主要关注对hao123推量影响大的因素,比如竞品。
tp://msdn.microsoft.com/en-us/library/jj206442(v=vs.85).aspx IWebBrowser2接口 各种接口
http://msdn.microsoft.com/en-us/library/aa768400(v=vs.85).aspx 各种事件
http://www.goorush.com/408.html IDispEventImpl类处理事件。
http://www.goorush.com/410.html IDispEventSimpleImpl类通过bho捕获键盘鼠标事件
http://msdn.microsoft.com/zh-cn/library/aa741311(v=vs.85).aspx 浏览器扩展
http://msdn.microsoft.com/zh-cn/library/ms976373.aspx BHO微软官方主页
http://msdn.microsoft.com/en-us/library/aa768309(v=vs.85).aspx ie事件介绍
http://bbs.pediy.com/showthread.php?t=144938 ring3拦截bho
http://ued.ctrip.com/blog/?p=3295 浏览器是怎样工作的
html->解析(词法,句法分析)为dom tree ->解析为Render Tree->遍历渲染树绘制每一个节点。
一.ie体系
webbrowser host(重用webbrowser控件的程序,例如ie)
|
shdocvw.dll(包含了webbrowser control),提供各种文档的浏览能力给上层宿主。
|
mshtml.dll(active 文档服务器,但是却可以作为其他控件的容器)
|
activex control, active script engine, java applet, plug-in ,html
二.浏览器修改三种方式:浏览器扩展(Shortcut menu extensions\ Custom toolbars\Explorer Bars\BHO),Active X控件,自己写应用程序(比如自己写浏览器)
三.webbrowser有四个接口:
IwebBrowser,IwebBrowserApp(方法和属性典型地允许你控制浏览器窗口的用户接口,比如显示隐藏某个工具),IWebBrowser2.
他们的Document属性返回活动文档的自动化实现 (IDispatch)。如果 HTML 当前显示在WebBrowser, Document 属性给出你存取 DHTML 对象模型的途径.GetDocument 返回指向代表文档IDispatch 接口的指针.iwebbrowser2的ExecWB方法允许WebBrowser 开发者增加新的功能而不用创建新的参数。
四.通过ie导出借口修改ie行为的两种方式。
1.invoke消息循环 2.事件通知
打开网页调用顺序
OnBeforeNavigate2
OnDownloadBegin
OnDownloadComplete
OnNavigateComplete
OnNavigateProgress
OnDocumentComplete
ie支持的事件在DISPID_DOWNLOADBEGIN,转到定义 ExDispid.h中定义
五。导出方法介绍
1.SetSite()方法
bho对象初始化,执行仅仅发生一次的任务。比如取得IWebBrowser2接口指针。 只调用此方法两次,一次用于建立连接,另一次则是在浏览器退出时。
STDMETHODIMP CWipeImgBHO::SetSite(IUnknown* pUnkSite)
{
if (pUnkSite != NULL)
{
// 缓存指向 IWebBrowser2 的指针。
HRESULT hr = pUnkSite->QueryInterface(IID_IWebBrowser2, (void **)&m_WebBrowser);
if(SUCCEEDED(hr))
{
//Regist Event from DWebBrowserEvents2
// 注册以从 DWebBrowserEvents2 中汇集事件。
hr = DispEventAdvise(m_WebBrowser);
if (SUCCEEDED(hr))
{
m_Advised = TRUE;
}
}
}
else
{
if(m_Advised)
{
//Unregist event.
DispEventUnadvise(m_WebBrowser);
m_Advised = FALSE;
}
m_WebBrowser.Release();
}
return IObjectWithSiteImpl::SetSite(pUnkSite);
}
2.DownloadComplete事件
文档全部下载结束时触发。
3.connect
截获浏览器发出的事件,通过IConnectionPoint接口连接到浏览器上 并且实现传递接口IDispatch指针以处理各种事件.
一个COM 对象为了通客户通信, 对象自身必须支持一个或者多个外引接口.一个 COM 对象支持的外引接口是作为可连接对象引用. 要成为一个可连接对象,
COM对象必须实现IConnectionPointContainer 接口。通过此接口,客户可认识到那些外引接口被服务器支持. 外引接口实际通过连接点由客户挂接入COM实现。
实现外引接口的客户部分众所周知是通过事件接收槽(event sink)实现的.
