这篇文章不是说的很清楚:
At first glance, what's interesting is that there are no direct dependencies on Apple's libraries (CoreFoundation, AppleMobileDevice, iTuneSMobileDevice and friends) even though they are clearly used. The mystery was clearly solved by looking at the file system, wherein a small DLL appeared in the temp directory - TaiXXX.tmp, wherein XXX is a temporary file name. The file is easily recognizable as a DLL (MZ..). Further, looking at TaiG through SysInternals' Process Explorer one could see the DLL was loaded, and had a thread - CreateDevHelp - which is an exported symbol. Its "true name", btw, is TGHelp.dll.
这个程序运行起来后,会从资源包中解出.rsrc\ZIPDLL\106这个动态库,以线程的方式在后台运行,和前台的GUI通信,更新显示状态。
这个动态库会从注册表中找到Apple程序安装的位置,并隐式加载CoreFoundation.dll、MobileDevice.dll、iTunesMobileDevice.dll和AirTrafficHost.dll
从中定位到核心函数的入口点。启动Apple Mobile Device服务。
