我是这样来做破解qq，做QQ外挂的 【二】

/*
 * v1.0 2005/09/11 04:34:21
 * @author sunwang<[email protected]>
 *
 */
怎么取到聊天对话框上的uin？

CAllInOneDlg出现时候，已经显示了用户的id，这个id怎么来的？
找几个成员函数和构造函数分析分析，争取能不用做offset+symbol来取号码，太老土了。
函数 CAllInOneStatusBar::GenStrShow 太值得分析了

1. 找出 明日帝国(42489549):找个美女过夜 这个东西熟悉哪个类的
 1.1 用mfcspy2查对话框
 1.2 用ida看vtbl属于哪个类，就搞定，原来是 CAllInOneStatusBar
 1.3 看看有什么成员函数可疑，看到了 CAllInOneStatusBar::GenStrShow
 1.4 goon....我靠，居然有个 void __thiscall CAllInOneStatusBar::SetUin(unsigned long)，这不就是我们要的么，还是
  导出函数
 1.5 分析代码知道，并不是一定要SetUin的，这样，可能hook有问题。看看CQQAllInOneDlg怎么引用这个函数的。
 1.6 随便找了一个引用SetUin的函数，发现 push    dword ptr [esi+2B68h],this+2b68=uin，现在看看这个this是不是CAllInOneDlg
 1.7 补齐CAllInOneDlg，找到 CQQAllInOneDlg__OnInitDialog，在里面看看有没有 2b68类似的，发现有！！！
  并且初始化的时候，[ecx+2b68]已经有了数据
 1.8 看来， CAllInOneStatusBar CQQAllInOneDlg是属于某一个对象的子对象，其ecx是相同的，所以，这个ecx应该就是CQQAllInOneDlg。
  (char*)CWndFromHandle(hAllInOneDlgWnd)+0x2b68，应该就是uin。现在就是要找这个ecx是哪个的了。一般，是在创建对象的时候，在
  构造函数里面给ecx赋值。
 1.9 分析CAllInOneDlg_vtbl的引用，找到构造函数CQQAllInOneDlg__constructor。注意，一般只有constructor和destructor才直接访问
  vtbl。然后找到new_CQQAllInOneDlg来调用new CQQAllInOneDlg__constructor。对象肯定是在heap里面，肯定先new一个空间，可以看看
  大小。
 1.10 找到new_CQQAllInOneDlg里面 ecx = new char[2f78]，然后CQQAllInOneDlg__constructor，果然呀，ecx = CQQAllInOneDlg。
 1.11 (char*)CWndFromHandle(hAllInOneDlgWnd)+0x2b68=uin
2. 总结一下思路
 2.1 发现了 CAllInOneStatusBar 包含 明日帝国(42489549):找个美女过夜，里面有uin，希望能找到这个uin
 2.2 发现 CAllInOneStatusBar 的SetUin是个导出函数，在QQAllInOne里面找引用的地方，发现了[ecx+2b68]=uin
 2.3 要找 ecx 是那个类的实例this？猜想是CAllInOneDlg，就看看CAllInOneDlg的OnInitDialog时候，[ecx+2b68]==uin
 2.4 用mfcspy2定位CAllInOneDlg的vtbl的file offset，idapro 找到vtbl修补好vtbl，找到OnInitDialog。用mfcspy2也可以直接看到。
 2.5 bp  CQQAllInOneDlg__OnInitDialog dd ecx+2b68，发现等于uin。说明ecx起码是CAllInOneDlg的父类this。
 2.6 找到CQQAllInOneDlg__constructor 和 new_CQQAllInOneDlg，根据vtbl的引用地址，确定ecx在new_CQQAllInOneDlg里面赋值。
 2.7 这样，确定了(char*)CWndFromHandle(hAllInOneDlgWnd)+0x2b68=uin。而CAllInOneStatusBar等都是CQQAllInOneDlg的成员。
3. 方案
 3.1 反汇编 QQAllInOne.dll!CQQAllInOneDlg::OnInitDialog(通过mfcspy2找到偏移)，找到[ecx+2b68]类似的东西，如下，关键是IsTMFriend。
  (char*)CWndFromHandle(hAllInOneDlgWnd)+0x2b68=uin
    3.2 或者找 CAllInOneStatusBar::SetUin(ulong)的引用，看看上下文，就知道了 //<---------最快了
    3.3 对CRecevDlg一样的处理方式，一般他的offset应该少1000h左右
/* 05beta2
.text:1005B788                 push    0
.text:1005B78A                 mov     [eax+48h], esi
.text:1005B78D                 push    dword ptr [esi+2B68h]
.text:1005B793                 push    dword ptr [esi+2CBCh]
.text:1005B799                 call    ds:?IsTMFriend@@YAHPAUIQQCore@@KPAH@Z ; IsTMFriend(IQQCore *,ulong,int *)
*/
/* 04II
.text:603C8F75                 lea     ecx, [esi+17B8h]
.text:603C8F7B                 push    dword ptr [esi+2024h]
.text:603C8F81                 call    ds:?SetUin@CAllInOneStatusBar@@QAEXK@Z ; CAllInOneStatusBar::SetUin(ulong)
*/
/* 05beta2
.text:1005835F                 lea     ecx, [esi+2228h]
.text:10058365                 push    dword ptr [esi+2B68h] ;  hehe
.text:1005836B                 call    ds:?SetUin@CAllInOneStatusBar@@QAEXK@Z ; CAllInOneStatusBar::SetUin(ulong)
*/   
/*CAllInOneStatusBar: 聊天对话框的状态条: 明日帝国(42489549):找个美女过夜
/* mfcspy2:
00030C62(Afx:41b0000:0,id=4367|17255)
HWND: 00030C62
class:02E171C0(CWnd,size=0x40)  //<-------大小才40，呵呵，肯定不是2B68h的host
CWnd:CCmdTarget:CObject

[+00]vtbl address=100E187C(QQBaseClassInDll.dll+0E187C)  //<-----------vtable，用ida480可以找到，jump file offset 0E187C
[+04]CCmdTarget::m_dwRef=1                                  //然后就知道，原来这个类叫 CAllInOneStatusBar
[+08]CCmdTarget::m_pOuterUnknown=00000000
[+0C]CCmdTarget::m_xInnerUnknown=00000000
[+10]CCmdTarget::m_xDispatch.m_vtbl=00000000
[+14]CCmdTarget::m_bResultExpected=00000001
[+18]CCmdTarget::m_xConnPtContainer.m_vtbl=00000000
[+1C]CCmdTarget::m_pModuleState=042B39B8
[+20]CWnd::m_hWnd=00030C62
[+24]CWnd::m_hWndOwner=00000000
[+28]CWnd::m_nFlags=00000000
[+2C]CWnd::m_pfnSuper=77D1D4EE
[+30]CWnd::m_nModalResult=00000000
[+34]CWnd::m_pDropTarget=00000000
[+38]CWnd::m_pCtrlCont=00000000
[+3C]CWnd::m_pCtrlSite=00000000

[vtbl+00]GetRuntimeClass         =100CCAE2->6BC428F4(MFC42.DLL+0028F4)
[vtbl+04]destructor              =1000B147(QQBaseClassInDll.dll+00B147)
[vtbl+08]Serialize               =1001DA5C(QQBaseClassInDll.dll+01DA5C)
[vtbl+0C]AssertValid             =10037344(QQBaseClassInDll.dll+037344)
[vtbl+10]Dump                    =1001DA5C(QQBaseClassInDll.dll+01DA5C)
[vtbl+14]OnCmdMsg                =100CCADC->6BC4223C(MFC42.DLL+00223C)
[vtbl+18]OnFinalRelease          =100CCAD6->6BC54481(MFC42.DLL+014481)
[vtbl+1C]IsInvokeAllowed         =100CCAD0->6BC53F13(MFC42.DLL+013F13)
[vtbl+20]GetDispatchIID          =100CCACA->6BC47129(MFC42.DLL+007129)
[vtbl+24]GetTypeInfoCount        =100CCAC4->6BC417E0(MFC42.DLL+0017E0)
[vtbl+28]GetTypeLibCache         =100CCABE->6BC417E0(MFC42.DLL+0017E0)
[vtbl+2C]GetTypeLib              =100CCAB8->6BC9E610(MFC42.DLL+05E610)
[vtbl+30]GetMessageMap           =1000B260(QQBaseClassInDll.dll+00B260)
[vtbl+34]GetCommandMap           =100CCAB2->6BC9E671(MFC42.DLL+05E671)
[vtbl+38]GetDispatchMap          =100CCAAC->6BC9E62D(MFC42.DLL+05E62D)
[vtbl+3C]GetConnectionMap        =100CCAA6->6BC9E66B(MFC42.DLL+05E66B)
[vtbl+40]GetInterfaceMap         =100CCAA0->6BC56A75(MFC42.DLL+016A75)
[vtbl+44]GetEventSinkMap         =100CCA9A->6BC9E633(MFC42.DLL+05E633)
[vtbl+48]OnCreateAggregates      =100CCA94->6BC41A47(MFC42.DLL+001A47)
[vtbl+4C]GetInterfaceHook        =100CCA8E->6BC47129(MFC42.DLL+007129)
[vtbl+50]GetExtraConnectionPoints=100CCA88->6BC47129(MFC42.DLL+007129)
[vtbl+54]GetConnectionHook       =100CCA82->6BC47129(MFC42.DLL+007129)
[vtbl+58]PreSubclassWindow       =100CCA7C->6BC44444(MFC42.DLL+004444)
[vtbl+5C]Create                  =100CCA76->6BC4C61A(MFC42.DLL+00C61A)
[vtbl+60]DestroyWindow           =100CCA70->6BC45BF6(MFC42.DLL+005BF6)
[vtbl+64]PreCreateWindow         =100CCA6A->6BC4DDE8(MFC42.DLL+00DDE8)
[vtbl+68]CalcWindowRect          =100CCA64->6BC4DFA8(MFC42.DLL+00DFA8)
[vtbl+6C]OnToolHitTest           =100CCA5E->6BC9C2AE(MFC42.DLL+05C2AE)
[vtbl+70]GetScrollBarCtrl        =100CCA58->6BC47129(MFC42.DLL+007129)
[vtbl+74]WinHelpA                =100CCA52->6BC9C587(MFC42.DLL+05C587)
[vtbl+78]ContinueModal           =100CCA4C->6BC56913(MFC42.DLL+016913)
[vtbl+7C]EndModalLoop            =100CCA46->6BC56956(MFC42.DLL+016956)
[vtbl+80]OnCommand               =100CCA40->6BC4291C(MFC42.DLL+00291C)
[vtbl+84]OnNotify                =100CCA3A->6BC43290(MFC42.DLL+003290)
[vtbl+88]GetSuperWndProcAddr     =100CCA34->6BC44440(MFC42.DLL+004440)
[vtbl+8C]DoDataExchange          =1001DA5C(QQBaseClassInDll.dll+01DA5C)
[vtbl+90]BeginModalState         =1000A741(QQBaseClassInDll.dll+00A741)
[vtbl+94]EndModalState           =1000A74D(QQBaseClassInDll.dll+00A74D)
[vtbl+98]PreTranslateMessage     =100CCA2E->6BC414EF(MFC42.DLL+0014EF)
[vtbl+9C]OnAmbientProperty       =100CCA28->6BC9E06A(MFC42.DLL+05E06A)
[vtbl+A0]WindowProc              =100CCA22->6BC41CC8(MFC42.DLL+001CC8)
[vtbl+A4]OnWndMsg                =100CCA1C->6BC41D0C(MFC42.DLL+001D0C)
[vtbl+A8]DefWindowProcA          =100CCA16->6BC420CE(MFC42.DLL+0020CE)
[vtbl+AC]PostNcDestroy           =100CCA10->6BC44444(MFC42.DLL+004444)
[vtbl+B0]OnChildNotify           =100CCA0A->6BC4271D(MFC42.DLL+00271D)
[vtbl+B4]CheckAutoCenter         =100CCA04->6BC41A47(MFC42.DLL+001A47)
[vtbl+B8]IsFrameWnd              =100CC9FE->6BC417E0(MFC42.DLL+0017E0)
[vtbl+BC]SetOccDialogInfo        =100CC9F8->6BC47129(MFC42.DLL+007129)

message map=100E16F0(QQBaseClassInDll.dll+0E16F0)
msg map entries at 100E16F8(QQBaseClassInDll.dll+0E16F8)
OnMsg:WM_CREATE(0001),func=1000B266(QQBaseClassInDll.dll+00B266)
OnCommand: notifycode=0000 id=0546,func=1000B551(QQBaseClassInDll.dll+00B551)
OnCommand: notifycode=0000 id=32d1,func=1000B518(QQBaseClassInDll.dll+00B518)
OnMsg:WM_ERASEBKGND(0014),func=1000B5A8(QQBaseClassInDll.dll+00B5A8)
OnMsg:0D5E,func=1000B593(QQBaseClassInDll.dll+00B593)
OnCommand: notifycode=0000 id=3331,func=1000CB56(QQBaseClassInDll.dll+00CB56)
OnMsg:WM_SIZE(0005),func=1000B3B8(QQBaseClassInDll.dll+00B3B8)
OnMsg:WM_TIMER(0113),func=1000C9FB(QQBaseClassInDll.dll+00C9FB)
OnNotify: notifycode=fd2e id=0547,func=1000C33E(QQBaseClassInDll.dll+00C33E)
*/