HRESULT CViewSource::Connect(void)
{
HRESULT hr;
CComPtr spCP;
//为Web浏览器事件而接收(receive)连接点
//调用IconnectionPointContainer 的方法 FindConnectionPoint 找出你想接收的事件
//m_spCPC = m_spWebBrowser2;
hr = m_spCPC->FindConnectionPoint(DIID_DWebBrowserEvent2, &spCP);
if (FAILED(hr))
return hr;
// 把事件处理器传递到容器。每次事件发生容器都将激活我们实现的IDispatch接口上的相应的函数。
hr = spCP->Advise( reinterpret_cast(this), &m_dwCookie);
return hr;
}
4.invoke
BHO.IDispatch接口指针提供给浏览器。浏览器将回调IDispatch接口的Invoke() 方法,以事件的ID值作为第一参数:
HRESULT CViewSource::Invoke(DISPID dispidMember, REFIID riid,
LCID lcid, WORD wFlags, DISPPARAMS* pDispParams,
VARIANT* pvarResult, EXCEPINFO* pExcepInfo, UINT* puArgErr)
{
if (dispidMember == DISPID_DOCUMENTCOMPLETE) {
OnDocumentComplete();
m_bDocumentCompleted = true;
}
}
pUnkSite->查询IID_IWebBrowser2->IWebBrowser2 *->查询IID_IConnectionPointContainer->IConnectionPointContainer*->
FindConnectionPoint(DIID_DWebBrowserEvents2,&pCP);->pCP->Advise((IUnknown*)&EventSink,&adviseCookie);->CEventSink::Invoke
所有的事件在win2k源码中搜索FireEvent
bu SHLWAPI!EnumInvokeCallback+0x3b 进入每一个bho
kd> g
Breakpoint 3 hit
SHLWAPI!EnumInvokeCallback:
001b:77f6251b 8bff mov edi,edi
kd> kv 100
ChildEBP RetAddr Args to Child
0012705c 77f55e62 0016c53c 001270dc 001270dc SHLWAPI!EnumInvokeCallback (FPO: [Non-Fpo]) -----ok 通过IDispatch::Invoke调用一个bho的invoke
00127080 77f55dd6 0016c53c 001270b8 77f55df4 SHLWAPI!EnumConnectionPointSinks+0x6f (FPO: [Non-Fpo]) -----ok 通过IConnectionPoint::EnumConnections枚举连接点,调用对应的EnumProc
001270cc 77f55fcc 00162cfc 001270dc 00000003 SHLWAPI!IConnectionPoint_InvokeIndirect+0x7e (FPO: [Non-Fpo]) -----ok 直接调用EnumConnectionPointSinks
0012710c 7e56804b 00162cfc 000000fa 001271d0 SHLWAPI!IConnectionPoint_InvokeWithCancel+0x3a (FPO: [Non-Fpo]) -----ok 直接调用IConnectionPoint_InvokeIndirect
001271e4 7e57a931 02a79600 00162cfc 001272a8 SHDOCVW!DoInvokeParamHelper+0x47 (FPO: [Non-Fpo]) -----ok 根据参数多少调用不同的invoke,带不带cancel.
001272d0 7e5a09f6 02a79600 0008028c 02a79600 SHDOCVW!FireEvent_BeforeNavigate+0x1dc (FPO: [Non-Fpo]) -----ok 开始调用bho的事件
00127318 7e3246bb 00161884 02a793c0 02a79600 SHDOCVW!CBaseBrowser2::FireBeforeNavigate3+0x9f (FPO: [Non-Fpo])
001283d4 7e2af600 02a793b0 00128548 02a79d34 mshtml!CWebOCEvents::BeforeNavigate2+0x262 (FPO: [Non-Fpo])
0012a58c 7e2af202 0012a648 0012a630 02a79e90 mshtml!CDoc::DoNavigate+0xb00 (FPO: [Non-Fpo]) -----ok--此步事件不同,调用NavigateHere(处理#标签,还是要滚动垂直滚动条).ie已经运行,发送WM_BROWSER_OPENURL消息
0012a64c 7e2d6ad8 0012c700 00000000 02ca2160 mshtml!CDoc::FollowHyperlink+0x5f0 (FPO: [Non-Fpo]) -----ok 如果是地址栏输入url,则此处处理.
