小覷IE 瀏覽器ActiveX 控件創(chuàng)建過程

1. Activex 控件是怎么安裝的
一個(gè)HTML 中嵌入控件的例子

當(dāng)用IE 打開這個(gè)頁(yè)面的時(shí)候, IE 首先根據(jù) classid 在注冊(cè)表中(HKEY_CLASS_ROOT)查找其安裝信息, 如果未找到, 則IE 根據(jù)codebase 去看是否有對(duì)應(yīng)的控件存在; 如果還是不行, 則會(huì)一些控件注冊(cè)服務(wù)器聯(lián)系(列表在 HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CodeBaseSearchPath 可以找到 ), 一般是 http://activex.microsoft.com/objects/ocget.dll , http://codecs.microsoft.com/isapi/ocget.dll  , 然后服務(wù)器會(huì)告訴IE 從哪里去下載. 

FROM : http://oreilly.com/catalog/malmobcode/chapter/ch11.html


2. ActiveX 控件是如何啟動(dòng)的
創(chuàng)建一個(gè)控件有很多種方法
CoCreateInstance, CoGetInstanceFromFile, CoGetInstanceFromIStorage
CoCreateInstanceEx
CoGetClassObjectFromURL , CoGetClassObject 
CoGetObject, DllGetClassObject 等
基本調(diào)用順序好像是
(CoGetInstanceFromFile, CoGetInstanceFromIStorage ) -> CoCreateInstance
CoCreateInstanceEx
CoGetClassObjectFromURL -> CoGetClassObject 
其他沒有測(cè)試過... :9

IE 創(chuàng)建控件的時(shí)候會(huì)調(diào)用 CoGetClassObjectFromURL -> CoGetClassObject 的順序進(jìn)行, 而不是直接調(diào)用(CoCreateInstance 或者 CoCreateInstanceEx) , 但是免不了控件會(huì)自己調(diào)用 CoCreateInstanceEx, 比如Real 控件在創(chuàng)建的時(shí)候會(huì)調(diào)用Dx 的組件等.

獲取IE (控件)的所有鏈接(包括Frameset, iframe)

IE 頂層 body 節(jié)點(diǎn)通過IHTMLElement->get_all 方法無法獲取iframe 里面的節(jié)點(diǎn)列表

所以要獲取iframe/frame(frameset) 里面的節(jié)點(diǎn)列表的話, 則需要根據(jù)body/doc 找到frames, 然后從frames -> IHTMLWindow2 -> IHTMLDocument2 . 主要有2個(gè)方法, 下面是代碼片段
方法一:

方法二:

iframe 跨域訪問(cross frame)  zz from : http://codecentrix.blogspot.com/2007/10/when-ihtmlwindow2getdocument-returns.html 
由于安全性限制, 為防止跨域腳本攻擊, 當(dāng)frames 跨域的時(shí)候, IHTMLWindow2::get_document 調(diào)用將返回 E_ACCESSDENIED .
下面函數(shù) HtmlWindowToHtmlDocument  對(duì)于跨域的frame 通過 IHTMLWindow2 -> IID_IWebBrowserApp -> IHTMLWindow2 繞過了限制.

附:
IE(控件/接口)中主要有4個(gè)部分, Browser, Document, Frame/IFrame, Element , 其對(duì)應(yīng)接口分別是
Browser         -    IWebBrowser2
Document      -    IHTMLDocument2
Frame/IFrame-    IHTMLWindow2
Element         -    IHTMLElement
可以通過下面方法互相獲取
browser      -> document        IWebBrowser2::get_Document
document     -> frame           IHTMLDocument2::get_parentWindow
frame        -> document        IHTMLWindow2::get_document
frame        -> parent frame    IHTMLWindow2::get_parent
frame        -> children frames IHTMLWindow2::get_frames
element     -> Frame             IHTMLElement->QI(IHTMLFrameBase2) -> IHTMLFrameBase2->get_contentWindow -> IHTMLWindow2

ref:
在多Frame的網(wǎng)頁(yè)中怎么取出各個(gè)Frame的IHTMLDocument2的接口！急用.(高分)
在文章 When IHTMLWindow2::get_document returns E_ACCESSDENIED 解決了iframe 跨域訪問的問題

Apache 安裝在只讀分區(qū)上的配置

有時(shí)候Apache 程序安裝在NFS ,SAMBA, Windows 的共享盤上, 而且可能是只讀, 所以需要修改一些配置. 主要有:
# apache 運(yùn)行時(shí)所依賴文件
LockFile /path/to/apache-rproxy.lock
# apache 運(yùn)行時(shí)會(huì)修改的相關(guān)文件
PidFile /path/to/apache-rproxy.pid
ErrorLog /path/to/apache-rproxy.elog
CustomLog /path/to/apache-rproxy.dlog "%{%v/%T}t %h -> %{SERVER}e URL: %U"

具體說明如下

ServerRoot "/usr/local"
ServerRoot用于指定守護(hù)進(jìn)程httpd的運(yùn)行目錄，httpd在啟動(dòng)之后將自動(dòng)將進(jìn)程的當(dāng)前目錄改變?yōu)檫@個(gè)目錄，因此如果設(shè)置文件中指定的文件或目錄是相對(duì)路徑，那么真實(shí)路徑就位于這個(gè)ServerRoot定義的路徑之下。

由于httpd會(huì)經(jīng)常進(jìn)行并發(fā)的文件操作，就需要使用加鎖的方式來保證文件操作不沖突，由于NFS文件系統(tǒng)在文件加鎖方面能力有限，因此這個(gè)目錄應(yīng)該是本地磁盤文件系統(tǒng)，而不應(yīng)該使用NFS文件系統(tǒng)。

LockFile /var/run/httpd.lock
LockFile參數(shù)指定了httpd守護(hù)進(jìn)程的加鎖文件，一般不需要設(shè)置這個(gè)參數(shù)，Apache服務(wù)器將自動(dòng)在ServerRoot下面的路徑中進(jìn)行操作。但如果ServerRoot為NFS文件系統(tǒng)，便需要使用這個(gè)參數(shù)指定本地文件系統(tǒng)中的路徑。

PidFile /var/run/httpd.pid
PidFile指定的文件將記錄httpd守護(hù)進(jìn)程的進(jìn)程號(hào)，由于httpd能自動(dòng)復(fù)制其自身，因此系統(tǒng)中有多個(gè)httpd進(jìn)程，但只有一個(gè)進(jìn)程為最初啟動(dòng)的進(jìn)程，它為其他進(jìn)程的父進(jìn)程，對(duì)這個(gè)進(jìn)程發(fā)送信號(hào)將影響所有的httpd進(jìn)程。PidFILE定義的文件中就記錄httpd父進(jìn)程的進(jìn)程號(hào)。

