回复 13# haijie1223
睡醒没, 等着看表演呢
回复 16# user3000
你不提醒 我还差点忘了这茬了。晚上看看有时间的话搞下,现在上班时间。
不是很明白在玩什么,凑个热闹
{:face (125):}
回复 18# tryhi
很明显不是真实地址,你改的是显示的地址(显存?) 这两个数字出自同一个变量的
好深奥,看不懂
回复tryhi
很明显不是真实地址,你改的是显示的地址(显存?) 这两个数字出自同一个变量 ...
Qokelate 发表于 2012-4-12 18:45 http://www.autoitx.com/images/common/back.gif
第三个不就是你那个变量吗?前面两个是方框里面的字符,你生成值之后放到方框里面你这个变量怎么锁不是一样没作用?
回复 21# tryhi
大海兄,如果是实际内存地址,应该在任何电脑上都是唯一的。我在我的电脑上测试你的那个地址好像不对。
我中午测试那个也是,可能咱们找打的都是指针,不是真正的地址。
搞不了,让lanfengc来看看吧
回复 21# tryhi
如果第三个值是变量的值,则无论如何点按钮,显示的数都是不变的,因为那数字就是来自变量,你锁定有效果吗?
经多方测试证明(XP/srv2008/2003R2) 地址只有一个!!
老板,这东西建议请出 LANFENGC前两天还建他上线的说
回复 25# 魔导
也不知他有没这闲功夫
你真是挺蛋疼的。 还得让人脱壳看看再说,不一定搞的定。
我还是比较喜欢作弊引擎,还有教程的
弄了几个小时,CE没戏,OD加载后,可以调试,跟踪了一会,累的不行, 不想弄了。 发来给大家看看, 谁有兴趣自己搞。 另外问楼主求真想……{:face (319):}
771A8EBF >8BFF MOV EDI,EDI ; 申请一个4字节的空间
771A8EC1 55 PUSH EBP ; 保存EBP
771A8EC2 8BEC MOV EBP,ESP ; ESP写入EBP
771A8EC4 83EC 74 SUB ESP,74 ; ESP-74
771A8EC7 A1 E0232177 MOV EAX,DWORD PTR DS: ; 4A64写入EAX
771A8ECC 8B4D 10 MOV ECX,DWORD PTR SS: ; 将EBP+10的数据写入ECX 1
771A8ECF 8365 B4 00 AND DWORD PTR SS:,0 ; 置零
771A8ED3 53 PUSH EBX ; 保存EBX
771A8ED4 8B1D 2C141877 MOV EBX,DWORD PTR DS:[<&USER32.GetWindowLongW>] ; 将获取窗口属性的函数入口地址写入EBX
771A8EDA 56 PUSH ESI ; 控件句柄
771A8EDB 57 PUSH EDI ; 要获取的属性
771A8EDC 8B7D 14 MOV EDI,DWORD PTR SS: ; EBP+14写入EDI 40026
771A8EDF 8945 FC MOV DWORD PTR SS:,EAX ; EAX 的4A64写入EBP-4
771A8EE2 8B45 08 MOV EAX,DWORD PTR SS: ; 9040E按钮的句柄
771A8EE5 6A 00 PUSH 0
771A8EE7 50 PUSH EAX
771A8EE8 8945 B0 MOV DWORD PTR SS:,EAX ; 按钮句柄
771A8EEB 894D B8 MOV DWORD PTR SS:,ECX ; 1
771A8EEE 897D AC MOV DWORD PTR SS:,EDI ; 40026
771A8EF1 FFD3 CALL EBX ; GetWindowLongW
771A8EF3 8B4D 0C MOV ECX,DWORD PTR SS: ; 消息ID 左键按下201
771A8EF6 8BF0 MOV ESI,EAX ; 903480
771A8EF8 85F6 TEST ESI,ESI ; 检查ESI是否为空
771A8EFA BA 81000000 MOV EDX,81 ; 81
771A8EFF 75 08 JNZ SHORT COMCTL32.771A8F09
771A8F01 3BCA CMP ECX,EDX
771A8F03 0F85 540A0000 JNZ COMCTL32.771A995D
771A8F09 B8 F5000000 MOV EAX,0F5 ; 0f5
771A8F0E 3BC8 CMP ECX,EAX ; 比较消息ID和F5
771A8F10 0F87 8B060000 JA COMCTL32.771A95A1 ; 高于转移
771A8F16 0F84 14060000 JE COMCTL32.771A9530
771A8F1C 83F9 3D CMP ECX,3D ; 比较消息ID和3D 注意,第二次发送的BM_SETSTATE也参与
771A8F1F 0F87 41020000 JA COMCTL32.771A9166
771A8F25 0F84 21020000 JE COMCTL32.771A914C
771A8F2B 83F9 0C CMP ECX,0C
771A8F2E 0F87 8C010000 JA COMCTL32.771A90C0
771A8F34 0F84 03010000 JE COMCTL32.771A903D
771A8F3A 8BC1 MOV EAX,ECX
771A8F3C 48 DEC EAX
771A8F3D 0F84 D6000000 JE COMCTL32.771A9019
771A8F43 83E8 06 SUB EAX,6
771A8F46 74 54 JE SHORT COMCTL32.771A8F9C
771A8F48 48 DEC EAX
771A8F49 74 11 JE SHORT COMCTL32.771A8F5C
771A8F4B 48 DEC EAX
771A8F4C 48 DEC EAX
771A8F4D 0F85 F3090000 JNZ COMCTL32.771A9946
771A8F53 8365 B4 00 AND DWORD PTR SS:,0
771A8F57 E9 59010000 JMP COMCTL32.771A90B5
771A8F5C F646 24 40 TEST BYTE PTR DS:,40
771A8F60 74 11 JE SHORT COMCTL32.771A8F73
771A8F62 6A 00 PUSH 0
771A8F64 6A 00 PUSH 0
771A8F66 68 F3000000 PUSH 0F3
771A8F6B FF36 PUSH DWORD PTR DS:
771A8F6D FF15 FC131877 CALL DWORD PTR DS:[<&USER32.SendMessageW>] ; USER32.SendMessageW
771A8F73 6A 01 PUSH 1
771A8F75 56 PUSH ESI
771A8F76 E8 EFE3FFFF CALL COMCTL32.771A736A
771A8F7B 8B46 60 MOV EAX,DWORD PTR DS:
771A8F7E 8366 24 F7 AND DWORD PTR DS:,FFFFFFF7
771A8F82 F640 0D 40 TEST BYTE PTR DS:,40
771A8F86 74 08 JE SHORT COMCTL32.771A8F90
771A8F88 6A 07 PUSH 7
771A8F8A 56 PUSH ESI
771A8F8B E8 92E3FFFF CALL COMCTL32.771A7322
771A8F90 6A 00 PUSH 0
771A8F92 6A 00 PUSH 0
771A8F94 FF75 B0 PUSH DWORD PTR SS:
771A8F97 E9 58090000 JMP COMCTL32.771A98F4
771A8F9C 834E 24 08 OR DWORD PTR DS:,8
771A8FA0 8B46 60 MOV EAX,DWORD PTR DS:
771A8FA3 8B40 0C MOV EAX,DWORD PTR DS:
771A8FA6 83E0 0F AND EAX,0F
771A8FA9 3C 0B CMP AL,0B
771A8FAB 75 23 JNZ SHORT COMCTL32.771A8FD0
771A8FAD 33DB XOR EBX,EBX
771A8FAF 53 PUSH EBX
771A8FB0 56 PUSH ESI
771A8FB1 E8 ACE0FFFF CALL COMCTL32.771A7062
771A8FB6 8BF8 MOV EDI,EAX
771A8FB8 3BFB CMP EDI,EBX
771A8FBA 74 20 JE SHORT COMCTL32.771A8FDC
771A8FBC 53 PUSH EBX
771A8FBD 6A 02 PUSH 2
771A8FBF 57 PUSH EDI
771A8FC0 56 PUSH ESI
771A8FC1 E8 B4EAFFFF CALL COMCTL32.771A7A7A
771A8FC6 53 PUSH EBX
771A8FC7 57 PUSH EDI
771A8FC8 56 PUSH ESI
771A8FC9 E8 D7E0FFFF CALL COMCTL32.771A70A5
771A8FCE EB 0C JMP SHORT COMCTL32.771A8FDC
771A8FD0 6A 00 PUSH 0
771A8FD2 6A 00 PUSH 0
771A8FD4 FF36 PUSH DWORD PTR DS:
771A8FD6 FF15 9C141877 CALL DWORD PTR DS:[<&USER32.InvalidateRect>] ; USER32.InvalidateRect
771A8FDC 8B46 60 MOV EAX,DWORD PTR DS:
771A8FDF F640 0D 40 TEST BYTE PTR DS:,40
771A8FE3 74 08 JE SHORT COMCTL32.771A8FED
771A8FE5 6A 06 PUSH 6
771A8FE7 56 PUSH ESI
771A8FE8 E8 35E3FFFF CALL COMCTL32.771A7322
771A8FED 8B4E 24 MOV ECX,DWORD PTR DS:
771A8FF0 F6C1 10 TEST CL,10
771A8FF3 75 1C JNZ SHORT COMCTL32.771A9011
771A8FF5 8B46 60 MOV EAX,DWORD PTR DS:
771A8FF8 8B40 0C MOV EAX,DWORD PTR DS:
771A8FFB 83E0 0F AND EAX,0F
771A8FFE 83F8 04 CMP EAX,4
771A9001 74 05 JE SHORT COMCTL32.771A9008
771A9003 83F8 09 CMP EAX,9
771A9006 75 09 JNZ SHORT COMCTL32.771A9011
771A9008 F6C1 83 TEST CL,83
771A900B 0F84 68060000 JE COMCTL32.771A9679
771A9011 8B45 B4 MOV EAX,DWORD PTR SS:
771A9014 E9 A7090000 JMP COMCTL32.771A99C0
771A9019 56 PUSH ESI
771A901A E8 B3DDFFFF CALL COMCTL32.771A6DD2
771A901F 57 PUSH EDI
771A9020 FF75 B0 PUSH DWORD PTR SS:
771A9023 8946 5C MOV DWORD PTR DS:,EAX
771A9026 56 PUSH ESI
771A9027 E8 50E1FDFF CALL COMCTL32.7718717C
771A902C 6A 00 PUSH 0
771A902E 6A 03 PUSH 3
771A9030 68 27010000 PUSH 127
771A9035 FF75 B0 PUSH DWORD PTR SS:
771A9038 E9 59050000 JMP COMCTL32.771A9596
771A903D 8B46 60 MOV EAX,DWORD PTR DS:
771A9040 8B40 0C MOV EAX,DWORD PTR DS:
771A9043 83E0 0F AND EAX,0F
771A9046 3C 07 CMP AL,7
771A9048 75 47 JNZ SHORT COMCTL32.771A9091
771A904A 8D45 AC LEA EAX,DWORD PTR SS:
771A904D 50 PUSH EAX
771A904E 56 PUSH ESI
771A904F E8 0EE0FFFF CALL COMCTL32.771A7062
771A9054 8BD8 MOV EBX,EAX
771A9056 85DB TEST EBX,EBX
771A9058 74 37 JE SHORT COMCTL32.771A9091
771A905A 6A 00 PUSH 0
771A905C 6A 03 PUSH 3
771A905E 8D45 9C LEA EAX,DWORD PTR SS:
771A9061 50 PUSH EAX
771A9062 53 PUSH EBX
771A9063 56 PUSH ESI
771A9064 E8 C7E6FFFF CALL COMCTL32.771A7730
771A9069 6A 01 PUSH 1
771A906B 8D45 9C LEA EAX,DWORD PTR SS:
771A906E 50 PUSH EAX
771A906F FF75 B0 PUSH DWORD PTR SS:
771A9072 FF15 9C141877 CALL DWORD PTR DS:[<&USER32.InvalidateRect>] ; USER32.InvalidateRect
771A9078 FF75 AC PUSH DWORD PTR SS:
771A907B 8D45 9C LEA EAX,DWORD PTR SS:
771A907E 50 PUSH EAX
771A907F 53 PUSH EBX
771A9080 FF15 3C141877 CALL DWORD PTR DS:[<&USER32.FillRect>] ; USER32.FillRect
771A9086 8D45 AC LEA EAX,DWORD PTR SS:
771A9089 50 PUSH EAX
771A908A 53 PUSH EBX
771A908B 56 PUSH ESI
771A908C E8 14E0FFFF CALL COMCTL32.771A70A5
771A9091 57 PUSH EDI
771A9092 FF75 B8 PUSH DWORD PTR SS:
771A9095 6A 0C PUSH 0C
771A9097 FF75 B0 PUSH DWORD PTR SS:
771A909A FF15 38141877 CALL DWORD PTR DS:[<&USER32.DefWindowProcW>] ; USER32.DefWindowProcW
771A90A0 6A 00 PUSH 0
771A90A2 6A 00 PUSH 0
771A90A4 FF75 B0 PUSH DWORD PTR SS:
771A90A7 8945 B4 MOV DWORD PTR SS:,EAX
771A90AA 68 0C800000 PUSH 800C
771A90AF FF15 18151877 CALL DWORD PTR DS:[<&USER32.NotifyWinEvent>] ; USER32.NotifyWinEvent
771A90B5 56 PUSH ESI
771A90B6 E8 D0FDFFFF CALL COMCTL32.771A8E8B
771A90BB^ E9 51FFFFFF JMP COMCTL32.771A9011
771A90C0 8BC1 MOV EAX,ECX
771A90C2 83E8 0F SUB EAX,0F
771A90C5 74 40 JE SHORT COMCTL32.771A9107
771A90C7 83E8 05 SUB EAX,5
771A90CA 74 2D JE SHORT COMCTL32.771A90F9
771A90CC 83E8 1C SUB EAX,1C
771A90CF 74 12 JE SHORT COMCTL32.771A90E3
771A90D1 48 DEC EAX
771A90D2 0F85 6E080000 JNZ COMCTL32.771A9946
771A90D8 8B46 28 MOV EAX,DWORD PTR DS:
771A90DB 8945 B4 MOV DWORD PTR SS:,EAX
771A90DE^ E9 2EFFFFFF JMP COMCTL32.771A9011
771A90E3 33C0 XOR EAX,EAX
771A90E5 85FF TEST EDI,EDI
771A90E7 0F95C0 SETNE AL
771A90EA 50 PUSH EAX
771A90EB FF75 B8 PUSH DWORD PTR SS:
771A90EE 56 PUSH ESI
771A90EF E8 73DEFFFF CALL COMCTL32.771A6F67
771A90F4^ E9 18FFFFFF JMP COMCTL32.771A9011
771A90F9 FF75 B8 PUSH DWORD PTR SS:
771A90FC 56 PUSH ESI
771A90FD E8 FAE3FFFF CALL COMCTL32.771A74FC
771A9102 E9 B0070000 JMP COMCTL32.771A98B7
771A9107 8B7D B8 MOV EDI,DWORD PTR SS:
771A910A 85FF TEST EDI,EDI
771A910C 75 0F JNZ SHORT COMCTL32.771A911D
771A910E 8D45 BC LEA EAX,DWORD PTR SS:
771A9111 50 PUSH EAX
771A9112 FF75 B0 PUSH DWORD PTR SS:
771A9115 FF15 E8141877 CALL DWORD PTR DS:[<&USER32.BeginPaint>] ; USER32.BeginPaint
771A911B 8BF8 MOV EDI,EAX
771A911D FF36 PUSH DWORD PTR DS:
771A911F FF15 70141877 CALL DWORD PTR DS:[<&USER32.IsWindowVisible>] ; USER32.IsWindowVisible
771A9125 85C0 TEST EAX,EAX
771A9127 74 07 JE SHORT COMCTL32.771A9130
771A9129 57 PUSH EDI
771A912A 56 PUSH ESI
771A912B E8 F3F9FFFF CALL COMCTL32.771A8B23
771A9130 837D B8 00 CMP DWORD PTR SS:,0
