windows消息从User32 内核出来之后逆向过程
消息从User32 内核出来之后,应该是由Windows 系统自动发往各个窗口的消息处理函数,但这里
怎么会全部进入了AfxWndProc()函数
USER32 内核 -> AfxWndProcBase -> AfxWndProc -> AfxCallWndProc -> CWnd::WindowProc ->
CWnd::OnWndMsg -> CWnd::OnCommand -> CDialog::OnCmdMsg -> CCmdTarget::OnCmdMsg -> _AfxDispatchCmdMsg ->
CD1Dlg::OnButton1()
LRESULT CALLBACK
AfxWndProcBase(HWND hWnd, UINT nMsg, WPARAM wParam, LPARAM lParam)
{
AFX_MANAGE_STATE(_afxBaseModuleState.GetData());
return AfxWndProc(hWnd, nMsg, wParam, lParam);
}
AfxWndProcBase 汇编代码:
73DC8444 >/$ B8 F9EEDC73 MOV EAX,MFC42.73DCEEF9
73DC8449 |. E8 2AA8FFFF CALL MFC42.73DC2C78
73DC844E |. 51 PUSH ECX
73DC844F |. 51 PUSH ECX
73DC8450 |. 68 3B9FDC73 PUSH MFC42.#2188_?CreateObject@?$CProcessLocal@V_AFX_BASE_MODULE_STAT>
73DC8455 |. B9 10E6E073 MOV ECX,MFC42.73E0E610
73DC845A |. E8 A2FEFFFF CALL MFC42.#3028_?GetData@CProcessLocalObject@@QAEPAVCNoTrackObject@@>
73DC845F |. 50 PUSH EAX
73DC8460 |. 8D4D EC LEA ECX,DWORD PTR SS:[EBP-14]
73DC8463 |. E8 AEFFFFFF CALL MFC42.#6467_??0AFX_MAINTAIN_STATE2@@QAE@PAVAFX_MODULE_STATE@@@Z
73DC8468 |. FF75 14 PUSH DWORD PTR SS:[EBP+14]
73DC846B |. 8365 FC 00 AND DWORD PTR SS:[EBP-4],0
73DC846F |. FF75 10 PUSH DWORD PTR SS:[EBP+10]
73DC8472 |. FF75 0C PUSH DWORD PTR SS:[EBP+C]
73DC8475 |. FF75 08 PUSH DWORD PTR SS:[EBP+8]
73DC8478 |. E8 A595F6FF CALL MFC42.#1578_?AfxWndProc@@YGJPAUHWND__@@IIJ@Z
73DC847D |. 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10]
73DC8480 |. 8B55 EC MOV EDX,DWORD PTR SS:[EBP-14]
73DC8483 |. 8951 04 MOV DWORD PTR DS:[ECX+4],EDX
73DC8486 |. 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C]
73DC8489 |. 64:890D 00000>MOV DWORD PTR FS:[0],ECX
73DC8490 |. C9 LEAVE
73DC8491 \. C2 1000 RETN 10
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
LRESULT CALLBACK
AfxWndProc(HWND hWnd, UINT nMsg, WPARAM wParam, LPARAM lParam)
{
// special message which identifies the window as using AfxWndProc
if (nMsg == WM_QUERYAFXWNDPROC)
return 1;
// all other messages route through message map
CWnd* pWnd = CWnd::FromHandlePermanent(hWnd);
ASSERT(pWnd != NULL);
ASSERT(pWnd->m_hWnd == hWnd);
return AfxCallWndProc(pWnd, hWnd, nMsg, wParam, lParam);
}
AfxWndProc反汇编代码:
73D31A22 >/$ 8BFF MOV EDI,EDI
73D31A24 |. 55 PUSH EBP
73D31A25 |. 8BEC MOV EBP,ESP
73D31A27 |. 817D 0C 60030>CMP DWORD PTR SS:[EBP+C],360
73D31A2E |. 75 05 JNZ SHORT MFC42.73D31A35
73D31A30 |. 33C0 XOR EAX,EAX
73D31A32 |. 40 INC EAX
73D31A33 |. EB 36 JMP SHORT MFC42.73D31A6B
73D31A35 |> 56 PUSH ESI
73D31A36 |. 8B75 08 MOV ESI,DWORD PTR SS:[EBP+8]
73D31A39 |. 56 PUSH ESI
73D31A3A |. E8 C3F7FFFF CALL MFC42.#2867_?FromHandlePermanent@CWnd@@SGPAV1@PAUHWND__@@@Z
73D31A3F |. 85C0 TEST EAX,EAX
73D31A41 |. 74 17 JE SHORT MFC42.73D31A5A
73D31A43 |. 3970 20 CMP DWORD PTR DS:[EAX+20],ESI
73D31A46 |. 75 12 JNZ SHORT MFC42.73D31A5A
73D31A48 |. FF75 14 PUSH DWORD PTR SS:[EBP+14]
73D31A4B |. FF75 10 PUSH DWORD PTR SS:[EBP+10]
73D31A4E |. FF75 0C PUSH DWORD PTR SS:[EBP+C]
73D31A51 |. 56 PUSH ESI
73D31A52 |. 50 PUSH EAX
73D31A53 |. E8 1C000000 CALL MFC42.#1109_?AfxCallWndProc@@YGJPAVCWnd@@PAUHWND__@@IIJ@Z
73D31A58 |. EB 10 JMP SHORT MFC42.73D31A6A
73D31A5A |> FF75 14 PUSH DWORD PTR SS:[EBP+14] ; /lParam
73D31A5D |. FF75 10 PUSH DWORD PTR SS:[EBP+10] ; |wParam
73D31A60 |. FF75 0C PUSH DWORD PTR SS:[EBP+C] ; |Message
73D31A63 |. 56 PUSH ESI ; |hWnd
73D31A64 |. FF15 6C65DD73 CALL DWORD PTR DS:[<&USER32.DefWindowProcA>] ; \假定的 WinProc
73D31A6A |> 5E POP ESI
73D31A6B |> 5D POP EBP
73D31A6C \. C2 1000 RETN 10
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
LRESULT AFXAPI AfxCallWndProc(CWnd* pWnd, HWND hWnd, UINT nMsg,
WPARAM wParam = 0, LPARAM lParam = 0)
{
_AFX_THREAD_STATE* pThreadState = _afxThreadState.GetData();
MSG oldState = pThreadState->m_lastSentMsg; // save for nesting
pThreadState->m_lastSentMsg.hwnd = hWnd;
pThreadState->m_lastSentMsg.message = nMsg;
pThreadState->m_lastSentMsg.wParam = wParam;
pThreadState->m_lastSentMsg.lParam = lParam;
#ifdef _DEBUG
if (afxTraceFlags & traceWinMsg)
_AfxTraceMsg(_T("WndProc"), &pThreadState->m_lastSentMsg);
#endif
// Catch exceptions thrown outside the scope of a callback
// in debug builds and warn the user.