C/C++ 的預(yù)處理變量,宏 和 預(yù)定義宏

== 預(yù)處理指令(Preprocessor Directives) ==

== 預(yù)處理操作符(Preprocessor Operators) ==
Stringizing operator (#)
Causes the corresponding actual argument to be enclosed in double quotation marks
將參數(shù)變成字符串 : #x -> "x"

Charizing operator (#@)
Causes the corresponding argument to be enclosed in single quotation marks and to be treated as a character (Microsoft Specific)
將參數(shù)變成字符變量 : #x -> 'x'

Token-pasting operator (##)
Allows tokens used as actual arguments to be concatenated to form other tokens
將參數(shù)和前面的符號(hào)結(jié)合 : token##x -> tokenx

== 預(yù)定義宏(Predefined Macros) ==

__FILE__
__LINE__

#define LINE1(x) #x
#define LINE(x) LINE1(x)
#define TODO(msg)   message ( __FILE__ "(" LINE(__LINE__)  "): [TODO] " #msg )
#define NOTE(msg)   message ( __FILE__ "(" LINE(__LINE__)  "): [NOTE] " #msg )

zz 自定義瀏覽器控件

同自動(dòng)化瀏覽器（http://blog.joycode.com/jiangsheng/archive/2005/10/20/65489.aspx）相比，自動(dòng)化瀏覽器控件(WebBrowser Control) 在應(yīng)用程序中更加常用。從Outlook的預(yù)覽窗格到Maxthon這樣的基于IE引擎的瀏覽器，從無界面的HTML分析器到Norton Antivirusd的主界面，瀏覽器控件在眾多領(lǐng)域被用作各種各樣的用途。這也使得有必要根據(jù)具體的用戶需求自定義瀏覽器控件的行為。

在應(yīng)用程序中加入瀏覽器控件

集成瀏覽器控件的最簡(jiǎn)單的方法是找一個(gè)支持ActiveX的集成開發(fā)環(huán)境，在工具箱中加入Microsoft Web Browser這個(gè)控件，往表單上拖一個(gè)這個(gè)控件就可以完成工作。你甚至可以用集成開發(fā)環(huán)境添加ActiveX的事件處理函數(shù)。如果要直接導(dǎo)入ActiveX的話，建議使用mehrcpp的vbMHWB控件（http://www.codeproject.com/atl/vbmhwb.asp）。這個(gè)控件在瀏覽器控件的基礎(chǔ)上進(jìn)行了擴(kuò)展，暴露了很多底層接口。

通常導(dǎo)入ActiveX就可以滿足大部分需求  ，但是有些類庫(kù)中也集成了瀏覽器控件，并且提供了更多的功能，例如MFC的CHTMLView和CDHtmlDialog，ATL的HTML Control，以及.Net 2.0中的Windows.Forms.WebBrowser。如果使用Visual C++來進(jìn)行非托管編程，那么建議使用MFC或者ATL的封裝類，或者使用vbMHWB控件。托管編程中當(dāng)然首選Windows.Forms.WebBrowser。除非這些類的BUG影響到了應(yīng)用程序的開發(fā)，否則建議使用這些功能更加強(qiáng)大的封裝類。

在使用瀏覽器控件及其封裝類的時(shí)候要注意一些已知問題

• 最后一個(gè)包含瀏覽器的窗口關(guān)閉時(shí)會(huì)話信息可能會(huì)丟失（http://support.microsoft.com/kb/311072）
• MFC6.0版本的CHTMLView中一些方法沒有釋放獲得的BSTR字符串，造成內(nèi)存泄漏（http://support.microsoft.com/kb/241750）。
• MFC6.0版本的CHTMLView缺少WS_CLIPCHILDREN風(fēng)格，使得其中的瀏覽器控件重畫不正常（http://support.microsoft.com/kb/220021）
• Windows.Forms.WebBrowser的WebBrowserSite類不能通過重載來自定義其行為（https://connect.microsoft.com/VisualStudio/feedback/ViewFeedback.aspx?FeedbackID=115198）

常見任務(wù)

在集成瀏覽器控件之后，可以完成基本的網(wǎng)頁(yè)瀏覽，但是對(duì)于不同的任務(wù)，也需要進(jìn)一步的處理，例如設(shè)置控件的屬性、為控件添加事件處理、操作HTML文檔等等。

修改瀏覽器控件的屬性

這在集成開發(fā)環(huán)境中可以很容易地設(shè)置，也可以自己實(shí)現(xiàn)容器來設(shè)置，但是CHTMLView這樣的封裝類沒有這個(gè)選項(xiàng)（http://support.microsoft.com/kb/197921）。

• 鏈接目標(biāo)解析。對(duì)于用瀏覽器控件來做瀏覽器的場(chǎng)合來說，需要將瀏覽器的RegisterAsBrowser屬性設(shè)置為true。這使得Internet Explorer在解析HTML鏈接的target屬性指定的目標(biāo)窗口時(shí)可以找到這個(gè)窗口。
• 禁用拖放。對(duì)于使用瀏覽器控件來做預(yù)覽窗格的場(chǎng)合來說，需要將瀏覽器的RegisterAsDropTarget屬性設(shè)置為false。這使得窗口不接受拖進(jìn)來的文件和鏈接。
• 禁用消息框。對(duì)于用瀏覽器控件來做HTML分析器的場(chǎng)合來說，有時(shí)需要屏蔽腳本產(chǎn)生的消息框以避免阻塞程序運(yùn)行。這可以通過設(shè)置瀏覽器的Silent屬性來實(shí)現(xiàn)，或者實(shí)現(xiàn)IDocHostShowUI::ShowMessage。

捕獲瀏覽器控件的事件

集成開發(fā)環(huán)境中可以也很容易地添加瀏覽器的事件處理函數(shù)。比較常用的事件包括

• NewWindow2或者NewWindow3事件。默認(rèn)情況下，瀏覽器控件中創(chuàng)建的新窗口會(huì)是一個(gè)Internet Explorer的窗口。這通常不是預(yù)期的行為，對(duì)于瀏覽器程序來說更是這樣。需要處理瀏覽器的NewWindow2或者NewWindow3（在Windows XP SP2或者Windows 2003 SP1之后可用）事件來讓新的瀏覽器窗口在應(yīng)用程序提供的窗口中運(yùn)行。
• WindowClosing事件。瀏覽器控件需要處理WindowClosing事件來在瀏覽器控件被腳本關(guān)閉時(shí)關(guān)閉瀏覽器控件的宿主窗口（http://support.microsoft.com/kb/253219）。
• BeforeNavigate2事件。可以在自己的網(wǎng)頁(yè)中加入自定義的協(xié)議，之后在BeforeNavigate2事件中掃描URL來進(jìn)行網(wǎng)頁(yè)和應(yīng)用程序之間的交互（http://www.microsoft.com/msj/0100/c/c0100.aspx）。當(dāng)然，自定義的網(wǎng)絡(luò)協(xié)議也可以用Asynchronous Pluggable Protocol來處理(參見http://support.microsoft.com/kb/303740)，vbMHWB控件就實(shí)現(xiàn)了這個(gè)功能。但是更加常用的是在彈出廣告過濾器程序中用BeforeNavigate2來判斷在NewWindow2事件中創(chuàng)建的窗口是否需要關(guān)閉。

