax]
.text:6087E97B push esi
.text:6087E97C push eax
.text:6087E97D call dword ptr [ecx+54h]
.text:6087E980 test eax, eax
.text:6087E982 jl short loc_6087E9D7
.text:6087E984 mov eax, [ebp-14h]
.text:6087E987 lea edx, [ebp-0Dh]
.text:6087E98A mov esi, offset aQquser_3g_user ; "QQUSER_3G_USERLOGIN"
.text:6087E98F push edx
.text:6087E990 mov ecx, [eax]
.text:6087E992 push esi
.text:6087E993 push eax
.text:6087E994 call dword ptr [ecx+70h]
.text:6087E997 test eax, eax
.text:6087E999 jl short loc_6087E9D7
.text:6087E99B cmp byte ptr [ebp-0Dh], 1
.text:6087E99F jnz short loc_6087E9D7
.text:6087E9A1 mov eax, [ebp-14h]
.text:6087E9A4 lea edx, [ebp-1Ch]
.text:6087E9A7 push edx
.text:6087E9A8 push esi
.text:6087E9A9 mov ecx, [eax]
.text:6087E9AB push eax
.text:6087E9AC call dword ptr [ecx+28h]
.text:6087E9AF mov eax, [ebp-14h]
.text:6087E9B2 mov esi, [ebp-1Ch]
.text:6087E9B5 cmp eax, ebx
.text:6087E9B7 mov [ebp-4], bl
.text:6087E9BA jz short loc_6087E9C2
.text:6087E9BC mov ecx, [eax]
.text:6087E9BE push eax
.text:6087E9BF call dword ptr [ecx+8]
.text:6087E9C2
.text:6087E9C2 loc_6087E9C2: ; CODE XREF: IsFriend3GUser(ulong)+C8�j
.text:6087E9C2 mov eax, [ebp-18h]
.text:6087E9C5 or dword ptr [ebp-4], 0FFFFFFFFh
.text:6087E9C9 cmp eax, ebx
.text:6087E9CB jz short loc_6087E9D3
.text:6087E9CD mov ecx, [eax]
.text:6087E9CF push eax
.text:6087E9D0 call dword ptr [ecx+8]
.text:6087E9D3
.text:6087E9D3 loc_6087E9D3: ; CODE XREF: IsFriend3GUser(ulong)+D9�j
.text:6087E9D3 mov eax, esi
.text:6087E9D5 jmp short loc_6087E9FA
.text:6087E9D7 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
.text:6087E9D7
.text:6087E9D7 loc_6087E9D7: ; CODE XREF: IsFriend3GUser(ulong)+5F�j
.text:6087E9D7 ; IsFriend3GUser(ulong)+69�j ...
.text:6087E9D7 mov eax, [ebp-14h]
.text:6087E9DA mov [ebp-4], bl
.text:6087E9DD cmp eax, ebx
.text:6087E9DF jz short loc_6087E9E7
.text:6087E9E1 mov ecx, [eax]
.text:6087E9E3 push eax
.text:6087E9E4 call dword ptr [ecx+8]
.text:6087E9E7
.text:6087E9E7 loc_6087E9E7: ; CODE XREF: IsFriend3GUser(ulong)+37�j
.text:6087E9E7 ; IsFriend3GUser(ulong)+ED�j
.text:6087E9E7 mov eax, [ebp-18h]
.text:6087E9EA or dword ptr [ebp-4], 0FFFFFFFFh
.text:6087E9EE cmp eax, ebx
.text:6087E9F0 jz short loc_6087E9F8
.text:6087E9F2 mov ecx, [eax]
.text:6087E9F4 push eax
.text:6087E9F5 call dword ptr [ecx+8]
.text:6087E9F8
.text:6087E9F8 loc_6087E9F8: ; CODE XREF: IsFriend3GUser(ulong)+FE�j
.text:6087E9F8 xor eax, eax
.text:6087E9FA
.text:6087E9FA loc_6087E9FA: ; CODE XREF: IsFriend3GUser(ulong)+E3�j
.text:6087E9FA mov ecx, [ebp-0Ch]
.text:6087E9FD pop esi
.text:6087E9FE pop ebx
.text:6087E9FF mov large fs:0, ecx
.text:6087EA06 leave
.text:6087EA07 retn
.text:6087EA07 ?IsFriend3GUser@@YAHK@Z endp ; sp = 4
*/
代码:
/*
* v1.0 2005/09/11 04:34:21
* @author sunwang<sunwangme@hotmail.com>
*
*/
怎么取到聊天对话框上的uin?
CAllInOneDlg出现时候,已经显示了用户的id,这个id怎么来的?
找几个成员函数和构造函数分析分析,争取能不用做offset+symbol来取号码,太老土了。
函数 CAllInOneStatusBar::GenStrShow 太值得分析了
1. 找出 明日帝国(42489549):找个美女过夜 这个东西熟悉哪个类的
1.1 用mfcspy2查对话框
1.2 用ida看vtbl属于哪个类,就搞定,原来是 CAllInOneStatusBar
1.3 看看有什么成员函数可疑,看到了 CAllInOneStatusBar::GenStrShow
1.4 goon....我靠,居然有个 void __thiscall CAllInOneStatusBar::SetUin(unsigned long),这不就是我们要的么,还是
导出函数
1.5 分析代码知道,并不是一定要SetUin的,这样,可能hook有问题。看看CQQAllInOneDlg怎么引用这个函数的。
1.6 随便找了一个引用SetUin的函数,发现 push dword ptr [esi+2B68h],this+2b68=uin,现在看看这个this是不是CAllInOneDlg
1.7 补齐CAllInOneDlg,找到 CQQAllInOneDlg__OnInitDialog,在里面看看有没有 2b68类似的,发现有!!!
并且初始化的时候,[ecx+2b68]已经有了数据
1.8 看来, CAllInOneStatusBar CQQAllInOneDlg是属于某一个对象的子对象,其ecx是相同的,所以,这个ecx应该就是CQQAllInOneDlg。
(char*)CWndFromHandle(hAllInOneDlgWnd)+0x2b68,应该就是uin。现在就是要找这个ecx是哪个的了。一般,是在创建对象的时候,在
构造函数里面给ecx赋值。
1.9 分析CAllInOneDlg_vtbl的引用,找到构造函数CQQAllInOneDlg__constructor。注意,一般只有constructor和destructor才直接访问
vtbl。然后找到new_CQQAllInOneDlg来调用new CQQAllInOneDlg__constructor。对象肯定是在heap里面,肯定先new一个空间,可以看看
大小。
1.10 找到new_CQQAllInOneDlg里面 ecx = new char[2f78],然后CQQAllInOneDlg__constructor,果然呀,ecx = CQQAllInOneDlg。
1.11 (char*)CWndFromHandle(hAllInOneDlgWnd)+0x2b68=uin
2. 总结一下思路
2.1 发现了 CAllInOneStatusBar 包含 明日帝国(42489549):找个美女过夜,里面有uin,希望能找到这个uin
2.2 发现 CAllInOneStatusBar 的SetUin是个导出函数,在QQAllInOne里面找引用的地方,发现了[ecx+2b68]=uin
2.3 要找 ecx 是那个类的实例this?猜想是CAllInOneDlg,就看看CAllInOneDlg的OnInitDialog时候,[ecx+2b68]==uin
2.4 用mfcspy2定位CAllInOneDlg的vtbl的file offset,idapro 找到vtbl修补好vtbl,找到OnInitDialog。用mfcspy2也可以直接看到。
2.5 bp CQQAllInOneDlg__OnInitDialog dd ecx+2b68,发现等于uin。说明ecx起码是CAllInOneDlg的父类this。
2.6 找到CQQAllInOneDlg__constructor 和 new_CQQAllInOneDlg,根据vtbl的引用地址,确定ecx在new_CQQAllInOneDlg里面赋值。
2.7 这样,确定了(char*)CWndFromHandle(hAllInOneDlgWnd)+0x2b68=uin。而CAllInOneStatusBar等都是CQQAllInOneDlg的成员。
3. 方案
3.1 反汇编 QQAllInOne.dll!CQQAllInOneDlg::OnInitDialog(通过mfcspy2找到偏移),找到[ecx+2b68]类似的东西,如下,关键是IsTMFriend。
(char*)CWndFromHandle(hAllInOneDlgWnd)+0x2b68=uin
3.2 或者找 CAllInOneStatusBar::SetUin(ulong)的引用,看看上下文,就知道了
|
代码:
//<---------最快了
3.3 对CRecevDlg一样的处理方式,一般他的offset应该少1000h左右
/* 05beta2
.text:1005B788 push 0
.text:1005B78A mov [eax+48h], esi
.text:1005B78D push dword ptr [esi+2B68h]
.text:1005B793 push dword ptr [esi+2CBCh]
.text:1005B799 call ds:?IsTMFriend@@YAHPAUIQQCore@@KPAH@Z ; IsTMFriend(IQQCore *,ulong,int *)
*/
/* 04II
.text:603C8F75 lea ecx, [esi+17B8h]
.text:603C8F7B push dword ptr [esi+2024h]
.text:603C8F81 call ds:?SetUin@CAllInOneStatusBar@@QAEXK@Z ; CAllInOneStatusBar::SetUin(ulong)
*/
/* 05beta2
.text:1005835F lea ecx, [esi+2228h]
.text:10058365 push dword ptr [esi+2B68h] ; hehe
.text:1005836B call ds:?SetUin@CAllInOneStatusBar@@QAEXK@Z ; CAllInOneStatusBar::SetUin(ulong)
*/
/*CAllInOneStatusBar: 聊天对话框的状态条: 明日帝国(42489549):找个美女过夜
/* mfcspy2:
00030C62(Afx:41b0000:0,id=4367|17255)
HWND: 00030C62
class:02E171C0(CWnd,size=0x40) //<-------大小才40,呵呵,肯定不是2B68h的host
CWnd:CCmdTarget:CObject
[+00]vtbl address=100E187C(QQBaseClassInDll.dll+0E187C) //<-----------vtable,用ida480可以找到,jump file offset 0E187C
[+04]CCmdTarget::m_dwRef=1 //然后就知道,原来这个类叫 CAllInOneStatusBar
[+08]CCmdTarget::m_pOuterUnknown=00000000
[+0C]CCmdTarget::m_xInnerUnknown=00000000
[+10]CCmdTarget::m_xDispatch.m_vtbl=00000000
[+14]CCmdTarget::m_bResultExpected=00000001
[+18]CCmdTarget::m_xConnPtContainer.m_vtbl=00000000
[+1C]CCmdTarget::m_pModuleState=042B39B8
[+20]CWnd::m_hWnd=00030C62
[+24]CWnd::m_hWndOwner=00000000
[+28]CWnd::m_nFlags=00000000
[+2C]CWnd::m_pfnSuper=77D1D4EE
[+30]CWnd::m_nModalResult=00000000
[+34]CWnd::m_pDropTarget=00000000
[+38]CWnd::m_pCtrlCont=00000000
[+3C]CWnd::m_pCtrlSite=00000000
[vtbl+00]GetRuntimeClass =100CCAE2->6BC428F4(MFC42.DLL+0028F4)
[vtbl+04]destructor =1000B147(QQBaseClassInDll.dll+00B147)
[vtbl+08]Serialize =1001DA5C(QQBaseClassInDll.dll+01DA5C)
[vtbl+0C]AssertValid =10037344(QQBaseClassInDll.dll+037344)
[vtbl+10]Dump =1001DA5C(QQBaseClassInDll.dll+01DA5C)
[vtbl+14]OnCmdMsg =100CCADC->6BC4223C(MFC42.DLL+00223C)
[vtbl+18]OnFinalRelease =100CCAD6->6BC54481(MFC42.DLL+014481)
[vtbl+1C]IsInvokeAllowed =100CCAD0->6BC53F13(MFC42.DLL+013F13)
[vtbl+20]GetDispatchIID =100CCACA->6BC47129(MFC42.DLL+007129)
[vtbl+24]GetTypeInfoCount =100CCAC4->6BC417E0(MFC42.DLL+0017E0)
[vtbl+28]GetTypeLibCache =100CCABE->6BC417E0(MFC42.DLL+0017E0)
[vtbl+2C]GetTypeLib =100CCAB8->6BC9E610(MFC42.DLL+05E610)
[vtbl+30]GetMessageMap =1000B260(QQBaseClassInDll.dll+00B260)
[vtbl+34]GetCommandMap =100CCAB2->6BC9E671(MFC42.DLL+05E671)
[vtbl+38]GetDispatchMap =100CCAAC->6BC9E62D(MFC42.DLL+05E62D)
[vtbl+3C]GetConnectionMap =100CCAA6->6BC9E66B(MFC42.DLL+05E66B)
[vtbl+40]GetInterfaceMap =100CCAA0->6BC56A75(MFC42.DLL+016A75)
[vtbl+44]GetEventSinkMap =100CCA9A->6BC9E633(MFC42.DLL+05E633)
[vtbl+48]OnCreateAggregates =100CCA94->6BC41A47(MFC42.DLL+001A47)
[vtbl+4C]GetInterfaceHook =100CCA8E->6BC47129(MFC42.DLL+007129)
[vtbl+50]GetExtraConnectionPoints=100CCA88->6BC47129(MFC42.DLL+007129)
[vtbl+54]GetConnectionHook =100CCA82->6BC47129(MFC42.DLL+007129)
[vtbl+58]PreSubclassWindow =100CCA7C->6BC44444(MFC42.DLL+004444)
[vtbl+5C]Create =100CCA76->6BC4C61A(MFC42.DLL+00C61A)
[vtbl+60]DestroyWindow =100CCA70->6BC45BF6(MFC42.DLL+005BF6)
[vtbl+64]PreCreateWindow =100CCA6A->6BC4DDE8(MFC42.DLL+00DDE8)
[vtbl+68]CalcWindowRect =100CCA64->6BC4DFA8(MFC42.DLL+00DFA8)
[vtbl+6C]OnToolHitTest =100CCA5E->6BC9C2AE(MFC42.DLL+05C2AE)
[vtbl+70]GetScrollBarCtrl =100CCA58->6BC47129(MFC42.DLL+007129)
[vtbl+74]WinHelpA =100CCA52->6BC9C587(MFC42.DLL+05C587)
[vtbl+78]ContinueModal =100CCA4C->6BC56913(MFC42.DLL+016913)
[vtbl+7C]EndModalLoop =100CCA46->6BC56956(MFC42.DLL+016956)
[vtbl+80]OnCommand =100CCA40->6BC4291C(MFC42.DLL+00291C)
[vtbl+84]OnNotify =100CCA3A->6BC43290(MFC42.DLL+003290)
[vtbl+88]GetSuperWndProcAddr =100CCA34->6BC44440(MFC42.DLL+004440)
[vtbl+8C]DoDataExchange =1001DA5C(QQBaseClassInDll.dll+01DA5C)
[vtbl+90]BeginModalState =1000A741(QQBaseClassInDll.dll+00A741)
[vtbl+94]EndModalState =1000A74D(QQBaseClassInDll.dll+00A74D)
[vtbl+98]PreTranslateMessage =100CCA2E->6BC414EF(MFC42.DLL+0014EF)
[vtbl+9C]OnAmbientProperty =100CCA28->6BC9E06A(MFC42.DLL+05E06A)
[vtbl+A0]WindowProc =100CCA22->6BC41CC8(MFC42.DLL+001CC8)
[vtbl+A4]OnWndMsg =100CCA1C->6BC41D0C(MFC42.DLL+001D0C)
[vtbl+A8]DefWindowProcA =100CCA16->6BC420CE(MFC42.DLL+0020CE)
[vtbl+AC]PostNcDestroy =100CCA10->6BC44444(MFC42.DLL+004444)
[vtbl+B0]OnChildNotify =100CCA0A->6BC4271D(MFC42.DLL+00271D)
[vtbl+B4]CheckAutoCenter =100CCA04->6BC41A47(MFC42.DLL+001A47)
[vtbl+B8]IsFrameWnd =100CC9FE->6BC417E0(MFC42.DLL+0017E0)
[vtbl+BC]SetOccDialogInfo =100CC9F8->6BC47129(MFC42.DLL+007129)
message map=100E16F0(QQBaseClassInDll.dll+0E16F0)
msg map entries at 100E16F8(QQBaseClassInDll.dll+0E16F8)
OnMsg:WM_CREATE(0001),func=1000B266(QQBaseClassInDll.dll+00B266)
OnCommand: notifycode=0000 id=0546,func=1000B551(QQBaseClassInDll.dll+00B551)
OnCommand: notifycode=0000 id=32d1,func=1000B518(QQBaseClassInDll.dll+00B518)
OnMsg:WM_ERASEBKGND(0014),func=1000B5A8(QQBaseClassInDll.dll+00B5A8)
OnMsg:0D5E,func=1000B593(QQBaseClassInDll.dll+00B593)
OnCommand: notifycode=0000 id=3331,func=1000CB56(QQBaseClassInDll.dll+00CB56)
OnMsg:WM_SIZE(0005),func=1000B3B8(QQBaseClassInDll.dll+00B3B8)
OnMsg:WM_TIMER(0113),func=1000C9FB(QQBaseClassInDll.dll+00C9FB)
OnNotify: notifycode=fd2e id=0547,func=1000C33E(QQBaseClassInDll.dll+00C33E)
*/
/*CAllInOneStatusBar::GenStrShow(void)
.text:1000B8A3 ; public: void __thiscall CAllInOneStatusBar::GenStrShow(void)
.text:1000B8A3 public ?GenStrShow@CAllInOneStatusBar@@QAEXXZ
.text:1000B8A3 ?GenStrShow@CAllInOneStatusBar@@QAEXXZ proc near
.text:1000B8A3 ; CODE XREF: CAllInOneStatusBar::SetName(CString,CString)+4Dp
.text:1000B8A3 ; CAllInOneStatusBar::SetStatus(CString)+22p ...
