WINXP SP2 user32.dll callwindowproc (...)

";
VaR objtmp = Document. getelementbyid ("TOP ");
VaR bodyhtml = objtmp. innerhtml;
VaR strfns = "/R/N ";

// Analyze respond text !;
VaR strrestext = XMLHTTP. responsetext;
For (VAR I = 0; I

Tooltip

Callwindowproc is set as a macro, divided into callwindowproca and callwindowprocw.
In both functions a and W, callwindowprocaorw (...) is called. The prototype is lresult winapi callwindowprocaorw (wndproc PFN, hwnd, uint message, wparam, lparam, bool Bansi). function a sets Bansi to 1, the W function sets Bansi to 0.
The following describes the callwindowprocaorw (...) function.

Lresult winapi callwindowprocaorw (
Wndproc PFN,
Hwnd,
Uint message,
Wparam,
Lparam,
Bool Bansi)
{
Pcallprocdata PCPD;
/*
MoV EDI, EDI
Push EBP
MoV EBP, ESP
*/

/*
Push ESI
MoV ESI, [EBP + lpprevwndfunc]; ESI = lpprevwndfunc;
Test ESI, ESI; lpprevwndfunc = NULL?
JZ loc_77d41251; goto 77d41251: XOR eax, eax; ret;
*/
If (PFN = NULL)
{
Return 0l;
}

/*
MoV eax, 0ffff1_h; eax = cpdhandle_hi
MoV ECx, ESI; ECx = lpprevwndfunc;
And ECx, eax
CMP ECx, eax; (hiword) (lpprevwndfunc) = 0 xFFFF?
Push EDI
MoV EDI, [EBP + MSG]
JZ loc_77d1e909; goto 77d1e909
*/
If (iscpdtag (PFn ))
{
/*
77d1e909:
MoV DL, 7; # define type_callproc 7
MoV ECx, ESI; ECx = lpprevwndfunc
Call hmvalidatehandlenorip
Test eax, eax; retvalue = NULL?
JZ loc_77d2879d; return; 77d2879d is the code segment of the RET function.
*/
If (PCPD = hmvalidatehandlenorip (handle) PFN, type_callproc ))
{
/*
77d1e91a:
Cmp edi, 400 h; MSG> = wm_user? /* Do you still remember that EDI is MSG */
JNB short loc_77d1e933; goto 77d1e933
XOR ECx, ECx
MoV Cl, DS: byte_77d114e8 [EDI]; messagetable [Message]
Test Cl, 40 h; CL-1000000! = 0? Equivalent to test cl [06], 1
; Because only when bthunkmessage is true in msgtbl,
; Ifunction value can be non-zero. Therefore, test Cl, 40 h is equivalent to testing 7th bit.
; Bthunkmessage is 0?
Jnz loc_77d2877b; goto 77d2877b
JMP loc_77d1e933; the actual program does not have this sentence, because the above sentence jnz XXX is followed by e933
*/
If (Message> = wm_user) |
Messagetable [Message]. bthunkmessage = 1)/* norsd: XP's SC is dif from 2 K */
/*
Messagetable is an array of static global variables. Each size is 1 byte.
Because the bitfield is used, there are three variables.
*/
{
/*
77d1e933:
MoV ESI, [eax + 18 h]; PFN = ESI = PCPD-> pfnclientprevious;
JMP loc_77d1c614; cotinue;
*/
PFN = (wndproc) PCPD-> pfnclientprevious;
}
Else
{
/*
77d2877b:
Push [EBP + Bansi]
And ECx, 3fh; fnid_callwindowproc
Push 2b3h;
Push ESI; PFN
Push [EBP + hmem_lparam]
Push dword ptr [EBP + widecharstr_wparam]
Push EDI; msg
Push [EBP + hwnd]
Call DS: off_77d118e8 [ECx * 4]
JMP loc_77d1c63f; return;
*/
/* Client/usercli. h
# Define cssendmessage (hwnd, MSG, wparam, lparam, xparam, PFN, Bansi )/
(MSG)> = wm_user )? /
Ntusermessagecall (hwnd, MSG, wparam, lparam, xparam, PFN, Bansi ):/
Gapfnscsendmessage [messagetable [MSG]. ifunction]/
(Hwnd, MSG, wparam, lparam, xparam, PFN, Bansi ))
*/
Return cssendmessage (
Hwnd, message, wparam, lparam,
(Ulong_ptr) PFN, fnid_callwindowproc, Bansi );

}
}
Else
{
/* Loc_77d2879d :*/
Return 0;
}
}
Return callproc_wowcheck (PFN, hwnd, message, wparam, lparam );
}

. Text: 77d1c614
. Text: 77d1c614 loc_77d1c614:; Code xref: callwindowprocaorw_c5ee + 2348j
. Text: 77d1c614 mov ECx, [EBP + hwnd]; ECx = hwnd
. Text: 77d1c617 call sub_77d184d0
. Text: 77d1c61c test eax, eax; eax = NULL?
. Text: 77d1c61e JZ loc_77d287a4; if true
. Text: 77d1c61e; eax = 0;
. Text: 77d1c61e; goto 77d1c62a;
. Text: 77d1c624 mov eax, [eax + 9ch]; else
. Text: 77d1c624; eax = * (retvalue + 0x9c)
. Text: 77d1c62a
. Text: 77d1c62a loc_77d1c62a:; Code xref: callwindowprocaorw_c5ee + c1b8j
. Text: 77d1c62a push 0
. Text: 77d1c62c push 0
. Text: 77d1c62e push [EBP + hmem_lparam]; 0x0013 fa4c
. Text: 77d1c631 push dword ptr [EBP + widecharstr_wparam]; 0x0000 0000
. Text: 77d1c634 push EDI; MSG 0x0000 104d
. Text: 77d1c635 push [EBP + hwnd]
. Text: 77d1c638 push ESI; 0x771d 0491
. Text: 77d1c639 push eax; 0
. Text: 77d1c63a call sub_77d1875f
. Text: 77d1c63f
. Text: 77d1c63f loc_77d1c63f:; Code xref: callwindowprocaorw_c5ee + c1aaj
. Text: 77d1c63f; callwindowprocaorw_c5ee + c1b1j
. Text: 77d1c63f pop EDI
. Text: 77d1c640
. Text: 77d1c640 loc_77d1c640:; Code xref: callwindowprocaorw_c5ee + 24c65j
. Text: 77d1c640 pop ESI
. Text: 77d1c641 pop EBP
. Text: 77d1c642 retn 18 h

. Text: 77d1c642 callwindowprocaorw_c5ee endp

/* User. H */
Typedef struct tagmsg_table_entry {
Byte ifunction: 6;
Byte bthunkmessage: 1;
Byte bsynconlymessage: 1;
} Msg_table_entry;

Extern const msg_table_entry messagetable [];

/*
0 1 2 3 4 5 6 7
Ifunction bthunkmessage bsynconlymessage
*/

Typedef struct _ callprocdata {
Procw.head head;
Pcallprocdata spcpdnext;
Kernel_ulong_ptr pfnclientprevious;
Word wtype;
} Callprocdata;

Typedef struct _ procw.head {
Procobjhead;
Wrong head;
} Procsponhead, * pprocsponhead;

Typedef struct _ procobjhead {
Head;
DWORD htaskwow;
} Procobjhead, * pprocobjhead;

Typedef struct _ direction head {
Pdesktop rpdesk;
Kpbyte pself;
} Else head, * p1_head;

Typedef struct _ head {
Khandle h;
DWORD clockobj;
} Head, * phead;

End here