操作MSHTML文檔

通常HTML分析和瀏覽器自動(dòng)化程序都需要分析網(wǎng)頁(yè)的結(jié)構(gòu)，找到需要操作的元素。這需要對(duì)網(wǎng)頁(yè)的結(jié)構(gòu)進(jìn)行分析，找到目標(biāo)元素的標(biāo)識(shí)方法。 一些常用的操作包括：

• 設(shè)置HTML元素的屬性，例如html、style、value等等。注意有些屬性是只讀的，甚至是程序無法訪問的（例如input元素在類型為文件時(shí)其value屬性不可訪問）。
• 分析網(wǎng)頁(yè)的結(jié)構(gòu)來保存網(wǎng)頁(yè)數(shù)據(jù)，例如拆取Web 頁(yè)一文介紹的方案（http://www.microsoft.com/china/msdn/Archives/workshop/scrape.asp）
• 處理HTML元素的事件。這需要分析瀏覽器控件中的MSHTML文檔對(duì)象，定位被操作的元素，以及在元素的連接點(diǎn)上掛接自定義的事件處理程序(http://msdn.microsoft.com/library/default.asp?url=/workshop/browser/mshtml/tutorials/sink.asp)。
• 添加/刪除HTML元素。注意設(shè)置有時(shí)設(shè)置outHtml屬性并不能正確創(chuàng)建元素（http://support.microsoft.com/kb/185140），一個(gè)的方法是用HTMLDocument對(duì)象的CreateElememt方法。
• 調(diào)用HTML元素的方法，這和在腳本中操作HTML類似。可操作的元素/接口可以參考Interfaces and Scripting Objects（http://msdn.microsoft.com/library/default.asp?url=/workshop/browser/mshtml/reference/ifaces/interface.asp），操作方法可以參考Introduction to Dynamic HTML（http://msdn.microsoft.com/library/default.asp?url=/workshop/browser/mshtml/reference/ifaces/interface.asp）
• 以上的功能都可以通過直接在網(wǎng)頁(yè)中加入腳本實(shí)現(xiàn)（http://support.microsoft.com/kb/185128），而且腳本也可以通過應(yīng)用程序?qū)崿F(xiàn)的擴(kuò)展接口來和應(yīng)用程序本身交互。另外，腳本還可以被用來自定義一些事件，例如在需要重載自定義的ShowModalDialog的時(shí)候就可以用IDispatchEx給window對(duì)象添加一個(gè)屬性，其值為一個(gè)自定義的ShowModalDialog函數(shù)(http://groups.google.com/group/microsoft.public.inetsdk.programming.webbrowser_ctl/browse_thread/thread/e5eeb4a9111b16af/4bc2709aeb2bb444?lnk=raot)，也可以用加入腳本的辦法來捕獲網(wǎng)頁(yè)中的錯(cuò)誤（http://support.microsoft.com/kb/317024）。

 在頁(yè)面包含框架的時(shí)候，可能需要跨框架訪問HTML文檔。可以通過查詢框架元素所支持的IWebBrowser2接口或者IHTMLWindow2接口來訪問框架中的文檔（http://support.microsoft.com/kb/196340），但是也有可能因?yàn)榘踩O(shè)置而無法訪問(http://support.microsoft.com/kb/167796)。

在瀏覽器控件中顯示其它類型的文檔時(shí)，可以用IWebBrowser2的document屬性來訪問ActiveX文檔，例如在顯示Microsoft Word時(shí)，IWebBrowser2的document屬性就是Word的文檔對(duì)象，在顯示文件夾的時(shí)候，IWebBrowser2的document屬性就是文件夾對(duì)象等等。

擴(kuò)展瀏覽器的宿主

瀏覽器控件在創(chuàng)建時(shí)會(huì)查詢ActiveX容器的IOleClientSite的實(shí)現(xiàn)的如下接口：IDocHostUIHandler, IDocHostUIHandler2 and IDocHostShowUI。

雖然在無法自定義ActiveX容器的情況下可以用ICustomDoc::SetUIHandler來掛接IDocHostUIHandler到瀏覽器控件，但是這樣也會(huì)造成內(nèi)存泄漏（http://support.microsoft.com/kb/893629）。一些類庫(kù)，例如MFC、ATL和.Net類庫(kù)都實(shí)現(xiàn)了IDocHostUIHandler接口。

除了專門用于瀏覽器用途的程序之外，通常都需要自定義瀏覽器控件的上下文菜單。這需要實(shí)現(xiàn)IDocHostUIHandler::ShowContextMenu。通常的實(shí)現(xiàn)包括完全禁用上下文菜單、完全替換上下文菜單、以及修改部分上下文菜單。經(jīng)常被從上下文菜單中移除的菜單項(xiàng)包含查看源代碼、刷新和屬性。一種替代的方案是在容器中過濾右鍵消息（http://support.microsoft.com/kb/231578）。

與瀏覽器相比，一些Internet Explorer的宿主功能在瀏覽器控件中并不是默認(rèn)啟用。在某些場(chǎng)合，默認(rèn)啟用的宿主功能可能并非預(yù)期。這時(shí)需要實(shí)現(xiàn)IDocHostUIHandler::GetHostInfo。可以通過實(shí)現(xiàn)IDocHostUIHandler::GetHostInfo來自定義的功能包括：