/*CAllInOneStatusBar::GenStrShow(void)
.text:1000B8A3 ; public: void __thiscall CAllInOneStatusBar::GenStrShow(void)
.text:1000B8A3                 public ?GenStrShow@CAllInOneStatusBar@@QAEXXZ
.text:1000B8A3 ?GenStrShow@CAllInOneStatusBar@@QAEXXZ proc near
.text:1000B8A3                                         ; CODE XREF: CAllInOneStatusBar::SetName(CString,CString)+4Dp
.text:1000B8A3                                         ; CAllInOneStatusBar::SetStatus(CString)+22p ...
.text:1000B8A3
.text:1000B8A3 Rect            = tagRECT ptr -10h
.text:1000B8A3
.text:1000B8A3                 sub     esp, 10h
.text:1000B8A6                 push    ebx
.text:1000B8A7                 push    ebp
.text:1000B8A8                 push    esi
.text:1000B8A9                 mov     esi, ecx        ; ecx-->this-->esi
.text:1000B8AB                 xor     ebp, ebp
.text:1000B8AD                 push    edi
.text:1000B8AE                 mov     ecx, [esi+340h]  ;//<-----------偏移340h就是uin，很有用!!!!!!!!!!!!
.text:1000B8B4                 mov     ebx, offset aS_0 ; "%s"
.text:1000B8B9                 cmp     ecx, ebp
.text:1000B8BB                 jz      short loc_1000B90B
.text:1000B8BD                 cmp     [esi+354h], ebp
.text:1000B8C3                 jz      short loc_1000B90B
.text:1000B8C5                 mov     edx, [esi+20Ch]
.text:1000B8CB                 lea     eax, [esi+20Ch]
.text:1000B8D1                 lea     edi, [esi+338h]
.text:1000B8D7                 cmp     [edx-8], ebp
.text:1000B8DA                 jle     short loc_1000B8F4
.text:1000B8DC                 push    edx             ; friendly name
.text:1000B8DD                 push    ecx             ; uin
.text:1000B8DE                 push    dword ptr [esi+214h] ; nickname
.text:1000B8E4                 push    offset aSDS     ; "%s(%d): %s"
.text:1000B8E9                 push    edi             ; m_strStatusBarString
.text:1000B8EA                 call    ?Format@CString@@QAAXPBDZZ ; CString::Format(char const *,...)
.text:1000B8EF                 add     esp, 14h
.text:1000B8F2                 jmp     short loc_1000B921
.text:1000B8F4 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
.text:1000B8F4
.text:1000B8F4 loc_1000B8F4:                           ; CODE XREF: CAllInOneStatusBar::GenStrShow(void)+37j
.text:1000B8F4                 push    ecx
.text:1000B8F5                 push    dword ptr [esi+214h]
.text:1000B8FB                 push    offset aSD      ; "%s(%d)"
.text:1000B900                 push    edi
.text:1000B901                 call    ?Format@CString@@QAAXPBDZZ ; CString::Format(char const *,...)
.text:1000B906                 add     esp, 10h
.text:1000B909                 jmp     short loc_1000B921
.text:1000B90B ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
.text:1000B90B
.text:1000B90B loc_1000B90B:                           ; CODE XREF: CAllInOneStatusBar::GenStrShow(void)+18j
.text:1000B90B                                         ; CAllInOneStatusBar::GenStrShow(void)+20j
.text:1000B90B                 push    dword ptr [esi+214h]
.text:1000B911                 lea     edi, [esi+338h]
.text:1000B917                 push    ebx
.text:1000B918                 push    edi
.text:1000B919                 call    ?Format@CString@@QAAXPBDZZ ; CString::Format(char const *,...)
.text:1000B91E                 add     esp, 0Ch
.text:1000B921
.text:1000B921 loc_1000B921:                           ; CODE XREF: CAllInOneStatusBar::GenStrShow(void)+4Fj
.text:1000B921                                         ; CAllInOneStatusBar::GenStrShow(void)+66j
.text:1000B921                 cmp     [esi+354h], ebp
.text:1000B927                 jnz     short loc_1000B96B
.text:1000B929                 mov     ecx, [esi+20Ch]
.text:1000B92F                 lea     eax, [esi+20Ch]
.text:1000B935                 cmp     [ecx-8], ebp
.text:1000B938                 jle     short loc_1000B951
.text:1000B93A                 push    ecx
.text:1000B93B                 push    dword ptr [esi+214h]
.text:1000B941                 push    offset aSS      ; "%s: %s"
.text:1000B946                 push    edi
.text:1000B947                 call    ?Format@CString@@QAAXPBDZZ ; CString::Format(char const *,...)
.text:1000B94C                 add     esp, 10h
.text:1000B94F                 jmp     short loc_1000B961
.text:1000B951 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
.text:1000B951
.text:1000B951 loc_1000B951:                           ; CODE XREF: CAllInOneStatusBar::GenStrShow(void)+95j
.text:1000B951                 push    dword ptr [esi+214h]
.text:1000B957                 push    ebx
.text:1000B958                 push    edi
.text:1000B959                 call    ?Format@CString@@QAAXPBDZZ ; CString::Format(char const *,...)
.text:1000B95E                 add     esp, 0Ch
.text:1000B961
.text:1000B961 loc_1000B961:                           ; CODE XREF: CAllInOneStatusBar::GenStrShow(void)+ACj
.text:1000B961                 mov     dword ptr [esi+80h], 1
.text:1000B96B
.text:1000B96B loc_1000B96B:                           ; CODE XREF: CAllInOneStatusBar::GenStrShow(void)+84j
.text:1000B96B                 mov     eax, [esi+334h]
.text:1000B971                 lea     edi, [esi+334h]
.text:1000B977                 cmp     eax, ebp
.text:1000B979                 jz      short loc_1000B984
.text:1000B97B                 push    eax
.text:1000B97C                 call    ??3@YAXPAX@Z    ; operator delete(void *)
.text:1000B981                 pop     ecx
.text:1000B982                 mov     [edi], ebp
.text:1000B984
.text:1000B984 loc_1000B984:                           ; CODE XREF: CAllInOneStatusBar::GenStrShow(void)+D6j
.text:1000B984                 mov     ecx, esi
.text:1000B986                 call    ?SplitStrShow@CAllInOneStatusBar@@IAEHXZ ; CAllInOneStatusBar::SplitStrShow(void)
.text:1000B98B                 push    dword ptr [esi+20h] ; hWnd
.text:1000B98E                 mov     ebx, eax
.text:1000B990                 call    ds:GetParent
.text:1000B996                 push    eax
.text:1000B997                 call    ?FromHandle@CWnd@@SGPAV1@PAUHWND__@@@Z ; CWnd::FromHandle(HWND__ *)
.text:1000B99C                 mov     edi, eax
.text:1000B99E                 lea     eax, [esp+20h+Rect]
.text:1000B9A2                 push    eax             ; lpRect
.text:1000B9A3                 push    dword ptr [esi+20h] ; hWnd
.text:1000B9A6                 call    ds:GetWindowRect
.text:1000B9AC                 cmp     ebx, ebp
.text:1000B9AE                 lea     eax, [esi+210h]
.text:1000B9B4                 jz      short loc_1000B9C7
.text:1000B9B6                 cmp     dword ptr [eax], 18h
.text:1000B9B9                 jnz     short loc_1000B9E4
.text:1000B9BB                 push    18h
.text:1000B9BD                 mov     dword ptr [eax], 24h
.text:1000B9C3                 push    24h
.text:1000B9C5                 jmp     short loc_1000B9D6
.text:1000B9C7 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
.text:1000B9C7
.text:1000B9C7 loc_1000B9C7:                           ; CODE XREF: CAllInOneStatusBar::GenStrShow(void)+111j
.text:1000B9C7                 cmp     dword ptr [eax], 24h
.text:1000B9CA                 jnz     short loc_1000B9E4
.text:1000B9CC                 push    24h             ; lParam
.text:1000B9CE                 mov     dword ptr [eax], 18h
.text:1000B9D4                 push    18h             ; wParam
.text:1000B9D6
.text:1000B9D6 loc_1000B9D6:                           ; CODE XREF: CAllInOneStatusBar::GenStrShow(void)+122j
.text:1000B9D6                 push    920h            ; Msg
.text:1000B9DB                 push    dword ptr [edi+20h] ; hWnd
.text:1000B9DE                 call    ds:SendMessageA
.text:1000B9E4
.text:1000B9E4 loc_1000B9E4:                           ; CODE XREF: CAllInOneStatusBar::GenStrShow(void)+116j
.text:1000B9E4                                         ; CAllInOneStatusBar::GenStrShow(void)+127j
.text:1000B9E4                 pop     edi
.text:1000B9E5                 pop     esi
.text:1000B9E6                 pop     ebp
.text:1000B9E7                 pop     ebx
.text:1000B9E8                 add     esp, 10h
.text:1000B9EB                 retn
.text:1000B9EB ?GenStrShow@CAllInOneStatusBar@@QAEXXZ endp
*/

/*
HWND: 00100B02
class:02C8F6E8(CQQAllInOneDlg,size=0x2e78)
CQQAllInOneDlg:CDialog:CWnd:CCmdTarget:CObject

[+00]vtbl address=03EF26C0(QQAllInOne.dll+0D26C0)     //<-----------vtable，用ida480可以找到，jump file offset 0de6c0。windbg反汇编不好
[+04]CCmdTarget::m_dwRef=1        // idapro对mfc的vtbl识别不好，使用mfcspy2的vtbl，将 vtbl的sub_xxx改名。
[+08]CCmdTarget::m_pOuterUnknown=00000000
[+0C]CCmdTarget::m_xInnerUnknown=00000000
[+10]CCmdTarget::m_xDispatch.m_vtbl=00000000
[+14]CCmdTarget::m_bResultExpected=00000001
[+18]CCmdTarget::m_xConnPtContainer.m_vtbl=00000000
[+1C]CCmdTarget::m_pModuleState=03F239B8
[+20]CWnd::m_hWnd=00100B02
[+24]CWnd::m_hWndOwner=00000000
[+28]CWnd::m_nFlags=00000110
[+2C]CWnd::m_pfnSuper=77D3E54F
[+30]CWnd::m_nModalResult=FFFFFFFF
[+34]CWnd::m_pDropTarget=02CA4B68
[+38]CWnd::m_pCtrlCont=00000000
[+3C]CWnd::m_pCtrlSite=00000000
[+40]CDialog::m_nIDHelp=00001B67
[+44]CDialog::m_lpszTemplateName=00001B67
[+48]CDialog::m_hDialogTemplate=00000000
[+4C]CDialog::m_lpDialogTemplate=00000000
[+50]CDialog::m_lpDialogInit=00000000
[+54]CDialog::m_pParentWnd=(CWnd*)00000000
[+58]CDialog::m_hWndTop=(HWND)00000000
[+5C]CDialog::m_pOccDialogInfo=00000000

[vtbl+00]GetRuntimeClass         =03E77204(QQAllInOne.dll+057204)
[vtbl+04]destructor              =03E77848(QQAllInOne.dll+057848)
[vtbl+08]Serialize               =03E21DA3(QQAllInOne.dll+001DA3)
[vtbl+0C]AssertValid             =03E21DA6(QQAllInOne.dll+001DA6)
[vtbl+10]Dump                    =03E21DA3(QQAllInOne.dll+001DA3)
[vtbl+14]OnCmdMsg                =03ECE272->6BC48FAA(MFC42.DLL+008FAA)
[vtbl+18]OnFinalRelease          =03ECE236->6BC54481(MFC42.DLL+014481)
[vtbl+1C]IsInvokeAllowed         =03ECE230->6BC53F13(MFC42.DLL+013F13)
[vtbl+20]GetDispatchIID          =03ECE22A->6BC47129(MFC42.DLL+007129)
[vtbl+24]GetTypeInfoCount        =03ECE224->6BC417E0(MFC42.DLL+0017E0)
[vtbl+28]GetTypeLibCache         =03ECE21E->6BC417E0(MFC42.DLL+0017E0)
[vtbl+2C]GetTypeLib              =03ECE218->6BC9E610(MFC42.DLL+05E610)
[vtbl+30]GetMessageMap           =03E787AB(QQAllInOne.dll+0587AB)
[vtbl+34]GetCommandMap           =03ECE20C->6BC9E671(MFC42.DLL+05E671)
[vtbl+38]GetDispatchMap          =03ECE206->6BC9E62D(MFC42.DLL+05E62D)
[vtbl+3C]GetConnectionMap        =03ECE200->6BC9E66B(MFC42.DLL+05E66B)
[vtbl+40]GetInterfaceMap         =03E787B1(QQAllInOne.dll+0587B1)
[vtbl+44]GetEventSinkMap         =03ECE1F4->6BC9E633(MFC42.DLL+05E633)
[vtbl+48]OnCreateAggregates      =03ECE1EE->6BC41A47(MFC42.DLL+001A47)
[vtbl+4C]GetInterfaceHook        =03ECE1E8->6BC47129(MFC42.DLL+007129)
[vtbl+50]GetExtraConnectionPoints=03ECE1E2->6BC47129(MFC42.DLL+007129)
[vtbl+54]GetConnectionHook       =03ECE1DC->6BC47129(MFC42.DLL+007129)
[vtbl+58]PreSubclassWindow       =03ECE1D6->6BC44444(MFC42.DLL+004444)
[vtbl+5C]Create                  =03ECE28A->6BC4C61A(MFC42.DLL+00C61A)
[vtbl+60]DestroyWindow           =03ECE1D0->6BC45BF6(MFC42.DLL+005BF6)
[vtbl+64]PreCreateWindow         =03ECE1CA->6BC4DDE8(MFC42.DLL+00DDE8)
[vtbl+68]CalcWindowRect          =03ECE1C4->6BC4DFA8(MFC42.DLL+00DFA8)
[vtbl+6C]OnToolHitTest           =03ECE1BE->6BC9C2AE(MFC42.DLL+05C2AE)
[vtbl+70]GetScrollBarCtrl        =03ECE1B8->6BC47129(MFC42.DLL+007129)
[vtbl+74]WinHelpA                =03ECE1B2->6BC9C587(MFC42.DLL+05C587)
[vtbl+78]ContinueModal           =03ECE1AC->6BC56913(MFC42.DLL+016913)
[vtbl+7C]EndModalLoop            =03ECE1A6->6BC56956(MFC42.DLL+016956)
[vtbl+80]OnCommand               =03ECE1A0->6BC4291C(MFC42.DLL+00291C)
[vtbl+84]OnNotify                =03ECE19A->6BC43290(MFC42.DLL+003290)
[vtbl+88]GetSuperWndProcAddr     =03ECE194->6BC44440(MFC42.DLL+004440)
[vtbl+8C]DoDataExchange          =03E78793(QQAllInOne.dll+058793)
[vtbl+90]BeginModalState         =03E21DA7(QQAllInOne.dll+001DA7)
[vtbl+94]EndModalState           =03E21DB3(QQAllInOne.dll+001DB3)
[vtbl+98]PreTranslateMessage     =03E78963(QQAllInOne.dll+058963)
[vtbl+9C]OnAmbientProperty       =03ECE188->6BC9E06A(MFC42.DLL+05E06A)
[vtbl+A0]WindowProc              =03ECE182->6BC41CC8(MFC42.DLL+001CC8)
[vtbl+A4]OnWndMsg                =03ECE17C->6BC41D0C(MFC42.DLL+001D0C)
[vtbl+A8]DefWindowProcA          =03ECE176->6BC420CE(MFC42.DLL+0020CE)
[vtbl+AC]PostNcDestroy           =03E7AF23(QQAllInOne.dll+05AF23)
[vtbl+B0]OnChildNotify           =03ECE16A->6BC4271D(MFC42.DLL+00271D)
[vtbl+B4]CheckAutoCenter         =03ECE266->6BC49789(MFC42.DLL+009789)
[vtbl+B8]IsFrameWnd              =03ECE15E->6BC417E0(MFC42.DLL+0017E0)
[vtbl+BC]SetOccDialogInfo        =03ECE260->6BC9D6C7(MFC42.DLL+05D6C7)
[vtbl+C0]DoModal                 =03ECE25A->6BC56AB1(MFC42.DLL+016AB1)
[vtbl+C4]OnInitDialog            =03E7B550(QQAllInOne.dll+05B550)
[vtbl+C8]OnSetFont               =03ECE254->6BC4466E(MFC42.DLL+00466E)
[vtbl+CC]OnOK                    =03E81574(QQAllInOne.dll+061574)
[vtbl+D0]OnCancel                =03E7A534(QQAllInOne.dll+05A534)
[vtbl+D4]PreInitDialog           =03ECE24E->6BC44444(MFC42.DLL+004444)