.text:1000B8A3
.text:1000B8A3 Rect = tagRECT ptr -10h
.text:1000B8A3
.text:1000B8A3 sub esp, 10h
.text:1000B8A6 push ebx
.text:1000B8A7 push ebp
.text:1000B8A8 push esi
.text:1000B8A9 mov esi, ecx ; ecx-->this-->esi
.text:1000B8AB xor ebp, ebp
.text:1000B8AD push edi
.text:1000B8AE mov ecx, [esi+340h] ;//<-----------偏移340h就是uin,很有用!!!!!!!!!!!!
.text:1000B8B4 mov ebx, offset aS_0 ; "%s"
.text:1000B8B9 cmp ecx, ebp
.text:1000B8BB jz short loc_1000B90B
.text:1000B8BD cmp [esi+354h], ebp
.text:1000B8C3 jz short loc_1000B90B
.text:1000B8C5 mov edx, [esi+20Ch]
.text:1000B8CB lea eax, [esi+20Ch]
.text:1000B8D1 lea edi, [esi+338h]
.text:1000B8D7 cmp [edx-8], ebp
.text:1000B8DA jle short loc_1000B8F4
.text:1000B8DC push edx ; friendly name
.text:1000B8DD push ecx ; uin
.text:1000B8DE push dword ptr [esi+214h] ; nickname
.text:1000B8E4 push offset aSDS ; "%s(%d): %s"
.text:1000B8E9 push edi ; m_strStatusBarString
.text:1000B8EA call ?Format@CString@@QAAXPBDZZ ; CString::Format(char const *,...)
.text:1000B8EF add esp, 14h
.text:1000B8F2 jmp short loc_1000B921
.text:1000B8F4 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
.text:1000B8F4
.text:1000B8F4 loc_1000B8F4: ; CODE XREF: CAllInOneStatusBar::GenStrShow(void)+37j
.text:1000B8F4 push ecx
.text:1000B8F5 push dword ptr [esi+214h]
.text:1000B8FB push offset aSD ; "%s(%d)"
.text:1000B900 push edi
.text:1000B901 call ?Format@CString@@QAAXPBDZZ ; CString::Format(char const *,...)
.text:1000B906 add esp, 10h
.text:1000B909 jmp short loc_1000B921
.text:1000B90B ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
.text:1000B90B
.text:1000B90B loc_1000B90B: ; CODE XREF: CAllInOneStatusBar::GenStrShow(void)+18j
.text:1000B90B ; CAllInOneStatusBar::GenStrShow(void)+20j
.text:1000B90B push dword ptr [esi+214h]
.text:1000B911 lea edi, [esi+338h]
.text:1000B917 push ebx
.text:1000B918 push edi
.text:1000B919 call ?Format@CString@@QAAXPBDZZ ; CString::Format(char const *,...)
.text:1000B91E add esp, 0Ch
.text:1000B921
.text:1000B921 loc_1000B921: ; CODE XREF: CAllInOneStatusBar::GenStrShow(void)+4Fj
.text:1000B921 ; CAllInOneStatusBar::GenStrShow(void)+66j
.text:1000B921 cmp [esi+354h], ebp
.text:1000B927 jnz short loc_1000B96B
.text:1000B929 mov ecx, [esi+20Ch]
.text:1000B92F lea eax, [esi+20Ch]
.text:1000B935 cmp [ecx-8], ebp
.text:1000B938 jle short loc_1000B951
.text:1000B93A push ecx
.text:1000B93B push dword ptr [esi+214h]
.text:1000B941 push offset aSS ; "%s: %s"
.text:1000B946 push edi
.text:1000B947 call ?Format@CString@@QAAXPBDZZ ; CString::Format(char const *,...)
.text:1000B94C add esp, 10h
.text:1000B94F jmp short loc_1000B961
.text:1000B951 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
.text:1000B951
.text:1000B951 loc_1000B951: ; CODE XREF: CAllInOneStatusBar::GenStrShow(void)+95j
.text:1000B951 push dword ptr [esi+214h]
.text:1000B957 push ebx
.text:1000B958 push edi
.text:1000B959 call ?Format@CString@@QAAXPBDZZ ; CString::Format(char const *,...)
.text:1000B95E add esp, 0Ch
.text:1000B961
.text:1000B961 loc_1000B961: ; CODE XREF: CAllInOneStatusBar::GenStrShow(void)+ACj
.text:1000B961 mov dword ptr [esi+80h], 1
.text:1000B96B
.text:1000B96B loc_1000B96B: ; CODE XREF: CAllInOneStatusBar::GenStrShow(void)+84j
.text:1000B96B mov eax, [esi+334h]
.text:1000B971 lea edi, [esi+334h]
.text:1000B977 cmp eax, ebp
.text:1000B979 jz short loc_1000B984
.text:1000B97B push eax
.text:1000B97C call ??3@YAXPAX@Z ; operator delete(void *)
.text:1000B981 pop ecx
.text:1000B982 mov [edi], ebp
.text:1000B984
.text:1000B984 loc_1000B984: ; CODE XREF: CAllInOneStatusBar::GenStrShow(void)+D6j
.text:1000B984 mov ecx, esi
.text:1000B986 call ?SplitStrShow@CAllInOneStatusBar@@IAEHXZ ; CAllInOneStatusBar::SplitStrShow(void)
.text:1000B98B push dword ptr [esi+20h] ; hWnd
.text:1000B98E mov ebx, eax
.text:1000B990 call ds:GetParent
.text:1000B996 push eax
.text:1000B997 call ?FromHandle@CWnd@@SGPAV1@PAUHWND__@@@Z ; CWnd::FromHandle(HWND__ *)
.text:1000B99C mov edi, eax
.text:1000B99E lea eax, [esp+20h+Rect]
.text:1000B9A2 push eax ; lpRect
.text:1000B9A3 push dword ptr [esi+20h] ; hWnd
.text:1000B9A6 call ds:GetWindowRect
.text:1000B9AC cmp ebx, ebp
.text:1000B9AE lea eax, [esi+210h]
.text:1000B9B4 jz short loc_1000B9C7
.text:1000B9B6 cmp dword ptr [eax], 18h
.text:1000B9B9 jnz short loc_1000B9E4
.text:1000B9BB push 18h
.text:1000B9BD mov dword ptr [eax], 24h
.text:1000B9C3 push 24h
.text:1000B9C5 jmp short loc_1000B9D6
.text:1000B9C7 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
.text:1000B9C7
.text:1000B9C7 loc_1000B9C7: ; CODE XREF: CAllInOneStatusBar::GenStrShow(void)+111j
.text:1000B9C7 cmp dword ptr [eax], 24h
.text:1000B9CA jnz short loc_1000B9E4
.text:1000B9CC push 24h ; lParam
.text:1000B9CE mov dword ptr [eax], 18h
.text:1000B9D4 push 18h ; wParam
.text:1000B9D6
.text:1000B9D6 loc_1000B9D6: ; CODE XREF: CAllInOneStatusBar::GenStrShow(void)+122j
.text:1000B9D6 push 920h ; Msg
.text:1000B9DB push dword ptr [edi+20h] ; hWnd
.text:1000B9DE call ds:SendMessageA
.text:1000B9E4
.text:1000B9E4 loc_1000B9E4: ; CODE XREF: CAllInOneStatusBar::GenStrShow(void)+116j
.text:1000B9E4 ; CAllInOneStatusBar::GenStrShow(void)+127j
.text:1000B9E4 pop edi
.text:1000B9E5 pop esi
.text:1000B9E6 pop ebp
.text:1000B9E7 pop ebx
.text:1000B9E8 add esp, 10h
.text:1000B9EB retn
.text:1000B9EB ?GenStrShow@CAllInOneStatusBar@@QAEXXZ endp
*/
/*
HWND: 00100B02
class:02C8F6E8(CQQAllInOneDlg,size=0x2e78)
CQQAllInOneDlg:CDialog:CWnd:CCmdTarget:CObject
[+00]vtbl address=03EF26C0(QQAllInOne.dll+0D26C0) //<-----------vtable,用ida480可以找到,jump file offset 0de6c0。windbg反汇编不好
[+04]CCmdTarget::m_dwRef=1 // idapro对mfc的vtbl识别不好,使用mfcspy2的vtbl,将 vtbl的sub_xxx改名。
[+08]CCmdTarget::m_pOuterUnknown=00000000
[+0C]CCmdTarget::m_xInnerUnknown=00000000
[+10]CCmdTarget::m_xDispatch.m_vtbl=00000000
[+14]CCmdTarget::m_bResultExpected=00000001
[+18]CCmdTarget::m_xConnPtContainer.m_vtbl=00000000
[+1C]CCmdTarget::m_pModuleState=03F239B8
[+20]CWnd::m_hWnd=00100B02
[+24]CWnd::m_hWndOwner=00000000
[+28]CWnd::m_nFlags=00000110
[+2C]CWnd::m_pfnSuper=77D3E54F
[+30]CWnd::m_nModalResult=FFFFFFFF
[+34]CWnd::m_pDropTarget=02CA4B68
[+38]CWnd::m_pCtrlCont=00000000
[+3C]CWnd::m_pCtrlSite=00000000
[+40]CDialog::m_nIDHelp=00001B67
[+44]CDialog::m_lpszTemplateName=00001B67
[+48]CDialog::m_hDialogTemplate=00000000
[+4C]CDialog::m_lpDialogTemplate=00000000
[+50]CDialog::m_lpDialogInit=00000000
[+54]CDialog::m_pParentWnd=(CWnd*)00000000
[+58]CDialog::m_hWndTop=(HWND)00000000
[+5C]CDialog::m_pOccDialogInfo=00000000
[vtbl+00]GetRuntimeClass =03E77204(QQAllInOne.dll+057204)
[vtbl+04]destructor =03E77848(QQAllInOne.dll+057848)
[vtbl+08]Serialize =03E21DA3(QQAllInOne.dll+001DA3)
[vtbl+0C]AssertValid =03E21DA6(QQAllInOne.dll+001DA6)
[vtbl+10]Dump =03E21DA3(QQAllInOne.dll+001DA3)
[vtbl+14]OnCmdMsg =03ECE272->6BC48FAA(MFC42.DLL+008FAA)
[vtbl+18]OnFinalRelease =03ECE236->6BC54481(MFC42.DLL+014481)
[vtbl+1C]IsInvokeAllowed =03ECE230->6BC53F13(MFC42.DLL+013F13)
[vtbl+20]GetDispatchIID =03ECE22A->6BC47129(MFC42.DLL+007129)
[vtbl+24]GetTypeInfoCount =03ECE224->6BC417E0(MFC42.DLL+0017E0)
[vtbl+28]GetTypeLibCache =03ECE21E->6BC417E0(MFC42.DLL+0017E0)
[vtbl+2C]GetTypeLib =03ECE218->6BC9E610(MFC42.DLL+05E610)
[vtbl+30]GetMessageMap =03E787AB(QQAllInOne.dll+0587AB)
[vtbl+34]GetCommandMap =03ECE20C->6BC9E671(MFC42.DLL+05E671)
[vtbl+38]GetDispatchMap =03ECE206->6BC9E62D(MFC42.DLL+05E62D)
[vtbl+3C]GetConnectionMap =03ECE200->6BC9E66B(MFC42.DLL+05E66B)
[vtbl+40]GetInterfaceMap =03E787B1(QQAllInOne.dll+0587B1)
[vtbl+44]GetEventSinkMap =03ECE1F4->6BC9E633(MFC42.DLL+05E633)
[vtbl+48]OnCreateAggregates =03ECE1EE->6BC41A47(MFC42.DLL+001A47)
[vtbl+4C]GetInterfaceHook =03ECE1E8->6BC47129(MFC42.DLL+007129)
[vtbl+50]GetExtraConnectionPoints=03ECE1E2->6BC47129(MFC42.DLL+007129)
[vtbl+54]GetConnectionHook =03ECE1DC->6BC47129(MFC42.DLL+007129)
[vtbl+58]PreSubclassWindow =03ECE1D6->6BC44444(MFC42.DLL+004444)
[vtbl+5C]Create =03ECE28A->6BC4C61A(MFC42.DLL+00C61A)
[vtbl+60]DestroyWindow =03ECE1D0->6BC45BF6(MFC42.DLL+005BF6)
[vtbl+64]PreCreateWindow =03ECE1CA->6BC4DDE8(MFC42.DLL+00DDE8)
[vtbl+68]CalcWindowRect =03ECE1C4->6BC4DFA8(MFC42.DLL+00DFA8)
[vtbl+6C]OnToolHitTest =03ECE1BE->6BC9C2AE(MFC42.DLL+05C2AE)
[vtbl+70]GetScrollBarCtrl =03ECE1B8->6BC47129(MFC42.DLL+007129)
[vtbl+74]WinHelpA =03ECE1B2->6BC9C587(MFC42.DLL+05C587)
[vtbl+78]ContinueModal =03ECE1AC->6BC56913(MFC42.DLL+016913)
[vtbl+7C]EndModalLoop =03ECE1A6->6BC56956(MFC42.DLL+016956)
[vtbl+80]OnCommand =03ECE1A0->6BC4291C(MFC42.DLL+00291C)
[vtbl+84]OnNotify =03ECE19A->6BC43290(MFC42.DLL+003290)
[vtbl+88]GetSuperWndProcAddr =03ECE194->6BC44440(MFC42.DLL+004440)
[vtbl+8C]DoDataExchange =03E78793(QQAllInOne.dll+058793)
[vtbl+90]BeginModalState =03E21DA7(QQAllInOne.dll+001DA7)
[vtbl+94]EndModalState =03E21DB3(QQAllInOne.dll+001DB3)
[vtbl+98]PreTranslateMessage =03E78963(QQAllInOne.dll+058963)
[vtbl+9C]OnAmbientProperty =03ECE188->6BC9E06A(MFC42.DLL+05E06A)
[vtbl+A0]WindowProc =03ECE182->6BC41CC8(MFC42.DLL+001CC8)
[vtbl+A4]OnWndMsg =03ECE17C->6BC41D0C(MFC42.DLL+001D0C)