LRESULT lResult;
TRY
{
#ifndef _AFX_NO_OCC_SUPPORT
// special case for WM_DESTROY
if ((nMsg == WM_DESTROY) && (pWnd->m_pCtrlCont != NULL))
pWnd->m_pCtrlCont->OnUIActivate(NULL);
#endif
// special case for WM_INITDIALOG
CRect rectOld;
DWORD dwStyle = 0;
if (nMsg == WM_INITDIALOG)
_AfxPreInitDialog(pWnd, &rectOld, &dwStyle);
// delegate to object's WindowProc
lResult = pWnd->WindowProc(nMsg, wParam, lParam);
// more special case for WM_INITDIALOG
if (nMsg == WM_INITDIALOG)
_AfxPostInitDialog(pWnd, rectOld, dwStyle);
}
CATCH_ALL(e)
{
lResult = AfxGetThread()->ProcessWndProcException(e, &pThreadState->m_lastSentMsg);
TRACE1("Warning: Uncaught exception in WindowProc (returning %ld).\n",
lResult);
DELETE_EXCEPTION(e);
}
END_CATCH_ALL
pThreadState->m_lastSentMsg = oldState;
return lResult;
}
AfxCallWndProc的反汇编代码:
73D31A74 > $ B8 A4EFDC73 MOV EAX,MFC42.73DCEFA4
73D31A79 . E8 FA110900 CALL MFC42.73DC2C78
73D31A7E . 83EC 34 SUB ESP,34
73D31A81 . 53 PUSH EBX
73D31A82 . 56 PUSH ESI
73D31A83 . 57 PUSH EDI
73D31A84 . 8965 F0 MOV DWORD PTR SS:[EBP-10],ESP
73D31A87 . 68 DB88DC73 PUSH MFC42.#2202_?CreateObject@?$CThreadLocal@V_AFX_THREAD_STATE@@@@S>
73D31A8C . B9 0CE6E073 MOV ECX,MFC42.73E0E60C
73D31A91 . E8 DF670900 CALL MFC42.#3030_?GetData@CThreadLocalObject@@QAEPAVCNoTrackObject@@P>
73D31A96 . 8BD8 MOV EBX,EAX
73D31A98 . 8D43 34 LEA EAX,DWORD PTR DS:[EBX+34]
73D31A9B . 8BF0 MOV ESI,EAX
73D31A9D . 6A 07 PUSH 7
73D31A9F . 59 POP ECX
73D31AA0 . 8D7D C0 LEA EDI,DWORD PTR SS:[EBP-40]
73D31AA3 . F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ESI]
73D31AA5 . 8B4D 0C MOV ECX,DWORD PTR SS:[EBP+C]
73D31AA8 . 8B75 10 MOV ESI,DWORD PTR SS:[EBP+10]
73D31AAB . 8B7D 08 MOV EDI,DWORD PTR SS:[EBP+8]
73D31AAE . 8908 MOV DWORD PTR DS:[EAX],ECX
73D31AB0 . 8B45 14 MOV EAX,DWORD PTR SS:[EBP+14]
73D31AB3 . 8943 3C MOV DWORD PTR DS:[EBX+3C],EAX
73D31AB6 . 8B45 18 MOV EAX,DWORD PTR SS:[EBP+18]
73D31AB9 . 8943 40 MOV DWORD PTR DS:[EBX+40],EAX
73D31ABC . 33C0 XOR EAX,EAX
73D31ABE . 83FE 02 CMP ESI,2
73D31AC1 . 895D EC MOV DWORD PTR SS:[EBP-14],EBX
73D31AC4 . 8973 38 MOV DWORD PTR DS:[EBX+38],ESI
73D31AC7 . 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
73D31ACA . 75 0E JNZ SHORT MFC42.73D31ADA
73D31ACC . 3947 38 CMP DWORD PTR DS:[EDI+38],EAX
73D31ACF . 74 09 JE SHORT MFC42.73D31ADA
73D31AD1 . 8B4F 38 MOV ECX,DWORD PTR DS:[EDI+38]
73D31AD4 . 8B11 MOV EDX,DWORD PTR DS:[ECX]
73D31AD6 . 50 PUSH EAX
73D31AD7 . FF52 64 CALL DWORD PTR DS:[EDX+64]
73D31ADA > 8365 0C 00 AND DWORD PTR SS:[EBP+C],0
73D31ADE . 81FE 10010000 CMP ESI,110
73D31AE4 . 75 0E JNZ SHORT MFC42.73D31AF4
73D31AE6 . 8D45 0C LEA EAX,DWORD PTR SS:[EBP+C]
73D31AE9 . 50 PUSH EAX
73D31AEA . 8D45 DC LEA EAX,DWORD PTR SS:[EBP-24]
73D31AED . 50 PUSH EAX
73D31AEE . 57 PUSH EDI
73D31AEF . E8 51880100 CALL MFC42.73D4A345
73D31AF4 > FF75 18 PUSH DWORD PTR SS:[EBP+18]
73D31AF7 . 8B07 MOV EAX,DWORD PTR DS:[EDI]
73D31AF9 . FF75 14 PUSH DWORD PTR SS:[EBP+14]
73D31AFC . 8BCF MOV ECX,EDI
73D31AFE . 56 PUSH ESI
73D31AFF . FF90 A0000000 CALL DWORD PTR DS:[EAX+A0] ; <JMP.&MFC42.#6374_?WindowProc@CWnd@@MAEJIIJ@Z>
73D31B05 . 81FE 10010000 CMP ESI,110
73D31B0B . 8945 08 MOV DWORD PTR SS:[EBP+8],EAX
73D31B0E . 75 43 JNZ SHORT MFC42.73D31B53
73D31B10 . FF75 0C PUSH DWORD PTR SS:[EBP+C]
73D31B13 . 8D45 DC LEA EAX,DWORD PTR SS:[EBP-24]
73D31B16 . 50 PUSH EAX
73D31B17 . 57 PUSH EDI
73D31B18 . E8 52880100 CALL MFC42.73D4A36F
73D31B1D . EB 34 JMP SHORT MFC42.73D31B53
73D31B1F . E8 E1F4FFFF CALL MFC42.#1175_?AfxGetThread@@YGPAVCWinThread@@XZ
73D31B24 . 85C0 TEST EAX,EAX
73D31B26 . 74 16 JE SHORT MFC42.73D31B3E
73D31B28 . 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14]
73D31B2B . 8B10 MOV EDX,DWORD PTR DS:[EAX]
73D31B2D . 83C1 34 ADD ECX,34
73D31B30 . 51 PUSH ECX
73D31B31 . FF75 10 PUSH DWORD PTR SS:[EBP+10]
73D31B34 . 8BC8 MOV ECX,EAX
73D31B36 . FF52 74 CALL DWORD PTR DS:[EDX+74]
73D31B39 . 8945 08 MOV DWORD PTR SS:[EBP+8],EAX
73D31B3C . EB 04 JMP SHORT MFC42.73D31B42
73D31B3E > 8365 08 00 AND DWORD PTR SS:[EBP+8],0
73D31B42 > 8B4D 10 MOV ECX,DWORD PTR SS:[EBP+10]
73D31B45 . E8 69A70500 CALL MFC42.#2393_?Delete@CException@@QAEXXZ
