PC版企业微信逆向之消息发送CALL-找不到参数文本消息内容，但是确定这就是消息发送CALL

现在遇到的问题是消息内容-如何查看通过esi里面的消息内容，找不到有效的
找不到参数文本消息内容，但是确定这就是消息发送CALL
消息发送call特征码为8d 47 08 50 56 e8 ?? ?? ?? ?? 8b 07

//消息发送CALL如下
**
02852932 8B07 mov eax,dword ptr ds:[edi]
02852934 8B88 00070000 mov ecx,dword ptr ds:[eax+0x700] ; ECX存储的是 消息接受方的ID对象
0285293A 0FB647 59 movzx eax,byte ptr ds:[edi+0x59]
0285293E 50 push eax ; 默认为1
0285293F 0FB647 58 movzx eax,byte ptr ds:[edi+0x58]
02852943 50 push eax
02852944 8D47 10 lea eax,dword ptr ds:[edi+0x10] ; 默认为0
02852947 50 push eax
02852948 8D47 08 lea eax,dword ptr ds:[edi+0x8]
0285294B 50 push eax
0285294C 56 push esi ; 老版本这里是消息内容的对象
0285294D E8 3AA7F9FF call WXWork.027ED08C ; 消息发送CAL - 2023年9月22日

**

028528F8 68 AC000000 push 0xAC
028528FD B8 6F12B504 mov eax,WXWork.04B5126F
02852902 E8 45FCF901 call WXWork.047F254C
02852907 8BF9 mov edi,ecx
02852909 89BD 78FFFFFF mov dword ptr ss:[ebp-0x88],edi
0285290F 8B75 08 mov esi,dword ptr ss:[ebp+0x8]
02852912 33DB xor ebx,ebx
02852914 8975 80 mov dword ptr ss:[ebp-0x80],esi
02852917 895D 90 mov dword ptr ss:[ebp-0x70],ebx
0285291A 8B06 mov eax,dword ptr ds:[esi]
0285291C 3B46 04 cmp eax,dword ptr ds:[esi+0x4]
0285291F 0F84 8A020000 je WXWork.02852BAF
02852925 8B07 mov eax,dword ptr ds:[edi]
02852927 8B88 E8060000 mov ecx,dword ptr ds:[eax+0x6E8]
0285292D E8 B95DFBFF call WXWork.028086EB
02852932 8B07 mov eax,dword ptr ds:[edi]
02852934 8B88 00070000 mov ecx,dword ptr ds:[eax+0x700] ; ECX存储的是 消息接受方的ID对象
0285293A 0FB647 59 movzx eax,byte ptr ds:[edi+0x59]
0285293E 50 push eax ; 默认为1
0285293F 0FB647 58 movzx eax,byte ptr ds:[edi+0x58]
02852943 50 push eax
02852944 8D47 10 lea eax,dword ptr ds:[edi+0x10] ; 默认为0
02852947 50 push eax
02852948 8D47 08 lea eax,dword ptr ds:[edi+0x8]
0285294B 50 push eax
0285294C 56 push esi ; 老版本这里是消息内容的对象
0285294D E8 3AA7F9FF call WXWork.027ED08C ; 消息发送CAL - 2023年9月22日
02852952 8B07 mov eax,dword ptr ds:[edi]
02852954 8B88 E8060000 mov ecx,dword ptr ds:[eax+0x6E8]
0285295A E8 2ABBFCFF call WXWork.0281E489 ; 获取UI文本字符串长度 DuiLib.DuiLib::CRichEditUI::GetTextLength
0285295F 8B07 mov eax,dword ptr ds:[edi]
02852961 8B88 E8060000 mov ecx,dword ptr ds:[eax+0x6E8]
02852967 E8 5E5DFBFF call WXWork.028086CA ; 清空UI文本框DuiLib.DuiLib::CRichEditUI::SetText
0285296C 8B3F mov edi,dword ptr ds:[edi]
0285296E 56 push esi
0285296F 8B07 mov eax,dword ptr ds:[edi]
02852971 8B70 3C mov esi,dword ptr ds:[eax+0x3C]
02852974 8BCE mov ecx,esi
02852976 FF15 3CB8E904 call dword ptr ds:[0x4E9B83C] ; ntdll.77D389F0
0285297C 8BCF mov ecx,edi
0285297E FFD6 call esi
02852980 50 push eax
02852981 E8 5EBBC0FF call WXWork.0245E4E4
02852986 8B85 78FFFFFF mov eax,dword ptr ss:[ebp-0x88]
0285298C 59 pop ecx
0285298D 59 pop ecx
0285298E 8D8D 60FFFFFF lea ecx,dword ptr ss:[ebp-0xA0]
02852994 8B00 mov eax,dword ptr ds:[eax]
02852996 51 push ecx
02852997 8B88 00070000 mov ecx,dword ptr ds:[eax+0x700]
0285299D E8 E849F9FF call WXWork.027E738A
028529A2 FF75 80 push dword ptr ss:[ebp-0x80]
028529A5 33C0 xor eax,eax
028529A7 8D4D 84 lea ecx,dword ptr ss:[ebp-0x7C]
028529AA 8945 FC mov dword ptr ss:[ebp-0x4],eax ; remote_assist_region
028529AD 8945 84 mov dword ptr ss:[ebp-0x7C],eax
028529B0 8945 88 mov dword ptr ss:[ebp-0x78],eax
028529B3 8945 8C mov dword ptr ss:[ebp-0x74],eax