message map=03EF10B0(QQAllInOne.dll+0D10B0)
msg map entries at 03EF10B8(QQAllInOne.dll+0D10B8)
OnMsg:095B,func=03E9CED2(QQAllInOne.dll+07CED2)
OnMsg:0959,func=03E9CD04(QQAllInOne.dll+07CD04)
OnMsg:0956,func=03E9C919(QQAllInOne.dll+07C919)
OnMsg:0954,func=03E9C6F2(QQAllInOne.dll+07C6F2)
OnMsg:08D2,func=03E89D13(QQAllInOne.dll+069D13)
OnMsg:08D3,func=03E89D25(QQAllInOne.dll+069D25)
OnMsg:WM_CLOSE(0010),func=03E89F84(QQAllInOne.dll+069F84)
OnMsg:WM_ACTIVATE(0006),func=03E89D33(QQAllInOne.dll+069D33)
OnMsg:WM_MEASUREITEM(002c),func=03E871C3(QQAllInOne.dll+0671C3)
OnMsg:WM_DROPFILES(0233),func=03E7912B(QQAllInOne.dll+05912B)
OnMsg:WM_ERASEBKGND(0014),func=03E78E5A(QQAllInOne.dll+058E5A)
OnMsg:WM_CTLCOLOR(0019),func=03E78F24(QQAllInOne.dll+058F24)
OnMsg:WM_DESTROY(0002),func=03E7AE3C(QQAllInOne.dll+05AE3C)
OnMsg:WM_PAINT(000f),func=03E78F1F->6BC418DD(MFC42.DLL+0018DD)
OnMsg:WM_CREATE(0001),func=03E78F38(QQAllInOne.dll+058F38)
OnMsg:WM_SIZE(0005),func=03E795A1(QQAllInOne.dll+0595A1)
OnMsg:WM_COPYDATA(004a),func=03E22D27(QQAllInOne.dll+002D27)
OnMsg:WM_TIMER(0113),func=03E78028(QQAllInOne.dll+058028)
OnCommand: notifycode=0000 id=0186,func=03E7F1D8(QQAllInOne.dll+05F1D8)
OnCommand: notifycode=0000 id=0405,func=03E874CB(QQAllInOne.dll+0674CB)
OnCommand: notifycode=0000 id=077e,func=03E9CEB8(QQAllInOne.dll+07CEB8)
OnCommand: notifycode=0000 id=0406,func=03E7A524(QQAllInOne.dll+05A524)
OnMsg:066E,func=03E7FD2B(QQAllInOne.dll+05FD2B)
OnMsg:066F,func=03E83219(QQAllInOne.dll+063219)
OnMsg:0958,func=03E9C994(QQAllInOne.dll+07C994)
OnMsg:0670,func=03E8329C(QQAllInOne.dll+06329C)
OnMsg:067A,func=03E83CA8(QQAllInOne.dll+063CA8)
OnMsg:0679,func=03E83BE7(QQAllInOne.dll+063BE7)
OnMsg:0671,func=03E8298A(QQAllInOne.dll+06298A)
OnMsg:0672,func=03E82D2B(QQAllInOne.dll+062D2B)
OnMsg:068F,func=03E83149(QQAllInOne.dll+063149)
OnMsg:0690,func=03E83155(QQAllInOne.dll+063155)
OnMsg:0691,func=03E83170(QQAllInOne.dll+063170)
OnMsg:0692,func=03E831C1(QQAllInOne.dll+0631C1)
OnMsg:0693,func=03E83197(QQAllInOne.dll+063197)
OnMsg:0694,func=03E831EB(QQAllInOne.dll+0631EB)
OnMsg:06B2,func=03E90639(QQAllInOne.dll+070639)
OnMsg:06B1,func=03E905D7(QQAllInOne.dll+0705D7)
OnMsg:0949,func=03E99C89(QQAllInOne.dll+079C89)
OnMsg:06AF,func=03E906F4(QQAllInOne.dll+0706F4)
OnMsg:06AE,func=03E906F4(QQAllInOne.dll+0706F4)
OnMsg:06B3,func=03E908D0(QQAllInOne.dll+0708D0)
OnMsg:0673,func=03E87C9C(QQAllInOne.dll+067C9C)
OnMsg:0674,func=03E88E27(QQAllInOne.dll+068E27)
OnMsg:0675,func=03E89113(QQAllInOne.dll+069113)
OnMsg:0800,func=03E8938E(QQAllInOne.dll+06938E)
OnMsg:06A2,func=03E8DFAC(QQAllInOne.dll+06DFAC)
OnMsg:0676,func=03E811F8(QQAllInOne.dll+0611F8)
OnMsg:0677,func=03E88DD4(QQAllInOne.dll+068DD4)
OnMsg:06B0,func=03E893AD(QQAllInOne.dll+0693AD)
OnMsg:162B,func=03E893E4(QQAllInOne.dll+0693E4)
OnMsg:067D,func=03E8942E(QQAllInOne.dll+06942E)
OnMsg:0678,func=03E89A4D(QQAllInOne.dll+069A4D)
OnMsg:067F,func=03E89A65(QQAllInOne.dll+069A65)
OnMsg:067B,func=03E83EEE(QQAllInOne.dll+063EEE)
OnMsg:067C,func=03E83F6B(QQAllInOne.dll+063F6B)
OnMsg:06A9,func=03E79279(QQAllInOne.dll+059279)
OnMsg:0682,func=03E8B69B(QQAllInOne.dll+06B69B)
OnMsg:0683,func=03E8B8CF(QQAllInOne.dll+06B8CF)
OnMsg:0684,func=03E8B8E7(QQAllInOne.dll+06B8E7)
OnMsg:0685,func=03E8B8FF(QQAllInOne.dll+06B8FF)
OnMsg:0686,func=03E8B917(QQAllInOne.dll+06B917)
OnMsg:0687,func=03E8B92F(QQAllInOne.dll+06B92F)
OnMsg:0688,func=03E8B947(QQAllInOne.dll+06B947)
OnMsg:068A,func=03E8B95F(QQAllInOne.dll+06B95F)
OnMsg:068B,func=03E8B995(QQAllInOne.dll+06B995)
OnMsg:068C,func=03E8B9A9(QQAllInOne.dll+06B9A9)
OnMsg:068D,func=03E8B9BD(QQAllInOne.dll+06B9BD)
OnMsg:068E,func=03E8B9D1(QQAllInOne.dll+06B9D1)
OnCommand: notifycode=0000 id=7d64 to 7e22,func=03E871ED(QQAllInOne.dll+0671ED)
OnCommand: notifycode=0000 id=80ea,func=03E8A5AC(QQAllInOne.dll+06A5AC)
OnCommand: notifycode=0000 id=80eb,func=03E8A5C9(QQAllInOne.dll+06A5C9)
OnCommand: notifycode=0000 id=80ec,func=03E8AD9C(QQAllInOne.dll+06AD9C)
UpdateCmdUI: id=0401,func=03E7E755(QQAllInOne.dll+05E755)
UpdateCmdUI: id=03e9,func=03E7E7FC(QQAllInOne.dll+05E7FC)
UpdateCmdUI: id=03f0,func=03E52289(QQAllInOne.dll+032289)
UpdateCmdUI: id=03f5,func=03E8FE04(QQAllInOne.dll+06FE04)
UpdateCmdUI: id=03ed,func=03E52289(QQAllInOne.dll+032289)
UpdateCmdUI: id=03ee,func=03E52289(QQAllInOne.dll+032289)
OnCommand: notifycode=0000 id=03e9,func=03E7EACC(QQAllInOne.dll+05EACC)
OnCommand: notifycode=0000 id=03e8,func=03E7E882(QQAllInOne.dll+05E882)
OnCommand: notifycode=0000 id=d2f3,func=03E9329A(QQAllInOne.dll+07329A)
OnMsg:06B8,func=03E91DF3(QQAllInOne.dll+071DF3)
OnMsg:06B9,func=03E91DFB(QQAllInOne.dll+071DFB)
OnCommand: notifycode=0000 id=03ec,func=03E7EC80(QQAllInOne.dll+05EC80)
OnCommand: notifycode=0000 id=03ef,func=03E89C14(QQAllInOne.dll+069C14)
OnCommand: notifycode=0000 id=03f0,func=03E89A75(QQAllInOne.dll+069A75)
OnCommand: notifycode=0000 id=7e90 to 80e8,func=03E894AB(QQAllInOne.dll+0694AB)
OnCommand: notifycode=0000 id=8534 to 878c,func=03E8F729(QQAllInOne.dll+06F729)
OnCommand: notifycode=0000 id=8533,func=03E8FAF4(QQAllInOne.dll+06FAF4)
OnCommand: notifycode=0000 id=80e9,func=03E89644(QQAllInOne.dll+069644)
OnCommand: notifycode=0000 id=814c to 82dc,func=03E89819(QQAllInOne.dll+069819)
OnCommand: notifycode=0000 id=82dd,func=03E8984E(QQAllInOne.dll+06984E)
OnCommand: notifycode=0000 id=03ed,func=03E8A5E6(QQAllInOne.dll+06A5E6)
OnCommand: notifycode=0000 id=03ee,func=03E89659(QQAllInOne.dll+069659)
OnCommand: notifycode=0000 id=33b5,func=03E7EC48(QQAllInOne.dll+05EC48)
OnCommand: notifycode=0000 id=0401,func=03E9C55E(QQAllInOne.dll+07C55E)
OnCommand: notifycode=0000 id=03f7,func=03E8AEE7(QQAllInOne.dll+06AEE7)
OnCommand: notifycode=0000 id=03f8,func=03E931D1(QQAllInOne.dll+0731D1)
OnCommand: notifycode=0000 id=03fa,func=03E9767A(QQAllInOne.dll+07767A)
OnCommand: notifycode=0000 id=03f5,func=03E9089A(QQAllInOne.dll+07089A)
OnCommand: notifycode=0000 id=03f6,func=03E9089A(QQAllInOne.dll+07089A)
UpdateCmdUI: id=03f6,func=03E52289(QQAllInOne.dll+032289)
OnMsg:06B4,func=03E91050(QQAllInOne.dll+071050)
OnMsg:06B5,func=03E910D0(QQAllInOne.dll+0710D0)
OnMsg:0464,func=03E7F1B3(QQAllInOne.dll+05F1B3)
OnMsg:06BC,func=03E83FF6(QQAllInOne.dll+063FF6)
OnCommand: notifycode=0300 id=037e,func=03E80B7B(QQAllInOne.dll+060B7B)
OnCommand: notifycode=0200 id=037e,func=03E8D732(QQAllInOne.dll+06D732)
OnCommand: notifycode=0501 id=037e,func=03E8116E(QQAllInOne.dll+06116E)
OnMsg:0496,func=03E7F45D(QQAllInOne.dll+05F45D)
OnMsg:067E,func=03E83FDC(QQAllInOne.dll+063FDC)
OnMsg:050E,func=03E8A467(QQAllInOne.dll+06A467)
OnMsg:0681,func=03E8AA16(QQAllInOne.dll+06AA16)
OnMsg:052D,func=03E8CDBC(QQAllInOne.dll+06CDBC)
OnMsg:052E,func=03E8CE3C(QQAllInOne.dll+06CE3C)
OnMsg:052F,func=03E8D1B2(QQAllInOne.dll+06D1B2)
OnMsg:0530,func=03E8D0E2(QQAllInOne.dll+06D0E2)
OnMsg:069E,func=03E8D483(QQAllInOne.dll+06D483)
OnMsg:069F,func=03E8D76C(QQAllInOne.dll+06D76C)
OnMsg:06A0,func=03E8DADC(QQAllInOne.dll+06DADC)
OnMsg:06A1,func=03E8DC19(QQAllInOne.dll+06DC19)
OnMsg:06A4,func=03E8F620(QQAllInOne.dll+06F620)
OnMsg:06A6,func=03E8FB5F(QQAllInOne.dll+06FB5F)
OnMsg:06AA,func=03E900F6(QQAllInOne.dll+0700F6)
OnMsg:06AB,func=03E90100(QQAllInOne.dll+070100)
OnMsg:06AC,func=03E90130(QQAllInOne.dll+070130)
OnMsg:06AD,func=03E905BB(QQAllInOne.dll+0705BB)
OnMsg:095A,func=03E9CDAF(QQAllInOne.dll+07CDAF)
OnMsg:06B6,func=03E7A943(QQAllInOne.dll+05A943)
OnMsg:069D,func=03E91DBC(QQAllInOne.dll+071DBC)
OnNotify: notifycode=0001 id=e814,func=03E8ECC8(QQAllInOne.dll+06ECC8)
OnCommand: notifycode=0000 id=84d1,func=03E8E111(QQAllInOne.dll+06E111)
OnCommand: notifycode=0000 id=84d2,func=03E8E2B5->03E83359(QQAllInOne.dll+063359)
OnCommand: notifycode=0000 id=84d3,func=03E8E2BA(QQAllInOne.dll+06E2BA)
OnCommand: notifycode=0000 id=84d4,func=03E91F18(QQAllInOne.dll+071F18)
OnCommand: notifycode=0000 id=84d0,func=03E8E5F0(QQAllInOne.dll+06E5F0)
OnCommand: notifycode=0000 id=84df,func=03E8E8C4(QQAllInOne.dll+06E8C4)
OnCommand: notifycode=0000 id=84e6,func=03E8DFCB(QQAllInOne.dll+06DFCB)
OnCommand: notifycode=0000 id=84f0,func=03E8ADB9(QQAllInOne.dll+06ADB9)
OnCommand: notifycode=0000 id=84e7,func=03E9CBA4(QQAllInOne.dll+07CBA4)
OnCommand: notifycode=0000 id=84d9,func=03E8EC58(QQAllInOne.dll+06EC58)
OnCommand: notifycode=0000 id=84e1,func=03E95BB4(QQAllInOne.dll+075BB4)
OnCommand: notifycode=0000 id=84db,func=03E8EC99(QQAllInOne.dll+06EC99)
OnCommand: notifycode=0000 id=03ea,func=03E7EDCB(QQAllInOne.dll+05EDCB)
OnCommand: notifycode=0000 id=03f3,func=03E8DB34(QQAllInOne.dll+06DB34)
OnCommand: notifycode=0000 id=6211,func=03E96B85(QQAllInOne.dll+076B85)
OnCommand: notifycode=0000 id=6210,func=03E96AA3(QQAllInOne.dll+076AA3)
OnCommand: notifycode=0000 id=03fb,func=03E905A6(QQAllInOne.dll+0705A6)
OnCommand: notifycode=0000 id=03fc,func=03E97953(QQAllInOne.dll+077953)
OnCommand: notifycode=0000 id=03fd,func=03E979E8(QQAllInOne.dll+0779E8)
OnCommand: notifycode=0000 id=03fe,func=03E97A7E(QQAllInOne.dll+077A7E)
OnCommand: notifycode=0000 id=84dc,func=03E8E2B5->03E83359(QQAllInOne.dll+063359)
OnCommand: notifycode=0000 id=84dd,func=03E8F1E8->03E9C3F7(QQAllInOne.dll+07C3F7)
OnCommand: notifycode=0000 id=84de,func=03E92B8B(QQAllInOne.dll+072B8B)
OnCommand: notifycode=0000 id=84d5,func=03E8F1ED(QQAllInOne.dll+06F1ED)
OnCommand: notifycode=0000 id=84d6,func=03E8F1F5(QQAllInOne.dll+06F1F5)
OnCommand: notifycode=0000 id=84d7,func=03E8F1FD(QQAllInOne.dll+06F1FD)
OnCommand: notifycode=0000 id=84d8,func=03E8F205->03EC4554(QQAllInOne.dll+0A4554)
OnCommand: notifycode=0000 id=84e0,func=03E8F20A(QQAllInOne.dll+06F20A)
OnMsg:06A3,func=03E8F241(QQAllInOne.dll+06F241)
OnMsg:06A5,func=03E8F81B(QQAllInOne.dll+06F81B)
OnMsg:06CE,func=03E9CB8C(QQAllInOne.dll+07CB8C)
OnMsg:06A7,func=03E8FB77(QQAllInOne.dll+06FB77)
OnMsg:06A8,func=03E8FF02(QQAllInOne.dll+06FF02)
OnMsg:06C2,func=03E95C23(QQAllInOne.dll+075C23)
OnMsg:06C3,func=03E95C38(QQAllInOne.dll+075C38)
OnMsg:06C4,func=03E95C3D(QQAllInOne.dll+075C3D)
OnCommand: notifycode=0000 id=03a3,func=03E9013A(QQAllInOne.dll+07013A)
OnCommand: notifycode=0000 id=7d1e,func=03E90284(QQAllInOne.dll+070284)
OnCommand: notifycode=0000 id=7d1f,func=03E9035A(QQAllInOne.dll+07035A)
OnMsg:06B7,func=03E91755(QQAllInOne.dll+071755)
OnMsg:WM_KILLFOCUS(0008),func=03E913AF(QQAllInOne.dll+0713AF)
OnMsg:WM_SHOWWINDOW(0018),func=03E9C748(QQAllInOne.dll+07C748)
OnCommand: notifycode=0000 id=4e20 to 4ee7,func=03E9279F(QQAllInOne.dll+07279F)
OnCommand: notifycode=0000 id=4ee8 to 5013,func=03E927DC(QQAllInOne.dll+0727DC)
OnCommand: notifycode=0000 id=5014,func=03E9278F(QQAllInOne.dll+07278F)
OnCommand: notifycode=0000 id=33c1,func=03E92799->6087C25D(QQHelperDll.dll+01C25D)
OnCommand: notifycode=0000 id=33bf,func=03E9B36F(QQAllInOne.dll+07B36F)
OnMsg:06BA,func=03E927F2(QQAllInOne.dll+0727F2)
OnMsg:06BB,func=03E927FA(QQAllInOne.dll+0727FA)
OnMsg:0914,func=03E9287F(QQAllInOne.dll+07287F)
OnCommand: notifycode=0000 id=a7fb,func=03E92CC5(QQAllInOne.dll+072CC5)
OnMsg:091E,func=03E92CD5(QQAllInOne.dll+072CD5)
OnMsg:091F,func=03E92CF3(QQAllInOne.dll+072CF3)
OnMsg:0923,func=03E946DE(QQAllInOne.dll+0746DE)
OnMsg:WM_HOTKEY(0312),func=03E92E77(QQAllInOne.dll+072E77)
OnMsg:0921,func=03E92D11(QQAllInOne.dll+072D11)
OnMsg:08D4,func=03E92D35(QQAllInOne.dll+072D35)
OnMsg:093C,func=03E9829B(QQAllInOne.dll+07829B)
OnMsg:0948,func=03E996C0(QQAllInOne.dll+0796C0)
OnMsg:094A,func=03E22D27(QQAllInOne.dll+002D27)
OnMsg:0952,func=03E9BC7E(QQAllInOne.dll+07BC7E)
OnMsg:0920,func=03E92DA7(QQAllInOne.dll+072DA7)
OnMsg:06BE,func=03E95C38(QQAllInOne.dll+075C38)
OnMsg:06BD,func=03E92EBA(QQAllInOne.dll+072EBA)
OnMsg:0928,func=03E92FFC(QQAllInOne.dll+072FFC)
OnMsg:06BF,func=03E9314F(QQAllInOne.dll+07314F)
OnCommand: notifycode=0000 id=03f9,func=03E931D9(QQAllInOne.dll+0731D9)
UpdateCmdUI: id=03e8,func=03E93661(QQAllInOne.dll+073661)
OnNotify: notifycode=fd3a id=ebe8,func=03E93767(QQAllInOne.dll+073767)
OnMsg:06C0,func=03E94436(QQAllInOne.dll+074436)
OnCommand: notifycode=0000 id=620d,func=03E93ED4(QQAllInOne.dll+073ED4)
OnCommand: notifycode=0000 id=620c,func=03E93BB0(QQAllInOne.dll+073BB0)
OnMsg:05F5,func=03E94493(QQAllInOne.dll+074493)
OnCommand: notifycode=0000 id=620e,func=03E945C4(QQAllInOne.dll+0745C4)
OnMsg:0932,func=03E946C1(QQAllInOne.dll+0746C1)
OnMsg:0934,func=03E96D00(QQAllInOne.dll+076D00)
OnCommand: notifycode=0000 id=620f,func=03E94659(QQAllInOne.dll+074659)
OnNotify: notifycode=0002 id=e815,func=03E95078(QQAllInOne.dll+075078)
OnMsg:5609,func=03E951B5(QQAllInOne.dll+0751B5)
OnNotify: notifycode=0002 id=e817,func=03E9509A(QQAllInOne.dll+07509A)
OnMsg:06C5,func=03E9762B(QQAllInOne.dll+07762B)
OnMsg:06C6,func=03E97782(QQAllInOne.dll+077782)
OnMsg:0933,func=03E967EE(QQAllInOne.dll+0767EE)
OnCommand: notifycode=0000 id=03ff,func=03E98205(QQAllInOne.dll+078205)
OnCommand: notifycode=0000 id=0400,func=03E9BAE3(QQAllInOne.dll+07BAE3)
OnMsg:0946,func=03E983F2(QQAllInOne.dll+0783F2)
OnMsg:06C7,func=03E9886A(QQAllInOne.dll+07886A)
OnMsg:06C8,func=03E98909(QQAllInOne.dll+078909)
OnCommand: notifycode=0000 id=84e4,func=03E98E80(QQAllInOne.dll+078E80)
OnMsg:06CA,func=03E95C38(QQAllInOne.dll+075C38)
OnMsg:06C9,func=03E99793(QQAllInOne.dll+079793)
OnMsg:0466,func=03E99731(QQAllInOne.dll+079731)
OnMsg:094B,func=03E99D46(QQAllInOne.dll+079D46)
OnCommand: notifycode=0000 id=84ee,func=03E9AE5E(QQAllInOne.dll+07AE5E)
OnCommand: notifycode=0000 id=84ef,func=03E9AE66(QQAllInOne.dll+07AE66)
OnMsg:094C,func=03E997B7(QQAllInOne.dll+0797B7)
OnMsg:094E,func=03E9B497(QQAllInOne.dll+07B497)
OnMsg:094F,func=03E9B930(QQAllInOne.dll+07B930)
OnMsg:0951,func=03E9BC69(QQAllInOne.dll+07BC69)
OnMsg:8931,func=03E7BA65(QQAllInOne.dll+05BA65)
OnMsg:06CC,func=03E9C8B5(QQAllInOne.dll+07C8B5)
*/

