vc 消息查找

    找到窗口的虚函数表的地址

.rdata:0043FA58 ; const CMidlDlg::`vftable'
.rdata:0043FA58 ??_7CMidlDlg@@6B@ dd offset ?GetRuntimeClass@CDialog@@UBEPAUCRuntimeClass@@XZ
.rdata:0043FA58 ; DATA XREF: CMidlDlg::CMidlDlg(CWnd *)+31o
.rdata:0043FA58  ; CDialog::GetRuntimeClass(void)
.rdata:0043FA5C dd offset ??_GCMidlDlg@@UAEPAXI@Z; CMidlDlg::`scalar deleting destructor'(uint)
.rdata:0043FA60 dd offset ?Serialize@CObject@@UAEXAAVCArchive@@@Z; CObject::Serialize(CArchive &)
.rdata:0043FA64 dd offset ?OnCmdMsg@CDialog@@UAEHIHPAXPAUAFX_CMDHANDLERINFO@@@Z; CDialog::OnCmdMsg(uint,int,void *,AFX_CMDHANDLERINFO *)
.rdata:0043FA68 dd offset ?OnFinalRelease@CWnd@@UAEXXZ; CWnd::OnFinalRelease(void)
.rdata:0043FA6C dd offset ?IsInvokeAllowed@CCmdTarget@@UAEHJ@Z; CCmdTarget::IsInvokeAllowed(long)
.rdata:0043FA70 dd offset ?GetDispatchIID@CCmdTarget@@UAEHPAU_GUID@@@Z; CCmdTarget::GetDispatchIID(_GUID *)
.rdata:0043FA74 dd offset ?GetTypeInfoCount@CCmdTarget@@UAEIXZ; CCmdTarget::GetTypeInfoCount(void)
.rdata:0043FA78 dd offset ?GetTypeLibCache@CCmdTarget@@UAEPAVCTypeLibCache@@XZ; CCmdTarget::GetTypeLibCache(void)
.rdata:0043FA7C dd offset ?GetTypeLib@CCmdTarget@@UAEJKPAPAUITypeLib@@@Z; CCmdTarget::GetTypeLib(ulong,ITypeLib * *)
.rdata:0043FA80 dd offset ?GetMessageMap@CMidlDlg@@MBEPBUAFX_MSGMAP@@XZ; CMidlDlg::GetMessageMap(void)
.rdata:0043FA84 dd offset ?GetCommandMap@CCmdTarget@@MBEPBUAFX_OLECMDMAP@@XZ; CCmdTarget::GetCommandMap(void)

第十一个函数就是GetMessageMap,从这里可以找到消息结构的地址,定位到GetMessageMap

.text:00401250 ; protected: virtual struct AFX_MSGMAP const * __thiscall CMidlDlg::GetMessageMap(void)const
.text:00401250 ?GetMessageMap@CMidlDlg@@MBEPBUAFX_MSGMAP@@XZ proc near
.text:00401250 ; DATA XREF: .rdata:0043FA80o
.text:00401250 mov     eax, offset ?messageMap@CMidlDlg@@1UAFX_MSGMAP@@B; AFX_MSGMAP const CMidlDlg::messageMap
.text:00401255 retn
.text:00401255 ?GetMessageMap@CMidlDlg@@MBEPBUAFX_MSGMAP@@XZ endp

messageMap就是消息映射结构的地址,在定位到messageMap

.rdata:0043F908 ; protected: static struct AFX_MSGMAP const CMidlDlg::messageMap
.rdata:0043F908 ?messageMap@CMidlDlg@@1UAFX_MSGMAP@@B dd offset ?messageMap@CDialog@@1UAFX_MSGMAP@@B
.rdata:0043F908 ; DATA XREF: CMidlDlg::GetMessageMap(void)o
.rdata:0043F908  ; AFX_MSGMAP const CDialog::messageMap
.rdata:0043F90C dd offset ?_messageEntries@CMidlDlg@@0QBUAFX_MSGMAP_ENTRY@@B; AFX_MSGMAP_ENTRY const * const CMidlDlg::_messageEntries
.rdata:0043F910 ; private: static struct AFX_MSGMAP_ENTRY const * const CMidlDlg::_messageEntries
.rdata:0043F910 ?_messageEntries@CMidlDlg@@0QBUAFX_MSGMAP_ENTRY@@B dd 112h
.rdata:0043F910 ; DATA XREF: .rdata:0043F90Co
.rdata:0043F914 dd 0
.rdata:0043F918 dd 0
.rdata:0043F91C dd 0
.rdata:0043F920 dd 12h
.rdata:0043F924 dd offset ?OnSysCommand@CMidlDlg@@IAEXIJ@Z; CMidlDlg::OnSysCommand(uint,long)
.rdata:0043F928 dd 0Fh
.rdata:0043F92C dd 0
.rdata:0043F930 dd 0
.rdata:0043F934 dd 0
.rdata:0043F938 dd 0Ch
.rdata:0043F93C dd offset ?OnPaint@CMidlDlg@@IAEXXZ; CMidlDlg::OnPaint(void)
.rdata:0043F940 dd 37h
.rdata:0043F944 dd 0
.rdata:0043F948 dd 0
.rdata:0043F94C dd 0
.rdata:0043F950 dd 23h
.rdata:0043F954 dd offset ?OnQueryDragIcon@CMidlDlg@@IAEPAUHICON__@@XZ; CMidlDlg::OnQueryDragIcon(void)
.rdata:0043F958 dd 111h
.rdata:0043F95C dd 0
.rdata:0043F960 dd 3E8h
.rdata:0043F964 dd 3E8h
.rdata:0043F968 dd 0Ch
.rdata:0043F96C dd offset ?OnButton1@CMidlDlg@@IAEXXZ; CMidlDlg::OnButton1(void)
.rdata:0043F970 dd 0
.rdata:0043F974 dd 0
.rdata:0043F978 dd 0
.rdata:0043F97C dd 0
.rdata:0043F980 dd 0
.rdata:0043F984 dd 0