771A9134^ 0F85 D7FEFFFF JNZ COMCTL32.771A9011
771A913A 8D45 BC LEA EAX,DWORD PTR SS:
771A913D 50 PUSH EAX
771A913E FF75 B0 PUSH DWORD PTR SS:
771A9141 FF15 E4141877 CALL DWORD PTR DS:[<&USER32.EndPaint>] ; USER32.EndPaint
771A9147^ E9 C5FEFFFF JMP COMCTL32.771A9011
771A914C 83FF F4 CMP EDI,-0C
771A914F 75 0C JNZ SHORT COMCTL32.771A915D
771A9151 C745 B4 0200010>MOV DWORD PTR SS:,10002 ; UNICODE "830B7BD-F7A3-4c4d-989B-C004DE465EDE=204:904430"
771A9158^ E9 B4FEFFFF JMP COMCTL32.771A9011
771A915D 8365 B4 00 AND DWORD PTR SS:,0
771A9161^ E9 ABFEFFFF JMP COMCTL32.771A9011
771A9166 B8 F0000000 MOV EAX,0F0 ; EAX写入F0
771A916B 3BC8 CMP ECX,EAX ; 消息ID和F0对比
771A916D 0F87 7A020000 JA COMCTL32.771A93ED ; 大于跳转
771A9173 0F84 66020000 JE COMCTL32.771A93DF
771A9179 8BC1 MOV EAX,ECX
771A917B 2BC2 SUB EAX,EDX
771A917D 0F84 9A010000 JE COMCTL32.771A931D
771A9183 48 DEC EAX
771A9184 0F84 64010000 JE COMCTL32.771A92EE
771A918A 6A 02 PUSH 2
771A918C 5A POP EDX
771A918D 2BC2 SUB EAX,EDX
771A918F 0F84 AE000000 JE COMCTL32.771A9243
771A9195 83E8 03 SUB EAX,3
771A9198 0F85 A8070000 JNZ COMCTL32.771A9946
771A919E C745 B4 0020000>MOV DWORD PTR SS:,2000
771A91A5 8B46 60 MOV EAX,DWORD PTR DS:
771A91A8 8B40 0C MOV EAX,DWORD PTR DS:
771A91AB 83E0 0F AND EAX,0F
771A91AE 83F8 04 CMP EAX,4
771A91B1 77 5C JA SHORT COMCTL32.771A920F
771A91B3 74 76 JE SHORT COMCTL32.771A922B
771A91B5 85C0 TEST EAX,EAX
771A91B7 74 66 JE SHORT COMCTL32.771A921F
771A91B9 83F8 01 CMP EAX,1
771A91BC 74 45 JE SHORT COMCTL32.771A9203
771A91BE^ 0F86 4DFEFFFF JBE COMCTL32.771A9011
771A91C4 83F8 03 CMP EAX,3
771A91C7^ 0F87 44FEFFFF JA COMCTL32.771A9011
771A91CD 85FF TEST EDI,EDI
771A91CF^ 0F84 3CFEFFFF JE COMCTL32.771A9011
771A91D5 817F 04 0201000>CMP DWORD PTR DS:,102
771A91DC^ 0F85 2FFEFFFF JNZ COMCTL32.771A9011
771A91E2 8B45 B8 MOV EAX,DWORD PTR SS:
771A91E5 83E8 2B SUB EAX,2B
771A91E8 74 0D JE SHORT COMCTL32.771A91F7
771A91EA 2BC2 SUB EAX,EDX
771A91EC 74 09 JE SHORT COMCTL32.771A91F7
771A91EE 83E8 10 SUB EAX,10
771A91F1^ 0F85 1AFEFFFF JNZ COMCTL32.771A9011
771A91F7 C745 B4 8020000>MOV DWORD PTR SS:,2080
771A91FE^ E9 0EFEFFFF JMP COMCTL32.771A9011
771A9203 C745 B4 1020000>MOV DWORD PTR SS:,2010
771A920A^ E9 02FEFFFF JMP COMCTL32.771A9011
771A920F 83E8 07 SUB EAX,7
771A9212 74 23 JE SHORT COMCTL32.771A9237
771A9214 2BC2 SUB EAX,EDX
771A9216 74 13 JE SHORT COMCTL32.771A922B
771A9218 48 DEC EAX
771A9219^ 0F85 F2FDFFFF JNZ COMCTL32.771A9011
771A921F C745 B4 2020000>MOV DWORD PTR SS:,2020
771A9226^ E9 E6FDFFFF JMP COMCTL32.771A9011
771A922B C745 B4 4020000>MOV DWORD PTR SS:,2040
771A9232^ E9 DAFDFFFF JMP COMCTL32.771A9011
771A9237 C745 B4 0001000>MOV DWORD PTR SS:,100
771A923E^ E9 CEFDFFFF JMP COMCTL32.771A9011
771A9243 8B46 60 MOV EAX,DWORD PTR DS:
771A9246 8B40 0C MOV EAX,DWORD PTR DS:
771A9249 83E0 0F AND EAX,0F
771A924C 3C 07 CMP AL,7
771A924E 75 09 JNZ SHORT COMCTL32.771A9259
771A9250 834D B4 FF OR DWORD PTR SS:,FFFFFFFF
771A9254^ E9 B8FDFFFF JMP COMCTL32.771A9011
771A9259 57 PUSH EDI
771A925A FF75 B8 PUSH DWORD PTR SS:
771A925D 68 84000000 PUSH 84
771A9262 FF75 B0 PUSH DWORD PTR SS:
771A9265 FF15 38141877 CALL DWORD PTR DS:[<&USER32.DefWindowProcW>] ; USER32.DefWindowProcW
771A926B 83F8 01 CMP EAX,1
771A926E 8945 B4 MOV DWORD PTR SS:,EAX
771A9271^ 0F85 9AFDFFFF JNZ COMCTL32.771A9011
771A9277 33DB XOR EBX,EBX
771A9279 395E 5C CMP DWORD PTR DS:,EBX
771A927C^ 0F84 8FFDFFFF JE COMCTL32.771A9011
771A9282 395E 2C CMP DWORD PTR DS:,EBX
771A9285^ 0F85 86FDFFFF JNZ COMCTL32.771A9011
771A928B 8D45 AC LEA EAX,DWORD PTR SS:
771A928E 50 PUSH EAX
771A928F 8D45 B0 LEA EAX,DWORD PTR SS:
771A9292 50 PUSH EAX
771A9293 56 PUSH ESI
771A9294 895D B0 MOV DWORD PTR SS:,EBX
771A9297 895D AC MOV DWORD PTR SS:,EBX
771A929A E8 B3E2FFFF CALL COMCTL32.771A7552
771A929F 85C0 TEST EAX,EAX
771A92A1 7C 0C JL SHORT COMCTL32.771A92AF
771A92A3 8D45 9C LEA EAX,DWORD PTR SS:
771A92A6 50 PUSH EAX
771A92A7 FF36 PUSH DWORD PTR DS:
771A92A9 FF15 C0131877 CALL DWORD PTR DS:[<&USER32.GetWindowRect>] ; USER32.GetWindowRect
771A92AF 0FBFC7 MOVSX EAX,DI
771A92B2 C1EF 10 SHR EDI,10
771A92B5 0FBFCF MOVSX ECX,DI
771A92B8 8D55 BA LEA EDX,DWORD PTR SS:
771A92BB 52 PUSH EDX
771A92BC 51 PUSH ECX
771A92BD 50 PUSH EAX
771A92BE 53 PUSH EBX
771A92BF 8D45 9C LEA EAX,DWORD PTR SS:
771A92C2 50 PUSH EAX
771A92C3 53 PUSH EBX
