QQ2009的调色、底纹、皮肤怎么实现的 如题 解决方案 » 免费领取超大流量手机卡,每月29元包185G流量+100分钟通话, 中国电信官方发货 怎么又有人问??2009 是 WPF 调色就是图像处理,可以用CxImage,百度hi就是用得这个库,底纹就是换图,刷新至于换肤,其实也是换图,然后算出相应的rgn PEID描述:Microsoft Visual Studio .NET 2005 -- 2008 -> Microsoft Corporation看起来向是.net平台开发,接下来我们分析一下是不是.net框架开发的OD载入QQ2009:OD没飞,证明不是.net框架开发载入后停在:00407C2E > E8 91040000 call QQ.004080C400407C33 ^ E9 36FDFFFF jmp QQ.0040796E00407C38 CC int300407C39 CC int3看起来向是加过壳的反汇编代码,因为入口有CALL我们F7单步进入!停在如下:004080C4 55 push ebp004080C5 8BEC mov ebp,esp004080C7 83EC 10 sub esp,10004080CA A1 70F14000 mov eax,dword ptr ds:[40F170]004080CF 8365 F8 00 and dword ptr ss:[ebp-8],0004080D3 8365 FC 00 and dword ptr ss:[ebp-4],0004080D7 53 push ebx004080D8 57 push edi004080D9 BF 4EE640BB mov edi,BB40E64E004080DE 3BC7 cmp eax,edi004080E0 BB 0000FFFF mov ebx,FFFF0000004080E5 74 0D je short QQ.004080F4004080E7 85C3 test ebx,eax004080E9 74 09 je short QQ.004080F4004080EB F7D0 not eax004080ED A3 74F14000 mov dword ptr ds:[40F174],eax004080F2 EB 60 jmp short QQ.00408154004080F4 56 push esi004080F5 8D45 F8 lea eax,dword ptr ss:[ebp-8]004080F8 50 push eax004080F9 FF15 A0A14000 call dword ptr ds:[<&KERNEL32.GetSystemT>; kernel32.GetSystemTimeAsFileTime004080FF 8B75 FC mov esi,dword ptr ss:[ebp-4]00408102 3375 F8 xor esi,dword ptr ss:[ebp-8]00408105 FF15 5CA14000 call dword ptr ds:[<&KERNEL32.GetCurrent>; kernel32.GetCurrentProcessId0040810B 33F0 xor esi,eax0040810D FF15 BCA14000 call dword ptr ds:[<&KERNEL32.GetCurrent>; kernel32.GetCurrentThreadId00408113 33F0 xor esi,eax00408115 FF15 8CA14000 call dword ptr ds:[<&KERNEL32.GetTickCou>; kernel32.GetTickCount0040811B 33F0 xor esi,eax0040811D 8D45 F0 lea eax,dword ptr ss:[ebp-10]00408120 50 push eax00408121 FF15 68A14000 call dword ptr ds:[<&KERNEL32.QueryPerfo>; kernel32.QueryPerformanceCounter00408127 8B45 F4 mov eax,dword ptr ss:[ebp-C]0040812A 3345 F0 xor eax,dword ptr ss:[ebp-10]0040812D 33F0 xor esi,eax0040812F 3BF7 cmp esi,edi注意这点的入口特征,很象VC++入口特征!我们一直向下单步走,直到retn返回到JMP的一个强制跳转!停在如下:0040796E 6A 5C push 5C00407970 68 08BE4000 push QQ.0040BE0800407975 E8 96030000 call QQ.00407D100040797A 33DB xor ebx,ebx0040797C 895D E4 mov dword ptr ss:[ebp-1C],ebx0040797F 895D FC mov dword ptr ss:[ebp-4],ebx00407982 8D45 94 lea eax,dword ptr ss:[ebp-6C]00407985 50 push eax00407986 FF15 F4A14000 call dword ptr ds:[<&KERNEL32.GetStartup>; kernel32.GetStartupInfoW0040798C C745 FC FEFFFFF>mov dword ptr ss:[ebp-4],-200407993 C745 FC 0100000>mov dword ptr ss:[ebp-4],10040799A 64:A1 18000000 mov eax,dword ptr fs:[18]004079A0 8B70 04 mov esi,dword ptr ds:[eax+4]004079A3 895D E0 mov dword ptr ss:[ebp-20],ebx004079A6 BF 78184100 mov edi,QQ.00411878004079AB 53 push ebx004079AC 56 push esi004079AD 57 push edi004079AE FF15 F0A14000 call dword ptr ds:[<&KERNEL32.Interlocke>; kernel32.InterlockedCompareExchange 我们就会发现有QQ所用到的函数列表如下所示:[code=C/C++]0040A000 >77DA6FFF advapi32.RegQueryValueExW0040A004 >77DA6C27 advapi32.RegCloseKey0040A008 >77DAD767 advapi32.RegSetValueExW0040A00C >77DA6AAF advapi32.RegOpenKeyExW0040A010 >77DA776C advapi32.RegCreateKeyExW0040A014 000000000040A018 >7C63111F ATL80.AtlInternalQueryInterface0040A01C >7C631903 ATL80.AtlCallTermFunc0040A020 >7C6310C3 ATL80.AtlComPtrAssign0040A024 000000000040A028 >61253890 AppUtil.Util::Misc::SetEnablePreload0040A02C >612538B0 AppUtil.Util::Misc::GetEnablePreload0040A030 >612EF140 AppUtil.PerfDataReportUtil::SetPerfReportDataForWord0040A034 >612EF040 AppUtil.PerfDataReportUtil::SetPerfReportDataForBool0040A038 000000000040A03C >5D173619 COMCTL32.InitCommonControlsEx0040A040 000000000040A044 >30134A40 Common.CTXBSTR::operator wchar_t *0040A048 >300D1550 Common.