0012e704 7e2d6d4a 00000000 0020003a 00000000 mshtml!CFrameSite::OnPropertyChange_Src+0x4a6 (FPO: [Non-Fpo]) -----ok 属性页变化时触发
0012e780 7e2d6c02 7e2b06f5 02cfd6e0 001c5633 mshtml!CFrameSite::CreateObject+0x367 (FPO: [Non-Fpo])---此处向下360不同
0012e784 7e2b06f5 02cfd6e0 001c5633 00000000 mshtml!CHtmIframeParseCtx::Execute+0xb (FPO: [0,0,0])
0012e7d0 7e27cf47 02cfe890 02cfd6e0 7e2a4b87 mshtml!CHtmParse::Execute+0x41 (FPO: [Uses EBP] [1,15,0])---此处向上360不同
0012e7dc 7e2a4b87 7e2a4ba5 001c5633 02cfd6e0 mshtml!CHtmPost::Broadcast+0xd (FPO: [1,0,0])
0012e898 7e2b101a 001c5633 02cfd6e0 029402d0 mshtml!CHtmPost::Exec+0x32f (FPO: [Uses EBP] [1,41,0])
0012e8b0 7e294be4 001c5633 029402d0 02cfd6e0 mshtml!CHtmPost::Run+0x55 (FPO: [Uses EBP] [1,0,0])
0012e8c0 7e295023 029402d0 001c5633 02cfd6e0 mshtml!PostManExecute+0x51 (FPO: [3,0,0])
0012e8d8 7e294fa6 02cfd6e0 00000001 7e293ffc mshtml!PostManResume+0x71 (FPO: [2,0,0])
0012e8e4 7e293ffc 02cfdaa0 02cfd6e0 0012e928 mshtml!CHtmPost::OnDwnChanCallback+0xc (FPO: [2,0,0])
0012e8f4 7e27cb3b 02cfdaa0 00000000 00000000 mshtml!CDwnChan::OnMethodCall+0x19 (FPO: [Non-Fpo]) -----ok
0012e928 7e278937 0012eac4 7e278852 00000000 mshtml!GlobalWndOnMethodCall+0x66 (FPO: [Non-Fpo]) -----ok for循环调用,处理导出的延迟过程调用
0012ea5c 77d18734 000f024c 00008002 00000000 mshtml!GlobalWndProc+0x1e2 (FPO: [Non-Fpo]) -----ok 处理iehtml消息,可以被导出的事件用WM_METHODCALL.其他事件比如mousemove,buttondown自己处理.
0012ea88 77d18816 7e278852 000f024c 00008002 USER32!InternalCallWinProc+0x28
0012eaf0 77d189cd 00000000 7e278852 000f024c USER32!UserCallWinProcCheckWow+0x150 (FPO: [Non-Fpo]) ---- CShellBrowser2::WndProcBS,CShellBrowser2的主要窗口函数,分发dispatch消息(调用webbrowse2的方法)
0012eb50 77d18a10 0012eb90 00000000 0012eb78 USER32!DispatchMessageWorker+0x306 (FPO: [Non-Fpo]) |
0012eb60 75f0d875 0012eb90 00000000 001571b0 USER32!DispatchMessageW+0xf (FPO: [Non-Fpo]) |
0012eb78 75f15218 0012eb90 0012ee98 00000000 BROWSEUI!TimedDispatchMessage+0x33 (FPO: [Non-Fpo]) -----ok 消息循环 |
0012edd8 75f15389 001570a8 0012ee98 001570a8 BROWSEUI!BrowserThreadProc+0x336 (FPO: [Non-Fpo]) -----ok 初始化ie窗口类,窗口过程IEFrameWndProc,主消息循环。
0012ee6c 75f15655 001570a8 001570a8 00000000 BROWSEUI!BrowserProtectedThreadProc+0x50 (FPO: [Non-Fpo]) -----ok try中调用BrowserThreadProc
0012fef0 7e5d8d7a 001570a8 00000000 00000000 BROWSEUI!SHOpenFolderWindow+0x22c (FPO: [Non-Fpo]) -----ok处理select开关,检查是否可以用已经有的ie窗口。开启线程调用BrowserProtectedThreadProc
0012ff10 00402372 001423ba 00000001 00000000 SHDOCVW!IEWinMain+0x129 (FPO: [Non-Fpo]) -----ok 初始化收藏夹,废除类工厂对象,设置一些ie选项。
0012ff60 00402444 00400000 00000000 001423ba iexplore!WinMainT+0x2de (FPO: [Non-Fpo]) -----ok 载入相关dll
0012ffc0 7c817067 00000000 00000001 7ffde000 iexplore!_ModuleEntry+0x99 (FPO: [Non-Fpo]) -----ok
0012fff0 00000000 00402451 00000000 78746341 kernel32!BaseProcessStart+0x23 (FPO: [Non-Fpo])
kd> g
Breakpoint 2 hit
SHDOCVW!CBaseBrowser2::FireDownloadBegin:
001b:7e57a7d6 8bff mov edi,edi
kd> kv 100
ChildEBP RetAddr Args to Child
001283d8 7e2d81ca 00161880 001ae89c 00000000 SHDOCVW!CBaseBrowser2::FireDownloadBegin (FPO: [Non-Fpo])
001283f0 7e2d8143 00000000 00000000 001ae3d0 mshtml!CWebOCEvents::FireDownloadEvents+0xdc (FPO: [Non-Fpo])
0012a58c 7e2af202 0012a648 0012a630 02a79e90 mshtml!CDoc::DoNavigate+0xb70 (FPO: [Non-Fpo]) -----ok--此步事件不同,调用NavigateHere.