• 自動(dòng)完成功能。對(duì)于用瀏覽器控件來做瀏覽器的場(chǎng)合來說，這個(gè)功能是有必要啟用的。啟用的方法是設(shè)置DOCHOSTUIFLAG_ENABLE_FORMS_AUTOCOMPLETE位
• 如果瀏覽器中的鏈接網(wǎng)址包含非ASCII的字符，那么需要實(shí)現(xiàn)IDocHostUIHandler::GetHostInfo，并且在返回的DOCHOSTUIINFO結(jié)構(gòu)中設(shè)置dwFlags成員的DOCHOSTUIFLAG_URL_ENCODING_ENABLE_UTF8位。這使得網(wǎng)址會(huì)在發(fā)送之前用UTF-8編碼。
• 3D邊框、滾動(dòng)條，禁用文字選擇功能和禁用頁(yè)面上的腳本。
• 對(duì)于使用瀏覽器控件來做HTML編輯器的場(chǎng)合來說，有時(shí)需要修改默認(rèn)的頁(yè)面樣式。這都需要實(shí)現(xiàn)IDocHostUIHandler::GetHostInfo（http://support.microsoft.com/kb/328803）。注意在有些版本的IE中IDocHostUIHandler::GetHostInfo只在MSHTML被初始化的時(shí)候被調(diào)用，所以如果你需要在MSHTML被初始化之后使你的修改生效，你需要瀏覽到一個(gè)Word之類的非HTML Active document文檔，之后再瀏覽回來。

在使用瀏覽器控件來做數(shù)據(jù)錄入界面的場(chǎng)合，需要更改瀏覽器控件默認(rèn)的Tab鍵處理使得用戶可以使用Tab鍵切換到容器中的其他控件。這需要實(shí)現(xiàn)IDocHostUIHandler::TranslateAccelerator來自定義瀏覽器控件的快捷鍵處理。對(duì)于MFC這樣用消息鉤子來做消息預(yù)處理的可自定義容器來說，也可以用PreTranslateMessage來過濾F5鍵盤消息，而不是實(shí)現(xiàn)IDocHostUIHandler::TranslateAccelerator。

在腳本中調(diào)用應(yīng)用程序?qū)g覽器控件的擴(kuò)展，這需要實(shí)現(xiàn)IDocHostUIHandler::GetExternal。使用.Net的WebBrowser控件的話設(shè)置ObjectForScripting屬性就可以了。

對(duì)于用瀏覽器控件來做HTML分析器的場(chǎng)合來說，有時(shí)需要屏蔽腳本產(chǎn)生的消息框。這需要實(shí)現(xiàn)IDocHostShowUI::ShowMessage，或者設(shè)置瀏覽器的Silent屬性。

另外，瀏覽器也會(huì)查詢IOleClientSite來獲得其它的服務(wù)信息，例如

• IOleCommandTarget，查詢控件的容器是否提供替代的命令處理，見拙作Hook DHTML Commands一文（http://blog.joycode.com/jiangsheng/archive/2005/07/09/58754.aspx）
• IServiceProvider。此接口被用于查詢用戶對(duì)如下接口的實(shí)現(xiàn)：
  • IInternetSecurityManager ，用戶可實(shí)現(xiàn)此接口來自定義瀏覽器控件的安全相關(guān)選項(xiàng)（http://msdn.microsoft.com/workshop/security/szone/overview/impl_secmanager.asp）
  • IDownloadMamanger ，用戶可實(shí)現(xiàn)此接口來自定義瀏覽器控件的下載過程
  • IAuthenticate，用戶可實(shí)現(xiàn)此接口來自定義一些登錄界面（http://support.microsoft.com/kb/329802）
  • INewWindowManager，用戶可實(shí)現(xiàn)此接口來重載Windows XP SP2和Windows 2003 SP1中新增的彈出窗口管理器的行為

其他控制

對(duì)于用瀏覽器控件來做HTML分析器的場(chǎng)合來說，有時(shí)需要禁用瀏覽器的腳本、ActiveX或者圖片下載。這可以通過在容器中實(shí)現(xiàn)IDispatch，處理DISPID_AMBIENT_DLCONTROL來做到（http://msdn.microsoft.com/library/default.asp?url=/workshop/browser/overview/Overview.asp）。

看來離線瀏覽的控制并不能用這種方法來控制（http://support.microsoft.com/kb/247336）。不過你可以自己編寫一個(gè)HTTP層傳遞 BINDF_OFFLINEOPERATION標(biāo)志 （http://groups-beta.google.com/group/microsoft.public.inetsdk.programming.mshtml_hosting/msg/76bf4910a289d4b3）

在瀏覽器控件中java小程序可能不能正常運(yùn)行，如果使用Sun JVM1.4之后的版本，可以用SetEnvironmentVariable 來設(shè)置JAVA_PLUGIN_WEBCONTROL_ENABLE為1來啟用Sun JVM。

默認(rèn)情況下在頁(yè)面載入時(shí)會(huì)有點(diǎn)擊聲。屏蔽點(diǎn)擊聲的一個(gè)方法是在程序運(yùn)行時(shí)修改注冊(cè)表鍵（http://support.microsoft.com/kb/201901），另一個(gè)方法是將瀏覽器控件隱藏，在調(diào)用Navigate2之后再顯示，但是這也需要鎖定控件的更新區(qū)域（LockWindowUpdate）以避免閃爍。在IE7中，也可以調(diào)用 CoInternetSetFeatureEnabled函數(shù)，傳遞FEATURE_DISABLE_NAVIGATION_SOUNDS來禁用瀏覽時(shí)的聲音。

在需要使用代理服務(wù)器時(shí)，有可能需要在應(yīng)用程序中使用非默認(rèn)的代理服務(wù)器設(shè)置。這可以通過調(diào)用UrlMkSetSessionOption來實(shí)現(xiàn)。

Overriding IInternetSecurityManager in a CComControl class
CAxWindow implements IObjectWithSite interface (get it with QueryHost
method). Call SetSite passing your implementation of IServiceProvider.
At this point, AxWin will forward all QueryService calls from hosted
WebBrowser to your implementation.

ie 攻擊監(jiān)測(cè)

對(duì)ie 的攻擊分好幾類, 有修改主頁(yè), 彈出窗口, 惡意插件, 網(wǎng)頁(yè)木馬等. 其中一些是利用了ie 的腳本的自帶功能, 而另外一些要對(duì)ie 實(shí)施攻擊后才能做到, 主要手段有利用第三方軟件漏洞, ie 堆噴射等, 文章 [ [JavaScript中的堆風(fēng)水]|[ http://www.team509.com/download/Heap%20Feng%20Shui%20in%20JavaScript_en_cn.htm ] ] 對(duì)堆噴射進(jìn)行了介紹, 主要是利用覆蓋函數(shù)返回地址或者對(duì)象的虛函數(shù)表來執(zhí)行shellcode, 主要涉及到ie & 系統(tǒng)的內(nèi)存管理.
一般shellcode 基本只完成攻擊動(dòng)作, 具體的對(duì)系統(tǒng)的后續(xù)攻擊肯定離不了下載執(zhí)行 exe 文件等動(dòng)作, 并且在攻擊ie 也會(huì)有各種癥狀, 可以根據(jù)這些基本實(shí)現(xiàn)惡意代碼.