#370040A04C >30135100 Common.CTXBSTR::CTXBSTR0040A050 >30008830 Common.Util::Window::NotifyIdle0040A054 >30008580 Common.Util::Window::DelIdleCallback0040A058 >30134A50 Common.CTXBSTR::operator&0040A05C >30166080 Common.Util::Sys::GetMemoryUsage0040A060 >301390A0 Common.CTXStringW::GetLength0040A064 >301207E0 Common.TXTimer::SetIdleCallback0040A068 >30008640 Common.Util::Window::AddIdleCallback0040A06C >30138E00 Common.CTXStringW::operator=0040A070 >301024C0 Common.CFmtString::DoFormat0040A074 >301391D0 Common.CTXStringW::Append0040A078 >3013BB40 Common.operator+0040A07C >30138DB0 Common.CTXStringW::CTXStringW0040A080 >30138B90 Common.CTXStringW::IsEmpty0040A084 >3013B910 Common.operator+0040A088 >30030B10 Common.Util::Core::GetPlatformCore0040A08C >3013BCD0 Common.operator==0040A090 >30120C70 Common.TXTimer::SetTimeout0040A094 >30166930 Common.Util::Sys::MinimzeMemory0040A098 >301628B0 Common.Util::Boot::InitPlatformGFConfig0040A09C >30164680 Common.Util::Boot::InitPlatformFileSystem0040A0A0 >301624C0 Common.Util::Boot::InitPlatformI18NConfig0040A0A4 >3010B710 Common.TXStringBundle::AddFmtString0040A0A8 >3015B820 Common.TXBugReport::InitBugReport0040A0AC >300CFE50 Common.TXLog::GetSession0040A0B0 >30107D50 Common.NLS::GetLCID0040A0B4 >3015B6E0 Common.TXBugReport::ValidateBugReport0040A0B8 >30002B70 Common.Util::Com::CreateObjectFromDllFile0040A0BC >300D4330 Common.Util::Network::InitNetwork0040A0C0 >30030930 Common.Util::CoreCenter::InitPlatform0040A0C4 >30161B90 Common.Util::Boot::InitPlatformCoreConfig0040A0C8 >3015B0E0 Common.TXBugMonitor::Stop0040A0CC >300D2530 Common.Util::Perf::RecordTransEnd0040A0D0 >30007AE0 Common.Util::Misc::OnExitCoreCenter0040A0D4 >30007AD0 Common.Util::Misc::OnExitWinMain0040A0D8 >30138440 Common.CTXStringW::CTXStringW0040A0DC >3011FB60 Common.TXTimer::NotifyIdle0040A0E0 >30138C00 Common.CTXStringW::~CTXStringW0040A0E4 >30139CE0 Common.CTXStringW::ReverseFind0040A0E8 >3010BAB0 Common.TXStringBundle::LoadStringW0040A0EC >3013A980 Common.CTXStringW::Left0040A0F0 >30134FA0 Common.CTXBSTR::CTXBSTR0040A0F4 >3013C020 Common.CTXStringW::operator+=0040A0F8 >301380E0 Common.CTXStringW::ReleaseBuffer0040A0FC >30139170 Common.CTXStringW::GetBuffer0040A100 >30139AB0 Common.CTXStringW::Find0040A104 >30007AC0 Common.Util::Misc::OnUninitCom0040A108 >30136100 Common.CTXStringW::CTXStringW0040A10C >30121750 Common.CTXBSTR::~CTXBSTR0040A110 >30138E50 Common.CTXStringW::operator=0040A114 >301349B0 Common.CTXBSTR::CTXBSTR0040A118 >30138EF0 Common.CTXStringW::operator+=0040A11C >3013BA20 Common.operator+0040A120 >3013A640 Common.CTXStringW::GetBSTR0040A124 >3013A6E0 Common.CTXStringW::Format0040A128 >3013B350 Common.CTXStringW::CTXStringW0040A12C >30139B80 Common.CTXStringW::Find0040A130 >3009FC30 Common.Util::FS::GetParentDir0040A134 >30138FD0 Common.CTXStringW::GetString0040A138 >30166850 Common.Util::Sys::CheckVistaAndStartSelfMediumLevel0040A13C >3013A040 Common.CTXStringW::TrimLeft0040A140 >30003880 Common.