73D31B4A . B8 501BD373 MOV EAX,MFC42.73D31B50
73D31B4F . C3 RETN
73D31B50 . 8B5D EC MOV EBX,DWORD PTR SS:[EBP-14]
73D31B53 > 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
73D31B56 . 6A 07 PUSH 7
73D31B58 . 59 POP ECX
73D31B59 . 8D7B 34 LEA EDI,DWORD PTR DS:[EBX+34]
73D31B5C . 8D75 C0 LEA ESI,DWORD PTR SS:[EBP-40]
73D31B5F . F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ESI]
73D31B61 . 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C]
73D31B64 . 5F POP EDI
73D31B65 . 5E POP ESI
73D31B66 . 64:890D 00000>MOV DWORD PTR FS:[0],ECX
73D31B6D . 5B POP EBX
73D31B6E . C9 LEAVE
73D31B6F . C2 1400 RETN 14
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
LRESULT CWnd::WindowProc(UINT message, WPARAM wParam, LPARAM lParam)
{
// OnWndMsg does most of the work, except for DefWindowProc call
LRESULT lResult = 0;
if (!OnWndMsg(message, wParam, lParam, &lResult))
lResult = DefWindowProc(message, wParam, lParam);
return lResult;
}
WindowProc反汇编代码:
73D31B77 >/$ 8BFF MOV EDI,EDI
73D31B79 |. 55 PUSH EBP
73D31B7A |. 8BEC MOV EBP,ESP
73D31B7C |. 51 PUSH ECX
73D31B7D |. 8365 FC 00 AND DWORD PTR SS:[EBP-4],0
73D31B81 |. 56 PUSH ESI
73D31B82 |. 8BF1 MOV ESI,ECX
73D31B84 |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
73D31B86 |. 8D4D FC LEA ECX,DWORD PTR SS:[EBP-4]
73D31B89 |. 51 PUSH ECX
73D31B8A |. FF75 10 PUSH DWORD PTR SS:[EBP+10]
73D31B8D |. 8BCE MOV ECX,ESI
73D31B8F |. FF75 0C PUSH DWORD PTR SS:[EBP+C]
73D31B92 |. FF75 08 PUSH DWORD PTR SS:[EBP+8]
73D31B95 |. FF90 A4000000 CALL DWORD PTR DS:[EAX+A4] ; <JMP.&MFC42.#5163_?OnWndMsg@CWnd@@MAEHIIJPAJ@Z>
73D31B9B |. 85C0 TEST EAX,EAX
73D31B9D |. 75 16 JNZ SHORT MFC42.73D31BB5
73D31B9F |. FF75 10 PUSH DWORD PTR SS:[EBP+10]
73D31BA2 |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
73D31BA4 |. FF75 0C PUSH DWORD PTR SS:[EBP+C]
73D31BA7 |. 8BCE MOV ECX,ESI
73D31BA9 |. FF75 08 PUSH DWORD PTR SS:[EBP+8]
73D31BAC |. FF90 A8000000 CALL DWORD PTR DS:[EAX+A8] ; <JMP.&MFC42.#2385_?DefWindowProcA@CWnd@@MAEJIIJ@Z>
73D31BB2 |. 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
73D31BB5 |> 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
73D31BB8 |. 5E POP ESI
73D31BB9 |. C9 LEAVE
73D31BBA \. C2 0C00 RETN 0C
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
BOOL CWnd::OnWndMsg(UINT message, WPARAM wParam, LPARAM lParam, LRESULT* pResult)
{
LRESULT lResult = 0;
// special case for commands
if (message == WM_COMMAND)
{
if (OnCommand(wParam, lParam))
{
lResult = 1;
goto LReturnTrue;
}
return FALSE;
}
// special case for notifies
if (message == WM_NOTIFY)
{
NMHDR* pNMHDR = (NMHDR*)lParam;
if (pNMHDR->hwndFrom != NULL && OnNotify(wParam, lParam, &lResult))
goto LReturnTrue;
return FALSE;
}
................
}
CWnd::OnWndMsg的部分汇编代码:
73D31BC2 >/$ B8 F1EFDC73 MOV EAX,MFC42.73DCEFF1
73D31BC7 |. E8 AC100900 CALL MFC42.73DC2C78
73D31BCC |. 83EC 58 SUB ESP,58
73D31BCF |. 8365 F0 00 AND DWORD PTR SS:[EBP-10],0
73D31BD3 |. 53 PUSH EBX
73D31BD4 |. 8B5D 08 MOV EBX,DWORD PTR SS:[EBP+8]
73D31BD7 |. 81FB 11010000 CMP EBX,111 ; Switch (cases 6..111)
73D31BDD |. 56 PUSH ESI
73D31BDE |. 57 PUSH EDI
73D31BDF |. 8BF9 MOV EDI,ECX
73D31BE1 |. 75 1B JNZ SHORT MFC42.73D31BFE
73D31BE3 |. FF75 10 PUSH DWORD PTR SS:[EBP+10] ; Case 111 (WM_COMMAND) of switch 73D31BD7
73D31BE6 |. 8B07 MOV EAX,DWORD PTR DS:[EDI]
73D31BE8 |. FF75 0C PUSH DWORD PTR SS:[EBP+C]
73D31BEB |. FF90 80000000 CALL DWORD PTR DS:[EAX+80]
73D31BF1 |. 85C0 TEST EAX,EAX
73D31BF3 |. 0F84 CA000000 JE MFC42.73D31CC3
73D31BF9 |. E9 04040000 JMP MFC42.73D32002
73D31BFE |> 83FB 4E CMP EBX,4E
73D31C01 |. 75 23 JNZ SHORT MFC42.73D31C26
73D31C03 |. 8B45 10 MOV EAX,DWORD PTR SS:[EBP+10] ; Case 4E (WM_NOTIFY) of switch 73D31BD7
73D31C06 |. 8338 00 CMP DWORD PTR DS:[EAX],0
73D31C09 |. 0F84 B4000000 JE MFC42.73D31CC3
73D31C0F |. 8B17 MOV EDX,DWORD PTR DS:[EDI]
73D31C11 |. 8D4D F0 LEA ECX,DWORD PTR SS:[EBP-10]
73D31C14 |. 51 PUSH ECX
73D31C15 |. 50 PUSH EAX
73D31C16 |. FF75 0C PUSH DWORD PTR SS:[EBP+C]
73D31C19 |. 8BCF MOV ECX,EDI
73D31C1B |. FF92 84000000 CALL DWORD PTR DS:[EDX+84]