0012a64c 7e2d6ad8 0012c700 00000000 02ca2160 mshtml!CDoc::FollowHyperlink+0x5f0 (FPO: [Non-Fpo]) -----
0012e704 7e2d6d4a 00000000 0020003a 00000000 mshtml!CFrameSite::OnPropertyChange_Src+0x4a6 (FPO: [Non-Fpo])
0012e780 7e2d6c02 7e2b06f5 02cfd6e0 001c5633 mshtml!CFrameSite::CreateObject+0x367 (FPO: [Non-Fpo])
0012e784 7e2b06f5 02cfd6e0 001c5633 00000000 mshtml!CHtmIframeParseCtx::Execute+0xb (FPO: [0,0,0])
0012e7d0 7e27cf47 02cfe890 02cfd6e0 7e2a4b87 mshtml!CHtmParse::Execute+0x41 (FPO: [Uses EBP] [1,15,0])
0012e7dc 7e2a4b87 7e2a4ba5 001c5633 02cfd6e0 mshtml!CHtmPost::Broadcast+0xd (FPO: [1,0,0])
0012e898 7e2b101a 001c5633 02cfd6e0 029402d0 mshtml!CHtmPost::Exec+0x32f (FPO: [Uses EBP] [1,41,0])
0012e8b0 7e294be4 001c5633 029402d0 02cfd6e0 mshtml!CHtmPost::Run+0x55 (FPO: [Uses EBP] [1,0,0])
0012e8c0 7e295023 029402d0 001c5633 02cfd6e0 mshtml!PostManExecute+0x51 (FPO: [3,0,0])
0012e8d8 7e294fa6 02cfd6e0 00000001 7e293ffc mshtml!PostManResume+0x71 (FPO: [2,0,0])
0012e8e4 7e293ffc 02cfdaa0 02cfd6e0 0012e928 mshtml!CHtmPost::OnDwnChanCallback+0xc (FPO: [2,0,0])
0012e8f4 7e27cb3b 02cfdaa0 00000000 00000000 mshtml!CDwnChan::OnMethodCall+0x19 (FPO: [Non-Fpo])
0012e928 7e278937 0012eac4 7e278852 00000000 mshtml!GlobalWndOnMethodCall+0x66 (FPO: [Non-Fpo])
0012ea5c 77d18734 000f024c 00008002 00000000 mshtml!GlobalWndProc+0x1e2 (FPO: [Non-Fpo])
0012ea88 77d18816 7e278852 000f024c 00008002 USER32!InternalCallWinProc+0x28
0012eaf0 77d189cd 00000000 7e278852 000f024c USER32!UserCallWinProcCheckWow+0x150 (FPO: [Non-Fpo])
0012eb50 77d18a10 0012eb90 00000000 0012eb78 USER32!DispatchMessageWorker+0x306 (FPO: [Non-Fpo])
0012eb60 75f0d875 0012eb90 00000000 001571b0 USER32!DispatchMessageW+0xf (FPO: [Non-Fpo])
0012eb78 75f15218 0012eb90 0012ee98 00000000 BROWSEUI!TimedDispatchMessage+0x33 (FPO: [Non-Fpo])
0012edd8 75f15389 001570a8 0012ee98 001570a8 BROWSEUI!BrowserThreadProc+0x336 (FPO: [Non-Fpo])
0012ee6c 75f15655 001570a8 001570a8 00000000 BROWSEUI!BrowserProtectedThreadProc+0x50 (FPO: [Non-Fpo])
0012fef0 7e5d8d7a 001570a8 00000000 00000000 BROWSEUI!SHOpenFolderWindow+0x22c (FPO: [Non-Fpo])
0012ff10 00402372 001423ba 00000001 00000000 SHDOCVW!IEWinMain+0x129 (FPO: [Non-Fpo])
0012ff60 00402444 00400000 00000000 001423ba iexplore!WinMainT+0x2de (FPO: [Non-Fpo])
0012ffc0 7c817067 00000000 00000001 7ffde000 iexplore!_ModuleEntry+0x99 (FPO: [Non-Fpo])
0012fff0 00000000 00402451 00000000 78746341 kernel32!BaseProcessStart+0x23 (FPO: [Non-Fpo])
