Pcode粗略分析(2)
前言:VB-Pcode反编译文件的粗略分析,高手莫要笑话!有了Pcode粗略分析(1)的分析,我们大概了解了一下VB-Pcode代码是怎样工作和参数调用的,下面在(1)的基础上再稍微加深分析一下。
分析1:(源文件)
=============================================
Private Sub Command1_Click()
Dim name As String, code As String
Dim i As Integer
name = Text1.Text
For i = 1 To Len(name)
code = code & CStr(Asc(Mid(name, i, 1)))
Next i
Text2.Text = code
End Sub
=============================================
(P-Code)
=============================================
:00401BD80468FF FLdRfVar ;Push LOCAL_0098 //开辟内存空间
:00401BDB21 FLdPrThis ;= //和下句配套使用
:00401BDC0F0403 VCallAd ;Return the control index 03 //获得窗体句柄
:00401BDF196CFF FStAdFunc ;//取propget过程地址
:00401BE2086CFF FLdPr ;= //加载过程
***********Reference To:TextBox.Text //propget,TextBox.Text的取过程
|
:00401BE50DA0000000 VCallHresult ;Call ptr_004014A8 //获得文本框中的内容
:00401BEA3E68FF FLdZeroAd ;Push DWORD ; =0 //将内容入栈
:00401BED3178FF FStStr ;SysFreeString ; =Pop //将字符释放到0088
:00401BF01A6CFF FFree1Ad ;Push ; Call [[]+8]; []=0
:00401BF3F401 LitI2_Byte ;Push 01
:00401BF50472FF FLdRfVar ;Push LOCAL_008E //将文本框中的内容入栈
:00401BF86C78FF ILdRf ;Push DWORD //字符串入栈作为参数
:00401BFB4A FnLenStr ;vbaLenBstr //计算字符串长度
:00401BFCE4 CI2I4 ;Verify high word is 0000, ECX=
***********循环计算开始
:00401BFDFE6364FF7200 ForI2 ;//For运算
:00401C036C74FF ILdRf ;Push DWORD \
:00401C062834FF0100 LitVarI2 ;PushVarInteger 0001 |
:00401C0B6B72FF FLdI2 ;Push WORD | MID函数参数入栈
:00401C0EE7 CI4UI1 ; |
:00401C0F0478FF FLdRfVar ;Push LOCAL_0088 |
:00401C124D54FF0840 CVarRef ; |
:00401C170424FF FLdRfVar ;Push LOCAL_00DC /
**********Reference To->msvbvm60.rtcMidCharVar //MID
|
:00401C1A0A01001000 ImpAdCallFPR4 ;Call ptr_00401030; check stack 0010; Push EAX //MID取字符
:00401C1F0424FF FLdRfVar ;Push LOCAL_00DC //取得字符入栈
:00401C22FDFE68FF CStrVarVal ;
**********Reference To->msvbvm60.rtcAnsiValueBstr //ASC
|
:00401C260B02000400 ImpAdCallI2 ;Call ptr_00401036; check stack 0004; Push EAX //ASC运算
:00401C2BFBFD CStrUI1 ;vbaStrI2 //将整数转换为字符
:00401C2D2320FF FStStrNoPop ;SysFreeString ; = //将字符释放
:00401C302A ConcatStr ;vbaStrCat //连接字符串
:00401C313174FF FStStr ;SysFreeString ; =Pop //将字符释放
:00401C3432040068FF20FF FFreeStr ;Do SysFreeString ; =0 0004/2 times ~ arg
:00401C3B36040034FF24FF FFreeVar ;Free 0004/2 variants //释放变量
:00401C420472FF FLdRfVar ;Push LOCAL_008E //将文本框中的内容入栈
:00401C456464FF2B00 NextI2 ;
**********循环计算结束
:00401C4A6C74FF ILdRf ;Push DWORD
:00401C4D21 FLdPrThis ;= //和下句配套使用
:00401C4E0F0003 VCallAd ;Return the control index 02 //获得窗体句柄
:00401C51196CFF FStAdFunc ;//取propput过程地址
:00401C54086CFF FLdPr ;= //加载过程
***********Reference To:TextBox.Text //propput,TextBox.Text的赋值过程
|
:00401C570DA4000000 VCallHresult ;Call ptr_004014A8 //给TextBox.Text赋值
:00401C5C1A6CFF FFree1Ad ;Push ; Call [[]+8]; []=0
:00401C5F13 ExitProcHresult ;//退出过程
在1的基础上我们在加个判断看看!