771A92C4 FF75 AC PUSH DWORD PTR SS:
771A92C7 FF75 B0 PUSH DWORD PTR SS:
771A92CA 53 PUSH EBX
771A92CB FF76 5C PUSH DWORD PTR DS:
771A92CE FF15 CC242177 CALL DWORD PTR DS: ; COMCTL32.7720A39F
771A92D4 85C0 TEST EAX,EAX
771A92D6^ 0F8C 35FDFFFF JL COMCTL32.771A9011
771A92DC 0FB745 BA MOVZX EAX,WORD PTR SS:
771A92E0 83F8 FF CMP EAX,-1
771A92E3^ 0F85 28FDFFFF JNZ COMCTL32.771A9011
771A92E9^ E9 62FFFFFF JMP COMCTL32.771A9250
771A92EE 8B46 5C MOV EAX,DWORD PTR DS:
771A92F1 85C0 TEST EAX,EAX
771A92F3 74 07 JE SHORT COMCTL32.771A92FC
771A92F5 50 PUSH EAX
771A92F6 FF15 94242177 CALL DWORD PTR DS: ; COMCTL32.7720A36D
771A92FC 56 PUSH ESI
771A92FD 33F6 XOR ESI,ESI
771A92FF 56 PUSH ESI
771A9300 FF15 B0121877 CALL DWORD PTR DS:[<&KERNEL32.GetProcessHeap>] ; kernel32.GetProcessHeap
771A9306 50 PUSH EAX
771A9307 FF15 B4121877 CALL DWORD PTR DS:[<&KERNEL32.HeapFree>] ; ntdll.RtlFreeHeap
771A930D 56 PUSH ESI
771A930E 56 PUSH ESI
771A930F FF75 B0 PUSH DWORD PTR SS:
771A9312 FF15 28141877 CALL DWORD PTR DS:[<&USER32.SetWindowLongW>] ; USER32.SetWindowLongW
771A9318^ E9 F4FCFFFF JMP COMCTL32.771A9011
771A931D 6A 64 PUSH 64
771A931F 6A 08 PUSH 8
771A9321 FF15 B0121877 CALL DWORD PTR DS:[<&KERNEL32.GetProcessHeap>] ; kernel32.GetProcessHeap
771A9327 50 PUSH EAX
771A9328 FF15 AC121877 CALL DWORD PTR DS:[<&KERNEL32.HeapAlloc>] ; ntdll.RtlAllocateHeap
771A932E 8BF8 MOV EDI,EAX
771A9330 85FF TEST EDI,EDI
771A9332^ 0F84 25FEFFFF JE COMCTL32.771A915D
771A9338 8B75 B0 MOV ESI,DWORD PTR SS:
771A933B 57 PUSH EDI
771A933C 6A 00 PUSH 0
771A933E 56 PUSH ESI
771A933F FF15 28141877 CALL DWORD PTR DS:[<&USER32.SetWindowLongW>] ; USER32.SetWindowLongW
771A9345 6A FF PUSH -1
771A9347 56 PUSH ESI
771A9348 8937 MOV DWORD PTR DS:,ESI
771A934A FFD3 CALL EBX
771A934C 8B35 7C151877 MOV ESI,DWORD PTR DS:[<&USER32.GetSystemMetrics>] ; USER32.GetSystemMetrics
771A9352 6A 2E PUSH 2E
771A9354 8947 60 MOV DWORD PTR DS:,EAX
771A9357 FFD6 CALL ESI
771A9359 99 CDQ
771A935A 2BC2 SUB EAX,EDX
771A935C D1F8 SAR EAX,1
771A935E 50 PUSH EAX
771A935F 6A 2D PUSH 2D
771A9361 FFD6 CALL ESI
771A9363 99 CDQ
771A9364 2BC2 SUB EAX,EDX
771A9366 D1F8 SAR EAX,1
771A9368 50 PUSH EAX
771A9369 6A 2E PUSH 2E
771A936B FFD6 CALL ESI
771A936D 99 CDQ
771A936E 2BC2 SUB EAX,EDX
771A9370 D1F8 SAR EAX,1
771A9372 50 PUSH EAX
771A9373 6A 2D PUSH 2D
771A9375 FFD6 CALL ESI
771A9377 99 CDQ
771A9378 2BC2 SUB EAX,EDX
771A937A D1F8 SAR EAX,1
771A937C 50 PUSH EAX
771A937D 8D47 34 LEA EAX,DWORD PTR DS:
771A9380 50 PUSH EAX
771A9381 FF15 F4131877 CALL DWORD PTR DS:[<&USER32.SetRect>] ; USER32.SetRect
771A9387 8B47 60 MOV EAX,DWORD PTR DS:
771A938A 8B48 04 MOV ECX,DWORD PTR DS:
771A938D F6C5 01 TEST CH,1
771A9390 74 2C JE SHORT COMCTL32.771A93BE
771A9392 C1E9 09 SHR ECX,9
771A9395 83E1 01 AND ECX,1
771A9398 75 0B JNZ SHORT COMCTL32.771A93A5
771A939A 8A50 0C MOV DL,BYTE PTR DS:
771A939D 80E2 DF AND DL,0DF
771A93A0 80FA 08 CMP DL,8
771A93A3 74 0D JE SHORT COMCTL32.771A93B2
771A93A5 85C9 TEST ECX,ECX
771A93A7 74 15 JE SHORT COMCTL32.771A93BE
771A93A9 8B40 0C MOV EAX,DWORD PTR DS:
771A93AC 24 0F AND AL,0F
771A93AE 3C 08 CMP AL,8
771A93B0 75 0C JNZ SHORT COMCTL32.771A93BE
771A93B2 6A 00 PUSH 0
771A93B4 6A 0F PUSH 0F
771A93B6 FF75 B0 PUSH DWORD PTR SS:
771A93B9 E8 EACF0200 CALL COMCTL32.771D63A8
771A93BE 8B47 60 MOV EAX,DWORD PTR DS:
771A93C1 F640 09 10 TEST BYTE PTR DS:,10
771A93C5 0F84 92050000 JE COMCTL32.771A995D
771A93CB B8 20020000 MOV EAX,220
771A93D0 50 PUSH EAX
771A93D1 50 PUSH EAX
771A93D2 FF75 B0 PUSH DWORD PTR SS:
771A93D5 E8 CECF0200 CALL COMCTL32.771D63A8
771A93DA E9 7E050000 JMP COMCTL32.771A995D
771A93DF 8B76 24 MOV ESI,DWORD PTR DS:
771A93E2 83E6 03 AND ESI,3
771A93E5 8975 B4 MOV DWORD PTR SS:,ESI
771A93E8^ E9 24FCFFFF JMP COMCTL32.771A9011
771A93ED 8BC1 MOV EAX,ECX ; ECX存入EAX
771A93EF 2D F1000000 SUB EAX,0F1 ; EAX-F1=2
771A93F4 0F84 A1000000 JE COMCTL32.771A949B ; 为0挑走
771A93FA 48 DEC EAX ; 自减 等同于EAX--
771A93FB 0F84 92000000 JE COMCTL32.771A9493 ; 为0跳走
771A9401 48 DEC EAX ; 自减
771A9402 74 3C JE SHORT COMCTL32.771A9440 ; 为0挑走
771A9404 48 DEC EAX
771A9405 0F85 3B050000 JNZ COMCTL32.771A9946
771A940B FF75 B8 PUSH DWORD PTR SS:
771A940E 6A 0F PUSH 0F
771A9410 FF75 B0 PUSH DWORD PTR SS:
771A9413 E8 90CF0200 CALL COMCTL32.771D63A8
771A9418 85FF TEST EDI,EDI
771A941A 74 0D JE SHORT COMCTL32.771A9429