#250040A144 000000000040A148 >30842CE0 GF.Util::GF::SetCustomObjectFactory0040A14C 000000000040A150 >7C802213 kernel32.WriteProcessMemory0040A154 >7C80E957 kernel32.CreateMutexW0040A158 >7C9313B1 ntdll.RtlDeleteCriticalSection0040A15C >7C8099C0 kernel32.GetCurrentProcessId0040A160 >7C80AEEB kernel32.LoadLibraryW0040A164 >7C80A749 kernel32.CreateEventW0040A168 >7C80A4C7 kernel32.QueryPerformanceCounter0040A16C >7C80AE40 kernel32.GetProcAddress0040A170 >7C80B370 kernel32.GetDriveTypeW0040A174 >7C80981A kernel32.InterlockedDecrement0040A178 >7C80AC7E kernel32.FreeLibrary0040A17C >7C80998B kernel32.GetCurrentThread0040A180 >7C802336 kernel32.CreateProcessW0040A184 >7C80AF05 kernel32.GetVersionExW0040A188 >7C802446 kernel32.Sleep0040A18C >7C80934A kernel32.GetTickCount0040A190 >7C8131E0 kernel32.OpenEventW0040A194 >7C802530 kernel32.WaitForSingleObject0040A198 >7C80A0B7 kernel32.SetEvent0040A19C >7C835309 kernel32.GetProcessTimes0040A1A0 >7C8017E9 kernel32.GetSystemTimeAsFileTime0040A1A4 >7C831EDD kernel32.DeleteFileA0040A1A8 >7C8101B1 kernel32.lstrcpynA0040A1AC >7C80EA35 kernel32.OpenMutexW0040A1B0 >7C801D7B kernel32.LoadLibraryA0040A1B4 >7C80B56F kernel32.GetModuleFileNameA0040A1B8 >7C80B475 kernel32.GetModuleFileNameW0040A1BC >7C8097D0 kernel32.GetCurrentThreadId0040A1C0 >7C809806 kernel32.InterlockedIncrement0040A1C4 >7C809AA9 kernel32.lstrlenW0040A1C8 >7C80F194 kernel32.GetEnvironmentVariableW0040A1CC >7C8310FA kernel32.GlobalMemoryStatus0040A1D0 >7C82FA4E kernel32.QueryPerformanceFrequency0040A1D4 >7C812DF6 kernel32.GetSystemInfo0040A1D8 >7C80E4DD kernel32.GetModuleHandleW0040A1DC >7C809F91 kernel32.InitializeCriticalSection0040A1E0 >7C8106D7 kernel32.CreateThread0040A1E4 >7C809BE7 kernel32.CloseHandle0040A1E8 >7C80DE95 kernel32.GetCurrentProcess0040A1EC >7C80982E kernel32.InterlockedExchange0040A1F0 >7C809842 kernel32.InterlockedCompareExchange0040A1F4 >7C801E54 kernel32.GetStartupInfoW0040A1F8 >7C801E1A kernel32.TerminateProcess0040A1FC >7C863FCA kernel32.UnhandledExceptionFilter0040A200 >7C84495D kernel32.SetUnhandledExceptionFilter0040A204 >7C813133 kernel32.IsDebuggerPresent0040A208 >7C80C1A8 kernel32.SetThreadPriority0040A20C >7C81025E kernel32.SetEnvironmentVariableW0040A210 000000000040A214 >3182A6C0 KernelUt.Version::GetBuildVer0040A218 >3182A6B0 KernelUt.Version::GetMinorVer0040A21C >3182AB90 KernelUt.Version::GetVersionExW0040A220 >31828030 KernelUt.Util::Sys::GetProgramBinDir0040A224 >318287A0 KernelUt.Util::Sys::GetUserDataSaveSetting0040A228 >318281C0 KernelUt.Util::Sys::GetProgramRootDir0040A22C >3182A6A0 KernelUt.Version::GetMajorVer0040A230 >31828CD0 KernelUt.Util::Sys::GetGlobalSysDir0040A234 >3182A910 KernelUt.Version::Init 0040A238 000000000040A23C >7C42F3D2 MSVCP80.std::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t> >::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t> >0040A240 >7C431EE6 MSVCP80.std::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t> >::operator=0040A244 >7C42EFB7 MSVCP80.??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z0040A248 >7C423195 MSVCP80.std::basic_string<char,std::char_traits<char>,std::allocator<char> >::~basic_string<char,std::char_traits<char>,std::allocator<char> >0040A24C >7C4248C1 MSVCP80.std::basic_string<char,std::char_traits<char>,std::allocator<char> >::basic_string<char,std::char_traits<char>,std::allocator<char> >0040A250 >7C431E49 MSVCP80.std::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t> >::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t> >0040A254 >7C42F3B0 MSVCP80.std::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t> >::~basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t> >0040A258 >7C4249CA MSVCP80.std::basic_string<char,std::char_traits<char>,std::allocator<char> >::basic_string<char,std::char_traits<char>,std::allocator<char> >0040A25C >7C431EC0 MSVCP80.std::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t> >::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t> >0040A260 000000000040A264 >7813174D MSVCR80._initterm_e0040A268 >78139DB6 MSVCR80._configthreadlocale0040A26C >781C3B20 offset MSVCR80._wcmdln0040A270 >78131182 MSVCR80.