- UID
- 2
注册时间2004-12-1
阅读权限255
最后登录1970-1-1
总坛主
TA的每日心情 | 开心
2016-6-16 14:07 |
|---|
签到天数: 10 天 [LV.3]偶尔看看II
|
VB-Pcode反编译文件的粗略分析,高手莫笑话!
分析1:
Private Sub Command1_Click()
Dim x As Integer, y As Integer, z As Integer
x = 123
y = 321
z = x + y
MsgBox z
End Sub
[Command1.Click]
:00401874 F47B LitI2_Byte ;Push 7B //123入栈
:00401876 707AFF FStI2 ;Pop WORD [LOCAL_0086] //弹出0086操作数
//整形占2个字节
{x=123}
:00401879 F34101 LitI2 ;Push 0141 //321入栈
:0040187C 7078FF FStI2 ;Pop WORD [LOCAL_0088] //弹出0088操作数
//正好是0086+2,说明内存写时是连续的
{y=321}
:0040187F 6B7AFF FLdI2 ;Push WORD [LOCAL_0086] //f?load?i2应该是integer
:00401882 6B78FF FLdI2 ;Push WORD [LOCAL_0088] //继续第二个参数入栈
:00401885 A9 AddI2 ; //整数相加,保存在0088+2
{z = x + y}
:00401886 7076FF FStI2 ;Pop WORD [LOCAL_008A] //SUM出栈待用
================ //MsgBox原形
MsgBox(prompt[, buttons] [, title] [, helpfile, context])
================
:00401889 2704FF LitVar ;PushVar LOCAL_00FC //未负值参数,context
:0040188C 2724FF LitVar ;PushVar LOCAL_00DC //未负值参数,helpfile
:0040188F 2744FF LitVar ;PushVar LOCAL_00BC //未负值参数,title
:00401892 F500000000 LitI4 ;Push 00000000 //buttons 缺省值为 0
:00401897 0476FF FLdRfVar ;Push LOCAL_008A //prompt,作为显示在对话框中的消息.
:0040189A 4D64FF0240 CVarRef ;
**********Reference To->msvbvm60.rtcMsgBox
|
:0040189F 0A00001400 ImpAdCallFPR4 ;Call ptr_00401020; check stack 0014; Push EAX //调用MsgBox
{MsgBox z}
:004018A4 36060044FF24FF04 FFreeVar ;Free 0006/2 variants //释放变量
:004018AD 13 ExitProcHresult ; //退出程序
分析2:
Private Sub Command1_Click()
Dim x As Integer, y As Integer, z As Integer
x = 123
y = 321
z = x + y
MsgBox z, vbOKOnly, "pcode"
End Sub
[Command1.Click]
:00401888 F47B LitI2_Byte ;Push 7B //123入栈
:0040188A 707AFF FStI2 ;Pop WORD [LOCAL_0086] //弹出0086操作数
{x=123}
:0040188D F34101 LitI2 ;Push 0141 //321入栈
:00401890 7078FF FStI2 ;Pop WORD [LOCAL_0088] //弹出0088操作数
{y=321}
:00401893 6B7AFF FLdI2 ;Push WORD [LOCAL_0086] //ADD第一个参数入栈
:00401896 6B78FF FLdI2 ;Push WORD [LOCAL_0088] //ADD第二个参数入栈
:00401899 A9 AddI2 ; //ADD
{z = x + y}
:0040189A 7076FF FStI2 ;Pop WORD [LOCAL_008A] //SUM出栈待用
:0040189D 2704FF LitVar ;PushVar LOCAL_00FC //未负值参数,context
:004018A0 2724FF LitVar ;PushVar LOCAL_00DC //未负值参数,helpfile
******Possible String Ref To->"pcode"
|
:004018A3 3A54FF0000 LitVarStr ;PushVarString ptr_004013C8 //"pcode"入栈
:004018A8 4E44FF FStVarCopyObj ;[LOCAL_00BC]=vbaVarDup(Pop) //地址负值
:004018AB 0444FF FLdRfVar ;Push LOCAL_00BC //title果然被负值,看来分析并没有错误
:004018AE F500000000 LitI4 ;Push 00000000 //buttons 缺省值为 0
:004018B3 0476FF FLdRfVar ;Push LOCAL_008A //prompt,SUM
:004018B6 4D64FF0240 CVarRef ;
**********Reference To->msvbvm60.rtcMsgBox
|
:004018BB 0A01001400 ImpAdCallFPR4 ;Call ptr_00401020; check stack 0014; Push EAX //调用MsgBox
{MsgBox z, vbOKOnly, "pcode"}
:004018C0 36060044FF24FF04 FFreeVar ;Free 0006/2 variants //释放变量
:004018C9 13 ExitProcHresult ; //退出程序