/* 引用CAllInOneStatusBar::SetUin
.text:10058343                 lea     eax, [esi+2B54h]
.text:10058349                 push    0
.text:1005834B                 push    eax
.text:1005834C                 mov     byte ptr [ebp-4], 3
.text:10058350                 push    dword ptr [esi+2B68h]         //<------------this+2b68 = uin
.text:10058356                 call    ds:?GetUserLongNickName@@YAHKAAVCString@@H@Z ; GetUserLongNickName(ulong,CString &,int)
.text:1005835C                 add     esp, 0Ch
.text:1005835F                 lea     ecx, [esi+2228h]
.text:10058365                 push    dword ptr [esi+2B68h] ;  hehe //<------------this+2b68 = uin
.text:1005836B                 call    ds:?SetUin@CAllInOneStatusBar@@QAEXK@Z ; CAllInOneStatusBar::SetUin(ulong)
*/

/* 补齐后的CQQAllInOneDlg_vtbl,感谢mfcspy2
.rdata:100D26C0 CQQAllInOneDlg_vtbl dd offset CQQAllInOneDlg__GetRuntimeClass
.rdata:100D26C0                                         ; DATA XREF: sub_1005720A+2B4o
.rdata:100D26C0                                         ; sub_10057864+15o
.rdata:100D26C4                 dd offset CQQAllInOneDlg__destructor
.rdata:100D26C8                 dd offset CQQAllInOneDlg__Serialize_Dump
.rdata:100D26CC                 dd offset CQQAllInOneDlg__AssertValid
.rdata:100D26D0                 dd offset CQQAllInOneDlg__Serialize_Dump
.rdata:100D26D4                 dd offset ?OnCmdMsg@CDialog@@UAEHIHPAXPAUAFX_CMDHANDLERINFO@@@Z ; CDialog::OnCmdMsg(uint,int,void *,AFX_CMDHANDLERINFO *)
.rdata:100D26D8                 dd offset ?OnFinalRelease@CWnd@@UAEXXZ ; CWnd::OnFinalRelease(void)
.rdata:100D26DC                 dd offset ?IsInvokeAllowed@CCmdTarget@@UAEHJ@Z ; CCmdTarget::IsInvokeAllowed(long)
.rdata:100D26E0                 dd offset ?GetDispatchIID@CCmdTarget@@UAEHPAU_GUID@@@Z ; CCmdTarget::GetDispatchIID(_GUID *)
.rdata:100D26E4                 dd offset ?GetTypeInfoCount@CCmdTarget@@UAEIXZ ; CCmdTarget::GetTypeInfoCount(void)
.rdata:100D26E8                 dd offset ?GetTypeLibCache@CCmdTarget@@UAEPAVCTypeLibCache@@XZ ; CCmdTarget::GetTypeLibCache(void)
.rdata:100D26EC                 dd offset ?GetTypeLib@CCmdTarget@@UAEJKPAPAUITypeLib@@@Z ; CCmdTarget::GetTypeLib(ulong,ITypeLib * *)
.rdata:100D26F0                 dd offset CQQAllInOneDlg__GetMessageMap
.rdata:100D26F4                 dd offset ?GetCommandMap@CCmdTarget@@MBEPBUAFX_OLECMDMAP@@XZ ; CCmdTarget::GetCommandMap(void)
.rdata:100D26F8                 dd offset ?GetDispatchMap@CCmdTarget@@MBEPBUAFX_DISPMAP@@XZ ; CCmdTarget::GetDispatchMap(void)
.rdata:100D26FC                 dd offset ?GetConnectionMap@CCmdTarget@@MBEPBUAFX_CONNECTIONMAP@@XZ ; CCmdTarget::GetConnectionMap(void)
.rdata:100D2700                 dd offset CQQAllInOneDlg__GetInterfaceMap
.rdata:100D2704                 dd offset ?GetEventSinkMap@CCmdTarget@@MBEPBUAFX_EVENTSINKMAP@@XZ ; CCmdTarget::GetEventSinkMap(void)
.rdata:100D2708                 dd offset ?OnCreateAggregates@CCmdTarget@@UAEHXZ ; CCmdTarget::OnCreateAggregates(void)
.rdata:100D270C                 dd offset ?GetInterfaceHook@CCmdTarget@@UAEPAUIUnknown@@PBX@Z ; CCmdTarget::GetInterfaceHook(void const *)
.rdata:100D2710                 dd offset ?GetExtraConnectionPoints@CCmdTarget@@MAEHPAVCPtrArray@@@Z ; CCmdTarget::GetExtraConnectionPoints(CPtrArray *)
.rdata:100D2714                 dd offset ?GetConnectionHook@CCmdTarget@@MAEPAUIConnectionPoint@@ABU_GUID@@@Z ; CCmdTarget::GetConnectionHook(_GUID const &)
.rdata:100D2718                 dd offset ?PreSubclassWindow@CWnd@@UAEXXZ ; CWnd::PreSubclassWindow(void)
.rdata:100D271C                 dd offset ?Create@CWnd@@UAEHPBD0KABUtagRECT@@PAV1@IPAUCCreateContext@@@Z ; CWnd::Create(char const *,char const *,ulong,tagRECT const &,CWnd *,uint,CCreateContext *)
.rdata:100D2720                 dd offset ?DestroyWindow@CWnd@@UAEHXZ ; CWnd::DestroyWindow(void)
.rdata:100D2724                 dd offset ?PreCreateWindow@CWnd@@UAEHAAUtagCREATESTRUCTA@@@Z ; CWnd::PreCreateWindow(tagCREATESTRUCTA &)
.rdata:100D2728                 dd offset ?CalcWindowRect@CWnd@@UAEXPAUtagRECT@@I@Z ; CWnd::CalcWindowRect(tagRECT *,uint)
.rdata:100D272C                 dd offset ?OnToolHitTest@CWnd@@UBEHVCPoint@@PAUtagTOOLINFOA@@@Z ; CWnd::OnToolHitTest(CPoint,tagTOOLINFOA *)
.rdata:100D2730                 dd offset ?GetScrollBarCtrl@CWnd@@UBEPAVCScrollBar@@H@Z ; CWnd::GetScrollBarCtrl(int)
.rdata:100D2734                 dd offset ?WinHelpA@CWnd@@UAEXKI@Z ; CWnd::WinHelpA(ulong,uint)
.rdata:100D2738                 dd offset ?ContinueModal@CWnd@@UAEHXZ ; CWnd::ContinueModal(void)
.rdata:100D273C                 dd offset ?EndModalLoop@CWnd@@UAEXH@Z ; CWnd::EndModalLoop(int)
.rdata:100D2740                 dd offset ?OnCommand@CWnd@@MAEHIJ@Z ; CWnd::OnCommand(uint,long)
.rdata:100D2744                 dd offset ?OnNotify@CWnd@@MAEHIJPAJ@Z ; CWnd::OnNotify(uint,long,long *)
.rdata:100D2748                 dd offset ?GetSuperWndProcAddr@CWnd@@MAEPAP6GJPAUHWND__@@IIJ@ZXZ ; CWnd::GetSuperWndProcAddr(void)
.rdata:100D274C                 dd offset CQQAllInOneDlg__DoDataExchange
.rdata:100D2750                 dd offset CQQAllInOneDlg__BeginModalState
.rdata:100D2754                 dd offset CQQAllInOneDlg__EndModalState
.rdata:100D2758                 dd offset CQQAllInOneDlg__PreTranslateMessage
.rdata:100D275C                 dd offset ?OnAmbientProperty@CWnd@@UAEHPAVCOleControlSite@@JPAUtagVARIANT@@@Z ; CWnd::OnAmbientProperty(COleControlSite *,long,tagVARIANT *)
.rdata:100D2760                 dd offset ?WindowProc@CWnd@@MAEJIIJ@Z ; CWnd::WindowProc(uint,uint,long)
.rdata:100D2764                 dd offset ?OnWndMsg@CWnd@@MAEHIIJPAJ@Z ; CWnd::OnWndMsg(uint,uint,long,long *)
.rdata:100D2768                 dd offset ?DefWindowProcA@CWnd@@MAEJIIJ@Z ; CWnd::DefWindowProcA(uint,uint,long)
.rdata:100D276C                 dd offset CQQAllInOneDlg__PostNcDestroy
.rdata:100D2770                 dd offset ?OnChildNotify@CWnd@@MAEHIIJPAJ@Z ; CWnd::OnChildNotify(uint,uint,long,long *)
.rdata:100D2774                 dd offset ?CheckAutoCenter@CDialog@@UAEHXZ ; CDialog::CheckAutoCenter(void)
.rdata:100D2778                 dd offset ?IsFrameWnd@CWnd@@UBEHXZ ; CWnd::IsFrameWnd(void)
.rdata:100D277C                 dd offset ?SetOccDialogInfo@CDialog@@MAEHPAU_AFX_OCC_DIALOG_INFO@@@Z ; CDialog::SetOccDialogInfo(_AFX_OCC_DIALOG_INFO *)
.rdata:100D2780                 dd offset ?DoModal@CDialog@@UAEHXZ ; CDialog::DoModal(void)
.rdata:100D2784                 dd offset CQQAllInOneDlg__OnInitDialog
.rdata:100D2788                 dd offset ?OnSetFont@CDialog@@UAEXPAVCFont@@@Z ; CDialog::OnSetFont(CFont *)
.rdata:100D278C                 dd offset CQQAllInOneDlg__OnOK
.rdata:100D2790                 dd offset CQQAllInOneDlg__OnCancel
.rdata:100D2794                 dd offset ?PreInitDialog@CDialog@@MAEXXZ ; CDialog::PreInitDialog(void)
*/