[vtbl+A8]DefWindowProcA =03ECE176->6BC420CE(MFC42.DLL+0020CE)
[vtbl+AC]PostNcDestroy =03E7AF23(QQAllInOne.dll+05AF23)
[vtbl+B0]OnChildNotify =03ECE16A->6BC4271D(MFC42.DLL+00271D)
[vtbl+B4]CheckAutoCenter =03ECE266->6BC49789(MFC42.DLL+009789)
[vtbl+B8]IsFrameWnd =03ECE15E->6BC417E0(MFC42.DLL+0017E0)
[vtbl+BC]SetOccDialogInfo =03ECE260->6BC9D6C7(MFC42.DLL+05D6C7)
[vtbl+C0]DoModal =03ECE25A->6BC56AB1(MFC42.DLL+016AB1)
[vtbl+C4]OnInitDialog =03E7B550(QQAllInOne.dll+05B550)
[vtbl+C8]OnSetFont =03ECE254->6BC4466E(MFC42.DLL+00466E)
[vtbl+CC]OnOK =03E81574(QQAllInOne.dll+061574)
[vtbl+D0]OnCancel =03E7A534(QQAllInOne.dll+05A534)
[vtbl+D4]PreInitDialog =03ECE24E->6BC44444(MFC42.DLL+004444)
message map=03EF10B0(QQAllInOne.dll+0D10B0)
msg map entries at 03EF10B8(QQAllInOne.dll+0D10B8)
OnMsg:095B,func=03E9CED2(QQAllInOne.dll+07CED2)
OnMsg:0959,func=03E9CD04(QQAllInOne.dll+07CD04)
OnMsg:0956,func=03E9C919(QQAllInOne.dll+07C919)
OnMsg:0954,func=03E9C6F2(QQAllInOne.dll+07C6F2)
OnMsg:08D2,func=03E89D13(QQAllInOne.dll+069D13)
OnMsg:08D3,func=03E89D25(QQAllInOne.dll+069D25)
OnMsg:WM_CLOSE(0010),func=03E89F84(QQAllInOne.dll+069F84)
OnMsg:WM_ACTIVATE(0006),func=03E89D33(QQAllInOne.dll+069D33)
OnMsg:WM_MEASUREITEM(002c),func=03E871C3(QQAllInOne.dll+0671C3)
OnMsg:WM_DROPFILES(0233),func=03E7912B(QQAllInOne.dll+05912B)
OnMsg:WM_ERASEBKGND(0014),func=03E78E5A(QQAllInOne.dll+058E5A)
OnMsg:WM_CTLCOLOR(0019),func=03E78F24(QQAllInOne.dll+058F24)
OnMsg:WM_DESTROY(0002),func=03E7AE3C(QQAllInOne.dll+05AE3C)
OnMsg:WM_PAINT(000f),func=03E78F1F->6BC418DD(MFC42.DLL+0018DD)
OnMsg:WM_CREATE(0001),func=03E78F38(QQAllInOne.dll+058F38)
OnMsg:WM_SIZE(0005),func=03E795A1(QQAllInOne.dll+0595A1)
OnMsg:WM_COPYDATA(004a),func=03E22D27(QQAllInOne.dll+002D27)
OnMsg:WM_TIMER(0113),func=03E78028(QQAllInOne.dll+058028)
OnCommand: notifycode=0000 id=0186,func=03E7F1D8(QQAllInOne.dll+05F1D8)
OnCommand: notifycode=0000 id=0405,func=03E874CB(QQAllInOne.dll+0674CB)
OnCommand: notifycode=0000 id=077e,func=03E9CEB8(QQAllInOne.dll+07CEB8)
OnCommand: notifycode=0000 id=0406,func=03E7A524(QQAllInOne.dll+05A524)
OnMsg:066E,func=03E7FD2B(QQAllInOne.dll+05FD2B)
OnMsg:066F,func=03E83219(QQAllInOne.dll+063219)
OnMsg:0958,func=03E9C994(QQAllInOne.dll+07C994)
OnMsg:0670,func=03E8329C(QQAllInOne.dll+06329C)
OnMsg:067A,func=03E83CA8(QQAllInOne.dll+063CA8)
OnMsg:0679,func=03E83BE7(QQAllInOne.dll+063BE7)
OnMsg:0671,func=03E8298A(QQAllInOne.dll+06298A)
OnMsg:0672,func=03E82D2B(QQAllInOne.dll+062D2B)
OnMsg:068F,func=03E83149(QQAllInOne.dll+063149)
OnMsg:0690,func=03E83155(QQAllInOne.dll+063155)
OnMsg:0691,func=03E83170(QQAllInOne.dll+063170)
OnMsg:0692,func=03E831C1(QQAllInOne.dll+0631C1)
OnMsg:0693,func=03E83197(QQAllInOne.dll+063197)
OnMsg:0694,func=03E831EB(QQAllInOne.dll+0631EB)
OnMsg:06B2,func=03E90639(QQAllInOne.dll+070639)
OnMsg:06B1,func=03E905D7(QQAllInOne.dll+0705D7)
OnMsg:0949,func=03E99C89(QQAllInOne.dll+079C89)
OnMsg:06AF,func=03E906F4(QQAllInOne.dll+0706F4)
OnMsg:06AE,func=03E906F4(QQAllInOne.dll+0706F4)
OnMsg:06B3,func=03E908D0(QQAllInOne.dll+0708D0)
OnMsg:0673,func=03E87C9C(QQAllInOne.dll+067C9C)
OnMsg:0674,func=03E88E27(QQAllInOne.dll+068E27)
OnMsg:0675,func=03E89113(QQAllInOne.dll+069113)
OnMsg:0800,func=03E8938E(QQAllInOne.dll+06938E)
OnMsg:06A2,func=03E8DFAC(QQAllInOne.dll+06DFAC)
OnMsg:0676,func=03E811F8(QQAllInOne.dll+0611F8)
OnMsg:0677,func=03E88DD4(QQAllInOne.dll+068DD4)
OnMsg:06B0,func=03E893AD(QQAllInOne.dll+0693AD)
OnMsg:162B,func=03E893E4(QQAllInOne.dll+0693E4)
OnMsg:067D,func=03E8942E(QQAllInOne.dll+06942E)
OnMsg:0678,func=03E89A4D(QQAllInOne.dll+069A4D)
OnMsg:067F,func=03E89A65(QQAllInOne.dll+069A65)
OnMsg:067B,func=03E83EEE(QQAllInOne.dll+063EEE)
OnMsg:067C,func=03E83F6B(QQAllInOne.dll+063F6B)
OnMsg:06A9,func=03E79279(QQAllInOne.dll+059279)
OnMsg:0682,func=03E8B69B(QQAllInOne.dll+06B69B)
OnMsg:0683,func=03E8B8CF(QQAllInOne.dll+06B8CF)
OnMsg:0684,func=03E8B8E7(QQAllInOne.dll+06B8E7)
OnMsg:0685,func=03E8B8FF(QQAllInOne.dll+06B8FF)
OnMsg:0686,func=03E8B917(QQAllInOne.dll+06B917)
OnMsg:0687,func=03E8B92F(QQAllInOne.dll+06B92F)
OnMsg:0688,func=03E8B947(QQAllInOne.dll+06B947)
OnMsg:068A,func=03E8B95F(QQAllInOne.dll+06B95F)
OnMsg:068B,func=03E8B995(QQAllInOne.dll+06B995)
OnMsg:068C,func=03E8B9A9(QQAllInOne.dll+06B9A9)
OnMsg:068D,func=03E8B9BD(QQAllInOne.dll+06B9BD)
OnMsg:068E,func=03E8B9D1(QQAllInOne.dll+06B9D1)
OnCommand: notifycode=0000 id=7d64 to 7e22,func=03E871ED(QQAllInOne.dll+0671ED)
OnCommand: notifycode=0000 id=80ea,func=03E8A5AC(QQAllInOne.dll+06A5AC)
OnCommand: notifycode=0000 id=80eb,func=03E8A5C9(QQAllInOne.dll+06A5C9)
OnCommand: notifycode=0000 id=80ec,func=03E8AD9C(QQAllInOne.dll+06AD9C)
UpdateCmdUI: id=0401,func=03E7E755(QQAllInOne.dll+05E755)
UpdateCmdUI: id=03e9,func=03E7E7FC(QQAllInOne.dll+05E7FC)
UpdateCmdUI: id=03f0,func=03E52289(QQAllInOne.dll+032289)
UpdateCmdUI: id=03f5,func=03E8FE04(QQAllInOne.dll+06FE04)
UpdateCmdUI: id=03ed,func=03E52289(QQAllInOne.dll+032289)
UpdateCmdUI: id=03ee,func=03E52289(QQAllInOne.dll+032289)
OnCommand: notifycode=0000 id=03e9,func=03E7EACC(QQAllInOne.dll+05EACC)
OnCommand: notifycode=0000 id=03e8,func=03E7E882(QQAllInOne.dll+05E882)
OnCommand: notifycode=0000 id=d2f3,func=03E9329A(QQAllInOne.dll+07329A)
OnMsg:06B8,func=03E91DF3(QQAllInOne.dll+071DF3)
OnMsg:06B9,func=03E91DFB(QQAllInOne.dll+071DFB)
OnCommand: notifycode=0000 id=03ec,func=03E7EC80(QQAllInOne.dll+05EC80)
OnCommand: notifycode=0000 id=03ef,func=03E89C14(QQAllInOne.dll+069C14)
OnCommand: notifycode=0000 id=03f0,func=03E89A75(QQAllInOne.dll+069A75)
OnCommand: notifycode=0000 id=7e90 to 80e8,func=03E894AB(QQAllInOne.dll+0694AB)
OnCommand: notifycode=0000 id=8534 to 878c,func=03E8F729(QQAllInOne.dll+06F729)
OnCommand: notifycode=0000 id=8533,func=03E8FAF4(QQAllInOne.dll+06FAF4)
OnCommand: notifycode=0000 id=80e9,func=03E89644(QQAllInOne.dll+069644)
OnCommand: notifycode=0000 id=814c to 82dc,func=03E89819(QQAllInOne.dll+069819)
OnCommand: notifycode=0000 id=82dd,func=03E8984E(QQAllInOne.dll+06984E)
OnCommand: notifycode=0000 id=03ed,func=03E8A5E6(QQAllInOne.dll+06A5E6)
OnCommand: notifycode=0000 id=03ee,func=03E89659(QQAllInOne.dll+069659)
OnCommand: notifycode=0000 id=33b5,func=03E7EC48(QQAllInOne.dll+05EC48)
OnCommand: notifycode=0000 id=0401,func=03E9C55E(QQAllInOne.dll+07C55E)
OnCommand: notifycode=0000 id=03f7,func=03E8AEE7(QQAllInOne.dll+06AEE7)
OnCommand: notifycode=0000 id=03f8,func=03E931D1(QQAllInOne.dll+0731D1)
OnCommand: notifycode=0000 id=03fa,func=03E9767A(QQAllInOne.dll+07767A)
OnCommand: notifycode=0000 id=03f5,func=03E9089A(QQAllInOne.dll+07089A)
OnCommand: notifycode=0000 id=03f6,func=03E9089A(QQAllInOne.dll+07089A)
UpdateCmdUI: id=03f6,func=03E52289(QQAllInOne.dll+032289)
OnMsg:06B4,func=03E91050(QQAllInOne.dll+071050)
OnMsg:06B5,func=03E910D0(QQAllInOne.dll+0710D0)
OnMsg:0464,func=03E7F1B3(QQAllInOne.dll+05F1B3)
OnMsg:06BC,func=03E83FF6(QQAllInOne.dll+063FF6)
OnCommand: notifycode=0300 id=037e,func=03E80B7B(QQAllInOne.dll+060B7B)
OnCommand: notifycode=0200 id=037e,func=03E8D732(QQAllInOne.dll+06D732)
OnCommand: notifycode=0501 id=037e,func=03E8116E(QQAllInOne.dll+06116E)
OnMsg:0496,func=03E7F45D(QQAllInOne.dll+05F45D)
OnMsg:067E,func=03E83FDC(QQAllInOne.dll+063FDC)
OnMsg:050E,func=03E8A467(QQAllInOne.dll+06A467)
OnMsg:0681,func=03E8AA16(QQAllInOne.dll+06AA16)
OnMsg:052D,func=03E8CDBC(QQAllInOne.dll+06CDBC)
OnMsg:052E,func=03E8CE3C(QQAllInOne.dll+06CE3C)
OnMsg:052F,func=03E8D1B2(QQAllInOne.dll+06D1B2)
OnMsg:0530,func=03E8D0E2(QQAllInOne.dll+06D0E2)
OnMsg:069E,func=03E8D483(QQAllInOne.dll+06D483)
OnMsg:069F,func=03E8D76C(QQAllInOne.dll+06D76C)
OnMsg:06A0,func=03E8DADC(QQAllInOne.dll+06DADC)
OnMsg:06A1,func=03E8DC19(QQAllInOne.dll+06DC19)
OnMsg:06A4,func=03E8F620(QQAllInOne.dll+06F620)
OnMsg:06A6,func=03E8FB5F(QQAllInOne.dll+06FB5F)
OnMsg:06AA,func=03E900F6(QQAllInOne.dll+0700F6)
OnMsg:06AB,func=03E90100(QQAllInOne.dll+070100)
OnMsg:06AC,func=03E90130(QQAllInOne.dll+070130)
OnMsg:06AD,func=03E905BB(QQAllInOne.dll+0705BB)
OnMsg:095A,func=03E9CDAF(QQAllInOne.dll+07CDAF)
OnMsg:06B6,func=03E7A943(QQAllInOne.dll+05A943)
OnMsg:069D,func=03E91DBC(QQAllInOne.dll+071DBC)
OnNotify: notifycode=0001 id=e814,func=03E8ECC8(QQAllInOne.dll+06ECC8)
OnCommand: notifycode=0000 id=84d1,func=03E8E111(QQAllInOne.dll+06E111)
OnCommand: notifycode=0000 id=84d2,func=03E8E2B5->03E83359(QQAllInOne.dll+063359)
OnCommand: notifycode=0000 id=84d3,func=03E8E2BA(QQAllInOne.dll+06E2BA)
OnCommand: notifycode=0000 id=84d4,func=03E91F18(QQAllInOne.dll+071F18)
OnCommand: notifycode=0000 id=84d0,func=03E8E5F0(QQAllInOne.dll+06E5F0)
OnCommand: notifycode=0000 id=84df,func=03E8E8C4(QQAllInOne.dll+06E8C4)
OnCommand: notifycode=0000 id=84e6,func=03E8DFCB(QQAllInOne.dll+06DFCB)
OnCommand: notifycode=0000 id=84f0,func=03E8ADB9(QQAllInOne.dll+06ADB9)
OnCommand: notifycode=0000 id=84e7,func=03E9CBA4(QQAllInOne.dll+07CBA4)
OnCommand: notifycode=0000 id=84d9,func=03E8EC58(QQAllInOne.dll+06EC58)
OnCommand: notifycode=0000 id=84e1,func=03E95BB4(QQAllInOne.dll+075BB4)
OnCommand: notifycode=0000 id=84db,func=03E8EC99(QQAllInOne.dll+06EC99)