028529B6 8D85 78FFFFFF lea eax,dword ptr ss:[ebp-0x88]
028529BC 50 push eax
028529BD 8D85 60FFFFFF lea eax,dword ptr ss:[ebp-0xA0]
028529C3 50 push eax
028529C4 E8 7715D6FD call WXWork.005B3F40
028529C9 8B7D 80 mov edi,dword ptr ss:[ebp-0x80]
028529CC 8D45 84 lea eax,dword ptr ss:[ebp-0x7C]
028529CF 50 push eax
028529D0 6A 01 push 0x1
028529D2 57 push edi
028529D3 C645 FC 01 mov byte ptr ss:[ebp-0x4],0x1
028529D7 E8 BA6718FF call WXWork.019D9196
028529DC 83C4 0C add esp,0xC
028529DF 8D4D 84 lea ecx,dword ptr ss:[ebp-0x7C]
028529E2 E8 696EC0FD call WXWork.00459850
028529E7 834D FC FF or dword ptr ss:[ebp-0x4],0xFFFFFFFF
028529EB 8D85 60FFFFFF lea eax,dword ptr ss:[ebp-0xA0]
028529F1 68 50B04100 push WXWork.0041B050
028529F6 6A 01 push 0x1
028529F8 6A 18 push 0x18
028529FA 50 push eax
028529FB E8 10F7F901 call WXWork.047F2110
02852A00 8B47 04 mov eax,dword ptr ds:[edi+0x4]
02852A03 8B37 mov esi,dword ptr ds:[edi]
02852A05 8945 80 mov dword ptr ss:[ebp-0x80],eax
02852A08 3BF0 cmp esi,eax
02852A0A 0F84 7C010000 je WXWork.02852B8C
02852A10 0F57C0 xorps xmm0,xmm0
02852A13 8D4D 88 lea ecx,dword ptr ss:[ebp-0x78]
02852A16 66:0F1345 88 movlps qword ptr ss:[ebp-0x78],xmm0
02852A1B 8365 88 00 and dword ptr ss:[ebp-0x78],0x0
02852A1F 8365 8C 00 and dword ptr ss:[ebp-0x74],0x0
02852A23 56 push esi
02852A24 E8 2041C3FD call WXWork.00486B49
02852A29 8B7D 88 mov edi,dword ptr ss:[ebp-0x78]
02852A2C C745 FC 0200000>mov dword ptr ss:[ebp-0x4],0x2
02852A33 837F 50 0D cmp dword ptr ds:[edi+0x50],0xD
02852A37 75 1E jnz short WXWork.02852A57
02852A39 8D85 60FFFFFF lea eax,dword ptr ss:[ebp-0xA0]
02852A3F 8BCF mov ecx,edi
02852A41 50 push eax
02852A42 E8 88E8CAFE call WXWork.015012CF
02852A47 83CB 01 or ebx,0x1
02852A4A C645 97 00 mov byte ptr ss:[ebp-0x69],0x0
02852A4E 895D 90 mov dword ptr ss:[ebp-0x70],ebx
02852A51 8378 10 00 cmp dword ptr ds:[eax+0x10],0x0
02852A55 75 04 jnz short WXWork.02852A5B
02852A57 C645 97 01 mov byte ptr ss:[ebp-0x69],0x1
02852A5B F6C3 01 test bl,0x1
02852A5E 74 11 je short WXWork.02852A71
02852A60 83E3 FE and ebx,0xFFFFFFFE
02852A63 8D8D 60FFFFFF lea ecx,dword ptr ss:[ebp-0xA0]
02852A69 895D 90 mov dword ptr ss:[ebp-0x70],ebx
02852A6C E8 B385BCFD call WXWork.0041B024
02852A71 807D 97 00 cmp byte ptr ss:[ebp-0x69],0x0
02852A75 74 12 je short WXWork.02852A89
02852A77 834D FC FF or dword ptr ss:[ebp-0x4],0xFFFFFFFF
02852A7B 8B4D 8C mov ecx,dword ptr ss:[ebp-0x74]
02852A7E 85C9 test ecx,ecx
02852A80 74 78 je short WXWork.02852AFA
02852A82 E8 81ADC2FD call WXWork.0047D808
02852A87 EB 71 jmp short WXWork.02852AFA
02852A89 6A 58 push 0x58
02852A8B 8D45 98 lea eax,dword ptr ss:[ebp-0x68]
02852A8E 6A 00 push 0x0
02852A90 50 push eax
02852A91 E8 85C3FB01 call
02852A96 83C4 0C add esp,0xC
02852A99 8D4D 98 lea ecx,dword ptr ss:[ebp-0x68]
02852A9C E8 E1FD0B01 call WXWork.03912882
02852AA1 8D85 60FFFFFF lea eax,dword ptr ss:[ebp-0xA0]
02852AA7 C645 FC 03 mov byte ptr ss:[ebp-0x4],0x3
02852AAB 50 push eax
02852AAC 8BCF mov ecx,edi
02852AAE E8 1CE8CAFE call WXWork.015012CF
02852AB3 50 push eax
02852AB4 8D4D 98 lea ecx,dword ptr ss:[ebp-0x68]
02852AB7 C645 FC 04 mov byte ptr ss:[ebp-0x4],0x4
02852ABB E8 0024DE01 call WXWork.04634EC0
02852AC0 8D8D 60FFFFFF lea ecx,dword ptr ss:[ebp-0xA0]
02852AC6 C645 FC 03 mov byte ptr ss:[ebp-0x4],0x3