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
BOOL CWnd::OnCommand(WPARAM wParam, LPARAM lParam)
// return TRUE if command invocation was attempted
{
UINT nID = LOWORD(wParam);
HWND hWndCtrl = (HWND)lParam;
int nCode = HIWORD(wParam);
// default routing for command messages (through closure table)
if (hWndCtrl == NULL)
{
// zero IDs for normal commands are not allowed
if (nID == 0)
return FALSE;
// make sure command has not become disabled before routing
CTestCmdUI state;
state.m_nID = nID;
OnCmdMsg(nID, CN_UPDATE_COMMAND_UI, &state, NULL);
if (!state.m_bEnabled)
{
TRACE1("Warning: not executing disabled command %d\n", nID);
return TRUE;
}
// menu or accelerator
nCode = CN_COMMAND;
}
else
{
// control notification
ASSERT(nID == 0 || ::IsWindow(hWndCtrl));
if (_afxThreadState->m_hLockoutNotifyWindow == m_hWnd)
return TRUE; // locked out - ignore control notification
// reflect notification to child window control
if (ReflectLastMsg(hWndCtrl))
return TRUE; // eaten by child
// zero IDs for normal commands are not allowed
if (nID == 0)
return FALSE;
}
#ifdef _DEBUG
if (nCode < 0 && nCode != (int)0x8000)
TRACE1("Implementation Warning: control notification = $%X.\n",
nCode);
#endif
return OnCmdMsg(nID, nCode, NULL, NULL);
}
OnCommand汇编代码:
73D331F1 >/$ 8BFF MOV EDI,EDI
73D331F3 |. 55 PUSH EBP
73D331F4 |. 8BEC MOV EBP,ESP
73D331F6 |. 83EC 2C SUB ESP,2C
73D331F9 |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
73D331FC |. 53 PUSH EBX
73D331FD |. 56 PUSH ESI
73D331FE |. 57 PUSH EDI
73D331FF |. 0FB7F8 MOVZX EDI,AX
73D33202 |. C1E8 10 SHR EAX,10
73D33205 |. 33DB XOR EBX,EBX
73D33207 |. 395D 0C CMP DWORD PTR SS:[EBP+C],EBX
73D3320A |. 8BF1 MOV ESI,ECX
73D3320C |. 8945 08 MOV DWORD PTR SS:[EBP+8],EAX
73D3320F |. 75 3A JNZ SHORT MFC42.73D3324B
73D33211 |. 3BFB CMP EDI,EBX
73D33213 |. 74 66 JE SHORT MFC42.73D3327B
73D33215 |. 8D4D D4 LEA ECX,DWORD PTR SS:[EBP-2C]
73D33218 |. E8 DE2A0000 CALL MFC42.#545_??0CTestCmdUI@@QAE@XZ
73D3321D |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
73D3321F |. 53 PUSH EBX
73D33220 |. 8D4D D4 LEA ECX,DWORD PTR SS:[EBP-2C]
73D33223 |. 51 PUSH ECX
73D33224 |. 6A FF PUSH -1
73D33226 |. 57 PUSH EDI
73D33227 |. 8BCE MOV ECX,ESI
73D33229 |. 897D D8 MOV DWORD PTR SS:[EBP-28],EDI
73D3322C |. FF50 14 CALL DWORD PTR DS:[EAX+14]
73D3322F |. 395D FC CMP DWORD PTR SS:[EBP-4],EBX
73D33232 |. 74 3E JE SHORT MFC42.73D33272
73D33234 |. 895D 08 MOV DWORD PTR SS:[EBP+8],EBX
73D33237 |> 8B06 MOV EAX,DWORD PTR DS:[ESI]
73D33239 |. 53 PUSH EBX
73D3323A |. 53 PUSH EBX
73D3323B |. FF75 08 PUSH DWORD PTR SS:[EBP+8]
73D3323E |. 8BCE MOV ECX,ESI
73D33240 |. 57 PUSH EDI
73D33241 |. FF50 14 CALL DWORD PTR DS:[EAX+14] ; <JMP.&MFC42.#4425_?OnCmdMsg@CDialog@@UAEHIHPAXPAUAFX_CMDHANDLERINFO@@@Z>
73D33244 |> 5F POP EDI
73D33245 |. 5E POP ESI
73D33246 |. 5B POP EBX
73D33247 |. C9 LEAVE
73D33248 |. C2 0800 RETN 8
///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
BOOL CDialog::OnCmdMsg(UINT nID, int nCode, void* pExtra,
AFX_CMDHANDLERINFO* pHandlerInfo)
{
if (CWnd::OnCmdMsg(nID, nCode, pExtra, pHandlerInfo))
return TRUE;
if ((nCode != CN_COMMAND && nCode != CN_UPDATE_COMMAND_UI) ||
!IS_COMMAND_ID(nID) || nID >= 0xf000)
{
// control notification or non-command button or system command
return FALSE; // not routed any further
}
// if we have an owner window, give it second crack
CWnd* pOwner = GetParent();
if (pOwner != NULL)
{
#ifdef _DEBUG
if (afxTraceFlags & traceCmdRouting)
TRACE1("Routing command id 0x%04X to owner window.\n", nID);
#endif
ASSERT(pOwner != this);
if (pOwner->OnCmdMsg(nID, nCode, pExtra, pHandlerInfo))
return TRUE;
}
// last crack goes to the current CWinThread object
CWinThread* pThread = AfxGetThread();
if (pThread != NULL)
{
#ifdef _DEBUG
if (afxTraceFlags & traceCmdRouting)
TRACE1("Routing command id 0x%04X to app.\n", nID);
#endif
if (pThread->OnCmdMsg(nID, nCode, pExtra, pHandlerInfo))
return TRUE;
}
#ifdef _DEBUG
if (afxTraceFlags & traceCmdRouting)
{
TRACE2("IGNORING command id 0x%04X sent to %hs dialog.\n", nID,
GetRuntimeClass()->m_lpszClassName);
}
#endif
return FALSE;
}
CDialog::OnCmdMsg汇编代码:
73D9DE90 > 8BFF MOV EDI,EDI
73D9DE92 /. 55 PUSH EBP
73D9DE93 |. 8BEC MOV EBP,ESP
73D9DE95 |. 53 PUSH EBX
73D9DE96 |. 8B5D 08 MOV EBX,DWORD PTR SS:[EBP+8]
73D9DE99 |. 56 PUSH ESI
73D9DE9A |. 57 PUSH EDI
73D9DE9B |. FF75 14 PUSH DWORD PTR SS:[EBP+14]
73D9DE9E |. 8B7D 0C MOV EDI,DWORD PTR SS:[EBP+C]
73D9DEA1 |. FF75 10 PUSH DWORD PTR SS:[EBP+10]
73D9DEA4 |. 8BF1 MOV ESI,ECX
73D9DEA6 |. 57 PUSH EDI
73D9DEA7 |. 53 PUSH EBX
73D9DEA8 |. E8 0844F9FF CALL MFC42.#4424_?OnCmdMsg@CCmdTarget@@UAEHIHPAXPAUAFX_CMDHANDLERINFO@@@Z
73D9DEAD |. 85C0 TEST EAX,EAX
73D9DEAF |. 75 57 JNZ SHORT MFC42.73D9DF08
73D9DEB1 |. 85FF TEST EDI,EDI
73D9DEB3 |. 74 05 JE SHORT MFC42.73D9DEBA
73D9DEB5 |. 83FF FF CMP EDI,-1
73D9DEB8 |. 75 53 JNZ SHORT MFC42.73D9DF0D
73D9DEBA |> 84FF TEST BH,BH
73D9DEBC |. 79 4F JNS SHORT MFC42.73D9DF0D
73D9DEBE |. 81FB 00F00000 CMP EBX,0F000
73D9DEC4 |. 73 47 JNB SHORT MFC42.73D9DF0D
73D9DEC6 |. FF76 20 PUSH DWORD PTR DS:[ESI+20] ; /hWnd
73D9DEC9 |. FF15 A865DD73 CALL DWORD PTR DS:[<&USER32.GetParent>] ; \GetParent
73D9DECF |. 50 PUSH EAX
73D9DED0 |. E8 4A31F9FF CALL MFC42.#2864_?FromHandle@CWnd@@SGPAV1@PAUHWND__@@@Z
73D9DED5 |. 85C0 TEST EAX,EAX
73D9DED7 |. 74 13 JE SHORT MFC42.73D9DEEC
73D9DED9 |. FF75 14 PUSH DWORD PTR SS:[EBP+14]
73D9DEDC |. 8B10 MOV EDX,DWORD PTR DS:[EAX]
73D9DEDE |. FF75 10 PUSH DWORD PTR SS:[EBP+10]
73D9DEE1 |. 8BC8 MOV ECX,EAX
73D9DEE3 |. 57 PUSH EDI
73D9DEE4 |. 53 PUSH EBX
73D9DEE5 |. FF52 14 CALL DWORD PTR DS:[EDX+14]
73D9DEE8 |. 85C0 TEST EAX,EAX
73D9DEEA |. 75 1C JNZ SHORT MFC42.73D9DF08
73D9DEEC |> E8 1431F9FF CALL MFC42.#1175_?AfxGetThread@@YGPAVCWinThread@@XZ
73D9DEF1 |. 85C0 TEST EAX,EAX
73D9DEF3 |. 74 18 JE SHORT MFC42.73D9DF0D
73D9DEF5 |. FF75 14 PUSH DWORD PTR SS:[EBP+14]
73D9DEF8 |. 8B10 MOV EDX,DWORD PTR DS:[EAX]
73D9DEFA |. FF75 10 PUSH DWORD PTR SS:[EBP+10]
73D9DEFD |. 8BC8 MOV ECX,EAX
73D9DEFF |. 57 PUSH EDI
73D9DF00 |. 53 PUSH EBX
73D9DF01 |. FF52 14 CALL DWORD PTR DS:[EDX+14]
73D9DF04 |. 85C0 TEST EAX,EAX
73D9DF06 |. 74 05 JE SHORT MFC42.73D9DF0D
73D9DF08 |> 33C0 XOR EAX,EAX
73D9DF0A |. 40 INC EAX
73D9DF0B |. EB 02 JMP SHORT MFC42.73D9DF0F
73D9DF0D |> 33C0 XOR EAX,EAX
73D9DF0F |> 5F POP EDI
73D9DF10 |. 5E POP ESI
73D9DF11 |. 5B POP EBX
73D9DF12 |. 5D POP EBP
73D9DF13 \. C2 1000 RETN 10
///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
BOOL CCmdTarget::OnCmdMsg(UINT nID, int nCode, void* pExtra,
AFX_CMDHANDLERINFO* pHandlerInfo)
{
#ifndef _AFX_NO_OCC_SUPPORT
// OLE control events are a special case
if (nCode == CN_EVENT)
{
ASSERT(afxOccManager != NULL);
return afxOccManager->OnEvent(this, nID, (AFX_EVENT*)pExtra, pHandlerInfo);
}
#endif // !_AFX_NO_OCC_SUPPORT
// determine the message number and code (packed into nCode)
const AFX_MSGMAP* pMessageMap;
const AFX_MSGMAP_ENTRY* lpEntry;
UINT nMsg = 0;
#ifndef _AFX_NO_DOCOBJECT_SUPPORT
if (nCode == CN_OLECOMMAND)
{
BOOL bResult = FALSE;
const AFX_OLECMDMAP* pOleCommandMap;
const AFX_OLECMDMAP_ENTRY* pEntry;
COleCmdUI* pUI = (COleCmdUI*) pExtra;
const GUID* pguidCmdGroup = pUI->m_pguidCmdGroup;
#ifdef _AFXDLL
for (pOleCommandMap = GetCommandMap(); pOleCommandMap != NULL && !bResult;
pOleCommandMap = pOleCommandMap->pfnGetBaseMap())
#else
for (pOleCommandMap = GetCommandMap(); pOleCommandMap != NULL && !bResult;
pOleCommandMap = pOleCommandMap->pBaseMap)
#endif
{
for (pEntry = pOleCommandMap->lpEntries;
pEntry->cmdID != 0 && pEntry->nID != 0 && !bResult;
pEntry++)
{
if (nID == pEntry->cmdID &&
IsEqualNULLGuid(pguidCmdGroup, pEntry->pguid))
{
pUI->m_nID = pEntry->nID;
bResult = TRUE;
}
}
}
return bResult;
}
#endif
if (nCode != CN_UPDATE_COMMAND_UI)
{
nMsg = HIWORD(nCode);
nCode = LOWORD(nCode);
}
// for backward compatibility HIWORD(nCode)==0 is WM_COMMAND
if (nMsg == 0)
nMsg = WM_COMMAND;
// look through message map to see if it applies to us
#ifdef _AFXDLL
for (pMessageMap = GetMessageMap(); pMessageMap != NULL;
pMessageMap = (*pMessageMap->pfnGetBaseMap)())
#else
for (pMessageMap = GetMessageMap(); pMessageMap != NULL;
pMessageMap = pMessageMap->pBaseMap)
#endif
{
// Note: catches BEGIN_MESSAGE_MAP(CMyClass, CMyClass)!