__setusermatherr0040A274 >781C44B4 offset MSVCR80._adjust_fdiv0040A278 >7813201D MSVCR80.__p__commode0040A27C >78131A3E MSVCR80.exit0040A280 >78138D10 MSVCR80._XcptFilter0040A284 >78131A4F MSVCR80._exit0040A288 >78131A60 MSVCR80._cexit0040A28C >78131CC3 MSVCR80.__wgetmainargs0040A290 >781316C2 MSVCR80._amsg_exit0040A294 >78134667 MSVCR80.terminate0040A298 >78132039 MSVCR80.__p__fmode0040A29C >7813113D MSVCR80.__set_app_type0040A2A0 >7813BDA0 MSVCR80._except_handler4_common0040A2A4 >781574FA MSVCR80.type_info::_type_info_dtor_internal_method0040A2A8 >7813BD93 MSVCR80._crt_debugger_hook0040A2AC >78138945 MSVCR80._invoke_watson0040A2B0 >7814A7E9 MSVCR80._controlfp_s0040A2B4 >78158AEB MSVCR80.__CxxFrameHandler30040A2B8 >78131733 MSVCR80._initterm0040A2BC >78160E7D MSVCR80.operator delete0040A2C0 >78138A94 MSVCR80._invalid_parameter_noinfo0040A2C4 >78160E13 MSVCR80.operator new0040A2C8 >78160E87 MSVCR80.operator delete[]0040A2CC >78157253 MSVCR80.std::exception::exception0040A2D0 >78157301 MSVCR80.std::exception::~exception0040A2D4 >781C37D4 offset MSVCR80.__argc0040A2D8 >78182857 MSVCR80._time640040A2DC >781C37DC offset MSVCR80.__wargv0040A2E0 >781571DC MSVCR80.std::exception::exception0040A2E4 >78180B36 MSVCR80.wcsncmp0040A2E8 >7815329F MSVCR80._wtoi0040A2EC >78158E43 MSVCR80._CxxThrowException0040A2F0 >78144A20 MSVCR80.memset0040A2F4 >78158AEB MSVCR80.__CxxFrameHandler30040A2F8 >781778F1 MSVCR80._snprintf0040A2FC >78144FB0 MSVCR80.memcpy0040A300 >781444D0 MSVCR80.strlen0040A304 >7816990B MSVCR80._mbsrchr0040A308 >781323EC MSVCR80._unlock0040A30C >78138C50 MSVCR80.__dllonexit0040A310 >78132B62 MSVCR80._encode_pointer0040A314 >781324C4 MSVCR80._lock0040A318 >78138C02 MSVCR80._onexit0040A31C >78132BD9 MSVCR80._decode_pointer0040A320 000000000040A324 >77D1940C user32.WaitMessage0040A328 >77D277B8 user32.PostThreadMessageW0040A32C >77D66534 user32.MessageBoxW0040A330 >77D1929B user32.PeekMessageW0040A334 >77D18BF6 user32.TranslateMessage0040A338 >77D18A01 user32.DispatchMessageW0040A33C 000000000040A340 >769AF6EA ole32.OleInitialize0040A344 >769C87F2 ole32.CLSIDFromProgID0040A348 >769AEE46 ole32.CoUninitialize0040A34C >769E31E7 ole32.OleUninitialize0040A350 >769B2A53 ole32.CoInitialize0040A354 >769B057E ole32.CoCreateInstance[/code]大家在分析一下,这些函数就会更加明白!以上的简要分析,可以证明不是.net 所发开的,WPF这个框架我本人没用过,不过他好象只能用在.net下,如果是这样,证明qq2009不是用WPF开发!接下来我分析了一下,wxWidgets这个库的框架!通过分析用wxWidgets库所编写的TEST程序,和QQ2009入口的反汇编代码是出奇相似!!以上内容只用于个人学习,请不要用于它处,转载的人请说明!声明一下:我在这里只扔个砖头,不知道有没有哪块玉给跳出来! WPF,你可以看一下一些基础的WPF教程. 求一思路 帮看下 这种风格的界面有现成的控件用么? 如果没有怎么做比较好,谢谢! 串口线程中接受数据,如何在界面上显示出来 怎么做可以把光标资源作为位图显示在一个窗口上? 是不是VC开发都用到MFC? 关于DLL中的资源! TCP连接上后,在5分钟之内并未通信,过后再发送数据,发送不了? 新手请教两个及其简单的小问题!望答复! 有什么控件可以像DBGRID那样显示,查询字段又能实现打印功能 怎样启动同一个UI线程多次,而各线程互不干扰? socket的recv阻塞可不可以设置阻塞超时时间? CFile::Read为什么是乱码呢
底纹就是换图,刷新
至于换肤,其实也是换图,然后算出相应的rgn
Microsoft Visual Studio .NET 2005 -- 2008 -> Microsoft Corporation
看起来向是.net平台开发,接下来我们分析一下是不是.net框架开发的OD载入QQ2009:
OD没飞,证明不是.net框架开发载入后停在:
00407C2E > E8 91040000 call QQ.004080C4
00407C33 ^ E9 36FDFFFF jmp QQ.0040796E
00407C38 CC int3
00407C39 CC int3看起来向是加过壳的反汇编代码,因为入口有CALL
我们F7单步进入!