OnCommand: notifycode=0000 id=03ea,func=03E7EDCB(QQAllInOne.dll+05EDCB)
OnCommand: notifycode=0000 id=03f3,func=03E8DB34(QQAllInOne.dll+06DB34)
OnCommand: notifycode=0000 id=6211,func=03E96B85(QQAllInOne.dll+076B85)
OnCommand: notifycode=0000 id=6210,func=03E96AA3(QQAllInOne.dll+076AA3)
OnCommand: notifycode=0000 id=03fb,func=03E905A6(QQAllInOne.dll+0705A6)
OnCommand: notifycode=0000 id=03fc,func=03E97953(QQAllInOne.dll+077953)
OnCommand: notifycode=0000 id=03fd,func=03E979E8(QQAllInOne.dll+0779E8)
OnCommand: notifycode=0000 id=03fe,func=03E97A7E(QQAllInOne.dll+077A7E)
OnCommand: notifycode=0000 id=84dc,func=03E8E2B5->03E83359(QQAllInOne.dll+063359)
OnCommand: notifycode=0000 id=84dd,func=03E8F1E8->03E9C3F7(QQAllInOne.dll+07C3F7)
OnCommand: notifycode=0000 id=84de,func=03E92B8B(QQAllInOne.dll+072B8B)
OnCommand: notifycode=0000 id=84d5,func=03E8F1ED(QQAllInOne.dll+06F1ED)
OnCommand: notifycode=0000 id=84d6,func=03E8F1F5(QQAllInOne.dll+06F1F5)
OnCommand: notifycode=0000 id=84d7,func=03E8F1FD(QQAllInOne.dll+06F1FD)
OnCommand: notifycode=0000 id=84d8,func=03E8F205->03EC4554(QQAllInOne.dll+0A4554)
OnCommand: notifycode=0000 id=84e0,func=03E8F20A(QQAllInOne.dll+06F20A)
OnMsg:06A3,func=03E8F241(QQAllInOne.dll+06F241)
OnMsg:06A5,func=03E8F81B(QQAllInOne.dll+06F81B)
OnMsg:06CE,func=03E9CB8C(QQAllInOne.dll+07CB8C)
OnMsg:06A7,func=03E8FB77(QQAllInOne.dll+06FB77)
OnMsg:06A8,func=03E8FF02(QQAllInOne.dll+06FF02)
OnMsg:06C2,func=03E95C23(QQAllInOne.dll+075C23)
OnMsg:06C3,func=03E95C38(QQAllInOne.dll+075C38)
OnMsg:06C4,func=03E95C3D(QQAllInOne.dll+075C3D)
OnCommand: notifycode=0000 id=03a3,func=03E9013A(QQAllInOne.dll+07013A)
OnCommand: notifycode=0000 id=7d1e,func=03E90284(QQAllInOne.dll+070284)
OnCommand: notifycode=0000 id=7d1f,func=03E9035A(QQAllInOne.dll+07035A)
OnMsg:06B7,func=03E91755(QQAllInOne.dll+071755)
OnMsg:WM_KILLFOCUS(0008),func=03E913AF(QQAllInOne.dll+0713AF)
OnMsg:WM_SHOWWINDOW(0018),func=03E9C748(QQAllInOne.dll+07C748)
OnCommand: notifycode=0000 id=4e20 to 4ee7,func=03E9279F(QQAllInOne.dll+07279F)
OnCommand: notifycode=0000 id=4ee8 to 5013,func=03E927DC(QQAllInOne.dll+0727DC)
OnCommand: notifycode=0000 id=5014,func=03E9278F(QQAllInOne.dll+07278F)
OnCommand: notifycode=0000 id=33c1,func=03E92799->6087C25D(QQHelperDll.dll+01C25D)
OnCommand: notifycode=0000 id=33bf,func=03E9B36F(QQAllInOne.dll+07B36F)
OnMsg:06BA,func=03E927F2(QQAllInOne.dll+0727F2)
OnMsg:06BB,func=03E927FA(QQAllInOne.dll+0727FA)
OnMsg:0914,func=03E9287F(QQAllInOne.dll+07287F)
OnCommand: notifycode=0000 id=a7fb,func=03E92CC5(QQAllInOne.dll+072CC5)
OnMsg:091E,func=03E92CD5(QQAllInOne.dll+072CD5)
OnMsg:091F,func=03E92CF3(QQAllInOne.dll+072CF3)
OnMsg:0923,func=03E946DE(QQAllInOne.dll+0746DE)
OnMsg:WM_HOTKEY(0312),func=03E92E77(QQAllInOne.dll+072E77)
OnMsg:0921,func=03E92D11(QQAllInOne.dll+072D11)
OnMsg:08D4,func=03E92D35(QQAllInOne.dll+072D35)
OnMsg:093C,func=03E9829B(QQAllInOne.dll+07829B)
OnMsg:0948,func=03E996C0(QQAllInOne.dll+0796C0)
OnMsg:094A,func=03E22D27(QQAllInOne.dll+002D27)
OnMsg:0952,func=03E9BC7E(QQAllInOne.dll+07BC7E)
OnMsg:0920,func=03E92DA7(QQAllInOne.dll+072DA7)
OnMsg:06BE,func=03E95C38(QQAllInOne.dll+075C38)
OnMsg:06BD,func=03E92EBA(QQAllInOne.dll+072EBA)
OnMsg:0928,func=03E92FFC(QQAllInOne.dll+072FFC)
OnMsg:06BF,func=03E9314F(QQAllInOne.dll+07314F)
OnCommand: notifycode=0000 id=03f9,func=03E931D9(QQAllInOne.dll+0731D9)
UpdateCmdUI: id=03e8,func=03E93661(QQAllInOne.dll+073661)
OnNotify: notifycode=fd3a id=ebe8,func=03E93767(QQAllInOne.dll+073767)
OnMsg:06C0,func=03E94436(QQAllInOne.dll+074436)
OnCommand: notifycode=0000 id=620d,func=03E93ED4(QQAllInOne.dll+073ED4)
OnCommand: notifycode=0000 id=620c,func=03E93BB0(QQAllInOne.dll+073BB0)
OnMsg:05F5,func=03E94493(QQAllInOne.dll+074493)
OnCommand: notifycode=0000 id=620e,func=03E945C4(QQAllInOne.dll+0745C4)
OnMsg:0932,func=03E946C1(QQAllInOne.dll+0746C1)
OnMsg:0934,func=03E96D00(QQAllInOne.dll+076D00)
OnCommand: notifycode=0000 id=620f,func=03E94659(QQAllInOne.dll+074659)
OnNotify: notifycode=0002 id=e815,func=03E95078(QQAllInOne.dll+075078)
OnMsg:5609,func=03E951B5(QQAllInOne.dll+0751B5)
OnNotify: notifycode=0002 id=e817,func=03E9509A(QQAllInOne.dll+07509A)
OnMsg:06C5,func=03E9762B(QQAllInOne.dll+07762B)
OnMsg:06C6,func=03E97782(QQAllInOne.dll+077782)
OnMsg:0933,func=03E967EE(QQAllInOne.dll+0767EE)
OnCommand: notifycode=0000 id=03ff,func=03E98205(QQAllInOne.dll+078205)
OnCommand: notifycode=0000 id=0400,func=03E9BAE3(QQAllInOne.dll+07BAE3)
OnMsg:0946,func=03E983F2(QQAllInOne.dll+0783F2)
OnMsg:06C7,func=03E9886A(QQAllInOne.dll+07886A)
OnMsg:06C8,func=03E98909(QQAllInOne.dll+078909)
OnCommand: notifycode=0000 id=84e4,func=03E98E80(QQAllInOne.dll+078E80)
OnMsg:06CA,func=03E95C38(QQAllInOne.dll+075C38)
OnMsg:06C9,func=03E99793(QQAllInOne.dll+079793)
OnMsg:0466,func=03E99731(QQAllInOne.dll+079731)
OnMsg:094B,func=03E99D46(QQAllInOne.dll+079D46)
OnCommand: notifycode=0000 id=84ee,func=03E9AE5E(QQAllInOne.dll+07AE5E)
OnCommand: notifycode=0000 id=84ef,func=03E9AE66(QQAllInOne.dll+07AE66)
OnMsg:094C,func=03E997B7(QQAllInOne.dll+0797B7)
OnMsg:094E,func=03E9B497(QQAllInOne.dll+07B497)
OnMsg:094F,func=03E9B930(QQAllInOne.dll+07B930)
OnMsg:0951,func=03E9BC69(QQAllInOne.dll+07BC69)
OnMsg:8931,func=03E7BA65(QQAllInOne.dll+05BA65)
OnMsg:06CC,func=03E9C8B5(QQAllInOne.dll+07C8B5)
*/
/* 引用CAllInOneStatusBar::SetUin
.text:10058343 lea eax, [esi+2B54h]
.text:10058349 push 0
.text:1005834B push eax
.text:1005834C mov byte ptr [ebp-4], 3
.text:10058350 push dword ptr [esi+2B68h] //<------------this+2b68 = uin
.text:10058356 call ds:?GetUserLongNickName@@YAHKAAVCString@@H@Z ; GetUserLongNickName(ulong,CString &,int)
.text:1005835C add esp, 0Ch
.text:1005835F lea ecx, [esi+2228h]
.text:10058365 push dword ptr [esi+2B68h] ; hehe //<------------this+2b68 = uin
.text:1005836B call ds:?SetUin@CAllInOneStatusBar@@QAEXK@Z ; CAllInOneStatusBar::SetUin(ulong)
*/
/* 补齐后的CQQAllInOneDlg_vtbl,感谢mfcspy2
.rdata:100D26C0 CQQAllInOneDlg_vtbl dd offset CQQAllInOneDlg__GetRuntimeClass
.rdata:100D26C0 ; DATA XREF: sub_1005720A+2B4o
.rdata:100D26C0 ; sub_10057864+15o
.rdata:100D26C4 dd offset CQQAllInOneDlg__destructor
.rdata:100D26C8 dd offset CQQAllInOneDlg__Serialize_Dump
.rdata:100D26CC dd offset CQQAllInOneDlg__AssertValid
.rdata:100D26D0 dd offset CQQAllInOneDlg__Serialize_Dump
.rdata:100D26D4 dd offset ?OnCmdMsg@CDialog@@UAEHIHPAXPAUAFX_CMDHANDLERINFO@@@Z ; CDialog::OnCmdMsg(uint,int,void *,AFX_CMDHANDLERINFO *)
.rdata:100D26D8 dd offset ?OnFinalRelease@CWnd@@UAEXXZ ; CWnd::OnFinalRelease(void)
.rdata:100D26DC dd offset ?IsInvokeAllowed@CCmdTarget@@UAEHJ@Z ; CCmdTarget::IsInvokeAllowed(long)
.rdata:100D26E0 dd offset ?GetDispatchIID@CCmdTarget@@UAEHPAU_GUID@@@Z ; CCmdTarget::GetDispatchIID(_GUID *)
.rdata:100D26E4 dd offset ?GetTypeInfoCount@CCmdTarget@@UAEIXZ ; CCmdTarget::GetTypeInfoCount(void)
.rdata:100D26E8 dd offset ?GetTypeLibCache@CCmdTarget@@UAEPAVCTypeLibCache@@XZ ; CCmdTarget::GetTypeLibCache(void)
.rdata:100D26EC dd offset ?GetTypeLib@CCmdTarget@@UAEJKPAPAUITypeLib@@@Z ; CCmdTarget::GetTypeLib(ulong,ITypeLib * *)
.rdata:100D26F0 dd offset CQQAllInOneDlg__GetMessageMap
.rdata:100D26F4 dd offset ?GetCommandMap@CCmdTarget@@MBEPBUAFX_OLECMDMAP@@XZ ; CCmdTarget::GetCommandMap(void)
.rdata:100D26F8 dd offset ?GetDispatchMap@CCmdTarget@@MBEPBUAFX_DISPMAP@@XZ ; CCmdTarget::GetDispatchMap(void)
.rdata:100D26FC dd offset ?GetConnectionMap@CCmdTarget@@MBEPBUAFX_CONNECTIONMAP@@XZ ; CCmdTarget::GetConnectionMap(void)
.rdata:100D2700 dd offset CQQAllInOneDlg__GetInterfaceMap
.rdata:100D2704 dd offset ?GetEventSinkMap@CCmdTarget@@MBEPBUAFX_EVENTSINKMAP@@XZ ; CCmdTarget::GetEventSinkMap(void)
.rdata:100D2708 dd offset ?OnCreateAggregates@CCmdTarget@@UAEHXZ ; CCmdTarget::OnCreateAggregates(void)
.rdata:100D270C dd offset ?GetInterfaceHook@CCmdTarget@@UAEPAUIUnknown@@PBX@Z ; CCmdTarget::GetInterfaceHook(void const *)
.rdata:100D2710 dd offset ?GetExtraConnectionPoints@CCmdTarget@@MAEHPAVCPtrArray@@@Z ; CCmdTarget::GetExtraConnectionPoints(CPtrArray *)
.rdata:100D2714 dd offset ?GetConnectionHook@CCmdTarget@@MAEPAUIConnectionPoint@@ABU_GUID@@@Z ; CCmdTarget::GetConnectionHook(_GUID const &)
.rdata:100D2718 dd offset ?PreSubclassWindow@CWnd@@UAEXXZ ; CWnd::PreSubclassWindow(void)
.rdata:100D271C dd offset ?Create@CWnd@@UAEHPBD0KABUtagRECT@@PAV1@IPAUCCreateContext@@@Z ; CWnd::Create(char const *,char const *,ulong,tagRECT const &,CWnd *,uint,CCreateContext *)
.rdata:100D2720 dd offset ?DestroyWindow@CWnd@@UAEHXZ ; CWnd::DestroyWindow(void)
.rdata:100D2724 dd offset ?PreCreateWindow@CWnd@@UAEHAAUtagCREATESTRUCTA@@@Z ; CWnd::PreCreateWindow(tagCREATESTRUCTA &)
.rdata:100D2728 dd offset ?CalcWindowRect@CWnd@@UAEXPAUtagRECT@@I@Z ; CWnd::CalcWindowRect(tagRECT *,uint)
.rdata:100D272C dd offset ?OnToolHitTest@CWnd@@UBEHVCPoint@@PAUtagTOOLINFOA@@@Z ; CWnd::OnToolHitTest(CPoint,tagTOOLINFOA *)
.rdata:100D2730 dd offset ?GetScrollBarCtrl@CWnd@@UBEPAVCScrollBar@@H@Z ; CWnd::GetScrollBarCtrl(int)
.rdata:100D2734 dd offset ?WinHelpA@CWnd@@UAEXKI@Z ; CWnd::WinHelpA(ulong,uint)