771A941C 6A 01 PUSH 1
771A941E 6A 00 PUSH 0
771A9420 FF75 B0 PUSH DWORD PTR SS:
771A9423 FF15 9C141877 CALL DWORD PTR DS:[<&USER32.InvalidateRect>] ; USER32.InvalidateRect
771A9429 6A 00 PUSH 0
771A942B 6A FC PUSH -4
771A942D FF75 B0 PUSH DWORD PTR SS:
771A9430 68 0A800000 PUSH 800A
771A9435 FF15 18151877 CALL DWORD PTR DS:[<&USER32.NotifyWinEvent>] ; NotifyWinEvent 函数
771A943B^ E9 D1FBFFFF JMP COMCTL32.771A9011
771A9440 8B46 24 MOV EAX,DWORD PTR DS: ; 268
771A9443 8BF8 MOV EDI,EAX ; 268
771A9445 83E7 04 AND EDI,4 ; 位与100置零
771A9448 837D B8 00 CMP DWORD PTR SS:,0 ; 1和0 对比
771A944C 74 05 JE SHORT COMCTL32.771A9453
771A944E 83C8 04 OR EAX,4 ; EAX+4
771A9451 EB 03 JMP SHORT COMCTL32.771A9456
771A9453 83E0 FB AND EAX,FFFFFFFB
771A9456 8946 24 MOV DWORD PTR DS:,EAX ; 26C回写入刚才读出的地址 应该是变量赋值了
771A9459 8B46 60 MOV EAX,DWORD PTR DS: ; 47d74
771A945C 8B40 0C MOV EAX,DWORD PTR DS: ; 50010001
771A945F 24 0F AND AL,0F ; 低位保持
771A9461 3C 08 CMP AL,8 ; 如果低位不是8 跳走
771A9463 75 11 JNZ SHORT COMCTL32.771A9476
771A9465 8B45 B8 MOV EAX,DWORD PTR SS:
771A9468 F7D8 NEG EAX
771A946A 1BC0 SBB EAX,EAX
771A946C 83C0 03 ADD EAX,3
771A946F 50 PUSH EAX
771A9470 56 PUSH ESI
771A9471 E8 ACDEFFFF CALL COMCTL32.771A7322
771A9476 8B46 24 MOV EAX,DWORD PTR DS: ; 26c 使用变量?
771A9479 83E0 04 AND EAX,4 ; 位与4 4
771A947C 3BF8 CMP EDI,EAX ; EDI EAX比较 相等跳
771A947E^ 0F84 8DFBFFFF JE COMCTL32.771A9011
771A9484 33FF XOR EDI,EDI ; 置零EDI
771A9486 57 PUSH EDI
771A9487 57 PUSH EDI
771A9488 FF36 PUSH DWORD PTR DS: ; 按钮ID
771A948A FF15 9C141877 CALL DWORD PTR DS:[<&USER32.InvalidateRect>] ; 重绘窗口
771A9490 57 PUSH EDI
771A9491^ EB 98 JMP SHORT COMCTL32.771A942B
771A9493 8B46 24 MOV EAX,DWORD PTR DS:
771A9496^ E9 40FCFFFF JMP COMCTL32.771A90DB
771A949B 8B46 60 MOV EAX,DWORD PTR DS:
771A949E 8B40 0C MOV EAX,DWORD PTR DS:
771A94A1 6A 02 PUSH 2
771A94A3 83E0 0F AND EAX,0F
771A94A6 5A POP EDX
771A94A7 3BC2 CMP EAX,EDX
771A94A9^ 0F82 62FBFFFF JB COMCTL32.771A9011
771A94AF 83F8 03 CMP EAX,3
771A94B2 76 46 JBE SHORT COMCTL32.771A94FA
771A94B4 83F8 04 CMP EAX,4
771A94B7 74 14 JE SHORT COMCTL32.771A94CD
771A94B9^ 0F86 52FBFFFF JBE COMCTL32.771A9011
771A94BF 83F8 06 CMP EAX,6
771A94C2 76 1C JBE SHORT COMCTL32.771A94E0
771A94C4 83F8 09 CMP EAX,9
771A94C7^ 0F85 44FBFFFF JNZ COMCTL32.771A9011
771A94CD 6A F0 PUSH -10
771A94CF FF36 PUSH DWORD PTR DS:
771A94D1 FFD3 CALL EBX
771A94D3 837D B8 00 CMP DWORD PTR SS:,0
771A94D7 74 11 JE SHORT COMCTL32.771A94EA
771A94D9 0D 00000100 OR EAX,10000
771A94DE EB 0F JMP SHORT COMCTL32.771A94EF
771A94E0 3955 B8 CMP DWORD PTR SS:,EDX
771A94E3 76 22 JBE SHORT COMCTL32.771A9507
771A94E5 8955 B8 MOV DWORD PTR SS:,EDX
771A94E8 EB 1D JMP SHORT COMCTL32.771A9507
771A94EA 25 FFFFFEFF AND EAX,FFFEFFFF
771A94EF 50 PUSH EAX
771A94F0 6A F0 PUSH -10
771A94F2 FF36 PUSH DWORD PTR DS:
771A94F4 FF15 28141877 CALL DWORD PTR DS:[<&USER32.SetWindowLongW>] ; USER32.SetWindowLongW
771A94FA 837D B8 00 CMP DWORD PTR SS:,0
771A94FE 74 07 JE SHORT COMCTL32.771A9507
771A9500 C745 B8 0100000>MOV DWORD PTR SS:,1
771A9507 8B46 24 MOV EAX,DWORD PTR DS:
771A950A 8BC8 MOV ECX,EAX
771A950C 83E1 03 AND ECX,3
771A950F 3B4D B8 CMP ECX,DWORD PTR SS:
771A9512^ 0F84 F9FAFFFF JE COMCTL32.771A9011
771A9518 FF36 PUSH DWORD PTR DS:
771A951A 83E0 FC AND EAX,FFFFFFFC
771A951D 0B45 B8 OR EAX,DWORD PTR SS:
771A9520 8946 24 MOV DWORD PTR DS:,EAX
771A9523 FF15 70141877 CALL DWORD PTR DS:[<&USER32.IsWindowVisible>] ; USER32.IsWindowVisible
771A9529 85C0 TEST EAX,EAX
771A952B^ E9 4EFFFFFF JMP COMCTL32.771A947E
771A9530 8B46 24 MOV EAX,DWORD PTR DS:
771A9533 B9 00010000 MOV ECX,100
771A9538 85C1 TEST ECX,EAX
771A953A^ 0F85 D1FAFFFF JNZ COMCTL32.771A9011
771A9540 8B3D FC131877 MOV EDI,DWORD PTR DS:[<&USER32.SendMessageW>] ; USER32.SendMessageW
771A9546 33DB XOR EBX,EBX
771A9548 53 PUSH EBX
771A9549 53 PUSH EBX
771A954A 68 01020000 PUSH 201
771A954F FF36 PUSH DWORD PTR DS:
771A9551 0BC1 OR EAX,ECX
771A9553 8946 24 MOV DWORD PTR DS:,EAX
771A9556 FFD7 CALL EDI
771A9558 53 PUSH EBX
771A9559 53 PUSH EBX
771A955A 68 02020000 PUSH 202
771A955F FF36 PUSH DWORD PTR DS:
771A9561 FFD7 CALL EDI
771A9563 8066 25 FE AND BYTE PTR DS:,0FE
771A9567 F646 24 40 TEST BYTE PTR DS:,40
771A956B^ 0F85 A0FAFFFF JNZ COMCTL32.771A9011
771A9571 837D B8 20 CMP DWORD PTR SS:,20
771A9575 6A 00 PUSH 0
771A9577 56 PUSH ESI