/* 下断点，[vtbl+C4]OnInitDialog            =03E7B550(QQAllInOne.dll+05B550) ，检测[ecx+2b68]
0:012> u QQAllInOne+5b550
*** WARNING: Unable to verify checksum for C:/Program Files/Tencent/QQ/QQAllInOne.dll
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:/Program Files/Tencent/QQ/QQAllInOne.dll -
QQAllInOne!SetTransparentValue+0x5942:
03e7b550 b892b2ed03       mov     eax,0x3edb292
03e7b555 e886370500    call QQAllInOne!SetTransparentValue+0x590d2 (03ecece0)
03e7b55a 83ec18           sub     esp,0x18
03e7b55d 53               push    ebx
03e7b55e 8b1da861ee03 mov ebx,[QQAllInOne!SetTransparentValue+0x7059a (03ee61a8)]
03e7b564 56               push    esi
03e7b565 57               push    edi
03e7b566 8bf1             mov     esi,ecx
0:012> bp QQAllInOne+5b550
0:012> g
Breakpoint 1 hit
QQAllInOne!SetTransparentValue+0x5942:
03e7b550 b892b2ed03       mov     eax,0x3edb292
0:000> dd ecx+2b68
02cce9f0  00a1df00 00000000 00000000 baadf00d   //<------------------00a1df00,ok
02ccea00  00000000 00000001 00000001 00000000
02ccea10  00000000 00000000 00000000 baadf00d
02ccea20  baadf00d baadf00d baadf00d baadf00d
02ccea30  baadf00d baadf00d baadf00d baadf00d
02ccea40  baadf00d baadf00d baadf00d baadf00d
02ccea50  baadf00d baadf00d baadf00d baadf00d
02ccea60  baadf00d baadf00d baadf00d baadf00d
*/