#ifdef _AFXDLL
ASSERT(pMessageMap != (*pMessageMap->pfnGetBaseMap)());
#else
ASSERT(pMessageMap != pMessageMap->pBaseMap);
#endif
lpEntry = AfxFindMessageEntry(pMessageMap->lpEntries, nMsg, nCode, nID);
if (lpEntry != NULL)
{
// found it
#ifdef _DEBUG
if (afxTraceFlags & traceCmdRouting)
{
if (nCode == CN_COMMAND)
{
TRACE2("SENDING command id 0x%04X to %hs target.\n", nID,
GetRuntimeClass()->m_lpszClassName);
}
else if (nCode > CN_COMMAND)
{
if (afxTraceFlags & traceWinMsg)
{
TRACE3("SENDING control notification %d from control id 0x%04X to %hs window.\n",
nCode, nID, GetRuntimeClass()->m_lpszClassName);
}
}
}
#endif //_DEBUG
return _AfxDispatchCmdMsg(this, nID, nCode,
lpEntry->pfn, pExtra, lpEntry->nSig, pHandlerInfo);
}
}
return FALSE; // not handled
}
CCmdTarget::OnCmdMsg汇编代码:
73D322B5 >/$ 8BFF MOV EDI,EDI
73D322B7 |. 55 PUSH EBP
73D322B8 |. 8BEC MOV EBP,ESP
73D322BA |. 8B45 0C MOV EAX,DWORD PTR SS:[EBP+C]
73D322BD |. 83F8 FE CMP EAX,-2 ; Switch (cases FFFFFFFD..FFFFFFFF)
73D322C0 |. 57 PUSH EDI
73D322C1 |. 8BF9 MOV EDI,ECX
73D322C3 |. 75 21 JNZ SHORT MFC42.73D322E6
73D322C5 |. E8 0C600900 CALL MFC42.#1168_?AfxGetModuleState@@YGPAVAFX_MODULE_STATE@@XZ ; Case FFFFFFFE of switch 73D322BD
73D322CA |. FF75 14 PUSH DWORD PTR SS:[EBP+14]
73D322CD |. 8B80 54100000 MOV EAX,DWORD PTR DS:[EAX+1054]
73D322D3 |. FF75 10 PUSH DWORD PTR SS:[EBP+10]
73D322D6 |. 8B10 MOV EDX,DWORD PTR DS:[EAX]
73D322D8 |. FF75 08 PUSH DWORD PTR SS:[EBP+8]
73D322DB |. 8BC8 MOV ECX,EAX
73D322DD |. 57 PUSH EDI
73D322DE |. FF52 04 CALL DWORD PTR DS:[EDX+4]
73D322E1 |. E9 BC000000 JMP MFC42.73D323A2
73D322E6 |> 83F8 FD CMP EAX,-3
73D322E9 |. 53 PUSH EBX
73D322EA |. 56 PUSH ESI
73D322EB |. 75 78 JNZ SHORT MFC42.73D32365
73D322ED |. 8B5D 10 MOV EBX,DWORD PTR SS:[EBP+10] ; Case FFFFFFFD of switch 73D322BD
73D322F0 |. 8B43 30 MOV EAX,DWORD PTR DS:[EBX+30]
73D322F3 |. 8365 0C 00 AND DWORD PTR SS:[EBP+C],0
73D322F7 |. 8945 10 MOV DWORD PTR SS:[EBP+10],EAX
73D322FA |. 8B07 MOV EAX,DWORD PTR DS:[EDI]
73D322FC |. 8BCF MOV ECX,EDI
73D322FE |. FF50 34 CALL DWORD PTR DS:[EAX+34]
73D32301 |. EB 57 JMP SHORT MFC42.73D3235A
73D32303 |> 837D 0C 00 /CMP DWORD PTR SS:[EBP+C],0
73D32307 |. 75 57 |JNZ SHORT MFC42.73D32360
73D32309 |. 8B77 04 |MOV ESI,DWORD PTR DS:[EDI+4]
73D3230C |. EB 43 |JMP SHORT MFC42.73D32351
73D3230E |> 837E 08 00 |/CMP DWORD PTR DS:[ESI+8],0
73D32312 |. 74 44 ||JE SHORT MFC42.73D32358
73D32314 |. 837D 0C 00 ||CMP DWORD PTR SS:[EBP+C],0
73D32318 |. 75 3E ||JNZ SHORT MFC42.73D32358
73D3231A |. 3945 08 ||CMP DWORD PTR SS:[EBP+8],EAX
73D3231D |. 75 2F ||JNZ SHORT MFC42.73D3234E
73D3231F |. 837D 10 00 ||CMP DWORD PTR SS:[EBP+10],0
73D32323 |. 75 07 ||JNZ SHORT MFC42.73D3232C
73D32325 |. 833E 00 ||CMP DWORD PTR DS:[ESI],0
73D32328 |. 74 17 ||JE SHORT MFC42.73D32341
73D3232A |. EB 22 ||JMP SHORT MFC42.73D3234E
73D3232C |> 8B06 ||MOV EAX,DWORD PTR DS:[ESI]
73D3232E |. 85C0 ||TEST EAX,EAX
73D32330 |. 74 1C ||JE SHORT MFC42.73D3234E
73D32332 |. 50 ||PUSH EAX
73D32333 |. FF75 10 ||PUSH DWORD PTR SS:[EBP+10]
73D32336 |. E8 38D30800 ||CALL MFC42.73DBF673
73D3233B |. 85C0 ||TEST EAX,EAX
73D3233D |. 59 ||POP ECX
73D3233E |. 59 ||POP ECX
73D3233F |. 74 0D ||JE SHORT MFC42.73D3234E
73D32341 |> 8B46 08 ||MOV EAX,DWORD PTR DS:[ESI+8]
73D32344 |. 8943 04 ||MOV DWORD PTR DS:[EBX+4],EAX
73D32347 |. C745 0C 01000>||MOV DWORD PTR SS:[EBP+C],1
73D3234E |> 83C6 0C ||ADD ESI,0C
73D32351 |> 8B46 04 | MOV EAX,DWORD PTR DS:[ESI+4]
73D32354 |. 85C0 ||TEST EAX,EAX
73D32356 |.^ 75 B6 |\JNZ SHORT MFC42.73D3230E
73D32358 |> FF17 |CALL DWORD PTR DS:[EDI]
73D3235A |> 8BF8 MOV EDI,EAX
73D3235C |. 85FF |TEST EDI,EDI
73D3235E |.^ 75 A3 \JNZ SHORT MFC42.73D32303
73D32360 |> 8B45 0C MOV EAX,DWORD PTR SS:[EBP+C]
73D32363 |. EB 3B JMP SHORT MFC42.73D323A0
73D32365 |> 83F8 FF CMP EAX,-1
73D32368 |. 74 0D JE SHORT MFC42.73D32377
73D3236A |. 8BD8 MOV EBX,EAX ; Default case of switch 73D322BD
73D3236C |. C1EB 10 SHR EBX,10
73D3236F |. 0FB7C0 MOVZX EAX,AX
73D32372 |. 8945 0C MOV DWORD PTR SS:[EBP+C],EAX
73D32375 |. 75 05 JNZ SHORT MFC42.73D3237C
73D32377 |> BB 11010000 MOV EBX,111 ; Case FFFFFFFF of switch 73D322BD
73D3237C |> 8B07 MOV EAX,DWORD PTR DS:[EDI]
73D3237E |. 8BCF MOV ECX,EDI
73D32380 |. FF50 30 CALL DWORD PTR DS:[EAX+30]
73D32383 |. EB 15 JMP SHORT MFC42.73D3239A
73D32385 |> FF75 08 /PUSH DWORD PTR SS:[EBP+8]
73D32388 |. FF75 0C |PUSH DWORD PTR SS:[EBP+C]
73D3238B |. 53 |PUSH EBX
73D3238C |. FF76 04 |PUSH DWORD PTR DS:[ESI+4]
73D3238F |. E8 DAFEFFFF |CALL MFC42.#1145_?AfxFindMessageEntry@@YGPBUAFX_MSGMAP_ENTRY@@PBU1@III@Z