1. 根據(jù)ie 癥狀
當(dāng)ie 訪問惡意頁(yè)面的遭受攻擊時(shí), 其重要表現(xiàn)是
a. 內(nèi)存使用
b. cpu 使用率
所以實(shí)時(shí)監(jiān)測(cè)這些參數(shù)可以基本判斷是否有攻擊

2. 根據(jù)行為
shellcode 如果被執(zhí)行, 那么肯定會(huì)進(jìn)行木馬下載執(zhí)行等步驟. 一般純shellcode 里面的內(nèi)容不會(huì)很多, 所以不可能完成很多復(fù)雜的攻擊.
win32 創(chuàng)建進(jìn)程的API調(diào)用串是:
WinExec/ShellExecuteA/CreateProcessA->CreateProcessInternalA->CreateProcessInternalW->ZwCreateProcessEx
或
CreateProcessW->CreateProcessInternalW->ZwCreateProcessEx

win32 要執(zhí)行下載的API 主要是wsock32.dll 的
recv , recvfrom

所以對(duì)上述API 進(jìn)行攔截, 一般可以檢測(cè)到是否有ie 是否被攻擊, 但是這個(gè)只能在攻擊成功后, shellcode 執(zhí)行后才能被檢測(cè)到

3.
攔截一些操作注冊(cè)表, 創(chuàng)建窗口等API , 可以做到防止被修改主頁(yè), 彈出窗口等

 

利用ms 的Detours 可以很容易的實(shí)現(xiàn)對(duì)系統(tǒng) API 的hook
http://blog.csdn.net/hu0406/archive/2008/03/05/2150358.aspx
http://blog.csdn.net/hu0406/archive/2008/03/05/2150351.aspx
http://www.moon-soft.com/doc/2288.htm
http://blog.csdn.net/dedodong/archive/2006/10/07/1323925.aspx

[ [JavaScript中的堆風(fēng)水]|[ http://www.team509.com/download/Heap%20Feng%20Shui%20in%20JavaScript_en_cn.htm ] ] ie 堆噴射

[ [也聊inline-hook]|[ http://blog.tom.com/tigerkings941220/article/9211.html ] ] 介紹了 進(jìn)程自身保護(hù)(通過攔截LoadLibraryW)和IE漏洞防護(hù)(通過攔截CreateProcessInternalW)

[ [maxthon2(遨游2) mxsafe.dll對(duì)網(wǎng)頁(yè)木馬的防護(hù)以及繞過]|[ http://hi.baidu.com/54nop/blog/item/b52cff6e713964d980cb4a9e.html ] ] 討論了maxthon2 防止網(wǎng)頁(yè)木馬的策略( 攔截 ZwCreateProcessEx/ZwCreateProcess, ZwWriteVirtualMemory, LoadLibraryExW, CreateProcessInternalW )以及對(duì)抗策略, 其實(shí)這個(gè)只是hook & unhook 的游戲了..

[ [小議PE病毒技術(shù)]|[ http://blog.vckbase.com/windowssky/archive/2007/04/17.html ] ] 介紹了 pe 病毒 & win32 進(jìn)程加載內(nèi)部

[ [360安全衛(wèi)士程序員志愿者]|[ http://blog.csdn.net/dedodong/archive/2006/10/07/1323925.aspx ] ] 通過攔截 NtCreateProcessEx/NtCreateProcess 實(shí)現(xiàn)了"""編寫一個(gè)程序，在此程序中運(yùn)行a.exe，并使得a.exe認(rèn)為是由explorer.exe運(yùn)行它的"""

[ [阻擊惡意軟件--清除和保護(hù)你的網(wǎng)站的小技巧]|[ http://www.googlechinawebmaster.com/labels/badware.html ] ] google 上的對(duì)惡意軟件(badware) 的介紹

[ [StopBadware Blog]|[ http://blogs.stopbadware.org/articles/2007/11 ] ]

 

Windows Winnet 實(shí)現(xiàn)HTTP 文件斷點(diǎn)續(xù)傳下載

1. MFC 下載文件

有2種方法:
a)
創(chuàng)建CInternetSession 對(duì)象 -> 調(diào)用 CInternetSession::OpenURL 該函數(shù)解析URL，然后打開與URL指定的服務(wù)器連接，同時(shí)返回一個(gè)只讀的CInternetFile對(duì)象 -> CInternetFile::Read 讀取文件 -> 析構(gòu)CInternetSession

b)
創(chuàng)建CInternetSession 對(duì)象 -> 調(diào)用 CInternetSession::GetHttpConnection
返回CHttpConnection 對(duì)象 -> 調(diào)用CHttpConnection::OpenRequest 創(chuàng)建一個(gè)CHttpFile對(duì)象 -> CHttpFile::SendRequest 發(fā)送連接請(qǐng)求 -> CHttpFile::QueryInfo 獲取HTTP 信息(比如文件大小, ETAG等) | CInternetFile::Read 讀取文件 ->  析構(gòu)CInternetSession

在上述過程中, 如果出現(xiàn)錯(cuò)誤會(huì)拋出 CInternetException 異常
另外在打開鏈接前, 可以進(jìn)行如下設(shè)置
CInternetSession::SetOption    讀取或設(shè)置 InternetQuery 選項(xiàng) (如超時(shí)或重試次數(shù)）
CInternetSession::EnableStatusCallback 設(shè)置回調(diào)函數(shù)監(jiān)視session狀態(tài)
CHttpFile::AddRequestHeaders   設(shè)置HTTP 請(qǐng)求頭(需要在CHttpFile::SendRequest 前調(diào)用)

2. 實(shí)現(xiàn)斷點(diǎn)續(xù)傳
斷點(diǎn)續(xù)傳其實(shí)是通過在HTTP 請(qǐng)求頭中設(shè)置要下載的文件區(qū)間來實(shí)現(xiàn), 一個(gè)典型的HTTP 請(qǐng)求頭是

  GEThttp://class/download.microtool.de:80/somedata.exe 
  Host:download.microtool.de
  Accept:*/*
  Pragma:no-cache
  Cache-Control:no-cache
  Referer:http://class/download.microtool.de/
  User-Agent:Mozilla/4.04[en](Win95;I;Nav)
  Range:bytes=554554-
 
注意最后一行：Range:bytes=554554-，格式為:Range: bytes=起始位置 - 終止位置，也就是說，我們可以通過設(shè)置Http請(qǐng)求頭的設(shè)置起始結(jié)束位置，來獲取HTTP文件的某一部分。