/* CQQAllInOneDlg__OnInitDialog
.text:1005B550 CQQAllInOneDlg__OnInitDialog proc near  ; DATA XREF: .rdata:100D2784o
.text:1005B550                 mov     eax, offset loc_100BB292
.text:1005B555                 call    __EH_prolog
.text:1005B55A                 sub     esp, 18h
.text:1005B55D                 push    ebx
.text:1005B55E                 mov     ebx, ds:GetTickCount
.text:1005B564                 push    esi
.text:1005B565                 push    edi
.text:1005B566                 mov     esi, ecx        ; this
.text:1005B568                 call    ebx ; GetTickCount
.text:1005B56A                 mov     ecx, esi
.text:1005B56C                 call    ?OnInitDialog@CDialog@@UAEHXZ ; CDialog::OnInitDialog(void)
.text:1005B571                 call    ?AfxGetModuleState@@YGPAVAFX_MODULE_STATE@@XZ ; AfxGetModuleState(void)
.text:1005B576                 mov     eax, [eax+0Ch]
.text:1005B579                 push    8000h           ; UINT
.text:1005B57E                 push    10h             ; int
.text:1005B580                 push    10h             ; int
.text:1005B582                 push    1
.text:1005B584                 pop     edi
.text:1005B585                 push    edi             ; UINT
.text:1005B586                 push    161h            ; LPCSTR
.text:1005B58B                 push    eax             ; HINSTANCE
.text:1005B58C                 call    ds:LoadImageA
.text:1005B592                 mov     [ebp-14h], eax
.text:1005B595                 push    dword ptr [ebp-14h] ; lParam
.text:1005B598                 mov     eax, [esi+0A54h]
.text:1005B59E                 push    edi             ; wParam
.text:1005B59F                 push    80h             ; Msg
.text:1005B5A4                 push    dword ptr [eax+20h] ; hWnd
.text:1005B5A7                 call    ds:SendMessageA
.text:1005B5AD                 push    dword ptr [ebp-14h] ; lParam
.text:1005B5B0                 mov     eax, [esi+0A54h]
.text:1005B5B6                 push    0               ; wParam
.text:1005B5B8                 push    80h             ; Msg
.text:1005B5BD                 push    dword ptr [eax+20h] ; hWnd
.text:1005B5C0                 call    ds:SendMessageA
.text:1005B5C6                 push    0
.text:1005B5C8                 push    edi
.text:1005B5C9                 mov     ecx, esi
.text:1005B5CB                 call    ?GetDlgItem@CWnd@@QBEPAV1@H@Z ; CWnd::GetDlgItem(int)
.text:1005B5D0                 mov     ecx, eax
.text:1005B5D2                 call    ?ShowWindow@CWnd@@QAEHH@Z ; CWnd::ShowWindow(int)
.text:1005B5D7                 xor     eax, eax
.text:1005B5D9                 push    edi
.text:1005B5DA                 mov     ecx, esi
.text:1005B5DC                 mov     [ebp-24h], eax
.text:1005B5DF                 mov     [ebp-20h], eax
.text:1005B5E2                 mov     [ebp-1Ch], eax
.text:1005B5E5                 mov     [ebp-18h], eax
.text:1005B5E8                 call    ?GetDlgItem@CWnd@@QBEPAV1@H@Z ; CWnd::GetDlgItem(int)
.text:1005B5ED                 lea     ecx, [ebp-24h]
.text:1005B5F0                 push    ecx             ; lpRect
.text:1005B5F1                 push    dword ptr [eax+20h] ; hWnd
.text:1005B5F4                 call    ds:GetWindowRect
.text:1005B5FA                 lea     eax, [ebp-24h]
.text:1005B5FD                 mov     ecx, esi
.text:1005B5FF                 push    eax
.text:1005B600                 call    MFC42_6880
.text:1005B605                 push    esi
.text:1005B606                 lea     ecx, [esi+5B8h]
.text:1005B60C                 push    77Eh
.text:1005B611                 call    ?SubclassDlgItem@CWnd@@QAEHIPAV1@@Z ; CWnd::SubclassDlgItem(uint,CWnd *)
.text:1005B616                 mov     eax, [ebp-18h]
.text:1005B619                 push    edi
.text:1005B61A                 sub     eax, [ebp-20h]
.text:1005B61D                 lea     ecx, [esi+5B8h]
.text:1005B623                 push    eax
.text:1005B624                 mov     eax, [ebp-1Ch]
.text:1005B627                 sub     eax, [ebp-24h]
.text:1005B62A                 push    eax
.text:1005B62B                 push    dword ptr [ebp-20h]
.text:1005B62E                 push    dword ptr [ebp-24h]
.text:1005B631                 call    ?MoveWindow@CWnd@@QAEXHHHHH@Z ; CWnd::MoveWindow(int,int,int,int,int)
.text:1005B636                 push    esi
.text:1005B637                 mov     [esi+660h], edi
.text:1005B63D                 push    406h
.text:1005B642                 lea     ecx, [esi+6A4h]
.text:1005B648                 mov     [esi+67Ch], edi
.text:1005B64E                 call    ?SubclassDlgItem@CWnd@@QAEHIPAV1@@Z ; CWnd::SubclassDlgItem(uint,CWnd *)
.text:1005B653                 push    esi
.text:1005B654                 push    186h
.text:1005B659                 lea     ecx, [esi+790h]
.text:1005B65F                 mov     [esi+768h], edi
.text:1005B665                 call    ?SubclassDlgItem@CWnd@@QAEHIPAV1@@Z ; CWnd::SubclassDlgItem(uint,CWnd *)
.text:1005B66A                 mov     [esi+854h], edi
.text:1005B670                 push    esi
.text:1005B671                 push    405h
.text:1005B676                 lea     ecx, [esi+87Ch]
.text:1005B67C                 call    ?SubclassDlgItem@CWnd@@QAEHIPAV1@@Z ; CWnd::SubclassDlgItem(uint,CWnd *)
.text:1005B681                 push    esi
.text:1005B682                 lea     ecx, [esi+968h]
.text:1005B688                 push    3A3h
.text:1005B68D                 mov     [esi+940h], edi
.text:1005B693                 call    ?SubclassDlgItem@CWnd@@QAEHIPAV1@@Z ; CWnd::SubclassDlgItem(uint,CWnd *)
.text:1005B698                 push    edi
.text:1005B699                 lea     ecx, [esi+968h]
.text:1005B69F                 mov     [esi+0A2Ch], edi
.text:1005B6A5                 call    ?ShowWindow@CWnd@@QAEHH@Z ; CWnd::ShowWindow(int)
.text:1005B6AA                 xor     eax, eax
.text:1005B6AC                 cmp     [esi+2C04h], eax
.text:1005B6B2                 jnz     short loc_1005B6BD
.text:1005B6B4                 push    eax
.text:1005B6B5                 push    eax
.text:1005B6B6                 mov     ecx, esi
.text:1005B6B8                 call    sub_10068DD4
.text:1005B6BD
.text:1005B6BD loc_1005B6BD:                           ; CODE XREF: CQQAllInOneDlg__OnInitDialog+162j
.text:1005B6BD                 call    ebx ; GetTickCount
.text:1005B6BF                 push    2C00h
.text:1005B6C4                 call    ??2@YAPAXI@Z    ; operator new(uint)
.text:1005B6C9                 pop     ecx
.text:1005B6CA                 mov     [ebp-14h], eax
.text:1005B6CD                 and     dword ptr [ebp-4], 0
.text:1005B6D1                 test    eax, eax
.text:1005B6D3                 jz      short loc_1005B6DE
.text:1005B6D5                 mov     ecx, eax
.text:1005B6D7                 call    sub_1009DE6B
.text:1005B6DC                 jmp     short loc_1005B6E0
.text:1005B6DE ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
.text:1005B6DE
.text:1005B6DE loc_1005B6DE:                           ; CODE XREF: CQQAllInOneDlg__OnInitDialog+183j
.text:1005B6DE                 xor     eax, eax
.text:1005B6E0
.text:1005B6E0 loc_1005B6E0:                           ; CODE XREF: CQQAllInOneDlg__OnInitDialog+18Cj
.text:1005B6E0                 or      dword ptr [ebp-4], 0FFFFFFFFh
.text:1005B6E4                 push    esi
.text:1005B6E5                 mov     ecx, eax
.text:1005B6E7                 mov     [esi+1FACh], eax
.text:1005B6ED                 call    sub_1009EA23
.text:1005B6F2                 mov     ecx, esi
.text:1005B6F4                 call    sub_100706F7
.text:1005B6F9                 call    ebx ; GetTickCount
.text:1005B6FB                 mov     ecx, esi
.text:1005B6FD                 call    sub_1007A2F5
.text:1005B702                 push    64h
.text:1005B704                 call    ??2@YAPAXI@Z    ; operator new(uint)
.text:1005B709                 pop     ecx
.text:1005B70A                 mov     [ebp-14h], eax
.text:1005B70D                 test    eax, eax
.text:1005B70F                 mov     [ebp-4], edi
.text:1005B712                 jz      short loc_1005B71D
.text:1005B714                 mov     ecx, eax
.text:1005B716                 call    sub_1002E9DD
.text:1005B71B                 jmp     short loc_1005B71F
.text:1005B71D ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
.text:1005B71D
.text:1005B71D loc_1005B71D:                           ; CODE XREF: CQQAllInOneDlg__OnInitDialog+1C2j
.text:1005B71D                 xor     eax, eax
.text:1005B71F
.text:1005B71F loc_1005B71F:                           ; CODE XREF: CQQAllInOneDlg__OnInitDialog+1CBj
.text:1005B71F                 or      dword ptr [ebp-4], 0FFFFFFFFh
.text:1005B723                 mov     [esi+26D4h], eax
.text:1005B729                 push    4Ch
.text:1005B72B                 mov     [eax+5Ch], esi
.text:1005B72E                 call    ??2@YAPAXI@Z    ; operator new(uint)
.text:1005B733                 pop     ecx
.text:1005B734                 mov     [ebp-14h], eax
.text:1005B737                 test    eax, eax
.text:1005B739                 mov     dword ptr [ebp-4], 2
.text:1005B740                 jz      short loc_1005B74B
.text:1005B742                 mov     ecx, eax
.text:1005B744                 call    sub_1009A35E
.text:1005B749                 jmp     short loc_1005B74D
.text:1005B74B ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
.text:1005B74B
.text:1005B74B loc_1005B74B:                           ; CODE XREF: CQQAllInOneDlg__OnInitDialog+1F0j
.text:1005B74B                 xor     eax, eax
.text:1005B74D
.text:1005B74D loc_1005B74D:                           ; CODE XREF: CQQAllInOneDlg__OnInitDialog+1F9j
.text:1005B74D                 or      dword ptr [ebp-4], 0FFFFFFFFh
.text:1005B751                 mov     [esi+26D8h], eax
.text:1005B757                 push    18F0h
.text:1005B75C                 mov     [eax+40h], esi
.text:1005B75F                 call    ??2@YAPAXI@Z    ; operator new(uint)
.text:1005B764                 pop     ecx
.text:1005B765                 mov     [ebp-14h], eax
.text:1005B768                 test    eax, eax
.text:1005B76A                 mov     dword ptr [ebp-4], 3
.text:1005B771                 jz      short loc_1005B77C
.text:1005B773                 mov     ecx, eax
.text:1005B775                 call    sub_100041C5
.text:1005B77A                 jmp     short loc_1005B77E
.text:1005B77C ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
.text:1005B77C
.text:1005B77C loc_1005B77C:                           ; CODE XREF: CQQAllInOneDlg__OnInitDialog+221j
.text:1005B77C                 xor     eax, eax
.text:1005B77E
.text:1005B77E loc_1005B77E:                           ; CODE XREF: CQQAllInOneDlg__OnInitDialog+22Aj
.text:1005B77E                 or      dword ptr [ebp-4], 0FFFFFFFFh
.text:1005B782                 mov     [esi+271Ch], eax
.text:1005B788                 push    0
.text:1005B78A                 mov     [eax+48h], esi
.text:1005B78D                 push    dword ptr [esi+2B68h]  //<-------------[esi+2b68],uin
.text:1005B793                 push    dword ptr [esi+2CBCh]  //<-------------[esi+2cbc],IQQCore
.text:1005B799                 call    ds:?IsTMFriend@@YAHPAUIQQCore@@KPAH@Z ; IsTMFriend(IQQCore *,ulong,int *)
.text:1005B79F                 add     esp, 0Ch
.text:1005B7A2                 test    eax, eax
.text:1005B7A4                 jz      short loc_1005B7E3
.text:1005B7A6                 push    58h
.text:1005B7A8                 call    ??2@YAPAXI@Z    ; operator new(uint)
.text:1005B7AD                 pop     ecx
.text:1005B7AE                 mov     [ebp-14h], eax
.text:1005B7B1                 test    eax, eax
.text:1005B7B3                 mov     dword ptr [ebp-4], 4
.text:1005B7BA                 jz      short loc_1005B7C5
.text:1005B7BC                 mov     ecx, eax
.text:1005B7BE                 call    sub_1000D2F1
.text:1005B7C3                 jmp     short loc_1005B7C7
.text:1005B7C5 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
.text:1005B7C5
.text:1005B7C5 loc_1005B7C5:                           ; CODE XREF: CQQAllInOneDlg__OnInitDialog+26Aj
.text:1005B7C5                 xor     eax, eax
.text:1005B7C7
.text:1005B7C7 loc_1005B7C7:                           ; CODE XREF: CQQAllInOneDlg__OnInitDialog+273j
.text:1005B7C7                 or      dword ptr [ebp-4], 0FFFFFFFFh
.text:1005B7CB                 lea     ecx, [esi+26F8h]
.text:1005B7D1                 mov     [ecx], eax
.text:1005B7D3                 mov     [eax+3Ch], esi
.text:1005B7D6                 push    dword ptr [esi+2CBCh];//<----------IQQCore*
.text:1005B7DC                 mov     ecx, [ecx]   //vtbl
.text:1005B7DE                 call    ?SetModifiedFlag@CDocument@@UAEXH@Z ; CDocument::SetModifiedFlag(int)
.text:1005B7E3
.text:1005B7E3 loc_1005B7E3:                           ; CODE XREF: CQQAllInOneDlg__OnInitDialog+254j
.text:1005B7E3                 push    dword ptr [esi+271Ch]
.text:1005B7E9                 lea     ecx, [esi+2720h]
.text:1005B7EF                 call    sub_10013BAD
.text:1005B7F4                 xor     ecx, ecx
.text:1005B7F6                 mov     [esi+1034h], esi
.text:1005B7FC                 cmp     [esi+2C04h], ecx
.text:1005B802                 mov     edx, edi
.text:1005B804                 jz      short loc_1005B82C
.text:1005B806                 mov     eax, [esi+26D0h]
.text:1005B80C                 cmp     eax, ecx
.text:1005B80E                 jz      short loc_1005B82C
.text:1005B810                 movzx   eax, byte ptr [eax+124h]
.text:1005B817                 sub     eax, ecx
.text:1005B819                 jz      short loc_1005B829
.text:1005B81B                 dec     eax
.text:1005B81C                 jz      short loc_1005B825
.text:1005B81E                 dec     eax
.text:1005B81F                 jnz     short loc_1005B82C
.text:1005B821                 push    4
.text:1005B823                 jmp     short loc_1005B82B
.text:1005B825 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
.text:1005B825
.text:1005B825 loc_1005B825:                           ; CODE XREF: CQQAllInOneDlg__OnInitDialog+2CCj
.text:1005B825                 push    3
.text:1005B827                 jmp     short loc_1005B82B
.text:1005B829 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
.text:1005B829
.text:1005B829 loc_1005B829:                           ; CODE XREF: CQQAllInOneDlg__OnInitDialog+2C9j
.text:1005B829                 push    2
.text:1005B82B
.text:1005B82B loc_1005B82B:                           ; CODE XREF: CQQAllInOneDlg__OnInitDialog+2D3j
.text:1005B82B                                         ; CQQAllInOneDlg__OnInitDialog+2D7j
.text:1005B82B                 pop     edx
.text:1005B82C
.text:1005B82C loc_1005B82C:                           ; CODE XREF: CQQAllInOneDlg__OnInitDialog+2B4j
.text:1005B82C                                         ; CQQAllInOneDlg__OnInitDialog+2BEj ...
.text:1005B82C                 cmp     [esi+0B1Ch], ecx
.text:1005B832                 jz      short loc_1005B86C
.text:1005B834                 push    8
.text:1005B836                 push    esi
.text:1005B837                 lea     ecx, [esi+3F0h]
.text:1005B83D                 call    sub_10009E97
.text:1005B842                 call    ?AfxGetModuleState@@YGPAVAFX_MODULE_STATE@@XZ ; AfxGetModuleState(void)
.text:1005B847                 mov     eax, 876h
.text:1005B84C                 push    eax             ; lpIconName
.text:1005B84D                 push    0Eh
.text:1005B84F                 push    eax
.text:1005B850                 call    ?AfxFindResourceHandle@@YGPAUHINSTANCE__@@PBD0@Z ; AfxFindResourceHandle(char const *,char const *)
.text:1005B855                 push    eax             ; hInstance
.text:1005B856                 call    ds:LoadIconA
.text:1005B85C                 push    edi
.text:1005B85D                 push    eax
.text:1005B85E                 lea     ecx, [esi+2228h]
.text:1005B864                 call    ds:?SetHeadIcon@CAllInOneStatusBar@@QAEXPAUHICON__@@H@Z ; CAllInOneStatusBar::SetHeadIcon(HICON__ *,int)
.text:1005B86A                 jmp     short loc_1005B879
.text:1005B86C ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
.text:1005B86C
.text:1005B86C loc_1005B86C:                           ; CODE XREF: CQQAllInOneDlg__OnInitDialog+2E2j
.text:1005B86C                 push    edx
.text:1005B86D                 push    esi
.text:1005B86E                 lea     ecx, [esi+3F0h]
.text:1005B874                 call    sub_10009E97
.text:1005B879
.text:1005B879 loc_1005B879:                           ; CODE XREF: CQQAllInOneDlg__OnInitDialog+31Aj
.text:1005B879                 call    ebx ; GetTickCount
.text:1005B87B                 push    esi
.text:1005B87C                 lea     ecx, [esi+0B28h]
.text:1005B882                 push    edi
.text:1005B883                 call    ds:?EnableAccel@CQQRichEditEx@@QAEXHPAVCWnd@@@Z ; CQQRichEditEx::EnableAccel(int,CWnd *)
.text:1005B889                 mov     ecx, esi
.text:1005B88B                 call    sub_1005DDFD
.text:1005B890                 call    ebx ; GetTickCount
.text:1005B892                 mov     ecx, esi
.text:1005B894                 call    sub_1005C1EB
.text:1005B899                 call    ebx ; GetTickCount
.text:1005B89B                 mov     ecx, esi
.text:1005B89D                 call    sub_1005BC64
.text:1005B8A2                 call    ebx ; GetTickCount
.text:1005B8A4                 lea     ecx, [esi+1058h]
.text:1005B8AA                 call    ds:?InitOle@CMsgEditBase@@QAEHXZ ; CMsgEditBase::InitOle(void)
.text:1005B8B0                 lea     ecx, [esi+0B28h]
.text:1005B8B6                 call    ds:?InitOle@CQQRichEditEx@@QAEHXZ ; CQQRichEditEx::InitOle(void)
.text:1005B8BC                 lea     ecx, [esi+0B28h]
.text:1005B8C2                 call    ?SetFocus@CWnd@@QAEPAV1@XZ ; CWnd::SetFocus(void)
.text:1005B8C7                 push    0
.text:1005B8C9                 mov     ecx, esi
.text:1005B8CB                 mov     [esi+2B6Ch], edi
.text:1005B8D1                 call    ?CenterWindow@CWnd@@QAEXPAV1@@Z ; CWnd::CenterWindow(CWnd *)
.text:1005B8D6                 mov     ecx, esi
.text:1005B8D8                 call    sub_1005AF43
.text:1005B8DD                 call    ebx ; GetTickCount
.text:1005B8DF                 mov     eax, [esi+2CC0h]
.text:1005B8E5                 push    2Ch
.text:1005B8E7                 mov     [esi+0E4Ch], eax
.text:1005B8ED                 call    ??2@YAPAXI@Z    ; operator new(uint)
.text:1005B8F2                 pop     ecx
.text:1005B8F3                 mov     [ebp-14h], eax
.text:1005B8F6                 test    eax, eax
.text:1005B8F8                 mov     dword ptr [ebp-4], 5
.text:1005B8FF                 jz      short loc_1005B90A
.text:1005B901                 mov     ecx, eax
.text:1005B903                 call    sub_1000F3F7
.text:1005B908                 jmp     short loc_1005B90C
.text:1005B90A ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
.text:1005B90A
.text:1005B90A loc_1005B90A:                           ; CODE XREF: CQQAllInOneDlg__OnInitDialog+3AFj
.text:1005B90A                 xor     eax, eax
.text:1005B90C
.text:1005B90C loc_1005B90C:                           ; CODE XREF: CQQAllInOneDlg__OnInitDialog+3B8j
.text:1005B90C                 or      dword ptr [ebp-4], 0FFFFFFFFh
.text:1005B910                 lea     edi, [esi+2BF0h]
.text:1005B916                 push    0               ; lpTimerFunc
.text:1005B918                 push    7D0h            ; uElapse
.text:1005B91D                 mov     [edi], eax
.text:1005B91F                 push    4               ; nIDEvent
.text:1005B921                 mov     [eax+24h], esi
.text:1005B924                 push    dword ptr [esi+20h] ; hWnd
.text:1005B927                 call    ds:SetTimer
.text:1005B92D                 mov     ecx, [edi]
.text:1005B92F                 call    sub_1000F5EF
.text:1005B934                 lea     edi, [esi+1FF8h]
.text:1005B93A                 push    esi
.text:1005B93B                 mov     ecx, edi
.text:1005B93D                 call    ds:?Create@CQQToolTip@@QAEHPAVCWnd@@@Z ; CQQToolTip::Create(CWnd *)
.text:1005B943                 push    10h
.text:1005B945                 push    10h
.text:1005B947                 push    560h
.text:1005B94C                 mov     ecx, edi
.text:1005B94E                 call    ds:?SetIcon@CQQToolTip@@QAEHIHH@Z ; CQQToolTip::SetIcon(uint,int,int)
.text:1005B954                 push    0C6C3C6h
.text:1005B959                 mov     ecx, edi
.text:1005B95B                 call    ds:?SetFrameColor@CQQToolTip@@QAEXK@Z ; CQQToolTip::SetFrameColor(ulong)
.text:1005B961                 mov     edi, 0EFFBFFh
.text:1005B966                 lea     ecx, [esi+1FF8h]
.text:1005B96C                 push    edi
.text:1005B96D                 call    ds:?SetInnerFrameColor@CQQToolTip@@QAEXK@Z ; CQQToolTip::SetInnerFrameColor(ulong)
.text:1005B973                 push    edi
.text:1005B974                 lea     ecx, [esi+1FF8h]
.text:1005B97A                 call    ds:?SetBkColor@CQQToolTip@@QAEXK@Z ; CQQToolTip::SetBkColor(ulong)
.text:1005B980                 call    ebx ; GetTickCount
.text:1005B982                 lea     ecx, [esi+2CE4h]
.text:1005B988                 push    esi
.text:1005B989                 call    ds:?Create@CQQToolTip@@QAEHPAVCWnd@@@Z ; CQQToolTip::Create(CWnd *)
.text:1005B98F                 push    0C6C3C6h
.text:1005B994                 lea     ecx, [esi+2CE4h]
.text:1005B99A                 call    ds:?SetFrameColor@CQQToolTip@@QAEXK@Z ; CQQToolTip::SetFrameColor(ulong)
.text:1005B9A0                 push    edi
.text:1005B9A1                 lea     ecx, [esi+2CE4h]
.text:1005B9A7                 call    ds:?SetInnerFrameColor@CQQToolTip@@QAEXK@Z ; CQQToolTip::SetInnerFrameColor(ulong)
.text:1005B9AD                 push    edi
.text:1005B9AE                 lea     edi, [esi+2CE4h]
.text:1005B9B4                 mov     ecx, edi
.text:1005B9B6                 call    ds:?SetBkColor@CQQToolTip@@QAEXK@Z ; CQQToolTip::SetBkColor(ulong)
.text:1005B9BC                 push    10h
.text:1005B9BE                 push    10h
.text:1005B9C0                 push    560h
.text:1005B9C5                 mov     ecx, edi
.text:1005B9C7                 call    ds:?SetIcon@CQQToolTip@@QAEHIHH@Z ; CQQToolTip::SetIcon(uint,int,int)
.text:1005B9CD                 and     dword ptr [ebp-10h], 0
.text:1005B9D1                 mov     eax, [esi+2CBCh]
.text:1005B9D7                 mov     dword ptr [ebp-4], 6
.text:1005B9DE                 test    eax, eax
.text:1005B9E0                 jz      short loc_1005BA1B
.text:1005B9E2                 mov     ecx, [eax]
.text:1005B9E4                 lea     edx, [ebp-10h]
.text:1005B9E7                 push    edx
.text:1005B9E8                 push    offset unk_100CF478
.text:1005B9ED                 push    eax
.text:1005B9EE                 call    dword ptr [ecx+1Ch]
.text:1005B9F1                 test    eax, eax
.text:1005B9F3                 jnz     short loc_1005BA1B
.text:1005B9F5                 mov     eax, [ebp-10h]
.text:1005B9F8                 mov     ecx, [esi+1F74h]
.text:1005B9FE                 push    offset unk_100CF468
.text:1005BA03                 mov     [ebp-14h], eax
.text:1005BA06                 mov     edi, [eax]
.text:1005BA08                 call    ?GetInterface@CCmdTarget@@QAEPAUIUnknown@@PBX@Z ; CCmdTarget::GetInterface(void const *)
.text:1005BA0D                 push    eax
.text:1005BA0E                 push    dword ptr [ebp-14h]
.text:1005BA11                 call    dword ptr [edi+3Ch]
.text:1005BA14                 mov     ecx, esi
.text:1005BA16                 call    sub_10070774
.text:1005BA1B
.text:1005BA1B loc_1005BA1B:                           ; CODE XREF: CQQAllInOneDlg__OnInitDialog+490j
.text:1005BA1B                                         ; CQQAllInOneDlg__OnInitDialog+4A3j
.text:1005BA1B                 mov     ecx, esi
.text:1005BA1D                 call    sub_10075A31
.text:1005BA22                 call    ebx ; GetTickCount
.text:1005BA24                 xor     edi, edi
.text:1005BA26                 mov     ecx, esi
.text:1005BA28                 mov     [esi+2E28h], edi
.text:1005BA2E                 call    sub_1005C08F
.text:1005BA33                 push    edi             ; lParam
.text:1005BA34                 push    edi             ; wParam
.text:1005BA35                 push    8931h           ; Msg
.text:1005BA3A                 push    dword ptr [esi+20h] ; hWnd
.text:1005BA3D                 call    ds:PostMessageA
.text:1005BA43                 mov     eax, [ebp-10h]
.text:1005BA46                 or      dword ptr [ebp-4], 0FFFFFFFFh
.text:1005BA4A                 cmp     eax, edi
.text:1005BA4C                 pop     edi
.text:1005BA4D                 pop     esi
.text:1005BA4E                 pop     ebx
.text:1005BA4F                 jz      short loc_1005BA57
.text:1005BA51                 mov     ecx, [eax]
.text:1005BA53                 push    eax
.text:1005BA54                 call    dword ptr [ecx+8]
.text:1005BA57
.text:1005BA57 loc_1005BA57:                           ; CODE XREF: CQQAllInOneDlg__OnInitDialog+4FFj
.text:1005BA57                 mov     ecx, [ebp-0Ch]
.text:1005BA5A                 xor     eax, eax
.text:1005BA5C                 mov     large fs:0, ecx
.text:1005BA63                 leave
.text:1005BA64                 retn
.text:1005BA64 CQQAllInOneDlg__OnInitDialog endp ; sp =  4
*/