停在如下:
004080C4 55 push ebp
004080C5 8BEC mov ebp,esp
004080C7 83EC 10 sub esp,10
004080CA A1 70F14000 mov eax,dword ptr ds:[40F170]
004080CF 8365 F8 00 and dword ptr ss:[ebp-8],0
004080D3 8365 FC 00 and dword ptr ss:[ebp-4],0
004080D7 53 push ebx
004080D8 57 push edi
004080D9 BF 4EE640BB mov edi,BB40E64E
004080DE 3BC7 cmp eax,edi
004080E0 BB 0000FFFF mov ebx,FFFF0000
004080E5 74 0D je short QQ.004080F4
004080E7 85C3 test ebx,eax
004080E9 74 09 je short QQ.004080F4
004080EB F7D0 not eax
004080ED A3 74F14000 mov dword ptr ds:[40F174],eax
004080F2 EB 60 jmp short QQ.00408154
004080F4 56 push esi
004080F5 8D45 F8 lea eax,dword ptr ss:[ebp-8]
004080F8 50 push eax
004080F9 FF15 A0A14000 call dword ptr ds:[<&KERNEL32.GetSystemT>; kernel32.GetSystemTimeAsFileTime
004080FF 8B75 FC mov esi,dword ptr ss:[ebp-4]
00408102 3375 F8 xor esi,dword ptr ss:[ebp-8]
00408105 FF15 5CA14000 call dword ptr ds:[<&KERNEL32.GetCurrent>; kernel32.GetCurrentProcessId
0040810B 33F0 xor esi,eax
0040810D FF15 BCA14000 call dword ptr ds:[<&KERNEL32.GetCurrent>; kernel32.GetCurrentThreadId
00408113 33F0 xor esi,eax
00408115 FF15 8CA14000 call dword ptr ds:[<&KERNEL32.GetTickCou>; kernel32.GetTickCount
0040811B 33F0 xor esi,eax
0040811D 8D45 F0 lea eax,dword ptr ss:[ebp-10]
00408120 50 push eax
00408121 FF15 68A14000 call dword ptr ds:[<&KERNEL32.QueryPerfo>; kernel32.QueryPerformanceCounter
00408127 8B45 F4 mov eax,dword ptr ss:[ebp-C]
0040812A 3345 F0 xor eax,dword ptr ss:[ebp-10]
0040812D 33F0 xor esi,eax
0040812F 3BF7 cmp esi,edi注意这点的入口特征,很象VC++入口特征!
我们一直向下单步走,直到retn返回到JMP的一个强制跳转!
停在如下:
0040796E 6A 5C push 5C
00407970 68 08BE4000 push QQ.0040BE08
00407975 E8 96030000 call QQ.00407D10
0040797A 33DB xor ebx,ebx
0040797C 895D E4 mov dword ptr ss:[ebp-1C],ebx
0040797F 895D FC mov dword ptr ss:[ebp-4],ebx
00407982 8D45 94 lea eax,dword ptr ss:[ebp-6C]
00407985 50 push eax
00407986 FF15 F4A14000 call dword ptr ds:[<&KERNEL32.GetStartup>; kernel32.GetStartupInfoW
0040798C C745 FC FEFFFFF>mov dword ptr ss:[ebp-4],-2
00407993 C745 FC 0100000>mov dword ptr ss:[ebp-4],1
0040799A 64:A1 18000000 mov eax,dword ptr fs:[18]
004079A0 8B70 04 mov esi,dword ptr ds:[eax+4]
004079A3 895D E0 mov dword ptr ss:[ebp-20],ebx
004079A6 BF 78184100 mov edi,QQ.00411878
004079AB 53 push ebx
004079AC 56 push esi
004079AD 57 push edi
004079AE FF15 F0A14000 call dword ptr ds:[<&KERNEL32.Interlocke>; kernel32.InterlockedCompareExchange
[code=C/C++]
0040A000 >77DA6FFF advapi32.RegQueryValueExW
0040A004 >77DA6C27 advapi32.RegCloseKey
0040A008 >77DAD767 advapi32.RegSetValueExW
0040A00C >77DA6AAF advapi32.RegOpenKeyExW
0040A010 >77DA776C advapi32.RegCreateKeyExW
0040A014 00000000
0040A018 >7C63111F ATL80.AtlInternalQueryInterface
0040A01C >7C631903 ATL80.AtlCallTermFunc
0040A020 >7C6310C3 ATL80.AtlComPtrAssign
0040A024 00000000
0040A028 >61253890 AppUtil.Util::Misc::SetEnablePreload
0040A02C >612538B0 AppUtil.Util::Misc::GetEnablePreload
0040A030 >612EF140 AppUtil.PerfDataReportUtil::SetPerfReportDataForWord
0040A034 >612EF040 AppUtil.PerfDataReportUtil::SetPerfReportDataForBool
0040A038 00000000
0040A03C >5D173619 COMCTL32.InitCommonControlsEx
0040A040 00000000
0040A044 >30134A40 Common.CTXBSTR::operator wchar_t *
0040A048 >300D1550 Common.#37