.rdata:100D2738 dd offset ?ContinueModal@CWnd@@UAEHXZ ; CWnd::ContinueModal(void)
.rdata:100D273C dd offset ?EndModalLoop@CWnd@@UAEXH@Z ; CWnd::EndModalLoop(int)
.rdata:100D2740 dd offset ?OnCommand@CWnd@@MAEHIJ@Z ; CWnd::OnCommand(uint,long)
.rdata:100D2744 dd offset ?OnNotify@CWnd@@MAEHIJPAJ@Z ; CWnd::OnNotify(uint,long,long *)
.rdata:100D2748 dd offset ?GetSuperWndProcAddr@CWnd@@MAEPAP6GJPAUHWND__@@IIJ@ZXZ ; CWnd::GetSuperWndProcAddr(void)
.rdata:100D274C dd offset CQQAllInOneDlg__DoDataExchange
.rdata:100D2750 dd offset CQQAllInOneDlg__BeginModalState
.rdata:100D2754 dd offset CQQAllInOneDlg__EndModalState
.rdata:100D2758 dd offset CQQAllInOneDlg__PreTranslateMessage
.rdata:100D275C dd offset ?OnAmbientProperty@CWnd@@UAEHPAVCOleControlSite@@JPAUtagVARIANT@@@Z ; CWnd::OnAmbientProperty(COleControlSite *,long,tagVARIANT *)
.rdata:100D2760 dd offset ?WindowProc@CWnd@@MAEJIIJ@Z ; CWnd::WindowProc(uint,uint,long)
.rdata:100D2764 dd offset ?OnWndMsg@CWnd@@MAEHIIJPAJ@Z ; CWnd::OnWndMsg(uint,uint,long,long *)
.rdata:100D2768 dd offset ?DefWindowProcA@CWnd@@MAEJIIJ@Z ; CWnd::DefWindowProcA(uint,uint,long)
.rdata:100D276C dd offset CQQAllInOneDlg__PostNcDestroy
.rdata:100D2770 dd offset ?OnChildNotify@CWnd@@MAEHIIJPAJ@Z ; CWnd::OnChildNotify(uint,uint,long,long *)
.rdata:100D2774 dd offset ?CheckAutoCenter@CDialog@@UAEHXZ ; CDialog::CheckAutoCenter(void)
.rdata:100D2778 dd offset ?IsFrameWnd@CWnd@@UBEHXZ ; CWnd::IsFrameWnd(void)
.rdata:100D277C dd offset ?SetOccDialogInfo@CDialog@@MAEHPAU_AFX_OCC_DIALOG_INFO@@@Z ; CDialog::SetOccDialogInfo(_AFX_OCC_DIALOG_INFO *)
.rdata:100D2780 dd offset ?DoModal@CDialog@@UAEHXZ ; CDialog::DoModal(void)
.rdata:100D2784 dd offset CQQAllInOneDlg__OnInitDialog
.rdata:100D2788 dd offset ?OnSetFont@CDialog@@UAEXPAVCFont@@@Z ; CDialog::OnSetFont(CFont *)
.rdata:100D278C dd offset CQQAllInOneDlg__OnOK
.rdata:100D2790 dd offset CQQAllInOneDlg__OnCancel
.rdata:100D2794 dd offset ?PreInitDialog@CDialog@@MAEXXZ ; CDialog::PreInitDialog(void)
*/
/* 下断点,[vtbl+C4]OnInitDialog =03E7B550(QQAllInOne.dll+05B550) ,检测[ecx+2b68]
0:012> u QQAllInOne+5b550
*** WARNING: Unable to verify checksum for C:\Program Files\Tencent\QQ\QQAllInOne.dll
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\Tencent\QQ\QQAllInOne.dll -
QQAllInOne!SetTransparentValue+0x5942:
03e7b550 b892b2ed03 mov eax,0x3edb292
03e7b555 e886370500 call QQAllInOne!SetTransparentValue+0x590d2 (03ecece0)
03e7b55a 83ec18 sub esp,0x18
03e7b55d 53 push ebx
03e7b55e 8b1da861ee03 mov ebx,[QQAllInOne!SetTransparentValue+0x7059a (03ee61a8)]
03e7b564 56 push esi
03e7b565 57 push edi
03e7b566 8bf1 mov esi,ecx
0:012> bp QQAllInOne+5b550
0:012> g
Breakpoint 1 hit
QQAllInOne!SetTransparentValue+0x5942:
03e7b550 b892b2ed03 mov eax,0x3edb292
0:000> dd ecx+2b68
02cce9f0 00a1df00 00000000 00000000 baadf00d //<------------------00a1df00,ok
02ccea00 00000000 00000001 00000001 00000000
02ccea10 00000000 00000000 00000000 baadf00d
02ccea20 baadf00d baadf00d baadf00d baadf00d
02ccea30 baadf00d baadf00d baadf00d baadf00d
02ccea40 baadf00d baadf00d baadf00d baadf00d
02ccea50 baadf00d baadf00d baadf00d baadf00d
02ccea60 baadf00d baadf00d baadf00d baadf00d
*/
|
代码:
/* CQQAllInOneDlg__OnInitDialog
.text:1005B550 CQQAllInOneDlg__OnInitDialog proc near ; DATA XREF: .rdata:100D2784�o
.text:1005B550 mov eax, offset loc_100BB292
.text:1005B555 call __EH_prolog
.text:1005B55A sub esp, 18h
.text:1005B55D push ebx
.text:1005B55E mov ebx, ds:GetTickCount
.text:1005B564 push esi
.text:1005B565 push edi
.text:1005B566 mov esi, ecx ; this
.text:1005B568 call ebx ; GetTickCount
.text:1005B56A mov ecx, esi
.text:1005B56C call ?OnInitDialog@CDialog@@UAEHXZ ; CDialog::OnInitDialog(void)
.text:1005B571 call ?AfxGetModuleState@@YGPAVAFX_MODULE_STATE@@XZ ; AfxGetModuleState(void)
.text:1005B576 mov eax, [eax+0Ch]
.text:1005B579 push 8000h ; UINT
.text:1005B57E push 10h ; int
.text:1005B580 push 10h ; int
.text:1005B582 push 1
.text:1005B584 pop edi
.text:1005B585 push edi ; UINT
.text:1005B586 push 161h ; LPCSTR
.text:1005B58B push eax ; HINSTANCE
.text:1005B58C call ds:LoadImageA
.text:1005B592 mov [ebp-14h], eax
.text:1005B595 push dword ptr [ebp-14h] ; lParam
.text:1005B598 mov eax, [esi+0A54h]
.text:1005B59E push edi ; wParam
.text:1005B59F push 80h ; Msg
.text:1005B5A4 push dword ptr [eax+20h] ; hWnd
.text:1005B5A7 call ds:SendMessageA
.text:1005B5AD push dword ptr [ebp-14h] ; lParam
.text:1005B5B0 mov eax, [esi+0A54h]
.text:1005B5B6 push 0 ; wParam
.text:1005B5B8 push 80h ; Msg
.text:1005B5BD push dword ptr [eax+20h] ; hWnd
.text:1005B5C0 call ds:SendMessageA
.text:1005B5C6 push 0
.text:1005B5C8 push edi
.text:1005B5C9 mov ecx, esi
.text:1005B5CB call ?GetDlgItem@CWnd@@QBEPAV1@H@Z ; CWnd::GetDlgItem(int)
.text:1005B5D0 mov ecx, eax
.text:1005B5D2 call ?ShowWindow@CWnd@@QAEHH@Z ; CWnd::ShowWindow(int)
.text:1005B5D7 xor eax, eax
.text:1005B5D9 push edi
.text:1005B5DA mov ecx, esi
.text:1005B5DC mov [ebp-24h], eax
.text:1005B5DF mov [ebp-20h], eax
.text:1005B5E2 mov [ebp-1Ch], eax
.text:1005B5E5 mov [ebp-18h], eax
.text:1005B5E8 call ?GetDlgItem@CWnd@@QBEPAV1@H@Z ; CWnd::GetDlgItem(int)
.text:1005B5ED lea ecx, [ebp-24h]
.text:1005B5F0 push ecx ; lpRect
.text:1005B5F1 push dword ptr [eax+20h] ; hWnd
.text:1005B5F4 call ds:GetWindowRect
.text:1005B5FA lea eax, [ebp-24h]
.text:1005B5FD mov ecx, esi
.text:1005B5FF push eax
.text:1005B600 call MFC42_6880
.text:1005B605 push esi
.text:1005B606 lea ecx, [esi+5B8h]
.text:1005B60C push 77Eh
.text:1005B611 call ?SubclassDlgItem@CWnd@@QAEHIPAV1@@Z ; CWnd::SubclassDlgItem(uint,CWnd *)
.text:1005B616 mov eax, [ebp-18h]
.text:1005B619 push edi
.text:1005B61A sub eax, [ebp-20h]
.text:1005B61D lea ecx, [esi+5B8h]
.text:1005B623 push eax
.text:1005B624 mov eax, [ebp-1Ch]
.text:1005B627 sub eax, [ebp-24h]
.text:1005B62A push eax
.text:1005B62B push dword ptr [ebp-20h]
.text:1005B62E push dword ptr [ebp-24h]
.text:1005B631 call ?MoveWindow@CWnd@@QAEXHHHHH@Z ; CWnd::MoveWindow(int,int,int,int,int)
.text:1005B636 push esi
.text:1005B637 mov [esi+660h], edi
.text:1005B63D push 406h
.text:1005B642 lea ecx, [esi+6A4h]
.text:1005B648 mov [esi+67Ch], edi
.text:1005B64E call ?SubclassDlgItem@CWnd@@QAEHIPAV1@@Z ; CWnd::SubclassDlgItem(uint,CWnd *)
.text:1005B653 push esi
.text:1005B654 push 186h
.text:1005B659 lea ecx, [esi+790h]
.text:1005B65F mov [esi+768h], edi
.text:1005B665 call ?SubclassDlgItem@CWnd@@QAEHIPAV1@@Z ; CWnd::SubclassDlgItem(uint,CWnd *)
.text:1005B66A mov [esi+854h], edi
.text:1005B670 push esi
.text:1005B671 push 405h
.text:1005B676 lea ecx, [esi+87Ch]
.text:1005B67C call ?SubclassDlgItem@CWnd@@QAEHIPAV1@@Z ; CWnd::SubclassDlgItem(uint,CWnd *)
.text:1005B681 push esi
.text:1005B682 lea ecx, [esi+968h]
.text:1005B688 push 3A3h
.text:1005B68D mov [esi+940h], edi
.text:1005B693 call ?SubclassDlgItem@CWnd@@QAEHIPAV1@@Z ; CWnd::SubclassDlgItem(uint,CWnd *)
.text:1005B698 push edi
.text:1005B699 lea ecx, [esi+968h]
.text:1005B69F mov [esi+0A2Ch], edi
.text:1005B6A5 call ?ShowWindow@CWnd@@QAEHH@Z ; CWnd::ShowWindow(int)
.text:1005B6AA xor eax, eax
.text:1005B6AC cmp [esi+2C04h], eax
.text:1005B6B2 jnz short loc_1005B6BD
.text:1005B6B4 push eax
.text:1005B6B5 push eax
.text:1005B6B6 mov ecx, esi
.text:1005B6B8 call sub_10068DD4
.text:1005B6BD
.text:1005B6BD loc_1005B6BD: ; CODE XREF: CQQAllInOneDlg__OnInitDialog+162�j
.text:1005B6BD call ebx ; GetTickCount
.text:1005B6BF push 2C00h
.text:1005B6C4 call ??2@YAPAXI@Z ; operator new(uint)
.text:1005B6C9 pop ecx
.text:1005B6CA mov [ebp-14h], eax
.text:1005B6CD and dword ptr [ebp-4], 0
.text:1005B6D1 test eax, eax
.text:1005B6D3 jz short loc_1005B6DE
.text:1005B6D5 mov ecx, eax
.text:1005B6D7 call sub_1009DE6B
.text:1005B6DC jmp short loc_1005B6E0
.text:1005B6DE ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
.text:1005B6DE
.text:1005B6DE loc_1005B6DE: ; CODE XREF: CQQAllInOneDlg__OnInitDialog+183�j
.text:1005B6DE xor eax, eax
.text:1005B6E0
.text:1005B6E0 loc_1005B6E0: ; CODE XREF: CQQAllInOneDlg__OnInitDialog+18C�j
.text:1005B6E0 or dword ptr [ebp-4], 0FFFFFFFFh
.text:1005B6E4 push esi
.text:1005B6E5 mov ecx, eax
.text:1005B6E7 mov [esi+1FACh], eax
.text:1005B6ED call sub_1009EA23
.text:1005B6F2 mov ecx, esi
.text:1005B6F4 call sub_100706F7
.text:1005B6F9 call ebx ; GetTickCount
.text:1005B6FB mov ecx, esi
.text:1005B6FD call sub_1007A2F5
.text:1005B702 push 64h
.text:1005B704 call ??2@YAPAXI@Z ; operator new(uint)
.text:1005B709 pop ecx
.text:1005B70A mov [ebp-14h], eax
.text:1005B70D test eax, eax
.text:1005B70F mov [ebp-4], edi
.text:1005B712 jz short loc_1005B71D
.text:1005B714 mov ecx, eax
.text:1005B716 call sub_1002E9DD
.text:1005B71B jmp short loc_1005B71F
.text:1005B71D ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
.text:1005B71D
.text:1005B71D loc_1005B71D: ; CODE XREF: CQQAllInOneDlg__OnInitDialog+1C2�j
.text:1005B71D xor eax, eax
.text:1005B71F
.text:1005B71F loc_1005B71F: ; CODE XREF: CQQAllInOneDlg__OnInitDialog+1CB�j
.text:1005B71F or dword ptr [ebp-4], 0FFFFFFFFh
.text:1005B723 mov [esi+26D4h], eax