/*CQQAllInOneDlg__constructor
.text:1005720A CQQAllInOneDlg__constructor proc near   ; CODE XREF: new_CQQAllInOneDlg+25p
.text:1005720A                 mov     eax, offset unknown_libname_161 ; MFC 3.1/4.0/4.2/7.1 32bit
.text:1005720F                 call    __EH_prolog
.text:10057214                 sub     esp, 14h
.text:10057217                 push    ebx
.text:10057218                 push    esi
.text:10057219                 push    edi
.text:1005721A                 mov     ebx, ecx        ; ebx = this
.text:1005721C                 push    dword ptr [ebp+8] ; ebp+8=CWnd*,arg_8
.text:1005721F                 mov     [ebp-10h], ebx
.text:10057222                 push    1B67h
.text:10057227                 call    ??0CDialog@@QAE@IPAVCWnd@@@Z ; CDialog::CDialog(uint,CWnd *)
.text:1005722C                 lea     edi, [ebx+60h]
.text:1005722F                 push    10h             ; size_t
.text:10057231                 xor     esi, esi
.text:10057233                 push    23h             ; int
.text:10057235                 push    edi             ; void *
.text:10057236                 mov     [ebp-4], esi
.text:10057239                 call    memset
.text:1005723E                 add     esp, 0Ch
.text:10057241                 mov     dword ptr [edi+10h], 60h
.text:10057248                 lea     ecx, [ebx+74h]
.text:1005724B                 mov     byte ptr [ebp-4], 1
.text:1005724F                 call    ??0CString@@QAE@XZ ; CString::CString(void)
.text:10057254                 lea     ecx, [ebx+7Ch]
.text:10057257                 mov     byte ptr [ebp-4], 2
.text:1005725B                 call    sub_100ABF80
.text:10057260                 lea     ecx, [ebx+3F0h]
.text:10057266                 mov     byte ptr [ebp-4], 3
.text:1005726A                 call    sub_10009D69
.text:1005726F                 mov     edi, ds:??0CSkinButtonEx@@QAE@XZ ; CSkinButtonEx::CSkinButtonEx(void)
.text:10057275                 lea     ecx, [ebx+5B8h]
.text:1005727B                 mov     byte ptr [ebp-4], 4
.text:1005727F                 call    edi ; CSkinButtonEx::CSkinButtonEx(void) ; CSkinButtonEx::CSkinButtonEx(void)
.text:10057281                 lea     ecx, [ebx+6A4h]
.text:10057287                 mov     byte ptr [ebp-4], 5
.text:1005728B                 call    edi ; CSkinButtonEx::CSkinButtonEx(void) ; CSkinButtonEx::CSkinButtonEx(void)
.text:1005728D                 lea     ecx, [ebx+790h]
.text:10057293                 mov     byte ptr [ebp-4], 6
.text:10057297                 call    edi ; CSkinButtonEx::CSkinButtonEx(void) ; CSkinButtonEx::CSkinButtonEx(void)
.text:10057299                 lea     ecx, [ebx+87Ch]
.text:1005729F                 mov     byte ptr [ebp-4], 7
.text:100572A3                 call    edi ; CSkinButtonEx::CSkinButtonEx(void) ; CSkinButtonEx::CSkinButtonEx(void)
.text:100572A5                 lea     ecx, [ebx+968h]
.text:100572AB                 mov     byte ptr [ebp-4], 8
.text:100572AF                 call    edi ; CSkinButtonEx::CSkinButtonEx(void) ; CSkinButtonEx::CSkinButtonEx(void)
.text:100572B1                 mov     byte ptr [ebp-4], 9
.text:100572B5                 lea     ecx, [ebx+0A60h]
.text:100572BB                 mov     dword ptr [ebx+0A5Ch], offset off_100D2798
.text:100572C5                 call    sub_1000916C
.text:100572CA                 lea     ecx, [ebx+0B28h]
.text:100572D0                 mov     byte ptr [ebp-4], 0Ah
.text:100572D4                 call    ds:??0CQQRichEditEx@@QAE@XZ ; CQQRichEditEx::CQQRichEditEx(void)
.text:100572DA                 lea     ecx, [ebx+0E60h]
.text:100572E0                 mov     byte ptr [ebp-4], 0Bh
.text:100572E4                 call    sub_100807EE
.text:100572E9                 lea     ecx, [ebx+1004h]
.text:100572EF                 mov     byte ptr [ebp-4], 0Ch
.text:100572F3                 call    sub_1008D4F4
.text:100572F8                 lea     ecx, [ebx+1058h]
.text:100572FE                 mov     byte ptr [ebp-4], 0Dh
.text:10057302                 call    ds:??0CMsgDlgRichEdit@@QAE@XZ ; CMsgDlgRichEdit::CMsgDlgRichEdit(void)
.text:10057308                 lea     ecx, [ebx+13C4h]
.text:1005730E                 mov     byte ptr [ebp-4], 0Eh
.text:10057312                 call    ds:??0CYSplitterBar@@QAE@XZ ; CYSplitterBar::CYSplitterBar(void)
.text:10057318                 push    esi
.text:10057319                 lea     ecx, [ebx+1430h]
.text:1005731F                 mov     byte ptr [ebp-4], 0Fh
.text:10057323                 call    ds:??0CMsgListDlg@@QAE@PAVCWnd@@@Z ; CMsgListDlg::CMsgListDlg(CWnd *)
.text:10057329                 lea     ecx, [ebx+1F78h]
.text:1005732F                 mov     byte ptr [ebp-4], 10h
.text:10057333                 call    ??0CStringArray@@QAE@XZ ; CStringArray::CStringArray(void)
.text:10057338                 lea     ecx, [ebx+1F98h]
.text:1005733E                 mov     byte ptr [ebp-4], 11h
.text:10057342                 call    ??0CStringArray@@QAE@XZ ; CStringArray::CStringArray(void)
.text:10057347                 lea     ecx, [ebx+1FC0h]
.text:1005734D                 mov     byte ptr [ebp-4], 12h
.text:10057351                 call    sub_1007D16C
.text:10057356                 lea     ecx, [ebx+1FD8h]
.text:1005735C                 mov     byte ptr [ebp-4], 13h
.text:10057360                 call    sub_1007D253
.text:10057365                 mov     edi, ds:??0CQQToolTip@@QAE@XZ ; CQQToolTip::CQQToolTip(void)
.text:1005736B                 lea     ecx, [ebx+1FF8h]
.text:10057371                 mov     byte ptr [ebp-4], 14h
.text:10057375                 call    edi ; CQQToolTip::CQQToolTip(void) ; CQQToolTip::CQQToolTip(void)
.text:10057377                 lea     ecx, [ebx+2094h]
.text:1005737D                 mov     byte ptr [ebp-4], 15h
.text:10057381                 call    sub_100089AD
.text:10057386                 lea     ecx, [ebx+2158h]
.text:1005738C                 mov     byte ptr [ebp-4], 16h
.text:10057390                 call    ds:??0CAllInOneStaticTipWnd@@QAE@XZ ; CAllInOneStaticTipWnd::CAllInOneStaticTipWnd(void)
.text:10057396                 lea     ecx, [ebx+2228h]
.text:1005739C                 mov     byte ptr [ebp-4], 17h
.text:100573A0                 call    ds:??0CAllInOneStatusBar@@QAE@XZ ; CAllInOneStatusBar::CAllInOneStatusBar(void)
.text:100573A6                 lea     ecx, [ebx+258Ch]
.text:100573AC                 mov     byte ptr [ebp-4], 18h
.text:100573B0                 call    sub_1008675F
.text:100573B5                 lea     ecx, [ebx+2690h]
.text:100573BB                 mov     byte ptr [ebp-4], 19h
.text:100573BF                 call    sub_1000FBB4
.text:100573C4                 push    esi
.text:100573C5                 lea     ecx, [ebx+2720h]
.text:100573CB                 mov     byte ptr [ebp-4], 1Ah
.text:100573CF                 call    sub_1001370F
.text:100573D4                 lea     ecx, [ebx+2B54h]
.text:100573DA                 mov     byte ptr [ebp-4], 1Bh
.text:100573DE                 call    ??0CString@@QAE@XZ ; CString::CString(void)
.text:100573E3                 lea     ecx, [ebx+2CC4h]
.text:100573E9                 mov     byte ptr [ebp-4], 1Ch
.text:100573ED                 call    ??0CString@@QAE@XZ ; CString::CString(void)
.text:100573F2                 lea     ecx, [ebx+2CCCh]
.text:100573F8                 mov     byte ptr [ebp-4], 1Dh
.text:100573FC                 call    ??0CStringArray@@QAE@XZ ; CStringArray::CStringArray(void)
.text:10057401                 lea     ecx, [ebx+2CE4h]
.text:10057407                 mov     byte ptr [ebp-4], 1Eh
.text:1005740B                 call    edi ; CQQToolTip::CQQToolTip(void) ; CQQToolTip::CQQToolTip(void)
.text:1005740D                 lea     ecx, [ebx+2D90h]
.text:10057413                 mov     byte ptr [ebp-4], 1Fh
.text:10057417                 call    ??0CString@@QAE@XZ ; CString::CString(void)
.text:1005741C                 mov     byte ptr [ebp-4], 20h
.text:10057420                 mov     [ebx+2DA0h], esi
.text:10057426                 lea     ecx, [ebx+2DA4h]
.text:1005742C                 mov     byte ptr [ebp-4], 21h
.text:10057430                 call    ds:??0CTabRelating@@QAE@XZ ; CTabRelating::CTabRelating(void)
.text:10057436                 lea     ecx, [ebx+2DB8h]
.text:1005743C                 mov     byte ptr [ebp-4], 22h
.text:10057440                 call    ??0CString@@QAE@XZ ; CString::CString(void)
.text:10057445                 lea     ecx, [ebx+2DBCh]
.text:1005744B                 mov     byte ptr [ebp-4], 23h
.text:1005744F                 call    ??0CString@@QAE@XZ ; CString::CString(void)
.text:10057454                 lea     ecx, [ebx+2DC0h]
.text:1005745A                 mov     byte ptr [ebp-4], 24h
.text:1005745E                 call    ??0CString@@QAE@XZ ; CString::CString(void)
.text:10057463                 lea     ecx, [ebx+2DC4h]
.text:10057469                 mov     byte ptr [ebp-4], 25h
.text:1005746D                 call    ??0CStringArray@@QAE@XZ ; CStringArray::CStringArray(void)
.text:10057472                 lea     ecx, [ebx+2E08h]
.text:10057478                 mov     byte ptr [ebp-4], 26h
.text:1005747C                 call    sub_1007D33A
.text:10057481                 lea     edi, [ebx+2E24h]
.text:10057487                 mov     byte ptr [ebp-4], 27h
.text:1005748B                 mov     [edi], esi
.text:1005748D                 lea     ecx, [ebx+2E30h]
.text:10057493                 mov     byte ptr [ebp-4], 28h
.text:10057497                 call    ??0CDWordArray@@QAE@XZ ; CDWordArray::CDWordArray(void)
.text:1005749C                 lea     ecx, [ebx+2E44h]
.text:100574A2                 mov     byte ptr [ebp-4], 29h
.text:100574A6                 call    ??0CDWordArray@@QAE@XZ ; CDWordArray::CDWordArray(void)
.text:100574AB                 lea     ecx, [ebx+2E58h]
.text:100574B1                 mov     byte ptr [ebp-4], 2Ah
.text:100574B5                 call    ??0CDWordArray@@QAE@XZ ; CDWordArray::CDWordArray(void)
.text:100574BA                 mov     byte ptr [ebp-4], 2Bh
.text:100574BE                 mov     dword ptr [ebx], offset CQQAllInOneDlg_vtbl
.text:100574C4                 push    esi
.text:100574C5                 mov     ecx, edi
.text:100574C7                 mov     [ebx+2E28h], esi
.text:100574CD                 call    sub_100A4F53
.text:100574D2                 mov     [ebx+2B8Ch], esi
.text:100574D8                 call    sub_10055A36
.text:100574DD                 mov     [ebx+26FCh], esi
.text:100574E3                 mov     [ebx+0A58h], esi
.text:100574E9                 mov     [ebx+0A54h], esi
.text:100574EF                 push    1
.text:100574F1                 mov     [ebx+2BF4h], esi
.text:100574F7                 mov     [ebx+2B3Ch], esi
.text:100574FD                 pop     edx
.text:100574FE                 mov     [ebx+2B40h], esi
.text:10057504                 mov     [ebx+26F8h], esi
.text:1005750A                 push    8
.text:1005750C                 mov     [ebx+2B58h], esi
.text:10057512                 mov     [ebx+2CC8h], edx
.text:10057518                 lea     edi, [ebx+2B1Ch]
.text:1005751E                 pop     ecx
.text:1005751F                 mov     eax, 20202020h
.text:10057524                 mov     [ebx+2B18h], esi
.text:1005752A                 rep stosd
.text:1005752C                 mov     dword ptr [ebx+2B5Ch], 0Ah
.text:10057536                 mov     [ebx+2B60h], esi
.text:1005753C                 mov     [ebx+2B6Ch], esi
.text:10057542                 mov     [ebx+2B78h], esi
.text:10057548                 mov     [ebx+26E8h], esi
.text:1005754E                 mov     [ebx+26ECh], esi
.text:10057554                 mov     [ebx+2710h], esi
.text:1005755A                 mov     [ebx+26F0h], esi
.text:10057560                 mov     [ebx+26E4h], esi
.text:10057566                 mov     [ebx+26F4h], esi
.text:1005756C                 mov     [ebx+270Ch], esi
.text:10057572                 mov     [ebx+2B7Ch], edx
.text:10057578                 mov     [ebx+2B80h], edx
.text:1005757E                 mov     [ebx+2CC0h], esi
.text:10057584                 mov     [ebx+2B90h], esi
.text:1005758A                 mov     [ebx+1F94h], edx
.text:10057590                 mov     [ebx+2BFCh], esi
.text:10057596                 mov     [ebx+2CE0h], edx
.text:1005759C                 mov     [ebx+2CBCh], esi
.text:100575A2                 mov     [ebx+1FACh], esi
.text:100575A8                 mov     [ebx+26D0h], esi
.text:100575AE                 mov     [ebx+26D4h], esi
.text:100575B4                 mov     [ebx+26D8h], esi
.text:100575BA                 mov     [ebx+0B24h], esi
.text:100575C0                 mov     [ebx+2714h], esi
.text:100575C6                 mov     [ebx+2718h], esi
.text:100575CC                 mov     [ebx+271Ch], esi
.text:100575D2                 mov     dword ptr [ebx+2BECh], 8D8D8Dh
.text:100575DC                 mov     eax, 3E8h
.text:100575E1                 mov     [ebx+2B68h], esi
.text:100575E7                 push    offset sub_1005E6A5
.text:100575EC                 mov     [ebx+1FBCh], eax
.text:100575F2                 push    ebx
.text:100575F3                 mov     ecx, offset unk_10102888
.text:100575F8                 mov     [ebx+1FD4h], eax
.text:100575FE                 call    sub_1007D42D
.text:10057603                 call    ?AfxInitRichEdit@@YGHXZ ; AfxInitRichEdit(void)
.text:10057608                 push    3Ch
.text:1005760A                 call    ??2@YAPAXI@Z    ; operator new(uint)
.text:1005760F                 pop     ecx
.text:10057610                 mov     [ebp+8], eax
.text:10057613                 cmp     eax, esi
.text:10057615                 mov     byte ptr [ebp-4], 2Ch
.text:10057619                 jz      short loc_10057624
.text:1005761B                 mov     ecx, eax
.text:1005761D                 call    sub_100501AD
.text:10057622                 jmp     short loc_10057626
.text:10057624 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
.text:10057624
.text:10057624 loc_10057624:                           ; CODE XREF: CQQAllInOneDlg__constructor+40Fj
.text:10057624                 xor     eax, eax
.text:10057626
.text:10057626 loc_10057626:                           ; CODE XREF: CQQAllInOneDlg__constructor+418j
.text:10057626                 mov     byte ptr [ebp-4], 2Bh
.text:1005762A                 mov     [ebx+2B64h], eax
.text:10057630                 mov     [eax+38h], ebx
.text:10057633                 mov     [ebx+2700h], esi
.text:10057639                 mov     [ebx+2BF0h], esi
.text:1005763F                 mov     [ebx+142Ch], esi
.text:10057645                 mov     [ebx+2C00h], esi
.text:1005764B                 mov     [ebx+2B84h], esi
.text:10057651                 mov     [ebx+26DCh], esi
.text:10057657                 mov     dword ptr [ebx+2CB4h], 0FF0000h
.text:10057661                 mov     dword ptr [ebx+2CB8h], 408000h
.text:1005766B                 push    1
.text:1005766D                 mov     dword ptr [ebx+1428h], 2
.text:10057677                 mov     [ebx+2B88h], esi
.text:1005767D                 pop     edi
.text:1005767E                 mov     [ebx+0B14h], esi
.text:10057684                 mov     [ebx+78h], edi
.text:10057687                 mov     [ebx+1FB0h], esi
.text:1005768D                 mov     [ebx+1FB4h], esi
.text:10057693                 push    40h
.text:10057695                 mov     [ebx+2BF8h], esi
.text:1005769B                 call    ??2@YAPAXI@Z    ; operator new(uint)
.text:100576A0                 pop     ecx
.text:100576A1                 mov     [ebp+8], eax
.text:100576A4                 cmp     eax, esi
.text:100576A6                 mov     byte ptr [ebp-4], 2Dh
.text:100576AA                 jz      short loc_100576B5
.text:100576AC                 mov     ecx, eax
.text:100576AE                 call    sub_10012B03
.text:100576B3                 jmp     short loc_100576B7
.text:100576B5 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
.text:100576B5
.text:100576B5 loc_100576B5:                           ; CODE XREF: CQQAllInOneDlg__constructor+4A0j
.text:100576B5                 xor     eax, eax
.text:100576B7
.text:100576B7 loc_100576B7:                           ; CODE XREF: CQQAllInOneDlg__constructor+4A9j
.text:100576B7                 push    offset sub_10070774
.text:100576BC                 mov     byte ptr [ebp-4], 2Bh
.text:100576C0                 push    ebx
.text:100576C1                 mov     ecx, eax
.text:100576C3                 mov     [ebx+1F74h], eax
.text:100576C9                 call    sub_1007D4B6
.text:100576CE                 mov     word ptr [ebx+2D80h], 71h
.text:100576D7                 mov     [ebx+2D82h], si
.text:100576DE                 mov     [ebx+2D84h], esi
.text:100576E4                 mov     [ebx+2D88h], edi
.text:100576EA                 mov     edi, offset byte_10101250
.text:100576EF                 lea     ecx, [ebx+2D90h]
.text:100576F5                 push    edi
.text:100576F6                 mov     [ebx+2D8Ch], esi
.text:100576FC                 call    ??4CString@@QAEABV0@PBD@Z ; CString::operator=(char const *)
.text:10057701                 push    edi
.text:10057702                 lea     ecx, [ebx+2B54h]
.text:10057708                 call    ??4CString@@QAEABV0@PBD@Z ; CString::operator=(char const *)
.text:1005770D                 push    esi
.text:1005770E                 lea     ecx, [ebx+2DA0h]
.text:10057714                 mov     [ebx+1FB8h], esi
.text:1005771A                 mov     [ebx+2D94h], esi
.text:10057720                 mov     [ebx+2D98h], esi
.text:10057726                 mov     [ebx+2D9Ch], esi
.text:1005772C                 mov     [ebx+2B14h], esi
.text:10057732                 mov     [ebx+1FF0h], esi
.text:10057738                 mov     [ebx+1FF4h], esi
.text:1005773E                 mov     [ebx+1FECh], esi
.text:10057744                 mov     dword ptr [ebx+2B48h], 0ABE0h
.text:1005774E                 call    sub_100A4F53
.text:10057753                 push    edi
.text:10057754                 lea     ecx, [ebx+2DBCh]
.text:1005775A                 mov     [ebx+2704h], esi
.text:10057760                 mov     [ebx+2708h], esi
.text:10057766                 mov     [ebx+2B70h], esi
.text:1005776C                 mov     [ebx+2DECh], esi
.text:10057772                 call    ??4CString@@QAEABV0@PBD@Z ; CString::operator=(char const *)
.text:10057777                 push    edi
.text:10057778                 lea     ecx, [ebx+2DB8h]
.text:1005777E                 call    ??4CString@@QAEABV0@PBD@Z ; CString::operator=(char const *)
.text:10057783                 push    edi
.text:10057784                 lea     ecx, [ebx+2DC0h]
.text:1005778A                 call    ??4CString@@QAEABV0@PBD@Z ; CString::operator=(char const *)
.text:1005778F                 mov     [ebp-20h], esi
.text:10057792                 mov     [ebp-1Ch], esi
.text:10057795                 mov     [ebp-18h], esi
.text:10057798                 mov     [ebp-14h], esi
.text:1005779B                 lea     edi, [ebx+2DD8h]
.text:100577A1                 lea     esi, [ebp-20h]
.text:100577A4                 movsd
.text:100577A5                 movsd
.text:100577A6                 movsd
.text:100577A7                 push    1
.text:100577A9                 xor     eax, eax
.text:100577AB                 pop     ecx
.text:100577AC                 mov     [ebx+2DE8h], eax
.text:100577B2                 movsd
.text:100577B3                 mov     [ebx+2588h], eax
.text:100577B9                 mov     [ebx+2B50h], ecx
.text:100577BF                 mov     [ebx+2DF0h], eax
.text:100577C5                 mov     [ebx+2DF4h], eax
.text:100577CB                 mov     [ebx+2B4Ch], eax
.text:100577D1                 mov     [ebx+2DF8h], eax
.text:100577D7                 mov     [ebx+2DFCh], eax
.text:100577DD                 mov     [ebx+2E00h], eax
.text:100577E3                 mov     [ebx+2C08h], eax
.text:100577E9                 mov     [ebx+2BF4h], eax
.text:100577EF                 mov     [ebx+1F8Ch], eax
.text:100577F5                 mov     [ebx+2E1Ch], eax
.text:100577FB                 mov     [ebx+2E20h], eax
.text:10057801                 mov     [ebx+0B18h], eax
.text:10057807                 mov     [ebx+0B1Ch], eax
.text:1005780D                 mov     [ebx+2E04h], eax
.text:10057813                 mov     [ebx+2E2Ch], eax
.text:10057819                 mov     [ebx+1F90h], ecx
.text:1005781F                 mov     [ebx+2E6Ch], eax
.text:10057825                 mov     [ebx+2E70h], eax
.text:1005782B                 and     [ebx+2E74h], al
.text:10057831                 or      dword ptr [ebp-4], 0FFFFFFFFh
.text:10057835                 mov     eax, ebx
.text:10057837                 pop     edi
.text:10057838                 mov     ecx, [ebp-0Ch]
.text:1005783B                 pop     esi
.text:1005783C                 pop     ebx
.text:1005783D                 mov     large fs:0, ecx
.text:10057844                 leave
.text:10057845                 retn    4
.text:10057845 CQQAllInOneDlg__constructor endp ; sp =  4
.text:10057845
.text:10057848
.text:10057848 ; 圹圹圹圹圹圹圹?S U B R O U T I N E 圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹?
.text:10057848
.text:10057848
*/