:004018CA 0000 LargeBos ;IDE beginning of line with 00 byte codes
分析3:
Private Declare Function MessageBox Lib "user32" Alias "MessageBoxA" (ByVal hwnd As Long, ByVal lpText As String, ByVal lpCaption As String,
ByVal wType As Long) As Long
Const MB_OK = &H0&
Private Sub Command1_Click()
Dim x As Integer, y As Integer, z As Integer
x = 123
y = 321
z = x + y
MessageBox Me.hwnd, "sum=" & z, "pcode", MB_OK
End Sub
[Command1.Click]
:004018FC F47B LitI2_Byte ;Push 7B //123入栈
:004018FE 707AFF FStI2 ;Pop WORD [LOCAL_0086] //弹出0086操作数
{x = 123}
:00401901 F34101 LitI2 ;Push 0141 //321入栈
:00401904 7078FF FStI2 ;Pop WORD [LOCAL_0088] //弹出0088操作数
{x = 123}
:00401907 6B7AFF FLdI2 ;Push WORD [LOCAL_0086] //ADD第一个参数入栈
:0040190A 6B78FF FLdI2 ;Push WORD [LOCAL_0088] //ADD第二个参数入栈
:0040190D A9 AddI2 ; /ADD
{z = x + y}
:0040190E 7076FF FStI2 ;Pop WORD [LOCAL_008A] //SUM出栈待用
:00401911 0470FF FLdRfVar ;Push LOCAL_0090 //将地址入栈,记录地址
:00401914 080800 FLdPr ;[SR]=[STACK_0008]
:00401917 0D58000000 VCallHresult ;Call ptr_004014CC //这里应该是调用Me.hwnd,保存在0090
==================//MsgBox原形
int MessageBox(
HWND hWnd, // handle of owner window
LPCTSTR lpText, // address of text in message box
LPCTSTR lpCaption, // address of title of message box
UINT uType // style of message box
);
==================//下面是参数入栈
:0040191C F500000000 LitI4 ;Push 00000000 //uType,参数一
******Possible String Ref To->"pcode"
|
:00401921 1B0100 LitStr ;Push ptr_00401624 //装入"pcode"字符
:00401924 0460FF FLdRfVar ;Push LOCAL_00A0
:00401927 34 CStr2Ansi ;vbaStrToAnsi //把Unicode形式转换为Ansi
:00401928 6C60FF ILdRf ;Push DWORD [LOCAL_00A0] //lpCaption,参数二
******Possible String Ref To->"sum="
|
:0040192B 1B0200 LitStr ;Push ptr_00401614 //装入"sum="字符
:0040192E 6B76FF FLdI2 ;Push WORD [LOCAL_008A] //参数SUM入栈
:00401931 FBFD CStrUI1 ;vbaStrI2 //将整数转换为字符型,保存在0094
:00401933 236CFF FStStrNoPop ;SysFreeString [LOCAL_0094]; [LOCAL_0094]=[stack]
:00401936 2A ConcatStr ;vbaStrCat //连接字符,保存在0098
:00401937 2368FF FStStrNoPop ;SysFreeString [LOCAL_0098]; [LOCAL_0098]=[stack]
:0040193A 0464FF FLdRfVar ;Push LOCAL_009C //将地址入栈,记录地址
:0040193D 34 CStr2Ansi ;vbaStrToAnsi //把Unicode形式转换为Ansi
:0040193E 6C64FF ILdRf ;Push DWORD [LOCAL_009C] //lpText,参数三
:00401941 6C70FF ILdRf ;Push DWORD [LOCAL_0090] //hWnd,参数四
***********Reference To:user32.MessageBoxA
|
:00401944 0A03001000 ImpAdCallFPR4 ;Call ptr_004015E8; check stack 0010; Push EAX //调用MessageBox
:00401949 3C SetLastSystemError ;Kernel GetLastError //针对调用MessageBox函数,取得扩展错误信息
:0040194A 3208006CFF68FF64 FFreeStr ;Do SysFreeString [arg_n]; [arg_n]=0 0008/2 times ~ arg
:00401955 13 ExitProcHresult ;
:00401956 0000 LargeBos ;IDE beginning of line with 00 byte codes
Moodsky[DFCG]
2005.02.01 |
|
IP卡
发表于 2005-3-12 07:50:57
提升卡
置顶卡
变色卡
千斤顶
显身卡
发表于 2005-3-12 14:51:19
发表于 2010-5-22 13:58:21