0040A04C >30135100 Common.CTXBSTR::CTXBSTR
0040A050 >30008830 Common.Util::Window::NotifyIdle
0040A054 >30008580 Common.Util::Window::DelIdleCallback
0040A058 >30134A50 Common.CTXBSTR::operator&
0040A05C >30166080 Common.Util::Sys::GetMemoryUsage
0040A060 >301390A0 Common.CTXStringW::GetLength
0040A064 >301207E0 Common.TXTimer::SetIdleCallback
0040A068 >30008640 Common.Util::Window::AddIdleCallback
0040A06C >30138E00 Common.CTXStringW::operator=
0040A070 >301024C0 Common.CFmtString::DoFormat
0040A074 >301391D0 Common.CTXStringW::Append
0040A078 >3013BB40 Common.operator+
0040A07C >30138DB0 Common.CTXStringW::CTXStringW
0040A080 >30138B90 Common.CTXStringW::IsEmpty
0040A084 >3013B910 Common.operator+
0040A088 >30030B10 Common.Util::Core::GetPlatformCore
0040A08C >3013BCD0 Common.operator==
0040A090 >30120C70 Common.TXTimer::SetTimeout
0040A094 >30166930 Common.Util::Sys::MinimzeMemory
0040A098 >301628B0 Common.Util::Boot::InitPlatformGFConfig
0040A09C >30164680 Common.Util::Boot::InitPlatformFileSystem
0040A0A0 >301624C0 Common.Util::Boot::InitPlatformI18NConfig
0040A0A4 >3010B710 Common.TXStringBundle::AddFmtString
0040A0A8 >3015B820 Common.TXBugReport::InitBugReport
0040A0AC >300CFE50 Common.TXLog::GetSession
0040A0B0 >30107D50 Common.NLS::GetLCID
0040A0B4 >3015B6E0 Common.TXBugReport::ValidateBugReport
0040A0B8 >30002B70 Common.Util::Com::CreateObjectFromDllFile
0040A0BC >300D4330 Common.Util::Network::InitNetwork
0040A0C0 >30030930 Common.Util::CoreCenter::InitPlatform
0040A0C4 >30161B90 Common.Util::Boot::InitPlatformCoreConfig
0040A0C8 >3015B0E0 Common.TXBugMonitor::Stop
0040A0CC >300D2530 Common.Util::Perf::RecordTransEnd
0040A0D0 >30007AE0 Common.Util::Misc::OnExitCoreCenter
0040A0D4 >30007AD0 Common.Util::Misc::OnExitWinMain
0040A0D8 >30138440 Common.CTXStringW::CTXStringW
0040A0DC >3011FB60 Common.TXTimer::NotifyIdle
0040A0E0 >30138C00 Common.CTXStringW::~CTXStringW
0040A0E4 >30139CE0 Common.CTXStringW::ReverseFind
0040A0E8 >3010BAB0 Common.TXStringBundle::LoadStringW
0040A0EC >3013A980 Common.CTXStringW::Left
0040A0F0 >30134FA0 Common.CTXBSTR::CTXBSTR
0040A0F4 >3013C020 Common.CTXStringW::operator+=
0040A0F8 >301380E0 Common.CTXStringW::ReleaseBuffer
0040A0FC >30139170 Common.CTXStringW::GetBuffer
0040A100 >30139AB0 Common.CTXStringW::Find
0040A104 >30007AC0 Common.Util::Misc::OnUninitCom
0040A108 >30136100 Common.CTXStringW::CTXStringW
0040A10C >30121750 Common.CTXBSTR::~CTXBSTR
0040A110 >30138E50 Common.CTXStringW::operator=
0040A114 >301349B0 Common.CTXBSTR::CTXBSTR
0040A118 >30138EF0 Common.CTXStringW::operator+=
0040A11C >3013BA20 Common.operator+
0040A120 >3013A640 Common.CTXStringW::GetBSTR
0040A124 >3013A6E0 Common.CTXStringW::Format
0040A128 >3013B350 Common.CTXStringW::CTXStringW
0040A12C >30139B80 Common.CTXStringW::Find
0040A130 >3009FC30 Common.Util::FS::GetParentDir
0040A134 >30138FD0 Common.CTXStringW::GetString
0040A138 >30166850 Common.Util::Sys::CheckVistaAndStartSelfMediumLevel
0040A13C >3013A040 Common.CTXStringW::TrimLeft
0040A140 >30003880 Common.#25
0040A144 00000000
0040A148 >30842CE0 GF.Util::GF::SetCustomObjectFactory
0040A14C 00000000
0040A150 >7C802213 kernel32.WriteProcessMemory
0040A154 >7C80E957 kernel32.CreateMutexW
0040A158 >7C9313B1 ntdll.RtlDeleteCriticalSection