771A9578 0F85 C3010000 JNZ COMCTL32.771A9741
771A957E E8 61DDFFFF CALL COMCTL32.771A72E4
771A9583 85C0 TEST EAX,EAX
771A9585^ 0F84 86FAFFFF JE COMCTL32.771A9011
771A958B 6A 00 PUSH 0
771A958D 6A 01 PUSH 1
771A958F 68 F3000000 PUSH 0F3
771A9594 FF36 PUSH DWORD PTR DS: ; 按钮句柄
771A9596 FF15 FC131877 CALL DWORD PTR DS:[<&USER32.SendMessageW>] ; 发送消息BM_SETSTATE
771A959C^ E9 70FAFFFF JMP COMCTL32.771A9011
771A95A1 B8 03020000 MOV EAX,203 ; 203
771A95A6 3BC8 CMP ECX,EAX ; 比较消息和203的区别
771A95A8 0F87 90020000 JA COMCTL32.771A983E ; 高于转移
771A95AE 0F84 2B020000 JE COMCTL32.771A97DF ; 相等转移
771A95B4 BB 05010000 MOV EBX,105 ; 105
771A95B9 3BCB CMP ECX,EBX ; 消息和105比较
771A95BB 0F87 4E010000 JA COMCTL32.771A970F ; 高于转移
771A95C1 0F84 16010000 JE COMCTL32.771A96DD
771A95C7 81F9 F6000000 CMP ECX,0F6
771A95CD 0F82 73030000 JB COMCTL32.771A9946
771A95D3 B8 F7000000 MOV EAX,0F7
771A95D8 3BC8 CMP ECX,EAX
771A95DA 0F86 AA000000 JBE COMCTL32.771A968A
771A95E0 81F9 00010000 CMP ECX,100
771A95E6^ 0F84 7BFFFFFF JE COMCTL32.771A9567
771A95EC 81F9 01010000 CMP ECX,101
771A95F2 0F84 E5000000 JE COMCTL32.771A96DD
771A95F8 81F9 02010000 CMP ECX,102
771A95FE 0F85 42030000 JNZ COMCTL32.771A9946
771A9604 F646 24 40 TEST BYTE PTR DS:,40
771A9608 0F85 4F030000 JNZ COMCTL32.771A995D
771A960E 8B46 60 MOV EAX,DWORD PTR DS:
771A9611 8B48 0C MOV ECX,DWORD PTR DS:
771A9614 6A 02 PUSH 2
771A9616 83E1 0F AND ECX,0F
771A9619 5A POP EDX
771A961A 3BCA CMP ECX,EDX
771A961C 74 09 JE SHORT COMCTL32.771A9627
771A961E 83F9 03 CMP ECX,3
771A9621 0F85 36030000 JNZ COMCTL32.771A995D
771A9627 8B45 B8 MOV EAX,DWORD PTR SS:
771A962A 83E8 2B SUB EAX,2B
771A962D 74 0D JE SHORT COMCTL32.771A963C
771A962F 2BC2 SUB EAX,EDX
771A9631 74 53 JE SHORT COMCTL32.771A9686
771A9633 83E8 10 SUB EAX,10
771A9636 0F85 21030000 JNZ COMCTL32.771A995D
771A963C 33FF XOR EDI,EDI
771A963E 47 INC EDI
771A963F 33C0 XOR EAX,EAX
771A9641 8A46 24 MOV AL,BYTE PTR DS:
771A9644 83E0 03 AND EAX,3
771A9647 66:3BC7 CMP AX,DI
771A964A^ 0F84 C1F9FFFF JE COMCTL32.771A9011
771A9650 83F9 03 CMP ECX,3
771A9653 75 24 JNZ SHORT COMCTL32.771A9679
771A9655 6A 00 PUSH 0
771A9657 56 PUSH ESI
771A9658 E8 87DCFFFF CALL COMCTL32.771A72E4
771A965D 85C0 TEST EAX,EAX
771A965F 74 18 JE SHORT COMCTL32.771A9679
771A9661 6A 00 PUSH 0
771A9663 57 PUSH EDI
771A9664 68 F1000000 PUSH 0F1
771A9669 FF36 PUSH DWORD PTR DS:
771A966B FF15 FC131877 CALL DWORD PTR DS:[<&USER32.SendMessageW>] ; USER32.SendMessageW
771A9671 6A 01 PUSH 1
771A9673 56 PUSH ESI
771A9674 E8 F1DCFFFF CALL COMCTL32.771A736A
771A9679 6A 00 PUSH 0
771A967B 56 PUSH ESI
771A967C E8 A1DCFFFF CALL COMCTL32.771A7322
771A9681^ E9 8BF9FFFF JMP COMCTL32.771A9011
771A9686 33FF XOR EDI,EDI
771A9688^ EB B5 JMP SHORT COMCTL32.771A963F
771A968A 8B55 B8 MOV EDX,DWORD PTR SS:
771A968D 83FA 03 CMP EDX,3
771A9690 73 3E JNB SHORT COMCTL32.771A96D0
771A9692 8B5E 60 MOV EBX,DWORD PTR DS:
771A9695 8B5B 0C MOV EBX,DWORD PTR DS:
771A9698 66:81E3 C000 AND BX,0C0
771A969D 389A 94241877 CMP BYTE PTR DS:,BL
771A96A3 75 2B JNZ SHORT COMCTL32.771A96D0
771A96A5 3BC8 CMP ECX,EAX
771A96A7 8B5E 2C MOV EBX,DWORD PTR DS:
771A96AA 75 1C JNZ SHORT COMCTL32.771A96C8
771A96AC FF36 PUSH DWORD PTR DS:
771A96AE 897E 2C MOV DWORD PTR DS:,EDI
771A96B1 FF15 70141877 CALL DWORD PTR DS:[<&USER32.IsWindowVisible>] ; USER32.IsWindowVisible
771A96B7 85C0 TEST EAX,EAX
771A96B9 74 0D JE SHORT COMCTL32.771A96C8
771A96BB 6A 01 PUSH 1
771A96BD 6A 00 PUSH 0
771A96BF FF75 B0 PUSH DWORD PTR SS:
771A96C2 FF15 9C141877 CALL DWORD PTR DS:[<&USER32.InvalidateRect>] ; USER32.InvalidateRect
771A96C8 895D B4 MOV DWORD PTR SS:,EBX
771A96CB^ E9 41F9FFFF JMP COMCTL32.771A9011
771A96D0 6A 57 PUSH 57
771A96D2 FF15 E0121877 CALL DWORD PTR DS:[<&KERNEL32.SetLastError>] ; ntdll.RtlSetLastWin32Error
771A96D8^ E9 34F9FFFF JMP COMCTL32.771A9011
771A96DD F646 24 40 TEST BYTE PTR DS:,40
771A96E1 0F85 76020000 JNZ COMCTL32.771A995D
771A96E7 837D B8 09 CMP DWORD PTR SS:,9
771A96EB 0F84 6C020000 JE COMCTL32.771A995D
771A96F1 33C0 XOR EAX,EAX
771A96F3 837D B8 20 CMP DWORD PTR SS:,20
771A96F7 0F94C0 SETE AL
771A96FA 50 PUSH EAX
771A96FB 56 PUSH ESI
771A96FC E8 69DCFFFF CALL COMCTL32.771A736A
771A9701 395D 0C CMP DWORD PTR SS:,EBX
771A9704 0F84 53020000 JE COMCTL32.771A995D
771A970A^ E9 02F9FFFF JMP COMCTL32.771A9011
771A970F 8BD1 MOV EDX,ECX ; 201