02852ACA 8AD8 mov bl,al
02852ACC E8 5385BCFD call WXWork.0041B024
02852AD1 84DB test bl,bl
02852AD3 74 0A je short WXWork.02852ADF
02852AD5 8B45 A0 mov eax,dword ptr ss:[ebp-0x60]
02852AD8 C1E8 09 shr eax,0x9
02852ADB A8 01 test al,0x1
02852ADD 75 2C jnz short WXWork.02852B0B
02852ADF 8D4D 98 lea ecx,dword ptr ss:[ebp-0x68]
02852AE2 E8 2A040C01 call WXWork.03912F11
02852AE7 834D FC FF or dword ptr ss:[ebp-0x4],0xFFFFFFFF
02852AEB 8B4D 8C mov ecx,dword ptr ss:[ebp-0x74]
02852AEE 85C9 test ecx,ecx
02852AF0 74 05 je short WXWork.02852AF7
02852AF2 E8 11ADC2FD call WXWork.0047D808
02852AF7 8B5D 90 mov ebx,dword ptr ss:[ebp-0x70]
02852AFA 83C6 08 add esi,0x8
02852AFD 3B75 80 cmp esi,dword ptr ss:[ebp-0x80]
02852B00 ^ 0F85 0AFFFFFF jnz WXWork.02852A10
02852B06 E9 81000000 jmp WXWork.02852B8C
02852B0B 83A5 58FFFFFF 0>and dword ptr ss:[ebp-0xA8],0x0
02852B12 8D8D 48FFFFFF lea ecx,dword ptr ss:[ebp-0xB8]
02852B18 6A 21 push 0x21
02852B1A 68 BC443E05 push WXWork.053E44BC ; ASCII "wwdoc_create_im_collect_send_succ"
02852B1F C785 5CFFFFFF 0>mov dword ptr ss:[ebp-0xA4],0xF
02852B29 C685 48FFFFFF 0>mov byte ptr ss:[ebp-0xB8],0x0
02852B30 E8 6184BCFD call WXWork.0041AF96
02852B35 8D85 7CFFFFFF lea eax,dword ptr ss:[ebp-0x84]
02852B3B C645 FC 05 mov byte ptr ss:[ebp-0x4],0x5
02852B3F 50 push eax
02852B40 E8 338118FF call WXWork.019DAC78
02852B45 59 pop ecx
02852B46 8D8D 48FFFFFF lea ecx,dword ptr ss:[ebp-0xB8]
02852B4C C645 FC 06 mov byte ptr ss:[ebp-0x4],0x6
02852B50 51 push ecx
02852B51 8B08 mov ecx,dword ptr ds:[eax]
02852B53 68 2F2CBD04 push WXWork.04BD2C2F
02852B58 E8 DEC4C4FD call WXWork.0049F03B
02852B5D 8B4D 80 mov ecx,dword ptr ss:[ebp-0x80]
02852B60 85C9 test ecx,ecx
02852B62 74 05 je short WXWork.02852B69
02852B64 E8 9FACC2FD call WXWork.0047D808
02852B69 8D8D 48FFFFFF lea ecx,dword ptr ss:[ebp-0xB8]
02852B6F E8 B084BCFD call WXWork.0041B024
02852B74 8D4D 98 lea ecx,dword ptr ss:[ebp-0x68]
02852B77 E8 95030C01 call WXWork.03912F11
02852B7C 834D FC FF or dword ptr ss:[ebp-0x4],0xFFFFFFFF
02852B80 8B4D 8C mov ecx,dword ptr ss:[ebp-0x74]
02852B83 85C9 test ecx,ecx
02852B85 74 05 je short WXWork.02852B8C
02852B87 E8 7CACC2FD call WXWork.0047D808
02852B8C 8B85 78FFFFFF mov eax,dword ptr ss:[ebp-0x88]
02852B92 8B00 mov eax,dword ptr ds:[eax]
02852B94 8BB8 78060000 mov edi,dword ptr ds:[eax+0x678]
02852B9A 85FF test edi,edi
02852B9C 74 11 je short WXWork.02852BAF
02852B9E 8B07 mov eax,dword ptr ds:[edi]
02852BA0 8B70 04 mov esi,dword ptr ds:[eax+0x4]
02852BA3 8BCE mov ecx,esi
02852BA5 FF15 3CB8E904 call dword ptr ds:[0x4E9B83C] ; ntdll.77D389F0
02852BAB 8BCF mov ecx,edi
02852BAD FFD6 call esi
02852BAF E8 42F9F901 call WXWork.047F24F6
02852BB4 C2 0400 retn 0x4

//消息CALL内部反汇编代码如下
027ED08C 68 4C010000 push 0x14C
027ED091 B8 6B27B404 mov eax,WXWork.04B4276B
027ED096 E8 B1540002 call WXWork.047F254C
027ED09B 898D 68FFFFFF mov dword ptr ss:[ebp-0x98],ecx
027ED0A1 8B45 10 mov eax,dword ptr ss:[ebp+0x10]
027ED0A4 8B5D 0C mov ebx,dword ptr ss:[ebp+0xC]
027ED0A7 8B55 08 mov edx,dword ptr ss:[ebp+0x8]
027ED0AA 8945 88 mov dword ptr ss:[ebp-0x78],eax
027ED0AD 33C0 xor eax,eax
027ED0AF 8985 44FFFFFF mov dword ptr ss:[ebp-0xBC],eax
027ED0B5 895D 84 mov dword ptr ss:[ebp-0x7C],ebx