.text:1005B729 push 4Ch
.text:1005B72B mov [eax+5Ch], esi
.text:1005B72E call ??2@YAPAXI@Z ; operator new(uint)
.text:1005B733 pop ecx
.text:1005B734 mov [ebp-14h], eax
.text:1005B737 test eax, eax
.text:1005B739 mov dword ptr [ebp-4], 2
.text:1005B740 jz short loc_1005B74B
.text:1005B742 mov ecx, eax
.text:1005B744 call sub_1009A35E
.text:1005B749 jmp short loc_1005B74D
.text:1005B74B ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
.text:1005B74B
.text:1005B74B loc_1005B74B: ; CODE XREF: CQQAllInOneDlg__OnInitDialog+1F0�j
.text:1005B74B xor eax, eax
.text:1005B74D
.text:1005B74D loc_1005B74D: ; CODE XREF: CQQAllInOneDlg__OnInitDialog+1F9�j
.text:1005B74D or dword ptr [ebp-4], 0FFFFFFFFh
.text:1005B751 mov [esi+26D8h], eax
.text:1005B757 push 18F0h
.text:1005B75C mov [eax+40h], esi
.text:1005B75F call ??2@YAPAXI@Z ; operator new(uint)
.text:1005B764 pop ecx
.text:1005B765 mov [ebp-14h], eax
.text:1005B768 test eax, eax
.text:1005B76A mov dword ptr [ebp-4], 3
.text:1005B771 jz short loc_1005B77C
.text:1005B773 mov ecx, eax
.text:1005B775 call sub_100041C5
.text:1005B77A jmp short loc_1005B77E
.text:1005B77C ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
.text:1005B77C
.text:1005B77C loc_1005B77C: ; CODE XREF: CQQAllInOneDlg__OnInitDialog+221�j
.text:1005B77C xor eax, eax
.text:1005B77E
.text:1005B77E loc_1005B77E: ; CODE XREF: CQQAllInOneDlg__OnInitDialog+22A�j
.text:1005B77E or dword ptr [ebp-4], 0FFFFFFFFh
.text:1005B782 mov [esi+271Ch], eax
.text:1005B788 push 0
.text:1005B78A mov [eax+48h], esi
.text:1005B78D push dword ptr [esi+2B68h] //<-------------[esi+2b68],uin
.text:1005B793 push dword ptr [esi+2CBCh] //<-------------[esi+2cbc],IQQCore
.text:1005B799 call ds:?IsTMFriend@@YAHPAUIQQCore@@KPAH@Z ; IsTMFriend(IQQCore *,ulong,int *)
.text:1005B79F add esp, 0Ch
.text:1005B7A2 test eax, eax
.text:1005B7A4 jz short loc_1005B7E3
.text:1005B7A6 push 58h
.text:1005B7A8 call ??2@YAPAXI@Z ; operator new(uint)
.text:1005B7AD pop ecx
.text:1005B7AE mov [ebp-14h], eax
.text:1005B7B1 test eax, eax
.text:1005B7B3 mov dword ptr [ebp-4], 4
.text:1005B7BA jz short loc_1005B7C5
.text:1005B7BC mov ecx, eax
.text:1005B7BE call sub_1000D2F1
.text:1005B7C3 jmp short loc_1005B7C7
.text:1005B7C5 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
.text:1005B7C5
.text:1005B7C5 loc_1005B7C5: ; CODE XREF: CQQAllInOneDlg__OnInitDialog+26A�j
.text:1005B7C5 xor eax, eax
.text:1005B7C7
.text:1005B7C7 loc_1005B7C7: ; CODE XREF: CQQAllInOneDlg__OnInitDialog+273�j
.text:1005B7C7 or dword ptr [ebp-4], 0FFFFFFFFh
.text:1005B7CB lea ecx, [esi+26F8h]
.text:1005B7D1 mov [ecx], eax
.text:1005B7D3 mov [eax+3Ch], esi
.text:1005B7D6 push dword ptr [esi+2CBCh];//<----------IQQCore*
.text:1005B7DC mov ecx, [ecx] //vtbl
.text:1005B7DE call ?SetModifiedFlag@CDocument@@UAEXH@Z ; CDocument::SetModifiedFlag(int)
.text:1005B7E3
.text:1005B7E3 loc_1005B7E3: ; CODE XREF: CQQAllInOneDlg__OnInitDialog+254�j
.text:1005B7E3 push dword ptr [esi+271Ch]
.text:1005B7E9 lea ecx, [esi+2720h]
.text:1005B7EF call sub_10013BAD
.text:1005B7F4 xor ecx, ecx
.text:1005B7F6 mov [esi+1034h], esi
.text:1005B7FC cmp [esi+2C04h], ecx
.text:1005B802 mov edx, edi
.text:1005B804 jz short loc_1005B82C
.text:1005B806 mov eax, [esi+26D0h]
.text:1005B80C cmp eax, ecx
.text:1005B80E jz short loc_1005B82C
.text:1005B810 movzx eax, byte ptr [eax+124h]
.text:1005B817 sub eax, ecx
.text:1005B819 jz short loc_1005B829
.text:1005B81B dec eax
.text:1005B81C jz short loc_1005B825
.text:1005B81E dec eax
.text:1005B81F jnz short loc_1005B82C
.text:1005B821 push 4
.text:1005B823 jmp short loc_1005B82B
.text:1005B825 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
.text:1005B825
.text:1005B825 loc_1005B825: ; CODE XREF: CQQAllInOneDlg__OnInitDialog+2CC�j
.text:1005B825 push 3
.text:1005B827 jmp short loc_1005B82B
.text:1005B829 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
.text:1005B829
.text:1005B829 loc_1005B829: ; CODE XREF: CQQAllInOneDlg__OnInitDialog+2C9�j
.text:1005B829 push 2
.text:1005B82B
.text:1005B82B loc_1005B82B: ; CODE XREF: CQQAllInOneDlg__OnInitDialog+2D3�j
.text:1005B82B ; CQQAllInOneDlg__OnInitDialog+2D7�j
.text:1005B82B pop edx
.text:1005B82C
.text:1005B82C loc_1005B82C: ; CODE XREF: CQQAllInOneDlg__OnInitDialog+2B4�j
.text:1005B82C ; CQQAllInOneDlg__OnInitDialog+2BE�j ...
.text:1005B82C cmp [esi+0B1Ch], ecx
.text:1005B832 jz short loc_1005B86C
.text:1005B834 push 8
.text:1005B836 push esi
.text:1005B837 lea ecx, [esi+3F0h]
.text:1005B83D call sub_10009E97
.text:1005B842 call ?AfxGetModuleState@@YGPAVAFX_MODULE_STATE@@XZ ; AfxGetModuleState(void)
.text:1005B847 mov eax, 876h
.text:1005B84C push eax ; lpIconName
.text:1005B84D push 0Eh
.text:1005B84F push eax
.text:1005B850 call ?AfxFindResourceHandle@@YGPAUHINSTANCE__@@PBD0@Z ; AfxFindResourceHandle(char const *,char const *)
.text:1005B855 push eax ; hInstance
.text:1005B856 call ds:LoadIconA
.text:1005B85C push edi
.text:1005B85D push eax
.text:1005B85E lea ecx, [esi+2228h]
.text:1005B864 call ds:?SetHeadIcon@CAllInOneStatusBar@@QAEXPAUHICON__@@H@Z ; CAllInOneStatusBar::SetHeadIcon(HICON__ *,int)
.text:1005B86A jmp short loc_1005B879
.text:1005B86C ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
.text:1005B86C
.text:1005B86C loc_1005B86C: ; CODE XREF: CQQAllInOneDlg__OnInitDialog+2E2�j
.text:1005B86C push edx
.text:1005B86D push esi
.text:1005B86E lea ecx, [esi+3F0h]
.text:1005B874 call sub_10009E97
.text:1005B879
.text:1005B879 loc_1005B879: ; CODE XREF: CQQAllInOneDlg__OnInitDialog+31A�j
.text:1005B879 call ebx ; GetTickCount
.text:1005B87B push esi
.text:1005B87C lea ecx, [esi+0B28h]
.text:1005B882 push edi
.text:1005B883 call ds:?EnableAccel@CQQRichEditEx@@QAEXHPAVCWnd@@@Z ; CQQRichEditEx::EnableAccel(int,CWnd *)
.text:1005B889 mov ecx, esi
.text:1005B88B call sub_1005DDFD
.text:1005B890 call ebx ; GetTickCount
.text:1005B892 mov ecx, esi
.text:1005B894 call sub_1005C1EB
.text:1005B899 call ebx ; GetTickCount
.text:1005B89B mov ecx, esi
.text:1005B89D call sub_1005BC64
.text:1005B8A2 call ebx ; GetTickCount
.text:1005B8A4 lea ecx, [esi+1058h]
.text:1005B8AA call ds:?InitOle@CMsgEditBase@@QAEHXZ ; CMsgEditBase::InitOle(void)
.text:1005B8B0 lea ecx, [esi+0B28h]
.text:1005B8B6 call ds:?InitOle@CQQRichEditEx@@QAEHXZ ; CQQRichEditEx::InitOle(void)
.text:1005B8BC lea ecx, [esi+0B28h]
.text:1005B8C2 call ?SetFocus@CWnd@@QAEPAV1@XZ ; CWnd::SetFocus(void)
.text:1005B8C7 push 0
.text:1005B8C9 mov ecx, esi
.text:1005B8CB mov [esi+2B6Ch], edi
.text:1005B8D1 call ?CenterWindow@CWnd@@QAEXPAV1@@Z ; CWnd::CenterWindow(CWnd *)
.text:1005B8D6 mov ecx, esi
.text:1005B8D8 call sub_1005AF43
.text:1005B8DD call ebx ; GetTickCount
.text:1005B8DF mov eax, [esi+2CC0h]
.text:1005B8E5 push 2Ch
.text:1005B8E7 mov [esi+0E4Ch], eax
.text:1005B8ED call ??2@YAPAXI@Z ; operator new(uint)
.text:1005B8F2 pop ecx
.text:1005B8F3 mov [ebp-14h], eax
.text:1005B8F6 test eax, eax
.text:1005B8F8 mov dword ptr [ebp-4], 5
.text:1005B8FF jz short loc_1005B90A
.text:1005B901 mov ecx, eax
.text:1005B903 call sub_1000F3F7
.text:1005B908 jmp short loc_1005B90C
.text:1005B90A ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
.text:1005B90A
.text:1005B90A loc_1005B90A: ; CODE XREF: CQQAllInOneDlg__OnInitDialog+3AF�j
.text:1005B90A xor eax, eax
.text:1005B90C
.text:1005B90C loc_1005B90C: ; CODE XREF: CQQAllInOneDlg__OnInitDialog+3B8�j
.text:1005B90C or dword ptr [ebp-4], 0FFFFFFFFh
.text:1005B910 lea edi, [esi+2BF0h]
.text:1005B916 push 0 ; lpTimerFunc
.text:1005B918 push 7D0h ; uElapse
.text:1005B91D mov [edi], eax
.text:1005B91F push 4 ; nIDEvent
.text:1005B921 mov [eax+24h], esi
.text:1005B924 push dword ptr [esi+20h] ; hWnd
.text:1005B927 call ds:SetTimer
.text:1005B92D mov ecx, [edi]
.text:1005B92F call sub_1000F5EF
.text:1005B934 lea edi, [esi+1FF8h]
.text:1005B93A push esi
.text:1005B93B mov ecx, edi
.text:1005B93D call ds:?Create@CQQToolTip@@QAEHPAVCWnd@@@Z ; CQQToolTip::Create(CWnd *)
.text:1005B943 push 10h
.text:1005B945 push 10h
.text:1005B947 push 560h
.text:1005B94C mov ecx, edi
.text:1005B94E call ds:?SetIcon@CQQToolTip@@QAEHIHH@Z ; CQQToolTip::SetIcon(uint,int,int)
.text:1005B954 push 0C6C3C6h
.text:1005B959 mov ecx, edi
.text:1005B95B call ds:?SetFrameColor@CQQToolTip@@QAEXK@Z ; CQQToolTip::SetFrameColor(ulong)
.text:1005B961 mov edi, 0EFFBFFh
.text:1005B966 lea ecx, [esi+1FF8h]
.text:1005B96C push edi
.text:1005B96D call ds:?SetInnerFrameColor@CQQToolTip@@QAEXK@Z ; CQQToolTip::SetInnerFrameColor(ulong)
.text:1005B973 push edi
.text:1005B974 lea ecx, [esi+1FF8h]
.text:1005B97A call ds:?SetBkColor@CQQToolTip@@QAEXK@Z ; CQQToolTip::SetBkColor(ulong)
.text:1005B980 call ebx ; GetTickCount
.text:1005B982 lea ecx, [esi+2CE4h]
.text:1005B988 push esi
.text:1005B989 call ds:?Create@CQQToolTip@@QAEHPAVCWnd@@@Z ; CQQToolTip::Create(CWnd *)
.text:1005B98F push 0C6C3C6h
.text:1005B994 lea ecx, [esi+2CE4h]
.text:1005B99A call ds:?SetFrameColor@CQQToolTip@@QAEXK@Z ; CQQToolTip::SetFrameColor(ulong)
.text:1005B9A0 push edi
.text:1005B9A1 lea ecx, [esi+2CE4h]