0040A15C >7C8099C0 kernel32.GetCurrentProcessId
0040A160 >7C80AEEB kernel32.LoadLibraryW
0040A164 >7C80A749 kernel32.CreateEventW
0040A168 >7C80A4C7 kernel32.QueryPerformanceCounter
0040A16C >7C80AE40 kernel32.GetProcAddress
0040A170 >7C80B370 kernel32.GetDriveTypeW
0040A174 >7C80981A kernel32.InterlockedDecrement
0040A178 >7C80AC7E kernel32.FreeLibrary
0040A17C >7C80998B kernel32.GetCurrentThread
0040A180 >7C802336 kernel32.CreateProcessW
0040A184 >7C80AF05 kernel32.GetVersionExW
0040A188 >7C802446 kernel32.Sleep
0040A18C >7C80934A kernel32.GetTickCount
0040A190 >7C8131E0 kernel32.OpenEventW
0040A194 >7C802530 kernel32.WaitForSingleObject
0040A198 >7C80A0B7 kernel32.SetEvent
0040A19C >7C835309 kernel32.GetProcessTimes
0040A1A0 >7C8017E9 kernel32.GetSystemTimeAsFileTime
0040A1A4 >7C831EDD kernel32.DeleteFileA
0040A1A8 >7C8101B1 kernel32.lstrcpynA
0040A1AC >7C80EA35 kernel32.OpenMutexW
0040A1B0 >7C801D7B kernel32.LoadLibraryA
0040A1B4 >7C80B56F kernel32.GetModuleFileNameA
0040A1B8 >7C80B475 kernel32.GetModuleFileNameW
0040A1BC >7C8097D0 kernel32.GetCurrentThreadId
0040A1C0 >7C809806 kernel32.InterlockedIncrement
0040A1C4 >7C809AA9 kernel32.lstrlenW
0040A1C8 >7C80F194 kernel32.GetEnvironmentVariableW
0040A1CC >7C8310FA kernel32.GlobalMemoryStatus
0040A1D0 >7C82FA4E kernel32.QueryPerformanceFrequency
0040A1D4 >7C812DF6 kernel32.GetSystemInfo
0040A1D8 >7C80E4DD kernel32.GetModuleHandleW
0040A1DC >7C809F91 kernel32.InitializeCriticalSection
0040A1E0 >7C8106D7 kernel32.CreateThread
0040A1E4 >7C809BE7 kernel32.CloseHandle
0040A1E8 >7C80DE95 kernel32.GetCurrentProcess
0040A1EC >7C80982E kernel32.InterlockedExchange
0040A1F0 >7C809842 kernel32.InterlockedCompareExchange
0040A1F4 >7C801E54 kernel32.GetStartupInfoW
0040A1F8 >7C801E1A kernel32.TerminateProcess
0040A1FC >7C863FCA kernel32.UnhandledExceptionFilter
0040A200 >7C84495D kernel32.SetUnhandledExceptionFilter
0040A204 >7C813133 kernel32.IsDebuggerPresent
0040A208 >7C80C1A8 kernel32.SetThreadPriority
0040A20C >7C81025E kernel32.SetEnvironmentVariableW
0040A210 00000000
0040A214 >3182A6C0 KernelUt.Version::GetBuildVer
0040A218 >3182A6B0 KernelUt.Version::GetMinorVer
0040A21C >3182AB90 KernelUt.Version::GetVersionExW
0040A220 >31828030 KernelUt.Util::Sys::GetProgramBinDir
0040A224 >318287A0 KernelUt.Util::Sys::GetUserDataSaveSetting
0040A228 >318281C0 KernelUt.Util::Sys::GetProgramRootDir
0040A22C >3182A6A0 KernelUt.Version::GetMajorVer
0040A230 >31828CD0 KernelUt.Util::Sys::GetGlobalSysDir
0040A234 >3182A910 KernelUt.Version::Init
0040A23C >7C42F3D2 MSVCP80.std::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t> >::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t> >
0040A240 >7C431EE6 MSVCP80.std::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t> >::operator=
0040A244 >7C42EFB7 MSVCP80.??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
0040A248 >7C423195 MSVCP80.std::basic_string<char,std::char_traits<char>,std::allocator<char> >::~basic_string<char,std::char_traits<char>,std::allocator<char> >
0040A24C >7C4248C1 MSVCP80.std::basic_string<char,std::char_traits<char>,std::allocator<char> >::basic_string<char,std::char_traits<char>,std::allocator<char> >
0040A250 >7C431E49 MSVCP80.std::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t> >::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t> >