3. Win32 WinInet API 實(shí)現(xiàn)
和MFC 的函數(shù)對(duì)應(yīng), 執(zhí)行下載操作大致需要的函數(shù)有：

InternetOpen是最先調(diào)用的函數(shù)，它返回HINTERNET句柄，習(xí)慣定義為hSession，即會(huì)話句柄, 相當(dāng)于CInternetSession
InternetConnect使用hSession句柄，返回的是http連接句柄，定義為hConnect, 相當(dāng)于 CInternetSession::GetHttpConnection
HttpOpenRequest使用hConnect句柄，返回的句柄是http請(qǐng)求句柄，定義為hRequest, 相當(dāng)于 CHttpConnection::OpenRequest
HttpSendRequest(相當(dāng)于 CHttpFile::SendRequest)、HttpQueryInfo、InternetSetFilePointer和InternetReadFile都使用HttpOpenRequest返回的句柄，即hRequest。

CInternetSession::OpenURL 相當(dāng)于實(shí)現(xiàn)了 InternetConnect & HttpOpenRequest & HttpSendRequest 3個(gè)函數(shù)

當(dāng)這幾個(gè)句柄不再使用時(shí)，應(yīng)該用函數(shù)InternetCloseHandle把它關(guān)閉，以釋放其占用的資源。

用WinInet開發(fā)Internet客戶端應(yīng)用指南（一）  http://www.vckbase.com/document/viewdoc/?id=545
用WinInet開發(fā)Internet客戶端應(yīng)用指南（二） http://www.vckbase.com/document/viewdoc/?id=546
使用 CInternetSession 封裝多線程 http 文件下載 http://www.vckbase.com/document/viewdoc/?id=1693
Http下載的斷點(diǎn)續(xù)傳       http://sunyan331.spaces.live.com/blog/cns!89B9F8BF2575E281!947.entry
HTTP服務(wù)器上斷點(diǎn)下載文件(里面有很不錯(cuò)的源碼)      http://www.cnitblog.com/wangk/archive/2007/05/22/5942.html
編寫斷點(diǎn)續(xù)傳和多線程下載(有源碼)   http://www.bbbh.org/20060427/2620/
WinInet: implementing resuming feature  http://www.clevercomponents.com/articles/article015/resuming.asp
(很詳細(xì)的一個(gè)代碼解釋)Retrieving a file via. HTTP  http://www.codeproject.com/KB/IP/getwebfile.aspx 

MSNP協(xié)議的通信過程[En]

You have been using MSN for quite some time wondering how it works. Well You need not look any further. This article will not just tell you how MSN works but will also tell you how to make your own version of MSN messenger. You can download a sample application from here MSN Clone .Let's get ready to rumble!!!!

 

We can split up the working of MSN messenger into 2 phases

• Authentication Phase

• Instant Messaging Phase

The Authentication Phase involves logging into the MSN messenger server and also (friends) list retrieval in this case.

The Instant Messaging Phase involves sending/accepting requests for an Instant Messaging session and also sending/receiving messages.

 

The MSN messenger protocol is an ASCII based protocol. In other words the commands are in pure English !!!.The first phase involves connecting to an MSN messenger server .In this case we shall connect to the server 64.4.13.58 on port 1863(MSN messenger works through port 1863).

Once the connection is done we need to start the log in process. The first stage in this phase is the versioning stage. In this stage the client (in this case your app) lists/sends the versions that it can support to the server and waits for the server to respond.

VER 0 MSNP7 MSNP6 MSNP5 MSNP4 CVRO

In the MSN messenger protocol a "trial id" is sent along with every command. The trial id starts from 0 and is incremented every time the server responds successfully to the client's commands.

 

The server responds like this

VER 0 MSNP7 MSNP6 MSNP5 MSNP4

The Client and the server have agreed on a version in which they will communicate.

 

Next the client sends a request to the server asking it for the name of the security package it supports for authentication.

INF 1

Unlike Yahoo, Rediff and a few other Messengers MSN does not actually send the password as it is.It encrypts the password while sending it ensuring that your password will not be leaked out easily if somebody monitors your port.

 

The server responds with this

INF 1 MD5

Here MD5 is the name of the security package which the server currently supports.

Next the client sends the userid to the server

 

USR 2  MD5  I  venky_dude@hotmail.com

Here the server does a check whether it contains all the relevant details about the user for authentication .If it does not then it sends the following reply

 XFR 2  NS 64.4.13.55:1863  0

What the server says is that the client should connect to the Notification Server(NS) on 64.4.13.55 on port 1863. We close the current connection and repeat the  steps while being connected to the new server i.e  64.4.13.55

• (client)   VER 3 MSNP7 MSNP6 MSNP5 MSNP4 CVRO

• (server) VER 3 MSNP7 MSNP6 MSNP5 MSNP4 

• (client)   INF  4

• (server) INF  4  MD5

• (client)  USR  5  MD5 I venky_dude@hotmail.com

Now the server to which we are connected to has the relevant information about the user trying to log in. The server replies this way

USR 5  MD5  S 989048851.1851137130

 The string which is sent by the server is the " MD5 Hash". It is a hash generated by the server and is used in the authentication process. The client then has to send the password which is encrypted using the MD5 algorithm.In effect the client has to send the unique MD5 equivalent of the MD5 hash i.e 989048851.1851137130 in this case and the password combined .i.e. MD5 equivalent of (hash+pass). In this case it turns out to be 3b7926d277068ec49576a0c40598ff21.

USR 6 MD5 S 3b7926d277068ec49576a0c40598ff21

If the password is right then the server replies with this

USR 6 OK venky_dude@hotmail.com venkat

Here the last word is the nickname/name by which the user is known.

In the new version of the protocol (MSNP7) the server sends additional data like some general information about the user and a authentication code something similar to a cookie which can be used for various other functions.

 

MSG Hotmai Hotmail 362
MIME-Version: 1.0
Content-Type: text/x-msmsgspro file; charset=UT
LoginTime: 1011252477
EmailEnabled: 1
MemberIdHigh: 84736
MemberIdLow: - 1434729391
lang _preference: 103
preferredEmai l: venky_dude@hotmail.com
country: IN
PostalCode:
Gender: M
Kid:0
Age: 22
sid: 517
kv: 2
MSPAuth: 2AAAAAAAADU0p4uxxxJtDJozJSlUTS0i7YpwnC9PUHRv56YKxxxCTWmg$$

Now we are logged into the server but our status is still offline. We need to change our status to online in order to send and receive messages. The client does this in the following way

CHG 7 NLN

The server replies with friends who are online and in various states.