/*new_CQQAllInOneDlg
.text:100571CA new_CQQAllInOneDlg proc near            ; DATA XREF: .rdata:100D10A4o
.text:100571CA                 mov     eax, offset loc_100BAAFD
.text:100571CF                 call    __EH_prolog
.text:100571D4                 push    ecx             ; save ecx
.text:100571D5                 push    2E78h           ; sizeof(CAllInOneDlg)
.text:100571DA                 call    ??2@YAPAXI@Z    ; operator new(uint)
.text:100571DF                 pop     ecx             ; ecx = new CAllInOneDlg，终于找到了
.text:100571E0                 mov     ecx, eax
.text:100571E2                 mov     [ebp-10h], ecx
.text:100571E5                 xor     eax, eax
.text:100571E7                 cmp     ecx, eax        ; if ecx == 0
.text:100571E9                 mov     [ebp-4], eax
.text:100571EC                 jz      short loc_100571F4
.text:100571EE                 push    eax
.text:100571EF                 call    CQQAllInOneDlg__constructor
.text:100571F4
.text:100571F4 loc_100571F4:                           ; CODE XREF: new_CQQAllInOneDlg+22j
.text:100571F4                 mov     ecx, [ebp-0Ch]
.text:100571F7                 or      dword ptr [ebp-4], 0FFFFFFFFh
.text:100571FB                 mov     large fs:0, ecx
.text:10057202                 leave
.text:10057203                 retn
.text:10057203 new_CQQAllInOneDlg endp ; sp =  4
*/