027ED0B8 8985 64FFFFFF mov dword ptr ss:[ebp-0x9C],eax
027ED0BE 3941 04 cmp dword ptr ds:[ecx+0x4],eax
027ED0C1 0F84 68050000 je WXWork.027ED62F
027ED0C7 8D7D D8 lea edi,dword ptr ss:[ebp-0x28]
027ED0CA AB stos dword ptr es:[edi]
027ED0CB AB stos dword ptr es:[edi]
027ED0CC AB stos dword ptr es:[edi]
027ED0CD 8B03 mov eax,dword ptr ds:[ebx]
027ED0CF 3B05 70156D05 cmp eax,dword ptr ds:[0x56D1570]
027ED0D5 75 0F jnz short WXWork.027ED0E6
027ED0D7 8B43 04 mov eax,dword ptr ds:[ebx+0x4]
027ED0DA 3B05 74156D05 cmp eax,dword ptr ds:[0x56D1574]
027ED0E0 75 04 jnz short WXWork.027ED0E6
027ED0E2 32C0 xor al,al
027ED0E4 EB 02 jmp short WXWork.027ED0E8
027ED0E6 B0 01 mov al,0x1
027ED0E8 50 push eax
027ED0E9 FF71 04 push dword ptr ds:[ecx+0x4]
027ED0EC 8D45 D8 lea eax,dword ptr ss:[ebp-0x28]
027ED0EF 52 push edx
027ED0F0 50 push eax
027ED0F1 E8 AB07EEFF call WXWork.026CD8A1
027ED0F6 83C4 10 add esp,0x10
027ED0F9 8365 FC 00 and dword ptr ss:[ebp-0x4],0x0
027ED0FD 8B7D DC mov edi,dword ptr ss:[ebp-0x24]
027ED100 8B75 D8 mov esi,dword ptr ss:[ebp-0x28]
027ED103 3BF7 cmp esi,edi
027ED105 74 1D je short WXWork.027ED124
027ED107 8B9D 68FFFFFF mov ebx,dword ptr ss:[ebp-0x98]
027ED10D 8B0E mov ecx,dword ptr ds:[esi]
027ED10F FF73 04 push dword ptr ds:[ebx+0x4]
027ED112 83C1 28 add ecx,0x28
027ED115 E8 EDDBC2FD call WXWork.0041AD07
027ED11A 83C6 08 add esi,0x8
027ED11D 3BF7 cmp esi,edi
027ED11F ^ 75 EC jnz short WXWork.027ED10D
027ED121 8B5D 84 mov ebx,dword ptr ss:[ebp-0x7C]
027ED124 E8 B85C6A00 call WXWork.02E92DE1
027ED129 8B75 DC mov esi,dword ptr ss:[ebp-0x24]
027ED12C 8D8D 48FFFFFF lea ecx,dword ptr ss:[ebp-0xB8]
027ED132 2B75 D8 sub esi,dword ptr ss:[ebp-0x28]
027ED135 83A5 58FFFFFF 0>and dword ptr ss:[ebp-0xA8],0x0
027ED13C 6A 61 push 0x61
027ED13E 68 70843D05 push WXWork.053D8470 ; ASCII "c:\devops\data\p-69612cea7efd43c3b27b5cac080d4ead\src\win\ui\instantmessaging\im_chat_manager.cpp"
027ED143 8945 E4 mov dword ptr ss:[ebp-0x1C],eax
027ED146 8955 E8 mov dword ptr ss:[ebp-0x18],edx
027ED149 C1FE 03 sar esi,0x3
027ED14C C785 5CFFFFFF 0>mov dword ptr ss:[ebp-0xA4],0xF
027ED156 C685 48FFFFFF 0>mov byte ptr ss:[ebp-0xB8],0x0
027ED15D E8 34DEC2FD call WXWork.0041AF96
027ED162 8B15 34BE8505 mov edx,dword ptr ds:[0x585BE34] ; WXWork.0593D812
027ED168 8BCA mov ecx,edx
027ED16A 83A5 7CFFFFFF 0>and dword ptr ss:[ebp-0x84],0x0
027ED171 C645 FC 01 mov byte ptr ss:[ebp-0x4],0x1
027ED175 C745 80 0F00000>mov dword ptr ss:[ebp-0x80],0xF
027ED17C C685 6CFFFFFF 0>mov byte ptr ss:[ebp-0x94],0x0
027ED183 8D79 01 lea edi,dword ptr ds:[ecx+0x1]
027ED186 8A01 mov al,byte ptr ds:[ecx]
027ED188 41 inc ecx
027ED189 84C0 test al,al
027ED18B ^ 75 F9 jnz short WXWork.027ED186
027ED18D 2BCF sub ecx,edi
027ED18F 51 push ecx
027ED190 52 push edx
027ED191 8D8D 6CFFFFFF lea ecx,dword ptr ss:[ebp-0x94]
027ED197 E8 FADDC2FD call WXWork.0041AF96
027ED19C 68 83030000 push 0x383
027ED1A1 8D85 48FFFFFF lea eax,dword ptr ss:[ebp-0xB8]
027ED1A7 C645 FC 02 mov byte ptr ss:[ebp-0x4],0x2
027ED1AB 50 push eax
027ED1AC 6A 02 push 0x2
027ED1AE 8D85 6CFFFFFF lea eax,dword ptr ss:[ebp-0x94]
027ED1B4 50 push eax
027ED1B5 FF35 94BF4207 push dword ptr ds:[0x742BF94]
027ED1BB 8D8D ACFEFFFF lea ecx,dword ptr ss:[ebp-0x154]
027ED1C1 E8 F820C9FD call WXWork.0047F2BE
027ED1C6 8BF8 mov edi,eax