73D32394 |. 85C0 |TEST EAX,EAX
73D32396 |. 75 0F |JNZ SHORT MFC42.73D323A7
73D32398 |. FF16 |CALL DWORD PTR DS:[ESI]
73D3239A |> 8BF0 MOV ESI,EAX
73D3239C |. 85F6 |TEST ESI,ESI
73D3239E |.^ 75 E5 \JNZ SHORT MFC42.73D32385
73D323A0 |> 5E POP ESI
73D323A1 |. 5B POP EBX
73D323A2 |> 5F POP EDI
73D323A3 |. 5D POP EBP
73D323A4 |. C2 1000 RETN 10
73D323A7 |> FF75 14 PUSH DWORD PTR SS:[EBP+14]
73D323AA |. FF70 10 PUSH DWORD PTR DS:[EAX+10]
73D323AD |. FF75 10 PUSH DWORD PTR SS:[EBP+10]
73D323B0 |. FF70 14 PUSH DWORD PTR DS:[EAX+14]
73D323B3 |. FF75 0C PUSH DWORD PTR SS:[EBP+C]
73D323B6 |. FF75 08 PUSH DWORD PTR SS:[EBP+8]
73D323B9 |. 57 PUSH EDI
73D323BA |. E8 7F000000 CALL MFC42.73D3243E ;调用_AfxDispatchCmdMsg 这个函数
73D323BF \.^ EB DF JMP SHORT MFC42.73D323A0
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
AFX_STATIC BOOL AFXAPI _AfxDispatchCmdMsg(CCmdTarget* pTarget, UINT nID, int nCode,
AFX_PMSG pfn, void* pExtra, UINT nSig, AFX_CMDHANDLERINFO* pHandlerInfo)
// return TRUE to stop routing
{
ASSERT_VALID(pTarget);
UNUSED(nCode); // unused in release builds
union MessageMapFunctions mmf;
mmf.pfn = pfn;
BOOL bResult = TRUE; // default is ok
if (pHandlerInfo != NULL)
{
// just fill in the information, don't do it
pHandlerInfo->pTarget = pTarget;
pHandlerInfo->pmf = mmf.pfn;
return TRUE;
}
switch (nSig)
{
case AfxSig_vv:
// normal command or control notification
ASSERT(CN_COMMAND == 0); // CN_COMMAND same as BN_CLICKED
ASSERT(pExtra == NULL);
(pTarget->*mmf.pfn_COMMAND)();
break;
case AfxSig_bv:
// normal command or control notification
ASSERT(CN_COMMAND == 0); // CN_COMMAND same as BN_CLICKED
ASSERT(pExtra == NULL);
bResult = (pTarget->*mmf.pfn_bCOMMAND)();
break;
case AfxSig_vw:
// normal command or control notification in a range
ASSERT(CN_COMMAND == 0); // CN_COMMAND same as BN_CLICKED
ASSERT(pExtra == NULL);
(pTarget->*mmf.pfn_COMMAND_RANGE)(nID);
break;
case AfxSig_bw:
// extended command (passed ID, returns bContinue)
ASSERT(pExtra == NULL);
bResult = (pTarget->*mmf.pfn_COMMAND_EX)(nID);
break;
case AfxSig_vNMHDRpl:
{
AFX_NOTIFY* pNotify = (AFX_NOTIFY*)pExtra;
ASSERT(pNotify != NULL);
ASSERT(pNotify->pResult != NULL);
ASSERT(pNotify->pNMHDR != NULL);
(pTarget->*mmf.pfn_NOTIFY)(pNotify->pNMHDR, pNotify->pResult);
}
break;
case AfxSig_bNMHDRpl:
{
AFX_NOTIFY* pNotify = (AFX_NOTIFY*)pExtra;
ASSERT(pNotify != NULL);
ASSERT(pNotify->pResult != NULL);
ASSERT(pNotify->pNMHDR != NULL);
bResult = (pTarget->*mmf.pfn_bNOTIFY)(pNotify->pNMHDR, pNotify->pResult);
}
break;
case AfxSig_vwNMHDRpl:
{
AFX_NOTIFY* pNotify = (AFX_NOTIFY*)pExtra;
ASSERT(pNotify != NULL);
ASSERT(pNotify->pResult != NULL);
ASSERT(pNotify->pNMHDR != NULL);
(pTarget->*mmf.pfn_NOTIFY_RANGE)(nID, pNotify->pNMHDR,
pNotify->pResult);
}
break;
case AfxSig_bwNMHDRpl:
{
AFX_NOTIFY* pNotify = (AFX_NOTIFY*)pExtra;
ASSERT(pNotify != NULL);
ASSERT(pNotify->pResult != NULL);
ASSERT(pNotify->pNMHDR != NULL);
bResult = (pTarget->*mmf.pfn_NOTIFY_EX)(nID, pNotify->pNMHDR,
pNotify->pResult);
}
break;
case AfxSig_cmdui:
{
// ON_UPDATE_COMMAND_UI or ON_UPDATE_COMMAND_UI_REFLECT case
ASSERT(CN_UPDATE_COMMAND_UI == (UINT)-1);
ASSERT(nCode == CN_UPDATE_COMMAND_UI || nCode == 0xFFFF);
ASSERT(pExtra != NULL);
CCmdUI* pCmdUI = (CCmdUI*)pExtra;
ASSERT(!pCmdUI->m_bContinueRouting); // idle - not set
(pTarget->*mmf.pfn_UPDATE_COMMAND_UI)(pCmdUI);
bResult = !pCmdUI->m_bContinueRouting;
pCmdUI->m_bContinueRouting = FALSE; // go back to idle
}
break;
case AfxSig_cmduiw:
{
// ON_UPDATE_COMMAND_UI case
ASSERT(nCode == CN_UPDATE_COMMAND_UI);
ASSERT(pExtra != NULL);
CCmdUI* pCmdUI = (CCmdUI*)pExtra;
ASSERT(pCmdUI->m_nID == nID); // sanity assert
ASSERT(!pCmdUI->m_bContinueRouting); // idle - not set
(pTarget->*mmf.pfn_UPDATE_COMMAND_UI_RANGE)(pCmdUI, nID);
bResult = !pCmdUI->m_bContinueRouting;
pCmdUI->m_bContinueRouting = FALSE; // go back to idle
}
break;
// general extensibility hooks
case AfxSig_vpv:
(pTarget->*mmf.pfn_OTHER)(pExtra);
break;
case AfxSig_bpv:
bResult = (pTarget->*mmf.pfn_OTHER_EX)(pExtra);
break;
default: // illegal
ASSERT(FALSE);
return 0;
}
return bResult;
}
_AfxDispatchCmdMsg汇编代码:
73D3243E /$ 8BFF MOV EDI,EDI
73D32440 |. 55 PUSH EBP
73D32441 |. 8BEC MOV EBP,ESP
73D32443 |. 8B45 20 MOV EAX,DWORD PTR SS:[EBP+20]
73D32446 |. 53 PUSH EBX
73D32447 |. 33DB XOR EBX,EBX
73D32449 |. 43 INC EBX
73D3244A |. 85C0 TEST EAX,EAX
73D3244C |. 74 12 JE SHORT MFC42.73D32460
73D3244E |. 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
73D32451 |. 8908 MOV DWORD PTR DS:[EAX],ECX