CHG 7 NLN

ILN 7 NLN btxxxe@hotmail.com nick
ILN 7 AWY wmpyxxx@msn.com mike
ILN 7 BSY tehpxxpxx@hotmail.com yeaxxx

MSG Hotmail Hotmail 223
MIME-Version: 1.0
Content-Type: text/x-msmsgsinitialemailnotification; charset=UTF-8

Inbox-Unread: 293
Folders-Unread: 0
Inbox-URL: /cgi-bin/HoTMaiL
Folders-URL: /cgi-bin/folders
Post-URL: http://www.hotmail.com

 

The next command to be sent to the server pertains to the version of the client currently being used.The client send to the server it's version number and also information about the machine like the OS and the build.

CVR 8 0x0409 win 4.10 i386 MSMSGS 4.5.0127 MSMSGS

Here 0x409 win 4.10 i386 specifies that the client is running win98 on a intel microprocessor, and MSMSGS 4.5.0127 MSMSGS here specifies the version and build no of msmsgs.exe (basically the version no of MSN messenger).

The server responds with the url to download the latest version and some other info

CVR 8 4.5.0127 4.5.0127 1.0.0863 http://download.microsoft.com/download/msnmessenger/install/4.5/win98me/en-us/mmssetup.exe http://messenger.microsoft.com

 

It is not necesarry to send the CVR command, the messenger protocol will function properly regardless of this command being sent

 

To get a list of people who are in our friends list we may send this command

LST 9 RL

On sending this command the server will reply by sending the reverse list .The reverse list is basically a list of users who can see you when you are online and send you a message.You could alternatively also request for the forward list by sending LST 9 FL .The forward list contains a list of all users whom the user has added to his/her list.

The server responds this way

LST 9 RL 69 1 19 venky_dude@hotmail.com venkat
LST 9 RL 69 2 19 puxxxxx@hotmail.com PUJA
LST 9 RL 69 3 19 vancxxxxx@hotmail.com ramachandran
LST 9 RL 69 4 19 moxxxxx@hotmail.com chandramouli
LST 9 RL 69 5 19 v_n_xxxxx@hotmail.com Narayanaswamy
LST 9 RL 69 6 19 dexxxxx@hotmail.com Venkatesh
LST 9 RL 69 7 19 lousydxxxxx@hotmail.com deepika%20kalyani%20Vairam                                                  LST 9 RL 69 8 19 hexxxxxr@hotmail.com Hetchar%20Ramachandran
LST 9 RL 69 9 19 ambxxxxx@hotmail.com Aiyer
LST 9 RL 69 10 19 suxxx@hotmail.com Ganesh
LST 9 RL 69 11 19 deexxxxx@hotmail.com Deepak
LST 9 RL 69 12 19 anilxxxxx@hotmail.com anil
LST 9 RL 69 13 19 dixxxxx@hotmail.com <Diamond>
LST 9 RL 69 14 19 nvxxxx@hotmail.com giri
LST 9 RL 69 15 19 shxxx@hotmail.com Hari
LST 9 RL 69 16 19 radhikashuxxxxx@hotmail.com radhika
LST 9 RL 69 17 19 eskaxxxxx@hotmail.com kannan
LST 9 RL 69 18 19 shaxxxxx@hotmail.com Shankar
LST 9 RL 69 19 19 puneetagarxxxxx@hotmail.com puneet

 

 

*Every time a friend comes online the server(NS) sends us the following command

NLN 10NLN deaxxxx@hotmail.com Venkatesh

and when the friend goes offline the server sends us this

FLN 10 FLN deaxxxx@hotmail.com

With the MSNP7 protocol msn has introduced a new challenege authentication mechanism. The MSN server sends t a challenge key which the user has to authenticate succesfully in order for the session to continue.

CHL 0 20881396011366812350

 

The client has to send the md5 equivalent of this string which is formed by appending this hash with the string "Q1P7W2E4J9R8U3S5".So the final string which will be sent to the server will be the md5 equivalent of 20881396011366812350Q1P7W2E4J9R8U3S5

i.e MD5string(20881396011366812350Q1P7W2E4J9R8U3S5 )

So the client response would be something like this

QRY 18 msmsgs@msnmsgr.com 32
0212eaad0876afb8505859ca75d21a78

Here 18 is the trial id .Replace it by the appropriate trial id in your program .

The server will respond in the following way if the authentication is right

QRY 18

We have successfully logged into the MSN Messenger server. The Instant Messaging phase is next.

Instant Messaging in MSN Messenger is session based . The people in between whom the conversation is going to take place have to be in a session mode. We cannot send/receive messages unless we start a chat session with a user. 

There are basically two methods in  which a user can be in a chat session                                                           

• User sends a chat session request to another user
• User receives a chat session request from another user

 

User sends a chat session request

 

The client(user) sends a command to the server asking it for the address of the SwitchBoard(SB) server. All instant messaging conversation take place via the switchboard server.

XFR 9 SB

The server(SB) replies back with the ip address of the switchboard server(SB),the port on which to connect and a CKI hash. CKI is a security package and the client has to use the hash to connect to the switchboard server.

 XFR 9 SB 64.4.13.88:1863 CKI 989487642.2070896604     

Now we have to make another  new connection this time to the switchboard server. Our previous connection to the MSN messenger server  must be kept as it is. If we lose connection with that server we would log out.

After we have connected to the switchboard server(SB) we send the following command to the switchboard server.

USR 1 venky_dude@hotmail.com  989487642.2070896604  

If the CKI hash sent by us is right the server(SB) responds back with this

USR 1 OK venky_dude@hotmail.com venkat

After this has been done the user has to "Call" the other user to the chat session. This is done by sending the following command.

CAL 2 deadxxx@hotmail.com 

The server replies back with the a session id which it will pass on to the other user

CAL 2 RINGING 11717653

When the other user replies and is ready for a chat the server(SB) sends us this command

JOI deadlee@hotmail.com Venkatesh

This indicates that the other user has joined in the conversation and we are now ready to send and receive messages.

 

User receives a chat session request

When we are being invited to a chat session by a user the server(NS) send us the following message.

 

RNG 11742066 64.4.13.74:1863 CKI 989495494.750408580 deaxxxx@hotmail.com Venkatesh

Here the server(NS) sends us the session id ,the ip address of the SwitchBoard server to connect to,the port on which to connect to ,the CKI hash and the user trying to start a conversation with us.

Now we have to make another  new connection this time to the switchboard server. Our previous connection to the MSN messenger server  must be kept as it is. If we loose connection with that server we would log out.

We  connect to the switchboard server and send the following command

ANS 1 venky_dude@hotmail.com 989495494.750408580 11742066

Here we send our login name ,the CKI hash that was sent to us and the session Id that was sent to us

The server responds back with 

IRO 1 1 1 deaxxxx@hotmail.com Venkatesh

and

ANS 1 OK

We are now ready to send and receive messages.

 

Before sending/receiving messages let us see how the message is constructed.