027ED1C8 8B4F 1C mov ecx,dword ptr ds:[edi+0x1C]
027ED1CB C645 FC 03 mov byte ptr ss:[ebp-0x4],0x3
027ED1CF 85C9 test ecx,ecx
027ED1D1 74 2F je short WXWork.027ED202
027ED1D3 68 58853D05 push WXWork.053D8558 ; ASCII "ui: send message list. size: "
027ED1D8 51 push ecx
027ED1D9 E8 C286C2FD call WXWork.004158A0
027ED1DE 59 pop ecx
027ED1DF 59 pop ecx
027ED1E0 8B4F 1C mov ecx,dword ptr ds:[edi+0x1C]
027ED1E3 85C9 test ecx,ecx
027ED1E5 74 1B je short WXWork.027ED202
027ED1E7 56 push esi
027ED1E8 FF15 D4A4E904 call dword ptr ds:[<&MSVCP140.std::basic>; msvcp140.std::basic_ostream >::operator<<
027ED1EE 8B4F 1C mov ecx,dword ptr ds:[edi+0x1C]
027ED1F1 85C9 test ecx,ecx
027ED1F3 74 0D je short WXWork.027ED202
027ED1F5 68 78853D05 push WXWork.053D8578 ; ASCII " quoteid: "
027ED1FA 51 push ecx
027ED1FB E8 A086C2FD call WXWork.004158A0
027ED200 59 pop ecx
027ED201 59 pop ecx
027ED202 53 push ebx
027ED203 8BCF mov ecx,edi
027ED205 E8 FB12CAFD call WXWork.0048E505
027ED20A 8BF0 mov esi,eax
027ED20C 837E 1C 00 cmp dword ptr ds:[esi+0x1C],0x0
027ED210 74 0F je short WXWork.027ED221
027ED212 68 84853D05 push WXWork.053D8584 ; ASCII " message_group_tag: "
027ED217 FF76 1C push dword ptr ds:[esi+0x1C]
027ED21A E8 8186C2FD call WXWork.004158A0
027ED21F 59 pop ecx
027ED220 59 pop ecx
027ED221 8D45 E4 lea eax,dword ptr ss:[ebp-0x1C]
027ED224 8BCE mov ecx,esi
027ED226 50 push eax
027ED227 E8 D912CAFD call WXWork.0048E505
027ED22C 8D8D ACFEFFFF lea ecx,dword ptr ss:[ebp-0x154]
027ED232 E8 5421C9FD call WXWork.0047F38B
027ED237 8D8D 6CFFFFFF lea ecx,dword ptr ss:[ebp-0x94]
027ED23D E8 E2DDC2FD call WXWork.0041B024
027ED242 8D8D 48FFFFFF lea ecx,dword ptr ss:[ebp-0xB8]
027ED248 C645 FC 00 mov byte ptr ss:[ebp-0x4],0x0
027ED24C E8 D3DDC2FD call WXWork.0041B024
027ED251 8B45 DC mov eax,dword ptr ss:[ebp-0x24]
027ED254 2B45 D8 sub eax,dword ptr ss:[ebp-0x28]
027ED257 C1F8 03 sar eax,0x3
027ED25A 83F8 01 cmp eax,0x1
027ED25D 0F86 B3000000 jbe WXWork.027ED316
027ED263 83A5 7CFFFFFF 0>and dword ptr ss:[ebp-0x84],0x0
027ED26A 8D8D 6CFFFFFF lea ecx,dword ptr ss:[ebp-0x94]
027ED270 C685 6CFFFFFF 0>mov byte ptr ss:[ebp-0x94],0x0
027ED277 6A 0F push 0xF
027ED279 83F8 02 cmp eax,0x2
027ED27C 75 23 jnz short WXWork.027ED2A1
027ED27E 58 pop eax
027ED27F 50 push eax
027ED280 68 9C853D05 push WXWork.053D859C ; ASCII "message_merge_2"
027ED285 8945 80 mov dword ptr ss:[ebp-0x80],eax
027ED288 E8 09DDC2FD call WXWork.0041AF96
027ED28D 8D45 E4 lea eax,dword ptr ss:[ebp-0x1C]
027ED290 C645 FC 04 mov byte ptr ss:[ebp-0x4],0x4
027ED294 50 push eax
027ED295 E8 DED91EFF call WXWork.019DAC78
027ED29A 59 pop ecx ; conversation_notice_view
027ED29B C645 FC 05 mov byte ptr ss:[ebp-0x4],0x5
027ED29F EB 47 jmp short WXWork.027ED2E8
027ED2A1 83C0 FD add eax,-0x3
027ED2A4 83F8 03 cmp eax,0x3
027ED2A7 58 pop eax
027ED2A8 8945 80 mov dword ptr ss:[ebp-0x80],eax
027ED2AB 50 push eax
027ED2AC 77 1E ja short WXWork.027ED2CC
027ED2AE 68 AC853D05 push WXWork.053D85AC ; ASCII "message_merge_3"
027ED2B3 E8 DEDCC2FD call WXWork.0041AF96
027ED2B8 8D45 E4 lea eax,dword ptr ss:[ebp-0x1C]
027ED2BB C645 FC 06 mov byte ptr ss:[ebp-0x4],0x6
027ED2BF 50 push eax
027ED2C0 E8 B3D91EFF call WXWork.019DAC78
027ED2C5 59 pop ecx
027ED2C6 C645 FC 07 mov byte ptr ss:[ebp-0x4],0x7