win7 堆栈
BhoProtect.dll!CBavBho::Invoke(long dispidMember=250, const _GUID & riid={...}, unsigned long lcid=0, unsigned short wFlags=1, tagDISPPARAMS * pDispParams=0x0318ab38, tagVARIANT * pVariant=Empty, tagEXCEPINFO * pExcepinfo=0x00000000, unsigned int * puArgErr=0x00000000) Line 86C++
ieframe.dll!EnumInvokeCallback() + 0x73f63 bytes
ieframe.dll!EnumConnectionPointSinks() + 0x73b91 bytes
ieframe.dll!_IConnectionPoint_InvokeIndirect@12() + 0x88 bytes
ieframe.dll!DoInvokeParamHelper() + 0xc3 bytes
ieframe.dll!_FireEvent_BeforeNavigate@48() + 0x197 bytes
ieframe.dll!CBaseBrowser2::_FireBeforeNavigateEventAndStartNavProgress() + 0x88 bytes
ieframe.dll!CBaseBrowser2::_FireBeforeNavigateEvent() + 0x1b8 bytes
ieframe.dll!CBaseBrowser2::v_NavigateToPidl() + 0xc1 bytes
ieframe.dll!CBaseBrowser2::_OnGoto() + 0x213 bytes
ieframe.dll!CBaseBrowser2::_OnAsyncOperation() + 0x1e bytes
ieframe.dll!CBaseBrowser2::v_WndProc() + 0x1f2bb bytes
ieframe.dll!CShellBrowser2::v_WndProc() + 0x28f6 bytes
ieframe.dll!CShellBrowser2::s_WndProc() + 0x62 bytes
user32.dll!_InternalCallWinProc@20() + 0x23 bytes
user32.dll!_UserCallWinProcCheckWow@32() + 0xb3 bytes
user32.dll!_DispatchMessageWorker@8() + 0xe6 bytes
user32.dll!_DispatchMessageW@4() + 0xf bytes
ieframe.dll!CTabWindow::_TabWindowThreadProc() + 0x39b bytes
ieframe.dll!LCIETab_ThreadProc() + 0x2fd bytes
iertutil.dll!CIsoScope::RegisterThread() - 0x2b65 bytes
ieframe.dll!Detour_DefWindowProcA() + 0x66a96 bytes
kernel32.dll!@BaseThreadInitThunk@12() + 0x12 bytes
ntdll.dll!___RtlUserThreadStart@8() + 0x27 bytes
ntdll.dll!__RtlUserThreadStart@8() + 0x1b bytes
查询主页堆栈
kd> g
Breakpoint 4 hit
SHDOCVW!URLSubRegQueryW:
*** ERROR: Symbol file could not be found. Defaulted to export symbols for Safehmpg.dll -
001b:7e606e01 e9cae7a091 jmp Safehmpg!SafehmpgHelper+0x11430 (100155d0)
kd> kv 100
ChildEBP RetAddr Args to Child
0012b410 7e5a79d5 7e55ae50 7e55f894 00000001 SHDOCVW!URLSubRegQueryW (FPO: [Non-Fpo])
0012c490 7e5a7b9d 0012c4b4 00000824 0000010e SHDOCVW!_GetStdLocation+0x94 (FPO: [Non-Fpo])
0012d500 7e5c5f95 00130144 00000000 00000000 SHDOCVW!SHDGetPageLocation+0x6d (FPO: [Non-Fpo])
0012d528 7e5c5fd6 00000000 0012e674 75f33f45 SHDOCVW!CIEFrameAuto::_GoStdLocation+0x28 (FPO: [Non-Fpo])
0012d534 75f33f45 0016a3c4 03699df8 00176220 SHDOCVW!CIEFrameAuto::GoHome+0x12 (FPO: [Non-Fpo])
0012e674 75f33655 00176220 03699df8 00000122 BROWSEUI!CInternetToolbar::Exec+0x1a4 (FPO: [Non-Fpo])