.text:1005B9A7 call ds:?SetInnerFrameColor@CQQToolTip@@QAEXK@Z ; CQQToolTip::SetInnerFrameColor(ulong)
.text:1005B9AD push edi
.text:1005B9AE lea edi, [esi+2CE4h]
.text:1005B9B4 mov ecx, edi
.text:1005B9B6 call ds:?SetBkColor@CQQToolTip@@QAEXK@Z ; CQQToolTip::SetBkColor(ulong)
.text:1005B9BC push 10h
.text:1005B9BE push 10h
.text:1005B9C0 push 560h
.text:1005B9C5 mov ecx, edi
.text:1005B9C7 call ds:?SetIcon@CQQToolTip@@QAEHIHH@Z ; CQQToolTip::SetIcon(uint,int,int)
.text:1005B9CD and dword ptr [ebp-10h], 0
.text:1005B9D1 mov eax, [esi+2CBCh]
.text:1005B9D7 mov dword ptr [ebp-4], 6
.text:1005B9DE test eax, eax
.text:1005B9E0 jz short loc_1005BA1B
.text:1005B9E2 mov ecx, [eax]
.text:1005B9E4 lea edx, [ebp-10h]
.text:1005B9E7 push edx
.text:1005B9E8 push offset unk_100CF478
.text:1005B9ED push eax
.text:1005B9EE call dword ptr [ecx+1Ch]
.text:1005B9F1 test eax, eax
.text:1005B9F3 jnz short loc_1005BA1B
.text:1005B9F5 mov eax, [ebp-10h]
.text:1005B9F8 mov ecx, [esi+1F74h]
.text:1005B9FE push offset unk_100CF468
.text:1005BA03 mov [ebp-14h], eax
.text:1005BA06 mov edi, [eax]
.text:1005BA08 call ?GetInterface@CCmdTarget@@QAEPAUIUnknown@@PBX@Z ; CCmdTarget::GetInterface(void const *)
.text:1005BA0D push eax
.text:1005BA0E push dword ptr [ebp-14h]
.text:1005BA11 call dword ptr [edi+3Ch]
.text:1005BA14 mov ecx, esi
.text:1005BA16 call sub_10070774
.text:1005BA1B
.text:1005BA1B loc_1005BA1B: ; CODE XREF: CQQAllInOneDlg__OnInitDialog+490�j
.text:1005BA1B ; CQQAllInOneDlg__OnInitDialog+4A3�j
.text:1005BA1B mov ecx, esi
.text:1005BA1D call sub_10075A31
.text:1005BA22 call ebx ; GetTickCount
.text:1005BA24 xor edi, edi
.text:1005BA26 mov ecx, esi
.text:1005BA28 mov [esi+2E28h], edi
.text:1005BA2E call sub_1005C08F
.text:1005BA33 push edi ; lParam
.text:1005BA34 push edi ; wParam
.text:1005BA35 push 8931h ; Msg
.text:1005BA3A push dword ptr [esi+20h] ; hWnd
.text:1005BA3D call ds:PostMessageA
.text:1005BA43 mov eax, [ebp-10h]
.text:1005BA46 or dword ptr [ebp-4], 0FFFFFFFFh
.text:1005BA4A cmp eax, edi
.text:1005BA4C pop edi
.text:1005BA4D pop esi
.text:1005BA4E pop ebx
.text:1005BA4F jz short loc_1005BA57
.text:1005BA51 mov ecx, [eax]
.text:1005BA53 push eax
.text:1005BA54 call dword ptr [ecx+8]
.text:1005BA57
.text:1005BA57 loc_1005BA57: ; CODE XREF: CQQAllInOneDlg__OnInitDialog+4FF�j
.text:1005BA57 mov ecx, [ebp-0Ch]
.text:1005BA5A xor eax, eax
.text:1005BA5C mov large fs:0, ecx
.text:1005BA63 leave
.text:1005BA64 retn
.text:1005BA64 CQQAllInOneDlg__OnInitDialog endp ; sp = 4
*/
/*CQQAllInOneDlg__constructor
.text:1005720A CQQAllInOneDlg__constructor proc near ; CODE XREF: new_CQQAllInOneDlg+25�p
.text:1005720A mov eax, offset unknown_libname_161 ; MFC 3.1/4.0/4.2/7.1 32bit
.text:1005720F call __EH_prolog
.text:10057214 sub esp, 14h
.text:10057217 push ebx
.text:10057218 push esi
.text:10057219 push edi
.text:1005721A mov ebx, ecx ; ebx = this
.text:1005721C push dword ptr [ebp+8] ; ebp+8=CWnd*,arg_8
.text:1005721F mov [ebp-10h], ebx
.text:10057222 push 1B67h
.text:10057227 call ??0CDialog@@QAE@IPAVCWnd@@@Z ; CDialog::CDialog(uint,CWnd *)
.text:1005722C lea edi, [ebx+60h]
.text:1005722F push 10h ; size_t
.text:10057231 xor esi, esi
.text:10057233 push 23h ; int
.text:10057235 push edi ; void *
.text:10057236 mov [ebp-4], esi
.text:10057239 call memset
.text:1005723E add esp, 0Ch
.text:10057241 mov dword ptr [edi+10h], 60h
.text:10057248 lea ecx, [ebx+74h]
.text:1005724B mov byte ptr [ebp-4], 1
.text:1005724F call ??0CString@@QAE@XZ ; CString::CString(void)
.text:10057254 lea ecx, [ebx+7Ch]
.text:10057257 mov byte ptr [ebp-4], 2
.text:1005725B call sub_100ABF80
.text:10057260 lea ecx, [ebx+3F0h]
.text:10057266 mov byte ptr [ebp-4], 3
.text:1005726A call sub_10009D69
.text:1005726F mov edi, ds:??0CSkinButtonEx@@QAE@XZ ; CSkinButtonEx::CSkinButtonEx(void)
.text:10057275 lea ecx, [ebx+5B8h]
.text:1005727B mov byte ptr [ebp-4], 4
.text:1005727F call edi ; CSkinButtonEx::CSkinButtonEx(void) ; CSkinButtonEx::CSkinButtonEx(void)
.text:10057281 lea ecx, [ebx+6A4h]
.text:10057287 mov byte ptr [ebp-4], 5
.text:1005728B call edi ; CSkinButtonEx::CSkinButtonEx(void) ; CSkinButtonEx::CSkinButtonEx(void)
.text:1005728D lea ecx, [ebx+790h]
.text:10057293 mov byte ptr [ebp-4], 6
.text:10057297 call edi ; CSkinButtonEx::CSkinButtonEx(void) ; CSkinButtonEx::CSkinButtonEx(void)
.text:10057299 lea ecx, [ebx+87Ch]
.text:1005729F mov byte ptr [ebp-4], 7
.text:100572A3 call edi ; CSkinButtonEx::CSkinButtonEx(void) ; CSkinButtonEx::CSkinButtonEx(void)
.text:100572A5 lea ecx, [ebx+968h]
.text:100572AB mov byte ptr [ebp-4], 8
.text:100572AF call edi ; CSkinButtonEx::CSkinButtonEx(void) ; CSkinButtonEx::CSkinButtonEx(void)
.text:100572B1 mov byte ptr [ebp-4], 9
.text:100572B5 lea ecx, [ebx+0A60h]
.text:100572BB mov dword ptr [ebx+0A5Ch], offset off_100D2798
.text:100572C5 call sub_1000916C
.text:100572CA lea ecx, [ebx+0B28h]
.text:100572D0 mov byte ptr [ebp-4], 0Ah
.text:100572D4 call ds:??0CQQRichEditEx@@QAE@XZ ; CQQRichEditEx::CQQRichEditEx(void)
.text:100572DA lea ecx, [ebx+0E60h]
.text:100572E0 mov byte ptr [ebp-4], 0Bh
.text:100572E4 call sub_100807EE
.text:100572E9 lea ecx, [ebx+1004h]
.text:100572EF mov byte ptr [ebp-4], 0Ch
.text:100572F3 call sub_1008D4F4
.text:100572F8 lea ecx, [ebx+1058h]
.text:100572FE mov byte ptr [ebp-4], 0Dh
.text:10057302 call ds:??0CMsgDlgRichEdit@@QAE@XZ ; CMsgDlgRichEdit::CMsgDlgRichEdit(void)
.text:10057308 lea ecx, [ebx+13C4h]
.text:1005730E mov byte ptr [ebp-4], 0Eh
.text:10057312 call ds:??0CYSplitterBar@@QAE@XZ ; CYSplitterBar::CYSplitterBar(void)
.text:10057318 push esi
.text:10057319 lea ecx, [ebx+1430h]
.text:1005731F mov byte ptr [ebp-4], 0Fh
.text:10057323 call ds:??0CMsgListDlg@@QAE@PAVCWnd@@@Z ; CMsgListDlg::CMsgListDlg(CWnd *)
.text:10057329 lea ecx, [ebx+1F78h]
.text:1005732F mov byte ptr [ebp-4], 10h
.text:10057333 call ??0CStringArray@@QAE@XZ ; CStringArray::CStringArray(void)
.text:10057338 lea ecx, [ebx+1F98h]
.text:1005733E mov byte ptr [ebp-4], 11h
.text:10057342 call ??0CStringArray@@QAE@XZ ; CStringArray::CStringArray(void)
.text:10057347 lea ecx, [ebx+1FC0h]
.text:1005734D mov byte ptr [ebp-4], 12h
.text:10057351 call sub_1007D16C
.text:10057356 lea ecx, [ebx+1FD8h]
.text:1005735C mov byte ptr [ebp-4], 13h
.text:10057360 call sub_1007D253
.text:10057365 mov edi, ds:??0CQQToolTip@@QAE@XZ ; CQQToolTip::CQQToolTip(void)
.text:1005736B lea ecx, [ebx+1FF8h]
.text:10057371 mov byte ptr [ebp-4], 14h
.text:10057375 call edi ; CQQToolTip::CQQToolTip(void) ; CQQToolTip::CQQToolTip(void)
.text:10057377 lea ecx, [ebx+2094h]
.text:1005737D mov byte ptr [ebp-4], 15h
.text:10057381 call sub_100089AD
.text:10057386 lea ecx, [ebx+2158h]
.text:1005738C mov byte ptr [ebp-4], 16h
.text:10057390 call ds:??0CAllInOneStaticTipWnd@@QAE@XZ ; CAllInOneStaticTipWnd::CAllInOneStaticTipWnd(void)
.text:10057396 lea ecx, [ebx+2228h]
.text:1005739C mov byte ptr [ebp-4], 17h
.text:100573A0 call ds:??0CAllInOneStatusBar@@QAE@XZ ; CAllInOneStatusBar::CAllInOneStatusBar(void)
.text:100573A6 lea ecx, [ebx+258Ch]
.text:100573AC mov byte ptr [ebp-4], 18h
.text:100573B0 call sub_1008675F
.text:100573B5 lea ecx, [ebx+2690h]
.text:100573BB mov byte ptr [ebp-4], 19h
.text:100573BF call sub_1000FBB4
.text:100573C4 push esi
.text:100573C5 lea ecx, [ebx+2720h]
.text:100573CB mov byte ptr [ebp-4], 1Ah
.text:100573CF call sub_1001370F
.text:100573D4 lea ecx, [ebx+2B54h]
.text:100573DA mov byte ptr [ebp-4], 1Bh
.text:100573DE call ??0CString@@QAE@XZ ; CString::CString(void)
.text:100573E3 lea ecx, [ebx+2CC4h]
.text:100573E9 mov byte ptr [ebp-4], 1Ch
.text:100573ED call ??0CString@@QAE@XZ ; CString::CString(void)
.text:100573F2 lea ecx, [ebx+2CCCh]
.text:100573F8 mov byte ptr [ebp-4], 1Dh
.text:100573FC call ??0CStringArray@@QAE@XZ ; CStringArray::CStringArray(void)
.text:10057401 lea ecx, [ebx+2CE4h]
.text:10057407 mov byte ptr [ebp-4], 1Eh
.text:1005740B call edi ; CQQToolTip::CQQToolTip(void) ; CQQToolTip::CQQToolTip(void)
.text:1005740D lea ecx, [ebx+2D90h]
.text:10057413 mov byte ptr [ebp-4], 1Fh
.text:10057417 call ??0CString@@QAE@XZ ; CString::CString(void)
.text:1005741C mov byte ptr [ebp-4], 20h
.text:10057420 mov [ebx+2DA0h], esi
.text:10057426 lea ecx, [ebx+2DA4h]
.text:1005742C mov byte ptr [ebp-4], 21h
.text:10057430 call ds:??0CTabRelating@@QAE@XZ ; CTabRelating::CTabRelating(void)
.text:10057436 lea ecx, [ebx+2DB8h]
.text:1005743C mov byte ptr [ebp-4], 22h
.text:10057440 call ??0CString@@QAE@XZ ; CString::CString(void)
.text:10057445 lea ecx, [ebx+2DBCh]
.text:1005744B mov byte ptr [ebp-4], 23h
.text:1005744F call ??0CString@@QAE@XZ ; CString::CString(void)
.text:10057454 lea ecx, [ebx+2DC0h]
.text:1005745A mov byte ptr [ebp-4], 24h
.text:1005745E call ??0CString@@QAE@XZ ; CString::CString(void)
.text:10057463 lea ecx, [ebx+2DC4h]
.text:10057469 mov byte ptr [ebp-4], 25h
.text:1005746D call ??0CStringArray@@QAE@XZ ; CStringArray::CStringArray(void)
.text:10057472 lea ecx, [ebx+2E08h]
.text:10057478 mov byte ptr [ebp-4], 26h
.text:1005747C call sub_1007D33A
.text:10057481 lea edi, [ebx+2E24h]