027ED2CA EB 1C jmp short WXWork.027ED2E8
027ED2CC 68 BC853D05 push WXWork.053D85BC ; ASCII "message_merge_7"
027ED2D1 E8 C0DCC2FD call WXWork.0041AF96
027ED2D6 8D45 E4 lea eax,dword ptr ss:[ebp-0x1C]
027ED2D9 C645 FC 08 mov byte ptr ss:[ebp-0x4],0x8
027ED2DD 50 push eax
027ED2DE E8 95D91EFF call WXWork.019DAC78
027ED2E3 59 pop ecx
027ED2E4 C645 FC 09 mov byte ptr ss:[ebp-0x4],0x9
027ED2E8 8D8D 6CFFFFFF lea ecx,dword ptr ss:[ebp-0x94]
027ED2EE 51 push ecx
027ED2EF 8B08 mov ecx,dword ptr ds:[eax]
027ED2F1 68 DADAAD04 push WXWork.04ADDADA
027ED2F6 E8 401DCBFD call WXWork.0049F03B
027ED2FB 8B4D E8 mov ecx,dword ptr ss:[ebp-0x18]
027ED2FE 85C9 test ecx,ecx
027ED300 74 05 je short WXWork.027ED307
027ED302 E8 0105C9FD call WXWork.0047D808
027ED307 8D8D 6CFFFFFF lea ecx,dword ptr ss:[ebp-0x94]
027ED30D C645 FC 00 mov byte ptr ss:[ebp-0x4],0x0
027ED311 E8 0EDDC2FD call WXWork.0041B024
027ED316 E8 C65A6A00 call WXWork.02E92DE1
027ED31B FF75 88 push dword ptr ss:[ebp-0x78]
027ED31E 8985 3CFFFFFF mov dword ptr ss:[ebp-0xC4],eax
027ED324 8D4D 90 lea ecx,dword ptr ss:[ebp-0x70]
027ED327 8B03 mov eax,dword ptr ds:[ebx]
027ED329 8985 60FFFFFF mov dword ptr ss:[ebp-0xA0],eax
027ED32F 8B43 04 mov eax,dword ptr ds:[ebx+0x4]
027ED332 8995 40FFFFFF mov dword ptr ss:[ebp-0xC0],edx
027ED338 8945 84 mov dword ptr ss:[ebp-0x7C],eax
027ED33B E8 B4D4CFFE call WXWork.014EA7F4
027ED340 8D45 E4 lea eax,dword ptr ss:[ebp-0x1C]
027ED343 C645 FC 0A mov byte ptr ss:[ebp-0x4],0xA
027ED347 0F57C0 xorps xmm0,xmm0
027ED34A 50 push eax
027ED34B 66:0F1345 E4 movlps qword ptr ss:[ebp-0x1C],xmm0
027ED350 E8 3F36FFFF call WXWork.027E0994
027ED355 59 pop ecx
027ED356 8B45 DC mov eax,dword ptr ss:[ebp-0x24]
027ED359 8365 88 00 and dword ptr ss:[ebp-0x78],0x0
027ED35D 8B75 D8 mov esi,dword ptr ss:[ebp-0x28]
027ED360 C645 FC 0B mov byte ptr ss:[ebp-0x4],0xB
027ED364 8985 38FFFFFF mov dword ptr ss:[ebp-0xC8],eax
027ED36A 3BF0 cmp esi,eax
027ED36C 0F84 A1020000 je WXWork.027ED613
027ED372 8B9D 64FFFFFF mov ebx,dword ptr ss:[ebp-0x9C]
027ED378 83A5 00FFFFFF 0>and dword ptr ss:[ebp-0x100],0x0
027ED37F 8D8D F0FEFFFF lea ecx,dword ptr ss:[ebp-0x110]
027ED385 6A 0F push 0xF
027ED387 5F pop edi
027ED388 6A 61 push 0x61
027ED38A 68 70843D05 push WXWork.053D8470 ; ASCII "c:\devops\data\p-69612cea7efd43c3b27b5cac080d4ead\src\win\ui\instantmessaging\im_chat_manager.cpp"
027ED38F 89BD 04FFFFFF mov dword ptr ss:[ebp-0xFC],edi
027ED395 C685 F0FEFFFF 0>mov byte ptr ss:[ebp-0x110],0x0
027ED39C E8 F5DBC2FD call WXWork.0041AF96
027ED3A1 8B15 34BE8505 mov edx,dword ptr ds:[0x585BE34] ; WXWork.0593D812
027ED3A7 8BCA mov ecx,edx
027ED3A9 83A5 18FFFFFF 0>and dword ptr ss:[ebp-0xE8],0x0
027ED3B0 89BD 1CFFFFFF mov dword ptr ss:[ebp-0xE4],edi
027ED3B6 C645 FC 0C mov byte ptr ss:[ebp-0x4],0xC
027ED3BA C685 08FFFFFF 0>mov byte ptr ss:[ebp-0xF8],0x0
027ED3C1 8D79 01 lea edi,dword ptr ds:[ecx+0x1]
027ED3C4 8A01 mov al,byte ptr ds:[ecx]
027ED3C6 41 inc ecx
027ED3C7 84C0 test al,al
027ED3C9 ^ 75 F9 jnz short WXWork.027ED3C4
027ED3CB 2BCF sub ecx,edi
027ED3CD 51 push ecx
027ED3CE 52 push edx
027ED3CF 8D8D 08FFFFFF lea ecx,dword ptr ss:[ebp-0xF8]
027ED3D5 E8 BCDBC2FD call WXWork.0041AF96
027ED3DA 83A5 30FFFFFF 0>and dword ptr ss:[ebp-0xD0],0x0
027ED3E1 C785 34FFFFFF 0>mov dword ptr ss:[ebp-0xCC],0xF