0012e6b8 75f33c01 00176220 00120240 0012e780 BROWSEUI!CInternetToolbar::_OnCommand+0xb9 (FPO: [Non-Fpo])
0012e718 77d18734 000d0180 00000111 000003f8 BROWSEUI!CInternetToolbar::SizableWndProc+0x340 (FPO: [Non-Fpo])
0012e744 77d18816 75f338c0 000d0180 00000111 USER32!InternalCallWinProc+0x28
0012e7ac 77d2927b 00000000 75f338c0 000d0180 USER32!UserCallWinProcCheckWow+0x150 (FPO: [Non-Fpo])
0012e7e8 77d292e3 00626010 00625fa8 000003f8 USER32!SendMessageWorker+0x4a5 (FPO: [Non-Fpo])
0012e808 77205d13 000d0180 00000111 000003f8 USER32!SendMessageW+0x7f (FPO: [Non-Fpo])
0012e870 772068ca 00080164 00000111 000003f8 comctl32!CReBar::_WndProc+0x11d (FPO: [Non-Fpo])
0012e894 77d18734 00080164 00000111 000003f8 comctl32!CReBar::s_WndProc+0x2c (FPO: [Non-Fpo])
0012e8c0 77d18816 7720689e 00080164 00000111 USER32!InternalCallWinProc+0x28
0012e928 77d2927b 00167ff0 7720689e 00080164 USER32!UserCallWinProcCheckWow+0x150 (FPO: [Non-Fpo])
0012e964 77d292e3 006260c0 00602af8 000003f8 USER32!SendMessageWorker+0x4a5 (FPO: [Non-Fpo])
0012e984 771f48aa 00080164 00000111 000003f8 USER32!SendMessageW+0x7f (FPO: [Non-Fpo])
0012e9ac 771f571b 0018ca40 00120240 00000202 comctl32!TBOnLButtonUp+0x122 (FPO: [Non-Fpo])
0012ea5c 77d18734 00120240 00000202 00000000 comctl32!ToolbarWndProc+0xb30 (FPO: [Non-Fpo])
0012ea88 77d18816 771f4beb 00120240 00000202 USER32!InternalCallWinProc+0x28
0012eaf0 77d189cd 00167ff0 771f4beb 00120240 USER32!UserCallWinProcCheckWow+0x150 (FPO: [Non-Fpo])
0012eb50 77d18a10 0012eb90 00000000 0012eb78 USER32!DispatchMessageWorker+0x306 (FPO: [Non-Fpo])
0012eb60 75f0d875 0012eb90 00000000 00168b70 USER32!DispatchMessageW+0xf (FPO: [Non-Fpo])
0012eb78 75f15218 0012eb90 0012ee98 00000000 BROWSEUI!TimedDispatchMessage+0x33 (FPO: [Non-Fpo])
0012edd8 75f15389 00168880 0012ee98 00168880 BROWSEUI!BrowserThreadProc+0x336 (FPO: [Non-Fpo])
0012ee6c 75f15655 00168880 00168880 00000000 BROWSEUI!BrowserProtectedThreadProc+0x50 (FPO: [Non-Fpo])
0012fef0 7e5d8d7a 00168880 00000000 00000000 BROWSEUI!SHOpenFolderWindow+0x22c (FPO: [Non-Fpo])
0012ff10 00402372 001423ba 000206c0 43010000 SHDOCVW!IEWinMain+0x129 (FPO: [Non-Fpo])
0012ff60 00402444 00400000 00000000 001423ba iexplore!WinMainT+0x2de (FPO: [Non-Fpo])
0012ffc0 7c817067 43010000 00000000 7ffdf000 iexplore!_ModuleEntry+0x99 (FPO: [Non-Fpo])
0012fff0 00000000 00402451 00000000 78746341 kernel32!BaseProcessStart+0x23 (FPO: [Non-Fpo])
--写于2013-12-13