分析2:(源文件)
=============================================
Private Sub Command1_Click()
Dim name As String, code As String, T As String, F As String
Dim i As Integer
T = "True code!"
F = "False code!"
name = Text1.Text
For i = 1 To Len(name)
code = code & CStr(Asc(Mid(name, i, 1)))
Next i
If Text2.Text = code Then
MsgBox T, vbOKOnly, "P-Code(2-2)"
Else
MsgBox F, vbOKOnly, "P-Code(2-2)"
End If
End Sub
=============================================
(P-Code)
=============================================
******Possible String Ref To->"True code!"
|
:00401C481B0000 LitStr ;Push ptr_004016F4 //装入"True code!"字符
:00401C4B4370FF FStStrCopy ;=SysAllocStringByteLen(Pop, ); SysFreeString Pop //复制到内存0090
******Possible String Ref To->"False code!"
|
:00401C4E1B0100 LitStr ;Push ptr_00401710 //装入"False code!"字符
:00401C51436CFF FStStrCopy ;=SysAllocStringByteLen(Pop, ); SysFreeString Pop //复制到内存0094
:00401C540460FF FLdRfVar ;Push LOCAL_00A0 //开辟内存空间
:00401C5721 FLdPrThis ;= //和下句配套使用
:00401C580F0403 VCallAd ;Return the control index 03 //获得窗体句柄
:00401C5B1964FF FStAdFunc ;//取propget过程地址
:00401C5E0864FF FLdPr ;= //加载过程
***********Reference To:TextBox.Text //propget,TextBox.Text的取过程
|
:00401C610DA0000200 VCallHresult ;Call ptr_00401728 //获得文本框中的内容
:00401C663E60FF FLdZeroAd ;Push DWORD ; =0 //将内容入栈
:00401C693178FF FStStr ;SysFreeString ; =Pop //将字符释放到0088
:00401C6C1A64FF FFree1Ad ;Push ; Call [[]+8]; []=0
:00401C6FF401 LitI2_Byte ;Push 01
:00401C71046AFF FLdRfVar ;Push LOCAL_0096 //将文本框中的内容入栈
:00401C746C78FF ILdRf ;Push DWORD //字符串入栈作为参数
:00401C774A FnLenStr ;vbaLenBstr //计算字符串长度
:00401C78E4 CI2I4 ;Verify high word is 0000, ECX=
***********循环计算开始
:00401C79FE635CFF7E00 ForI2 ;//For运算
:00401C7F6C74FF ILdRf ;Push DWORD \
:00401C82282CFF0100 LitVarI2 ;PushVarInteger 0001 |
:00401C876B6AFF FLdI2 ;Push WORD |
:00401C8AE7 CI4UI1 ; | MID函数参数入栈
:00401C8B0478FF FLdRfVar ;Push LOCAL_0088 |
:00401C8E4D4CFF0840 CVarRef ; |
:00401C93041CFF FLdRfVar ;Push LOCAL_00E4 /
**********Reference To->msvbvm60.rtcMidCharVar //MID
|
:00401C960A03001000 ImpAdCallFPR4 ;Call ptr_00401030; check stack 0010; Push EAX //MID取字符
:00401C9B041CFF FLdRfVar ;Push LOCAL_00E4 //取得字符入栈
:00401C9EFDFE60FF CStrVarVal ;
**********Reference To->msvbvm60.rtcAnsiValueBstr
|
:00401CA20B04000400 ImpAdCallI2 ;Call ptr_00401036; check stack 0004; Push EAX //ASC运算
:00401CA7FBFD CStrUI1 ;vbaStrI2 //将整数转换为字符
:00401CA92318FF FStStrNoPop ;SysFreeString ; = //将字符释放