027ED3EB C685 20FFFFFF 0>mov byte ptr ss:[ebp-0xE0],0x0
027ED3F2 68 A3030000 push 0x3A3
027ED3F7 8D85 F0FEFFFF lea eax,dword ptr ss:[ebp-0x110]
027ED3FD C645 FC 0E mov byte ptr ss:[ebp-0x4],0xE
027ED401 50 push eax
027ED402 6A 02 push 0x2
027ED404 8D85 08FFFFFF lea eax,dword ptr ss:[ebp-0xF8]
027ED40A 50 push eax
027ED40B FF35 94BF4207 push dword ptr ds:[0x742BF94]
027ED411 8D8D ACFEFFFF lea ecx,dword ptr ss:[ebp-0x154]
027ED417 E8 A21EC9FD call WXWork.0047F2BE
027ED41C 8BF8 mov edi,eax
027ED41E 837F 1C 00 cmp dword ptr ds:[edi+0x1C],0x0
027ED422 8B06 mov eax,dword ptr ds:[esi]
027ED424 C645 FC 0F mov byte ptr ss:[ebp-0x4],0xF
027ED428 8985 64FFFFFF mov dword ptr ss:[ebp-0x9C],eax
027ED42E 74 15 je short WXWork.027ED445
027ED430 68 CC853D05 push WXWork.053D85CC ; ASCII "ui: send message type: "
027ED435 FF77 1C push dword ptr ds:[edi+0x1C]
027ED438 E8 6384C2FD call WXWork.004158A0
027ED43D 8B85 64FFFFFF mov eax,dword ptr ss:[ebp-0x9C]
027ED443 59 pop ecx
027ED444 59 pop ecx
027ED445 83C0 50 add eax,0x50
027ED448 8BCF mov ecx,edi
027ED44A 50 push eax
027ED44B E8 ED92C9FD call WXWork.0048673D
027ED450 8D8D 20FFFFFF lea ecx,dword ptr ss:[ebp-0xE0]
027ED456 51 push ecx
027ED457 8BC8 mov ecx,eax
027ED459 E8 BA09DAFD call WXWork.0058DE18
027ED45E 8D8D ACFEFFFF lea ecx,dword ptr ss:[ebp-0x154]
027ED464 E8 221FC9FD call WXWork.0047F38B
027ED469 8D8D 20FFFFFF lea ecx,dword ptr ss:[ebp-0xE0]
027ED46F E8 B0DBC2FD call WXWork.0041B024
027ED474 8D8D 08FFFFFF lea ecx,dword ptr ss:[ebp-0xF8]
027ED47A E8 A5DBC2FD call WXWork.0041B024
027ED47F 8D8D F0FEFFFF lea ecx,dword ptr ss:[ebp-0x110]
027ED485 C645 FC 0B mov byte ptr ss:[ebp-0x4],0xB
027ED489 E8 96DBC2FD call WXWork.0041B024
027ED48E 807D 18 00 cmp byte ptr ss:[ebp+0x18],0x0
027ED492 8BBD 68FFFFFF mov edi,dword ptr ss:[ebp-0x98]
027ED498 C645 EF 00 mov byte ptr ss:[ebp-0x11],0x0
027ED49C 74 2F je short WXWork.027ED4CD
027ED49E 8D85 20FFFFFF lea eax,dword ptr ss:[ebp-0xE0]
027ED4A4 8BCF mov ecx,edi
027ED4A6 50 push eax
027ED4A7 E8 DE9EFFFF call WXWork.027E738A
027ED4AC 8D4D EF lea ecx,dword ptr ss:[ebp-0x11]
027ED4AF C645 FC 10 mov byte ptr ss:[ebp-0x4],0x10
027ED4B3 51 push ecx
027ED4B4 83CB 01 or ebx,0x1
027ED4B7 50 push eax
027ED4B8 899D 44FFFFFF mov dword ptr ss:[ebp-0xBC],ebx
027ED4BE E8 516C0A00 call WXWork.02894114
027ED4C3 C645 8F 01 mov byte ptr ss:[ebp-0x71],0x1
027ED4C7 59 pop ecx
027ED4C8 59 pop ecx
027ED4C9 84C0 test al,al
027ED4CB 75 04 jnz short WXWork.027ED4D1
027ED4CD C645 8F 00 mov byte ptr ss:[ebp-0x71],0x0
027ED4D1 C745 FC 0B00000>mov dword ptr ss:[ebp-0x4],0xB
027ED4D8 F6C3 01 test bl,0x1
027ED4DB 74 0E je short WXWork.027ED4EB
027ED4DD 8D8D 20FFFFFF lea ecx,dword ptr ss:[ebp-0xE0]
027ED4E3 83E3 FE and ebx,0xFFFFFFFE
027ED4E6 E8 39DBC2FD call WXWork.0041B024
027ED4EB 807D 8F 00 cmp byte ptr ss:[ebp-0x71],0x0
027ED4EF 74 26 je short WXWork.027ED517
027ED4F1 56 push esi
027ED4F2 E8 B7B00400 call WXWork.028385AE
027ED4F7 59 pop ecx
027ED4F8 84C0 test al,al
027ED4FA 74 1B je short WXWork.027ED517
027ED4FC 8B06 mov eax,dword ptr ds:[esi]
027ED4FE 8388 EC000000 0>or dword ptr ds:[eax+0xEC],0x2
027ED505 807D EF 00 cmp byte ptr ss:[ebp-0x11],0x0
027ED509 8B06 mov eax,dword ptr ds:[esi]
027ED50B 74 0A je short WXWork.027ED517