0040A254 >7C42F3B0 MSVCP80.std::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t> >::~basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t> >
0040A258 >7C4249CA MSVCP80.std::basic_string<char,std::char_traits<char>,std::allocator<char> >::basic_string<char,std::char_traits<char>,std::allocator<char> >
0040A25C >7C431EC0 MSVCP80.std::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t> >::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t> >
0040A260 00000000
0040A264 >7813174D MSVCR80._initterm_e
0040A268 >78139DB6 MSVCR80._configthreadlocale
0040A26C >781C3B20 offset MSVCR80._wcmdln
0040A270 >78131182 MSVCR80.__setusermatherr
0040A274 >781C44B4 offset MSVCR80._adjust_fdiv
0040A278 >7813201D MSVCR80.__p__commode
0040A27C >78131A3E MSVCR80.exit
0040A280 >78138D10 MSVCR80._XcptFilter
0040A284 >78131A4F MSVCR80._exit
0040A288 >78131A60 MSVCR80._cexit
0040A28C >78131CC3 MSVCR80.__wgetmainargs
0040A290 >781316C2 MSVCR80._amsg_exit
0040A294 >78134667 MSVCR80.terminate
0040A298 >78132039 MSVCR80.__p__fmode
0040A29C >7813113D MSVCR80.__set_app_type
0040A2A0 >7813BDA0 MSVCR80._except_handler4_common
0040A2A4 >781574FA MSVCR80.type_info::_type_info_dtor_internal_method
0040A2A8 >7813BD93 MSVCR80._crt_debugger_hook
0040A2AC >78138945 MSVCR80._invoke_watson
0040A2B0 >7814A7E9 MSVCR80._controlfp_s
0040A2B4 >78158AEB MSVCR80.__CxxFrameHandler3
0040A2B8 >78131733 MSVCR80._initterm
0040A2BC >78160E7D MSVCR80.operator delete
0040A2C0 >78138A94 MSVCR80._invalid_parameter_noinfo
0040A2C4 >78160E13 MSVCR80.operator new
0040A2C8 >78160E87 MSVCR80.operator delete[]
0040A2CC >78157253 MSVCR80.std::exception::exception
0040A2D0 >78157301 MSVCR80.std::exception::~exception
0040A2D4 >781C37D4 offset MSVCR80.__argc
0040A2D8 >78182857 MSVCR80._time64
0040A2DC >781C37DC offset MSVCR80.__wargv
0040A2E0 >781571DC MSVCR80.std::exception::exception
0040A2E4 >78180B36 MSVCR80.wcsncmp
0040A2E8 >7815329F MSVCR80._wtoi
0040A2EC >78158E43 MSVCR80._CxxThrowException
0040A2F0 >78144A20 MSVCR80.memset
0040A2F4 >78158AEB MSVCR80.__CxxFrameHandler3
0040A2F8 >781778F1 MSVCR80._snprintf
0040A2FC >78144FB0 MSVCR80.memcpy
0040A300 >781444D0 MSVCR80.strlen
0040A304 >7816990B MSVCR80._mbsrchr
0040A308 >781323EC MSVCR80._unlock
0040A30C >78138C50 MSVCR80.__dllonexit
0040A310 >78132B62 MSVCR80._encode_pointer
0040A314 >781324C4 MSVCR80._lock
0040A318 >78138C02 MSVCR80._onexit
0040A31C >78132BD9 MSVCR80._decode_pointer
0040A320 00000000
0040A324 >77D1940C user32.WaitMessage
0040A328 >77D277B8 user32.PostThreadMessageW
0040A32C >77D66534 user32.MessageBoxW
0040A330 >77D1929B user32.PeekMessageW
0040A334 >77D18BF6 user32.TranslateMessage
0040A338 >77D18A01 user32.DispatchMessageW
0040A33C 00000000
0040A340 >769AF6EA ole32.OleInitialize
0040A344 >769C87F2 ole32.CLSIDFromProgID
0040A348 >769AEE46 ole32.CoUninitialize
0040A34C >769E31E7 ole32.OleUninitialize
0040A350 >769B2A53 ole32.CoInitialize
0040A354 >769B057E ole32.CoCreateInstance
[/code]大家在分析一下,这些函数就会更加明白!以上的简要分析,可以证明不是.net 所发开的,WPF这个框架我本人没用过,不过他好象只能用在.net下,
如果是这样,证明qq2009不是用WPF开发!接下来我分析了一下,wxWidgets这个库的框架!通过分析用wxWidgets库所编写的TEST程序,和QQ2009入口的反汇编代码是出奇相似!!以上内容只用于个人学习,请不要用于它处,转载的人请说明!
声明一下:我在这里只扔个砖头,不知道有没有哪块玉给跳出来!