:00401CAC2A ConcatStr ;vbaStrCat //连接字符串
:00401CAD3174FF FStStr ;SysFreeString ; =Pop //将字符释放
:00401CB032040060FF18FF FFreeStr ;Do SysFreeString ; =0 0004/2 times ~ arg
:00401CB73604002CFF1CFF FFreeVar ;Free 0004/2 variants //释放变量
:00401CBE046AFF FLdRfVar ;Push LOCAL_0096 //将文本框中的内容入栈
:00401CC1645CFF3700 NextI2 ;
**********循环计算结束
:00401CC60460FF FLdRfVar ;Push LOCAL_00A0 //将文本框1中的内容入栈
:00401CC921 FLdPrThis ;= //和下句配套使用
:00401CCA0F0003 VCallAd ;Return the control index 02 //获得窗体句柄
:00401CCD1964FF FStAdFunc ;//取propput过程地址
:00401CD00864FF FLdPr ;= //加载过程
***********Reference To:TextBox.Text //propget,TextBox.Text的取过程
|
:00401CD30DA0000200 VCallHresult ;Call ptr_00401728 //获得文本框中的内容
:00401CD86C60FF ILdRf ;Push DWORD
:00401CDB6C74FF ILdRf ;Push DWORD
:00401CDEFB30 EqStr ;//字符串相等比较
:00401CE02F60FF FFree1Str ;SysFreeString ; =0
:00401CE31A64FF FFree1Ad ;Push ; Call [[]+8]; []=0
:00401CE61CD000 BranchF ;If Pop=0 then ESI=00401D18 //不相等则跳
:00401CE927E8FE LitVar ;PushVar LOCAL_0118 \
:00401CEC271CFF LitVar ;PushVar LOCAL_00E4 |
******Possible String Ref To->"P-Code(2-2)" |
| |
:00401CEF3A3CFF0500 LitVarStr ;PushVarString ptr_0040173C| MsgBox函数参数入栈
:00401CF44E2CFF FStVarCopyObj ;=vbaVarDup(Pop) | 具体怎么看请找我的
:00401CF7042CFF FLdRfVar ;Push LOCAL_00D4 | Pcode粗略分析(1)
:00401CFAF500000000 LitI4 ;Push 00000000 |
:00401CFF0470FF FLdRfVar ;Push LOCAL_0090 /
:00401D024D4CFF0840 CVarRef ;
**********Reference To->msvbvm60.rtcMsgBox
|
:00401D070A06001400 ImpAdCallFPR4 ;Call ptr_0040103C; check stack 0014; Push EAX MsgBox
:00401D0C3606002CFF1CFFE8 FFreeVar ;Free 0006/2 variants //释放变量
:00401D151EFC00 Branch ;ESI=00401D44 //跳转到00401D44
:00401D1827E8FE LitVar ;PushVar LOCAL_0118 \
:00401D1B271CFF LitVar ;PushVar LOCAL_00E4 |
******Possible String Ref To->"P-Code(2-2)" |
| |
:00401D1E3A3CFF0500 LitVarStr ;PushVarString ptr_0040173C| MsgBox函数参数入栈
:00401D234E2CFF FStVarCopyObj ;=vbaVarDup(Pop) |
:00401D26042CFF FLdRfVar ;Push LOCAL_00D4 |
:00401D29F500000000 LitI4 ;Push 00000000 |
:00401D2E046CFF FLdRfVar ;Push LOCAL_0094 /
:00401D314D4CFF0840 CVarRef ;
**********Reference To->msvbvm60.rtcMsgBox
|
:00401D360A06001400 ImpAdCallFPR4 ;Call ptr_0040103C; check stack 0014; Push EAX //MsgBox
:00401D3B3606002CFF1CFFE8 FFreeVar ;Free 0006/2 variants //释放内存变量
:00401D4413 ExitProcHresult ;//退出过程
:00401D450000 LargeBos ;IDE beginning of line with 00 byte codes
Moodsky
2005.02.03 又看一便,还是看不懂 我是新手,看不懂,不过还是顶一个。
页:
[1]