When we are sending a message we build the header information  in the following way

MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
X-MMS-IM-Format: FN=Microsoft%20Sans%20Serif; EF=; CO=0; CS=0; PF=22

While sending a message we send it this way

MSG  2  N 137                                                                                                                                                            MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
X-MMS-IM-Format: FN=Microsoft%20Sans%20Serif; EF=; CO=0; CS=0; PF=22

hello

Here 2 is the trial id which has to incremented each time we send a message. 137 is the total length of the message i.e length of the header and length of the actual message that we are sending in this case it is 'hello'.

 While receiving the message it is more or less similar

Here is an example of a message received

MSG deaxxxx@hotmail.com Venkatesh 137
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
X-MMS-IM-Format: FN=Microsoft%20Sans%20Serif; EF=; CO=0; CS=0; PF=22

hello

 

When the other user is typing a message we receive the foll message

MSG deaxxxx@hotmail.com Venkatesh 100
MIME-Version: 1.0
Content-Type: text/x-msmsgscontrol
TypingUser: deaxxxx@hotmail.com

 

I guess now u guys are well on your way to make your own version of  MSN messenger.Post your doubts/comments/message in the Forumn .Do visit my projects page for some cool vb & c++ codes

 I'll keep adding to the protocol ,will try to put in addition functions like add/remove users ,rename user id,file transfer and voice chat, so keep checking back

 

References:

You could take a look at these sites for more information

This is the original protocol published by microsoft.

http://www.tlsecurity.net/Textware/Misc/draft-movva-msn-messenger-protocol-00.txt

This is the MD5 homepage where u can find programs/codes for doing the MD5 encryption

http://userpages.umbc.edu/~mabzug1/cs/md5/md5.html

MSNP10協(xié)議分析 01.登錄 [by progsoft]
http://blog.csdn.net/progsoft/archive/2004/08/24/82938.aspx

MSN協(xié)議中文釋義(Zz)
http://blog.csdn.net/fanccYang/archive/2005/03/16/321198.aspx

MSN Protocol Version 8
http://msnpiki.msnfanatic.com/index.php/Main_Page
介紹了MSNP 的整個(gè)協(xié)議 & 服務(wù)器 Notification Server (NS)  & Switchboard (SB)  的功能

MSN Messenger Protocol Version 9
http://zoronax.bot2k3.net/
很詳細(xì)的介紹, 里面還有原始包例子

MSN Messenger Protocol
http://www.hypothetic.org/docs/msn/client/invitation_types.php
MSNP 的詳細(xì)命令介紹

Reverse-engineering MSN Messenger's Video Conversation Formats[Ramiro Polla]
http://www.libing.net.cn/read.php/1031.htm

IE 異步可插入?yún)f(xié)議擴(kuò)展

可插入?yún)f(xié)議擴(kuò)展（Asynchronous Pluggable Protocols）主要基于異步的URL Moniker技術(shù)。 IE的URL Moniker在urlmon.dll 動(dòng)態(tài)庫(kù)中實(shí)現(xiàn)的， 有兩種處理機(jī)制：
1. 根據(jù)URL 協(xié)議調(diào)用外部程序處理
比如telnet: or news: or mailto:，當(dāng)訪問這些url的時(shí)候會(huì)打開相應(yīng)的程序來處理。
比如要添加note:協(xié)議(Registering an Application to a URL Protocol), 則只要修改注冊(cè)表
[HKEY_CLASSES_ROOT]
    [note]
        (Default) = "URL:Note Protocol"
        URL Protocol = ""
        [DefaultIcon]
            (Default) = "notepad.exe"
        [shell]
            [open]
                [command]
                    (Default) = "c:\windows\notepad.exe %1"
在IE 中輸入 note://xxx.txt 的時(shí)候會(huì)自動(dòng)用notepad 打開xxx.txt 文件

2. 根據(jù)URL 協(xié)議調(diào)用類對(duì)象來處理
可以根據(jù)URL 協(xié)議或者M(jìn)IME type 注冊(cè)不同的處理對(duì)象
有兩種方式：
a) 通過在注冊(cè)表將URL 協(xié)議與COM 對(duì)象關(guān)聯(lián)
主要在注冊(cè)表中的
HKEY_CLASSES_ROOT\PROTOCOLS\Handler # URL 協(xié)議
HKEY_CLASSES_ROOT\PROTOCOLS\Filter # Mime Filter

b) 通過臨時(shí)注冊(cè)類對(duì)象將URL 協(xié)議與其關(guān)聯(lián)
// 注冊(cè)
CComPtr<IInternetSession> spSession;
CComPtr<IClassFactory>   spCFHTTP;
HRESULT hr = CoInternetGetSession(0, &spSession, 0);
hr = FilterFactory::CreateInstance(CLSID_HttpProtocol, &spCFHTTP);
hr = spSession->RegisterNameSpace(spCFHTTP, CLSID_NULL, L"http", 0, 0, 0);

// 反注冊(cè)
spSession->UnregisterNameSpace(spCFHTTP, L"http");

 

3. FilterFactory 的實(shí)現(xiàn)可以參考
Asynchronous Pluggable Protocol Implementation with ATL
http://www.codeguru.com/cpp/com-tech/atl/misc/article.php/c37/

Internet Explorer下載文件的終極過濾
http://blog.csdn.net/111222/archive/2002/02/09/7255.aspx

通過Mime filter技術(shù)對(duì)網(wǎng)頁(yè)源碼進(jìn)行過濾（監(jiān)視下載文件）
http://blog.csdn.net/lion_wing/archive/2006/06/27/839134.aspx

HTML代碼過濾技術(shù)
http://blog.csdn.net/lion_wing/articles/534716.aspx

About Asynchronous Pluggable Protocols （MSDN）

Internet Explorer 編程簡(jiǎn)述（九）在自己的瀏覽器中嵌入Google工具條
http://blog.csdn.net/CathyEagle/archive/2005/12/12/550698.aspx

放1000分，高手進(jìn)來動(dòng)手試試：如何提取AJAX里的HTML內(nèi)容？
http://topic.csdn.net/t/20061214/12/5230161.html
這里主要通過監(jiān)視IE 的下載從而保存Google Map 的地圖數(shù)據(jù)文件.  通過監(jiān)視http & text/html & application/javascript 的內(nèi)容來獲取圖片文件URL 和 信息.. :)

const和指針組合的變化

a. char const* p  　　　*p不能變，p能變，不需要初始化
b. const char* p  　　　同a
c. char* const p  　　　*p能變，p不能變，需要初始化
d. const char* const p  *p不能變，p不能變，需要初始化
d. const char const* p  *p不能變，p能變，不需要初始化
e. const char const* const p  錯(cuò)誤
f. char const* const p  同d