Home > Others

[Turn] Easy language message mechanism analysis (message interception principle)

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Title: "original" Easy language message mechanism analysis (message interception principle)
Author: Red burnt Maple Leaf
Time: 2014-12-17,12:41:44
Links: http://bbs.pediy.com/showthread.php?t=195626

I made an easy-to-use SIG signature for easy analysis. Easy language examples are statically compiled. Version 5.11
Easy language is actually based on MFC, it still needs the message distribution mechanism of MFC, but the system and
The agent between the users. All the messages have to be forwarded by it. My message distribution function in MFC _afxdispatchcmdmsg
The next breakpoint, all events, including button events, are always broken. I pressed the button, broken in the following:
0045c7e0 _/$-Push ebp; Ewnd._afxdispatchcmdmsg (CCmdTarget *,uint,int,void (CCmdTarget::*) (void), void *,uint,afx_cmdhandlerinfo *) (guessed ARG1,ARG2,ARG3,ARG4,ARG5,ARG6,ARG7)
0045c7e1 |. 8BEC mov ebp, esp
0045c7e3 |. 8B45 mov eax, dword ptr Ss:[arg7]
0045c7e6 |. EBX push
0045c7e7 |. All-in-push ESI
0045c7e8 |. 6A Push 1
Not far below, the message was forwarded to:

It's just a bit of a hassle. I don't want to go around the user event processing step-by-step.
Therefore, we need to find the language to give users a place to distribute messages.
Tracking down:
00411688 |. FFD0 call eax; Ewnd. Processnotifysys (Int,ulong,ulong)

One of the steps to process the message, go ahead.
004116b4 |. E8 77c7ff call Ckrnlapp::notify (Int,ulong,ulong)
To continue:
0040e36d |> \8b4424 mov eax, dword ptr ss:[arg2]; Case 7D8 of Switch ewnd.40de4f
0040E371 |. 8BCE mov ecx, esi
0040E373 |. -Push eax; /ARG1 = [ARG2]
0040E374 |. E8 67a600 call Ckrnlapp::P rocessevent (event_notify *); \ewnd. Ckrnlapp::P rocessevent (event_notify *)//Processing dispatch messages
0040E379 |. E9 580700 jmp 0040ead6
0040e37e |> 8B4C24 mov ecx, dword ptr ss:[arg2]; Case 7EF of Switch ewnd.40de4f
0040E382 |. ECX push; /ARG1 = [ARG2]
0040E383 |. 8BCE mov ecx, esi; |
0040E385 |. E8 06a700 call Ckrnlapp::P rocessevent (event_notify2 *); \ewnd. Ckrnlapp::P rocessevent (EVENT_NOTIFY2 *)
0040e38a |. E9 470700 jmp 0040ead6
0040e38f |> 8b86 4802 mov eax, dword ptr ds:[esi+248]; Case 7DB of Switch ewnd.40de4f
To the place where the event was distributed! Follow up:
CPU Disasm
Address Hex Dump Command Comments
00418a06 |. ECX push; | ARG1 = ASCII "P" I "
00418a07 |. 8B4D E8 mov ecx, dword ptr ss:[local.6]; |
00418a0a |. E8 419AFF call Ckrnlapp::beginprocessevent (ulong,ulong,int,int); Get user-defined messages
00418a0f |. 8945 FC mov dword ptr ss:[local.1], eax
00418a12 |. 837D FC 0 cmp dword ptr SS:[LOCAL.1], 0; Determine if the message is a user.
00418a16 |. Jne Short 00418a1c
00418a18 |. 33c0 xor eax, eax
00418A1A |. EB in jmp short 00418a83
00418a1c |>, which is a user-defined message, comes here to handle.
00418a1d |. $ push EDI
00418a1e |. 8B55 mov edx, dword ptr ss:[arg1]
00418a21 |. 8b42 0C mov eax, dword ptr ds:[edx+0c]
00418a24 |. 83E8 eax Sub, 1
00418a27 |. 8945 EC mov dword ptr ss:[local.5], eax
00418A2A |. EB-JMP Short 00418a35
00418A2C |> 8b4d Ec/mov ecx, DWORD ptr SS:[LOCAL.5]
00418a2f |. 83E9 |sub ecx, 1
00418a32 |. 894D EC |mov dword ptr ss:[local.5], ecx
00418a35 |> 837D EC 0 |cmp dword ptr ss:[local.5], 0
00418a39 |. 7C |JL Short 00418a4d
00418a3b |. 8b55 EC |mov edx, DWORD ptr SS:[LOCAL.5]
00418a3e |. 8b45 |mov eax, DWORD ptr ss:[arg1]
00418a41 |. 8B4C90 |mov ecx, DWORD ptr ds:[edx*4+eax+10]
00418a45 |. 894D F0 |mov dword ptr ss:[local.4], ecx
00418a48 |. FF75 F0 |push dword ptr SS:[LOCAL.4]
00418a4b |. ^ EB DF \jmp Short 00418a2c
00418A4D |> FF55 FC call DWORD ptr SS:[LOCAL.1]//Invoke user message processing routines. This is called the event signature.
00418a50 |. 5F Pop EDI
00418a51 |. 5E pop esi
00418a52 |. 895D F4 mov dword ptr ss:[local.3], ebx

Did you see my comment? It's just that simple. I forgot where I saw it, and predecessors summed up the easy language event signature: ff55fc5f5e.
It seems that the principle is very simple.

Now summarize:
The easy language is actually based on MFC, it registers all the events,
The MFC event dispatch function _AFXDISPATCHCMDMSG sends all occurrences of events to the language,
At this time the easy language is equivalent to the user. Then the easy language calls Ckrnlapp::notify (Int,ulong,ulong), dispatches the event,
Call Ckrnlapp::P rocessevent (event_notify[2] *) to further process the dispatched event.
Then Ckrnlapp::beginprocessevent (ulong,ulong,int,int) Gets the user event, if it matches,
The user event-handling routine is called.
Perfect break down button event:

[Turn] Easy language message mechanism analysis (message interception principle)

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
ack message control message exit message log message message bundle message hash receive message

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More