771A9711 B8 28010000 MOV EAX,128 ; 128
771A9716 2BD0 SUB EDX,EAX ; 相减得D9
771A9718 0F84 82000000 JE COMCTL32.771A97A0 ; 为0跳
771A971E 81EA D8000000 SUB EDX,0D8 ; 再减去D8 得1
771A9724 74 25 JE SHORT COMCTL32.771A974B ; 为0跳
771A9726 4A DEC EDX ; 自减1
771A9727 0F84 D1000000 JE COMCTL32.771A97FE ; 为0跳
771A972D 4A DEC EDX
771A972E 0F85 12020000 JNZ COMCTL32.771A9946
771A9734 F646 24 40 TEST BYTE PTR DS:,40
771A9738^ 0F84 D3F8FFFF JE COMCTL32.771A9011
771A973E 6A 01 PUSH 1
771A9740 56 PUSH ESI
771A9741 E8 24DCFFFF CALL COMCTL32.771A736A
771A9746^ E9 C6F8FFFF JMP COMCTL32.771A9011
771A974B F646 25 02 TEST BYTE PTR DS:,2
771A974F 75 44 JNZ SHORT COMCTL32.771A9795
771A9751 8B46 60 MOV EAX,DWORD PTR DS:
771A9754 8B40 0C MOV EAX,DWORD PTR DS:
771A9757 83E0 0F AND EAX,0F
771A975A 3C 0B CMP AL,0B
771A975C 74 37 JE SHORT COMCTL32.771A9795
771A975E 6A 01 PUSH 1
771A9760 6A 01 PUSH 1
771A9762 56 PUSH ESI
771A9763 E8 48DDFFFF CALL COMCTL32.771A74B0
771A9768 8B06 MOV EAX,DWORD PTR DS:
771A976A 8365 98 00 AND DWORD PTR SS:,0
771A976E 8945 94 MOV DWORD PTR SS:,EAX
771A9771 8D45 8C LEA EAX,DWORD PTR SS:
771A9774 50 PUSH EAX
771A9775 C745 8C 1000000>MOV DWORD PTR SS:,10
771A977C C745 90 0200000>MOV DWORD PTR SS:,2
771A9783 FF15 F8131877 CALL DWORD PTR DS:[<&USER32.TrackMouseEvent>] ; USER32.TrackMouseEvent
771A9789 6A 01 PUSH 1
771A978B 6A 00 PUSH 0
771A978D FF36 PUSH DWORD PTR DS:
771A978F FF15 9C141877 CALL DWORD PTR DS:[<&USER32.InvalidateRect>] ; USER32.InvalidateRect
771A9795 F646 24 40 TEST BYTE PTR DS:,40
771A9799 75 63 JNZ SHORT COMCTL32.771A97FE
771A979B^ E9 71F8FFFF JMP COMCTL32.771A9011
771A97A0 57 PUSH EDI
771A97A1 FF75 B8 PUSH DWORD PTR SS:
771A97A4 50 PUSH EAX
771A97A5 FF75 B0 PUSH DWORD PTR SS:
771A97A8 FF15 38141877 CALL DWORD PTR DS:[<&USER32.DefWindowProcW>] ; USER32.DefWindowProcW
771A97AE 8B46 60 MOV EAX,DWORD PTR DS:
771A97B1 F640 0C C0 TEST BYTE PTR DS:,0C0
771A97B5^ 0F85 56F8FFFF JNZ COMCTL32.771A9011
771A97BB E8 9FD0FDFF CALL COMCTL32.7718685F
771A97C0 33C9 XOR ECX,ECX
771A97C2 85C0 TEST EAX,EAX
771A97C4 0F94C1 SETE CL
771A97C7 56 PUSH ESI
771A97C8 334E 30 XOR ECX,DWORD PTR DS:
771A97CB 83E1 01 AND ECX,1
771A97CE 314E 30 XOR DWORD PTR DS:,ECX
771A97D1 E8 B5F6FFFF CALL COMCTL32.771A8E8B
771A97D6 8366 30 FE AND DWORD PTR DS:,FFFFFFFE
771A97DA^ E9 32F8FFFF JMP COMCTL32.771A9011
771A97DF 8B46 60 MOV EAX,DWORD PTR DS:
771A97E2 8B48 0C MOV ECX,DWORD PTR DS:
771A97E5 8BC1 MOV EAX,ECX
771A97E7 83E0 0F AND EAX,0F
771A97EA 83F8 04 CMP EAX,4
771A97ED 74 48 JE SHORT COMCTL32.771A9837
771A97EF 83F8 08 CMP EAX,8
771A97F2 74 43 JE SHORT COMCTL32.771A9837
771A97F4 83F8 0B CMP EAX,0B
771A97F7 74 3E JE SHORT COMCTL32.771A9837
771A97F9 F6C5 40 TEST CH,40
771A97FC 75 39 JNZ SHORT COMCTL32.771A9837
771A97FE 6A 40 PUSH 40 ; 40
771A9800 56 PUSH ESI ; 903480
771A9801 E8 DEDAFFFF CALL COMCTL32.771A72E4
771A9806 85C0 TEST EAX,EAX ; EAX为空?
771A9808^ 0F84 03F8FFFF JE COMCTL32.771A9011 ; 为空则跳,不为空则不跳
771A980E 8D45 9C LEA EAX,DWORD PTR SS: ; 地址载入EAX
771A9811 50 PUSH EAX ; EAX入栈
771A9812 FF36 PUSH DWORD PTR DS: ; 入栈 9040e 按钮句柄
771A9814 FF15 54171877 CALL DWORD PTR DS:[<&USER32.GetClientRect>] ; 获取按钮的Rect属性
771A981A 0FBFC7 MOVSX EAX,DI ; EDI低位DI放入EAX31
771A981D C1EF 10 SHR EDI,10 ; 右移10位9
771A9820 0FBFCF MOVSX ECX,DI ; EDI低位DI放入ECX9
771A9823 6A 00 PUSH 0
771A9825 51 PUSH ECX
771A9826 50 PUSH EAX
771A9827 8D45 9C LEA EAX,DWORD PTR SS: ; 存放按钮矩形的地址载入EAX
771A982A 50 PUSH EAX ; EAX入栈
771A982B FF15 D8131877 CALL DWORD PTR DS:[<&USER32.PtInRect>] ; PtInRect 点X=31 Y=9是否在按钮矩形中
771A9831 50 PUSH EAX ; 在,返回1,不在 返回0 。结果在EAX中
771A9832^ E9 58FDFFFF JMP COMCTL32.771A958F
771A9837 6A 05 PUSH 5
771A9839^ E9 3DFEFFFF JMP COMCTL32.771A967B
771A983E B8 01160000 MOV EAX,1601
771A9843 3BC8 CMP ECX,EAX
771A9845 0F87 E9000000 JA COMCTL32.771A9934
771A984B 0F84 D7000000 JE COMCTL32.771A9928
771A9851 8BC1 MOV EAX,ECX
771A9853 2D 15020000 SUB EAX,215
771A9858 0F84 A1000000 JE COMCTL32.771A98FF
771A985E 2D 8E000000 SUB EAX,8E
771A9863 74 75 JE SHORT COMCTL32.771A98DA
771A9865 83E8 75 SUB EAX,75
771A9868 74 59 JE SHORT COMCTL32.771A98C3
771A986A 48 DEC EAX
771A986B 48 DEC EAX
771A986C 0F85 D4000000 JNZ COMCTL32.771A9946
771A9872 8B46 5C MOV EAX,DWORD PTR DS:
771A9875 85C0 TEST EAX,EAX
771A9877 74 07 JE SHORT COMCTL32.771A9880
771A9879 50 PUSH EAX