027ED50D 8188 EC000000 0>or dword ptr ds:[eax+0xEC],0x20000
027ED517 FF75 14 push dword ptr ss:[ebp+0x14]
027ED51A 8D45 E4 lea eax,dword ptr ss:[ebp-0x1C]
027ED51D 8BCF mov ecx,edi
027ED51F FF75 88 push dword ptr ss:[ebp-0x78]
027ED522 50 push eax
027ED523 FFB5 40FFFFFF push dword ptr ss:[ebp-0xC0]
027ED529 8D45 90 lea eax,dword ptr ss:[ebp-0x70]
027ED52C FFB5 3CFFFFFF push dword ptr ss:[ebp-0xC4]
027ED532 50 push eax
027ED533 FF75 84 push dword ptr ss:[ebp-0x7C]
027ED536 8D85 74FFFFFF lea eax,dword ptr ss:[ebp-0x8C]
027ED53C FFB5 60FFFFFF push dword ptr ss:[ebp-0xA0]
027ED542 56 push esi
027ED543 50 push eax
027ED544 E8 D477FFFF call WXWork.027E4D1D
027ED549 33C0 xor eax,eax
027ED54B 8DBD 50FFFFFF lea edi,dword ptr ss:[ebp-0xB0]
027ED551 AB stos dword ptr es:[edi]
027ED552 AB stos dword ptr es:[edi]
027ED553 AB stos dword ptr es:[edi]
027ED554 AB stos dword ptr es:[edi]
027ED555 33C0 xor eax,eax
027ED557 8985 58FFFFFF mov dword ptr ss:[ebp-0xA8],eax
027ED55D 8985 5CFFFFFF mov dword ptr ss:[ebp-0xA4],eax
027ED563 8B4D E4 mov ecx,dword ptr ss:[ebp-0x1C]
027ED566 8885 54FFFFFF mov byte ptr ss:[ebp-0xAC],al
027ED56C 8B45 88 mov eax,dword ptr ss:[ebp-0x78]
027ED56F 8985 50FFFFFF mov dword ptr ss:[ebp-0xB0],eax
027ED575 40 inc eax
027ED576 8945 88 mov dword ptr ss:[ebp-0x78],eax
027ED579 8D85 50FFFFFF lea eax,dword ptr ss:[ebp-0xB0]
027ED57F 50 push eax
027ED580 C645 FC 11 mov byte ptr ss:[ebp-0x4],0x11
027ED584 E8 D632FFFF call WXWork.027E085F
027ED589 A1 70156D05 mov eax,dword ptr ds:[0x56D1570]
027ED58E 8985 60FFFFFF mov dword ptr ss:[ebp-0xA0],eax
027ED594 A1 74156D05 mov eax,dword ptr ds:[0x56D1574]
027ED599 8945 84 mov dword ptr ss:[ebp-0x7C],eax
027ED59C 33C0 xor eax,eax
027ED59E 6A 0F push 0xF
027ED5A0 59 pop ecx
027ED5A1 8985 B8FEFFFF mov dword ptr ss:[ebp-0x148],eax
027ED5A7 8885 A8FEFFFF mov byte ptr ss:[ebp-0x158],al
027ED5AD 8985 D0FEFFFF mov dword ptr ss:[ebp-0x130],eax
027ED5B3 8885 C0FEFFFF mov byte ptr ss:[ebp-0x140],al
027ED5B9 8985 E8FEFFFF mov dword ptr ss:[ebp-0x118],eax
027ED5BF 8885 D8FEFFFF mov byte ptr ss:[ebp-0x128],al
027ED5C5 8D85 A8FEFFFF lea eax,dword ptr ss:[ebp-0x158]
027ED5CB 898D BCFEFFFF mov dword ptr ss:[ebp-0x144],ecx
027ED5D1 898D D4FEFFFF mov dword ptr ss:[ebp-0x12C],ecx
027ED5D7 898D ECFEFFFF mov dword ptr ss:[ebp-0x114],ecx
027ED5DD 8D4D 90 lea ecx,dword ptr ss:[ebp-0x70]
027ED5E0 50 push eax
027ED5E1 E8 642AD7FE call WXWork.0156004A
027ED5E6 8D8D A8FEFFFF lea ecx,dword ptr ss:[ebp-0x158]
027ED5EC E8 EBBBDBFD call WXWork.005A91DC
027ED5F1 8B8D 5CFFFFFF mov ecx,dword ptr ss:[ebp-0xA4]
027ED5F7 C645 FC 0B mov byte ptr ss:[ebp-0x4],0xB
027ED5FB 85C9 test ecx,ecx
027ED5FD 74 05 je short WXWork.027ED604
027ED5FF E8 0402C9FD call WXWork.0047D808
027ED604 83C6 08 add esi,0x8
027ED607 3BB5 38FFFFFF cmp esi,dword ptr ss:[ebp-0xC8]
027ED60D ^ 0F85 65FDFFFF jnz WXWork.027ED378
027ED613 8B4D E8 mov ecx,dword ptr ss:[ebp-0x18]
027ED616 85C9 test ecx,ecx
027ED618 74 05 je short WXWork.027ED61F
027ED61A E8 E901C9FD call WXWork.0047D808
027ED61F 8D4D 90 lea ecx,dword ptr ss:[ebp-0x70]
027ED622 E8 B5BBDBFD call WXWork.005A91DC
027ED627 8D4D D8 lea ecx,dword ptr ss:[ebp-0x28]
027ED62A E8 85CED8FD call WXWork.0057A4B4
027ED62F E8 C24E0002 call WXWork.047F24F6
027ED634 C2 1400 retn 0x14