.text:10057487 mov byte ptr [ebp-4], 27h
.text:1005748B mov [edi], esi
.text:1005748D lea ecx, [ebx+2E30h]
.text:10057493 mov byte ptr [ebp-4], 28h
.text:10057497 call ??0CDWordArray@@QAE@XZ ; CDWordArray::CDWordArray(void)
.text:1005749C lea ecx, [ebx+2E44h]
.text:100574A2 mov byte ptr [ebp-4], 29h
.text:100574A6 call ??0CDWordArray@@QAE@XZ ; CDWordArray::CDWordArray(void)
.text:100574AB lea ecx, [ebx+2E58h]
.text:100574B1 mov byte ptr [ebp-4], 2Ah
.text:100574B5 call ??0CDWordArray@@QAE@XZ ; CDWordArray::CDWordArray(void)
.text:100574BA mov byte ptr [ebp-4], 2Bh
.text:100574BE mov dword ptr [ebx], offset CQQAllInOneDlg_vtbl
.text:100574C4 push esi
.text:100574C5 mov ecx, edi
.text:100574C7 mov [ebx+2E28h], esi
.text:100574CD call sub_100A4F53
.text:100574D2 mov [ebx+2B8Ch], esi
.text:100574D8 call sub_10055A36
.text:100574DD mov [ebx+26FCh], esi
.text:100574E3 mov [ebx+0A58h], esi
.text:100574E9 mov [ebx+0A54h], esi
.text:100574EF push 1
.text:100574F1 mov [ebx+2BF4h], esi
.text:100574F7 mov [ebx+2B3Ch], esi
.text:100574FD pop edx
.text:100574FE mov [ebx+2B40h], esi
.text:10057504 mov [ebx+26F8h], esi
.text:1005750A push 8
.text:1005750C mov [ebx+2B58h], esi
.text:10057512 mov [ebx+2CC8h], edx
.text:10057518 lea edi, [ebx+2B1Ch]
.text:1005751E pop ecx
.text:1005751F mov eax, 20202020h
.text:10057524 mov [ebx+2B18h], esi
.text:1005752A rep stosd
.text:1005752C mov dword ptr [ebx+2B5Ch], 0Ah
.text:10057536 mov [ebx+2B60h], esi
.text:1005753C mov [ebx+2B6Ch], esi
.text:10057542 mov [ebx+2B78h], esi
.text:10057548 mov [ebx+26E8h], esi
.text:1005754E mov [ebx+26ECh], esi
.text:10057554 mov [ebx+2710h], esi
.text:1005755A mov [ebx+26F0h], esi
.text:10057560 mov [ebx+26E4h], esi
.text:10057566 mov [ebx+26F4h], esi
.text:1005756C mov [ebx+270Ch], esi
.text:10057572 mov [ebx+2B7Ch], edx
.text:10057578 mov [ebx+2B80h], edx
.text:1005757E mov [ebx+2CC0h], esi
.text:10057584 mov [ebx+2B90h], esi
.text:1005758A mov [ebx+1F94h], edx
.text:10057590 mov [ebx+2BFCh], esi
.text:10057596 mov [ebx+2CE0h], edx
.text:1005759C mov [ebx+2CBCh], esi
.text:100575A2 mov [ebx+1FACh], esi
.text:100575A8 mov [ebx+26D0h], esi
.text:100575AE mov [ebx+26D4h], esi
.text:100575B4 mov [ebx+26D8h], esi
.text:100575BA mov [ebx+0B24h], esi
.text:100575C0 mov [ebx+2714h], esi
.text:100575C6 mov [ebx+2718h], esi
.text:100575CC mov [ebx+271Ch], esi
.text:100575D2 mov dword ptr [ebx+2BECh], 8D8D8Dh
.text:100575DC mov eax, 3E8h
.text:100575E1 mov [ebx+2B68h], esi
.text:100575E7 push offset sub_1005E6A5
.text:100575EC mov [ebx+1FBCh], eax
.text:100575F2 push ebx
.text:100575F3 mov ecx, offset unk_10102888
.text:100575F8 mov [ebx+1FD4h], eax
.text:100575FE call sub_1007D42D
.text:10057603 call ?AfxInitRichEdit@@YGHXZ ; AfxInitRichEdit(void)
.text:10057608 push 3Ch
.text:1005760A call ??2@YAPAXI@Z ; operator new(uint)
.text:1005760F pop ecx
.text:10057610 mov [ebp+8], eax
.text:10057613 cmp eax, esi
.text:10057615 mov byte ptr [ebp-4], 2Ch
.text:10057619 jz short loc_10057624
.text:1005761B mov ecx, eax
.text:1005761D call sub_100501AD
.text:10057622 jmp short loc_10057626
.text:10057624 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
.text:10057624
.text:10057624 loc_10057624: ; CODE XREF: CQQAllInOneDlg__constructor+40F�j
.text:10057624 xor eax, eax
.text:10057626
.text:10057626 loc_10057626: ; CODE XREF: CQQAllInOneDlg__constructor+418�j
.text:10057626 mov byte ptr [ebp-4], 2Bh
.text:1005762A mov [ebx+2B64h], eax
.text:10057630 mov [eax+38h], ebx
.text:10057633 mov [ebx+2700h], esi
.text:10057639 mov [ebx+2BF0h], esi
.text:1005763F mov [ebx+142Ch], esi
.text:10057645 mov [ebx+2C00h], esi
.text:1005764B mov [ebx+2B84h], esi
.text:10057651 mov [ebx+26DCh], esi
.text:10057657 mov dword ptr [ebx+2CB4h], 0FF0000h
.text:10057661 mov dword ptr [ebx+2CB8h], 408000h
.text:1005766B push 1
.text:1005766D mov dword ptr [ebx+1428h], 2
.text:10057677 mov [ebx+2B88h], esi
.text:1005767D pop edi
.text:1005767E mov [ebx+0B14h], esi
.text:10057684 mov [ebx+78h], edi
.text:10057687 mov [ebx+1FB0h], esi
.text:1005768D mov [ebx+1FB4h], esi
.text:10057693 push 40h
.text:10057695 mov [ebx+2BF8h], esi
.text:1005769B call ??2@YAPAXI@Z ; operator new(uint)
.text:100576A0 pop ecx
.text:100576A1 mov [ebp+8], eax
.text:100576A4 cmp eax, esi
.text:100576A6 mov byte ptr [ebp-4], 2Dh
.text:100576AA jz short loc_100576B5
.text:100576AC mov ecx, eax
.text:100576AE call sub_10012B03
.text:100576B3 jmp short loc_100576B7
.text:100576B5 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
.text:100576B5
.text:100576B5 loc_100576B5: ; CODE XREF: CQQAllInOneDlg__constructor+4A0�j
.text:100576B5 xor eax, eax
.text:100576B7
.text:100576B7 loc_100576B7: ; CODE XREF: CQQAllInOneDlg__constructor+4A9�j
.text:100576B7 push offset sub_10070774
.text:100576BC mov byte ptr [ebp-4], 2Bh
.text:100576C0 push ebx
.text:100576C1 mov ecx, eax
.text:100576C3 mov [ebx+1F74h], eax
.text:100576C9 call sub_1007D4B6
.text:100576CE mov word ptr [ebx+2D80h], 71h
.text:100576D7 mov [ebx+2D82h], si
.text:100576DE mov [ebx+2D84h], esi
.text:100576E4 mov [ebx+2D88h], edi
.text:100576EA mov edi, offset byte_10101250
.text:100576EF lea ecx, [ebx+2D90h]
.text:100576F5 push edi
.text:100576F6 mov [ebx+2D8Ch], esi
.text:100576FC call ??4CString@@QAEABV0@PBD@Z ; CString::operator=(char const *)
.text:10057701 push edi
.text:10057702 lea ecx, [ebx+2B54h]
.text:10057708 call ??4CString@@QAEABV0@PBD@Z ; CString::operator=(char const *)
.text:1005770D push esi
.text:1005770E lea ecx, [ebx+2DA0h]
.text:10057714 mov [ebx+1FB8h], esi
.text:1005771A mov [ebx+2D94h], esi
.text:10057720 mov [ebx+2D98h], esi
.text:10057726 mov [ebx+2D9Ch], esi
.text:1005772C mov [ebx+2B14h], esi
.text:10057732 mov [ebx+1FF0h], esi
.text:10057738 mov [ebx+1FF4h], esi
.text:1005773E mov [ebx+1FECh], esi
.text:10057744 mov dword ptr [ebx+2B48h], 0ABE0h
.text:1005774E call sub_100A4F53
.text:10057753 push edi
.text:10057754 lea ecx, [ebx+2DBCh]
.text:1005775A mov [ebx+2704h], esi
.text:10057760 mov [ebx+2708h], esi
.text:10057766 mov [ebx+2B70h], esi
.text:1005776C mov [ebx+2DECh], esi
.text:10057772 call ??4CString@@QAEABV0@PBD@Z ; CString::operator=(char const *)
.text:10057777 push edi
.text:10057778 lea ecx, [ebx+2DB8h]
.text:1005777E call ??4CString@@QAEABV0@PBD@Z ; CString::operator=(char const *)
.text:10057783 push edi
.text:10057784 lea ecx, [ebx+2DC0h]
.text:1005778A call ??4CString@@QAEABV0@PBD@Z ; CString::operator=(char const *)
.text:1005778F mov [ebp-20h], esi
.text:10057792 mov [ebp-1Ch], esi
.text:10057795 mov [ebp-18h], esi
.text:10057798 mov [ebp-14h], esi
.text:1005779B lea edi, [ebx+2DD8h]
.text:100577A1 lea esi, [ebp-20h]
.text:100577A4 movsd
.text:100577A5 movsd
.text:100577A6 movsd
.text:100577A7 push 1
.text:100577A9 xor eax, eax
.text:100577AB pop ecx
.text:100577AC mov [ebx+2DE8h], eax
.text:100577B2 movsd
.text:100577B3 mov [ebx+2588h], eax
.text:100577B9 mov [ebx+2B50h], ecx
.text:100577BF mov [ebx+2DF0h], eax
.text:100577C5 mov [ebx+2DF4h], eax
.text:100577CB mov [ebx+2B4Ch], eax
.text:100577D1 mov [ebx+2DF8h], eax
.text:100577D7 mov [ebx+2DFCh], eax
.text:100577DD mov [ebx+2E00h], eax
.text:100577E3 mov [ebx+2C08h], eax
.text:100577E9 mov [ebx+2BF4h], eax
.text:100577EF mov [ebx+1F8Ch], eax
.text:100577F5 mov [ebx+2E1Ch], eax
.text:100577FB mov [ebx+2E20h], eax
.text:10057801 mov [ebx+0B18h], eax
.text:10057807 mov [ebx+0B1Ch], eax
.text:1005780D mov [ebx+2E04h], eax
.text:10057813 mov [ebx+2E2Ch], eax
.text:10057819 mov [ebx+1F90h], ecx
.text:1005781F mov [ebx+2E6Ch], eax
.text:10057825 mov [ebx+2E70h], eax
.text:1005782B and [ebx+2E74h], al
.text:10057831 or dword ptr [ebp-4], 0FFFFFFFFh
.text:10057835 mov eax, ebx
.text:10057837 pop edi
.text:10057838 mov ecx, [ebp-0Ch]
.text:1005783B pop esi
.text:1005783C pop ebx
.text:1005783D mov large fs:0, ecx
.text:10057844 leave
.text:10057845 retn 4
.text:10057845 CQQAllInOneDlg__constructor endp ; sp = 4
.text:10057845
.text:10057848
.text:10057848 ; 圹圹圹圹圹圹圹?S U B R O U T I N E 圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹?
.text:10057848
.text:10057848
*/
/*new_CQQAllInOneDlg
.text:100571CA new_CQQAllInOneDlg proc near ; DATA XREF: .rdata:100D10A4�o
.text:100571CA mov eax, offset loc_100BAAFD
.text:100571CF call __EH_prolog
.text:100571D4 push ecx ; save ecx
.text:100571D5 push 2E78h ; sizeof(CAllInOneDlg)
.text:100571DA call ??2@YAPAXI@Z ; operator new(uint)
.text:100571DF pop ecx ; ecx = new CAllInOneDlg,终于找到了
.text:100571E0 mov ecx, eax
.text:100571E2 mov [ebp-10h], ecx
.text:100571E5 xor eax, eax
.text:100571E7 cmp ecx, eax ; if ecx == 0
.text:100571E9 mov [ebp-4], eax
.text:100571EC jz short loc_100571F4
.text:100571EE push eax
.text:100571EF call CQQAllInOneDlg__constructor
.text:100571F4
.text:100571F4 loc_100571F4: ; CODE XREF: new_CQQAllInOneDlg+22�j
.text:100571F4 mov ecx, [ebp-0Ch]
.text:100571F7 or dword ptr [ebp-4], 0FFFFFFFFh
.text:100571FB mov large fs:0, ecx
.text:10057202 leave
.text:10057203 retn
.text:10057203 new_CQQAllInOneDlg endp ; sp = 4
*/
|
|
浙公网安备 33010602011771号