771A987A FF15 94242177 CALL DWORD PTR DS: ; COMCTL32.7720A36D
771A9880 33FF XOR EDI,EDI
771A9882 56 PUSH ESI
771A9883 893D E0252177 MOV DWORD PTR DS:,EDI
771A9889 893D E4252177 MOV DWORD PTR DS:,EDI
771A988F 893D E8252177 MOV DWORD PTR DS:,EDI
771A9895 893D EC252177 MOV DWORD PTR DS:,EDI
771A989B E8 32D5FFFF CALL COMCTL32.771A6DD2
771A98A0 6A 01 PUSH 1
771A98A2 57 PUSH EDI
771A98A3 FF36 PUSH DWORD PTR DS:
771A98A5 8946 5C MOV DWORD PTR DS:,EAX
771A98A8 FF15 9C141877 CALL DWORD PTR DS:[<&USER32.InvalidateRect>] ; USER32.InvalidateRect
771A98AE 57 PUSH EDI
771A98AF 6A EA PUSH -16
771A98B1 56 PUSH ESI
771A98B2 E8 350BFFFF CALL COMCTL32.7719A3EC
771A98B7 C745 B4 0100000>MOV DWORD PTR SS:,1
771A98BE^ E9 4EF7FFFF JMP COMCTL32.771A9011
771A98C3 FF75 B8 PUSH DWORD PTR SS:
771A98C6 56 PUSH ESI
771A98C7 E8 30DCFFFF CALL COMCTL32.771A74FC
771A98CC FF75 B8 PUSH DWORD PTR SS:
771A98CF 56 PUSH ESI
771A98D0 E8 4EF2FFFF CALL COMCTL32.771A8B23
771A98D5^ E9 37F7FFFF JMP COMCTL32.771A9011
771A98DA F646 25 02 TEST BYTE PTR DS:,2
771A98DE^ 0F84 2DF7FFFF JE COMCTL32.771A9011
771A98E4 6A 01 PUSH 1
771A98E6 6A 00 PUSH 0
771A98E8 56 PUSH ESI
771A98E9 E8 C2DBFFFF CALL COMCTL32.771A74B0
771A98EE 6A 01 PUSH 1
771A98F0 6A 00 PUSH 0
771A98F2 FF36 PUSH DWORD PTR DS:
771A98F4 FF15 9C141877 CALL DWORD PTR DS:[<&USER32.InvalidateRect>] ; USER32.InvalidateRect
771A98FA^ E9 12F7FFFF JMP COMCTL32.771A9011
771A98FF 8B46 24 MOV EAX,DWORD PTR DS:
771A9902 A8 20 TEST AL,20
771A9904^ 0F84 07F7FFFF JE COMCTL32.771A9011
771A990A A8 40 TEST AL,40
771A990C 74 11 JE SHORT COMCTL32.771A991F
771A990E 6A 00 PUSH 0
771A9910 6A 00 PUSH 0
771A9912 68 F3000000 PUSH 0F3
771A9917 FF36 PUSH DWORD PTR DS:
771A9919 FF15 FC131877 CALL DWORD PTR DS:[<&USER32.SendMessageW>] ; USER32.SendMessageW
771A991F 8366 24 9F AND DWORD PTR DS:,FFFFFF9F
771A9923^ E9 E9F6FFFF JMP COMCTL32.771A9011
771A9928 57 PUSH EDI
771A9929 56 PUSH ESI
771A992A E8 1EE7FFFF CALL COMCTL32.771A804D
771A992F E9 8C000000 JMP COMCTL32.771A99C0
771A9934 8BC1 MOV EAX,ECX
771A9936 2D 02160000 SUB EAX,1602
771A993B 74 7C JE SHORT COMCTL32.771A99B9
771A993D 48 DEC EAX
771A993E 74 5B JE SHORT COMCTL32.771A999B
771A9940 48 DEC EAX
771A9941 74 48 JE SHORT COMCTL32.771A998B
771A9943 48 DEC EAX
771A9944 74 2E JE SHORT COMCTL32.771A9974
771A9946 8D45 B4 LEA EAX,DWORD PTR SS:
771A9949 50 PUSH EAX
771A994A 57 PUSH EDI
771A994B FF75 B8 PUSH DWORD PTR SS:
771A994E 51 PUSH ECX
771A994F 56 PUSH ESI
771A9950 E8 FFCAFDFF CALL COMCTL32.77186454
771A9955 85C0 TEST EAX,EAX
771A9957^ 0F85 B4F6FFFF JNZ COMCTL32.771A9011
771A995D FF75 AC PUSH DWORD PTR SS:
771A9960 FF75 B8 PUSH DWORD PTR SS:
771A9963 FF75 0C PUSH DWORD PTR SS:
771A9966 FF75 B0 PUSH DWORD PTR SS:
771A9969 FF15 38141877 CALL DWORD PTR DS:[<&USER32.DefWindowProcW>] ; USER32.DefWindowProcW
771A996F^ E9 67F7FFFF JMP COMCTL32.771A90DB
771A9974 85FF TEST EDI,EDI
771A9976^ 0F84 95F6FFFF JE COMCTL32.771A9011
771A997C 8B7D AC MOV EDI,DWORD PTR SS:
771A997F 83C6 34 ADD ESI,34
771A9982 A5 MOVS DWORD PTR ES:,DWORD PTR DS:
771A9983 A5 MOVS DWORD PTR ES:,DWORD PTR DS:
771A9984 A5 MOVS DWORD PTR ES:,DWORD PTR DS:
771A9985 33C0 XOR EAX,EAX
771A9987 A5 MOVS DWORD PTR ES:,DWORD PTR DS:
771A9988 40 INC EAX
771A9989 EB 35 JMP SHORT COMCTL32.771A99C0
771A998B 85FF TEST EDI,EDI
771A998D^ 0F84 7EF6FFFF JE COMCTL32.771A9011
771A9993 8D7E 34 LEA EDI,DWORD PTR DS:
771A9996 8B75 AC MOV ESI,DWORD PTR SS:
771A9999^ EB E7 JMP SHORT COMCTL32.771A9982
771A999B 85FF TEST EDI,EDI
771A999D^ 0F84 6EF6FFFF JE COMCTL32.771A9011
771A99A3 8B4E 54 MOV ECX,DWORD PTR DS:
771A99A6 8B45 AC MOV EAX,DWORD PTR SS:
771A99A9 8908 MOV DWORD PTR DS:,ECX
771A99AB 8B4E 58 MOV ECX,DWORD PTR DS:
771A99AE 8948 14 MOV DWORD PTR DS:,ECX
771A99B1 83C6 44 ADD ESI,44
771A99B4 8D78 04 LEA EDI,DWORD PTR DS:
771A99B7^ EB C9 JMP SHORT COMCTL32.771A9982
771A99B9 57 PUSH EDI
771A99BA 56 PUSH ESI
771A99BB E8 8CDAFFFF CALL COMCTL32.771A744C
771A99C0 8B4D FC MOV ECX,DWORD PTR SS:
771A99C3 5F POP EDI
771A99C4 5E POP ESI
771A99C5 5B POP EBX
771A99C6 E8 08210600 CALL COMCTL32.7720BAD3
771A99CB C9 LEAVE
771A99CC C2 1000 RETN 10
我使用的是消息断点,想分析出按钮事件的处理函数是如何操作的,可是分析了2个多小时也没有弄出来, 现在手头还有工作要做, 所以就不弄了。
把OD下消息断点的办法发出来。
打开OD,附加程序, 工具栏上有个 查看 ,选 窗口, 右键,刷新,里面有button1这样的字,
在上面点右键,消息断点 ,
然后弹出一个框, 在下拉列表中选WM_LBUTTONDOWN 这个消息, ID为201的那个
确定。 切换这个程序中,点按钮,OD就会断下。 然后自己跟踪吧。