73D32453 |. 8B4D 14 MOV ECX,DWORD PTR SS:[EBP+14]
73D32456 |. 8948 04 MOV DWORD PTR DS:[EAX+4],ECX
73D32459 |. 8BC3 MOV EAX,EBX
73D3245B |. E9 E4000000 JMP MFC42.73D32544
73D32460 |> 8B45 1C MOV EAX,DWORD PTR SS:[EBP+1C]
73D32463 |. 83F8 28 CMP EAX,28 ; Switch (cases 2..2F)
73D32466 |. 56 PUSH ESI
73D32467 |. 77 71 JA SHORT MFC42.73D324DA
73D32469 |. 74 5C JE SHORT MFC42.73D324C7
73D3246B |. 48 DEC EAX
73D3246C |. 48 DEC EAX
73D3246D |. 74 53 JE SHORT MFC42.73D324C2
73D3246F |. 83E8 0A SUB EAX,0A
73D32472 |. 74 46 JE SHORT MFC42.73D324BA
73D32474 |. 48 DEC EAX
73D32475 |. 74 3E JE SHORT MFC42.73D324B5
73D32477 |. 83E8 16 SUB EAX,16
73D3247A |. 74 2E JE SHORT MFC42.73D324AA
73D3247C |. 83E8 03 SUB EAX,3
73D3247F |. 74 16 JE SHORT MFC42.73D32497
73D32481 |. 48 DEC EAX
73D32482 |. 75 69 JNZ SHORT MFC42.73D324ED
73D32484 |. 8B45 18 MOV EAX,DWORD PTR SS:[EBP+18] ; Case 27 of switch 73D32463
73D32487 |. FF30 PUSH DWORD PTR DS:[EAX]
73D32489 |. 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
73D3248C |. FF70 04 PUSH DWORD PTR DS:[EAX+4]
73D3248F |. FF55 14 CALL DWORD PTR SS:[EBP+14]
73D32492 |. E9 A8000000 JMP MFC42.73D3253F
73D32497 |> 8B45 18 MOV EAX,DWORD PTR SS:[EBP+18] ; Case 26 of switch 73D32463
73D3249A |. FF30 PUSH DWORD PTR DS:[EAX]
73D3249C |. 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
73D3249F |. FF70 04 PUSH DWORD PTR DS:[EAX+4]
73D324A2 |. FF55 14 CALL DWORD PTR SS:[EBP+14]
73D324A5 |. E9 97000000 JMP MFC42.73D32541
73D324AA |> 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8] ; Case 23 of switch 73D32463
73D324AD |. FF55 14 CALL DWORD PTR SS:[EBP+14]
73D324B0 |. E9 8A000000 JMP MFC42.73D3253F
73D324B5 |> FF75 0C PUSH DWORD PTR SS:[EBP+C] ; Case D of switch 73D32463
73D324B8 |. EB 45 JMP SHORT MFC42.73D324FF
73D324BA |> 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8] ; Case C of switch 73D32463
73D324BD FF55 14 CALL DWORD PTR SS:[EBP+14]
73D324C0 |. EB 7F JMP SHORT MFC42.73D32541
73D324C2 |> FF75 0C PUSH DWORD PTR SS:[EBP+C] ; Case 2 of switch 73D32463
73D324C5 |. EB 2D JMP SHORT MFC42.73D324F4
73D324C7 |> 8B45 18 MOV EAX,DWORD PTR SS:[EBP+18] ; Case 28 of switch 73D32463
73D324CA |. FF30 PUSH DWORD PTR DS:[EAX]
73D324CC |. 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
73D324CF |. FF70 04 PUSH DWORD PTR DS:[EAX+4]
73D324D2 |. FF75 0C PUSH DWORD PTR SS:[EBP+C]
73D324D5 |. FF55 14 CALL DWORD PTR SS:[EBP+14]
73D324D8 |. EB 67 JMP SHORT MFC42.73D32541
73D324DA |> 83E8 29 SUB EAX,29
73D324DD |. 74 4F JE SHORT MFC42.73D3252E
73D324DF |. 83E8 03 SUB EAX,3
73D324E2 |. 74 3E JE SHORT MFC42.73D32522
73D324E4 |. 48 DEC EAX
73D324E5 |. 74 20 JE SHORT MFC42.73D32507
73D324E7 |. 48 DEC EAX
73D324E8 |. 74 12 JE SHORT MFC42.73D324FC
73D324EA |. 48 DEC EAX
73D324EB |. 74 04 JE SHORT MFC42.73D324F1
73D324ED |> 33C0 XOR EAX,EAX ; Default case of switch 73D32463
73D324EF |. EB 52 JMP SHORT MFC42.73D32543
73D324F1 |> FF75 18 PUSH DWORD PTR SS:[EBP+18] ; Case 2F of switch 73D32463
73D324F4 |> 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
73D324F7 |. FF55 14 CALL DWORD PTR SS:[EBP+14]
73D324FA |. EB 43 JMP SHORT MFC42.73D3253F
73D324FC |> FF75 18 PUSH DWORD PTR SS:[EBP+18] ; Case 2E of switch 73D32463
73D324FF |> 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
73D32502 |. FF55 14 CALL DWORD PTR SS:[EBP+14]
73D32505 |. EB 3A JMP SHORT MFC42.73D32541
73D32507 |> FF75 0C PUSH DWORD PTR SS:[EBP+C] ; Case 2D of switch 73D32463
73D3250A |. 8B75 18 MOV ESI,DWORD PTR SS:[EBP+18]
73D3250D |. 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
73D32510 |. 56 PUSH ESI
73D32511 |. FF55 14 CALL DWORD PTR SS:[EBP+14]
73D32514 |> 33DB XOR EBX,EBX
73D32516 |. 395E 1C CMP DWORD PTR DS:[ESI+1C],EBX
73D32519 |. 0F94C3 SETE BL
73D3251C |. 8366 1C 00 AND DWORD PTR DS:[ESI+1C],0
73D32520 |. EB 1F JMP SHORT MFC42.73D32541
73D32522 |> 8B75 18 MOV ESI,DWORD PTR SS:[EBP+18] ; Case 2C of switch 73D32463
73D32525 |. 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
73D32528 |. 56 PUSH ESI
73D32529 |. FF55 14 CALL DWORD PTR SS:[EBP+14]
73D3252C |.^ EB E6 JMP SHORT MFC42.73D32514
73D3252E |> 8B45 18 MOV EAX,DWORD PTR SS:[EBP+18] ; Case 29 of switch 73D32463
73D32531 |. FF30 PUSH DWORD PTR DS:[EAX]
73D32533 |. 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
73D32536 |. FF70 04 PUSH DWORD PTR DS:[EAX+4]
73D32539 |. FF75 0C PUSH DWORD PTR SS:[EBP+C]
73D3253C |. FF55 14 CALL DWORD PTR SS:[EBP+14]
73D3253F |> 8BD8 MOV EBX,EAX
73D32541 |> 8BC3 MOV EAX,EBX
73D32543 |> 5E POP ESI
73D32544 |> 5B POP EBX
73D32545 |. 5D POP EBP
73D32546 \. C2 1C00 RETN 1C